agentic-qe 3.3.3 → 3.3.5

package/v3/dist/domains/security-compliance/services/scanners/dast-helpers.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Agentic QE v3 - DAST Scanner Helper Functions
+ * Utility functions for dynamic security analysis
+ */
+import type { Vulnerability, ScanSummary, MemoryBackend } from './scanner-types.js';
+export { testXSS, testSQLi } from './dast-injection-testing.js';
+export { testAuthorizationBypass, testIDOR, validateCredentials, buildAuthHeaders, } from './dast-auth-testing.js';
+/**
+ * Analyze security headers in HTTP response
+ */
+export declare function analyzeSecurityHeaders(headers: Headers, targetUrl: string, vulnerabilities: Vulnerability[], authenticated?: boolean): void;
+/**
+ * Analyze cookie security attributes
+ */
+export declare function analyzeCookieSecurity(headers: Headers, targetUrl: string, vulnerabilities: Vulnerability[], authenticated?: boolean): void;
+/**
+ * Analyze server headers for version disclosure
+ */
+export declare function analyzeServerHeaders(headers: Headers, targetUrl: string, vulnerabilities: Vulnerability[]): void;
+/**
+ * Scan for sensitive file exposure
+ */
+export declare function scanSensitiveFiles(parsedUrl: URL, crawledUrls: number, maxDepth: number, vulnerabilities: Vulnerability[]): Promise<number>;
+/**
+ * Analyze CORS configuration
+ */
+export declare function analyzeCORS(targetUrl: string, vulnerabilities: Vulnerability[]): Promise<void>;
+/**
+ * Extract links from HTML and crawl discovered pages
+ */
+export declare function extractAndCrawlLinks(html: string, baseUrl: URL, currentCrawled: number, maxDepth: number, vulnerabilities: Vulnerability[]): Promise<number>;
+/**
+ * Analyze HTML forms for security issues
+ */
+export declare function analyzeFormsForSecurityIssues(html: string, baseUrl: string, vulnerabilities: Vulnerability[]): void;
+/**
+ * Handle fetch errors and add appropriate vulnerabilities
+ */
+export declare function handleFetchError(fetchError: unknown, targetUrl: string, vulnerabilities: Vulnerability[]): void;
+/**
+ * Calculate scan summary from vulnerabilities
+ */
+export declare function calculateSummary(vulnerabilities: Vulnerability[], totalFiles: number, scanDurationMs: number): ScanSummary;
+/**
+ * Store scan results in memory
+ */
+export declare function storeScanResults(memory: MemoryBackend, scanId: string, scanType: string, vulnerabilities: Vulnerability[], summary: ScanSummary): Promise<void>;
+//# sourceMappingURL=dast-helpers.d.ts.map

package/v3/dist/domains/security-compliance/services/scanners/dast-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dast-helpers.d.ts","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/dast-helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,aAAa,EAEb,WAAW,EAEX,aAAa,EACd,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,uBAAuB,EACvB,QAAQ,EACR,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAMhC;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,aAAa,EAAE,EAChC,aAAa,UAAQ,GACpB,IAAI,CA6BN;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,aAAa,EAAE,EAChC,aAAa,UAAQ,GACpB,IAAI,CAoCN;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,aAAa,EAAE,GAC/B,IAAI,CAcN;AAMD;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,SAAS,EAAE,GAAG,EACd,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,aAAa,EAAE,GAC/B,OAAO,CAAC,MAAM,CAAC,CAmDjB;AAMD;;GAEG;AACH,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,aAAa,EAAE,GAC/B,OAAO,CAAC,IAAI,CAAC,CA2Bf;AAMD;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,GAAG,EACZ,cAAc,EAAE,MAAM,EACtB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,aAAa,EAAE,GAC/B,OAAO,CAAC,MAAM,CAAC,CAsEjB;AAMD;;GAEG;AACH,wBAAgB,6BAA6B,CAC3C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,aAAa,EAAE,GAC/B,IAAI,CAsEN;AAMD;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,UAAU,EAAE,OAAO,EACnB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,aAAa,EAAE,GAC/B,IAAI,CA0BN;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,eAAe,EAAE,aAAa,EAAE,EAChC,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,GACrB,WAAW,CAgBb;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,aAAa,EACrB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,aAAa,EAAE,EAChC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,IAAI,CAAC,CAYf"}

package/v3/dist/domains/security-compliance/services/scanners/dast-helpers.js

@@ -0,0 +1,385 @@
+/**
+ * Agentic QE v3 - DAST Scanner Helper Functions
+ * Utility functions for dynamic security analysis
+ */
+import { v4 as uuidv4 } from 'uuid';
+// Re-export from specialized modules for convenience
+export { testXSS, testSQLi } from './dast-injection-testing.js';
+export { testAuthorizationBypass, testIDOR, validateCredentials, buildAuthHeaders, } from './dast-auth-testing.js';
+// ============================================================================
+// Security Header Analysis
+// ============================================================================
+/**
+ * Analyze security headers in HTTP response
+ */
+export function analyzeSecurityHeaders(headers, targetUrl, vulnerabilities, authenticated = false) {
+    const headerChecks = [
+        { header: 'strict-transport-security', title: 'Missing HSTS Header', severity: 'medium', remediation: 'Add Strict-Transport-Security header' },
+        { header: 'x-content-type-options', title: 'Missing X-Content-Type-Options', severity: 'low', remediation: 'Add X-Content-Type-Options: nosniff' },
+        { header: 'x-frame-options', title: 'Missing X-Frame-Options', severity: 'medium', remediation: 'Add X-Frame-Options: DENY or SAMEORIGIN' },
+        { header: 'content-security-policy', title: 'Missing Content-Security-Policy', severity: 'medium', remediation: 'Implement a Content-Security-Policy' },
+    ];
+    if (!authenticated) {
+        headerChecks.push({ header: 'referrer-policy', title: 'Missing Referrer-Policy', severity: 'low', remediation: 'Add Referrer-Policy header' }, { header: 'permissions-policy', title: 'Missing Permissions-Policy', severity: 'low', remediation: 'Add Permissions-Policy header' });
+    }
+    for (const check of headerChecks) {
+        if (!headers.get(check.header)) {
+            vulnerabilities.push({
+                id: uuidv4(),
+                title: check.title,
+                description: `Security header ${check.header} is not present in the response`,
+                severity: check.severity,
+                category: 'security-misconfiguration',
+                location: { file: targetUrl, snippet: `Missing: ${check.header}` },
+                remediation: { description: check.remediation, estimatedEffort: 'minor', automatable: true },
+                references: ['https://owasp.org/www-project-secure-headers/'],
+            });
+        }
+    }
+}
+/**
+ * Analyze cookie security attributes
+ */
+export function analyzeCookieSecurity(headers, targetUrl, vulnerabilities, authenticated = false) {
+    const setCookie = headers.get('set-cookie');
+    if (!setCookie)
+        return;
+    const cookieLower = setCookie.toLowerCase();
+    const severity = authenticated ? 'high' : 'medium';
+    if (!cookieLower.includes('secure')) {
+        vulnerabilities.push({
+            id: uuidv4(),
+            title: authenticated ? 'Session Cookie Missing Secure Flag' : 'Cookie Missing Secure Flag',
+            description: authenticated
+                ? 'Authenticated session cookie is not marked as Secure'
+                : 'Cookie is set without the Secure attribute',
+            severity,
+            category: 'sensitive-data',
+            location: { file: targetUrl, snippet: `Set-Cookie header without Secure flag` },
+            remediation: { description: 'Add Secure flag to all cookies', estimatedEffort: 'trivial', automatable: true },
+            references: ['https://owasp.org/www-community/controls/SecureCookieAttribute'],
+        });
+    }
+    if (!cookieLower.includes('httponly')) {
+        vulnerabilities.push({
+            id: uuidv4(),
+            title: authenticated ? 'Session Cookie Missing HttpOnly Flag' : 'Cookie Missing HttpOnly Flag',
+            description: authenticated
+                ? 'Session cookie is accessible to JavaScript'
+                : 'Cookie is accessible to client-side JavaScript',
+            severity,
+            category: 'sensitive-data',
+            location: { file: targetUrl, snippet: `Set-Cookie header without HttpOnly flag` },
+            remediation: { description: 'Add HttpOnly flag to session cookies', estimatedEffort: 'trivial', automatable: true },
+            references: ['https://owasp.org/www-community/HttpOnly'],
+        });
+    }
+}
+/**
+ * Analyze server headers for version disclosure
+ */
+export function analyzeServerHeaders(headers, targetUrl, vulnerabilities) {
+    const serverHeader = headers.get('server') || headers.get('x-powered-by');
+    if (serverHeader && /\d+\.\d+/.test(serverHeader)) {
+        vulnerabilities.push({
+            id: uuidv4(),
+            title: 'Server Version Disclosure',
+            description: `Server version information exposed: ${serverHeader}`,
+            severity: 'low',
+            category: 'security-misconfiguration',
+            location: { file: targetUrl, snippet: `Server: ${serverHeader}` },
+            remediation: { description: 'Remove or obfuscate server version headers', estimatedEffort: 'trivial', automatable: true },
+            references: ['https://owasp.org/www-project-web-security-testing-guide/'],
+        });
+    }
+}
+// ============================================================================
+// Sensitive File Scanning
+// ============================================================================
+/**
+ * Scan for sensitive file exposure
+ */
+export async function scanSensitiveFiles(parsedUrl, crawledUrls, maxDepth, vulnerabilities) {
+    const sensitiveEndpoints = [
+        { path: '/.git/config', name: 'Git Configuration' },
+        { path: '/.env', name: 'Environment File' },
+        { path: '/robots.txt', name: 'Robots.txt' },
+        { path: '/sitemap.xml', name: 'Sitemap' },
+        { path: '/.htaccess', name: 'htaccess File' },
+        { path: '/web.config', name: 'IIS Configuration' },
+    ];
+    for (const endpoint of sensitiveEndpoints) {
+        if (crawledUrls >= maxDepth * 10)
+            break;
+        try {
+            const testUrl = new URL(endpoint.path, parsedUrl.origin).toString();
+            const testResponse = await fetch(testUrl, {
+                method: 'GET',
+                signal: AbortSignal.timeout(5000),
+            });
+            if (testResponse.ok) {
+                crawledUrls++;
+                const text = await testResponse.text();
+                if (text.length > 20 && !text.toLowerCase().includes('not found') && !text.toLowerCase().includes('404')) {
+                    const isSensitive = endpoint.path.includes('.git') ||
+                        endpoint.path.includes('.env') ||
+                        endpoint.path.includes('.htaccess') ||
+                        endpoint.path.includes('web.config');
+                    if (isSensitive) {
+                        vulnerabilities.push({
+                            id: uuidv4(),
+                            title: `Sensitive File Exposed: ${endpoint.name}`,
+                            description: `${endpoint.name} is publicly accessible`,
+                            severity: endpoint.path.includes('.git') || endpoint.path.includes('.env') ? 'high' : 'medium',
+                            category: 'sensitive-data',
+                            location: { file: testUrl },
+                            remediation: { description: `Restrict access to ${endpoint.path}`, estimatedEffort: 'trivial', automatable: true },
+                            references: ['https://owasp.org/www-project-web-security-testing-guide/'],
+                        });
+                    }
+                }
+            }
+        }
+        catch {
+            // File not accessible - expected
+        }
+    }
+    return crawledUrls;
+}
+// ============================================================================
+// CORS Analysis
+// ============================================================================
+/**
+ * Analyze CORS configuration
+ */
+export async function analyzeCORS(targetUrl, vulnerabilities) {
+    try {
+        const corsResponse = await fetch(targetUrl, {
+            method: 'OPTIONS',
+            headers: {
+                'Origin': 'https://evil-attacker.com',
+                'Access-Control-Request-Method': 'GET',
+            },
+            signal: AbortSignal.timeout(5000),
+        });
+        const allowOrigin = corsResponse.headers.get('access-control-allow-origin');
+        if (allowOrigin === '*' || allowOrigin === 'https://evil-attacker.com') {
+            vulnerabilities.push({
+                id: uuidv4(),
+                title: 'Overly Permissive CORS Policy',
+                description: allowOrigin === '*' ? 'CORS allows all origins' : 'CORS reflects arbitrary origin',
+                severity: 'medium',
+                category: 'access-control',
+                location: { file: targetUrl, snippet: `Access-Control-Allow-Origin: ${allowOrigin}` },
+                remediation: { description: 'Restrict CORS to specific trusted origins', estimatedEffort: 'minor', automatable: false },
+                references: ['https://owasp.org/www-community/attacks/CORS_OriginHeaderScrutiny'],
+            });
+        }
+    }
+    catch {
+        // OPTIONS request failed - CORS might be properly restricted
+    }
+}
+// ============================================================================
+// Link Crawling
+// ============================================================================
+/**
+ * Extract links from HTML and crawl discovered pages
+ */
+export async function extractAndCrawlLinks(html, baseUrl, currentCrawled, maxDepth, vulnerabilities) {
+    let crawledUrls = currentCrawled;
+    const maxCrawl = maxDepth * 5;
+    const linkPattern = /href=["']([^"']+)["']/gi;
+    const discoveredLinks = new Set();
+    let match;
+    while ((match = linkPattern.exec(html)) !== null) {
+        const href = match[1];
+        try {
+            const linkUrl = new URL(href, baseUrl.origin);
+            if (linkUrl.origin === baseUrl.origin && !discoveredLinks.has(linkUrl.pathname)) {
+                discoveredLinks.add(linkUrl.pathname);
+            }
+        }
+        catch {
+            // Invalid URL - skip
+        }
+    }
+    const linksToCrawl = Array.from(discoveredLinks).slice(0, Math.min(10, maxCrawl - crawledUrls));
+    for (const path of linksToCrawl) {
+        if (crawledUrls >= maxCrawl)
+            break;
+        try {
+            const crawlUrl = new URL(path, baseUrl.origin).toString();
+            const crawlResponse = await fetch(crawlUrl, {
+                method: 'GET',
+                headers: { 'User-Agent': 'AgenticQE-DAST-Scanner/3.0' },
+                signal: AbortSignal.timeout(5000),
+                redirect: 'follow',
+            });
+            crawledUrls++;
+            if (crawlResponse.ok) {
+                if (path.includes('password') || path.includes('token') || path.includes('api_key')) {
+                    vulnerabilities.push({
+                        id: uuidv4(),
+                        title: 'Sensitive Data in URL Path',
+                        description: `URL path may contain sensitive parameter names: ${path}`,
+                        severity: 'medium',
+                        category: 'sensitive-data',
+                        location: { file: crawlUrl },
+                        remediation: { description: 'Avoid sensitive data in URL paths', estimatedEffort: 'minor', automatable: false },
+                        references: ['https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url'],
+                    });
+                }
+                const responseText = await crawlResponse.text();
+                if (responseText.includes('Index of /') || responseText.includes('Directory listing for')) {
+                    vulnerabilities.push({
+                        id: uuidv4(),
+                        title: 'Directory Listing Enabled',
+                        description: `Directory listing is enabled at: ${crawlUrl}`,
+                        severity: 'medium',
+                        category: 'security-misconfiguration',
+                        location: { file: crawlUrl },
+                        remediation: { description: 'Disable directory listing in server configuration', estimatedEffort: 'trivial', automatable: true },
+                        references: ['https://owasp.org/www-project-web-security-testing-guide/'],
+                    });
+                }
+            }
+        }
+        catch {
+            // Page not accessible
+        }
+    }
+    return crawledUrls;
+}
+// ============================================================================
+// Form Analysis
+// ============================================================================
+/**
+ * Analyze HTML forms for security issues
+ */
+export function analyzeFormsForSecurityIssues(html, baseUrl, vulnerabilities) {
+    const formPattern = /<form[^>]*>([\s\S]*?)<\/form>/gi;
+    let formMatch;
+    let formIndex = 0;
+    while ((formMatch = formPattern.exec(html)) !== null && formIndex < 10) {
+        formIndex++;
+        const formHtml = formMatch[0];
+        const formContent = formMatch[1];
+        // Check for CSRF token
+        const hasCsrfToken = /name=["']?csrf/i.test(formContent) ||
+            /name=["']?_token/i.test(formContent) ||
+            /name=["']?authenticity_token/i.test(formContent) ||
+            /name=["']?__RequestVerificationToken/i.test(formContent);
+        const isPostForm = /method=["']?post/i.test(formHtml);
+        if (isPostForm && !hasCsrfToken) {
+            vulnerabilities.push({
+                id: uuidv4(),
+                title: 'Missing CSRF Token',
+                description: `POST form #${formIndex} does not appear to have CSRF protection`,
+                severity: 'medium',
+                category: 'broken-auth',
+                location: { file: baseUrl, snippet: `Form #${formIndex}` },
+                remediation: { description: 'Add CSRF token to all state-changing forms', estimatedEffort: 'minor', automatable: false },
+                references: ['https://owasp.org/www-community/attacks/csrf'],
+            });
+        }
+        // Check for password fields without autocomplete=off
+        if (/type=["']?password/i.test(formContent)) {
+            const hasAutocompleteOff = /autocomplete=["']?(off|new-password)/i.test(formContent) ||
+                /autocomplete=["']?(off|new-password)/i.test(formHtml);
+            if (!hasAutocompleteOff) {
+                vulnerabilities.push({
+                    id: uuidv4(),
+                    title: 'Password Field Allows Autocomplete',
+                    description: `Form #${formIndex} has password field that may be cached by browser`,
+                    severity: 'low',
+                    category: 'sensitive-data',
+                    location: { file: baseUrl, snippet: `Form #${formIndex}` },
+                    remediation: { description: 'Add autocomplete="new-password" to password fields', estimatedEffort: 'trivial', automatable: true },
+                    references: ['https://owasp.org/www-project-web-security-testing-guide/'],
+                });
+            }
+        }
+        // Check for insecure form action
+        const actionMatch = /action=["']?([^"'\s>]+)/i.exec(formHtml);
+        if (actionMatch) {
+            const action = actionMatch[1];
+            if (action.startsWith('http://') && !action.includes('localhost') && !action.includes('127.0.0.1')) {
+                vulnerabilities.push({
+                    id: uuidv4(),
+                    title: 'Form Submits to Insecure HTTP',
+                    description: `Form #${formIndex} submits data over insecure HTTP: ${action}`,
+                    severity: 'high',
+                    category: 'sensitive-data',
+                    location: { file: baseUrl, snippet: `Action: ${action}` },
+                    remediation: { description: 'Change form action to use HTTPS', estimatedEffort: 'trivial', automatable: true },
+                    references: ['https://owasp.org/www-project-web-security-testing-guide/'],
+                });
+            }
+        }
+    }
+}
+// ============================================================================
+// Utility Functions
+// ============================================================================
+/**
+ * Handle fetch errors and add appropriate vulnerabilities
+ */
+export function handleFetchError(fetchError, targetUrl, vulnerabilities) {
+    const errorMsg = fetchError instanceof Error ? fetchError.message : String(fetchError);
+    if (errorMsg.includes('CERT') || errorMsg.includes('SSL') || errorMsg.includes('TLS') || errorMsg.includes('certificate')) {
+        vulnerabilities.push({
+            id: uuidv4(),
+            title: 'TLS Certificate Error',
+            description: `SSL/TLS error: ${errorMsg}`,
+            severity: 'high',
+            category: 'security-misconfiguration',
+            location: { file: targetUrl },
+            remediation: { description: 'Fix TLS certificate configuration', estimatedEffort: 'moderate', automatable: false },
+            references: ['https://owasp.org/www-project-web-security-testing-guide/'],
+        });
+    }
+    else if (errorMsg.includes('timeout') || errorMsg.includes('abort')) {
+        vulnerabilities.push({
+            id: uuidv4(),
+            title: 'Connection Timeout',
+            description: `Target did not respond within timeout: ${errorMsg}`,
+            severity: 'informational',
+            category: 'security-misconfiguration',
+            location: { file: targetUrl },
+            remediation: { description: 'Verify target is accessible', estimatedEffort: 'trivial', automatable: false },
+            references: [],
+        });
+    }
+}
+/**
+ * Calculate scan summary from vulnerabilities
+ */
+export function calculateSummary(vulnerabilities, totalFiles, scanDurationMs) {
+    const summary = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        informational: 0,
+        totalFiles,
+        scanDurationMs,
+    };
+    for (const vuln of vulnerabilities) {
+        summary[vuln.severity]++;
+    }
+    return summary;
+}
+/**
+ * Store scan results in memory
+ */
+export async function storeScanResults(memory, scanId, scanType, vulnerabilities, summary) {
+    await memory.set(`security:scan:${scanId}`, {
+        scanId,
+        scanType,
+        vulnerabilities,
+        summary,
+        timestamp: new Date().toISOString(),
+    }, { namespace: 'security-compliance', ttl: 86400 * 7 });
+}
+//# sourceMappingURL=dast-helpers.js.map

package/v3/dist/domains/security-compliance/services/scanners/dast-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dast-helpers.js","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/dast-helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AASpC,qDAAqD;AACrD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,uBAAuB,EACvB,QAAQ,EACR,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAEhC,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAgB,EAChB,SAAiB,EACjB,eAAgC,EAChC,aAAa,GAAG,KAAK;IAErB,MAAM,YAAY,GAAG;QACnB,EAAE,MAAM,EAAE,2BAA2B,EAAE,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,QAAiC,EAAE,WAAW,EAAE,sCAAsC,EAAE;QACvK,EAAE,MAAM,EAAE,wBAAwB,EAAE,KAAK,EAAE,gCAAgC,EAAE,QAAQ,EAAE,KAA8B,EAAE,WAAW,EAAE,qCAAqC,EAAE;QAC3K,EAAE,MAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,yBAAyB,EAAE,QAAQ,EAAE,QAAiC,EAAE,WAAW,EAAE,yCAAyC,EAAE;QACpK,EAAE,MAAM,EAAE,yBAAyB,EAAE,KAAK,EAAE,iCAAiC,EAAE,QAAQ,EAAE,QAAiC,EAAE,WAAW,EAAE,qCAAqC,EAAE;KACjL,CAAC;IAEF,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,YAAY,CAAC,IAAI,CACf,EAAE,MAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAA8B,EAAE,WAAW,EAAE,4BAA4B,EAAE,EACpJ,EAAE,MAAM,EAAE,oBAAoB,EAAE,KAAK,EAAE,4BAA4B,EAAE,QAAQ,EAAE,KAA8B,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAC9J,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,MAAM,EAAE;gBACZ,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,WAAW,EAAE,mBAAmB,KAAK,CAAC,MAAM,iCAAiC;gBAC7E,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,KAAK,CAAC,MAAM,EAAE,EAAE;gBAClE,WAAW,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE;gBAC5F,UAAU,EAAE,CAAC,+CAA+C,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAgB,EAChB,SAAiB,EACjB,eAAgC,EAChC,aAAa,GAAG,KAAK;IAErB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC5C,IAAI,CAAC,SAAS;QAAE,OAAO;IAEvB,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEnD,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,MAAM,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,oCAAoC,CAAC,CAAC,CAAC,4BAA4B;YAC1F,WAAW,EAAE,aAAa;gBACxB,CAAC,CAAC,sDAAsD;gBACxD,CAAC,CAAC,4CAA4C;YAChD,QAAQ;YACR,QAAQ,EAAE,gBAAgB;YAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,uCAAuC,EAAE;YAC/E,WAAW,EAAE,EAAE,WAAW,EAAE,gCAAgC,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;YAC7G,UAAU,EAAE,CAAC,gEAAgE,CAAC;SAC/E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACtC,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,MAAM,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,sCAAsC,CAAC,CAAC,CAAC,8BAA8B;YAC9F,WAAW,EAAE,aAAa;gBACxB,CAAC,CAAC,4CAA4C;gBAC9C,CAAC,CAAC,gDAAgD;YACpD,QAAQ;YACR,QAAQ,EAAE,gBAAgB;YAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,yCAAyC,EAAE;YACjF,WAAW,EAAE,EAAE,WAAW,EAAE,sCAAsC,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;YACnH,UAAU,EAAE,CAAC,0CAA0C,CAAC;SACzD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAgB,EAChB,SAAiB,EACjB,eAAgC;IAEhC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC1E,IAAI,YAAY,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAClD,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,MAAM,EAAE;YACZ,KAAK,EAAE,2BAA2B;YAClC,WAAW,EAAE,uCAAuC,YAAY,EAAE;YAClE,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,2BAA2B;YACrC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,YAAY,EAAE,EAAE;YACjE,WAAW,EAAE,EAAE,WAAW,EAAE,4CAA4C,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;YACzH,UAAU,EAAE,CAAC,2DAA2D,CAAC;SAC1E,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,SAAc,EACd,WAAmB,EACnB,QAAgB,EAChB,eAAgC;IAEhC,MAAM,kBAAkB,GAAG;QACzB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,mBAAmB,EAAE;QACnD,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE;QAC3C,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,YAAY,EAAE;QAC3C,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE;QACzC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE;QAC7C,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,mBAAmB,EAAE;KACnD,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QAC1C,IAAI,WAAW,IAAI,QAAQ,GAAG,EAAE;YAAE,MAAM;QAExC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YACpE,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;gBACxC,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;gBACpB,WAAW,EAAE,CAAC;gBACd,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;gBAEvC,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzG,MAAM,WAAW,GACf,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAC9B,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAC9B,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;wBACnC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;oBAEvC,IAAI,WAAW,EAAE,CAAC;wBAChB,eAAe,CAAC,IAAI,CAAC;4BACnB,EAAE,EAAE,MAAM,EAAE;4BACZ,KAAK,EAAE,2BAA2B,QAAQ,CAAC,IAAI,EAAE;4BACjD,WAAW,EAAE,GAAG,QAAQ,CAAC,IAAI,yBAAyB;4BACtD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;4BAC9F,QAAQ,EAAE,gBAAgB;4BAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;4BAC3B,WAAW,EAAE,EAAE,WAAW,EAAE,sBAAsB,QAAQ,CAAC,IAAI,EAAE,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;4BAClH,UAAU,EAAE,CAAC,2DAA2D,CAAC;yBAC1E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,SAAiB,EACjB,eAAgC;IAEhC,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YAC1C,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE;gBACP,QAAQ,EAAE,2BAA2B;gBACrC,+BAA+B,EAAE,KAAK;aACvC;YACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC5E,IAAI,WAAW,KAAK,GAAG,IAAI,WAAW,KAAK,2BAA2B,EAAE,CAAC;YACvE,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,MAAM,EAAE;gBACZ,KAAK,EAAE,+BAA+B;gBACtC,WAAW,EAAE,WAAW,KAAK,GAAG,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,gCAAgC;gBAC/F,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,gBAAgB;gBAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,gCAAgC,WAAW,EAAE,EAAE;gBACrF,WAAW,EAAE,EAAE,WAAW,EAAE,2CAA2C,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE;gBACvH,UAAU,EAAE,CAAC,mEAAmE,CAAC;aAClF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;IAC/D,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,IAAY,EACZ,OAAY,EACZ,cAAsB,EACtB,QAAgB,EAChB,eAAgC;IAEhC,IAAI,WAAW,GAAG,cAAc,CAAC;IACjC,MAAM,QAAQ,GAAG,QAAQ,GAAG,CAAC,CAAC;IAE9B,MAAM,WAAW,GAAG,yBAAyB,CAAC;IAC9C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,KAAK,CAAC;IAEV,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChF,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC;IAEhG,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,IAAI,WAAW,IAAI,QAAQ;YAAE,MAAM;QAEnC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1D,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1C,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,YAAY,EAAE,4BAA4B,EAAE;gBACvD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjC,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;YAEH,WAAW,EAAE,CAAC;YAEd,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACrB,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpF,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,MAAM,EAAE;wBACZ,KAAK,EAAE,4BAA4B;wBACnC,WAAW,EAAE,mDAAmD,IAAI,EAAE;wBACtE,QAAQ,EAAE,QAAQ;wBAClB,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBAC5B,WAAW,EAAE,EAAE,WAAW,EAAE,mCAAmC,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE;wBAC/G,UAAU,EAAE,CAAC,mGAAmG,CAAC;qBAClH,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;gBAChD,IAAI,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;oBAC1F,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,MAAM,EAAE;wBACZ,KAAK,EAAE,2BAA2B;wBAClC,WAAW,EAAE,oCAAoC,QAAQ,EAAE;wBAC3D,QAAQ,EAAE,QAAQ;wBAClB,QAAQ,EAAE,2BAA2B;wBACrC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBAC5B,WAAW,EAAE,EAAE,WAAW,EAAE,mDAAmD,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;wBAChI,UAAU,EAAE,CAAC,2DAA2D,CAAC;qBAC1E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,6BAA6B,CAC3C,IAAY,EACZ,OAAe,EACf,eAAgC;IAEhC,MAAM,WAAW,GAAG,iCAAiC,CAAC;IACtD,IAAI,SAAS,CAAC;IACd,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,OAAO,CAAC,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,IAAI,SAAS,GAAG,EAAE,EAAE,CAAC;QACvE,SAAS,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAEjC,uBAAuB;QACvB,MAAM,YAAY,GAChB,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC;YACnC,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC;YACrC,+BAA+B,CAAC,IAAI,CAAC,WAAW,CAAC;YACjD,uCAAuC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5D,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;YAChC,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,MAAM,EAAE;gBACZ,KAAK,EAAE,oBAAoB;gBAC3B,WAAW,EAAE,cAAc,SAAS,0CAA0C;gBAC9E,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,aAAa;gBACvB,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,SAAS,EAAE,EAAE;gBAC1D,WAAW,EAAE,EAAE,WAAW,EAAE,4CAA4C,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE;gBACxH,UAAU,EAAE,CAAC,8CAA8C,CAAC;aAC7D,CAAC,CAAC;QACL,CAAC;QAED,qDAAqD;QACrD,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5C,MAAM,kBAAkB,GACtB,uCAAuC,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzD,uCAAuC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEzD,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,MAAM,EAAE;oBACZ,KAAK,EAAE,oCAAoC;oBAC3C,WAAW,EAAE,SAAS,SAAS,mDAAmD;oBAClF,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,gBAAgB;oBAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,SAAS,EAAE,EAAE;oBAC1D,WAAW,EAAE,EAAE,WAAW,EAAE,oDAAoD,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;oBACjI,UAAU,EAAE,CAAC,2DAA2D,CAAC;iBAC1E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,MAAM,WAAW,GAAG,0BAA0B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9D,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnG,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,MAAM,EAAE;oBACZ,KAAK,EAAE,+BAA+B;oBACtC,WAAW,EAAE,SAAS,SAAS,qCAAqC,MAAM,EAAE;oBAC5E,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,gBAAgB;oBAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,MAAM,EAAE,EAAE;oBACzD,WAAW,EAAE,EAAE,WAAW,EAAE,iCAAiC,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;oBAC9G,UAAU,EAAE,CAAC,2DAA2D,CAAC;iBAC1E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,UAAmB,EACnB,SAAiB,EACjB,eAAgC;IAEhC,MAAM,QAAQ,GAAG,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEvF,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC1H,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,MAAM,EAAE;YACZ,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,kBAAkB,QAAQ,EAAE;YACzC,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,2BAA2B;YACrC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YAC7B,WAAW,EAAE,EAAE,WAAW,EAAE,mCAAmC,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE;YAClH,UAAU,EAAE,CAAC,2DAA2D,CAAC;SAC1E,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACtE,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,MAAM,EAAE;YACZ,KAAK,EAAE,oBAAoB;YAC3B,WAAW,EAAE,0CAA0C,QAAQ,EAAE;YACjE,QAAQ,EAAE,eAAe;YACzB,QAAQ,EAAE,2BAA2B;YACrC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YAC7B,WAAW,EAAE,EAAE,WAAW,EAAE,6BAA6B,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE;YAC3G,UAAU,EAAE,EAAE;SACf,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,eAAgC,EAChC,UAAkB,EAClB,cAAsB;IAEtB,MAAM,OAAO,GAAuB;QAClC,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,aAAa,EAAE,CAAC;QAChB,UAAU;QACV,cAAc;KACf,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC3B,CAAC;IAED,OAAO,OAAsB,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAqB,EACrB,MAAc,EACd,QAAgB,EAChB,eAAgC,EAChC,OAAoB;IAEpB,MAAM,MAAM,CAAC,GAAG,CACd,iBAAiB,MAAM,EAAE,EACzB;QACE,MAAM;QACN,QAAQ;QACR,eAAe;QACf,OAAO;QACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,EACD,EAAE,SAAS,EAAE,qBAAqB,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,EAAE,CACrD,CAAC;AACJ,CAAC"}

package/v3/dist/domains/security-compliance/services/scanners/dast-injection-testing.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Agentic QE v3 - DAST Injection Testing
+ * XSS and SQL injection testing utilities
+ */
+import type { Vulnerability } from './scanner-types.js';
+/**
+ * Test for XSS vulnerabilities
+ */
+export declare function testXSS(targetUrl: string, parsedUrl: URL, paramName: string, payloads: Array<{
+    payload: string;
+    name: string;
+}>, vulnerabilities: Vulnerability[]): Promise<void>;
+/**
+ * Test for SQL injection vulnerabilities
+ */
+export declare function testSQLi(targetUrl: string, parsedUrl: URL, paramName: string, payloads: Array<{
+    payload: string;
+    name: string;
+}>, vulnerabilities: Vulnerability[]): Promise<void>;
+//# sourceMappingURL=dast-injection-testing.d.ts.map

package/v3/dist/domains/security-compliance/services/scanners/dast-injection-testing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dast-injection-testing.d.ts","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/dast-injection-testing.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMxD;;GAEG;AACH,wBAAsB,OAAO,CAC3B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,GAAG,EACd,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,EAClD,eAAe,EAAE,aAAa,EAAE,GAC/B,OAAO,CAAC,IAAI,CAAC,CA2Cf;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAC5B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,GAAG,EACd,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,EAClD,eAAe,EAAE,aAAa,EAAE,GAC/B,OAAO,CAAC,IAAI,CAAC,CA6Cf"}

package/v3/dist/domains/security-compliance/services/scanners/dast-injection-testing.js

@@ -0,0 +1,99 @@
+/**
+ * Agentic QE v3 - DAST Injection Testing
+ * XSS and SQL injection testing utilities
+ */
+import { v4 as uuidv4 } from 'uuid';
+// ============================================================================
+// Injection Testing
+// ============================================================================
+/**
+ * Test for XSS vulnerabilities
+ */
+export async function testXSS(targetUrl, parsedUrl, paramName, payloads, vulnerabilities) {
+    for (const xss of payloads) {
+        try {
+            const testParams = new URLSearchParams(parsedUrl.search);
+            testParams.set(paramName, xss.payload);
+            const testUrl = `${parsedUrl.origin}${parsedUrl.pathname}?${testParams.toString()}`;
+            const response = await fetch(testUrl, {
+                method: 'GET',
+                headers: { 'User-Agent': 'AgenticQE-DAST-Scanner/3.0' },
+                signal: AbortSignal.timeout(5000),
+            });
+            if (response.ok) {
+                const text = await response.text();
+                const escapedPayload = xss.payload
+                    .replace(/&/g, '&')
+                    .replace(/</g, '&lt;')
+                    .replace(/>/g, '&gt;')
+                    .replace(/"/g, '&quot;')
+                    .replace(/'/g, '&#x27;');
+                const hasUnescapedPayload = text.includes(xss.payload);
+                const hasEscapedPayload = text.includes(escapedPayload);
+                if (hasUnescapedPayload && !hasEscapedPayload) {
+                    vulnerabilities.push({
+                        id: uuidv4(),
+                        title: `Reflected XSS: ${xss.name}`,
+                        description: `Parameter '${paramName}' reflects unsanitized input`,
+                        severity: 'critical',
+                        category: 'xss',
+                        location: { file: targetUrl, snippet: `Parameter: ${paramName}, Payload: ${xss.payload.substring(0, 30)}...` },
+                        remediation: { description: 'HTML-encode all user input before rendering', estimatedEffort: 'moderate', automatable: false },
+                        references: ['https://owasp.org/www-community/attacks/xss/'],
+                    });
+                    break;
+                }
+            }
+        }
+        catch {
+            // Request failed
+        }
+    }
+}
+/**
+ * Test for SQL injection vulnerabilities
+ */
+export async function testSQLi(targetUrl, parsedUrl, paramName, payloads, vulnerabilities) {
+    const sqlErrorPatterns = [
+        /SQL syntax.*MySQL/i,
+        /Warning.*mysql/i,
+        /PostgreSQL.*ERROR/i,
+        /ORA-\d{5}/i,
+        /SQLite.*error/i,
+        /SQLITE_ERROR/i,
+        /unclosed quotation mark/i,
+        /quoted string not properly terminated/i,
+    ];
+    for (const sqli of payloads) {
+        try {
+            const testParams = new URLSearchParams(parsedUrl.search);
+            testParams.set(paramName, sqli.payload);
+            const testUrl = `${parsedUrl.origin}${parsedUrl.pathname}?${testParams.toString()}`;
+            const response = await fetch(testUrl, {
+                method: 'GET',
+                headers: { 'User-Agent': 'AgenticQE-DAST-Scanner/3.0' },
+                signal: AbortSignal.timeout(5000),
+            });
+            const text = await response.text();
+            for (const pattern of sqlErrorPatterns) {
+                if (pattern.test(text)) {
+                    vulnerabilities.push({
+                        id: uuidv4(),
+                        title: `SQL Injection: ${sqli.name}`,
+                        description: `Parameter '${paramName}' appears vulnerable to SQL injection`,
+                        severity: 'critical',
+                        category: 'injection',
+                        location: { file: targetUrl, snippet: `Parameter: ${paramName}` },
+                        remediation: { description: 'Use parameterized queries or prepared statements', estimatedEffort: 'moderate', automatable: false },
+                        references: ['https://owasp.org/www-community/attacks/SQL_Injection'],
+                    });
+                    break;
+                }
+            }
+        }
+        catch {
+            // Request failed
+        }
+    }
+}
+//# sourceMappingURL=dast-injection-testing.js.map

package/v3/dist/domains/security-compliance/services/scanners/dast-injection-testing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dast-injection-testing.js","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/dast-injection-testing.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAGpC,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,SAAiB,EACjB,SAAc,EACd,SAAiB,EACjB,QAAkD,EAClD,eAAgC;IAEhC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACzD,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACvC,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC;YAEpF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;gBACpC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,YAAY,EAAE,4BAA4B,EAAE;gBACvD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO;qBAC/B,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;qBACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;qBACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;qBACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;qBACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAE3B,MAAM,mBAAmB,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACvD,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;gBAExD,IAAI,mBAAmB,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC9C,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,MAAM,EAAE;wBACZ,KAAK,EAAE,kBAAkB,GAAG,CAAC,IAAI,EAAE;wBACnC,WAAW,EAAE,cAAc,SAAS,8BAA8B;wBAClE,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,KAAK;wBACf,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,SAAS,cAAc,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE;wBAC9G,WAAW,EAAE,EAAE,WAAW,EAAE,6CAA6C,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE;wBAC5H,UAAU,EAAE,CAAC,8CAA8C,CAAC;qBAC7D,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,SAAiB,EACjB,SAAc,EACd,SAAiB,EACjB,QAAkD,EAClD,eAAgC;IAEhC,MAAM,gBAAgB,GAAG;QACvB,oBAAoB;QACpB,iBAAiB;QACjB,oBAAoB;QACpB,YAAY;QACZ,gBAAgB;QAChB,eAAe;QACf,0BAA0B;QAC1B,wCAAwC;KACzC,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACzD,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC;YAEpF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;gBACpC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,YAAY,EAAE,4BAA4B,EAAE;gBACvD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,MAAM,EAAE;wBACZ,KAAK,EAAE,kBAAkB,IAAI,CAAC,IAAI,EAAE;wBACpC,WAAW,EAAE,cAAc,SAAS,uCAAuC;wBAC3E,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,WAAW;wBACrB,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,SAAS,EAAE,EAAE;wBACjE,WAAW,EAAE,EAAE,WAAW,EAAE,kDAAkD,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE;wBACjI,UAAU,EAAE,CAAC,uDAAuD,CAAC;qBACtE,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;AACH,CAAC"}