npm - circle-ir - Versions diffs - 3.1.0 - Mend

circle-ir 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +15 -0
package/README.md +200 -0
package/configs/sinks/code_injection.yaml +672 -0
package/configs/sinks/command.yaml +917 -0
package/configs/sinks/deserialization.yaml +105 -0
package/configs/sinks/ldap.yaml +136 -0
package/configs/sinks/nodejs.json +629 -0
package/configs/sinks/path.yaml +715 -0
package/configs/sinks/python.json +501 -0
package/configs/sinks/rust.json +339 -0
package/configs/sinks/sql.yaml +233 -0
package/configs/sinks/ssrf.yaml +160 -0
package/configs/sinks/xpath.yaml +121 -0
package/configs/sinks/xss.yaml +727 -0
package/configs/sources/db_sources.yaml +90 -0
package/configs/sources/env_sources.yaml +94 -0
package/configs/sources/express.json +197 -0
package/configs/sources/file_sources.yaml +164 -0
package/configs/sources/http_sources.yaml +379 -0
package/configs/sources/io_sources.yaml +519 -0
package/configs/sources/network_sources.yaml +99 -0
package/configs/sources/python.json +230 -0
package/configs/sources/rust.json +286 -0
package/configs/sources/spring.yaml +70 -0
package/dist/analysis/advisory-db.d.ts +86 -0
package/dist/analysis/advisory-db.js +104 -0
package/dist/analysis/advisory-db.js.map +1 -0
package/dist/analysis/cargo-parser.d.ts +42 -0
package/dist/analysis/cargo-parser.js +102 -0
package/dist/analysis/cargo-parser.js.map +1 -0
package/dist/analysis/config-loader.d.ts +37 -0
package/dist/analysis/config-loader.js +1561 -0
package/dist/analysis/config-loader.js.map +1 -0
package/dist/analysis/constant-propagation/ast-utils.d.ts +25 -0
package/dist/analysis/constant-propagation/ast-utils.js +34 -0
package/dist/analysis/constant-propagation/ast-utils.js.map +1 -0
package/dist/analysis/constant-propagation/evaluator.d.ts +32 -0
package/dist/analysis/constant-propagation/evaluator.js +296 -0
package/dist/analysis/constant-propagation/evaluator.js.map +1 -0
package/dist/analysis/constant-propagation/index.d.ts +62 -0
package/dist/analysis/constant-propagation/index.js +152 -0
package/dist/analysis/constant-propagation/index.js.map +1 -0
package/dist/analysis/constant-propagation/patterns.d.ts +8 -0
package/dist/analysis/constant-propagation/patterns.js +126 -0
package/dist/analysis/constant-propagation/patterns.js.map +1 -0
package/dist/analysis/constant-propagation/propagator.d.ts +180 -0
package/dist/analysis/constant-propagation/propagator.js +1985 -0
package/dist/analysis/constant-propagation/propagator.js.map +1 -0
package/dist/analysis/constant-propagation/types.d.ts +63 -0
package/dist/analysis/constant-propagation/types.js +5 -0
package/dist/analysis/constant-propagation/types.js.map +1 -0
package/dist/analysis/constant-propagation.d.ts +9 -0
package/dist/analysis/constant-propagation.js +18 -0
package/dist/analysis/constant-propagation.js.map +1 -0
package/dist/analysis/dependency-scanner.d.ts +79 -0
package/dist/analysis/dependency-scanner.js +122 -0
package/dist/analysis/dependency-scanner.js.map +1 -0
package/dist/analysis/dfg-verifier.d.ts +116 -0
package/dist/analysis/dfg-verifier.js +399 -0
package/dist/analysis/dfg-verifier.js.map +1 -0
package/dist/analysis/findings.d.ts +11 -0
package/dist/analysis/findings.js +228 -0
package/dist/analysis/findings.js.map +1 -0
package/dist/analysis/index.d.ts +16 -0
package/dist/analysis/index.js +18 -0
package/dist/analysis/index.js.map +1 -0
package/dist/analysis/interprocedural.d.ts +99 -0
package/dist/analysis/interprocedural.js +526 -0
package/dist/analysis/interprocedural.js.map +1 -0
package/dist/analysis/path-finder.d.ts +133 -0
package/dist/analysis/path-finder.js +354 -0
package/dist/analysis/path-finder.js.map +1 -0
package/dist/analysis/rules.d.ts +75 -0
package/dist/analysis/rules.js +332 -0
package/dist/analysis/rules.js.map +1 -0
package/dist/analysis/semver.d.ts +27 -0
package/dist/analysis/semver.js +127 -0
package/dist/analysis/semver.js.map +1 -0
package/dist/analysis/taint-matcher.d.ts +15 -0
package/dist/analysis/taint-matcher.js +634 -0
package/dist/analysis/taint-matcher.js.map +1 -0
package/dist/analysis/taint-propagation.d.ts +67 -0
package/dist/analysis/taint-propagation.js +298 -0
package/dist/analysis/taint-propagation.js.map +1 -0
package/dist/analysis/unresolved.d.ts +14 -0
package/dist/analysis/unresolved.js +202 -0
package/dist/analysis/unresolved.js.map +1 -0
package/dist/analyzer.d.ts +43 -0
package/dist/analyzer.js +1010 -0
package/dist/analyzer.js.map +1 -0
package/dist/browser/circle-ir.js +16576 -0
package/dist/browser.d.ts +38 -0
package/dist/browser.js +38 -0
package/dist/browser.js.map +1 -0
package/dist/core/circle-ir-core.cjs +13626 -0
package/dist/core/circle-ir-core.d.ts +59 -0
package/dist/core/circle-ir-core.js +13591 -0
package/dist/core/extractors/calls.d.ts +13 -0
package/dist/core/extractors/calls.js +1429 -0
package/dist/core/extractors/calls.js.map +1 -0
package/dist/core/extractors/cfg.d.ts +9 -0
package/dist/core/extractors/cfg.js +519 -0
package/dist/core/extractors/cfg.js.map +1 -0
package/dist/core/extractors/dfg.d.ts +12 -0
package/dist/core/extractors/dfg.js +1081 -0
package/dist/core/extractors/dfg.js.map +1 -0
package/dist/core/extractors/exports.d.ts +14 -0
package/dist/core/extractors/exports.js +80 -0
package/dist/core/extractors/exports.js.map +1 -0
package/dist/core/extractors/imports.d.ts +9 -0
package/dist/core/extractors/imports.js +739 -0
package/dist/core/extractors/imports.js.map +1 -0
package/dist/core/extractors/index.d.ts +10 -0
package/dist/core/extractors/index.js +11 -0
package/dist/core/extractors/index.js.map +1 -0
package/dist/core/extractors/meta.d.ts +10 -0
package/dist/core/extractors/meta.js +109 -0
package/dist/core/extractors/meta.js.map +1 -0
package/dist/core/extractors/types.d.ts +10 -0
package/dist/core/extractors/types.js +1479 -0
package/dist/core/extractors/types.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.js +8 -0
package/dist/core/index.js.map +1 -0
package/dist/core/parser.d.ts +84 -0
package/dist/core/parser.js +250 -0
package/dist/core/parser.js.map +1 -0
package/dist/core-lib.d.ts +59 -0
package/dist/core-lib.js +62 -0
package/dist/core-lib.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +20 -0
package/dist/index.js.map +1 -0
package/dist/languages/index.d.ts +11 -0
package/dist/languages/index.js +14 -0
package/dist/languages/index.js.map +1 -0
package/dist/languages/plugins/base.d.ts +44 -0
package/dist/languages/plugins/base.js +82 -0
package/dist/languages/plugins/base.js.map +1 -0
package/dist/languages/plugins/index.d.ts +14 -0
package/dist/languages/plugins/index.js +25 -0
package/dist/languages/plugins/index.js.map +1 -0
package/dist/languages/plugins/java.d.ts +49 -0
package/dist/languages/plugins/java.js +402 -0
package/dist/languages/plugins/java.js.map +1 -0
package/dist/languages/plugins/javascript.d.ts +48 -0
package/dist/languages/plugins/javascript.js +445 -0
package/dist/languages/plugins/javascript.js.map +1 -0
package/dist/languages/plugins/python.d.ts +47 -0
package/dist/languages/plugins/python.js +480 -0
package/dist/languages/plugins/python.js.map +1 -0
package/dist/languages/plugins/rust.d.ts +47 -0
package/dist/languages/plugins/rust.js +405 -0
package/dist/languages/plugins/rust.js.map +1 -0
package/dist/languages/registry.d.ts +30 -0
package/dist/languages/registry.js +80 -0
package/dist/languages/registry.js.map +1 -0
package/dist/languages/types.d.ts +184 -0
package/dist/languages/types.js +8 -0
package/dist/languages/types.js.map +1 -0
package/dist/resolution/cross-file.d.ts +146 -0
package/dist/resolution/cross-file.js +439 -0
package/dist/resolution/cross-file.js.map +1 -0
package/dist/resolution/index.d.ts +12 -0
package/dist/resolution/index.js +10 -0
package/dist/resolution/index.js.map +1 -0
package/dist/resolution/symbol-table.d.ts +136 -0
package/dist/resolution/symbol-table.js +336 -0
package/dist/resolution/symbol-table.js.map +1 -0
package/dist/resolution/type-hierarchy.d.ts +124 -0
package/dist/resolution/type-hierarchy.js +515 -0
package/dist/resolution/type-hierarchy.js.map +1 -0
package/dist/types/config.d.ts +45 -0
package/dist/types/config.js +5 -0
package/dist/types/config.js.map +1 -0
package/dist/types/index.d.ts +392 -0
package/dist/types/index.js +7 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/logger.d.ts +85 -0
package/dist/utils/logger.js +198 -0
package/dist/utils/logger.js.map +1 -0
package/dist/wasm/tree-sitter-java.wasm +0 -0
package/dist/wasm/tree-sitter-javascript.wasm +0 -0
package/dist/wasm/tree-sitter-python.wasm +0 -0
package/dist/wasm/tree-sitter-rust.wasm +0 -0
package/dist/wasm/web-tree-sitter.wasm +0 -0
package/docs/SPEC.md +1021 -0
package/examples/browser-example.html +610 -0
package/examples/node-example.ts +215 -0
package/package.json +107 -0
package/wasm/tree-sitter-java.wasm +0 -0
package/wasm/tree-sitter-javascript.wasm +0 -0
package/wasm/tree-sitter-python.wasm +0 -0
package/wasm/tree-sitter-rust.wasm +0 -0

package/configs/sources/python.json ADDED Viewed

@@ -0,0 +1,230 @@
+{
+  "sources": [
+    {
+      "method": "args.get",
+      "class": "request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.args.get() - query string parameter"
+    },
+    {
+      "method": "form.get",
+      "class": "request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.form.get() - POST form parameter"
+    },
+    {
+      "field": "json",
+      "class": "request",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.json - parsed JSON body"
+    },
+    {
+      "field": "data",
+      "class": "request",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.data - raw request body"
+    },
+    {
+      "method": "headers.get",
+      "class": "request",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.headers.get() - HTTP header value"
+    },
+    {
+      "method": "cookies.get",
+      "class": "request",
+      "type": "http_cookie",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.cookies.get() - cookie value"
+    },
+    {
+      "field": "path",
+      "class": "request",
+      "type": "http_path",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Flask request.path - URL path"
+    },
+    {
+      "field": "query_string",
+      "class": "request",
+      "type": "http_query",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Flask request.query_string - raw query string"
+    },
+    {
+      "method": "GET.get",
+      "class": "request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Django request.GET.get() - query string parameter"
+    },
+    {
+      "method": "POST.get",
+      "class": "request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Django request.POST.get() - POST form parameter"
+    },
+    {
+      "field": "body",
+      "class": "request",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Django request.body - raw request body"
+    },
+    {
+      "method": "META.get",
+      "class": "request",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Django request.META.get() - HTTP headers and server info"
+    },
+    {
+      "method": "COOKIES.get",
+      "class": "request",
+      "type": "http_cookie",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "Django request.COOKIES.get() - cookie value"
+    },
+    {
+      "field": "path_info",
+      "class": "request",
+      "type": "http_path",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "Django request.path_info - URL path"
+    },
+    {
+      "method": "get",
+      "class": "environ",
+      "type": "env_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "os.environ.get() - environment variable"
+    },
+    {
+      "method": "getenv",
+      "class": "os",
+      "type": "env_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "os.getenv() - environment variable"
+    },
+    {
+      "method": "input",
+      "class": null,
+      "type": "io_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "input() - user console input"
+    },
+    {
+      "method": "read",
+      "class": null,
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "file.read() - file content"
+    },
+    {
+      "method": "readline",
+      "class": null,
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "file.readline() - single line from file"
+    },
+    {
+      "method": "readlines",
+      "class": null,
+      "type": "file_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "file.readlines() - all lines from file"
+    },
+    {
+      "method": "fetchone",
+      "class": null,
+      "type": "db_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "cursor.fetchone() - database row"
+    },
+    {
+      "method": "fetchall",
+      "class": null,
+      "type": "db_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "cursor.fetchall() - database rows"
+    },
+    {
+      "method": "fetchmany",
+      "class": null,
+      "type": "db_input",
+      "severity": "medium",
+      "return_tainted": true,
+      "note": "cursor.fetchmany() - database rows"
+    },
+    {
+      "method": "recv",
+      "class": "socket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "socket.recv() - network data"
+    },
+    {
+      "method": "recvfrom",
+      "class": "socket",
+      "type": "network_input",
+      "severity": "high",
+      "return_tainted": true,
+      "note": "socket.recvfrom() - network data with address"
+    }
+  ],
+  "annotations": [
+    {
+      "annotation": "route",
+      "type": "http_param",
+      "severity": "high",
+      "note": "Flask @app.route() decorated function parameters"
+    },
+    {
+      "annotation": "get",
+      "type": "http_param",
+      "severity": "high",
+      "note": "Flask @app.get() decorated function parameters"
+    },
+    {
+      "annotation": "post",
+      "type": "http_body",
+      "severity": "high",
+      "note": "Flask @app.post() decorated function parameters"
+    },
+    {
+      "annotation": "api_view",
+      "type": "http_param",
+      "severity": "high",
+      "note": "Django REST framework @api_view() decorated function"
+    }
+  ]
+}

package/configs/sources/rust.json ADDED Viewed

@@ -0,0 +1,286 @@
+{
+  "name": "Rust Sources",
+  "description": "Taint sources for Rust web frameworks and standard library",
+  "sources": [
+    {
+      "method": "query_string",
+      "class": "HttpRequest",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "path",
+      "class": "Path",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "into_inner",
+      "class": "Path",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "into_inner",
+      "class": "Query",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "into_inner",
+      "class": "Json",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "into_inner",
+      "class": "Form",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "match_info",
+      "class": "HttpRequest",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "headers",
+      "class": "HttpRequest",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "cookie",
+      "class": "HttpRequest",
+      "type": "http_cookie",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "actix-web"
+    },
+    {
+      "method": "param",
+      "class": "Request",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "rocket"
+    },
+    {
+      "method": "into_inner",
+      "class": "Form",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "rocket"
+    },
+    {
+      "method": "into_inner",
+      "class": "Json",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "rocket"
+    },
+    {
+      "method": "cookies",
+      "class": "Request",
+      "type": "http_cookie",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "rocket"
+    },
+    {
+      "method": "headers",
+      "class": "Request",
+      "type": "http_header",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "rocket"
+    },
+    {
+      "method": "body",
+      "class": "Request",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "axum"
+    },
+    {
+      "method": "extract",
+      "class": "Query",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "axum"
+    },
+    {
+      "method": "extract",
+      "class": "Path",
+      "type": "http_param",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "axum"
+    },
+    {
+      "method": "extract",
+      "class": "Json",
+      "type": "http_body",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "axum"
+    },
+    {
+      "method": "var",
+      "class": "env",
+      "type": "env_var",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "var_os",
+      "class": "env",
+      "type": "env_var",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "args",
+      "class": "env",
+      "type": "cli_arg",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "args_os",
+      "class": "env",
+      "type": "cli_arg",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read_to_string",
+      "class": "File",
+      "type": "file_read",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read",
+      "class": "File",
+      "type": "file_read",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read_to_end",
+      "class": "File",
+      "type": "file_read",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read_line",
+      "class": "BufReader",
+      "type": "file_read",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "lines",
+      "class": "BufReader",
+      "type": "file_read",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read_to_string",
+      "class": "stdin",
+      "type": "stdin",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read_line",
+      "class": "stdin",
+      "type": "stdin",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "recv",
+      "class": "TcpStream",
+      "type": "network",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "read",
+      "class": "TcpStream",
+      "type": "network",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "recv",
+      "class": "UdpSocket",
+      "type": "network",
+      "severity": "high",
+      "return_tainted": true,
+      "framework": "std"
+    },
+    {
+      "method": "query",
+      "class": "Client",
+      "type": "db_result",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "sqlx"
+    },
+    {
+      "method": "fetch_one",
+      "class": "Client",
+      "type": "db_result",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "sqlx"
+    },
+    {
+      "method": "fetch_all",
+      "class": "Client",
+      "type": "db_result",
+      "severity": "medium",
+      "return_tainted": true,
+      "framework": "sqlx"
+    }
+  ]
+}

package/configs/sources/spring.yaml ADDED Viewed

@@ -0,0 +1,70 @@
+{
+  "sources": [
+    {
+      "annotation": "@RequestBody",
+      "type": "http_body",
+      "severity": "high",
+      "cwe": null
+    },
+    {
+      "annotation": "@RequestParam",
+      "type": "http_param",
+      "severity": "high",
+      "cwe": null
+    },
+    {
+      "annotation": "@PathVariable",
+      "type": "http_path",
+      "severity": "medium",
+      "cwe": null
+    },
+    {
+      "annotation": "@RequestHeader",
+      "type": "http_header",
+      "severity": "medium",
+      "cwe": null
+    },
+    {
+      "annotation": "@CookieValue",
+      "type": "http_cookie",
+      "severity": "high",
+      "cwe": null
+    },
+    {
+      "annotation": "@MatrixVariable",
+      "type": "http_matrix",
+      "severity": "medium",
+      "cwe": null
+    },
+    {
+      "method": "getParameter",
+      "class": "HttpServletRequest",
+      "type": "http_param",
+      "severity": "high"
+    },
+    {
+      "method": "getInputStream",
+      "class": "HttpServletRequest",
+      "type": "http_body",
+      "severity": "high"
+    },
+    {
+      "method": "getReader",
+      "class": "HttpServletRequest",
+      "type": "http_body",
+      "severity": "high"
+    },
+    {
+      "method": "getHeader",
+      "class": "HttpServletRequest",
+      "type": "http_header",
+      "severity": "medium"
+    },
+    {
+      "method": "getCookies",
+      "class": "HttpServletRequest",
+      "type": "http_cookie",
+      "severity": "high"
+    }
+  ]
+}

package/dist/analysis/advisory-db.d.ts ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * RustSec Advisory Database Integration
+ *
+ * Provides vulnerability data from the RustSec advisory database.
+ * Advisory data is bundled at build time for offline/deterministic usage.
+ */
+import type { Severity } from '../types/index.js';
+export interface AdvisoryVulnerability {
+    /** Unique advisory ID (RUSTSEC-YYYY-NNNN) */
+    id: string;
+    /** Crate name */
+    package: string;
+    /** Advisory date (RFC 3339) */
+    date: string;
+    /** Advisory URL */
+    url: string;
+    /** CVSS score string */
+    cvss?: string;
+    /** Vulnerability categories */
+    categories: string[];
+    /** Search keywords */
+    keywords: string[];
+    /** Related identifiers (CVE, etc.) */
+    aliases: string[];
+    /** Affected functions with version constraints */
+    affectedFunctions?: {
+        name: string;
+        versions: string[];
+    }[];
+    /** Version constraints */
+    versions: {
+        patched?: string[];
+        unaffected?: string[];
+    };
+    /** Affected architectures */
+    affectedArch?: string[];
+    /** Affected operating systems */
+    affectedOs?: string[];
+    /** Human-readable description */
+    description: string;
+    /** Title/summary of the vulnerability */
+    title?: string;
+}
+export interface AdvisoryDatabase {
+    /** Map of crate name to list of advisories */
+    advisories: Map<string, AdvisoryVulnerability[]>;
+    /** When the database was last updated */
+    lastUpdated: string;
+    /** Source of the database */
+    source: 'bundled' | 'fetched';
+    /** Database format version */
+    version: string;
+    /** Statistics */
+    stats?: {
+        totalAdvisories: number;
+        uniqueCrates: number;
+    };
+}
+/**
+ * Load the bundled advisory database
+ */
+export declare function loadBundledAdvisories(): AdvisoryDatabase;
+/**
+ * Parse advisory JSON into database structure
+ */
+export declare function parseAdvisoryJson(json: {
+    version: string;
+    lastUpdated: string;
+    advisories: AdvisoryVulnerability[];
+}): AdvisoryDatabase;
+/**
+ * Map RustSec categories to severity levels
+ */
+export declare function categoryToSeverity(categories: string[]): Severity;
+/**
+ * Get advisories for a specific crate
+ */
+export declare function getAdvisoriesForCrate(db: AdvisoryDatabase, crateName: string): AdvisoryVulnerability[];
+/**
+ * Search advisories by CVE ID
+ */
+export declare function findAdvisoryByCve(db: AdvisoryDatabase, cveId: string): AdvisoryVulnerability | undefined;
+/**
+ * Get all unique crate names with advisories
+ */
+export declare function getVulnerableCrates(db: AdvisoryDatabase): string[];