@trailofbits/vsix-audit 0.1.0

package/dist/scanner/checks/chains.js

@@ -0,0 +1,505 @@
+import { isScannable, SCANNABLE_EXTENSIONS_PATTERN } from "../constants.js";
+import { findLineNumberByIndex } from "../utils.js";
+// =============================================================================
+// Stage Definitions (sources, sinks, and behavioral actions)
+// =============================================================================
+const STAGES = {
+    // Sources (where sensitive data originates)
+    SSH_KEYS: {
+        id: "SSH_KEYS",
+        name: "SSH private keys",
+        patterns: [
+            /\.ssh\/id_(?:rsa|ed25519|ecdsa|dsa)/gi,
+            /\.ssh\/config/gi,
+            /BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY/gi,
+            /BEGIN\s+OPENSSH\s+PRIVATE\s+KEY/gi,
+            /(?:fs|promises?)\.readFile(?:Sync)?\s*\([^)]*\.ssh/gi,
+            /readFile(?:Sync)?\s*\([^)]*id_(?:rsa|ed25519)/gi,
+        ],
+    },
+    CRYPTO_WALLETS: {
+        id: "CRYPTO_WALLETS",
+        name: "Cryptocurrency wallets",
+        patterns: [
+            /\.ethereum/gi,
+            /\.bitcoin/gi,
+            /wallet\.dat/gi,
+            /keystore\/[a-z0-9-]+/gi,
+            /solana\/id\.json/gi,
+            /Exodus/gi,
+            /MetaMask/gi,
+            /phantom/gi,
+            /readFile(?:Sync)?\s*\([^)]*(?:wallet|ethereum|bitcoin|keystore)/gi,
+            /readFile(?:Sync)?\s*\([^)]*\.solana/gi,
+            /seed.*phrase/gi,
+            /mnemonic/gi,
+        ],
+    },
+    CREDENTIALS: {
+        id: "CREDENTIALS",
+        name: "Credential files",
+        patterns: [
+            /\.env(?:\.local|\.production)?/gi,
+            /\.npmrc/gi,
+            /\.netrc/gi,
+            /\.git-credentials/gi,
+            /credentials\.json/gi,
+            /secrets?\./gi,
+            /readFile(?:Sync)?\s*\([^)]*\.env/gi,
+            /readFile(?:Sync)?\s*\([^)]*\.npmrc/gi,
+            /process\.env\.[A-Z_]+(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)/gi,
+        ],
+    },
+    BROWSER_DATA: {
+        id: "BROWSER_DATA",
+        name: "Browser stored data",
+        patterns: [
+            /Google[/\\]Chrome[/\\].*Login\s+Data/gi,
+            /Google[/\\]Chrome[/\\].*Cookies/gi,
+            /Mozilla[/\\]Firefox[/\\].*logins\.json/gi,
+            /BraveSoftware[/\\].*Login\s+Data/gi,
+            /Microsoft[/\\]Edge[/\\].*Login\s+Data/gi,
+            /Local\s+Storage[/\\]leveldb/gi,
+            /readFile(?:Sync)?\s*\([^)]*(?:Chrome|Firefox|Edge|Brave)/gi,
+            /readFile(?:Sync)?\s*\([^)]*Login\s*Data/gi,
+        ],
+    },
+    API_TOKENS: {
+        id: "API_TOKENS",
+        name: "API tokens and keys",
+        patterns: [
+            /(?:GITHUB|GITLAB|BITBUCKET)_(?:TOKEN|API_KEY)/gi,
+            /NPM_TOKEN/gi,
+            /OPENVSX_(?:TOKEN|PAT)/gi,
+            /(?:AWS|AZURE|GCP)_(?:ACCESS_KEY|SECRET|TOKEN)/gi,
+            /OPENAI_API_KEY/gi,
+            /ANTHROPIC_API_KEY/gi,
+            /process\.env\.(?:GITHUB|GITLAB|NPM|AWS|AZURE|OPENAI|ANTHROPIC)/gi,
+        ],
+    },
+    // Sinks (where data leaves or gets executed)
+    NETWORK_SEND: {
+        id: "NETWORK_SEND",
+        name: "Network transmission",
+        patterns: [
+            /fetch\s*\([^)]*,\s*\{[^}]*method\s*:\s*['"](?:POST|PUT)/gi,
+            /axios\.(?:post|put)\s*\(/gi,
+            /https?\.request\s*\([^)]*method\s*:\s*['"](?:POST|PUT)/gi,
+            /request\.(?:post|put)\s*\(/gi,
+            /got\.(?:post|put)\s*\(/gi,
+            /superagent\.(?:post|put)\s*\(/gi,
+        ],
+    },
+    WEBSOCKET_SEND: {
+        id: "WEBSOCKET_SEND",
+        name: "WebSocket transmission",
+        patterns: [/\.send\s*\([^)]+\)/gi, /WebSocket\s*\([^)]*\)/gi, /ws\.send\s*\(/gi],
+    },
+    DISCORD_WEBHOOK: {
+        id: "DISCORD_WEBHOOK",
+        name: "Discord webhook",
+        patterns: [/discord\.com\/api\/webhooks/gi, /discordapp\.com\/api\/webhooks/gi],
+    },
+    EVAL_EXEC: {
+        id: "EVAL_EXEC",
+        name: "Code execution",
+        patterns: [
+            /\beval\s*\(/gi,
+            /new\s+Function\s*\(/gi,
+            /\(\s*\)\s*\[\s*['"]constructor['"]\s*\]/gi,
+        ],
+    },
+    CHILD_PROCESS: {
+        id: "CHILD_PROCESS",
+        name: "Shell execution",
+        patterns: [
+            /child_process\.(?:exec|execSync|spawn|spawnSync)\s*\(/gi,
+            /(?:exec|execSync|spawn|spawnSync)\s*\([^)]*\$\{/gi,
+        ],
+    },
+    // Behavioral stages
+    FILE_READ: {
+        id: "FILE_READ",
+        name: "File read operation",
+        patterns: [/readFile(?:Sync)?\s*\(/gi, /fs\.promises\.readFile/gi, /createReadStream\s*\(/gi],
+    },
+    FILE_WRITE: {
+        id: "FILE_WRITE",
+        name: "File write operation",
+        patterns: [
+            /writeFile(?:Sync)?\s*\(/gi,
+            /createWriteStream\s*\(/gi,
+            /fs\.promises\.writeFile/gi,
+            /appendFile/gi,
+        ],
+    },
+    ENCODE: {
+        id: "ENCODE",
+        name: "Data encoding",
+        patterns: [
+            /Buffer\.from\s*\([^)]+\)\.toString\s*\(\s*['"]base64/gi,
+            /btoa\s*\(/gi,
+            /\.toString\s*\(\s*['"](?:base64|hex)['"]\s*\)/gi,
+            /JSON\.stringify\s*\(/gi,
+        ],
+    },
+    NETWORK: {
+        id: "NETWORK",
+        name: "Network activity",
+        patterns: [
+            /fetch\s*\(/gi,
+            /axios\./gi,
+            /https?\.request/gi,
+            /\.post\s*\(/gi,
+            /\.send\s*\(/gi,
+            /net\.Socket/gi,
+            /net\.connect/gi,
+            /net\.createConnection/gi,
+            /new\s+WebSocket/gi,
+        ],
+    },
+    EXEC: {
+        id: "EXEC",
+        name: "Command execution",
+        patterns: [
+            /child_process/gi,
+            /\.spawn\s*\(/gi,
+            /\.exec\s*\(/gi,
+            /process\.stdin/gi,
+            /execSync/gi,
+            /spawnSync/gi,
+        ],
+    },
+    ENV_ACCESS: {
+        id: "ENV_ACCESS",
+        name: "Environment access",
+        patterns: [
+            /os\.homedir\s*\(\)/gi,
+            /os\.userInfo\s*\(\)/gi,
+            /process\.env\.(?:HOME|USERPROFILE|APPDATA)/gi,
+        ],
+    },
+    DOWNLOAD: {
+        id: "DOWNLOAD",
+        name: "Remote download",
+        patterns: [
+            /fetch\s*\([^)]*https?:\/\//gi,
+            /axios\.get\s*\([^)]*https?:\/\//gi,
+            /https?\.get\s*\(/gi,
+            /request\s*\([^)]*https?:\/\//gi,
+            /curl\s+/gi,
+            /wget\s+/gi,
+        ],
+    },
+    CLIPBOARD: {
+        id: "CLIPBOARD",
+        name: "Keystroke/clipboard capture",
+        patterns: [
+            /keyboard.*event/gi,
+            /keydown|keyup|keypress/gi,
+            /clipboard\.readText/gi,
+            /getSelection\s*\(\s*\)\.toString/gi,
+        ],
+    },
+    PERSISTENCE: {
+        id: "PERSISTENCE",
+        name: "Persistence storage",
+        patterns: [
+            /globalState\.update/gi,
+            /writeFileSync?\s*\([^)]*keystroke/gi,
+            /localStorage\.setItem/gi,
+        ],
+    },
+    STARTUP_FILE: {
+        id: "STARTUP_FILE",
+        name: "Startup file access",
+        patterns: [/\.bashrc/gi, /\.zshrc/gi, /\.profile/gi, /crontab/gi, /startup/gi, /autostart/gi],
+    },
+    PUBLISH_CREDS: {
+        id: "PUBLISH_CREDS",
+        name: "Publishing credentials",
+        patterns: [/\.npmrc/gi, /NPM_TOKEN/gi, /OPENVSX_TOKEN/gi, /npm\s+config/gi],
+    },
+    PUBLISH_CMD: {
+        id: "PUBLISH_CMD",
+        name: "Package publishing",
+        patterns: [/npm\s+publish/gi, /vsce\s+publish/gi, /ovsx\s+publish/gi, /yarn\s+publish/gi],
+    },
+};
+// =============================================================================
+// Chain Rules (combining stages into detection patterns)
+// =============================================================================
+const CHAIN_RULES = [
+    // DataFlow-style rules (2-stage: source → sink)
+    {
+        id: "FLOW_SSH_KEY_EXFIL",
+        title: "SSH key exfiltration pattern",
+        description: "Code reads SSH private keys and sends data over network. This is a credential theft pattern.",
+        severity: "critical",
+        stages: [STAGES["SSH_KEYS"], STAGES["NETWORK_SEND"]],
+        constraints: { maxSpan: 2000 },
+        redFlags: ["Reads .ssh directory", "Sends to external URL"],
+    },
+    {
+        id: "FLOW_WALLET_EXFIL",
+        title: "Cryptocurrency wallet exfiltration",
+        description: "Code accesses cryptocurrency wallet data and sends it over network. This is a crypto theft pattern.",
+        severity: "critical",
+        stages: [STAGES["CRYPTO_WALLETS"], STAGES["NETWORK_SEND"]],
+        constraints: { maxSpan: 2000 },
+        redFlags: ["Accesses wallet files", "Sends to external server"],
+    },
+    {
+        id: "FLOW_CRED_EXFIL",
+        title: "Credential exfiltration pattern",
+        description: "Code reads credential files (.env, .npmrc, etc.) and sends data over network.",
+        severity: "critical",
+        stages: [STAGES["CREDENTIALS"], STAGES["NETWORK_SEND"]],
+        constraints: { maxSpan: 2000 },
+        redFlags: ["Reads environment files", "HTTP POST to external"],
+    },
+    {
+        id: "FLOW_BROWSER_EXFIL",
+        title: "Browser data exfiltration",
+        description: "Code accesses browser stored passwords/cookies and sends them over network.",
+        severity: "critical",
+        stages: [STAGES["BROWSER_DATA"], STAGES["NETWORK_SEND"]],
+        constraints: { maxSpan: 2000 },
+        redFlags: ["Reads Chrome/Firefox data", "Network exfiltration"],
+    },
+    {
+        id: "FLOW_TOKEN_EXFIL",
+        title: "API token exfiltration",
+        description: "Code accesses API tokens from environment and sends them to external server.",
+        severity: "critical",
+        stages: [STAGES["API_TOKENS"], STAGES["NETWORK_SEND"]],
+        constraints: { maxSpan: 2000 },
+        legitimateUses: ["Token validation services", "OAuth flows"],
+        redFlags: ["Tokens sent to unknown domains", "No user consent"],
+    },
+    {
+        id: "FLOW_SSH_DISCORD",
+        title: "SSH key sent to Discord",
+        description: "Code reads SSH keys and sends them to Discord webhook. This is a common exfiltration technique.",
+        severity: "critical",
+        stages: [STAGES["SSH_KEYS"], STAGES["DISCORD_WEBHOOK"]],
+        constraints: { maxSpan: 2000 },
+    },
+    {
+        id: "FLOW_CRED_DISCORD",
+        title: "Credentials sent to Discord",
+        description: "Code reads credentials and sends them to Discord webhook for exfiltration.",
+        severity: "critical",
+        stages: [STAGES["CREDENTIALS"], STAGES["DISCORD_WEBHOOK"]],
+        constraints: { maxSpan: 2000 },
+    },
+    {
+        id: "FLOW_SSH_EXEC",
+        title: "SSH key used in command execution",
+        description: "SSH key content is passed to command execution, potentially for remote access.",
+        severity: "high",
+        stages: [STAGES["SSH_KEYS"], STAGES["CHILD_PROCESS"]],
+        constraints: { maxSpan: 2000 },
+        legitimateUses: ["SSH key management tools", "Git operations"],
+        redFlags: ["Key content passed to exec", "Unknown remote commands"],
+    },
+    // Behavioral-style rules (N-stage attack chains)
+    {
+        id: "BEHAVIOR_CREDENTIAL_EXFIL",
+        title: "Credential exfiltration pattern",
+        description: "Code reads sensitive files, encodes the content, and sends it to an external server. This is the classic credential theft attack chain.",
+        severity: "critical",
+        stages: [STAGES["FILE_READ"], STAGES["ENCODE"], STAGES["NETWORK"]],
+        constraints: { maxSpan: 3000 },
+        redFlags: [
+            "Reads from home directory or .ssh",
+            "Encodes before sending",
+            "Sends to external domain",
+        ],
+    },
+    {
+        id: "BEHAVIOR_REVERSE_SHELL",
+        title: "Reverse shell pattern",
+        description: "Code establishes network connection and pipes input to command execution. This creates a remote shell for attackers.",
+        severity: "critical",
+        stages: [STAGES["NETWORK"], STAGES["EXEC"]],
+        constraints: { maxSpan: 1500 },
+        redFlags: ["Socket piped to shell", "Remote command execution"],
+    },
+    {
+        id: "BEHAVIOR_SUPPLY_CHAIN_ATTACK",
+        title: "Install script attack pattern",
+        description: "Package lifecycle script accesses environment, executes commands, and phones home. This is a supply chain attack pattern.",
+        severity: "high",
+        stages: [STAGES["ENV_ACCESS"], STAGES["EXEC"], STAGES["NETWORK"]],
+        constraints: { minStages: 3, maxSpan: 1000 },
+        legitimateUses: ["Build scripts", "Development tools"],
+        redFlags: ["Runs in postinstall", "Collects system info", "Sends to unknown domain"],
+    },
+    {
+        id: "BEHAVIOR_DROPPER",
+        title: "Malware dropper pattern",
+        description: "Code downloads content from remote URL, writes it to file, and executes it. This is a dropper/downloader pattern.",
+        severity: "critical",
+        stages: [STAGES["DOWNLOAD"], STAGES["FILE_WRITE"], STAGES["EXEC"]],
+        constraints: { maxSpan: 2000 },
+        redFlags: [
+            "Downloads executable",
+            "Writes to temp or hidden location",
+            "Executes downloaded content",
+        ],
+    },
+    {
+        id: "BEHAVIOR_KEYLOGGER",
+        title: "Keystroke capture pattern",
+        description: "Code captures keyboard/input events and stores or transmits the data. This indicates keylogging behavior.",
+        severity: "high",
+        stages: [STAGES["CLIPBOARD"], STAGES["PERSISTENCE"], STAGES["DISCORD_WEBHOOK"]],
+        constraints: { minStages: 2, maxSpan: 3000 },
+        legitimateUses: ["Keyboard shortcut extensions"],
+        redFlags: ["Captures all keystrokes", "Sends to Discord webhook", "No user consent mechanism"],
+    },
+    {
+        id: "BEHAVIOR_CRYPTO_STEALER",
+        title: "Cryptocurrency stealer pattern",
+        description: "Code scans for wallet files, extracts keys/seeds, and exfiltrates them.",
+        severity: "critical",
+        stages: [STAGES["CRYPTO_WALLETS"], STAGES["ENCODE"], STAGES["DISCORD_WEBHOOK"]],
+        constraints: { minStages: 3, maxSpan: 1500 },
+        redFlags: [
+            "Scans for multiple wallet types",
+            "Extracts private keys",
+            "Sends to Discord/external",
+        ],
+    },
+    {
+        id: "BEHAVIOR_PERSISTENCE",
+        title: "Persistence mechanism pattern",
+        description: "Code modifies startup files, schedules tasks, or installs itself for persistence.",
+        severity: "high",
+        stages: [STAGES["STARTUP_FILE"], STAGES["FILE_WRITE"]],
+        constraints: { maxSpan: 2000 },
+        legitimateUses: ["Shell configuration tools", "Development environment setup"],
+        redFlags: ["Writes to startup files", "Adds hidden entries", "No user interaction"],
+    },
+    {
+        id: "BEHAVIOR_SELF_PROPAGATION",
+        title: "Self-propagation pattern",
+        description: "Code accesses package publishing credentials and attempts to publish itself. This is worm-like behavior.",
+        severity: "critical",
+        stages: [STAGES["PUBLISH_CREDS"], STAGES["PUBLISH_CMD"]],
+        constraints: { maxSpan: 2000 },
+        redFlags: ["Accesses publish tokens", "Runs publish commands", "GlassWorm-style worm"],
+    },
+];
+// =============================================================================
+// Core Detection Logic
+// =============================================================================
+/**
+ * Find all matches for a set of patterns in content.
+ */
+function findMatches(content, patterns) {
+    const matches = [];
+    for (const pattern of patterns) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            matches.push({
+                index: match.index,
+                matched: match[0].slice(0, 80),
+            });
+        }
+    }
+    return matches;
+}
+/**
+ * Check if a chain rule matches in the content.
+ * Returns array of stage matches if rule triggers, null otherwise.
+ */
+function checkRule(content, rule) {
+    const stageMatches = [];
+    const minStages = rule.constraints.minStages ?? rule.stages.length;
+    const maxSpan = rule.constraints.maxSpan ?? 3000;
+    // Find matches for each stage
+    for (const stage of rule.stages) {
+        const matches = findMatches(content, stage.patterns);
+        if (matches.length > 0) {
+            const firstMatch = matches[0];
+            if (firstMatch) {
+                stageMatches.push({
+                    stageId: stage.id,
+                    stageName: stage.name,
+                    index: firstMatch.index,
+                    matched: firstMatch.matched,
+                });
+            }
+        }
+    }
+    // Check if enough stages matched
+    if (stageMatches.length < minStages) {
+        return null;
+    }
+    // Check if stages are within maxSpan
+    if (stageMatches.length > 1) {
+        const indices = stageMatches.map((m) => m.index);
+        const span = Math.max(...indices) - Math.min(...indices);
+        if (span > maxSpan) {
+            return null;
+        }
+    }
+    return stageMatches;
+}
+// =============================================================================
+// Main Export
+// =============================================================================
+export function checkChains(contents) {
+    const findings = [];
+    const seenFindings = new Set();
+    for (const [filename, buffer] of contents.files) {
+        if (!isScannable(filename, SCANNABLE_EXTENSIONS_PATTERN))
+            continue;
+        const content = buffer.toString("utf8");
+        for (const rule of CHAIN_RULES) {
+            const stageMatches = checkRule(content, rule);
+            if (!stageMatches)
+                continue;
+            // Deduplicate
+            const key = `${rule.id}:${filename}`;
+            if (seenFindings.has(key))
+                continue;
+            seenFindings.add(key);
+            const firstMatch = stageMatches[0];
+            if (!firstMatch)
+                continue;
+            // Determine category based on rule ID prefix
+            const category = rule.id.startsWith("FLOW_") ? "dataflow" : "behavioral";
+            findings.push({
+                id: rule.id,
+                title: rule.title,
+                description: rule.description,
+                severity: rule.severity,
+                category,
+                location: {
+                    file: filename,
+                    line: findLineNumberByIndex(content, firstMatch.index),
+                },
+                metadata: {
+                    stagesMatched: stageMatches.length,
+                    totalStages: rule.stages.length,
+                    stages: stageMatches.map((m) => ({
+                        id: m.stageId,
+                        name: m.stageName,
+                        matched: m.matched,
+                        line: findLineNumberByIndex(content, m.index),
+                    })),
+                    ...(rule.legitimateUses && { legitimateUses: rule.legitimateUses }),
+                    ...(rule.redFlags && { redFlags: rule.redFlags }),
+                },
+            });
+        }
+    }
+    return findings;
+}
+// Export for testing
+export { CHAIN_RULES, STAGES };
+//# sourceMappingURL=chains.js.map

package/dist/scanner/checks/chains.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chains.js","sourceRoot":"","sources":["../../../src/scanner/checks/chains.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,MAAM,iBAAiB,CAAC;AAE5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAyCpD,gFAAgF;AAChF,6DAA6D;AAC7D,gFAAgF;AAEhF,MAAM,MAAM,GAA+B;IACzC,4CAA4C;IAC5C,QAAQ,EAAE;QACR,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE;YACR,uCAAuC;YACvC,iBAAiB;YACjB,oCAAoC;YACpC,mCAAmC;YACnC,sDAAsD;YACtD,iDAAiD;SAClD;KACF;IACD,cAAc,EAAE;QACd,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE;YACR,cAAc;YACd,aAAa;YACb,eAAe;YACf,wBAAwB;YACxB,oBAAoB;YACpB,UAAU;YACV,YAAY;YACZ,WAAW;YACX,mEAAmE;YACnE,uCAAuC;YACvC,gBAAgB;YAChB,YAAY;SACb;KACF;IACD,WAAW,EAAE;QACX,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE;YACR,kCAAkC;YAClC,WAAW;YACX,WAAW;YACX,qBAAqB;YACrB,qBAAqB;YACrB,cAAc;YACd,oCAAoC;YACpC,sCAAsC;YACtC,iEAAiE;SAClE;KACF;IACD,YAAY,EAAE;QACZ,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE;YACR,wCAAwC;YACxC,mCAAmC;YACnC,0CAA0C;YAC1C,oCAAoC;YACpC,yCAAyC;YACzC,+BAA+B;YAC/B,4DAA4D;YAC5D,2CAA2C;SAC5C;KACF;IACD,UAAU,EAAE;QACV,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE;YACR,iDAAiD;YACjD,aAAa;YACb,yBAAyB;YACzB,iDAAiD;YACjD,kBAAkB;YAClB,qBAAqB;YACrB,kEAAkE;SACnE;KACF;IAED,6CAA6C;IAC7C,YAAY,EAAE;QACZ,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE;YACR,2DAA2D;YAC3D,4BAA4B;YAC5B,0DAA0D;YAC1D,8BAA8B;YAC9B,0BAA0B;YAC1B,iCAAiC;SAClC;KACF;IACD,cAAc,EAAE;QACd,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,CAAC,sBAAsB,EAAE,yBAAyB,EAAE,iBAAiB,CAAC;KACjF;IACD,eAAe,EAAE;QACf,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,CAAC,+BAA+B,EAAE,kCAAkC,CAAC;KAChF;IACD,SAAS,EAAE;QACT,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE;YACR,eAAe;YACf,uBAAuB;YACvB,2CAA2C;SAC5C;KACF;IACD,aAAa,EAAE;QACb,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE;YACR,yDAAyD;YACzD,mDAAmD;SACpD;KACF;IAED,oBAAoB;IACpB,SAAS,EAAE;QACT,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,CAAC,0BAA0B,EAAE,0BAA0B,EAAE,yBAAyB,CAAC;KAC9F;IACD,UAAU,EAAE;QACV,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE;YACR,2BAA2B;YAC3B,0BAA0B;YAC1B,2BAA2B;YAC3B,cAAc;SACf;KACF;IACD,MAAM,EAAE;QACN,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE;YACR,wDAAwD;YACxD,aAAa;YACb,iDAAiD;YACjD,wBAAwB;SACzB;KACF;IACD,OAAO,EAAE;QACP,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE;YACR,cAAc;YACd,WAAW;YACX,mBAAmB;YACnB,eAAe;YACf,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,yBAAyB;YACzB,mBAAmB;SACpB;KACF;IACD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE;YACR,iBAAiB;YACjB,gBAAgB;YAChB,eAAe;YACf,kBAAkB;YAClB,YAAY;YACZ,aAAa;SACd;KACF;IACD,UAAU,EAAE;QACV,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE;YACR,sBAAsB;YACtB,uBAAuB;YACvB,8CAA8C;SAC/C;KACF;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE;YACR,8BAA8B;YAC9B,mCAAmC;YACnC,oBAAoB;YACpB,gCAAgC;YAChC,WAAW;YACX,WAAW;SACZ;KACF;IACD,SAAS,EAAE;QACT,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE;YACR,mBAAmB;YACnB,0BAA0B;YAC1B,uBAAuB;YACvB,oCAAoC;SACrC;KACF;IACD,WAAW,EAAE;QACX,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE;YACR,uBAAuB;YACvB,qCAAqC;YACrC,yBAAyB;SAC1B;KACF;IACD,YAAY,EAAE;QACZ,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC;KAC9F;IACD,aAAa,EAAE;QACb,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,CAAC;KAC5E;IACD,WAAW,EAAE;QACX,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC;KAC1F;CACF,CAAC;AAEF,gFAAgF;AAChF,yDAAyD;AACzD,gFAAgF;AAEhF,MAAM,WAAW,GAAgB;IAC/B,gDAAgD;IAChD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EACT,8FAA8F;QAChG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAE,EAAE,MAAM,CAAC,cAAc,CAAE,CAAC;QACtD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;KAC5D;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,qGAAqG;QACvG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAE,EAAE,MAAM,CAAC,cAAc,CAAE,CAAC;QAC5D,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE,CAAC,uBAAuB,EAAE,0BAA0B,CAAC;KAChE;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,+EAA+E;QAC5F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,aAAa,CAAE,EAAE,MAAM,CAAC,cAAc,CAAE,CAAC;QACzD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE,CAAC,yBAAyB,EAAE,uBAAuB,CAAC;KAC/D;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,6EAA6E;QAC1F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,cAAc,CAAE,EAAE,MAAM,CAAC,cAAc,CAAE,CAAC;QAC1D,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE,CAAC,2BAA2B,EAAE,sBAAsB,CAAC;KAChE;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,8EAA8E;QAC3F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAE,EAAE,MAAM,CAAC,cAAc,CAAE,CAAC;QACxD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,cAAc,EAAE,CAAC,2BAA2B,EAAE,aAAa,CAAC;QAC5D,QAAQ,EAAE,CAAC,gCAAgC,EAAE,iBAAiB,CAAC;KAChE;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAE,EAAE,MAAM,CAAC,iBAAiB,CAAE,CAAC;QACzD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;KAC/B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,aAAa,CAAE,EAAE,MAAM,CAAC,iBAAiB,CAAE,CAAC;QAC5D,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;KAC/B;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAE,EAAE,MAAM,CAAC,eAAe,CAAE,CAAC;QACvD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,cAAc,EAAE,CAAC,0BAA0B,EAAE,gBAAgB,CAAC;QAC9D,QAAQ,EAAE,CAAC,4BAA4B,EAAE,yBAAyB,CAAC;KACpE;IAED,iDAAiD;IACjD;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,iCAAiC;QACxC,WAAW,EACT,yIAAyI;QAC3I,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAE,EAAE,MAAM,CAAC,QAAQ,CAAE,EAAE,MAAM,CAAC,SAAS,CAAE,CAAC;QACrE,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE;YACR,mCAAmC;YACnC,wBAAwB;YACxB,0BAA0B;SAC3B;KACF;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,sHAAsH;QACxH,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAE,EAAE,MAAM,CAAC,MAAM,CAAE,CAAC;QAC7C,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE,CAAC,uBAAuB,EAAE,0BAA0B,CAAC;KAChE;IACD;QACE,EAAE,EAAE,8BAA8B;QAClC,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,2HAA2H;QAC7H,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAE,EAAE,MAAM,CAAC,MAAM,CAAE,EAAE,MAAM,CAAC,SAAS,CAAE,CAAC;QACpE,WAAW,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;QAC5C,cAAc,EAAE,CAAC,eAAe,EAAE,mBAAmB,CAAC;QACtD,QAAQ,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,EAAE,yBAAyB,CAAC;KACrF;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EACT,mHAAmH;QACrH,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAE,EAAE,MAAM,CAAC,YAAY,CAAE,EAAE,MAAM,CAAC,MAAM,CAAE,CAAC;QACrE,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE;YACR,sBAAsB;YACtB,mCAAmC;YACnC,6BAA6B;SAC9B;KACF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,2GAA2G;QAC7G,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAE,EAAE,MAAM,CAAC,aAAa,CAAE,EAAE,MAAM,CAAC,iBAAiB,CAAE,CAAC;QAClF,WAAW,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;QAC5C,cAAc,EAAE,CAAC,8BAA8B,CAAC;QAChD,QAAQ,EAAE,CAAC,yBAAyB,EAAE,0BAA0B,EAAE,2BAA2B,CAAC;KAC/F;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,yEAAyE;QACtF,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAE,EAAE,MAAM,CAAC,QAAQ,CAAE,EAAE,MAAM,CAAC,iBAAiB,CAAE,CAAC;QAClF,WAAW,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;QAC5C,QAAQ,EAAE;YACR,iCAAiC;YACjC,uBAAuB;YACvB,2BAA2B;SAC5B;KACF;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,+BAA+B;QACtC,WAAW,EACT,mFAAmF;QACrF,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,CAAC,MAAM,CAAC,cAAc,CAAE,EAAE,MAAM,CAAC,YAAY,CAAE,CAAC;QACxD,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,cAAc,EAAE,CAAC,2BAA2B,EAAE,+BAA+B,CAAC;QAC9E,QAAQ,EAAE,CAAC,yBAAyB,EAAE,qBAAqB,EAAE,qBAAqB,CAAC;KACpF;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,0GAA0G;QAC5G,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,eAAe,CAAE,EAAE,MAAM,CAAC,aAAa,CAAE,CAAC;QAC1D,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QAC9B,QAAQ,EAAE,CAAC,yBAAyB,EAAE,uBAAuB,EAAE,sBAAsB,CAAC;KACvF;CACF,CAAC;AAEF,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAEhF;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,QAAkB;IACtD,MAAM,OAAO,GAAyC,EAAE,CAAC;IAEzD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC;gBACX,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,OAAe,EAAE,IAAe;IACjD,MAAM,YAAY,GAAiB,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IACnE,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,IAAI,IAAI,CAAC;IAEjD,8BAA8B;IAC9B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,UAAU,EAAE,CAAC;gBACf,YAAY,CAAC,IAAI,CAAC;oBAChB,OAAO,EAAE,KAAK,CAAC,EAAE;oBACjB,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,KAAK,EAAE,UAAU,CAAC,KAAK;oBACvB,OAAO,EAAE,UAAU,CAAC,OAAO;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,IAAI,YAAY,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IACrC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC;QACzD,IAAI,IAAI,GAAG,OAAO,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,gFAAgF;AAChF,cAAc;AACd,gFAAgF;AAEhF,MAAM,UAAU,WAAW,CAAC,QAAsB;IAChD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvC,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,4BAA4B,CAAC;YAAE,SAAS;QAEnE,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAExC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC9C,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,cAAc;YACd,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,QAAQ,EAAE,CAAC;YACrC,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACpC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YACnC,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,6CAA6C;YAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY,CAAC;YAEzE,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ;gBACR,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,qBAAqB,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC;iBACvD;gBACD,QAAQ,EAAE;oBACR,aAAa,EAAE,YAAY,CAAC,MAAM;oBAClC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;oBAC/B,MAAM,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;wBAC/B,EAAE,EAAE,CAAC,CAAC,OAAO;wBACb,IAAI,EAAE,CAAC,CAAC,SAAS;wBACjB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,IAAI,EAAE,qBAAqB,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC;qBAC9C,CAAC,CAAC;oBACH,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnE,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;iBAClD;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,qBAAqB;AACrB,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC"}

package/dist/scanner/checks/chains.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=chains.test.d.ts.map

package/dist/scanner/checks/chains.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chains.test.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/chains.test.ts"],"names":[],"mappings":""}