@voidagency/web-scanner 0.0.1

package/dist/runners/testssl.js

@@ -0,0 +1,179 @@
+/**
+ * testssl.sh Runner
+ * Execute SSL/TLS analysis and parse JSON output
+ */
+import { execa } from 'execa';
+import { readFile, unlink } from 'fs/promises';
+import { join } from 'path';
+import { tmpdir } from 'os';
+// Scan options for each profile
+const PROFILE_OPTIONS = {
+    quick: ['--protocols', '--vulnerable'],
+    standard: ['--protocols', '--vulnerable', '--cipher-per-proto'],
+    deep: [], // Full scan (no options = everything)
+};
+/**
+ * Map testssl severity to normalized severity
+ */
+function mapSeverity(severity) {
+    const s = severity.toUpperCase();
+    if (s === 'CRITICAL')
+        return 'critical';
+    if (s === 'HIGH')
+        return 'high';
+    if (s === 'MEDIUM')
+        return 'medium';
+    if (s === 'LOW' || s === 'WARN')
+        return 'low';
+    return 'info';
+}
+/**
+ * IDs that indicate "not vulnerable" results - these have CVEs but are negative findings
+ */
+const VULNERABILITY_TEST_IDS = [
+    'heartbleed', 'CCS', 'ticketbleed', 'ROBOT', 'secure_client_renego',
+    'CRIME_TLS', 'BREACH', 'POODLE_SSL', 'SWEET32', 'FREAK', 'DROWN',
+    'DROWN_hint', 'LOGJAM', 'LOGJAM-common_primes', 'BEAST', 'winshock', 'RC4',
+    'secure_renego', 'fallback_SCSV',
+];
+/**
+ * IDs that are scanner errors, not target vulnerabilities
+ * These indicate issues with the local scanning environment
+ */
+const SCANNER_ERROR_IDS = new Set([
+    'engine_problem', // OpenSSL engine not available on scanner machine
+    'scanProblem', // Generic scan issues
+    'pre_128cipher', // Old cipher check issues
+]);
+/**
+ * Vulnerability IDs to skip (too theoretical for web app pentests)
+ */
+const SKIP_VULN_IDS = new Set([
+    'BREACH', // Requires MITM + content injection, every site uses gzip
+]);
+/**
+ * Parse testssl JSON output into findings
+ * Only include actual vulnerabilities, not "passed" tests
+ */
+function parseTestsslOutput(data, startIndex) {
+    const findings = [];
+    for (const item of data) {
+        const severity = item.severity.toUpperCase();
+        // Skip OK/INFO items - these are "not vulnerable" or informational
+        // Even if they have CVEs, INFO means the test PASSED (not vulnerable)
+        if (['OK', 'INFO'].includes(severity)) {
+            continue;
+        }
+        // Skip LOW severity - cipher details, session tickets, etc.
+        // These are too granular for web app pentests and require MITM to exploit
+        if (['LOW', 'WARN'].includes(severity)) {
+            continue;
+        }
+        // Skip items without meaningful findings
+        if (!item.finding || item.finding === '--') {
+            continue;
+        }
+        // Skip scanner errors (local machine issues, not target vulnerabilities)
+        if (SCANNER_ERROR_IDS.has(item.id)) {
+            continue;
+        }
+        // Skip theoretical vulns not useful for web app pentests
+        if (SKIP_VULN_IDS.has(item.id)) {
+            continue;
+        }
+        // Skip findings that are scanner issues, not target vulnerabilities
+        if (item.finding.includes('No engine or GOST support')) {
+            continue;
+        }
+        // Skip certain verbose informational entries
+        if (item.id.startsWith('cert_') && severity === 'LOW') {
+            // Certificate info entries that aren't critical
+            continue;
+        }
+        findings.push({
+            id: String(startIndex + findings.length + 1).padStart(3, '0'),
+            title: formatTestsslTitle(item.id),
+            description: item.finding,
+            severity: mapSeverity(severity),
+            source: 'testssl',
+            target: `${item.ip}:${item.port}`,
+            cve: item.cve,
+            cwe: item.cwe,
+            tags: ['ssl', 'tls'],
+        });
+    }
+    return findings;
+}
+/**
+ * Format testssl ID into readable title
+ */
+function formatTestsslTitle(id) {
+    // Convert snake_case to Title Case
+    return id
+        .replaceAll('_', ' ')
+        .replaceAll(/\b\w/g, c => c.toUpperCase())
+        .replaceAll('Ssl', 'SSL')
+        .replaceAll('Tls', 'TLS')
+        .replaceAll('Hsts', 'HSTS')
+        .replaceAll('Csp', 'CSP');
+}
+/**
+ * Run testssl.sh scan on target
+ */
+export async function runTestssl(target, profile = 'standard', options = {}) {
+    // Create temp file for JSON output
+    const tempFile = join(tmpdir(), `testssl-${Date.now()}.json`);
+    // Extract host from URL if needed
+    let host;
+    try {
+        const url = new URL(target);
+        host = url.hostname;
+        // Add port if not default HTTPS
+        if (url.port && url.port !== '443') {
+            host = `${host}:${url.port}`;
+        }
+    }
+    catch {
+        host = target;
+    }
+    // Build command arguments
+    const profileOptions = PROFILE_OPTIONS[profile];
+    const args = [
+        '--jsonfile', tempFile,
+        '--quiet',
+        ...profileOptions,
+        host,
+    ];
+    try {
+        await execa('testssl.sh', args, {
+            reject: false, // Don't throw on non-zero exit
+            timeout: profile === 'deep' ? 600000 : 300000, // 10min for deep, 5min otherwise
+        });
+        // Read and parse JSON output
+        const jsonContent = await readFile(tempFile, 'utf-8');
+        const data = JSON.parse(jsonContent);
+        // Parse into findings
+        const findings = parseTestsslOutput(data, options.startIndex || 0);
+        // Clean up temp file
+        await unlink(tempFile).catch(() => { });
+        return findings;
+    }
+    catch (error) {
+        // Clean up temp file on error
+        await unlink(tempFile).catch(() => { });
+        throw new Error(`testssl scan failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * Check if testssl.sh is installed
+ */
+export async function isTestsslInstalled() {
+    try {
+        await execa('testssl.sh', ['--version']);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=testssl.js.map

package/dist/runners/testssl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"testssl.js","sourceRoot":"","sources":["../../src/runners/testssl.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAG5B,gCAAgC;AAChC,MAAM,eAAe,GAAkC;IACrD,KAAK,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;IACtC,QAAQ,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,oBAAoB,CAAC;IAC/D,IAAI,EAAE,EAAE,EAAG,sCAAsC;CAClD,CAAC;AAEF;;GAEG;AACH,SAAS,WAAW,CAAC,QAAgB;IACnC,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACpC,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAC9C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,sBAAsB;IACnE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO;IAChE,YAAY,EAAE,QAAQ,EAAE,sBAAsB,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK;IAC1E,eAAe,EAAE,eAAe;CACjC,CAAC;AAEF;;;GAGG;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,gBAAgB,EAAG,kDAAkD;IACrE,aAAa,EAAM,sBAAsB;IACzC,eAAe,EAAI,0BAA0B;CAC9C,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,QAAQ,EAAG,0DAA0D;CACtE,CAAC,CAAC;AAEH;;;GAGG;AACH,SAAS,kBAAkB,CAAC,IAAqB,EAAE,UAAkB;IACnE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE7C,mEAAmE;QACnE,sEAAsE;QACtE,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,SAAS;QACX,CAAC;QAED,4DAA4D;QAC5D,0EAA0E;QAC1E,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,SAAS;QACX,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC3C,SAAS;QACX,CAAC;QAED,yEAAyE;QACzE,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QAED,yDAAyD;QACzD,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC/B,SAAS;QACX,CAAC;QAED,oEAAoE;QACpE,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;YACvD,SAAS;QACX,CAAC;QAED,6CAA6C;QAC7C,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;YACtD,gDAAgD;YAChD,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,MAAM,CAAC,UAAU,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC;YAC7D,KAAK,EAAE,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,WAAW,EAAE,IAAI,CAAC,OAAO;YACzB,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC;YAC/B,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,IAAI,EAAE;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,EAAU;IACpC,mCAAmC;IACnC,OAAO,EAAE;SACN,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC;SACpB,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;SACzC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC;SACxB,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC;SACxB,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC;SAC1B,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAc,EACd,UAAuB,UAAU,EACjC,UAAmC,EAAE;IAErC,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAE9D,kCAAkC;IAClC,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;QACpB,gCAAgC;QAChC,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACnC,IAAI,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,GAAG,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAChD,MAAM,IAAI,GAAa;QACrB,YAAY,EAAE,QAAQ;QACtB,SAAS;QACT,GAAG,cAAc;QACjB,IAAI;KACL,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,YAAY,EAAE,IAAI,EAAE;YAC9B,MAAM,EAAE,KAAK,EAAG,+BAA+B;YAC/C,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAG,iCAAiC;SAClF,CAAC,CAAC;QAEH,6BAA6B;QAC7B,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,IAAI,GAAoB,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAEtD,sBAAsB;QACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;QAEnE,qBAAqB;QACrB,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEvC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,8BAA8B;QAC9B,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,wBAAwB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IACtG,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/runners/zap.d.ts

@@ -0,0 +1,30 @@
+/**
+ * ZAP Runner - OWASP ZAP baseline scanner via Docker
+ * Primary scanner for:
+ * - JS Library CVEs (Retire.js)
+ * - Security Headers
+ * - CORS Misconfigurations
+ * - CSRF Detection
+ * - XSS Detection hints
+ */
+import { Finding, TechDetection } from '../types.js';
+/**
+ * Run ZAP baseline scan via Docker
+ */
+export declare function runZap(target: string, options?: {
+    outputDir?: string;
+    timeout?: number;
+    onProgress?: (msg: string) => void;
+}): Promise<{
+    findings: Finding[];
+    technologies: TechDetection[];
+}>;
+/**
+ * Check if Docker and ZAP image are available
+ */
+export declare function checkZapAvailable(): Promise<boolean>;
+/**
+ * Pull ZAP Docker image if not present
+ */
+export declare function pullZapImage(onProgress?: (msg: string) => void): Promise<void>;
+//# sourceMappingURL=zap.d.ts.map

package/dist/runners/zap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zap.d.ts","sourceRoot":"","sources":["../../src/runners/zap.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,EAAE,OAAO,EAAY,aAAa,EAAE,MAAM,aAAa,CAAC;AA0U/D;;GAEG;AACH,wBAAsB,MAAM,CAC1B,MAAM,EAAE,MAAM,EACd,OAAO,GAAE;IACP,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,GACL,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAAC,YAAY,EAAE,aAAa,EAAE,CAAA;CAAE,CAAC,CA6FjE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAQ1D;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBpF"}

package/dist/runners/zap.js

@@ -0,0 +1,389 @@
+/**
+ * ZAP Runner - OWASP ZAP baseline scanner via Docker
+ * Primary scanner for:
+ * - JS Library CVEs (Retire.js)
+ * - Security Headers
+ * - CORS Misconfigurations
+ * - CSRF Detection
+ * - XSS Detection hints
+ */
+import { execa } from 'execa';
+import { readFile, unlink } from 'fs/promises';
+import { existsSync } from 'fs';
+import path from 'path';
+/**
+ * ZAP plugin IDs to skip (noisy/not useful)
+ * List from https://www.zaproxy.org/docs/alerts/
+ *
+ * 10109 - Modern Web Application (just tells you it's a SPA, not a vulnerability)
+ * 10015 - Re-examine Cache-control Directives (usually false positive)
+ * 10049 - Non-Storable Content (informational, not actionable)
+ * 10050 - Retrieved from Cache (informational)
+ * 10054 - Cookie Without SameSite (often intentional)
+ * 10044 - Big Redirect Detected (normal for frameworks, not a real vuln)
+ * 10027 - Suspicious Comments (flags "username", "query" in JS - too noisy)
+ * 10112 - Session Management Response Identified (just says "found session token")
+ * 10017 - Cross-Domain JS (redundant with SRI Missing - same fix)
+ */
+const SKIP_PLUGIN_IDS = new Set([
+    '10109', // Modern Web Application
+    '10015', // Re-examine Cache-control Directives  
+    '10049', // Non-Storable Content
+    '10050', // Retrieved from Cache
+    '10044', // Big Redirect Detected
+    '10027', // Suspicious Comments
+    '10112', // Session Management Response Identified
+    '10017', // Cross-Domain JS (merged into SRI Missing)
+    '10096', // Timestamp Disclosure - Unix (build IDs, cache busters - not sensitive)
+]);
+/**
+ * Alert names to skip (when plugin ID can't be used - e.g., shared IDs)
+ * All CSP alerts share plugin ID 10055, so filter by name
+ */
+const SKIP_ALERT_NAMES = new Set([
+    'CSP: Notices', // Informational only
+    'CSP: X-Content-Security-Policy', // Deprecated header notice
+    'CSP: X-WebKit-CSP', // Deprecated header notice  
+    'CSP: Header & Meta', // Just says you have both - not a vuln
+]);
+/**
+ * Rename certain findings to be clearer/combined
+ */
+const RENAME_FINDINGS = {
+    '90003': 'External JavaScript Without Integrity Verification',
+};
+/**
+ * Check if a CSRF finding should be filtered (Drupal uses its own form tokens)
+ */
+function isDrupalCsrfFalsePositive(alert) {
+    if (alert.pluginid !== '10202')
+        return false; // Not CSRF alert
+    // Check if the form is a Drupal form (has drupal-selector or form_build_id)
+    const evidence = alert.instances[0]?.evidence || '';
+    return evidence.includes('data-drupal-selector') ||
+        evidence.includes('form_build_id') ||
+        evidence.includes('drupal');
+}
+/**
+ * Map ZAP risk code to our severity
+ */
+function mapZapSeverity(riskcode) {
+    switch (riskcode) {
+        case '3': return 'high'; // ZAP doesn't have critical
+        case '2': return 'medium';
+        case '1': return 'low';
+        case '0': return 'info';
+        default: return 'info';
+    }
+}
+/**
+ * Extract CVEs from ZAP otherinfo field
+ * ZAP puts CVEs in the otherinfo for vulnerable JS libraries
+ */
+function extractCves(otherinfo) {
+    const cvePattern = /CVE-\d{4}-\d+/g;
+    const matches = otherinfo.match(cvePattern);
+    return matches ? [...new Set(matches)] : [];
+}
+/**
+ * Extract technology/library info from ZAP findings
+ */
+function extractTechFromZap(alerts) {
+    const techMap = new Map();
+    for (const alert of alerts) {
+        // Vulnerable JS Library findings contain library info
+        if (alert.pluginid === '10003') {
+            for (const instance of alert.instances) {
+                const host = new URL(instance.uri).hostname;
+                // Extract library name and version from evidence
+                const libMatch = alert.otherinfo.match(/library ([a-z-]+), version ([0-9.]+)/i);
+                if (libMatch) {
+                    const tech = `${libMatch[1]}:${libMatch[2]}`;
+                    if (!techMap.has(host)) {
+                        techMap.set(host, new Set());
+                    }
+                    techMap.get(host).add(tech);
+                }
+            }
+        }
+        // Server version from headers
+        if (alert.pluginid === '10036' || alert.pluginid === '10037') {
+            for (const instance of alert.instances) {
+                const host = new URL(instance.uri).hostname;
+                if (instance.evidence) {
+                    if (!techMap.has(host)) {
+                        techMap.set(host, new Set());
+                    }
+                    techMap.get(host).add(instance.evidence);
+                }
+            }
+        }
+    }
+    return Array.from(techMap.entries()).map(([host, techs]) => ({
+        host,
+        technologies: Array.from(techs),
+    }));
+}
+/**
+ * Parse ZAP alert to Finding
+ */
+function parseZapAlert(alert, index) {
+    const findings = [];
+    const severity = mapZapSeverity(alert.riskcode);
+    const cves = extractCves(alert.otherinfo);
+    // Clean HTML from descriptions
+    const cleanHtml = (html) => html
+        .replace(/<\/?p>/g, '\n')
+        .replace(/<[^>]+>/g, '')
+        .replace(/&quot;/g, '"')
+        .replace(/&amp;/g, '&')
+        .replace(/&lt;/g, '<')
+        .replace(/&gt;/g, '>')
+        .replace(/\n{3,}/g, '\n\n')
+        .trim();
+    // For JS library vulnerabilities, create one finding per CVE
+    if (alert.pluginid === '10003' && cves.length > 0) {
+        // Group by library
+        const libMatch = alert.otherinfo.match(/library ([a-z-]+), version ([0-9.]+)/i);
+        const libName = libMatch ? `${libMatch[1]} ${libMatch[2]}` : alert.name;
+        findings.push({
+            id: '', // Will be renumbered
+            title: `Vulnerable JS Library: ${libName}`,
+            description: cleanHtml(alert.desc),
+            severity: severity,
+            source: 'zap',
+            target: alert.instances[0]?.uri || '',
+            cve: cves.join(', '),
+            cwe: alert.cweid !== '-1' ? `CWE-${alert.cweid}` : undefined,
+            tags: ['js-library', 'cve', 'outdated-component'],
+            extracted: cves,
+            references: alert.reference ? [cleanHtml(alert.reference)] : [],
+            matcher: libName,
+        });
+    }
+    else {
+        // Standard finding - check for renamed titles
+        const title = RENAME_FINDINGS[alert.pluginid] || alert.name;
+        findings.push({
+            id: '',
+            title,
+            description: cleanHtml(alert.desc),
+            severity: severity,
+            source: 'zap',
+            target: alert.instances[0]?.uri || '',
+            cwe: alert.cweid !== '-1' ? `CWE-${alert.cweid}` : undefined,
+            tags: getZapTags(alert.pluginid, alert.name),
+            references: alert.reference ? [cleanHtml(alert.reference)] : [],
+            matcher: alert.instances[0]?.evidence || undefined,
+            request: alert.instances.length > 0 ?
+                `${alert.instances[0].method} ${alert.instances[0].uri}` : undefined,
+        });
+    }
+    return findings;
+}
+/**
+ * Map ZAP plugin IDs to tags for categorization
+ * Reference: https://www.zaproxy.org/docs/alerts/
+ */
+function getZapTags(pluginid, name) {
+    const tags = ['zap'];
+    const tagMap = {
+        // Vulnerability Detection
+        '10003': ['js-library', 'cve', 'outdated-component'], // Vulnerable JS Library
+        '10202': ['csrf', 'security-misconfiguration'], // Absence of Anti-CSRF Tokens
+        '10031': ['xss', 'user-input'], // User Controllable HTML Attr (Potential XSS)
+        '10043': ['xss', 'user-input'], // User Controllable JS Event (XSS)
+        '40012': ['xss', 'reflected'], // Cross Site Scripting (Reflected)
+        '40014': ['xss', 'persistent'], // Cross Site Scripting (Persistent)
+        '40016': ['xss', 'dom'], // Cross Site Scripting (DOM Based)
+        '40018': ['sqli'], // SQL Injection
+        '6': ['lfi', 'path-traversal'], // Path Traversal
+        '7': ['rfi', 'file-inclusion'], // Remote File Inclusion
+        '90019': ['ssti', 'injection'], // Server Side Template Injection
+        '90020': ['ssrf'], // Server Side Request Forgery
+        '90021': ['xxe', 'injection'], // XML External Entity Attack
+        '90023': ['command-injection', 'rce'], // OS Command Injection
+        '20019': ['redirect', 'open-redirect'], // External Redirect
+        // Security Headers
+        '10038': ['csp', 'header', 'security-misconfiguration'], // CSP Header Not Set
+        '10020': ['clickjacking', 'header', 'security-misconfiguration'], // Anti-clickjacking Header
+        '10035': ['hsts', 'header', 'security-misconfiguration'], // Strict-Transport-Security
+        '10021': ['header', 'security-misconfiguration'], // X-Content-Type-Options Missing
+        '10063': ['permissions-policy', 'header'], // Permissions Policy Header
+        '90003': ['sri', 'integrity', 'security-misconfiguration'], // Sub Resource Integrity Missing
+        '90004': ['spectre', 'isolation', 'header'], // Spectre Vulnerability
+        // Information Disclosure
+        '10009': ['info-disclosure', 'version-leak'], // In Page Banner Information Leak
+        '10037': ['info-disclosure', 'version-leak', 'header'], // X-Powered-By Leak
+        '10036': ['info-disclosure', 'version-leak', 'header'], // Server Header Leak
+        '10039': ['info-disclosure', 'header'], // X-Backend-Server Leak
+        '10023': ['info-disclosure', 'debug-errors'], // Debug Error Messages
+        '10044': ['redirect', 'info-disclosure'], // Big Redirect
+        '10027': ['info-disclosure', 'comments'], // Suspicious Comments
+        '2': ['info-disclosure', 'private-ip'], // Private IP Disclosure
+        '10062': ['info-disclosure', 'pii'], // PII Disclosure
+        // Cookie Issues
+        '10010': ['cookie', 'httponly'], // Cookie No HttpOnly
+        '10011': ['cookie', 'secure-flag'], // Cookie Without Secure Flag
+        '10054': ['cookie', 'samesite'], // Cookie without SameSite
+        // CORS & Cross-Domain
+        '10098': ['cors', 'security-misconfiguration'], // Cross-Domain Misconfiguration
+        '10017': ['cross-domain', 'js-inclusion'], // Cross-Domain JS Source Inclusion
+        // Directory & File Issues
+        '0': ['directory-listing'], // Directory Browsing (Active)
+        '10033': ['directory-listing'], // Directory Browsing (Passive)
+        '10095': ['backup-files', 'sensitive-files'], // Backup File Disclosure
+        '10045': ['source-disclosure', 'sensitive-files'], // Source Code Disclosure - WEB-INF
+        '10099': ['source-disclosure', 'php'], // Source Code Disclosure - PHP
+        // TLS/SSL Issues
+        '10034': ['heartbleed', 'ssl', 'cve'], // Heartbleed (Indicative)
+        '20015': ['heartbleed', 'ssl', 'cve'], // Heartbleed (Active)
+        '10040': ['mixed-content', 'ssl'], // Mixed Content
+        '10041': ['insecure-form', 'ssl'], // HTTP to HTTPS Insecure Transition
+        '10042': ['insecure-form', 'ssl'], // HTTPS to HTTP Insecure Transition
+        // Session & Auth
+        '3': ['session', 'url-rewrite'], // Session ID in URL Rewrite
+        '10105': ['auth', 'weak-auth'], // Weak Authentication Method
+        '10108': ['tabnabbing', 'security-misconfiguration'], // Reverse Tabnabbing
+        // Informational (mostly filtered)
+        '10109': ['modern-app', 'spa'], // Modern Web Application
+        '10015': ['cache', 'header'], // Re-examine Cache-control
+        '10110': ['dangerous-js', 'code-quality'], // Dangerous JS Functions
+        '10004': ['tech-detection'], // Tech Detection
+        '10112': ['session', 'informational'], // Session Management Response
+        '10111': ['auth', 'informational'], // Authentication Request Identified
+    };
+    if (tagMap[pluginid]) {
+        tags.push(...tagMap[pluginid]);
+    }
+    // Add tags based on name
+    if (name.toLowerCase().includes('header'))
+        tags.push('header');
+    if (name.toLowerCase().includes('xss'))
+        tags.push('xss');
+    if (name.toLowerCase().includes('csrf'))
+        tags.push('csrf');
+    return [...new Set(tags)];
+}
+/**
+ * Run ZAP baseline scan via Docker
+ */
+export async function runZap(target, options = {}) {
+    const outputDir = options.outputDir || process.cwd();
+    const jsonFile = path.join(outputDir, 'zap-report.json');
+    const timeout = options.timeout || 300; // 5 minutes default
+    // Clean up old report if exists
+    if (existsSync(jsonFile)) {
+        await unlink(jsonFile);
+    }
+    options.onProgress?.('Starting ZAP baseline scan via Docker...');
+    try {
+        // Run ZAP baseline scan
+        // -t target URL
+        // -J json output filename  
+        // -I don't return error on warnings
+        // -d debug mode for more output
+        const args = [
+            'run',
+            '--rm',
+            '-v', `${outputDir}:/zap/wrk/:rw`,
+            '-t',
+            'ghcr.io/zaproxy/zaproxy:stable',
+            'zap-baseline.py',
+            '-t', target,
+            '-J', 'zap-report.json',
+            '-I', // Don't fail on warnings
+        ];
+        options.onProgress?.(`Running: docker ${args.slice(0, 5).join(' ')}...`);
+        await execa('docker', args, {
+            timeout: timeout * 1000,
+            reject: false, // Don't throw on non-zero exit
+        });
+        // Check if report was generated
+        if (!existsSync(jsonFile)) {
+            throw new Error('ZAP did not generate report file');
+        }
+        // Parse the report
+        options.onProgress?.('Parsing ZAP results...');
+        const reportContent = await readFile(jsonFile, 'utf-8');
+        const report = JSON.parse(reportContent);
+        const allFindings = [];
+        const allTechnologies = [];
+        // Process each site
+        for (const site of report.site || []) {
+            const alerts = site.alerts || [];
+            // Extract technologies
+            const techs = extractTechFromZap(alerts);
+            allTechnologies.push(...techs);
+            // Convert alerts to findings (skip noisy ones)
+            for (let i = 0; i < alerts.length; i++) {
+                // Skip noisy/non-actionable alerts by plugin ID
+                if (SKIP_PLUGIN_IDS.has(alerts[i].pluginid)) {
+                    continue;
+                }
+                // Skip noisy alerts by name (when plugin ID is shared)
+                if (SKIP_ALERT_NAMES.has(alerts[i].name)) {
+                    continue;
+                }
+                // Skip Drupal CSRF false positives (Drupal uses form tokens)
+                if (isDrupalCsrfFalsePositive(alerts[i])) {
+                    continue;
+                }
+                const findings = parseZapAlert(alerts[i], i);
+                allFindings.push(...findings);
+            }
+        }
+        // Clean up report file
+        try {
+            await unlink(jsonFile);
+        }
+        catch {
+            // Ignore cleanup errors
+        }
+        options.onProgress?.(`ZAP found ${allFindings.length} issues`);
+        return { findings: allFindings, technologies: allTechnologies };
+    }
+    catch (error) {
+        if (error instanceof Error && error.message.includes('ETIMEDOUT')) {
+            throw new Error(`ZAP scan timed out after ${timeout} seconds`);
+        }
+        throw new Error(`ZAP scan failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * Check if Docker and ZAP image are available
+ */
+export async function checkZapAvailable() {
+    try {
+        // Check Docker is running
+        await execa('docker', ['info'], { reject: true });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Pull ZAP Docker image if not present
+ */
+export async function pullZapImage(onProgress) {
+    onProgress?.('Checking ZAP Docker image...');
+    try {
+        // Check if image exists
+        const { stdout } = await execa('docker', [
+            'images', '-q', 'ghcr.io/zaproxy/zaproxy:stable'
+        ]);
+        if (!stdout.trim()) {
+            onProgress?.('Pulling ZAP Docker image (this may take a few minutes)...');
+            await execa('docker', ['pull', 'ghcr.io/zaproxy/zaproxy:stable']);
+            onProgress?.('ZAP image downloaded successfully');
+        }
+        else {
+            onProgress?.('ZAP image already available');
+        }
+    }
+    catch (error) {
+        throw new Error(`Failed to pull ZAP image: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+//# sourceMappingURL=zap.js.map

package/dist/runners/zap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"zap.js","sourceRoot":"","sources":["../../src/runners/zap.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,IAAI,MAAM,MAAM,CAAC;AAmDxB;;;;;;;;;;;;;GAaG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,OAAO,EAAE,yBAAyB;IAClC,OAAO,EAAE,wCAAwC;IACjD,OAAO,EAAE,uBAAuB;IAChC,OAAO,EAAE,uBAAuB;IAChC,OAAO,EAAE,wBAAwB;IACjC,OAAO,EAAE,sBAAsB;IAC/B,OAAO,EAAE,yCAAyC;IAClD,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,yEAAyE;CACnF,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAmB,qBAAqB;IACtD,gCAAgC,EAAE,2BAA2B;IAC7D,mBAAmB,EAAc,6BAA6B;IAC9D,oBAAoB,EAAa,uCAAuC;CACzE,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,eAAe,GAA2B;IAC9C,OAAO,EAAE,oDAAoD;CAC9D,CAAC;AAEF;;GAEG;AACH,SAAS,yBAAyB,CAAC,KAAe;IAChD,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC,CAAC,iBAAiB;IAE/D,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAC;IACpD,OAAO,QAAQ,CAAC,QAAQ,CAAC,sBAAsB,CAAC;QACzC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;QAClC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,GAAG,CAAC,CAAC,OAAO,MAAM,CAAC,CAAM,4BAA4B;QAC1D,KAAK,GAAG,CAAC,CAAC,OAAO,QAAQ,CAAC;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,CAAC;QACvB,KAAK,GAAG,CAAC,CAAC,OAAO,MAAM,CAAC;QACxB,OAAO,CAAC,CAAC,OAAO,MAAM,CAAC;IACzB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,SAAiB;IACpC,MAAM,UAAU,GAAG,gBAAgB,CAAC;IACpC,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC5C,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,MAAkB;IAC5C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE/C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,sDAAsD;QACtD,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC/B,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACvC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;gBAE5C,iDAAiD;gBACjD,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAChF,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,IAAI,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC7C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;oBAC/B,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC7D,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACvC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;gBAC5C,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACtB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;oBAC/B,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3D,IAAI;QACJ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;KAChC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAe,EAAE,KAAa;IACnD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAE1C,+BAA+B;IAC/B,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI;SACrC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;SACxB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;SACvB,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC;SACtB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;SACrB,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;SACrB,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC;SAC1B,IAAI,EAAE,CAAC;IAEV,6DAA6D;IAC7D,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,mBAAmB;QACnB,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;QAExE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,EAAE,EAAE,qBAAqB;YAC7B,KAAK,EAAE,0BAA0B,OAAO,EAAE;YAC1C,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC;YAClC,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE;YACrC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YACpB,GAAG,EAAE,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS;YAC5D,IAAI,EAAE,CAAC,YAAY,EAAE,KAAK,EAAE,oBAAoB,CAAC;YACjD,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;YAC/D,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,8CAA8C;QAC9C,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC;QAE5D,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,EAAE;YACN,KAAK;YACL,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC;YAClC,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE;YACrC,GAAG,EAAE,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS;YAC5D,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC;YAC5C,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;YAC/D,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,SAAS;YAClD,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACnC,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,QAAgB,EAAE,IAAY;IAChD,MAAM,IAAI,GAAa,CAAC,KAAK,CAAC,CAAC;IAE/B,MAAM,MAAM,GAA6B;QACvC,0BAA0B;QAC1B,OAAO,EAAE,CAAC,YAAY,EAAE,KAAK,EAAE,oBAAoB,CAAC,EAAW,wBAAwB;QACvF,OAAO,EAAE,CAAC,MAAM,EAAE,2BAA2B,CAAC,EAAiB,8BAA8B;QAC7F,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,EAAiC,8CAA8C;QAC7G,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,EAAiC,mCAAmC;QAClG,OAAO,EAAE,CAAC,KAAK,EAAE,WAAW,CAAC,EAAkC,mCAAmC;QAClG,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC,EAAiC,oCAAoC;QACnG,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAwC,mCAAmC;QAClG,OAAO,EAAE,CAAC,MAAM,CAAC,EAA8C,gBAAgB;QAC/E,GAAG,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAiC,iBAAiB;QAChF,GAAG,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAiC,wBAAwB;QACvF,OAAO,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,EAAiC,iCAAiC;QAChG,OAAO,EAAE,CAAC,MAAM,CAAC,EAA8C,8BAA8B;QAC7F,OAAO,EAAE,CAAC,KAAK,EAAE,WAAW,CAAC,EAAkC,6BAA6B;QAC5F,OAAO,EAAE,CAAC,mBAAmB,EAAE,KAAK,CAAC,EAA0B,uBAAuB;QACtF,OAAO,EAAE,CAAC,UAAU,EAAE,eAAe,CAAC,EAAyB,oBAAoB;QAEnF,mBAAmB;QACnB,OAAO,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,2BAA2B,CAAC,EAAQ,qBAAqB;QACpF,OAAO,EAAE,CAAC,cAAc,EAAE,QAAQ,EAAE,2BAA2B,CAAC,EAAE,2BAA2B;QAC7F,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,2BAA2B,CAAC,EAAO,4BAA4B;QAC3F,OAAO,EAAE,CAAC,QAAQ,EAAE,2BAA2B,CAAC,EAAe,iCAAiC;QAChG,OAAO,EAAE,CAAC,oBAAoB,EAAE,QAAQ,CAAC,EAAsB,4BAA4B;QAC3F,OAAO,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,2BAA2B,CAAC,EAAK,iCAAiC;QAChG,OAAO,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAoB,wBAAwB;QAEvF,yBAAyB;QACzB,OAAO,EAAE,CAAC,iBAAiB,EAAE,cAAc,CAAC,EAAmB,kCAAkC;QACjG,OAAO,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,QAAQ,CAAC,EAAS,oBAAoB;QACnF,OAAO,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,QAAQ,CAAC,EAAS,qBAAqB;QACpF,OAAO,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC,EAAyB,wBAAwB;QACvF,OAAO,EAAE,CAAC,iBAAiB,EAAE,cAAc,CAAC,EAAmB,uBAAuB;QACtF,OAAO,EAAE,CAAC,UAAU,EAAE,iBAAiB,CAAC,EAAuB,eAAe;QAC9E,OAAO,EAAE,CAAC,iBAAiB,EAAE,UAAU,CAAC,EAAuB,sBAAsB;QACrF,GAAG,EAAE,CAAC,iBAAiB,EAAE,YAAY,CAAC,EAAyB,wBAAwB;QACvF,OAAO,EAAE,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAA4B,iBAAiB;QAEhF,gBAAgB;QAChB,OAAO,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAgC,qBAAqB;QACpF,OAAO,EAAE,CAAC,QAAQ,EAAE,aAAa,CAAC,EAA6B,6BAA6B;QAC5F,OAAO,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAgC,0BAA0B;QAEzF,sBAAsB;QACtB,OAAO,EAAE,CAAC,MAAM,EAAE,2BAA2B,CAAC,EAAiB,gCAAgC;QAC/F,OAAO,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC,EAAsB,mCAAmC;QAElG,0BAA0B;QAC1B,GAAG,EAAE,CAAC,mBAAmB,CAAC,EAAqC,8BAA8B;QAC7F,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAiC,+BAA+B;QAC9F,OAAO,EAAE,CAAC,cAAc,EAAE,iBAAiB,CAAC,EAAmB,yBAAyB;QACxF,OAAO,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,EAAc,mCAAmC;QAClG,OAAO,EAAE,CAAC,mBAAmB,EAAE,KAAK,CAAC,EAA0B,+BAA+B;QAE9F,iBAAiB;QACjB,OAAO,EAAE,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,EAA0B,0BAA0B;QACzF,OAAO,EAAE,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,EAA0B,sBAAsB;QACrF,OAAO,EAAE,CAAC,eAAe,EAAE,KAAK,CAAC,EAA8B,gBAAgB;QAC/E,OAAO,EAAE,CAAC,eAAe,EAAE,KAAK,CAAC,EAA8B,oCAAoC;QACnG,OAAO,EAAE,CAAC,eAAe,EAAE,KAAK,CAAC,EAA8B,oCAAoC;QAEnG,iBAAiB;QACjB,GAAG,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC,EAAgC,4BAA4B;QAC3F,OAAO,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,EAAiC,6BAA6B;QAC5F,OAAO,EAAE,CAAC,YAAY,EAAE,2BAA2B,CAAC,EAAW,qBAAqB;QAEpF,kCAAkC;QAClC,OAAO,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC,EAAiC,yBAAyB;QACxF,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAmC,2BAA2B;QAC1F,OAAO,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC,EAAsB,yBAAyB;QACxF,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAoC,iBAAiB;QAChF,OAAO,EAAE,CAAC,SAAS,EAAE,eAAe,CAAC,EAA0B,8BAA8B;QAC7F,OAAO,EAAE,CAAC,MAAM,EAAE,eAAe,CAAC,EAA6B,oCAAoC;KACpG,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,yBAAyB;IACzB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/D,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAE3D,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,MAAc,EACd,UAII,EAAE;IAEN,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IACzD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,GAAG,CAAC,CAAC,oBAAoB;IAE5D,gCAAgC;IAChC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,CAAC,UAAU,EAAE,CAAC,0CAA0C,CAAC,CAAC;IAEjE,IAAI,CAAC;QACH,wBAAwB;QACxB,gBAAgB;QAChB,4BAA4B;QAC5B,oCAAoC;QACpC,gCAAgC;QAChC,MAAM,IAAI,GAAG;YACX,KAAK;YACL,MAAM;YACN,IAAI,EAAE,GAAG,SAAS,eAAe;YACjC,IAAI;YACJ,gCAAgC;YAChC,iBAAiB;YACjB,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,iBAAiB;YACvB,IAAI,EAAE,yBAAyB;SAChC,CAAC;QAEF,OAAO,CAAC,UAAU,EAAE,CAAC,mBAAmB,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEzE,MAAM,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE;YAC1B,OAAO,EAAE,OAAO,GAAG,IAAI;YACvB,MAAM,EAAE,KAAK,EAAE,+BAA+B;SAC/C,CAAC,CAAC;QAEH,gCAAgC;QAChC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,mBAAmB;QACnB,OAAO,CAAC,UAAU,EAAE,CAAC,wBAAwB,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,MAAM,GAAc,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAEpD,MAAM,WAAW,GAAc,EAAE,CAAC;QAClC,MAAM,eAAe,GAAoB,EAAE,CAAC;QAE5C,oBAAoB;QACpB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;YAEjC,uBAAuB;YACvB,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACzC,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;YAE/B,+CAA+C;YAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvC,gDAAgD;gBAChD,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5C,SAAS;gBACX,CAAC;gBACD,uDAAuD;gBACvD,IAAI,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;oBACzC,SAAS;gBACX,CAAC;gBACD,6DAA6D;gBAC7D,IAAI,yBAAyB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzC,SAAS;gBACX,CAAC;gBACD,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7C,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QAED,OAAO,CAAC,UAAU,EAAE,CAAC,aAAa,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC;QAC/D,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,CAAC;IAElE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,UAAU,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,oBAAoB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IAClG,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,IAAI,CAAC;QACH,0BAA0B;QAC1B,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAkC;IACnE,UAAU,EAAE,CAAC,8BAA8B,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,wBAAwB;QACxB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACvC,QAAQ,EAAE,IAAI,EAAE,gCAAgC;SACjD,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YACnB,UAAU,EAAE,CAAC,2DAA2D,CAAC,CAAC;YAC1E,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,gCAAgC,CAAC,CAAC,CAAC;YAClE,UAAU,EAAE,CAAC,mCAAmC,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,UAAU,EAAE,CAAC,6BAA6B,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IAC3G,CAAC;AACH,CAAC"}