@trailofbits/vsix-audit 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +23 -30
- package/dist/scanner/checks/ioc.test.js +1 -0
- package/dist/scanner/checks/ioc.test.js.map +1 -1
- package/dist/scanner/checks/package.test.js +1 -0
- package/dist/scanner/checks/package.test.js.map +1 -1
- package/dist/scanner/checks/telemetry.d.ts +6 -0
- package/dist/scanner/checks/telemetry.d.ts.map +1 -0
- package/dist/scanner/checks/telemetry.js +487 -0
- package/dist/scanner/checks/telemetry.js.map +1 -0
- package/dist/scanner/checks/telemetry.test.d.ts +2 -0
- package/dist/scanner/checks/telemetry.test.d.ts.map +1 -0
- package/dist/scanner/checks/telemetry.test.js +583 -0
- package/dist/scanner/checks/telemetry.test.js.map +1 -0
- package/dist/scanner/index.d.ts +1 -1
- package/dist/scanner/index.d.ts.map +1 -1
- package/dist/scanner/index.js +14 -1
- package/dist/scanner/index.js.map +1 -1
- package/dist/scanner/loaders/zoo.d.ts.map +1 -1
- package/dist/scanner/loaders/zoo.js +35 -1
- package/dist/scanner/loaders/zoo.js.map +1 -1
- package/dist/scanner/types.d.ts +8 -0
- package/dist/scanner/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/zoo/signatures/yara/README.md +7 -4
- package/zoo/telemetry/known-services.txt +27 -0
|
@@ -0,0 +1,487 @@
|
|
|
1
|
+
import { isScannable, SCANNABLE_EXTENSIONS_PATTERN } from "../constants.js";
|
|
2
|
+
import { findLineNumberByString } from "../utils.js";
|
|
3
|
+
/**
|
|
4
|
+
* Known telemetry SDK packages and their service info.
|
|
5
|
+
*/
|
|
6
|
+
const TELEMETRY_SDKS = {
|
|
7
|
+
// Crash reporting
|
|
8
|
+
"@sentry/node": { name: "Sentry", category: "crash-reporting" },
|
|
9
|
+
"@sentry/browser": { name: "Sentry", category: "crash-reporting" },
|
|
10
|
+
"@sentry/react": { name: "Sentry", category: "crash-reporting" },
|
|
11
|
+
"@sentry/vue": { name: "Sentry", category: "crash-reporting" },
|
|
12
|
+
bugsnag: { name: "Bugsnag", category: "crash-reporting" },
|
|
13
|
+
"@bugsnag/js": { name: "Bugsnag", category: "crash-reporting" },
|
|
14
|
+
"@bugsnag/node": { name: "Bugsnag", category: "crash-reporting" },
|
|
15
|
+
rollbar: { name: "Rollbar", category: "crash-reporting" },
|
|
16
|
+
raygun4js: { name: "Raygun", category: "crash-reporting" },
|
|
17
|
+
// Analytics
|
|
18
|
+
mixpanel: { name: "Mixpanel", category: "analytics" },
|
|
19
|
+
"mixpanel-browser": { name: "Mixpanel", category: "analytics" },
|
|
20
|
+
"@amplitude/node": { name: "Amplitude", category: "analytics" },
|
|
21
|
+
"@amplitude/analytics-browser": { name: "Amplitude", category: "analytics" },
|
|
22
|
+
"@segment/analytics-node": { name: "Segment", category: "analytics" },
|
|
23
|
+
"analytics-node": { name: "Segment", category: "analytics" },
|
|
24
|
+
"@segment/analytics-next": { name: "Segment", category: "analytics" },
|
|
25
|
+
"posthog-node": { name: "PostHog", category: "analytics" },
|
|
26
|
+
"posthog-js": { name: "PostHog", category: "analytics" },
|
|
27
|
+
heap: { name: "Heap", category: "analytics" },
|
|
28
|
+
"heap-api": { name: "Heap", category: "analytics" },
|
|
29
|
+
// APM
|
|
30
|
+
applicationinsights: { name: "Azure Application Insights", category: "apm" },
|
|
31
|
+
"dd-trace": { name: "Datadog", category: "apm" },
|
|
32
|
+
newrelic: { name: "New Relic", category: "apm" },
|
|
33
|
+
// VS Code specific
|
|
34
|
+
"@vscode/extension-telemetry": { name: "VS Code Telemetry", category: "analytics" },
|
|
35
|
+
"vscode-extension-telemetry": { name: "VS Code Telemetry", category: "analytics" },
|
|
36
|
+
};
|
|
37
|
+
/**
|
|
38
|
+
* Patterns that indicate telemetry URL paths.
|
|
39
|
+
* These patterns are conservative - we want to match actual API endpoints, not docs.
|
|
40
|
+
*/
|
|
41
|
+
const TELEMETRY_URL_PATTERNS = [
|
|
42
|
+
/\/api\/telemetry/i,
|
|
43
|
+
/\/v\d+\/track\b/i,
|
|
44
|
+
/\/collect(?:\/v\d+)?$/i, // /collect or /collect/v1 at end of path
|
|
45
|
+
/\/ingest\b/i,
|
|
46
|
+
/\/metrics$/i, // /metrics at end of path
|
|
47
|
+
];
|
|
48
|
+
/**
|
|
49
|
+
* Domains that are known documentation sites, not telemetry endpoints.
|
|
50
|
+
* URLs from these domains should not trigger unknown telemetry detection.
|
|
51
|
+
*/
|
|
52
|
+
const DOCUMENTATION_DOMAINS = new Set([
|
|
53
|
+
"nodejs.org",
|
|
54
|
+
"developer.mozilla.org",
|
|
55
|
+
"docs.github.com",
|
|
56
|
+
"source.chromium.org",
|
|
57
|
+
"github.com",
|
|
58
|
+
"stackoverflow.com",
|
|
59
|
+
"wikipedia.org",
|
|
60
|
+
"w3.org",
|
|
61
|
+
"tc39.es",
|
|
62
|
+
"ecma-international.org",
|
|
63
|
+
"typescriptlang.org",
|
|
64
|
+
"reactjs.org",
|
|
65
|
+
"vuejs.org",
|
|
66
|
+
"angular.io",
|
|
67
|
+
]);
|
|
68
|
+
/**
|
|
69
|
+
* Data fields commonly collected by telemetry.
|
|
70
|
+
*/
|
|
71
|
+
const DATA_COLLECTION_PATTERNS = [
|
|
72
|
+
{ pattern: /extension[_-]?version/i, field: "extension_version" },
|
|
73
|
+
{ pattern: /vscode[_-]?version/i, field: "vscode_version" },
|
|
74
|
+
{ pattern: /os[_-]?platform/i, field: "os_platform" },
|
|
75
|
+
{ pattern: /os[_-]?version/i, field: "os_version" },
|
|
76
|
+
{ pattern: /machine[_-]?id/i, field: "machine_id" },
|
|
77
|
+
{ pattern: /session[_-]?id/i, field: "session_id" },
|
|
78
|
+
{ pattern: /user[_-]?id/i, field: "user_id" },
|
|
79
|
+
{ pattern: /workspace[_-]?info/i, field: "workspace_info" },
|
|
80
|
+
{ pattern: /file[_-]?paths?/i, field: "file_paths" },
|
|
81
|
+
{ pattern: /user[_-]?behavior/i, field: "user_behavior" },
|
|
82
|
+
{ pattern: /language[_-]?id/i, field: "language_id" },
|
|
83
|
+
{ pattern: /activation[_-]?event/i, field: "activation_event" },
|
|
84
|
+
{ pattern: /command[_-]?id/i, field: "command_id" },
|
|
85
|
+
{ pattern: /error[_-]?stack/i, field: "error_stack" },
|
|
86
|
+
{ pattern: /performance[_-]?metrics/i, field: "performance_metrics" },
|
|
87
|
+
];
|
|
88
|
+
/**
|
|
89
|
+
* Extract URLs from code content.
|
|
90
|
+
*/
|
|
91
|
+
function extractUrls(content) {
|
|
92
|
+
const urlPattern = /https?:\/\/[^\s"'`<>\])}]+/gi;
|
|
93
|
+
const results = [];
|
|
94
|
+
for (const match of content.matchAll(urlPattern)) {
|
|
95
|
+
if (match.index !== undefined) {
|
|
96
|
+
results.push({ url: match[0], index: match.index });
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
return results;
|
|
100
|
+
}
|
|
101
|
+
/**
|
|
102
|
+
* Extract domain from a URL.
|
|
103
|
+
*/
|
|
104
|
+
function extractDomain(url) {
|
|
105
|
+
try {
|
|
106
|
+
const parsed = new URL(url);
|
|
107
|
+
return parsed.hostname.toLowerCase();
|
|
108
|
+
}
|
|
109
|
+
catch {
|
|
110
|
+
return null;
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
/**
|
|
114
|
+
* Check if a domain is a known documentation site.
|
|
115
|
+
*/
|
|
116
|
+
function isDocumentationDomain(domain) {
|
|
117
|
+
// Check exact match
|
|
118
|
+
if (DOCUMENTATION_DOMAINS.has(domain))
|
|
119
|
+
return true;
|
|
120
|
+
// Check if it's a subdomain of a documentation domain
|
|
121
|
+
for (const docDomain of DOCUMENTATION_DOMAINS) {
|
|
122
|
+
if (domain.endsWith(`.${docDomain}`))
|
|
123
|
+
return true;
|
|
124
|
+
}
|
|
125
|
+
return false;
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Check if a URL looks like documentation rather than an API endpoint.
|
|
129
|
+
* This helps filter out false positives from known telemetry service domains.
|
|
130
|
+
*/
|
|
131
|
+
function isDocumentationUrl(url) {
|
|
132
|
+
try {
|
|
133
|
+
const parsed = new URL(url);
|
|
134
|
+
const path = parsed.pathname.toLowerCase();
|
|
135
|
+
// Documentation paths
|
|
136
|
+
if (path.includes("/docs/"))
|
|
137
|
+
return true;
|
|
138
|
+
if (path.includes("/documentation/"))
|
|
139
|
+
return true;
|
|
140
|
+
if (path.includes("/blog/"))
|
|
141
|
+
return true;
|
|
142
|
+
if (path.includes("/guide/"))
|
|
143
|
+
return true;
|
|
144
|
+
if (path.includes("/tutorial/"))
|
|
145
|
+
return true;
|
|
146
|
+
if (path.includes("/help/"))
|
|
147
|
+
return true;
|
|
148
|
+
if (path.includes("/support/"))
|
|
149
|
+
return true;
|
|
150
|
+
if (path.includes("/faq/"))
|
|
151
|
+
return true;
|
|
152
|
+
// HTML pages are usually documentation, not API endpoints
|
|
153
|
+
if (path.endsWith(".html"))
|
|
154
|
+
return true;
|
|
155
|
+
if (path.endsWith(".htm"))
|
|
156
|
+
return true;
|
|
157
|
+
// Marketing/info/UI pages
|
|
158
|
+
if (path.includes("/home"))
|
|
159
|
+
return true;
|
|
160
|
+
if (path.includes("/organizations"))
|
|
161
|
+
return true;
|
|
162
|
+
if (path.includes("/billing/"))
|
|
163
|
+
return true;
|
|
164
|
+
if (path.includes("/settings/"))
|
|
165
|
+
return true;
|
|
166
|
+
if (path.includes("/projects/"))
|
|
167
|
+
return true;
|
|
168
|
+
return false;
|
|
169
|
+
}
|
|
170
|
+
catch {
|
|
171
|
+
return false;
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
/**
|
|
175
|
+
* Check if a URL path matches telemetry patterns.
|
|
176
|
+
*/
|
|
177
|
+
function isTelemetryPath(url) {
|
|
178
|
+
try {
|
|
179
|
+
const parsed = new URL(url);
|
|
180
|
+
// Skip documentation domains
|
|
181
|
+
const domain = parsed.hostname.toLowerCase();
|
|
182
|
+
if (isDocumentationDomain(domain))
|
|
183
|
+
return false;
|
|
184
|
+
return TELEMETRY_URL_PATTERNS.some((pattern) => pattern.test(parsed.pathname));
|
|
185
|
+
}
|
|
186
|
+
catch {
|
|
187
|
+
return false;
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
/**
|
|
191
|
+
* Detect SDK imports in code (both ESM and CommonJS).
|
|
192
|
+
*/
|
|
193
|
+
function detectSdkImports(content) {
|
|
194
|
+
const results = [];
|
|
195
|
+
// ESM: import ... from "package"
|
|
196
|
+
const esmPattern = /import\s+(?:[\w{},\s*]+\s+from\s+)?["']([^"']+)["']/g;
|
|
197
|
+
for (const match of content.matchAll(esmPattern)) {
|
|
198
|
+
const pkg = match[1];
|
|
199
|
+
if (pkg && TELEMETRY_SDKS[pkg]) {
|
|
200
|
+
const info = TELEMETRY_SDKS[pkg];
|
|
201
|
+
if (info) {
|
|
202
|
+
results.push({ pkg, info, index: match.index ?? 0 });
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
// CommonJS: require("package")
|
|
207
|
+
const cjsPattern = /require\s*\(\s*["']([^"']+)["']\s*\)/g;
|
|
208
|
+
for (const match of content.matchAll(cjsPattern)) {
|
|
209
|
+
const pkg = match[1];
|
|
210
|
+
if (pkg && TELEMETRY_SDKS[pkg]) {
|
|
211
|
+
const info = TELEMETRY_SDKS[pkg];
|
|
212
|
+
if (info) {
|
|
213
|
+
results.push({ pkg, info, index: match.index ?? 0 });
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
return results;
|
|
218
|
+
}
|
|
219
|
+
/**
|
|
220
|
+
* Detect VS Code API opt-out usage.
|
|
221
|
+
*/
|
|
222
|
+
function detectVsCodeApiOptOut(content) {
|
|
223
|
+
// vscode.env.isTelemetryEnabled
|
|
224
|
+
return /vscode\.env\.isTelemetryEnabled/i.test(content);
|
|
225
|
+
}
|
|
226
|
+
/**
|
|
227
|
+
* Detect code conditional opt-out patterns.
|
|
228
|
+
*/
|
|
229
|
+
function detectCodeConditionalOptOut(content) {
|
|
230
|
+
// Common patterns for configuration-based opt-out
|
|
231
|
+
const patterns = [
|
|
232
|
+
/getConfiguration\s*\([^)]*\)\s*\.\s*get\s*\(\s*["']([^"']*telemetry[^"']*)["']/i,
|
|
233
|
+
/getConfiguration\s*\(\s*["']([^"']+)["']\s*\)\s*\.\s*get\s*\(\s*["']([^"']*enable[^"']*)["']/i,
|
|
234
|
+
/config\s*\.\s*get\s*\(\s*["']([^"']*telemetry[^"']*)["']/i,
|
|
235
|
+
];
|
|
236
|
+
for (const pattern of patterns) {
|
|
237
|
+
const match = content.match(pattern);
|
|
238
|
+
if (match) {
|
|
239
|
+
return { found: true, settingName: match[1] ?? match[2] ?? null };
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
return { found: false, settingName: null };
|
|
243
|
+
}
|
|
244
|
+
/**
|
|
245
|
+
* Check manifest for telemetry configuration settings.
|
|
246
|
+
*/
|
|
247
|
+
function detectManifestOptOut(manifest) {
|
|
248
|
+
const contributes = manifest.contributes;
|
|
249
|
+
if (!contributes)
|
|
250
|
+
return { found: false, settingName: null };
|
|
251
|
+
const configuration = contributes["configuration"];
|
|
252
|
+
if (!configuration)
|
|
253
|
+
return { found: false, settingName: null };
|
|
254
|
+
// configuration can be an object or array
|
|
255
|
+
const configs = Array.isArray(configuration) ? configuration : [configuration];
|
|
256
|
+
for (const config of configs) {
|
|
257
|
+
if (typeof config !== "object" || !config)
|
|
258
|
+
continue;
|
|
259
|
+
const properties = config.properties;
|
|
260
|
+
if (!properties)
|
|
261
|
+
continue;
|
|
262
|
+
for (const [key, _value] of Object.entries(properties)) {
|
|
263
|
+
const keyLower = key.toLowerCase();
|
|
264
|
+
if (keyLower.includes("telemetry") ||
|
|
265
|
+
keyLower.includes("analytics") ||
|
|
266
|
+
keyLower.includes("tracking")) {
|
|
267
|
+
return { found: true, settingName: key };
|
|
268
|
+
}
|
|
269
|
+
}
|
|
270
|
+
}
|
|
271
|
+
return { found: false, settingName: null };
|
|
272
|
+
}
|
|
273
|
+
/**
|
|
274
|
+
* Detect data collection patterns near a given position in the code.
|
|
275
|
+
*/
|
|
276
|
+
function detectDataCollection(content, nearIndex) {
|
|
277
|
+
// Look at 2000 chars around the telemetry code for data patterns
|
|
278
|
+
const contextStart = Math.max(0, nearIndex - 1000);
|
|
279
|
+
const contextEnd = Math.min(content.length, nearIndex + 1000);
|
|
280
|
+
const context = content.slice(contextStart, contextEnd);
|
|
281
|
+
const collected = [];
|
|
282
|
+
for (const { pattern, field } of DATA_COLLECTION_PATTERNS) {
|
|
283
|
+
if (pattern.test(context)) {
|
|
284
|
+
collected.push(field);
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
return collected;
|
|
288
|
+
}
|
|
289
|
+
/**
|
|
290
|
+
* Determine opt-out information for a file.
|
|
291
|
+
*/
|
|
292
|
+
function determineOptOut(content, manifest, allFileContents) {
|
|
293
|
+
// Check VS Code API first (highest priority)
|
|
294
|
+
// Check all files since opt-out might be in a different file than telemetry
|
|
295
|
+
for (const fileContent of allFileContents.values()) {
|
|
296
|
+
if (detectVsCodeApiOptOut(fileContent)) {
|
|
297
|
+
return {
|
|
298
|
+
available: true,
|
|
299
|
+
method: "vscode-api",
|
|
300
|
+
settingName: "vscode.env.isTelemetryEnabled",
|
|
301
|
+
};
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
// Check current file for VS Code API
|
|
305
|
+
if (detectVsCodeApiOptOut(content)) {
|
|
306
|
+
return {
|
|
307
|
+
available: true,
|
|
308
|
+
method: "vscode-api",
|
|
309
|
+
settingName: "vscode.env.isTelemetryEnabled",
|
|
310
|
+
};
|
|
311
|
+
}
|
|
312
|
+
// Check manifest for configuration
|
|
313
|
+
const manifestOptOut = detectManifestOptOut(manifest);
|
|
314
|
+
if (manifestOptOut.found) {
|
|
315
|
+
return {
|
|
316
|
+
available: true,
|
|
317
|
+
method: "manifest-config",
|
|
318
|
+
settingName: manifestOptOut.settingName,
|
|
319
|
+
};
|
|
320
|
+
}
|
|
321
|
+
// Check code conditional patterns in all files
|
|
322
|
+
for (const fileContent of allFileContents.values()) {
|
|
323
|
+
const codeOptOut = detectCodeConditionalOptOut(fileContent);
|
|
324
|
+
if (codeOptOut.found) {
|
|
325
|
+
return {
|
|
326
|
+
available: true,
|
|
327
|
+
method: "code-conditional",
|
|
328
|
+
settingName: codeOptOut.settingName,
|
|
329
|
+
};
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
// Check current file for code conditional
|
|
333
|
+
const codeOptOut = detectCodeConditionalOptOut(content);
|
|
334
|
+
if (codeOptOut.found) {
|
|
335
|
+
return {
|
|
336
|
+
available: true,
|
|
337
|
+
method: "code-conditional",
|
|
338
|
+
settingName: codeOptOut.settingName,
|
|
339
|
+
};
|
|
340
|
+
}
|
|
341
|
+
return { available: false, method: "none", settingName: null };
|
|
342
|
+
}
|
|
343
|
+
/**
|
|
344
|
+
* Analyze a file for telemetry usage.
|
|
345
|
+
*/
|
|
346
|
+
function analyzeFile(filename, content, manifest, telemetryServices, allFileContents, seenServices) {
|
|
347
|
+
const detections = [];
|
|
348
|
+
// Detect SDK imports
|
|
349
|
+
const sdkImports = detectSdkImports(content);
|
|
350
|
+
for (const { pkg, info, index } of sdkImports) {
|
|
351
|
+
const serviceKey = `${info.name}:sdk`;
|
|
352
|
+
if (seenServices.has(serviceKey))
|
|
353
|
+
continue;
|
|
354
|
+
seenServices.add(serviceKey);
|
|
355
|
+
const line = findLineNumberByString(content, pkg);
|
|
356
|
+
const dataCollected = detectDataCollection(content, index);
|
|
357
|
+
const optOut = determineOptOut(content, manifest, allFileContents);
|
|
358
|
+
detections.push({
|
|
359
|
+
serviceName: info.name,
|
|
360
|
+
serviceCategory: info.category,
|
|
361
|
+
endpoint: null,
|
|
362
|
+
sdkPackage: pkg,
|
|
363
|
+
isKnownService: true,
|
|
364
|
+
dataCollected,
|
|
365
|
+
optOut,
|
|
366
|
+
file: filename,
|
|
367
|
+
line,
|
|
368
|
+
});
|
|
369
|
+
}
|
|
370
|
+
// Detect telemetry endpoints
|
|
371
|
+
const urls = extractUrls(content);
|
|
372
|
+
for (const { url, index } of urls) {
|
|
373
|
+
const domain = extractDomain(url);
|
|
374
|
+
if (!domain)
|
|
375
|
+
continue;
|
|
376
|
+
// Skip documentation URLs for known services
|
|
377
|
+
// (e.g., https://posthog.com/docs/... is not a telemetry endpoint)
|
|
378
|
+
if (isDocumentationUrl(url))
|
|
379
|
+
continue;
|
|
380
|
+
// Check against known telemetry services
|
|
381
|
+
const serviceInfo = telemetryServices.get(domain);
|
|
382
|
+
if (serviceInfo) {
|
|
383
|
+
// Only flag one endpoint per service per file
|
|
384
|
+
const serviceKey = `${serviceInfo.name}:endpoint`;
|
|
385
|
+
if (seenServices.has(serviceKey))
|
|
386
|
+
continue;
|
|
387
|
+
seenServices.add(serviceKey);
|
|
388
|
+
const line = findLineNumberByString(content, url);
|
|
389
|
+
const dataCollected = detectDataCollection(content, index);
|
|
390
|
+
const optOut = determineOptOut(content, manifest, allFileContents);
|
|
391
|
+
detections.push({
|
|
392
|
+
serviceName: serviceInfo.name,
|
|
393
|
+
serviceCategory: serviceInfo.category,
|
|
394
|
+
endpoint: url,
|
|
395
|
+
sdkPackage: null,
|
|
396
|
+
isKnownService: true,
|
|
397
|
+
dataCollected,
|
|
398
|
+
optOut,
|
|
399
|
+
file: filename,
|
|
400
|
+
line,
|
|
401
|
+
});
|
|
402
|
+
}
|
|
403
|
+
else if (isTelemetryPath(url)) {
|
|
404
|
+
// Unknown service but telemetry-like URL path
|
|
405
|
+
const serviceKey = `unknown:endpoint:${domain}`;
|
|
406
|
+
if (seenServices.has(serviceKey))
|
|
407
|
+
continue;
|
|
408
|
+
seenServices.add(serviceKey);
|
|
409
|
+
const line = findLineNumberByString(content, url);
|
|
410
|
+
const dataCollected = detectDataCollection(content, index);
|
|
411
|
+
const optOut = determineOptOut(content, manifest, allFileContents);
|
|
412
|
+
detections.push({
|
|
413
|
+
serviceName: domain,
|
|
414
|
+
serviceCategory: "analytics",
|
|
415
|
+
endpoint: url,
|
|
416
|
+
sdkPackage: null,
|
|
417
|
+
isKnownService: false,
|
|
418
|
+
dataCollected,
|
|
419
|
+
optOut,
|
|
420
|
+
file: filename,
|
|
421
|
+
line,
|
|
422
|
+
});
|
|
423
|
+
}
|
|
424
|
+
}
|
|
425
|
+
return detections;
|
|
426
|
+
}
|
|
427
|
+
/**
|
|
428
|
+
* Convert a detection to a finding.
|
|
429
|
+
*/
|
|
430
|
+
function detectionToFinding(detection) {
|
|
431
|
+
const optOutStatus = detection.optOut.available
|
|
432
|
+
? `Opt-out available via ${detection.optOut.method}${detection.optOut.settingName ? ` (${detection.optOut.settingName})` : ""}.`
|
|
433
|
+
: "No opt-out mechanism detected.";
|
|
434
|
+
const detectionMethod = detection.sdkPackage
|
|
435
|
+
? `via SDK import (${detection.sdkPackage})`
|
|
436
|
+
: `via endpoint URL`;
|
|
437
|
+
const description = `Extension sends telemetry to ${detection.serviceName} ${detectionMethod}. ${optOutStatus}`;
|
|
438
|
+
// High severity if no opt-out, medium if opt-out exists
|
|
439
|
+
const severity = detection.optOut.available ? "medium" : "high";
|
|
440
|
+
return {
|
|
441
|
+
id: "TELEMETRY_DETECTED",
|
|
442
|
+
title: `Telemetry detected: ${detection.serviceName}`,
|
|
443
|
+
description,
|
|
444
|
+
severity,
|
|
445
|
+
category: "telemetry",
|
|
446
|
+
location: detection.line !== undefined
|
|
447
|
+
? { file: detection.file, line: detection.line }
|
|
448
|
+
: { file: detection.file },
|
|
449
|
+
metadata: {
|
|
450
|
+
endpoint: detection.endpoint,
|
|
451
|
+
isKnownService: detection.isKnownService,
|
|
452
|
+
serviceName: detection.serviceName,
|
|
453
|
+
sdkPackage: detection.sdkPackage,
|
|
454
|
+
serviceCategory: detection.serviceCategory,
|
|
455
|
+
dataCollected: detection.dataCollected,
|
|
456
|
+
optOut: detection.optOut,
|
|
457
|
+
},
|
|
458
|
+
};
|
|
459
|
+
}
|
|
460
|
+
/**
|
|
461
|
+
* Main telemetry check function.
|
|
462
|
+
*/
|
|
463
|
+
export function checkTelemetry(contents, zooData) {
|
|
464
|
+
const findings = [];
|
|
465
|
+
// Pre-load all file contents for cross-file opt-out detection
|
|
466
|
+
const allFileContents = new Map();
|
|
467
|
+
for (const [filename, buffer] of contents.files) {
|
|
468
|
+
if (filename.includes("node_modules/") || filename.includes("vendor/"))
|
|
469
|
+
continue;
|
|
470
|
+
if (!isScannable(filename, SCANNABLE_EXTENSIONS_PATTERN))
|
|
471
|
+
continue;
|
|
472
|
+
const ext = filename.slice(filename.lastIndexOf(".")).toLowerCase();
|
|
473
|
+
if (![".js", ".ts", ".mjs", ".cjs", ".jsx", ".tsx"].includes(ext))
|
|
474
|
+
continue;
|
|
475
|
+
allFileContents.set(filename, buffer.toString("utf8"));
|
|
476
|
+
}
|
|
477
|
+
// Track services seen across all files to avoid duplicate findings
|
|
478
|
+
const seenServices = new Set();
|
|
479
|
+
for (const [filename, content] of allFileContents) {
|
|
480
|
+
const detections = analyzeFile(filename, content, contents.manifest, zooData.telemetryServices, allFileContents, seenServices);
|
|
481
|
+
for (const detection of detections) {
|
|
482
|
+
findings.push(detectionToFinding(detection));
|
|
483
|
+
}
|
|
484
|
+
}
|
|
485
|
+
return findings;
|
|
486
|
+
}
|
|
487
|
+
//# sourceMappingURL=telemetry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../../src/scanner/checks/telemetry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,MAAM,iBAAiB,CAAC;AAS5E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAErD;;GAEG;AACH,MAAM,cAAc,GAAkE;IACpF,kBAAkB;IAClB,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IAC/D,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IAClE,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IAChE,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IAC9D,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IACzD,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IAC/D,eAAe,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IACjE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IACzD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,EAAE;IAE1D,YAAY;IACZ,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE;IACrD,kBAAkB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/D,iBAAiB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/D,8BAA8B,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC5E,yBAAyB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IACrE,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC5D,yBAAyB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IACrE,cAAc,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC1D,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE;IACxD,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7C,UAAU,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE;IAEnD,MAAM;IACN,mBAAmB,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC5E,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChD,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE;IAEhD,mBAAmB;IACnB,6BAA6B,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACnF,4BAA4B,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;CACnF,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAG;IAC7B,mBAAmB;IACnB,kBAAkB;IAClB,wBAAwB,EAAE,yCAAyC;IACnE,aAAa;IACb,aAAa,EAAE,0BAA0B;CAC1C,CAAC;AAEF;;;GAGG;AACH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,YAAY;IACZ,uBAAuB;IACvB,iBAAiB;IACjB,qBAAqB;IACrB,YAAY;IACZ,mBAAmB;IACnB,eAAe;IACf,QAAQ;IACR,SAAS;IACT,wBAAwB;IACxB,oBAAoB;IACpB,aAAa;IACb,WAAW;IACX,YAAY;CACb,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,wBAAwB,GAA8C;IAC1E,EAAE,OAAO,EAAE,wBAAwB,EAAE,KAAK,EAAE,mBAAmB,EAAE;IACjE,EAAE,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAC3D,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE;IACrD,EAAE,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,YAAY,EAAE;IACnD,EAAE,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,YAAY,EAAE;IACnD,EAAE,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,YAAY,EAAE;IACnD,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAC3D,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAE,eAAe,EAAE;IACzD,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE;IACrD,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,kBAAkB,EAAE;IAC/D,EAAE,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,YAAY,EAAE;IACnD,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE;IACrD,EAAE,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,qBAAqB,EAAE;CACtE,CAAC;AAsBF;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,UAAU,GAAG,8BAA8B,CAAC;IAClD,MAAM,OAAO,GAA0C,EAAE,CAAC;IAE1D,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,oBAAoB;IACpB,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnD,sDAAsD;IACtD,KAAK,MAAM,SAAS,IAAI,qBAAqB,EAAE,CAAC;QAC9C,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;IACpD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE3C,sBAAsB;QACtB,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAAE,OAAO,IAAI,CAAC;QAClD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1C,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;QAExC,0DAA0D;QAC1D,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;QACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAEvC,0BAA0B;QAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;QACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAAE,OAAO,IAAI,CAAC;QACjD,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QAE7C,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,6BAA6B;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,qBAAqB,CAAC,MAAM,CAAC;YAAE,OAAO,KAAK,CAAC;QAEhD,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,OAAe;IAEf,MAAM,OAAO,GAIR,EAAE,CAAC;IAER,iCAAiC;IACjC,MAAM,UAAU,GAAG,sDAAsD,CAAC;IAC1E,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,IAAI,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,UAAU,GAAG,uCAAuC,CAAC;IAC3D,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,IAAI,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAC5C,gCAAgC;IAChC,OAAO,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,OAAe;IAIlD,kDAAkD;IAClD,MAAM,QAAQ,GAAG;QACf,iFAAiF;QACjF,+FAA+F;QAC/F,2DAA2D;KAC5D,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QACpE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,QAAsB;IAIlD,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;IACzC,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAE7D,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;IACnD,IAAI,CAAC,aAAa;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAE/D,0CAA0C;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IAE/E,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM;YAAE,SAAS;QAEpD,MAAM,UAAU,GAAI,MAAmD,CAAC,UAAU,CAAC;QACnF,IAAI,CAAC,UAAU;YAAE,SAAS;QAE1B,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YACnC,IACE,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC9B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC9B,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC7B,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAe,EAAE,SAAiB;IAC9D,iEAAiE;IACjE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,IAAI,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAExD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,wBAAwB,EAAE,CAAC;QAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,OAAe,EACf,QAAsB,EACtB,eAAoC;IAEpC,6CAA6C;IAC7C,4EAA4E;IAC5E,KAAK,MAAM,WAAW,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QACnD,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,YAAY;gBACpB,WAAW,EAAE,+BAA+B;aAC7C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,+BAA+B;SAC7C,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,cAAc,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACtD,IAAI,cAAc,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO;YACL,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,cAAc,CAAC,WAAW;SACxC,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,KAAK,MAAM,WAAW,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,2BAA2B,CAAC,WAAW,CAAC,CAAC;QAC5D,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,kBAAkB;gBAC1B,WAAW,EAAE,UAAU,CAAC,WAAW;aACpC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,UAAU,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO;YACL,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,kBAAkB;YAC1B,WAAW,EAAE,UAAU,CAAC,WAAW;SACpC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACjE,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,QAAgB,EAChB,OAAe,EACf,QAAsB,EACtB,iBAAoD,EACpD,eAAoC,EACpC,YAAyB;IAEzB,MAAM,UAAU,GAAyB,EAAE,CAAC;IAE5C,qBAAqB;IACrB,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,UAAU,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,IAAI,MAAM,CAAC;QACtC,IAAI,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QAC3C,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE7B,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAClD,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;QAEnE,UAAU,CAAC,IAAI,CAAC;YACd,WAAW,EAAE,IAAI,CAAC,IAAI;YACtB,eAAe,EAAE,IAAI,CAAC,QAAQ;YAC9B,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,GAAG;YACf,cAAc,EAAE,IAAI;YACpB,aAAa;YACb,MAAM;YACN,IAAI,EAAE,QAAQ;YACd,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAClC,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,6CAA6C;QAC7C,mEAAmE;QACnE,IAAI,kBAAkB,CAAC,GAAG,CAAC;YAAE,SAAS;QAEtC,yCAAyC;QACzC,MAAM,WAAW,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,WAAW,EAAE,CAAC;YAChB,8CAA8C;YAC9C,MAAM,UAAU,GAAG,GAAG,WAAW,CAAC,IAAI,WAAW,CAAC;YAClD,IAAI,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,SAAS;YAC3C,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAE7B,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YAEnE,UAAU,CAAC,IAAI,CAAC;gBACd,WAAW,EAAE,WAAW,CAAC,IAAI;gBAC7B,eAAe,EAAE,WAAW,CAAC,QAAQ;gBACrC,QAAQ,EAAE,GAAG;gBACb,UAAU,EAAE,IAAI;gBAChB,cAAc,EAAE,IAAI;gBACpB,aAAa;gBACb,MAAM;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI;aACL,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,8CAA8C;YAC9C,MAAM,UAAU,GAAG,oBAAoB,MAAM,EAAE,CAAC;YAChD,IAAI,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,SAAS;YAC3C,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAE7B,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClD,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YAEnE,UAAU,CAAC,IAAI,CAAC;gBACd,WAAW,EAAE,MAAM;gBACnB,eAAe,EAAE,WAAW;gBAC5B,QAAQ,EAAE,GAAG;gBACb,UAAU,EAAE,IAAI;gBAChB,cAAc,EAAE,KAAK;gBACrB,aAAa;gBACb,MAAM;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI;aACL,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,SAA6B;IACvD,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,SAAS;QAC7C,CAAC,CAAC,yBAAyB,SAAS,CAAC,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG;QAChI,CAAC,CAAC,gCAAgC,CAAC;IAErC,MAAM,eAAe,GAAG,SAAS,CAAC,UAAU;QAC1C,CAAC,CAAC,mBAAmB,SAAS,CAAC,UAAU,GAAG;QAC5C,CAAC,CAAC,kBAAkB,CAAC;IAEvB,MAAM,WAAW,GAAG,gCAAgC,SAAS,CAAC,WAAW,IAAI,eAAe,KAAK,YAAY,EAAE,CAAC;IAEhH,wDAAwD;IACxD,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;IAEhE,OAAO;QACL,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,uBAAuB,SAAS,CAAC,WAAW,EAAE;QACrD,WAAW;QACX,QAAQ;QACR,QAAQ,EAAE,WAAW;QACrB,QAAQ,EACN,SAAS,CAAC,IAAI,KAAK,SAAS;YAC1B,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE;YAChD,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE;QAC9B,QAAQ,EAAE;YACR,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,cAAc,EAAE,SAAS,CAAC,cAAc;YACxC,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,aAAa,EAAE,SAAS,CAAC,aAAa;YACtC,MAAM,EAAE,SAAS,CAAC,MAAM;SACzB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,QAAsB,EAAE,OAAgB;IACrE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,8DAA8D;IAC9D,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;IAClD,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,SAAS;QACjF,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,4BAA4B,CAAC;YAAE,SAAS;QAEnE,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,SAAS;QAE5E,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,mEAAmE;IACnE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,eAAe,EAAE,CAAC;QAClD,MAAM,UAAU,GAAG,WAAW,CAC5B,QAAQ,EACR,OAAO,EACP,QAAQ,CAAC,QAAQ,EACjB,OAAO,CAAC,iBAAiB,EACzB,eAAe,EACf,YAAY,CACb,CAAC;QAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.test.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/telemetry.test.ts"],"names":[],"mappings":""}
|