npm - @voidagency/web-scanner - Versions diffs - 0.0.1 - Mend

@voidagency/web-scanner 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/README.md +198 -0
package/dist/aggregator.d.ts +65 -0
package/dist/aggregator.d.ts.map +1 -0
package/dist/aggregator.js +546 -0
package/dist/aggregator.js.map +1 -0
package/dist/categories.d.ts +59 -0
package/dist/categories.d.ts.map +1 -0
package/dist/categories.js +278 -0
package/dist/categories.js.map +1 -0
package/dist/cli.d.ts +12 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +457 -0
package/dist/cli.js.map +1 -0
package/dist/config.d.ts +19 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +121 -0
package/dist/config.js.map +1 -0
package/dist/coverage.d.ts +49 -0
package/dist/coverage.d.ts.map +1 -0
package/dist/coverage.js +165 -0
package/dist/coverage.js.map +1 -0
package/dist/enrichers/nvd.d.ts +55 -0
package/dist/enrichers/nvd.d.ts.map +1 -0
package/dist/enrichers/nvd.js +326 -0
package/dist/enrichers/nvd.js.map +1 -0
package/dist/report.d.ts +12 -0
package/dist/report.d.ts.map +1 -0
package/dist/report.js +460 -0
package/dist/report.js.map +1 -0
package/dist/runners/nuclei.d.ts +59 -0
package/dist/runners/nuclei.d.ts.map +1 -0
package/dist/runners/nuclei.js +531 -0
package/dist/runners/nuclei.js.map +1 -0
package/dist/runners/testssl.d.ts +16 -0
package/dist/runners/testssl.d.ts.map +1 -0
package/dist/runners/testssl.js +179 -0
package/dist/runners/testssl.js.map +1 -0
package/dist/runners/zap.d.ts +30 -0
package/dist/runners/zap.d.ts.map +1 -0
package/dist/runners/zap.js +389 -0
package/dist/runners/zap.js.map +1 -0
package/dist/types.d.ts +172 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +6 -0
package/dist/types.js.map +1 -0
package/package.json +54 -0
package/templates/drupal-api-index-exposed.yaml +81 -0
package/templates/drupal-api-user-detail.yaml +76 -0
package/templates/drupal-api-user-listing.yaml +59 -0
package/templates/drupal-dev-files-exposed.yaml +73 -0
package/templates/drupal-file-path-disclosure.yaml +59 -0
package/templates/drupal-files-listing.yaml +63 -0
package/templates/drupal-install-error-disclosure.yaml +62 -0
package/templates/drupal-theme-lockfiles.yaml +79 -0
package/templates/drupal-version-detect.yaml +89 -0
package/templates/http-options-enabled.yaml +56 -0
package/templates/nextjs-version-detect.yaml +35 -0
package/templates/php-version-detect.yaml +37 -0
package/zap.yaml +33 -0

package/dist/aggregator.js ADDED Viewed

@@ -0,0 +1,546 @@
+/**
+ * Finding Aggregator
+ * Combine and normalize findings from all scanning tools
+ */
+import { enrichWithNvd, getCvesForTechnology } from './enrichers/nvd.js';
+import { calculateCoverage, markTestedCategories, getCoverageForReport, getPassedChecksForReport } from './coverage.js';
+/**
+ * Count findings by severity
+ */
+export function countSeverities(findings) {
+    const counts = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        info: 0,
+    };
+    for (const finding of findings) {
+        counts[finding.severity]++;
+    }
+    return counts;
+}
+/**
+ * Sort findings by severity (critical first)
+ */
+export function sortBySeverity(findings) {
+    const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+    return [...findings].sort((a, b) => order[a.severity] - order[b.severity]);
+}
+/**
+ * Re-number findings sequentially
+ */
+export function renumberFindings(findings) {
+    return findings.map((f, i) => ({
+        ...f,
+        id: String(i + 1).padStart(3, '0'),
+    }));
+}
+/**
+ * Deduplicate findings by title and target
+ */
+export function deduplicateFindings(findings) {
+    const seen = new Set();
+    const unique = [];
+    for (const finding of findings) {
+        const key = `${finding.title}|${finding.target}`;
+        if (!seen.has(key)) {
+            seen.add(key);
+            unique.push(finding);
+        }
+    }
+    return unique;
+}
+/**
+ * Patterns that identify version disclosure findings - should be consolidated
+ */
+const VERSION_DISCLOSURE_PATTERNS = [
+    /Server Leaks.*Version/i,
+    /Server Leaks.*X-Powered-By/i,
+    /In Page Banner Information Leak/i,
+    /Version Information.*Leak/i,
+    /Information Leak.*Version/i,
+];
+/**
+ * Check if a finding is about version disclosure
+ */
+function isVersionDisclosure(finding) {
+    return VERSION_DISCLOSURE_PATTERNS.some(pattern => pattern.test(finding.title));
+}
+/**
+ * Check if a finding is a CSP-related finding
+ */
+function isCspFinding(finding) {
+    return finding.title.startsWith('CSP:') ||
+        finding.title.includes('Content Security Policy');
+}
+/**
+ * Consolidate CSP findings into one
+ */
+function consolidateCspFindings(findings) {
+    const cspFindings = findings.filter(isCspFinding);
+    const otherFindings = findings.filter(f => !isCspFinding(f));
+    if (cspFindings.length <= 1) {
+        return findings; // Nothing to consolidate
+    }
+    // Extract the specific CSP issues (e.g., "script-src unsafe-inline", "style-src unsafe-inline")
+    const issues = cspFindings.map(f => {
+        const match = /CSP:\s*(.+)/i.exec(f.title);
+        return match ? match[1] : f.title;
+    });
+    // Get highest severity among CSP findings
+    const severityOrder = { critical: 4, high: 3, medium: 2, low: 1, info: 0 };
+    const highestSeverity = cspFindings.reduce((max, f) => severityOrder[f.severity] > severityOrder[max.severity] ? f : max).severity;
+    const consolidated = {
+        id: '',
+        title: 'Content Security Policy Issues',
+        description: 'The Content Security Policy (CSP) header has multiple configuration issues that could allow XSS attacks:\n• ' +
+            issues.join('\n• ') +
+            '\n\nCSP is a security header that helps prevent XSS by specifying which sources of content are allowed to load.',
+        severity: highestSeverity,
+        source: cspFindings[0].source,
+        target: cspFindings[0].target,
+        cwe: 'CWE-693',
+        tags: ['csp', 'header', 'security-misconfiguration', 'xss'],
+        matcher: issues.join(', '),
+        references: [
+            'https://content-security-policy.com/',
+            'https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP',
+        ],
+    };
+    return [...otherFindings, consolidated];
+}
+/**
+ * Consolidate version disclosure findings into one
+ */
+function consolidateVersionDisclosures(findings) {
+    const versionFindings = findings.filter(isVersionDisclosure);
+    const otherFindings = findings.filter(f => !isVersionDisclosure(f));
+    if (versionFindings.length <= 1) {
+        return findings; // Nothing to consolidate
+    }
+    // Merge all version disclosures into one
+    const versions = versionFindings
+        .map(f => f.matcher || f.extracted?.[0])
+        .filter(Boolean);
+    const consolidated = {
+        id: '',
+        title: 'Server Version Disclosure',
+        description: 'The server leaks version information through HTTP headers and responses. ' +
+            'This information can help attackers identify specific vulnerabilities for the software versions in use.',
+        severity: 'low',
+        source: versionFindings[0].source,
+        target: versionFindings[0].target,
+        cwe: 'CWE-200',
+        tags: ['version-disclosure', 'info-disclosure', 'headers'],
+        matcher: versions.join(', '),
+        affectedUrls: versionFindings.map(f => f.target),
+        references: ['https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server'],
+    };
+    return [...otherFindings, consolidated];
+}
+/**
+ * Consolidate findings - group same vulnerability type across multiple URLs
+ * Results in one finding with list of affected URLs
+ */
+export function consolidateFindings(findings) {
+    // Consolidate special categories first
+    findings = consolidateVersionDisclosures(findings);
+    findings = consolidateCspFindings(findings);
+    // Group by: title + severity + templateId (same vulnerability type)
+    const groups = new Map();
+    for (const finding of findings) {
+        // Use templateId if available, otherwise title
+        const key = `${finding.templateId || finding.title}|${finding.severity}`;
+        if (!groups.has(key)) {
+            groups.set(key, []);
+        }
+        groups.get(key).push(finding);
+    }
+    // Convert groups to consolidated findings
+    const consolidated = [];
+    for (const [, group] of groups) {
+        if (group.length === 1) {
+            // Single finding, no consolidation needed
+            consolidated.push(group[0]);
+        }
+        else {
+            // Multiple findings - consolidate
+            const first = group[0];
+            const allUrls = group.map(f => f.target);
+            const allExtracted = group.flatMap(f => f.extracted || []);
+            // Limit extracted values (avoid noise from files like composer.lock)
+            const uniqueExtracted = [...new Set(allExtracted)];
+            const limitedExtracted = uniqueExtracted.length > 5
+                ? [...uniqueExtracted.slice(0, 5), `... and ${uniqueExtracted.length - 5} more`]
+                : uniqueExtracted;
+            consolidated.push({
+                ...first,
+                // Keep first URL as main target
+                target: first.target,
+                // List all affected URLs
+                affectedUrls: allUrls,
+                // Merge extracted values (limited to avoid noise)
+                extracted: limitedExtracted.length > 0 ? limitedExtracted : undefined,
+                // Keep one curl command as example
+                curl: first.curl,
+            });
+        }
+    }
+    return consolidated;
+}
+/**
+ * Merge technology detections from multiple sources
+ */
+export function mergeTechnologies(techLists) {
+    const byHost = new Map();
+    for (const techs of techLists) {
+        for (const tech of techs) {
+            if (!byHost.has(tech.host)) {
+                byHost.set(tech.host, new Set());
+            }
+            for (const t of tech.technologies) {
+                byHost.get(tech.host).add(t);
+            }
+        }
+    }
+    return Array.from(byHost.entries()).map(([host, techs]) => ({
+        host,
+        technologies: Array.from(techs).sort(),
+    }));
+}
+/**
+ * Format duration in human-readable format
+ */
+export function formatDuration(ms) {
+    const seconds = Math.floor(ms / 1000);
+    const minutes = Math.floor(seconds / 60);
+    const remainingSeconds = seconds % 60;
+    if (minutes > 0) {
+        return `${minutes}m ${remainingSeconds}s`;
+    }
+    return `${seconds}s`;
+}
+/**
+ * Extract technology name from finding title
+ */
+function extractTechFromTitle(title) {
+    // Common patterns: "Nginx End-of-Life - Detect", "Drupal - Detect", "PHP - Version"
+    const patterns = [
+        /^(nginx|apache|drupal|wordpress|php|mysql|nodejs|openssl|jquery|bootstrap|tomcat)/i,
+        /^([a-z0-9.]+)\s+(?:End-of-Life|Version|Detect)/i,
+        /^([a-z0-9.]+)\s+-\s+(?:Detect|Version)/i,
+    ];
+    for (const pattern of patterns) {
+        const match = title.match(pattern);
+        if (match) {
+            return match[1].toLowerCase();
+        }
+    }
+    return null;
+}
+/**
+ * Extract technology from finding (checks title and matcher field)
+ */
+function extractTechFromFinding(finding) {
+    // First try title
+    const techFromTitle = extractTechFromTitle(finding.title);
+    if (techFromTitle) {
+        return techFromTitle;
+    }
+    // Check matcher field (e.g., "nginx/1.25.5" or "nextjs:12.1.6")
+    if (finding.matcher) {
+        const matcherPatterns = [
+            /^([a-z0-9.]+)\/(\d+\.\d+)/i, // nginx/1.25.5
+            /^([a-z0-9.]+):(\d+\.\d+)/i, // nextjs:12.1.6
+        ];
+        for (const pattern of matcherPatterns) {
+            const match = finding.matcher.match(pattern);
+            if (match) {
+                const tech = match[1].toLowerCase();
+                // Only return if it's in our default CVE check list
+                if (DEFAULT_CVE_CHECK_TECHNOLOGIES.has(tech) || DEFAULT_CVE_CHECK_TECHNOLOGIES.has(tech.replace('.', ''))) {
+                    return tech.replace('.', ''); // Normalize "next.js" to "nextjs"
+                }
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Extract version from various sources (extracted results, title, description, matcher)
+ */
+function extractVersion(finding) {
+    // First check matcher field (e.g., "nginx/1.25.5" or "nextjs:12.1.6")
+    if (finding.matcher) {
+        const matcherPatterns = [
+            /^[a-z0-9.]+\/(\d+\.\d+\.?\d*)/i, // nginx/1.25.5
+            /^[a-z0-9.]+:(\d+\.\d+\.?\d*)/i, // nextjs:12.1.6
+        ];
+        for (const pattern of matcherPatterns) {
+            const match = finding.matcher.match(pattern);
+            if (match) {
+                return match[1];
+            }
+        }
+    }
+    // Check extracted results
+    if (finding.extracted && finding.extracted.length > 0) {
+        // Look for version-like patterns in extracted results
+        for (const result of finding.extracted) {
+            const versionMatch = result.match(/^(\d+\.\d+\.?\d*)/);
+            if (versionMatch) {
+                return versionMatch[1];
+            }
+        }
+    }
+    // Check title for version
+    const titleMatch = finding.title.match(/(\d+\.\d+\.?\d*)/);
+    if (titleMatch) {
+        return titleMatch[1];
+    }
+    // Check description for version patterns
+    const descMatch = finding.description?.match(/version[:\s]+(\d+\.\d+\.?\d*)/i);
+    if (descMatch) {
+        return descMatch[1];
+    }
+    return null;
+}
+/**
+ * Convert CVSS score to severity
+ */
+function cvssToSeverity(score) {
+    if (!score)
+        return 'info';
+    if (score >= 9.0)
+        return 'critical';
+    if (score >= 7.0)
+        return 'high';
+    if (score >= 4.0)
+        return 'medium';
+    if (score >= 0.1)
+        return 'low';
+    return 'info';
+}
+/**
+ * Technologies to check for CVEs by default
+ * These are common server-side technologies where version-based CVEs are most relevant
+ */
+const DEFAULT_CVE_CHECK_TECHNOLOGIES = new Set([
+    'nginx',
+    'drupal',
+    'php',
+    'nextjs',
+    'next.js',
+    'apache',
+    'wordpress',
+]);
+/**
+ * Generate consolidated CVE findings from detected technology versions
+ * Creates ONE finding per tech+version with a CVE table
+ * @param limitToDefaults - If true, only check CVEs for DEFAULT_CVE_CHECK_TECHNOLOGIES
+ */
+async function generateCveFindingsFromVersions(findings, target, onProgress, limitToDefaults = false) {
+    const generatedFindings = [];
+    const processedTech = new Set();
+    // Find version detection findings
+    for (const finding of findings) {
+        const tech = extractTechFromFinding(finding);
+        if (!tech)
+            continue;
+        // If limiting to defaults, skip technologies not in the list
+        if (limitToDefaults && !DEFAULT_CVE_CHECK_TECHNOLOGIES.has(tech.toLowerCase())) {
+            continue;
+        }
+        const version = extractVersion(finding);
+        if (!version)
+            continue;
+        const techVersionKey = `${tech}:${version}`;
+        // Skip if already processed this tech+version
+        if (processedTech.has(techVersionKey))
+            continue;
+        processedTech.add(techVersionKey);
+        if (onProgress) {
+            onProgress(`Looking up CVEs for ${tech} ${version}...`);
+        }
+        // Query NVD for CVEs
+        const cves = await getCvesForTechnology(tech, version, 10);
+        if (cves.length === 0)
+            continue;
+        // Build CVE table entries
+        const cveTable = cves.map(cve => ({
+            cve: cve.id,
+            cvss: cve.cvssScore?.toFixed(1),
+            severity: cvssToSeverity(cve.cvssScore),
+            summary: truncateText(cve.description, 200),
+            references: cve.references,
+        }));
+        // Determine highest severity
+        const highestSeverity = getHighestSeverity(cveTable.map(c => c.severity));
+        // Capitalize tech name
+        const techName = tech.charAt(0).toUpperCase() + tech.slice(1);
+        // Create ONE consolidated finding for this tech+version
+        generatedFindings.push({
+            id: '', // Will be renumbered
+            title: `Vulnerabilities found for ${techName} ${version}`,
+            description: `${cves.length} known vulnerabilities affecting ${techName} version ${version}.`,
+            severity: highestSeverity,
+            target: finding.target || target,
+            source: 'nvd',
+            tags: ['cve', tech.toLowerCase(), 'nvd-enriched'],
+            cveTable,
+        });
+    }
+    return generatedFindings;
+}
+/**
+ * Truncate text to max length
+ */
+function truncateText(text, maxLength) {
+    if (text.length <= maxLength)
+        return text;
+    return text.substring(0, maxLength).trim() + '...';
+}
+/**
+ * Get highest severity from array
+ */
+function getHighestSeverity(severities) {
+    const order = ['critical', 'high', 'medium', 'low', 'info'];
+    for (const sev of order) {
+        if (severities.includes(sev))
+            return sev;
+    }
+    return 'info';
+}
+/**
+ * Lookup CVEs for detected technologies (default behavior)
+ * Only checks nginx, drupal, php, nextjs etc.
+ */
+export async function lookupDefaultCves(findings, target, onProgress) {
+    if (onProgress) {
+        onProgress('Looking up CVEs for detected technologies...');
+    }
+    const cveFindings = await generateCveFindingsFromVersions(findings, target, onProgress, true // limitToDefaults
+    );
+    if (cveFindings.length > 0 && onProgress) {
+        onProgress(`Found ${cveFindings.length} CVEs for detected technologies`);
+    }
+    return [...findings, ...cveFindings];
+}
+/**
+ * Full NVD enrichment (--enrich flag)
+ * - Enriches existing CVE findings with full descriptions
+ * - Looks up CVEs for ALL detected technology versions
+ */
+export async function enrichFindings(findings, target, options = {}) {
+    if (!options.enableNvd) {
+        return findings;
+    }
+    let enriched = [];
+    // Step 1: Enrich existing CVE findings with NVD descriptions
+    const cveFindings = findings.filter(f => f.cve);
+    if (cveFindings.length > 0 && options.onProgress) {
+        options.onProgress(`Enriching ${cveFindings.length} existing CVE findings...`);
+    }
+    for (const finding of findings) {
+        if (finding.cve) {
+            try {
+                const nvdData = await enrichWithNvd(finding.cve);
+                if (nvdData) {
+                    enriched.push({
+                        ...finding,
+                        // Use NVD description if we don't have one or it's generic
+                        description: finding.description && finding.description.length > 50
+                            ? finding.description
+                            : nvdData.description,
+                        // Add CVSS if not present
+                        cvss: finding.cvss || nvdData.cvssVector,
+                        // Add CWE if not present
+                        cwe: finding.cwe || nvdData.cweId,
+                        // Merge references
+                        references: [...new Set([...(finding.references || []), ...nvdData.references])],
+                    });
+                    continue;
+                }
+            }
+            catch (error) {
+                // Continue without enrichment on error
+            }
+        }
+        enriched.push(finding);
+    }
+    // Step 2: Generate new findings from version detections
+    if (options.onProgress) {
+        options.onProgress(`Looking for version detections to query NVD...`);
+    }
+    const versionCveFindings = await generateCveFindingsFromVersions(findings, target, options.onProgress);
+    if (versionCveFindings.length > 0 && options.onProgress) {
+        options.onProgress(`Generated ${versionCveFindings.length} CVE findings from version detections`);
+    }
+    enriched = enriched.concat(versionCveFindings);
+    // Step 3: Generate findings from manually specified technologies
+    if (options.manualTech && options.manualTech.length > 0) {
+        if (options.onProgress) {
+            options.onProgress(`Looking up CVEs for ${options.manualTech.length} manually specified technologies...`);
+        }
+        for (const { tech, version } of options.manualTech) {
+            const cves = await getCvesForTechnology(tech, version, 10);
+            for (const cve of cves) {
+                enriched.push({
+                    id: '',
+                    title: `${cve.id}: ${tech.charAt(0).toUpperCase() + tech.slice(1)} ${version}`,
+                    description: cve.description,
+                    severity: cvssToSeverity(cve.cvssScore),
+                    target,
+                    source: 'nvd',
+                    cve: cve.id,
+                    cwe: cve.cweId,
+                    cvss: cve.cvssVector,
+                    references: cve.references,
+                    tags: ['cve', tech, 'nvd-enriched', 'manual-tech'],
+                });
+            }
+        }
+    }
+    return enriched;
+}
+/**
+ * Aggregate all findings into a report
+ */
+export async function aggregateFindings(target, profile, startTime, endTime, allFindings, technologies, options = {}) {
+    // Deduplicate
+    const unique = deduplicateFindings(allFindings);
+    let findings = unique;
+    // Default: lookup CVEs for detected nginx, drupal, php, nextjs
+    // Skip if --no-cve or if --enrich (full enrichment handles it)
+    if (!options.disableCve && !options.enableNvd) {
+        findings = await lookupDefaultCves(findings, target, options.onProgress);
+    }
+    // Full NVD enrichment if --enrich flag (includes ALL technologies)
+    if (options.enableNvd && !options.disableCve) {
+        findings = await enrichFindings(findings, target, options);
+    }
+    // Consolidate same vulnerabilities across multiple URLs
+    findings = consolidateFindings(findings);
+    // Sort and renumber (after enrichment so new CVEs are sorted correctly)
+    findings = sortBySeverity(findings);
+    findings = renumberFindings(findings);
+    // Calculate test coverage
+    let coverage = calculateCoverage(findings);
+    coverage = markTestedCategories(coverage, profile, []);
+    const coverageItems = getCoverageForReport(coverage);
+    const passedChecks = getPassedChecksForReport(coverage);
+    return {
+        target,
+        scanDate: startTime.toISOString(),
+        duration: formatDuration(endTime.getTime() - startTime.getTime()),
+        profile,
+        summary: countSeverities(findings),
+        totalFindings: findings.length,
+        technologies,
+        findings,
+        coverage: coverageItems,
+        passedChecks,
+    };
+}
+//# sourceMappingURL=aggregator.js.map

package/dist/aggregator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"aggregator.js","sourceRoot":"","sources":["../src/aggregator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAc,MAAM,oBAAoB,CAAC;AACrF,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAC;AAExH;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmB;IACjD,MAAM,MAAM,GAAmB;QAC7B,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC7B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,QAAmB;IAChD,MAAM,KAAK,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnE,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAmB;IAClD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7B,GAAG,CAAC;QACJ,EAAE,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC;KACnC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAmB;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAc,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,wBAAwB;IACxB,6BAA6B;IAC7B,kCAAkC;IAClC,4BAA4B;IAC5B,4BAA4B;CAC7B,CAAC;AAEF;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAgB;IAC3C,OAAO,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AAClF,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,OAAgB;IACpC,OAAO,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,QAAmB;IACjD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAE7D,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC,CAAC,yBAAyB;IAC5C,CAAC;IAED,gGAAgG;IAChG,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACjC,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC3C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,0CAA0C;IAC1C,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CACpD,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAClE,CAAC,QAAQ,CAAC;IAEX,MAAM,YAAY,GAAY;QAC5B,EAAE,EAAE,EAAE;QACN,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,8GAA8G;YACzH,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,iHAAiH;QACnH,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM;QAC7B,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM;QAC7B,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,2BAA2B,EAAE,KAAK,CAAC;QAC3D,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;QAC1B,UAAU,EAAE;YACV,sCAAsC;YACtC,uDAAuD;SACxD;KACF,CAAC;IAEF,OAAO,CAAC,GAAG,aAAa,EAAE,YAAY,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,6BAA6B,CAAC,QAAmB;IACxD,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;IAEpE,IAAI,eAAe,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO,QAAQ,CAAC,CAAC,yBAAyB;IAC5C,CAAC;IAED,yCAAyC;IACzC,MAAM,QAAQ,GAAG,eAAe;SAC7B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;SACvC,MAAM,CAAC,OAAO,CAAa,CAAC;IAE/B,MAAM,YAAY,GAAY;QAC5B,EAAE,EAAE,EAAE;QACN,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,2EAA2E;YACtF,yGAAyG;QAC3G,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,MAAM;QACjC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,MAAM;QACjC,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,oBAAoB,EAAE,iBAAiB,EAAE,SAAS,CAAC;QAC1D,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QAC5B,YAAY,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;QAChD,UAAU,EAAE,CAAC,uJAAuJ,CAAC;KACtK,CAAC;IAEF,OAAO,CAAC,GAAG,aAAa,EAAE,YAAY,CAAC,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAmB;IACrD,uCAAuC;IACvC,QAAQ,GAAG,6BAA6B,CAAC,QAAQ,CAAC,CAAC;IACnD,QAAQ,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAC5C,oEAAoE;IACpE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE5C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,+CAA+C;QAC/C,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QAEzE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,0CAA0C;IAC1C,MAAM,YAAY,GAAc,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,0CAA0C;YAC1C,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,kCAAkC;YAClC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACzC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;YAE3D,qEAAqE;YACrE,MAAM,eAAe,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;YACnD,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC;gBACjD,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,WAAW,eAAe,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC;gBAChF,CAAC,CAAC,eAAe,CAAC;YAEpB,YAAY,CAAC,IAAI,CAAC;gBAChB,GAAG,KAAK;gBACR,gCAAgC;gBAChC,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,yBAAyB;gBACzB,YAAY,EAAE,OAAO;gBACrB,kDAAkD;gBAClD,SAAS,EAAE,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;gBACrE,mCAAmC;gBACnC,IAAI,EAAE,KAAK,CAAC,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAA4B;IAC5D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE9C,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI;QACJ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE;KACvC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,OAAO,GAAG,EAAE,CAAC;IAEtC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAChB,OAAO,GAAG,OAAO,KAAK,gBAAgB,GAAG,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,OAAO,GAAG,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,KAAa;IACzC,oFAAoF;IACpF,MAAM,QAAQ,GAAG;QACf,oFAAoF;QACpF,iDAAiD;QACjD,yCAAyC;KAC1C,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAChC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAgB;IAC9C,kBAAkB;IAClB,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1D,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,gEAAgE;IAChE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,eAAe,GAAG;YACtB,4BAA4B,EAAG,eAAe;YAC9C,2BAA2B,EAAI,gBAAgB;SAChD,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpC,oDAAoD;gBACpD,IAAI,8BAA8B,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,8BAA8B,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC1G,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,kCAAkC;gBAClE,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAgB;IACtC,sEAAsE;IACtE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,eAAe,GAAG;YACtB,gCAAgC,EAAG,eAAe;YAClD,+BAA+B,EAAI,gBAAgB;SACpD,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,sDAAsD;QACtD,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACvC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACvD,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,YAAY,CAAC,CAAC,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC3D,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,yCAAyC;IACzC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAC/E,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAyB;IAC/C,IAAI,CAAC,KAAK;QAAE,OAAO,MAAM,CAAC;IAC1B,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IAC/B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,8BAA8B,GAAG,IAAI,GAAG,CAAC;IAC7C,OAAO;IACP,QAAQ;IACR,KAAK;IACL,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,WAAW;CACZ,CAAC,CAAC;AAEH;;;;GAIG;AACH,KAAK,UAAU,+BAA+B,CAC5C,QAAmB,EACnB,MAAc,EACd,UAAkC,EAClC,kBAA2B,KAAK;IAEhC,MAAM,iBAAiB,GAAc,EAAE,CAAC;IACxC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,kCAAkC;IAClC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,6DAA6D;QAC7D,IAAI,eAAe,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/E,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,cAAc,GAAG,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;QAE5C,8CAA8C;QAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC;YAAE,SAAS;QAChD,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElC,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC,uBAAuB,IAAI,IAAI,OAAO,KAAK,CAAC,CAAC;QAC1D,CAAC;QAED,qBAAqB;QACrB,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAE3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEhC,0BAA0B;QAC1B,MAAM,QAAQ,GAAoB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,GAAG,EAAE,GAAG,CAAC,EAAE;YACX,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/B,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC;YACvC,OAAO,EAAE,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC;YAC3C,UAAU,EAAE,GAAG,CAAC,UAAU;SAC3B,CAAC,CAAC,CAAC;QAEJ,6BAA6B;QAC7B,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE1E,uBAAuB;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE9D,wDAAwD;QACxD,iBAAiB,CAAC,IAAI,CAAC;YACrB,EAAE,EAAE,EAAE,EAAE,qBAAqB;YAC7B,KAAK,EAAE,6BAA6B,QAAQ,IAAI,OAAO,EAAE;YACzD,WAAW,EAAE,GAAG,IAAI,CAAC,MAAM,oCAAoC,QAAQ,YAAY,OAAO,GAAG;YAC7F,QAAQ,EAAE,eAAe;YACzB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,MAAM;YAChC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,EAAE,cAAc,CAAC;YACjD,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;IAED,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAAY,EAAE,SAAiB;IACnD,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,UAAsB;IAChD,MAAM,KAAK,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACxE,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAmB,EACnB,MAAc,EACd,UAAkC;IAElC,IAAI,UAAU,EAAE,CAAC;QACf,UAAU,CAAC,8CAA8C,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,+BAA+B,CACvD,QAAQ,EACR,MAAM,EACN,UAAU,EACV,IAAI,CAAC,kBAAkB;KACxB,CAAC;IAEF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,EAAE,CAAC;QACzC,UAAU,CAAC,SAAS,WAAW,CAAC,MAAM,iCAAiC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,EAAE,GAAG,WAAW,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAmB,EACnB,MAAc,EACd,UAII,EAAE;IAEN,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,QAAQ,GAAc,EAAE,CAAC;IAE7B,6DAA6D;IAC7D,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEhD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACjD,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,CAAC,MAAM,2BAA2B,CAAC,CAAC;IACjF,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAEjD,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG,OAAO;wBACV,2DAA2D;wBAC3D,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE;4BACjE,CAAC,CAAC,OAAO,CAAC,WAAW;4BACrB,CAAC,CAAC,OAAO,CAAC,WAAW;wBACvB,0BAA0B;wBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU;wBACxC,yBAAyB;wBACzB,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,KAAK;wBACjC,mBAAmB;wBACnB,UAAU,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;qBACjF,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,uCAAuC;YACzC,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,wDAAwD;IACxD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,gDAAgD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,+BAA+B,CAC9D,QAAQ,EACR,MAAM,EACN,OAAO,CAAC,UAAU,CACnB,CAAC;IAEF,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACxD,OAAO,CAAC,UAAU,CAAC,aAAa,kBAAkB,CAAC,MAAM,uCAAuC,CAAC,CAAC;IACpG,CAAC;IAED,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE/C,iEAAiE;IACjE,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,CAAC,UAAU,CAAC,uBAAuB,OAAO,CAAC,UAAU,CAAC,MAAM,qCAAqC,CAAC,CAAC;QAC5G,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACnD,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YAE3D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,EAAE;oBACN,KAAK,EAAE,GAAG,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE;oBAC9E,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,QAAQ,EAAE,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC;oBACvC,MAAM;oBACN,MAAM,EAAE,KAAK;oBACb,GAAG,EAAE,GAAG,CAAC,EAAE;oBACX,GAAG,EAAE,GAAG,CAAC,KAAK;oBACd,IAAI,EAAE,GAAG,CAAC,UAAU;oBACpB,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,aAAa,CAAC;iBACnD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,OAAoB,EACpB,SAAe,EACf,OAAa,EACb,WAAsB,EACtB,YAA6B,EAC7B,UAKI,EAAE;IAEN,cAAc;IACd,MAAM,MAAM,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAEhD,IAAI,QAAQ,GAAG,MAAM,CAAC;IAEtB,+DAA+D;IAC/D,+DAA+D;IAC/D,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAC9C,QAAQ,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3E,CAAC;IAED,mEAAmE;IACnE,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QAC7C,QAAQ,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,wDAAwD;IACxD,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAEzC,wEAAwE;IACxE,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IACpC,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAEtC,0BAA0B;IAC1B,IAAI,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC3C,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACvD,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,wBAAwB,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO;QACL,MAAM;QACN,QAAQ,EAAE,SAAS,CAAC,WAAW,EAAE;QACjC,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC;QACjE,OAAO;QACP,OAAO,EAAE,eAAe,CAAC,QAAQ,CAAC;QAClC,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,YAAY;QACZ,QAAQ;QACR,QAAQ,EAAE,aAAa;QACvB,YAAY;KACb,CAAC;AACJ,CAAC"}

package/dist/categories.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * Test Categories Configuration
+ * Maps scanner tags to human-readable test categories
+ * Used to track test coverage and show "Nothing found" results
+ *
+ * Supports both ZAP (primary) and Nuclei (supplementary)
+ */
+import { ToolSource } from './types.js';
+export interface TestCategory {
+    id: string;
+    name: string;
+    description: string;
+    tags: string[];
+    templatePatterns?: string[];
+    sources?: ToolSource[];
+    zapPluginIds?: string[];
+}
+/**
+ * Define all test categories
+ * Order matters - this is how they'll appear in the report
+ *
+ * ZAP Plugin IDs reference:
+ * - 10003: Vulnerable JS Library (Retire.js)
+ * - 10038: CSP Header Not Set
+ * - 10020: Missing X-Frame-Options
+ * - 10035: Strict-Transport-Security Not Set
+ * - 10021: X-Content-Type-Options Missing
+ * - 10098: Cross-Domain Misconfiguration (CORS)
+ * - 10202: Absence of Anti-CSRF Tokens
+ * - 90003: Sub Resource Integrity Missing
+ * - 10037: X-Powered-By Information Leak
+ * - 10036: Server Version Leak
+ * - 10027: Information Disclosure - Suspicious Comments
+ * - 10031: User Controllable HTML Attribute (XSS hint)
+ * - 10017: Cross-Domain JavaScript Source
+ */
+export declare const TEST_CATEGORIES: TestCategory[];
+/**
+ * Category result for reporting
+ */
+export interface CategoryResult {
+    category: TestCategory;
+    tested: boolean;
+    findingCount: number;
+    findings: string[];
+}
+/**
+ * Match a finding to categories based on tags and template ID
+ */
+export declare function matchCategories(templateId: string, tags?: string[]): string[];
+/**
+ * Get category by ID
+ */
+export declare function getCategoryById(id: string): TestCategory | undefined;
+/**
+ * Get all category IDs
+ */
+export declare function getAllCategoryIds(): string[];
+//# sourceMappingURL=categories.d.ts.map

package/dist/categories.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"categories.d.ts","sourceRoot":"","sources":["../src/categories.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,eAAe,EAAE,YAAY,EA4OzC,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,YAAY,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,MAAM,EAAO,GAClB,MAAM,EAAE,CA6BV;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAEpE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAE5C"}