beddel 0.1.0

package/dist/security/scanner.js

@@ -0,0 +1,298 @@
+"use strict";
+/**
+ * Security scanner for YAML parsing
+ * Comprehensive vulnerability detection and security analysis
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityScanner = void 0;
+exports.quickSecurityScan = quickSecurityScan;
+exports.validateSecurityBasic = validateSecurityBasic;
+const score_1 = require("./score");
+const validation_1 = require("./validation");
+const hardening_1 = require("./hardening");
+class SecurityScanner {
+    constructor() {
+        this.scanHistory = [];
+        this.validator = new validation_1.SecurityValidator();
+        this.hardening = (0, hardening_1.createSecurityHardening)();
+    }
+    /**
+     * Executa scanning completo de segurança
+     */
+    async scan(obj) {
+        const startTime = Date.now();
+        // Validação de segurança básica
+        const validationResult = this.validator.validateObject(obj);
+        // Cálculo de score de segurança
+        const securityScore = (0, score_1.calculateSecurityScore)(obj);
+        // Aplica hardening e detecção
+        const hardeningResult = this.hardening.harden(obj);
+        // Verifica se é seguro
+        const isSecure = validationResult.valid && hardeningResult.secure && securityScore.score >= 60;
+        // Monta resultado final
+        const result = {
+            secure: isSecure,
+            score: securityScore.score,
+            grade: securityScore.grade,
+            vulnerabilities: securityScore.vulnerabilities,
+            warnings: this.extractWarnings(validationResult, securityScore),
+            recommendations: securityScore.recommendations,
+            details: {
+                timestamp: Date.now(),
+                objectId: this.generateObjectId(obj),
+                size: this.estimateObjectSize(obj),
+                depth: this.calculateMaxDepth(obj),
+                complexity: this.estimateComplexity(obj),
+                riskLevel: securityScore.riskLevel,
+                scanDuration: Date.now() - startTime
+            }
+        };
+        // Adiciona ao histórico
+        this.scanHistory.push(result);
+        // Mantém apenas os últimos 50 scans
+        if (this.scanHistory.length > 50) {
+            this.scanHistory = this.scanHistory.slice(-50);
+        }
+        return result;
+    }
+    /**
+     * Rápida validação de segurança
+     */
+    quickValidate(obj) {
+        const result = this.validator.validateObject(obj);
+        return {
+            isValid: result.valid,
+            warnings: result.warnings.length,
+            errors: result.errors.length
+        };
+    }
+    /**
+     * Análise aprofundada de risco
+     */
+    analyzeRisk(obj) {
+        const securityScore = (0, score_1.calculateSecurityScore)(obj);
+        const riskFactors = [];
+        if (securityScore.score < 70) {
+            riskFactors.push('Low security score');
+        }
+        if (securityScore.vulnerabilities.length > 0) {
+            riskFactors.push('Active vulnerabilities detected');
+        }
+        if (securityScore.vulnerabilities.some(v => v.severity === 'high' || v.severity === 'critical')) {
+            riskFactors.push('High/critical severity vulnerabilities');
+        }
+        const validation = this.validator.validateObject(obj);
+        if (!validation.valid) {
+            riskFactors.push('Security validation failures');
+        }
+        if (validation.stats.maxDepth > 500) {
+            riskFactors.push('Deep object nesting detected');
+        }
+        if (validation.stats.totalKeys > 10000) {
+            riskFactors.push('Large object size');
+        }
+        return {
+            riskLevel: securityScore.riskLevel,
+            factors: riskFactors,
+            score: securityScore.score
+        };
+    }
+    /**
+     * Gera relatório de segurança
+     */
+    generateReport(obj) {
+        const securityScore = (0, score_1.calculateSecurityScore)(obj);
+        let report = '=== SECURITY SCAN REPORT ===\n\n';
+        report += `✅ Status: ${securityScore.score >= 60 ? 'SECURE' : 'INSECURE'}\n`;
+        report += `📊 Score: ${securityScore.score}/100 (${securityScore.grade})\n`;
+        report += `🎯 Risk Level: ${securityScore.riskLevel}\n`;
+        report += `📦 Object Size: ${this.formatBytes(this.estimateObjectSize(obj))}\n`;
+        report += `📐 Max Depth: ${this.calculateMaxDepth(obj)}\n\n`;
+        if (securityScore.vulnerabilities.length > 0) {
+            report += '🔴 VULNERABILITIES DETECTED:\n';
+            securityScore.vulnerabilities.forEach(vuln => {
+                report += `  • [${vuln.severity.toUpperCase()}] ${vuln.type}: ${vuln.description}\n`;
+                report += `    Path: ${vuln.path}\n`;
+                report += `    CWE: ${vuln.cweId}\n`;
+                report += `    Fix: ${vuln.remediation}\n\n`;
+            });
+        }
+        if (securityScore.recommendations.length > 0) {
+            report += '💡 RECOMMENDATIONS:\n';
+            securityScore.recommendations.forEach(rec => {
+                report += `  • ${rec}\n`;
+            });
+            report += '\n';
+        }
+        const stats = this.validator.validateObject(obj).stats;
+        report += '📈 STATISTICS:\n';
+        report += `  • Total Keys: ${stats.totalKeys}\n`;
+        report += `  • Max Value Length: ${stats.maxValueLength} bytes\n`;
+        report += `  • Data Types: ${Object.entries(stats.dataTypes)
+            .map(([type, count]) => `${type}: ${count}`)
+            .join(', ')}\n`;
+        report += `\n🎯 Confidence: ${securityScore.confidence}%\n`;
+        return report;
+    }
+    /**
+     * Estatísticas do histórico de scans
+     */
+    getScanHistory() {
+        if (this.scanHistory.length === 0) {
+            return {
+                totalScans: 0,
+                averageScore: 0,
+                secureScans: 0,
+                insecureScans: 0,
+                averageRiskLevel: 'UNKNOWN'
+            };
+        }
+        const totalScans = this.scanHistory.length;
+        const secureScans = this.scanHistory.filter(s => s.secure).length;
+        const averageScore = this.scanHistory.reduce((sum, s) => sum + s.score, 0) / totalScans;
+        // Calcula risco médio
+        const riskOrder = ['LOW', 'MEDIUM', 'HIGH', 'CRITICAL'];
+        const riskScores = this.scanHistory.map(s => riskOrder.indexOf(s.details.riskLevel));
+        const avgRiskIndex = Math.round(riskScores.reduce((a, b) => a + b) / totalScans);
+        const averageRiskLevel = riskOrder[Math.min(avgRiskIndex, riskOrder.length - 1)];
+        return {
+            totalScans,
+            averageScore: Math.round(averageScore),
+            secureScans,
+            insecureScans: totalScans - secureScans,
+            averageRiskLevel
+        };
+    }
+    /**
+     * Extrai warnings dos resultados
+     */
+    extractWarnings(validationResult, securityScore) {
+        const warnings = [];
+        // Warnings da validação
+        validationResult.warnings?.forEach((warning) => {
+            warnings.push(`${warning.path}: ${warning.message}`);
+        });
+        // Warnings do score de segurança
+        if (securityScore.score < 80) {
+            warnings.push(`Low security score: ${securityScore.score}/100`);
+        }
+        if (securityScore.vulnerabilities.length > 0) {
+            warnings.push(`${securityScore.vulnerabilities.length} vulnerabilities detected`);
+        }
+        return warnings;
+    }
+    /**
+     * Estima tamanho do objeto
+     */
+    estimateObjectSize(obj) {
+        try {
+            return JSON.stringify(obj).length * 2; // UTF-16 chars
+        }
+        catch {
+            return 0;
+        }
+    }
+    /**
+     * Calcula profundidade máxima
+     */
+    calculateMaxDepth(obj) {
+        const calculateDepth = (current, depth = 0) => {
+            if (typeof current !== 'object' || current === null) {
+                return depth;
+            }
+            let maxDepth = depth;
+            for (const value of Object.values(current)) {
+                maxDepth = Math.max(maxDepth, calculateDepth(value, depth + 1));
+            }
+            return maxDepth;
+        };
+        return calculateDepth(obj);
+    }
+    /**
+     * Estima complexidade do objeto
+     */
+    estimateComplexity(obj) {
+        const depth = this.calculateMaxDepth(obj);
+        const keys = this.countTotalKeys(obj);
+        if (depth > 500 || keys > 5000)
+            return 'very_high';
+        if (depth > 200 || keys > 1000)
+            return 'high';
+        if (depth > 100 || keys > 500)
+            return 'medium';
+        return 'low';
+    }
+    /**
+     * Conta chaves totais
+     */
+    countTotalKeys(obj) {
+        const countKeys = (current) => {
+            if (typeof current !== 'object' || current === null) {
+                return 0;
+            }
+            if (Array.isArray(current)) {
+                return current.reduce((sum, item) => sum + countKeys(item), 0);
+            }
+            let total = Object.keys(current).length;
+            for (const value of Object.values(current)) {
+                total += countKeys(value);
+            }
+            return total;
+        };
+        return countKeys(obj);
+    }
+    /**
+     * Gera ID único do objeto
+     */
+    generateObjectId(obj) {
+        try {
+            const str = JSON.stringify(obj);
+            let hash = 0;
+            for (let i = 0; i < str.length; i++) {
+                const char = str.charCodeAt(i);
+                hash = ((hash << 5) - hash) + char;
+                hash = hash & hash; // Converte para inteiro de 32 bits
+            }
+            return Math.abs(hash).toString(36);
+        }
+        catch {
+            return 'unknown';
+        }
+    }
+    /**
+     * Formata bytes
+     */
+    formatBytes(bytes) {
+        if (bytes < 1024)
+            return `${bytes}B`;
+        if (bytes < 1024 * 1024)
+            return `${(bytes / 1024).toFixed(2)}KB`;
+        return `${(bytes / (1024 * 1024)).toFixed(2)}MB`;
+    }
+    /**
+     * Reinicializa o scanner
+     */
+    reset() {
+        this.scanHistory = [];
+        this.validator = new validation_1.SecurityValidator();
+        this.hardening = (0, hardening_1.createSecurityHardening)();
+    }
+}
+exports.SecurityScanner = SecurityScanner;
+/**
+ * Função auxiliar para realizar scan rápido
+ */
+async function quickSecurityScan(obj) {
+    const scanner = new SecurityScanner();
+    return await scanner.scan(obj);
+}
+/**
+ * Função auxiliar para validar segurança básica
+ */
+function validateSecurityBasic(obj) {
+    const scanner = new SecurityScanner();
+    const validator = new validation_1.SecurityValidator();
+    const result = validator.validateObject(obj);
+    return result.valid;
+}
+//# sourceMappingURL=scanner.js.map

package/dist/security/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/security/scanner.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA6VH,8CAGC;AAKD,sDAKC;AAxWD,mCAAsE;AACtE,6CAAiD;AACjD,2CAAyE;AAsBzE,MAAM,eAAe;IAKnB;QAFQ,gBAAW,GAAiB,EAAE,CAAC;QAGrC,IAAI,CAAC,SAAS,GAAG,IAAI,8BAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,SAAS,GAAG,IAAA,mCAAuB,GAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,IAAI,CAAC,GAAQ;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,gCAAgC;QAChC,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAE5D,gCAAgC;QAChC,MAAM,aAAa,GAAG,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;QAElD,8BAA8B;QAC9B,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEnD,uBAAuB;QACvB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,IAAI,eAAe,CAAC,MAAM,IAAI,aAAa,CAAC,KAAK,IAAI,EAAE,CAAC;QAE/F,wBAAwB;QACxB,MAAM,MAAM,GAAe;YACzB,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,eAAe,EAAE,aAAa,CAAC,eAAe;YAC9C,QAAQ,EAAE,IAAI,CAAC,eAAe,CAAC,gBAAgB,EAAE,aAAa,CAAC;YAC/D,eAAe,EAAE,aAAa,CAAC,eAAe;YAC9C,OAAO,EAAE;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC;gBACpC,IAAI,EAAE,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC;gBAClC,KAAK,EAAE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC;gBAClC,UAAU,EAAE,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC;gBACxC,SAAS,EAAE,aAAa,CAAC,SAAS;gBAClC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACrC;SACF,CAAC;QAEF,wBAAwB;QACxB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE9B,oCAAoC;QACpC,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACjC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACjD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,aAAa,CAAC,GAAQ;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAClD,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,KAAK;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,WAAW,CAAC,GAAQ;QACzB,MAAM,aAAa,GAAG,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;QAElD,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC,IAAI,aAAa,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;YAC7B,WAAW,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,aAAa,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,WAAW,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,aAAa,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;YAChG,WAAW,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,WAAW,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,GAAG,EAAE,CAAC;YACpC,WAAW,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,EAAE,CAAC;YACvC,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACxC,CAAC;QAED,OAAO;YACL,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,OAAO,EAAE,WAAW;YACpB,KAAK,EAAE,aAAa,CAAC,KAAK;SAC3B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,cAAc,CAAC,GAAQ;QAC5B,MAAM,aAAa,GAAG,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;QAElD,IAAI,MAAM,GAAG,kCAAkC,CAAC;QAEhD,MAAM,IAAI,aAAa,aAAa,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC;QAC7E,MAAM,IAAI,aAAa,aAAa,CAAC,KAAK,SAAS,aAAa,CAAC,KAAK,KAAK,CAAC;QAC5E,MAAM,IAAI,kBAAkB,aAAa,CAAC,SAAS,IAAI,CAAC;QACxD,MAAM,IAAI,mBAAmB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QAChF,MAAM,IAAI,iBAAiB,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC;QAE7D,IAAI,aAAa,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,gCAAgC,CAAC;YAC3C,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC3C,MAAM,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,IAAI,CAAC;gBACrF,MAAM,IAAI,aAAa,IAAI,CAAC,IAAI,IAAI,CAAC;gBACrC,MAAM,IAAI,YAAY,IAAI,CAAC,KAAK,IAAI,CAAC;gBACrC,MAAM,IAAI,YAAY,IAAI,CAAC,WAAW,MAAM,CAAC;YAC/C,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,aAAa,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,uBAAuB,CAAC;YAClC,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBAC1C,MAAM,IAAI,OAAO,GAAG,IAAI,CAAC;YAC3B,CAAC,CAAC,CAAC;YACH,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;QACvD,MAAM,IAAI,kBAAkB,CAAC;QAC7B,MAAM,IAAI,mBAAmB,KAAK,CAAC,SAAS,IAAI,CAAC;QACjD,MAAM,IAAI,yBAAyB,KAAK,CAAC,cAAc,UAAU,CAAC;QAClE,MAAM,IAAI,mBAAmB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;aACzD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,KAAK,KAAK,EAAE,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAElB,MAAM,IAAI,oBAAoB,aAAa,CAAC,UAAU,KAAK,CAAC;QAE5D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,cAAc;QAOnB,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,UAAU,EAAE,CAAC;gBACb,YAAY,EAAE,CAAC;gBACf,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,CAAC;gBAChB,gBAAgB,EAAE,SAAS;aAC5B,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAClE,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC;QAExF,sBAAsB;QACtB,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QACrF,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;QACjF,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAEjF,OAAO;YACL,UAAU;YACV,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;YACtC,WAAW;YACX,aAAa,EAAE,UAAU,GAAG,WAAW;YACvC,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,gBAAqB,EAAE,aAAkC;QAC/E,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,wBAAwB;QACxB,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,OAAY,EAAE,EAAE;YAClD,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,iCAAiC;QACjC,IAAI,aAAa,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC,uBAAuB,aAAa,CAAC,KAAK,MAAM,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,aAAa,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,eAAe,CAAC,MAAM,2BAA2B,CAAC,CAAC;QACpF,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,GAAQ;QACjC,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,GAAQ;QAChC,MAAM,cAAc,GAAG,CAAC,OAAY,EAAE,KAAK,GAAG,CAAC,EAAU,EAAE;YACzD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACpD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3C,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;YAClE,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,GAAQ;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAEtC,IAAI,KAAK,GAAG,GAAG,IAAI,IAAI,GAAG,IAAI;YAAE,OAAO,WAAW,CAAC;QACnD,IAAI,KAAK,GAAG,GAAG,IAAI,IAAI,GAAG,IAAI;YAAE,OAAO,MAAM,CAAC;QAC9C,IAAI,KAAK,GAAG,GAAG,IAAI,IAAI,GAAG,GAAG;YAAE,OAAO,QAAQ,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAQ;QAC7B,MAAM,SAAS,GAAG,CAAC,OAAY,EAAU,EAAE;YACzC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACpD,OAAO,CAAC,CAAC;YACX,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACjE,CAAC;YAED,IAAI,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;YACxC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3C,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,GAAQ;QAC/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,IAAI,GAAG,CAAC,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;gBACnC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,mCAAmC;YACzD,CAAC;YACD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,KAAa;QAC/B,IAAI,KAAK,GAAG,IAAI;YAAE,OAAO,GAAG,KAAK,GAAG,CAAC;QACrC,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI;YAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,CAAC;IAED;;OAEG;IACI,KAAK;QACV,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,IAAI,8BAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,SAAS,GAAG,IAAA,mCAAuB,GAAE,CAAC;IAC7C,CAAC;CACF;AAoB2B,0CAAe;AAlB3C;;GAEG;AACI,KAAK,UAAU,iBAAiB,CAAC,GAAQ;IAC9C,MAAM,OAAO,GAAG,IAAI,eAAe,EAAE,CAAC;IACtC,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,GAAQ;IAC5C,MAAM,OAAO,GAAG,IAAI,eAAe,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,8BAAiB,EAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;IAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC"}

package/dist/security/score.d.ts

@@ -0,0 +1,150 @@
+/**
+ * Security score calculator for YAML parsing
+ */
+declare class SecurityScoreImpl implements SecurityScoreCalculator {
+    private vulnerabilities;
+    private hardeningFeatures;
+    constructor();
+    /**
+     * Calcula o score de segurança completo
+     */
+    calculate(obj: any): SecurityScoreResult;
+    /**
+     * Analisa vulnerabilidades no objeto
+     */
+    private analyzeVulnerabilities;
+    /**
+     * Analisa injeção de código
+     */
+    private analyzeCodeInjection;
+    /**
+     * Analisa referências circulares
+     */
+    private analyzeCircularReferences;
+    /**
+     * Detecta referências circulares recursivamente
+     */
+    private detectCircularRecursive;
+    /**
+     * Analisa deep nesting
+     */
+    private analyzeDeepNesting;
+    /**
+     * Calcula profundidade máxima
+     */
+    private calculateMaxDepth;
+    /**
+     * Analisa vulnerabilidades de tamanho
+     */
+    private analyzeSizeVulnerabilities;
+    /**
+     * Calcula tamanho aproximado do objeto em bytes
+     */
+    private calculateObjectSize;
+    /**
+     * Analisa conteúdo malicioso
+     */
+    private analyzeMaliciousContent;
+    /**
+     * Analisa hardening implementado
+     */
+    private analyzeHardening;
+    /**
+     * Adiciona uma vulnerabilidade encontrada
+     */
+    private addVulnerability;
+    /**
+     * Adiciona uma feature de hardening
+     */
+    private addHardeningFeature;
+    /**
+     * Estima score CVSS baseado na severidade
+     */
+    private estimateCvssScore;
+    /**
+     * Calcula o score final de segurança
+     */
+    private calculateFinalScore;
+    /**
+     * Calcula impacto de uma vulnerabilidade
+     */
+    private impactForVulnerability;
+    /**
+     * Calcula o grau baseado no score
+     */
+    private calculateGrade;
+    /**
+     * Calcula a categoria baseada no grau
+     */
+    private calculateCategory;
+    /**
+     * Calcula o nível de risco baseado no score
+     */
+    private calculateRiskLevel;
+    /**
+     * Obtém recomendações baseadas no score
+     */
+    getRecommendations(score: number): string[];
+    /**
+     * Calcula a confiança no resultado
+     */
+    calculateConfidence(): number;
+    /**
+     * Calcula score de componente específico
+     */
+    calculateComponentScore(component: string): number;
+    /**
+     * Obtém CWE ID para tipos de vulnerabilidade
+     */
+    private getCweForVulnerability;
+    /**
+     * Reinicia o estado do calculador
+     */
+    private resetState;
+}
+export interface SecurityScoreResult {
+    score: number;
+    grade: SecurityGrade;
+    category: SecurityCategory;
+    vulnerabilities: SecurityVulnerability[];
+    hardeningApplied: HardeningFeature[];
+    recommendations: string[];
+    riskLevel: RiskLevel;
+    confidence: number;
+}
+export type SecurityGrade = 'A' | 'B' | 'C' | 'D' | 'F';
+export type SecurityCategory = 'EXCEPTIONAL' | 'GOOD' | 'ACCEPTABLE' | 'LIMITED' | 'INSECURE';
+export type RiskLevel = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+export interface SecurityVulnerability {
+    id: string;
+    type: VulnerabilityType;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    description: string;
+    path: string;
+    remediation: string;
+    cweId?: string;
+    cvssScore?: number;
+}
+export interface HardeningFeature {
+    name: string;
+    status: 'applied' | 'partial' | 'not_applied';
+    effectiveness: number;
+    description: string;
+}
+export type VulnerabilityType = 'XSS' | 'SQL_INJECTION' | 'CODE_INJECTION' | 'TEMPLATE_INJECTION' | 'PATH_TRAVERSAL' | 'XXE' | 'LDAP_INJECTION' | 'COMMAND_INJECTION' | 'INSECURE_DESERIALIZATION' | 'CIRCULAR_REFERENCE' | 'DEEP_NESTING' | 'OVERSIZED_PAYLOAD' | 'CREDENTIAL_LEAK' | 'PII_EXPOSURE' | 'MALICIOUS_CONTENT';
+export interface SecurityScoreCalculator {
+    calculate(obj: any): SecurityScoreResult;
+    calculateComponentScore(component: string): number;
+    getRecommendations(score: number): string[];
+    calculateConfidence(result: SecurityScoreResult): number;
+}
+/**
+ * Função auxiliar para calcular segurança
+ */
+export declare function calculateSecurityScore(obj: any): SecurityScoreResult;
+/**
+ * Função auxiliar para obter recomendações
+ */
+export declare function getSecurityRecommendations(score: number): string[];
+export { SecurityScoreImpl as SecurityScore };
+//# sourceMappingURL=score.d.ts.map

package/dist/security/score.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.d.ts","sourceRoot":"","sources":["../../src/security/score.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,cAAM,iBAAkB,YAAW,uBAAuB;IACxD,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,iBAAiB,CAA0B;;IAMnD;;OAEG;IACI,SAAS,CAAC,GAAG,EAAE,GAAG,GAAG,mBAAmB;IA6B/C;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAqB9B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA0E5B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAiBjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAsB/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAc1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAYzB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAelC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAQ3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAmC/B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA0CxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAUzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAyB3B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;OAEG;IACH,OAAO,CAAC,cAAc;IAQtB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAUzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B;;OAEG;IACI,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE;IAgClD;;OAEG;IACI,mBAAmB,IAAI,MAAM;IAOpC;;OAEG;IACI,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAazD;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAsB9B;;OAEG;IACH,OAAO,CAAC,UAAU;CAInB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,eAAe,EAAE,qBAAqB,EAAE,CAAC;IACzC,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;IACrC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,aAAa,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACxD,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG,MAAM,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,CAAC;AAC9F,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAC/D,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,aAAa,CAAC;IAC9C,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,iBAAiB,GACzB,KAAK,GACL,eAAe,GACf,gBAAgB,GAChB,oBAAoB,GACpB,gBAAgB,GAChB,KAAK,GACL,gBAAgB,GAChB,mBAAmB,GACnB,0BAA0B,GAC1B,oBAAoB,GACpB,cAAc,GACd,mBAAmB,GACnB,iBAAiB,GACjB,cAAc,GACd,mBAAmB,CAAC;AAExB,MAAM,WAAW,uBAAuB;IACtC,SAAS,CAAC,GAAG,EAAE,GAAG,GAAG,mBAAmB,CAAC;IACzC,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IACnD,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5C,mBAAmB,CAAC,MAAM,EAAE,mBAAmB,GAAG,MAAM,CAAC;CAC1D;AAohBD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,GAAG,GAAG,mBAAmB,CAGpE;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAGlE;AAED,OAAO,EAAE,iBAAiB,IAAI,aAAa,EAAE,CAAC"}