circle-ir-ai 2.8.16 → 2.8.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +58 -18
- package/dist/llm/anchoring.d.ts +36 -0
- package/dist/llm/anchoring.d.ts.map +1 -0
- package/dist/llm/anchoring.js +56 -0
- package/dist/llm/anchoring.js.map +1 -0
- package/dist/llm/discovery.d.ts.map +1 -1
- package/dist/llm/discovery.js +9 -4
- package/dist/llm/discovery.js.map +1 -1
- package/dist/security-scan/sink-filters.d.ts +8 -5
- package/dist/security-scan/sink-filters.d.ts.map +1 -1
- package/dist/security-scan/sink-filters.js +14 -11
- package/dist/security-scan/sink-filters.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,46 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.8.17] - 2026-06-12
|
|
9
|
+
|
|
10
|
+
### Fixed — LLM line-number drift (cognium-dev#29 / cognium-ai#89)
|
|
11
|
+
|
|
12
|
+
LLM-discovered vulnerabilities reported flapping line numbers across
|
|
13
|
+
identical runs of the CWE-Bench-Java benchmark — 3 of 40 LLM-discovery
|
|
14
|
+
findings drifted ±1 to ±4 lines (Keycloak −4, XStream +1, xwiki +1)
|
|
15
|
+
while static IR detections were 100% stable across the same 120-CVE
|
|
16
|
+
suite. Root cause: gemma-3-12b-it (and similar small open models)
|
|
17
|
+
selects a slightly different statement inside the same vulnerable
|
|
18
|
+
method on each run even at `temperature: 0`. The unstable line then
|
|
19
|
+
propagated unchanged through both the production discovery flow and
|
|
20
|
+
the benchmark batch path.
|
|
21
|
+
|
|
22
|
+
- **New helper `src/llm/anchoring.ts`** — `anchorLineToIRSink(rawLine,
|
|
23
|
+
sinks, methodStart, methodEnd, preferredType?)`. Anchors an
|
|
24
|
+
LLM-reported line to a real IR sink within the same method bounds.
|
|
25
|
+
Resolution order: in-method sink of matching type (closest to
|
|
26
|
+
rawLine) → any in-method sink → clamp rawLine into bounds →
|
|
27
|
+
methodStart. Deterministic regardless of LLM stochasticity.
|
|
28
|
+
- **`src/llm/discovery.ts`** — threads `ir.taint.sinks` from
|
|
29
|
+
`discoverInFile` into `analyzeMethod`, applies anchoring at the
|
|
30
|
+
result-population site (was: `response.vulnerability.line ||
|
|
31
|
+
method.startLine`).
|
|
32
|
+
- **`benchmarks/runners/run-cwe-bench-java.ts`** — `batchFileDiscovery`
|
|
33
|
+
now accepts `irSinks` and applies per-method anchoring at both the
|
|
34
|
+
array-path and single-object-fallback result sites. Caller surfaces
|
|
35
|
+
sinks via one extra `analyze()` call per LLM-discovered file
|
|
36
|
+
(negligible against the ~tens-of-seconds LLM call).
|
|
37
|
+
- **17 new tests** in `tests/llm/anchoring.test.ts` covering the three
|
|
38
|
+
reported drift cases (Keycloak, XStream, xwiki), preferred-type
|
|
39
|
+
selection, closest-candidate tiebreak, clamping above/below method
|
|
40
|
+
bounds, missing rawLine, invalid bounds, and loose substring type
|
|
41
|
+
matching.
|
|
42
|
+
|
|
43
|
+
Anchoring degrades to existing behavior when no IR sinks live in the
|
|
44
|
+
method (rawLine clamped or methodStart fallback), so the change is
|
|
45
|
+
strictly additive — discovery in methods with no static sink continues
|
|
46
|
+
to produce a stable per-method result.
|
|
47
|
+
|
|
8
48
|
## [2.8.16] - 2026-06-12
|
|
9
49
|
|
|
10
50
|
### Fixed — FP epic across the LLM discovery pipeline (#52, #90, #91, #92, #93, #94, #95)
|
|
@@ -13,18 +53,18 @@ Single coordinated cascade that closes seven false-positive issues
|
|
|
13
53
|
filed against the LLM-enhanced scan path. All three root causes from
|
|
14
54
|
the FP corpus reports are addressed at once.
|
|
15
55
|
|
|
16
|
-
-
|
|
17
|
-
(`src/agents/mastra/workflow.ts`) created LLM-discovered
|
|
18
|
-
entries from `enrichResult.sinks` **without populating the
|
|
19
|
-
field**. Every downstream filter (`isSuppressedSinkShape`,
|
|
56
|
+
- **Root cause (cross-cutting across #90–#94): phantom `sink.code`.**
|
|
57
|
+
`runMerge` (`src/agents/mastra/workflow.ts`) created LLM-discovered
|
|
58
|
+
sink entries from `enrichResult.sinks` **without populating the
|
|
59
|
+
`code` field**. Every downstream filter (`isSuppressedSinkShape`,
|
|
20
60
|
`isRequireOrImportSink`, `isKnownNonSink`) safely returned `false`
|
|
21
61
|
on `undefined` → sinks pointing at blank lines, closing braces, or
|
|
22
|
-
bare identifiers leaked all the way into `runReport`'s output.
|
|
23
|
-
|
|
24
|
-
added `sliceLine(sourceCode, line)`
|
|
25
|
-
signature with optional `sourceCode` +
|
|
26
|
-
`code` + `file` on every LLM-discovered sink.
|
|
27
|
-
-
|
|
62
|
+
bare identifiers leaked all the way into `runReport`'s output. Each
|
|
63
|
+
of #90/#91/#92/#93/#94 reported the same "empty explanation, empty
|
|
64
|
+
sink.code" signature. Fix: added `sliceLine(sourceCode, line)`
|
|
65
|
+
helper, extended `runMerge` signature with optional `sourceCode` +
|
|
66
|
+
`filePath`, populated `code` + `file` on every LLM-discovered sink.
|
|
67
|
+
- **Defense-in-depth — `isPhantomLineSink()`** added to
|
|
28
68
|
`sink-filters.ts`. Rejects empty / whitespace / single-brace /
|
|
29
69
|
comment-marker / no-call-syntax lines. Wired in as the first
|
|
30
70
|
predicate inside `isSuppressedSinkShape()` so even if the source-
|
|
@@ -48,16 +88,16 @@ the FP corpus reports are addressed at once.
|
|
|
48
88
|
(JSqlParser AST visitors). Deliberately narrowed from the initial
|
|
49
89
|
broad `*.execute(<ident>)` form so `connection.execute(query)` and
|
|
50
90
|
`statement.execute(sql)` continue firing.
|
|
51
|
-
- **#92 — `deserialization`
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
91
|
+
- **#92 — `deserialization` FP corpus.** Typed Jackson
|
|
92
|
+
`readValue(x, Foo.class)` and `new TypeReference<…>(){}`, typed Gson
|
|
93
|
+
`fromJson(x, Foo.class)` and `new TypeToken<…>(){}`, typed FastJson
|
|
94
|
+
`parseObject(x, Foo.class)` — all suppressed (POJO binding is safe
|
|
95
|
+
by construction; untyped overloads remain real sinks).
|
|
96
|
+
- **#93 — `code_injection` FP corpus.** `Pattern.compile("literal")`,
|
|
57
97
|
`Class.forName("literal")` (literal must close without `+`),
|
|
58
98
|
`Class.forName(<bare identifier>)`, `method.invoke(...)` /
|
|
59
|
-
`Method.invoke(...)`.
|
|
60
|
-
- **#
|
|
99
|
+
`Method.invoke(...)`. Tainted concatenations remain real sinks.
|
|
100
|
+
- **#94 — `nosql_injection` on browser files.** New
|
|
61
101
|
`isNosqlOnBrowserFile()` helper suppresses every nosql sink whose
|
|
62
102
|
`file` extension is `.js / .jsx / .mjs / .cjs / .html / .htm`. No
|
|
63
103
|
MongoDB driver runs in the browser by construction.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* LLM line-number anchoring.
|
|
3
|
+
*
|
|
4
|
+
* LLM discovery (e.g. gemma-3-12b-it at temperature=0) is not byte-stable
|
|
5
|
+
* across runs: on the same prompt the model often picks a slightly different
|
|
6
|
+
* statement inside the same vulnerable method, producing line numbers that
|
|
7
|
+
* drift by ±1 to ±4 between identical invocations. The static IR is
|
|
8
|
+
* deterministic, so anchoring LLM-reported lines to a real IR sink within
|
|
9
|
+
* the same method bounds eliminates the drift without changing detection
|
|
10
|
+
* (the method is the unit of evaluation in IRIS-style metrics).
|
|
11
|
+
*
|
|
12
|
+
* Tracked in cognium-dev#29 / cognium-ai#89.
|
|
13
|
+
*/
|
|
14
|
+
import type { TaintSink } from 'circle-ir';
|
|
15
|
+
/**
|
|
16
|
+
* Choose a deterministic line for an LLM-reported vulnerability by
|
|
17
|
+
* preferring the line of an IR sink that lives in the same method.
|
|
18
|
+
*
|
|
19
|
+
* Resolution order:
|
|
20
|
+
* 1. IR sinks whose `line` is inside [methodStart, methodEnd]. Among those,
|
|
21
|
+
* prefer ones whose `type` matches `preferredSinkType` (loose match: a
|
|
22
|
+
* substring either way). If multiple candidates remain and `rawLine` is
|
|
23
|
+
* a positive number, pick the candidate closest to `rawLine`; otherwise
|
|
24
|
+
* pick the first.
|
|
25
|
+
* 2. No in-method sink: clamp `rawLine` into [methodStart, methodEnd] when
|
|
26
|
+
* it is a positive number.
|
|
27
|
+
* 3. `rawLine` missing/zero: return `methodStart` as the stable fallback.
|
|
28
|
+
*
|
|
29
|
+
* @param rawLine Line reported by the LLM (may be undefined or 0)
|
|
30
|
+
* @param sinks IR taint sinks (may be empty)
|
|
31
|
+
* @param methodStart First line of the vulnerable method (inclusive)
|
|
32
|
+
* @param methodEnd Last line of the vulnerable method (inclusive)
|
|
33
|
+
* @param preferredSinkType Optional CWE-derived sink type to prefer
|
|
34
|
+
*/
|
|
35
|
+
export declare function anchorLineToIRSink(rawLine: number | undefined, sinks: ReadonlyArray<TaintSink>, methodStart: number, methodEnd: number, preferredSinkType?: string): number;
|
|
36
|
+
//# sourceMappingURL=anchoring.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anchoring.d.ts","sourceRoot":"","sources":["../../src/llm/anchoring.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAC/B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,iBAAiB,CAAC,EAAE,MAAM,GACzB,MAAM,CAyCR"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Choose a deterministic line for an LLM-reported vulnerability by
|
|
3
|
+
* preferring the line of an IR sink that lives in the same method.
|
|
4
|
+
*
|
|
5
|
+
* Resolution order:
|
|
6
|
+
* 1. IR sinks whose `line` is inside [methodStart, methodEnd]. Among those,
|
|
7
|
+
* prefer ones whose `type` matches `preferredSinkType` (loose match: a
|
|
8
|
+
* substring either way). If multiple candidates remain and `rawLine` is
|
|
9
|
+
* a positive number, pick the candidate closest to `rawLine`; otherwise
|
|
10
|
+
* pick the first.
|
|
11
|
+
* 2. No in-method sink: clamp `rawLine` into [methodStart, methodEnd] when
|
|
12
|
+
* it is a positive number.
|
|
13
|
+
* 3. `rawLine` missing/zero: return `methodStart` as the stable fallback.
|
|
14
|
+
*
|
|
15
|
+
* @param rawLine Line reported by the LLM (may be undefined or 0)
|
|
16
|
+
* @param sinks IR taint sinks (may be empty)
|
|
17
|
+
* @param methodStart First line of the vulnerable method (inclusive)
|
|
18
|
+
* @param methodEnd Last line of the vulnerable method (inclusive)
|
|
19
|
+
* @param preferredSinkType Optional CWE-derived sink type to prefer
|
|
20
|
+
*/
|
|
21
|
+
export function anchorLineToIRSink(rawLine, sinks, methodStart, methodEnd, preferredSinkType) {
|
|
22
|
+
// Defensive: empty/invalid method bounds → return whatever rawLine we got
|
|
23
|
+
if (!Number.isFinite(methodStart) ||
|
|
24
|
+
!Number.isFinite(methodEnd) ||
|
|
25
|
+
methodStart <= 0 ||
|
|
26
|
+
methodEnd < methodStart) {
|
|
27
|
+
return rawLine && rawLine > 0 ? rawLine : 0;
|
|
28
|
+
}
|
|
29
|
+
const inMethod = sinks.filter((s) => typeof s.line === 'number' && s.line >= methodStart && s.line <= methodEnd);
|
|
30
|
+
if (inMethod.length > 0) {
|
|
31
|
+
let candidates = inMethod;
|
|
32
|
+
if (preferredSinkType) {
|
|
33
|
+
const want = String(preferredSinkType).toLowerCase();
|
|
34
|
+
const typed = inMethod.filter((s) => {
|
|
35
|
+
const have = String(s.type || '').toLowerCase();
|
|
36
|
+
return have === want || have.includes(want) || want.includes(have);
|
|
37
|
+
});
|
|
38
|
+
if (typed.length > 0)
|
|
39
|
+
candidates = typed;
|
|
40
|
+
}
|
|
41
|
+
if (rawLine && rawLine > 0) {
|
|
42
|
+
return candidates.reduce((best, s) => Math.abs(s.line - rawLine) < Math.abs(best.line - rawLine) ? s : best).line;
|
|
43
|
+
}
|
|
44
|
+
return candidates[0].line;
|
|
45
|
+
}
|
|
46
|
+
// No in-method sink — clamp or fall back to method start
|
|
47
|
+
if (rawLine && rawLine > 0) {
|
|
48
|
+
if (rawLine < methodStart)
|
|
49
|
+
return methodStart;
|
|
50
|
+
if (rawLine > methodEnd)
|
|
51
|
+
return methodEnd;
|
|
52
|
+
return rawLine;
|
|
53
|
+
}
|
|
54
|
+
return methodStart;
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=anchoring.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anchoring.js","sourceRoot":"","sources":["../../src/llm/anchoring.ts"],"names":[],"mappings":"AAeA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAA2B,EAC3B,KAA+B,EAC/B,WAAmB,EACnB,SAAiB,EACjB,iBAA0B;IAE1B,0EAA0E;IAC1E,IACE,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC7B,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC3B,WAAW,IAAI,CAAC;QAChB,SAAS,GAAG,WAAW,EACvB,CAAC;QACD,OAAO,OAAO,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,WAAW,IAAI,CAAC,CAAC,IAAI,IAAI,SAAS,CAClF,CAAC;IAEF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,UAAU,GAAG,QAAQ,CAAC;QAC1B,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;gBAClC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAChD,OAAO,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrE,CAAC,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,UAAU,GAAG,KAAK,CAAC;QAC3C,CAAC;QAED,IAAI,OAAO,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CACnC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACtE,CAAC,IAAI,CAAC;QACT,CAAC;QACD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,yDAAyD;IACzD,IAAI,OAAO,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAC3B,IAAI,OAAO,GAAG,WAAW;YAAE,OAAO,WAAW,CAAC;QAC9C,IAAI,OAAO,GAAG,SAAS;YAAE,OAAO,SAAS,CAAC;QAC1C,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../src/llm/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAA0B,QAAQ,EAAc,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../src/llm/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAA0B,QAAQ,EAAc,MAAM,WAAW,CAAC;AAOjG;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,kBAAkB,EAAE,OAAO,CAAC;IAC5B,uCAAuC;IACvC,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,wDAAwD;IACxD,IAAI,EAAE,QAAQ,CAAC;IACf,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,qBAAqB;IACrB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,kDAAkD;IAClD,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wDAAwD;IACxD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,2EAA2E;IAC3E,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,6BAA6B;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAmJD,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,OAAO,CAAU;gBAEb,MAAM,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAK7D;;OAEG;IACG,cAAc,CAClB,EAAE,EAAE,QAAQ,EACZ,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,eAAe,EAAE,CAAC;IAkD7B;;OAEG;YACW,aAAa;IA+I3B;;;OAGG;YACW,mBAAmB;IAOjC;;OAEG;IACH,OAAO,CAAC,cAAc;IAsFtB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiB1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA0BzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAO1B;AAMD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,eAAe,CAErG;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,EAAE,EAAE,QAAQ,EACZ,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,EAAE,CAAC,CAE5B;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,eAAe,EAAE,EAC1B,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CA2CX"}
|
package/dist/llm/discovery.js
CHANGED
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* Expected impact: +15-25% on XSS and Command Injection benchmarks.
|
|
11
11
|
*/
|
|
12
12
|
import { getAxLLMClient } from './ax-client.js';
|
|
13
|
+
import { anchorLineToIRSink } from './anchoring.js';
|
|
13
14
|
// ============================================================================
|
|
14
15
|
// CWE-Specific Discovery Prompts
|
|
15
16
|
// ============================================================================
|
|
@@ -164,7 +165,7 @@ export class DiscoveryEngine {
|
|
|
164
165
|
const startTime = Date.now();
|
|
165
166
|
try {
|
|
166
167
|
const result = await Promise.race([
|
|
167
|
-
this.analyzeMethod(method, targetCWEs, options),
|
|
168
|
+
this.analyzeMethod(method, targetCWEs, options, ir.taint.sinks),
|
|
168
169
|
new Promise((_, reject) => setTimeout(() => reject(new Error('Discovery timeout')), timeout)),
|
|
169
170
|
]);
|
|
170
171
|
result.discoveryTimeMs = Date.now() - startTime;
|
|
@@ -188,7 +189,7 @@ export class DiscoveryEngine {
|
|
|
188
189
|
/**
|
|
189
190
|
* Analyze a single method for vulnerabilities
|
|
190
191
|
*/
|
|
191
|
-
async analyzeMethod(method, targetCWEs, options) {
|
|
192
|
+
async analyzeMethod(method, targetCWEs, options, irSinks = []) {
|
|
192
193
|
const methodId = `${method.className}.${method.methodName}`;
|
|
193
194
|
const confidenceThreshold = options.confidenceThreshold ?? 0.6;
|
|
194
195
|
// Build the discovery prompt
|
|
@@ -282,11 +283,15 @@ If no vulnerability found, respond:
|
|
|
282
283
|
discoveryTimeMs: 0,
|
|
283
284
|
};
|
|
284
285
|
if (vulnerabilityFound && response.vulnerability) {
|
|
286
|
+
const normalizedType = this.normalizeSinkType(response.vulnerability.type);
|
|
287
|
+
// Anchor LLM-reported line to a real IR sink in the same method to
|
|
288
|
+
// suppress run-to-run drift (cognium-dev#29 / cognium-ai#89).
|
|
289
|
+
const anchoredLine = anchorLineToIRSink(response.vulnerability.line, irSinks, method.startLine, method.endLine, normalizedType);
|
|
285
290
|
result.vulnerability = {
|
|
286
|
-
type:
|
|
291
|
+
type: normalizedType,
|
|
287
292
|
cwe: response.vulnerability.cwe || 'CWE-unknown',
|
|
288
293
|
severity: this.normalizeSeverity(response.vulnerability.severity),
|
|
289
|
-
line:
|
|
294
|
+
line: anchoredLine,
|
|
290
295
|
code: response.vulnerability.code || '',
|
|
291
296
|
description: response.vulnerability.description || '',
|
|
292
297
|
attackVector: response.vulnerability.attackVector,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../src/llm/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,cAAc,EAAoB,MAAM,gBAAgB,CAAC;AAsFlE,+EAA+E;AAC/E,iCAAiC;AACjC,+EAA+E;AAE/E,MAAM,qBAAqB,GAA2B;IACpD,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0EA6B6D;IAExE,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0CA8B6B;IAExC,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;4CA4B+B;IAE1C,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;4CA0B+B;CAC3C,CAAC;AAEF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,MAAM,OAAO,eAAe;IAClB,MAAM,CAAc;IACpB,OAAO,CAAU;IAEzB,YAAY,MAAoB,EAAE,MAA2B;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,EAAY,EACZ,IAAY,EACZ,QAAgB,EAChB,UAA4B,EAAE;QAE9B,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;QAExC,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAEvD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,yBAAyB,OAAO,CAAC,MAAM,eAAe,QAAQ,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,mCAAmC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACtF,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,IAAI,KAAK,CAAC;QAElD,sBAAsB;QACtB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,yBAAyB,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;YAClF,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAChC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;oBAC/C,IAAI,OAAO,CAAkB,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CACzC,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,EAAE,OAAO,CAAC,CAClE;iBACF,CAAC,CAAC;gBAEH,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC,CAAC;gBAC7F,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;oBACpD,kBAAkB,EAAE,KAAK;oBACzB,SAAS,EAAE,qBAAqB,KAAK,EAAE;oBACvC,UAAU,EAAE,CAAC;oBACb,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACxC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CACzB,MAAqB,EACrB,UAAoB,EACpB,OAAyB;QAEzB,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC5D,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,GAAG,CAAC;QAE/D,6BAA6B;QAC7B,MAAM,WAAW,GAAG,UAAU;aAC3B,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;aAC5C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aACd,IAAI,CAAC,aAAa,CAAC,CAAC;QAEvB,MAAM,YAAY,GAAG;;EAEvB,WAAW;;;;;;;;;wEAS2D,CAAC;QAErE,MAAM,UAAU,GAAG;;SAEd,MAAM,CAAC,SAAS;UACf,MAAM,CAAC,UAAU;eACZ,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;WAC3C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;EAG/C,MAAM,CAAC,UAAU;;;yDAGsC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6B5E,CAAC;QAEC,IAAI,CAAC;YACH,+CAA+C;YAC/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAE1E,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO;oBACL,QAAQ;oBACR,kBAAkB,EAAE,KAAK;oBACzB,SAAS,EAAE,iBAAiB;oBAC5B,UAAU,EAAE,CAAC;oBACb,eAAe,EAAE,CAAC;iBACnB,CAAC;YACJ,CAAC;YAED,uBAAuB;YACvB,MAAM,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,KAAK,IAAI,CAAC;YAChE,MAAM,UAAU,GAAG,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC;YAEvF,iCAAiC;YACjC,IAAI,kBAAkB,IAAI,UAAU,GAAG,mBAAmB,EAAE,CAAC;gBAC3D,OAAO;oBACL,QAAQ;oBACR,kBAAkB,EAAE,KAAK;oBACzB,SAAS,EAAE,uDAAuD,UAAU,MAAM,mBAAmB,MAAM,QAAQ,CAAC,SAAS,EAAE;oBAC/H,UAAU;oBACV,eAAe,EAAE,CAAC;iBACnB,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAoB;gBAC9B,QAAQ;gBACR,kBAAkB;gBAClB,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,EAAE;gBACnC,UAAU;gBACV,eAAe,EAAE,CAAC;aACnB,CAAC;YAEF,IAAI,kBAAkB,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,CAAC,aAAa,GAAG;oBACrB,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC;oBACzD,GAAG,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI,aAAa;oBAChD,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC;oBACjE,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,MAAM,CAAC,SAAS;oBACrD,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE;oBACvC,WAAW,EAAE,QAAQ,CAAC,aAAa,CAAC,WAAW,IAAI,EAAE;oBACrD,YAAY,EAAE,QAAQ,CAAC,aAAa,CAAC,YAAY;oBACjD,WAAW,EAAE,QAAQ,CAAC,aAAa,CAAC,WAAW,IAAI,kCAAkC;oBACrF,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM;iBACtC,CAAC;YACJ,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,QAAQ;gBACR,kBAAkB,EAAE,KAAK;gBACzB,SAAS,EAAE,mBAAmB,KAAK,EAAE;gBACrC,UAAU,EAAE,CAAC;gBACb,eAAe,EAAE,CAAC;aACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,mBAAmB,CAC/B,YAAoB,EACpB,UAAkB;QAElB,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAM,YAAY,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACK,cAAc,CACpB,EAAY,EACZ,IAAY,EACZ,OAAyB;QAEzB,MAAM,OAAO,GAAoB,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;QACnD,MAAM,mBAAmB,GAAG,OAAO,CAAC,0BAA0B,IAAI,KAAK,CAAC;QAExE,0BAA0B;QAC1B,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC5C,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,KAAK,MAAM,MAAM,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACtC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;gBAClC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;gBAAE,SAAS;YAEpC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YACnE,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;YAErD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClC,wCAAwC;gBACxC,MAAM,mBAAmB,GACvB,CAAC,mBAAmB;oBACpB,MAAM,CAAC,UAAU,KAAK,SAAS;oBAC/B,MAAM,CAAC,QAAQ,KAAK,SAAS;oBAC7B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAChC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,CAC7D,CAAC;gBAEJ,kEAAkE;gBAClE,IAAI,mBAAmB,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBAChD,SAAS;gBACX,CAAC;gBAED,sBAAsB;gBACtB,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;gBACpC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,IAAI,SAAS,GAAG,EAAE,CAAC;gBAClD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAElE,mDAAmD;gBACnD,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtC,SAAS;gBACX,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,SAAS;oBACT,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,UAAU;oBACV,SAAS;oBACT,OAAO;oBACP,WAAW,EAAE;wBACX,GAAG,gBAAgB;wBACnB,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;qBACjD;oBACD,OAAO;oBACP,mBAAmB;iBACpB,CAAC,CAAC;gBAEH,IAAI,OAAO,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;oBACjC,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;gBACjC,MAAM;YACR,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,UAAkB,EAAE,UAAkB;QAC/D,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QAE3C,4BAA4B;QAC5B,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAChG,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YACnF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,IAAY;QACpC,MAAM,KAAK,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC/D,MAAM,OAAO,GAA6B;YACxC,mBAAmB,EAAE,mBAAmB;YACxC,eAAe,EAAE,mBAAmB;YACpC,YAAY,EAAE,mBAAmB;YACjC,KAAK,EAAE,KAAK;YACZ,sBAAsB,EAAE,KAAK;YAC7B,gBAAgB,EAAE,gBAAgB;YAClC,qBAAqB,EAAE,gBAAgB;YACvC,KAAK,EAAE,gBAAgB;YACvB,gBAAgB,EAAE,gBAAgB;YAClC,uBAAuB,EAAE,gBAAgB;YACzC,KAAK,EAAE,gBAAgB;YACvB,eAAe,EAAE,eAAe;YAChC,MAAM,EAAE,eAAe;YACvB,iBAAiB,EAAE,iBAAiB;YACpC,0BAA0B,EAAE,iBAAiB;YAC7C,KAAK,EAAE,KAAK;YACZ,qBAAqB,EAAE,KAAK;YAC5B,MAAM,EAAE,MAAM;YACd,6BAA6B,EAAE,MAAM;SACtC,CAAC;QACF,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,gBAAgB,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,QAAgB;QACxC,MAAM,KAAK,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,UAAU,CAAC;QAC5C,IAAI,KAAK,KAAK,MAAM;YAAE,OAAO,MAAM,CAAC;QACpC,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,QAAQ,CAAC;QAChE,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA2B,EAAE,MAAoB;IAClF,OAAO,IAAI,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,EAAY,EACZ,IAAY,EACZ,QAAgB,EAChB,OAA0B;IAE1B,OAAO,kBAAkB,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAA0B,EAC1B,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC;YAElC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,aAAa,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;gBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;oBACjB,CAAC,CAAC;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;wBACtB,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;qBAC3B;oBACH,CAAC,CAAC;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,YAAY;qBACnB;gBACL,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB;gBACD,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;gBACrE,WAAW,EAAE,mBAAmB,IAAI,CAAC,WAAW,kBAAkB,MAAM,CAAC,SAAS,EAAE;gBACpF,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,YAAY,EAAE;oBACZ,iBAAiB,EAAE,IAAI;oBACvB,YAAY,EAAE,IAAI;oBAClB,cAAc,EAAE,MAAM,CAAC,UAAU;iBAClC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
1
|
+
{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../src/llm/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,cAAc,EAAoB,MAAM,gBAAgB,CAAC;AAGlE,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAoFpD,+EAA+E;AAC/E,iCAAiC;AACjC,+EAA+E;AAE/E,MAAM,qBAAqB,GAA2B;IACpD,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0EA6B6D;IAExE,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0CA8B6B;IAExC,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;4CA4B+B;IAE1C,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;4CA0B+B;CAC3C,CAAC;AAEF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,MAAM,OAAO,eAAe;IAClB,MAAM,CAAc;IACpB,OAAO,CAAU;IAEzB,YAAY,MAAoB,EAAE,MAA2B;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,EAAY,EACZ,IAAY,EACZ,QAAgB,EAChB,UAA4B,EAAE;QAE9B,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;QAExC,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAEvD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,yBAAyB,OAAO,CAAC,MAAM,eAAe,QAAQ,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,mCAAmC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACtF,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,IAAI,KAAK,CAAC;QAElD,sBAAsB;QACtB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,yBAAyB,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;YAClF,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;oBAChC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;oBAC/D,IAAI,OAAO,CAAkB,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CACzC,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,EAAE,OAAO,CAAC,CAClE;iBACF,CAAC,CAAC;gBAEH,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC,CAAC;gBAC7F,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;oBACpD,kBAAkB,EAAE,KAAK;oBACzB,SAAS,EAAE,qBAAqB,KAAK,EAAE;oBACvC,UAAU,EAAE,CAAC;oBACb,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACxC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CACzB,MAAqB,EACrB,UAAoB,EACpB,OAAyB,EACzB,UAAoC,EAAE;QAEtC,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC5D,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,GAAG,CAAC;QAE/D,6BAA6B;QAC7B,MAAM,WAAW,GAAG,UAAU;aAC3B,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;aAC5C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;aACd,IAAI,CAAC,aAAa,CAAC,CAAC;QAEvB,MAAM,YAAY,GAAG;;EAEvB,WAAW;;;;;;;;;wEAS2D,CAAC;QAErE,MAAM,UAAU,GAAG;;SAEd,MAAM,CAAC,SAAS;UACf,MAAM,CAAC,UAAU;eACZ,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;WAC3C,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;EAG/C,MAAM,CAAC,UAAU;;;yDAGsC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6B5E,CAAC;QAEC,IAAI,CAAC;YACH,+CAA+C;YAC/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAE1E,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO;oBACL,QAAQ;oBACR,kBAAkB,EAAE,KAAK;oBACzB,SAAS,EAAE,iBAAiB;oBAC5B,UAAU,EAAE,CAAC;oBACb,eAAe,EAAE,CAAC;iBACnB,CAAC;YACJ,CAAC;YAED,uBAAuB;YACvB,MAAM,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,KAAK,IAAI,CAAC;YAChE,MAAM,UAAU,GAAG,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC;YAEvF,iCAAiC;YACjC,IAAI,kBAAkB,IAAI,UAAU,GAAG,mBAAmB,EAAE,CAAC;gBAC3D,OAAO;oBACL,QAAQ;oBACR,kBAAkB,EAAE,KAAK;oBACzB,SAAS,EAAE,uDAAuD,UAAU,MAAM,mBAAmB,MAAM,QAAQ,CAAC,SAAS,EAAE;oBAC/H,UAAU;oBACV,eAAe,EAAE,CAAC;iBACnB,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAoB;gBAC9B,QAAQ;gBACR,kBAAkB;gBAClB,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,EAAE;gBACnC,UAAU;gBACV,eAAe,EAAE,CAAC;aACnB,CAAC;YAEF,IAAI,kBAAkB,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;gBAC3E,mEAAmE;gBACnE,8DAA8D;gBAC9D,MAAM,YAAY,GAAG,kBAAkB,CACrC,QAAQ,CAAC,aAAa,CAAC,IAAI,EAC3B,OAAO,EACP,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,OAAO,EACd,cAAc,CACf,CAAC;gBACF,MAAM,CAAC,aAAa,GAAG;oBACrB,IAAI,EAAE,cAAc;oBACpB,GAAG,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI,aAAa;oBAChD,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC;oBACjE,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE;oBACvC,WAAW,EAAE,QAAQ,CAAC,aAAa,CAAC,WAAW,IAAI,EAAE;oBACrD,YAAY,EAAE,QAAQ,CAAC,aAAa,CAAC,YAAY;oBACjD,WAAW,EAAE,QAAQ,CAAC,aAAa,CAAC,WAAW,IAAI,kCAAkC;oBACrF,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM;iBACtC,CAAC;YACJ,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,QAAQ;gBACR,kBAAkB,EAAE,KAAK;gBACzB,SAAS,EAAE,mBAAmB,KAAK,EAAE;gBACrC,UAAU,EAAE,CAAC;gBACb,eAAe,EAAE,CAAC;aACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,mBAAmB,CAC/B,YAAoB,EACpB,UAAkB;QAElB,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAM,YAAY,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACK,cAAc,CACpB,EAAY,EACZ,IAAY,EACZ,OAAyB;QAEzB,MAAM,OAAO,GAAoB,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;QACnD,MAAM,mBAAmB,GAAG,OAAO,CAAC,0BAA0B,IAAI,KAAK,CAAC;QAExE,0BAA0B;QAC1B,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC5C,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,KAAK,MAAM,MAAM,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACtC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;gBAClC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;gBAAE,SAAS;YAEpC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YACnE,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;YAErD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClC,wCAAwC;gBACxC,MAAM,mBAAmB,GACvB,CAAC,mBAAmB;oBACpB,MAAM,CAAC,UAAU,KAAK,SAAS;oBAC/B,MAAM,CAAC,QAAQ,KAAK,SAAS;oBAC7B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAChC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,CAC7D,CAAC;gBAEJ,kEAAkE;gBAClE,IAAI,mBAAmB,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBAChD,SAAS;gBACX,CAAC;gBAED,sBAAsB;gBACtB,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;gBACpC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,IAAI,SAAS,GAAG,EAAE,CAAC;gBAClD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAElE,mDAAmD;gBACnD,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtC,SAAS;gBACX,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,SAAS;oBACT,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,UAAU;oBACV,SAAS;oBACT,OAAO;oBACP,WAAW,EAAE;wBACX,GAAG,gBAAgB;wBACnB,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;qBACjD;oBACD,OAAO;oBACP,mBAAmB;iBACpB,CAAC,CAAC;gBAEH,IAAI,OAAO,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;oBACjC,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,IAAI,UAAU,EAAE,CAAC;gBACjC,MAAM;YACR,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,UAAkB,EAAE,UAAkB;QAC/D,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QAE3C,4BAA4B;QAC5B,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAChG,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YACnF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,IAAY;QACpC,MAAM,KAAK,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC/D,MAAM,OAAO,GAA6B;YACxC,mBAAmB,EAAE,mBAAmB;YACxC,eAAe,EAAE,mBAAmB;YACpC,YAAY,EAAE,mBAAmB;YACjC,KAAK,EAAE,KAAK;YACZ,sBAAsB,EAAE,KAAK;YAC7B,gBAAgB,EAAE,gBAAgB;YAClC,qBAAqB,EAAE,gBAAgB;YACvC,KAAK,EAAE,gBAAgB;YACvB,gBAAgB,EAAE,gBAAgB;YAClC,uBAAuB,EAAE,gBAAgB;YACzC,KAAK,EAAE,gBAAgB;YACvB,eAAe,EAAE,eAAe;YAChC,MAAM,EAAE,eAAe;YACvB,iBAAiB,EAAE,iBAAiB;YACpC,0BAA0B,EAAE,iBAAiB;YAC7C,KAAK,EAAE,KAAK;YACZ,qBAAqB,EAAE,KAAK;YAC5B,MAAM,EAAE,MAAM;YACd,6BAA6B,EAAE,MAAM;SACtC,CAAC;QACF,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,gBAAgB,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,QAAgB;QACxC,MAAM,KAAK,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,UAAU,CAAC;QAC5C,IAAI,KAAK,KAAK,MAAM;YAAE,OAAO,MAAM,CAAC;QACpC,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,QAAQ,CAAC;QAChE,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA2B,EAAE,MAAoB;IAClF,OAAO,IAAI,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,EAAY,EACZ,IAAY,EACZ,QAAgB,EAChB,OAA0B;IAE1B,OAAO,kBAAkB,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAA0B,EAC1B,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,kBAAkB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC;YAElC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,aAAa,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;gBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;oBACjB,CAAC,CAAC;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;wBACtB,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;qBAC3B;oBACH,CAAC,CAAC;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,YAAY;qBACnB;gBACL,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB;gBACD,IAAI,EAAE,EAAE;gBACR,WAAW,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;gBACrE,WAAW,EAAE,mBAAmB,IAAI,CAAC,WAAW,kBAAkB,MAAM,CAAC,SAAS,EAAE;gBACpF,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,YAAY,EAAE;oBACZ,iBAAiB,EAAE,IAAI;oBACvB,YAAY,EAAE,IAAI;oBAClB,cAAc,EAAE,MAAM,CAAC,UAAU;iBAClC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -17,11 +17,14 @@
|
|
|
17
17
|
* (executeCommand, Executor.execute(Runnable), picocli .execute()).
|
|
18
18
|
* - cogniumhq/circle-ir-ai#91 — sql_injection FP corpus (Executor.execute,
|
|
19
19
|
* MyBatis mapper interface declarations, JSqlParser AST .execute()).
|
|
20
|
-
* - cogniumhq/circle-ir-ai#92 — deserialization
|
|
21
|
-
*
|
|
22
|
-
* parseObject
|
|
23
|
-
* - cogniumhq/circle-ir-ai#93 —
|
|
24
|
-
*
|
|
20
|
+
* - cogniumhq/circle-ir-ai#92 — deserialization FP corpus (typed
|
|
21
|
+
* Jackson readValue / typed Gson fromJson / typed FastJson
|
|
22
|
+
* parseObject).
|
|
23
|
+
* - cogniumhq/circle-ir-ai#93 — code_injection FP corpus
|
|
24
|
+
* (Pattern.compile / Class.forName / Method.invoke).
|
|
25
|
+
* - cogniumhq/circle-ir-ai#94 — nosql_injection on .js/.html FPs.
|
|
26
|
+
* - Cross-cutting phantom-line FPs (sink.code empty) — root cause
|
|
27
|
+
* observed across all of #90/#91/#92/#93/#94.
|
|
25
28
|
*/
|
|
26
29
|
export declare function isPhantomLineSink(code: string | undefined | null): boolean;
|
|
27
30
|
export declare function isRequireOrImportSink(code: string | undefined | null): boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sink-filters.d.ts","sourceRoot":"","sources":["../../src/security-scan/sink-filters.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"sink-filters.d.ts","sourceRoot":"","sources":["../../src/security-scan/sink-filters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAwBH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,OAAO,CAW1E;AA6BD,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,OAAO,CAK9E;AA+GD,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC/B,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAClC,OAAO,CAOT;AAsBD,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACnC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAClC,OAAO,CAGT;AAMD;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACnC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACnC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GACnC,OAAO,CAMT"}
|
|
@@ -17,11 +17,14 @@
|
|
|
17
17
|
* (executeCommand, Executor.execute(Runnable), picocli .execute()).
|
|
18
18
|
* - cogniumhq/circle-ir-ai#91 — sql_injection FP corpus (Executor.execute,
|
|
19
19
|
* MyBatis mapper interface declarations, JSqlParser AST .execute()).
|
|
20
|
-
* - cogniumhq/circle-ir-ai#92 — deserialization
|
|
21
|
-
*
|
|
22
|
-
* parseObject
|
|
23
|
-
* - cogniumhq/circle-ir-ai#93 —
|
|
24
|
-
*
|
|
20
|
+
* - cogniumhq/circle-ir-ai#92 — deserialization FP corpus (typed
|
|
21
|
+
* Jackson readValue / typed Gson fromJson / typed FastJson
|
|
22
|
+
* parseObject).
|
|
23
|
+
* - cogniumhq/circle-ir-ai#93 — code_injection FP corpus
|
|
24
|
+
* (Pattern.compile / Class.forName / Method.invoke).
|
|
25
|
+
* - cogniumhq/circle-ir-ai#94 — nosql_injection on .js/.html FPs.
|
|
26
|
+
* - Cross-cutting phantom-line FPs (sink.code empty) — root cause
|
|
27
|
+
* observed across all of #90/#91/#92/#93/#94.
|
|
25
28
|
*/
|
|
26
29
|
// ---------------------------------------------------------------------------
|
|
27
30
|
// Phantom-line filter (#90/#91/#92/#93/#94)
|
|
@@ -132,19 +135,19 @@ const NON_SINK_PATTERNS = [
|
|
|
132
135
|
{ pattern: /\bfromJson\s*\([^,]+,\s*new\s+TypeToken\s*</, sinkType: 'deserialization', ref: '#92' },
|
|
133
136
|
// Typed FastJson parseObject(x, Foo.class).
|
|
134
137
|
{ pattern: /\bparseObject\s*\([^,]+,\s*[A-Za-z_$][\w$.]*\.class\b/, sinkType: 'deserialization', ref: '#92' },
|
|
135
|
-
// #
|
|
138
|
+
// #93 — code_injection (regex / reflection / hardcoded forms)
|
|
136
139
|
// Pattern.compile("literal") — string-literal regex, not code exec.
|
|
137
|
-
{ pattern: /\bPattern\s*\.\s*compile\s*\(\s*["'`]/, sinkType: 'code_injection', ref: '#
|
|
140
|
+
{ pattern: /\bPattern\s*\.\s*compile\s*\(\s*["'`]/, sinkType: 'code_injection', ref: '#93' },
|
|
138
141
|
// Class.forName("literal") — hardcoded reflection target. The
|
|
139
142
|
// hazardous form is `Class.forName("prefix." + tainted)`; the literal
|
|
140
143
|
// body MUST close without a `+` to count as safe.
|
|
141
|
-
{ pattern: /\bClass\s*\.\s*forName\s*\(\s*["'`][^"'`+]*["'`]\s*\)/, sinkType: 'code_injection', ref: '#
|
|
144
|
+
{ pattern: /\bClass\s*\.\s*forName\s*\(\s*["'`][^"'`+]*["'`]\s*\)/, sinkType: 'code_injection', ref: '#93' },
|
|
142
145
|
// Class.forName(<bare identifier>) — variable-typed but not a tainted concat.
|
|
143
|
-
{ pattern: /\bClass\s*\.\s*forName\s*\(\s*[A-Za-z_$][\w$]*\s*\)/, sinkType: 'code_injection', ref: '#
|
|
146
|
+
{ pattern: /\bClass\s*\.\s*forName\s*\(\s*[A-Za-z_$][\w$]*\s*\)/, sinkType: 'code_injection', ref: '#93' },
|
|
144
147
|
// Method.invoke — reflective dispatch internals. Matches the
|
|
145
148
|
// conventional lowercase `method.invoke(...)` (j.l.r.Method instance)
|
|
146
149
|
// and the uppercase static-reference form.
|
|
147
|
-
{ pattern: /\b[Mm]ethod\s*\.\s*invoke\s*\(/, sinkType: 'code_injection', ref: '#
|
|
150
|
+
{ pattern: /\b[Mm]ethod\s*\.\s*invoke\s*\(/, sinkType: 'code_injection', ref: '#93' },
|
|
148
151
|
];
|
|
149
152
|
export function isKnownNonSink(code, sinkType) {
|
|
150
153
|
if (!code || !sinkType)
|
|
@@ -155,7 +158,7 @@ export function isKnownNonSink(code, sinkType) {
|
|
|
155
158
|
return NON_SINK_PATTERNS.some((p) => p.sinkType === sinkType && p.pattern.test(trimmed));
|
|
156
159
|
}
|
|
157
160
|
// ---------------------------------------------------------------------------
|
|
158
|
-
// Fix 4 — nosql_injection on browser-side JS/HTML (#
|
|
161
|
+
// Fix 4 — nosql_injection on browser-side JS/HTML (#94)
|
|
159
162
|
// ---------------------------------------------------------------------------
|
|
160
163
|
/**
|
|
161
164
|
* MongoDB / NoSQL drivers run server-side. The LLM occasionally flags
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sink-filters.js","sourceRoot":"","sources":["../../src/security-scan/sink-filters.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"sink-filters.js","sourceRoot":"","sources":["../../src/security-scan/sink-filters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E;;;;;;;;;;;GAWG;AACH,MAAM,eAAe,GAAG,2BAA2B,CAAC;AACpD,6EAA6E;AAC7E,uEAAuE;AACvE,kEAAkE;AAClE,MAAM,cAAc,GAAG,OAAO,CAAC;AAE/B,MAAM,UAAU,iBAAiB,CAAC,IAA+B;IAC/D,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,yDAAyD;IACzD,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,+CAA+C;IAC/C,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,sDAAsD;IACtD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,oBAAoB,GACxB,mEAAmE,CAAC;AAEtE,MAAM,UAAU,qBAAqB,CAAC,IAA+B;IACnE,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAoDD,MAAM,iBAAiB,GAAqB;IAC1C,uBAAuB;IACvB,EAAE,OAAO,EAAE,8BAA8B,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,EAAE,KAAK,EAAE;IACnF,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,EAAE,KAAK,EAAE;IAE7F,mEAAmE;IACnE,EAAE,OAAO,EAAE,iCAAiC,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,EAAE,KAAK,EAAE;IACzF,EAAE,OAAO,EAAE,2CAA2C,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,EAAE,KAAK,EAAE;IACnG,EAAE,OAAO,EAAE,4CAA4C,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,EAAE,KAAK,EAAE;IACpG,8DAA8D;IAC9D,sEAAsE;IACtE,4DAA4D;IAC5D,mEAAmE;IACnE,EAAE,OAAO,EAAE,+DAA+D,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,EAAE,KAAK,EAAE;IAEvH,4DAA4D;IAC5D,+DAA+D;IAC/D,sEAAsE;IACtE,4DAA4D;IAC5D,gEAAgE;IAChE,2CAA2C;IAC3C,oEAAoE;IACpE,yDAAyD;IACzD,qDAAqD;IACrD;QACE,OAAO,EAAE,+FAA+F;QACxG,QAAQ,EAAE,eAAe;QACzB,GAAG,EAAE,KAAK;KACX;IAED,sDAAsD;IACtD,mEAAmE;IACnE,sEAAsE;IACtE,EAAE,OAAO,EAAE,qDAAqD,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE;IAC3G,2EAA2E;IAC3E,uDAAuD;IACvD,EAAE,OAAO,EAAE,kDAAkD,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE;IACxG,qCAAqC;IACrC,EAAE,OAAO,EAAE,oDAAoD,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE;IAC1G,0DAA0D;IAC1D,EAAE,OAAO,EAAE,6CAA6C,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE;IACnG,4CAA4C;IAC5C,EAAE,OAAO,EAAE,uDAAuD,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE;IAE7G,8DAA8D;IAC9D,oEAAoE;IACpE,EAAE,OAAO,EAAE,uCAAuC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,EAAE,KAAK,EAAE;IAC5F,8DAA8D;IAC9D,sEAAsE;IACtE,kDAAkD;IAClD,EAAE,OAAO,EAAE,uDAAuD,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,EAAE,KAAK,EAAE;IAC5G,8EAA8E;IAC9E,EAAE,OAAO,EAAE,qDAAqD,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,EAAE,KAAK,EAAE;IAC1G,6DAA6D;IAC7D,sEAAsE;IACtE,2CAA2C;IAC3C,EAAE,OAAO,EAAE,gCAAgC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,EAAE,KAAK,EAAE;CACtF,CAAC;AAEF,MAAM,UAAU,cAAc,CAC5B,IAA+B,EAC/B,QAAmC;IAEnC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,iBAAiB,CAAC,IAAI,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAC1D,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,wDAAwD;AACxD,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAElF,SAAS,aAAa,CAAC,IAA+B;IACpD,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IACvB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,QAAmC,EACnC,QAAmC;IAEnC,IAAI,QAAQ,KAAK,iBAAiB;QAAE,OAAO,KAAK,CAAC;IACjD,OAAO,eAAe,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAmC,EACnC,QAAmC,EACnC,QAAoC;IAEpC,IAAI,iBAAiB,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,IAAI,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,qBAAqB,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,KAAK,CAAC;AACf,CAAC"}
|