circle-ir 3.25.0 → 3.27.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/passes/scan-secrets-pass.d.ts +60 -0
- package/dist/analysis/passes/scan-secrets-pass.d.ts.map +1 -0
- package/dist/analysis/passes/scan-secrets-pass.js +345 -0
- package/dist/analysis/passes/scan-secrets-pass.js.map +1 -0
- package/dist/analyzer.d.ts +1 -0
- package/dist/analyzer.d.ts.map +1 -1
- package/dist/analyzer.js +6 -0
- package/dist/analyzer.js.map +1 -1
- package/dist/browser/circle-ir.js +269 -0
- package/dist/graph/analysis-pass.d.ts +10 -0
- package/dist/graph/analysis-pass.d.ts.map +1 -1
- package/dist/graph/analysis-pass.js +3 -0
- package/dist/graph/analysis-pass.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pass #90: scan-secrets (category: security, CWE-798)
|
|
3
|
+
*
|
|
4
|
+
* Detects hardcoded credentials across all 7 supported languages
|
|
5
|
+
* (Java, JS/TS, Python, Go, Rust, Bash, HTML).
|
|
6
|
+
*
|
|
7
|
+
* Two detection layers:
|
|
8
|
+
*
|
|
9
|
+
* 1. Provider-specific regex patterns. ~16 high-confidence prefixes /
|
|
10
|
+
* shapes (AWS AKIA, GitHub `ghp_`/`gho_`/`ghs_`/`ghu_`/`ghr_`,
|
|
11
|
+
* Stripe `sk_live_`/`pk_live_`, OpenAI `sk-`, Anthropic `sk-ant-`,
|
|
12
|
+
* Slack `xox[baprs]-`, Google `AIza`, JWT `eyJ..eyJ..`, PEM private
|
|
13
|
+
* keys, npm `npm_`). Each match emits a finding with
|
|
14
|
+
* `rule_id: 'hardcoded-credential'` (matches the legacy Bash
|
|
15
|
+
* detection in LanguageSourcesPass).
|
|
16
|
+
*
|
|
17
|
+
* 2. Shannon-entropy scan of inline string literals. For each
|
|
18
|
+
* base64-shaped or hex-shaped quoted string above the length gate,
|
|
19
|
+
* compute Shannon entropy; flag if it crosses the per-shape
|
|
20
|
+
* threshold. Heavily denylisted (UUIDs, bare SHA hashes, common
|
|
21
|
+
* placeholders like "changeme" / "your-key-here", env-var refs)
|
|
22
|
+
* and gated against test-file paths. Emits
|
|
23
|
+
* `rule_id: 'hardcoded-credential-entropy'` (distinct rule so users
|
|
24
|
+
* can filter the noisier entropy branch without losing provider
|
|
25
|
+
* coverage).
|
|
26
|
+
*
|
|
27
|
+
* Both layers dedupe against any prior `hardcoded-credential` /
|
|
28
|
+
* `hardcoded-credential-entropy` findings already in the pipeline's
|
|
29
|
+
* findings buffer, so the pre-existing Bash detection
|
|
30
|
+
* (`findBashPatternFindings` in language-sources-pass.ts) is never
|
|
31
|
+
* double-reported.
|
|
32
|
+
*
|
|
33
|
+
* Test files (path-based heuristic) are skipped entirely.
|
|
34
|
+
*
|
|
35
|
+
* Detection is regex-based on the raw source text, so the pass works
|
|
36
|
+
* on every language without per-grammar tree walking. This is the same
|
|
37
|
+
* approach used by `language-sources-pass.findBashPatternFindings` and
|
|
38
|
+
* `todo-in-prod-pass`.
|
|
39
|
+
*/
|
|
40
|
+
import type { AnalysisPass, PassContext } from '../../graph/analysis-pass.js';
|
|
41
|
+
export interface ScanSecretsPassResult {
|
|
42
|
+
/** Number of findings emitted in each layer (for debugging / tests). */
|
|
43
|
+
providerFindings: number;
|
|
44
|
+
entropyFindings: number;
|
|
45
|
+
}
|
|
46
|
+
export declare class ScanSecretsPass implements AnalysisPass<ScanSecretsPassResult> {
|
|
47
|
+
readonly name = "scan-secrets";
|
|
48
|
+
readonly category: "security";
|
|
49
|
+
run(ctx: PassContext): ScanSecretsPassResult;
|
|
50
|
+
/** Length + shape + denylist filter before entropy is computed. */
|
|
51
|
+
private isCandidate;
|
|
52
|
+
/**
|
|
53
|
+
* Shannon-entropy gate. Base64-shaped strings need higher entropy than
|
|
54
|
+
* hex-shaped (hex alphabet is 4 bits/char by construction). When the
|
|
55
|
+
* surrounding line contains a credential-shaped variable name, both
|
|
56
|
+
* thresholds drop by 0.2 bits/char.
|
|
57
|
+
*/
|
|
58
|
+
private passesEntropyGate;
|
|
59
|
+
}
|
|
60
|
+
//# sourceMappingURL=scan-secrets-pass.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan-secrets-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AA2M9E,MAAM,WAAW,qBAAqB;IACpC,wEAAwE;IACxE,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,eAAgB,YAAW,YAAY,CAAC,qBAAqB,CAAC;IACzE,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,qBAAqB;IAoG5C,mEAAmE;IACnE,OAAO,CAAC,WAAW;IAanB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;CAO1B"}
|
|
@@ -0,0 +1,345 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pass #90: scan-secrets (category: security, CWE-798)
|
|
3
|
+
*
|
|
4
|
+
* Detects hardcoded credentials across all 7 supported languages
|
|
5
|
+
* (Java, JS/TS, Python, Go, Rust, Bash, HTML).
|
|
6
|
+
*
|
|
7
|
+
* Two detection layers:
|
|
8
|
+
*
|
|
9
|
+
* 1. Provider-specific regex patterns. ~16 high-confidence prefixes /
|
|
10
|
+
* shapes (AWS AKIA, GitHub `ghp_`/`gho_`/`ghs_`/`ghu_`/`ghr_`,
|
|
11
|
+
* Stripe `sk_live_`/`pk_live_`, OpenAI `sk-`, Anthropic `sk-ant-`,
|
|
12
|
+
* Slack `xox[baprs]-`, Google `AIza`, JWT `eyJ..eyJ..`, PEM private
|
|
13
|
+
* keys, npm `npm_`). Each match emits a finding with
|
|
14
|
+
* `rule_id: 'hardcoded-credential'` (matches the legacy Bash
|
|
15
|
+
* detection in LanguageSourcesPass).
|
|
16
|
+
*
|
|
17
|
+
* 2. Shannon-entropy scan of inline string literals. For each
|
|
18
|
+
* base64-shaped or hex-shaped quoted string above the length gate,
|
|
19
|
+
* compute Shannon entropy; flag if it crosses the per-shape
|
|
20
|
+
* threshold. Heavily denylisted (UUIDs, bare SHA hashes, common
|
|
21
|
+
* placeholders like "changeme" / "your-key-here", env-var refs)
|
|
22
|
+
* and gated against test-file paths. Emits
|
|
23
|
+
* `rule_id: 'hardcoded-credential-entropy'` (distinct rule so users
|
|
24
|
+
* can filter the noisier entropy branch without losing provider
|
|
25
|
+
* coverage).
|
|
26
|
+
*
|
|
27
|
+
* Both layers dedupe against any prior `hardcoded-credential` /
|
|
28
|
+
* `hardcoded-credential-entropy` findings already in the pipeline's
|
|
29
|
+
* findings buffer, so the pre-existing Bash detection
|
|
30
|
+
* (`findBashPatternFindings` in language-sources-pass.ts) is never
|
|
31
|
+
* double-reported.
|
|
32
|
+
*
|
|
33
|
+
* Test files (path-based heuristic) are skipped entirely.
|
|
34
|
+
*
|
|
35
|
+
* Detection is regex-based on the raw source text, so the pass works
|
|
36
|
+
* on every language without per-grammar tree walking. This is the same
|
|
37
|
+
* approach used by `language-sources-pass.findBashPatternFindings` and
|
|
38
|
+
* `todo-in-prod-pass`.
|
|
39
|
+
*/
|
|
40
|
+
// ---------------------------------------------------------------------------
|
|
41
|
+
// Test-file skip heuristic
|
|
42
|
+
// ---------------------------------------------------------------------------
|
|
43
|
+
/** Path components and filename suffixes that mark test/fixture files. */
|
|
44
|
+
const TEST_PATH_RE = /(?:^|[\\/])(?:test|tests|spec|specs|__tests?__|__mocks?__|fixtures?|testdata)(?:[\\/]|$)/i;
|
|
45
|
+
const TEST_FILENAME_RE = /(?:\.(?:test|spec)\.[cm]?[jt]sx?|_test\.go|_test\.py|Test\.java|Tests\.java)$/i;
|
|
46
|
+
function isTestFile(file) {
|
|
47
|
+
return TEST_PATH_RE.test(file) || TEST_FILENAME_RE.test(file);
|
|
48
|
+
}
|
|
49
|
+
const PROVIDER_PATTERNS = [
|
|
50
|
+
{
|
|
51
|
+
name: 'AWS access key',
|
|
52
|
+
regex: /\bAKIA[0-9A-Z]{16}\b/,
|
|
53
|
+
severity: 'critical', level: 'error',
|
|
54
|
+
fix: 'Rotate the AWS access key immediately and move it to an environment variable or AWS Secrets Manager.',
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
name: 'GitHub personal access token',
|
|
58
|
+
regex: /\bghp_[A-Za-z0-9]{36}\b/,
|
|
59
|
+
severity: 'critical', level: 'error',
|
|
60
|
+
fix: 'Revoke the token at https://github.com/settings/tokens and store secrets in CI/CD secrets, not source.',
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
name: 'GitHub OAuth token',
|
|
64
|
+
regex: /\bgho_[A-Za-z0-9]{36}\b/,
|
|
65
|
+
severity: 'critical', level: 'error',
|
|
66
|
+
fix: 'Revoke the OAuth token and store secrets outside source control.',
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
name: 'GitHub user-to-server token',
|
|
70
|
+
regex: /\bghu_[A-Za-z0-9]{36}\b/,
|
|
71
|
+
severity: 'critical', level: 'error',
|
|
72
|
+
fix: 'Revoke the GitHub user-to-server token and store secrets outside source control.',
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
name: 'GitHub server-to-server token',
|
|
76
|
+
regex: /\bghs_[A-Za-z0-9]{36}\b/,
|
|
77
|
+
severity: 'critical', level: 'error',
|
|
78
|
+
fix: 'Revoke the GitHub server-to-server token and store secrets outside source control.',
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
name: 'GitHub refresh token',
|
|
82
|
+
regex: /\bghr_[A-Za-z0-9]{36}\b/,
|
|
83
|
+
severity: 'critical', level: 'error',
|
|
84
|
+
fix: 'Revoke the GitHub refresh token and store secrets outside source control.',
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
name: 'Stripe live secret key',
|
|
88
|
+
regex: /\bsk_live_[A-Za-z0-9]{24,}\b/,
|
|
89
|
+
severity: 'critical', level: 'error',
|
|
90
|
+
fix: 'Rotate the Stripe secret key in the Stripe Dashboard and load it from a secrets manager.',
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
name: 'Stripe live publishable key',
|
|
94
|
+
regex: /\bpk_live_[A-Za-z0-9]{24,}\b/,
|
|
95
|
+
severity: 'high', level: 'warning',
|
|
96
|
+
fix: 'Publishable keys are not secret but should still not be checked in to back-end source files; verify front-end vs back-end context.',
|
|
97
|
+
},
|
|
98
|
+
{
|
|
99
|
+
name: 'OpenAI API key',
|
|
100
|
+
regex: /\bsk-[A-Za-z0-9]{48}\b/,
|
|
101
|
+
severity: 'critical', level: 'error',
|
|
102
|
+
fix: 'Revoke the OpenAI key at https://platform.openai.com/api-keys and load from environment.',
|
|
103
|
+
},
|
|
104
|
+
{
|
|
105
|
+
name: 'Anthropic API key',
|
|
106
|
+
regex: /\bsk-ant-[A-Za-z0-9_-]{90,}\b/,
|
|
107
|
+
severity: 'critical', level: 'error',
|
|
108
|
+
fix: 'Revoke the Anthropic key in the Console and load from environment.',
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
name: 'Slack token',
|
|
112
|
+
regex: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/,
|
|
113
|
+
severity: 'critical', level: 'error',
|
|
114
|
+
fix: 'Revoke the Slack token and load from environment.',
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
name: 'Google API key',
|
|
118
|
+
regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
|
|
119
|
+
severity: 'critical', level: 'error',
|
|
120
|
+
fix: 'Restrict the Google API key by referrer / IP in the GCP console or revoke it.',
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
name: 'JSON Web Token',
|
|
124
|
+
regex: /\beyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/,
|
|
125
|
+
severity: 'critical', level: 'error',
|
|
126
|
+
fix: 'JWTs in source carry whatever scope they were minted with; rotate signing keys and remove the token.',
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
name: 'PEM private key',
|
|
130
|
+
regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----/,
|
|
131
|
+
severity: 'critical', level: 'error',
|
|
132
|
+
fix: 'Remove the private key from source control immediately, rotate the corresponding public key, and store keys outside the repository.',
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
name: 'npm access token',
|
|
136
|
+
regex: /\bnpm_[A-Za-z0-9]{36}\b/,
|
|
137
|
+
severity: 'critical', level: 'error',
|
|
138
|
+
fix: 'Revoke the npm token at https://www.npmjs.com/settings/<user>/tokens and load from environment.',
|
|
139
|
+
},
|
|
140
|
+
];
|
|
141
|
+
// ---------------------------------------------------------------------------
|
|
142
|
+
// Entropy patterns (layer 2)
|
|
143
|
+
// ---------------------------------------------------------------------------
|
|
144
|
+
/**
|
|
145
|
+
* Single-line string-literal extraction across languages.
|
|
146
|
+
* Matches "...", '...', `...`. Group 1: opening delimiter; Group 2: content.
|
|
147
|
+
*
|
|
148
|
+
* Intentionally does NOT try to parse escapes or multi-line strings —
|
|
149
|
+
* we want the literal-text content as the user wrote it, which is what
|
|
150
|
+
* Shannon entropy needs to see.
|
|
151
|
+
*/
|
|
152
|
+
const STRING_LITERAL_RE = /(["'`])((?:\\.|(?!\1).){8,200})\1/g;
|
|
153
|
+
const BASE64ISH_RE = /^[A-Za-z0-9+/=_-]+$/;
|
|
154
|
+
const HEXISH_RE = /^[a-fA-F0-9]+$/;
|
|
155
|
+
const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
|
|
156
|
+
const PLACEHOLDER_RE = /(?:changeme|your[-_]?(?:key|secret|token|password)(?:[-_]?here)?|replace[-_]?me|example[-_]?(?:key|secret|token)?|placeholder|todo|fixme|test[-_]?(?:key|secret|token)|fake[-_]?(?:key|secret|token)|dummy|sample|insert[-_]?your)/i;
|
|
157
|
+
/** Bare cryptographic-hash shapes (MD5 / SHA1 / SHA256) — high entropy but rarely a secret on their own. */
|
|
158
|
+
function isBareHashShape(s) {
|
|
159
|
+
const n = s.length;
|
|
160
|
+
if (n !== 32 && n !== 40 && n !== 64)
|
|
161
|
+
return false;
|
|
162
|
+
return HEXISH_RE.test(s);
|
|
163
|
+
}
|
|
164
|
+
function isAllSameChar(s) {
|
|
165
|
+
if (s.length < 2)
|
|
166
|
+
return false;
|
|
167
|
+
const c = s.charAt(0);
|
|
168
|
+
for (let i = 1; i < s.length; i++)
|
|
169
|
+
if (s.charAt(i) !== c)
|
|
170
|
+
return false;
|
|
171
|
+
return true;
|
|
172
|
+
}
|
|
173
|
+
/** Decode base64 best-effort; return decoded text or null. Universal (no Node Buffer). */
|
|
174
|
+
function tryBase64Decode(s) {
|
|
175
|
+
// Quick reject: base64 length must be a multiple of 4 when padded.
|
|
176
|
+
if (s.length % 4 !== 0 && !/=+$/.test(s))
|
|
177
|
+
return null;
|
|
178
|
+
try {
|
|
179
|
+
return globalThis.atob(s);
|
|
180
|
+
}
|
|
181
|
+
catch {
|
|
182
|
+
return null;
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
/** True if the base64 decodes to something that starts with `{` or `[` (i.e. JSON). */
|
|
186
|
+
function looksLikeBase64Json(s) {
|
|
187
|
+
const decoded = tryBase64Decode(s);
|
|
188
|
+
if (!decoded)
|
|
189
|
+
return false;
|
|
190
|
+
const trimmed = decoded.trimStart();
|
|
191
|
+
return trimmed.startsWith('{') || trimmed.startsWith('[');
|
|
192
|
+
}
|
|
193
|
+
function shannonEntropy(s) {
|
|
194
|
+
const freq = new Map();
|
|
195
|
+
for (const ch of s)
|
|
196
|
+
freq.set(ch, (freq.get(ch) ?? 0) + 1);
|
|
197
|
+
const len = s.length;
|
|
198
|
+
let h = 0;
|
|
199
|
+
for (const n of freq.values()) {
|
|
200
|
+
const p = n / len;
|
|
201
|
+
h -= p * Math.log2(p);
|
|
202
|
+
}
|
|
203
|
+
return h;
|
|
204
|
+
}
|
|
205
|
+
/** Words near the literal that imply credential context — used to lower the entropy threshold. */
|
|
206
|
+
const CREDENTIAL_NAME_RE = /(?:key|secret|token|password|passwd|credential|api[_-]?key)/i;
|
|
207
|
+
// ---------------------------------------------------------------------------
|
|
208
|
+
// Per-line FP-guard substrings (entropy layer only)
|
|
209
|
+
// ---------------------------------------------------------------------------
|
|
210
|
+
const TEST_CALL_RE = /\b(?:expect|assert|describe|it|test)\s*\(/;
|
|
211
|
+
const COMMENT_EXAMPLE_RE = /(?:\/\/|#)\s*(?:example|sample|test|fixture)/i;
|
|
212
|
+
export class ScanSecretsPass {
|
|
213
|
+
name = 'scan-secrets';
|
|
214
|
+
category = 'security';
|
|
215
|
+
run(ctx) {
|
|
216
|
+
const file = ctx.graph.ir.meta.file;
|
|
217
|
+
if (isTestFile(file)) {
|
|
218
|
+
return { providerFindings: 0, entropyFindings: 0 };
|
|
219
|
+
}
|
|
220
|
+
const lines = ctx.code.split('\n');
|
|
221
|
+
const prior = ctx.getFindings?.() ?? [];
|
|
222
|
+
// Build dedup index keyed on `${line}:${rule_id}` for O(1) lookup.
|
|
223
|
+
const seen = new Set();
|
|
224
|
+
for (const f of prior) {
|
|
225
|
+
if (f.file !== file)
|
|
226
|
+
continue;
|
|
227
|
+
if (f.rule_id === 'hardcoded-credential' || f.rule_id === 'hardcoded-credential-entropy') {
|
|
228
|
+
seen.add(`${f.line}:${f.rule_id}`);
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
let providerFindings = 0;
|
|
232
|
+
let entropyFindings = 0;
|
|
233
|
+
// Layer 1: provider patterns (line-by-line).
|
|
234
|
+
for (let i = 0; i < lines.length; i++) {
|
|
235
|
+
const lineText = lines[i];
|
|
236
|
+
const lineNum = i + 1;
|
|
237
|
+
for (const pattern of PROVIDER_PATTERNS) {
|
|
238
|
+
const m = pattern.regex.exec(lineText);
|
|
239
|
+
if (!m)
|
|
240
|
+
continue;
|
|
241
|
+
const key = `${lineNum}:hardcoded-credential`;
|
|
242
|
+
if (seen.has(key))
|
|
243
|
+
continue;
|
|
244
|
+
seen.add(key);
|
|
245
|
+
ctx.addFinding({
|
|
246
|
+
id: `hardcoded-credential-${file}-${lineNum}`,
|
|
247
|
+
pass: this.name,
|
|
248
|
+
category: this.category,
|
|
249
|
+
rule_id: 'hardcoded-credential',
|
|
250
|
+
cwe: 'CWE-798',
|
|
251
|
+
severity: pattern.severity,
|
|
252
|
+
level: pattern.level,
|
|
253
|
+
message: `Hardcoded credential: ${pattern.name} detected`,
|
|
254
|
+
file,
|
|
255
|
+
line: lineNum,
|
|
256
|
+
snippet: lineText.trim().substring(0, 120),
|
|
257
|
+
fix: pattern.fix,
|
|
258
|
+
evidence: { provider: pattern.name, match: m[0].substring(0, 40) },
|
|
259
|
+
});
|
|
260
|
+
providerFindings += 1;
|
|
261
|
+
// First provider hit on a line is enough — same value won't match two
|
|
262
|
+
// unrelated providers because patterns are prefix-anchored.
|
|
263
|
+
break;
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
// Layer 2: Shannon-entropy scan on string literals.
|
|
267
|
+
for (let i = 0; i < lines.length; i++) {
|
|
268
|
+
const lineText = lines[i];
|
|
269
|
+
const lineNum = i + 1;
|
|
270
|
+
if (TEST_CALL_RE.test(lineText))
|
|
271
|
+
continue;
|
|
272
|
+
if (COMMENT_EXAMPLE_RE.test(lineText))
|
|
273
|
+
continue;
|
|
274
|
+
// Reset regex state per line; STRING_LITERAL_RE is global.
|
|
275
|
+
STRING_LITERAL_RE.lastIndex = 0;
|
|
276
|
+
let match;
|
|
277
|
+
while ((match = STRING_LITERAL_RE.exec(lineText)) !== null) {
|
|
278
|
+
const value = match[2];
|
|
279
|
+
if (!this.isCandidate(value))
|
|
280
|
+
continue;
|
|
281
|
+
if (!this.passesEntropyGate(value, lineText))
|
|
282
|
+
continue;
|
|
283
|
+
const key = `${lineNum}:hardcoded-credential-entropy`;
|
|
284
|
+
if (seen.has(key))
|
|
285
|
+
continue;
|
|
286
|
+
// Also dedup against provider-pattern hits on the same line — the
|
|
287
|
+
// entropy branch is purely additive coverage.
|
|
288
|
+
if (seen.has(`${lineNum}:hardcoded-credential`))
|
|
289
|
+
continue;
|
|
290
|
+
seen.add(key);
|
|
291
|
+
ctx.addFinding({
|
|
292
|
+
id: `hardcoded-credential-entropy-${file}-${lineNum}`,
|
|
293
|
+
pass: this.name,
|
|
294
|
+
category: this.category,
|
|
295
|
+
rule_id: 'hardcoded-credential-entropy',
|
|
296
|
+
cwe: 'CWE-798',
|
|
297
|
+
severity: 'high',
|
|
298
|
+
level: 'warning',
|
|
299
|
+
message: `Possible hardcoded secret: high-entropy string literal (${value.length} chars)`,
|
|
300
|
+
file,
|
|
301
|
+
line: lineNum,
|
|
302
|
+
snippet: lineText.trim().substring(0, 120),
|
|
303
|
+
fix: 'If this is a credential, move it to environment / secrets manager. If it is sample data, add an `example` / `test` marker or disable this pass via `disabledPasses: [\'scan-secrets\']`.',
|
|
304
|
+
evidence: { kind: 'entropy', length: value.length },
|
|
305
|
+
});
|
|
306
|
+
entropyFindings += 1;
|
|
307
|
+
}
|
|
308
|
+
}
|
|
309
|
+
return { providerFindings, entropyFindings };
|
|
310
|
+
}
|
|
311
|
+
/** Length + shape + denylist filter before entropy is computed. */
|
|
312
|
+
isCandidate(s) {
|
|
313
|
+
if (s.length < 20 || s.length > 200)
|
|
314
|
+
return false;
|
|
315
|
+
if (!BASE64ISH_RE.test(s) && !HEXISH_RE.test(s))
|
|
316
|
+
return false;
|
|
317
|
+
if (UUID_RE.test(s))
|
|
318
|
+
return false;
|
|
319
|
+
if (isBareHashShape(s))
|
|
320
|
+
return false;
|
|
321
|
+
if (isAllSameChar(s))
|
|
322
|
+
return false;
|
|
323
|
+
if (PLACEHOLDER_RE.test(s))
|
|
324
|
+
return false;
|
|
325
|
+
// Skip strings that are themselves a recognizable base64-encoded JSON
|
|
326
|
+
// payload (configs, PEM-bundles, etc.).
|
|
327
|
+
if (looksLikeBase64Json(s))
|
|
328
|
+
return false;
|
|
329
|
+
return true;
|
|
330
|
+
}
|
|
331
|
+
/**
|
|
332
|
+
* Shannon-entropy gate. Base64-shaped strings need higher entropy than
|
|
333
|
+
* hex-shaped (hex alphabet is 4 bits/char by construction). When the
|
|
334
|
+
* surrounding line contains a credential-shaped variable name, both
|
|
335
|
+
* thresholds drop by 0.2 bits/char.
|
|
336
|
+
*/
|
|
337
|
+
passesEntropyGate(value, lineText) {
|
|
338
|
+
const isHex = HEXISH_RE.test(value);
|
|
339
|
+
const boost = CREDENTIAL_NAME_RE.test(lineText) ? 0.2 : 0;
|
|
340
|
+
const threshold = isHex ? (3.5 - boost) : (4.3 - boost);
|
|
341
|
+
const h = shannonEntropy(value);
|
|
342
|
+
return h >= threshold;
|
|
343
|
+
}
|
|
344
|
+
}
|
|
345
|
+
//# sourceMappingURL=scan-secrets-pass.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan-secrets-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAKH,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,0EAA0E;AAC1E,MAAM,YAAY,GAAG,2FAA2F,CAAC;AACjH,MAAM,gBAAgB,GAAG,gFAAgF,CAAC;AAE1G,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAiBD,MAAM,iBAAiB,GAAsB;IAC3C;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sBAAsB;QAC7B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kFAAkF;KACxF;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oFAAoF;KAC1F;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;QAClC,GAAG,EAAE,oIAAoI;KAC1I;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sEAAsE;QAC7E,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,qIAAqI;KAC3I;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,iGAAiG;KACvG;CACF,CAAC;AAEF,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,iBAAiB,GAAG,oCAAoC,CAAC;AAE/D,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,OAAO,GAAG,iEAAiE,CAAC;AAElF,MAAM,cAAc,GAClB,qOAAqO,CAAC;AAExO,4GAA4G;AAC5G,SAAS,eAAe,CAAC,CAAS;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACvE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0FAA0F;AAC1F,SAAS,eAAe,CAAC,CAAS;IAChC,mEAAmE;IACnE,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,uFAAuF;AACvF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,OAAO,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IACpC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QAClB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kGAAkG;AAClG,MAAM,kBAAkB,GAAG,8DAA8D,CAAC;AAE1F,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,2CAA2C,CAAC;AACjE,MAAM,kBAAkB,GAAG,+CAA+C,CAAC;AAY3E,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,cAAc,CAAC;IACtB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;QAEpC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,gBAAgB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC;QACxC,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YAC9B,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,IAAI,CAAC,CAAC,OAAO,KAAK,8BAA8B,EAAE,CAAC;gBACzF,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,6CAA6C;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAEjB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;oBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,sBAAsB;oBAC/B,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,yBAAyB,OAAO,CAAC,IAAI,WAAW;oBACzD,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;iBACnE,CAAC,CAAC;gBACH,gBAAgB,IAAI,CAAC,CAAC;gBACtB,sEAAsE;gBACtE,4DAA4D;gBAC5D,MAAM;YACR,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAC1C,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEhD,2DAA2D;YAC3D,iBAAiB,CAAC,SAAS,GAAG,CAAC,CAAC;YAChC,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACvC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC;oBAAE,SAAS;gBAEvD,MAAM,GAAG,GAAG,GAAG,OAAO,+BAA+B,CAAC;gBACtD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,kEAAkE;gBAClE,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,uBAAuB,CAAC;oBAAE,SAAS;gBAC1D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,gCAAgC,IAAI,IAAI,OAAO,EAAE;oBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,8BAA8B;oBACvC,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,SAAS;oBAChB,OAAO,EAAE,2DAA2D,KAAK,CAAC,MAAM,SAAS;oBACzF,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,0LAA0L;oBAC/L,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;iBACpD,CAAC,CAAC;gBACH,eAAe,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC;IAC/C,CAAC;IAED,mEAAmE;IAC3D,WAAW,CAAC,CAAS;QAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,IAAI,eAAe,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACnC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,sEAAsE;QACtE,wCAAwC;QACxC,IAAI,mBAAmB,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,KAAa,EAAE,QAAgB;QACvD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,CAAC,IAAI,SAAS,CAAC;IACxB,CAAC;CACF"}
|
package/dist/analyzer.d.ts
CHANGED
|
@@ -45,6 +45,7 @@
|
|
|
45
45
|
* 38. MissingStreamPass — whole-file read without streaming (performance)
|
|
46
46
|
* 39. GodClassPass — class with high WMC/LCOM2/CBO metrics (CWE-1060)
|
|
47
47
|
* 40. NamingConventionPass — class/method names violate language conventions
|
|
48
|
+
* 41. ScanSecretsPass — hardcoded credentials: provider regexes + Shannon entropy (CWE-798)
|
|
48
49
|
*
|
|
49
50
|
* Removed from default pipeline (raw IR signals still available for circle-ir-ai):
|
|
50
51
|
* – MissingGuardDomPass — false positives in framework-auth codebases (see pass file)
|
package/dist/analyzer.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../src/analyzer.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../src/analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAA2B,eAAe,EAAe,MAAM,kBAAkB,CAAC;AAC1H,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAWL,KAAK,iBAAiB,EACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAKL,eAAe,EAChB,MAAM,qBAAqB,CAAC;AAgC7B,OAAO,EAAwB,KAAK,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AAKlH,OAAO,EAA2B,KAAK,0BAA0B,EAAE,MAAM,gDAAgD,CAAC;AAe1H,OAAO,EAAwB,KAAK,uBAAuB,EAAE,MAAM,6CAA6C,CAAC;AACjH,OAAO,EAAuB,KAAK,sBAAsB,EAA6B,MAAM,4CAA4C,CAAC;AAsBzI,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,UAAU,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC;IAEhC;;OAEG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAC;IAE3D;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;IAEzE;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,uBAAuB,CAAC;IAC3C,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,uBAAuB,CAAC;IAC3C,iDAAiD;IACjD,mBAAmB,CAAC,EAAE,0BAA0B,CAAC;IACjD,6CAA6C;IAC7C,eAAe,CAAC,EAAE,sBAAsB,CAAC;CAC1C;AAID;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAc/E;AA4HD;;GAEG;AACH,wBAAsB,OAAO,CAC3B,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,QAAQ,CAAC,CAkInB;AA6FD;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,gBAAgB,CAAC,CAoG3B;AAkID;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,OAAO,CAE/C;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAEpC;AAMD;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,iBAAiB,CAAA;CAAE,CAAC,EAC7E,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,eAAe,CAAC,CAmE1B;AAsBD,OAAO,EAAE,eAAe,EAAE,CAAC"}
|
package/dist/analyzer.js
CHANGED
|
@@ -45,6 +45,7 @@
|
|
|
45
45
|
* 38. MissingStreamPass — whole-file read without streaming (performance)
|
|
46
46
|
* 39. GodClassPass — class with high WMC/LCOM2/CBO metrics (CWE-1060)
|
|
47
47
|
* 40. NamingConventionPass — class/method names violate language conventions
|
|
48
|
+
* 41. ScanSecretsPass — hardcoded credentials: provider regexes + Shannon entropy (CWE-798)
|
|
48
49
|
*
|
|
49
50
|
* Removed from default pipeline (raw IR signals still available for circle-ir-ai):
|
|
50
51
|
* – MissingGuardDomPass — false positives in framework-auth codebases (see pass file)
|
|
@@ -102,6 +103,7 @@ import { MissingStreamPass } from './analysis/passes/missing-stream-pass.js';
|
|
|
102
103
|
import { GodClassPass } from './analysis/passes/god-class-pass.js';
|
|
103
104
|
import { NamingConventionPass } from './analysis/passes/naming-convention-pass.js';
|
|
104
105
|
import { SecurityHeadersPass, checkInheritedCorsHeaders } from './analysis/passes/security-headers-pass.js';
|
|
106
|
+
import { ScanSecretsPass } from './analysis/passes/scan-secrets-pass.js';
|
|
105
107
|
// Project-level pass imports
|
|
106
108
|
import { ImportGraph } from './graph/import-graph.js';
|
|
107
109
|
import { CircularDependencyPass } from './analysis/passes/circular-dependency-pass.js';
|
|
@@ -279,6 +281,10 @@ export async function analyze(code, filePath, language, options = {}) {
|
|
|
279
281
|
pipeline.add(new SinkFilterPass());
|
|
280
282
|
pipeline.add(new TaintPropagationPass());
|
|
281
283
|
pipeline.add(new InterproceduralPass());
|
|
284
|
+
// Secret scanner runs after LanguageSourcesPass so the legacy Bash
|
|
285
|
+
// `hardcoded-credential` findings are already in the dedup buffer.
|
|
286
|
+
if (!disabledPasses.has('scan-secrets'))
|
|
287
|
+
pipeline.add(new ScanSecretsPass());
|
|
282
288
|
// Optional passes — can be disabled via disabledPasses
|
|
283
289
|
if (!disabledPasses.has('dead-code'))
|
|
284
290
|
pipeline.add(new DeadCodePass());
|
package/dist/analyzer.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../src/analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AAIH,OAAO,EACL,UAAU,EACV,KAAK,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAEhB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,EAC1B,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,oBAAoB;AACpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,8BAA8B,EAAE,MAAM,iDAAiD,CAAC;AACjG,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAGjE,eAAe;AACf,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AACvH,OAAO,EAAE,oBAAoB,EAAE,MAAM,6CAA6C,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2CAA2C,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,sCAAsC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,wCAAwC,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AACpF,OAAO,EAAE,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,8CAA8C,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2CAA2C,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAgC,MAAM,8CAA8C,CAAC;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAmC,MAAM,gDAAgD,CAAC;AAC1H,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4CAA4C,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2CAA2C,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,mDAAmD,CAAC;AAC9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,gDAAgD,CAAC;AACxF,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AACzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAgC,MAAM,6CAA6C,CAAC;AACjH,OAAO,EAAE,mBAAmB,EAA+B,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAEzI,6BAA6B;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,UAAU;AACV,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAE3D,gCAAgC;AAChC,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,iCAAiC,GAClC,MAAM,4CAA4C,CAAC;AA4DpD,IAAI,WAAW,GAAG,KAAK,CAAC;AAExB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAA2B,EAAE;IAC9D,IAAI,WAAW;QAAE,OAAO;IAExB,qCAAqC;IACrC,sBAAsB,EAAE,CAAC;IAEzB,MAAM,UAAU,CAAC;QACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,eAAe,EAAE,OAAO,CAAC,eAAe;KACzC,CAAC,CAAC;IAEH,WAAW,GAAG,IAAI,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAwB,EACxB,MAAyB,EACzB,OAAqC,EACrC,KAAiC;IAEjC,+CAA+C;IAC/C,MAAM,SAAS,GAA0B,EAAE,CAAC;IAE5C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,iDAAiD;YACjD,IAAI,IAAI,GAAwD,SAAS,CAAC;YAC1E,IAAI,aAAa,GAA4C,UAAU,CAAC;YAExE,mCAAmC;YACnC,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACzB,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CACzB,EAAE,CAAC;gBACF,IAAI,GAAG,YAAY,CAAC;gBACpB,aAAa,GAAG,aAAa,CAAC;YAChC,CAAC;YACD,oCAAoC;iBAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC9C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACvC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;gBAChE,IAAI,GAAG,YAAY,CAAC;YACtB,CAAC;YACD,6BAA6B;iBACxB,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC3C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;gBAC7D,IAAI,GAAG,SAAS,CAAC;YACnB,CAAC;YAED,uBAAuB;YACvB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,IAAI,GAA2C,KAAK,CAAC;YACzD,IAAI,QAAQ;gBAAE,IAAI,GAAG,MAAM,CAAC;iBACvB,IAAI,UAAU;gBAAE,IAAI,GAAG,QAAQ,CAAC;YAErC,+CAA+C;YAC/C,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;gBACzC,SAAS,CAAC,IAAI,CAAC;oBACb,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE;oBAC1C,IAAI;oBACJ,IAAI;oBACJ,cAAc,EAAE,aAAa;oBAC7B,OAAO,EAAE,GAAG,IAAI,cAAc,IAAI,CAAC,IAAI,EAAE;iBAC1C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACxD,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iEAAiE;AACjE,8EAA8E;AAE9E,SAAS,uBAAuB,CAAC,QAA2B;IAC1D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,IAAI,GAAG,CAAC;gBACb,iBAAiB,EAAE,kBAAkB,EAAE,eAAe,EAAE,aAAa;gBACrE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,iBAAiB;gBACrE,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB;aAC3D,CAAC,CAAC;QACL,KAAK,QAAQ;YACX,OAAO,IAAI,GAAG,CAAC;gBACb,MAAM,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,kBAAkB;gBACrE,uBAAuB,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW;aAChE,CAAC,CAAC;QACL,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,IAAI,GAAG,CAAC;gBACb,iBAAiB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,sBAAsB;gBAChF,gBAAgB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,qBAAqB;gBACpF,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,uBAAuB;aACrF,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,IAAI,GAAG,CAAC;gBACb,SAAS,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,qBAAqB;gBAC9E,cAAc,EAAE,eAAe,EAAE,uBAAuB,EAAE,iBAAiB;aAC5E,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,IAAI,GAAG,CAAC;gBACb,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,WAAW;gBACzD,WAAW,EAAE,kBAAkB,EAAE,MAAM;aACxC,CAAC,CAAC;QACL,KAAK,IAAI;YACP,OAAO,IAAI,GAAG,CAAC;gBACb,iBAAiB,EAAE,sBAAsB,EAAE,oBAAoB;gBAC/D,gBAAgB,EAAE,oBAAoB,EAAE,aAAa;gBACrD,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB;gBAClE,kBAAkB,EAAE,cAAc,EAAE,eAAe;gBACnD,kBAAkB,EAAE,iBAAiB,EAAE,cAAc;gBACrD,qBAAqB,EAAE,YAAY;aACpC,CAAC,CAAC;QACL;YACE,OAAO,IAAI,GAAG,CAAC;gBACb,mBAAmB,EAAE,4BAA4B,EAAE,mBAAmB;gBACtE,oBAAoB,EAAE,yBAAyB,EAAE,mBAAmB;gBACpE,oBAAoB,EAAE,uBAAuB,EAAE,kBAAkB;aAClE,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,IAAY,EACZ,QAAgB,EAChB,QAA2B,EAC3B,UAA2B,EAAE;IAE7B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAED,uEAAuE;IACvE,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,eAAe,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAEhF,iBAAiB;IACjB,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAEjE,sEAAsE;IACtE,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEpF,4BAA4B;IAC5B,MAAM,IAAI,GAAM,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAK,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,KAAK,GAAK,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,GAAG,GAAO,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,MAAM,GAAG,GAAO,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,mDAAmD;IACnD,yFAAyF;IACzF,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC;QAC1B,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG;QAC5B,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;QACjD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;KAC/C,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,IAAI,gBAAgB,EAAE,CAAC;IAEzD,6DAA6D;IAC7D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;IAE3C,MAAM,QAAQ,GAAG,IAAI,gBAAgB,EAAE,CAAC;IAExC,8CAA8C;IAC9C,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACrC,QAAQ,CAAC,GAAG,CAAC,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;IAChD,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IACxC,QAAQ,CAAC,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC;IACnC,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;IACzC,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAExC,uDAAuD;IACvD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC;QAAc,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC;QAAa,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;IAC3F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;IAC3F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC1F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC;QAAa,QAAQ,CAAC,GAAG,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACpF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;IAC5F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAAQ,QAAQ,CAAC,GAAG,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACzF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACpH,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC1F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,4BAA4B,CAAC;QAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,uBAAuB,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC1H,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACzF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC;QAAY,QAAQ,CAAC,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAAQ,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAAS,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC1F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,yBAAyB,EAAE,CAAC,CAAC;IAClG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,uBAAuB,EAAE,CAAC,CAAC;IAC9F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAAS,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC;QAAc,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAAM,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACpH,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;IAElH,mBAAmB;IACnB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE1E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAwB,CAAC;IACrE,MAAM,SAAS,GAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAA8B,CAAC;IAE/E,MAAM,KAAK,GAAsB;QAC/B,OAAO,EAAK,UAAU,CAAC,OAAO;QAC9B,KAAK,EAAO,CAAC,GAAG,UAAU,CAAC,KAAK,EAAE,GAAG,SAAS,CAAC,eAAe,CAAC;QAC/D,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,KAAK,EAAO,SAAS,CAAC,eAAe;QACrC,eAAe,EAAE,SAAS,CAAC,eAAe;KAC3C,CAAC;IAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAK,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAE3E,kEAAkE;IAClE,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC,GAAG,CACzC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,EAC/E,IAAI,EACJ,QAAQ,CACT,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChC,QAAQ;QACR,YAAY,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM;QAClC,UAAU,EAAI,KAAK,CAAC,KAAK,CAAC,MAAM;QAChC,KAAK,EAAS,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC;QACtC,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;QAC3E,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpD,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE;KACnD,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAC5B,IAAY,EACZ,QAAgB,EAChB,OAAwB;IAExB,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3E,aAAa;IACb,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEvD,2CAA2C;IAC3C,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE1E,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;QAC9B,QAAQ;QACR,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM;QACnE,eAAe,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,MAAM;QAC3E,aAAa,EAAE,aAAa,CAAC,MAAM;KACpC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,MAAM,aAAa,GAAwB,EAAE,CAAC;IAE9C,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAE5D,qDAAqD;QACrD,MAAM,UAAU,GACd,KAAK,CAAC,UAAU,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,KAAK,YAAY;YAC9D,KAAK,CAAC,UAAU,KAAK,iBAAiB;YACpC,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,YAAY,CAAC;QAEnB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;YACpE,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE;gBAC5C,QAAQ;gBACR,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,cAAc,OAAO,CAAC,SAAS,gBAAgB,OAAO,CAAC,IAAI,IAAI,CAAC;QACpF,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACvE,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;gBAC7C,QAAQ;gBACR,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,iBAAiB,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAElF,mBAAmB;IACnB,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,EAAE,aAAa,EAAE,iBAAiB,CAAC,CAAC;IAExE,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;QACrC,QAAQ;QACR,YAAY,EAAE,aAAa,CAAC,MAAM;QAClC,iBAAiB,EAAE,iBAAiB,CAAC,MAAM;QAC3C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;KAC5C,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAY,EACZ,QAAgB,EAChB,QAA2B,EAC3B,UAA2B,EAAE;IAE7B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IACrC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;IAEjD,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAExC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEpF,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEtD,2BAA2B;IAC3B,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,IAAI,gBAAgB,EAAE,CAAC;IACzD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAEjD,4BAA4B;IAC5B,IAAI,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAEjG,mFAAmF;IACnF,aAAa,GAAG,wBAAwB,CACtC,aAAa,EACb,KAAK,EACL,eAAe,CAAC,OAAO,EACvB,eAAe,CAAC,OAAO,EACvB,SAAS,EACT,eAAe,CAAC,aAAa,EAC7B,eAAe,CAAC,iBAAiB,CAClC,CAAC;IAEF,sDAAsD;IACtD,aAAa,GAAG,oBAAoB,CAAC,aAAa,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IAEnF,yEAAyE;IACzE,wCAAwC;IACxC,IAAI,iBAAiB,GAAwB,IAAI,GAAG,EAAE,CAAC;IACvD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,iBAAiB,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,mBAAmB,GAAG,wBAAwB,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;gBAAE,OAAO,IAAI,CAAC;YACjD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACtD,MAAM,gBAAgB,GAAG,CAAC,GAAG,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9D,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAC5C,CAAC;YACF,IAAI,CAAC,gBAAgB;gBAAE,OAAO,KAAK,CAAC;YACpC,IAAI,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5D,IAAI,IAAI,MAAM,CAAC,0CAA0C,gBAAgB,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;gBAAE,OAAO,KAAK,CAAC;YACjH,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED,kDAAkD;IAClD,MAAM,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAElG,6EAA6E;IAC7E,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,eAAe,GAAG,iCAAiC,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QACnF,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,eAAe,CAAC,IAAI,CAC1C,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,CACpF,CAAC;YACF,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,gBAAgB;oBACtB,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE;oBAClD,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE;oBAClD,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC;IACvD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAEhD,OAAO;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE;YACR,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,aAAa;YACpB,eAAe;SAChB;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;YAClC,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;YACxC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;SACnC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E;;GAEG;AACH,SAAS,mBAAmB,CAC1B,OAAqC,EACrC,KAAiC,EACjC,KAAyB,EACzB,eAAkG;IAElG,MAAM,eAAe,GAAoB,EAAE,CAAC;IAE5C,MAAM,mBAAmB,GAA6B;QACpD,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,CAAC;QACxH,SAAS,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,CAAC;QACpG,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,MAAM,CAAC;QAC7C,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,CAAC;QACrC,SAAS,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC;QACtD,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACjE,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACpG,SAAS,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QAClD,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC;QAClC,UAAU,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACtG,aAAa,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACpE,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC;QACrF,qBAAqB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,CAAC;QACrJ,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,CAAC;QAC/F,iBAAiB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,CAAC;KAC5K,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,cAAc,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,yEAAyE;gBACzE,IAAI,KAAK,IAAI,eAAe,EAAE,CAAC;oBAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,QAAQ,EAAE,CAAC;wBACb,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,IAAI,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;4BACvC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gCACtB,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAC/D,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,IAAI,KAAK,QAAQ,CAAC;gCACpE,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gCACjE,IAAI,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;oCAC7B,SAAS;gCACX,CAAC;4BACH,CAAC;4BACD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gCACxB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gCAC3D,IAAI,CAAC,gBAAgB,EAAE,CAAC;oCACtB,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAClD,GAAG,CAAC,QAAQ,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAC1D,CAAC;oCACF,IAAI,CAAC,aAAa,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wCAC1D,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC;wCAC/E,IAAI,OAAO,UAAU,KAAK,QAAQ;4CAC9B,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;4CACvF,SAAS;wCACX,CAAC;oCACH,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,MAAM,UAAU,GAAG,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAEzD,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ,EAAE,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;oBACrD,MAAM,EAAE;wBACN,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,IAAI,EAAE,MAAM,CAAC,IAAI;qBAClB;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,IAAI;qBAChB;oBACD,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqC,CAAC;IAC7D,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAEzD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAAuC,EACvC,IAAmC;IAEnC,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,QAAQ,GAAG,EAAE,EAAE,CAAC;QAClB,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;SAAM,IAAI,QAAQ,GAAG,EAAE,EAAE,CAAC;QACzB,UAAU,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;IACD,UAAU,GAAG,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,WAAW,GAAG,KAAK,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,sCAAsC;AACtC,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAA6E,EAC7E,UAA2B,EAAE;IAE7B,MAAM,YAAY,GAAgD,EAAE,CAAC;IACrE,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;IACxC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAoB,CAAC;IAEtD,uBAAuB;IACvB,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,KAAK,EAAE,CAAC;QACjD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5D,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,yBAAyB;IACzB,MAAM,eAAe,GAAG,IAAI,aAAa,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;IAEjF,wEAAwE;IACxE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IACpD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACjD,MAAM,iBAAiB,GAAG,yBAAyB,CACjD,YAAY,EAAE,YAAY,CAAC,aAAa,EAAE,iBAAiB,CAC5D,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,MAAM,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,EAAE,EAAE,CAAC;gBACP,EAAE,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACrE,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,IAAI,sBAAsB,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAChE,MAAM,cAAc,GAAG,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC;QAC7D,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,IAAI,gBAAgB,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAE1D,8EAA8E;IAC9E,KAAK,MAAM,OAAO,IAAI,CAAC,GAAG,gBAAgB,EAAE,GAAG,cAAc,CAAC,EAAE,CAAC;QAC/D,MAAM,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,EAAE,EAAE,CAAC;YACP,EAAE,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAI,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvF,MAAM,IAAI,GAAgB;QACxB,IAAI,EAAU,iBAAiB,CAAC,SAAS,CAAC;QAC1C,IAAI,EAAU,iBAAiB,CAAC,SAAS,CAAC;QAC1C,QAAQ,EAAM,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,MAAM;QAC1C,WAAW,EAAG,KAAK,CAAC,MAAM;QAC1B,SAAS,EAAK,QAAQ;QACtB,WAAW,EAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACvC,CAAC;IAEF,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,YAAY;QACnB,cAAc,EAAG,eAAe,CAAC,aAAa;QAC9C,gBAAgB,EAAE,eAAe,CAAC,cAAc;QAChD,WAAW,EAAM,eAAe,CAAC,UAAU;QAC3C,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,MAAM,IAAI,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC;AAC5D,CAAC;AAED,sEAAsE;AACtE,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;IACrD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC;AACjC,CAAC;AAED,+DAA+D;AAC/D,OAAO,EAAE,eAAe,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../src/analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AAIH,OAAO,EACL,UAAU,EACV,KAAK,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAEhB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,EAC1B,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,oBAAoB;AACpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,8BAA8B,EAAE,MAAM,iDAAiD,CAAC;AACjG,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAGjE,eAAe;AACf,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AACvH,OAAO,EAAE,oBAAoB,EAAE,MAAM,6CAA6C,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,MAAM,2CAA2C,CAAC;AAChF,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,sCAAsC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,wCAAwC,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AACpF,OAAO,EAAE,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,8CAA8C,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,2CAA2C,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAgC,MAAM,8CAA8C,CAAC;AAClH,OAAO,EAAE,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAmC,MAAM,gDAAgD,CAAC;AAC1H,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4CAA4C,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2CAA2C,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,mDAAmD,CAAC;AAC9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,gDAAgD,CAAC;AACxF,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AACzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAgC,MAAM,6CAA6C,CAAC;AACjH,OAAO,EAAE,mBAAmB,EAA+B,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACzI,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AAEzE,6BAA6B;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+CAA+C,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,UAAU;AACV,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAE3D,gCAAgC;AAChC,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,iCAAiC,GAClC,MAAM,4CAA4C,CAAC;AA4DpD,IAAI,WAAW,GAAG,KAAK,CAAC;AAExB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAA2B,EAAE;IAC9D,IAAI,WAAW;QAAE,OAAO;IAExB,qCAAqC;IACrC,sBAAsB,EAAE,CAAC;IAEzB,MAAM,UAAU,CAAC;QACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,eAAe,EAAE,OAAO,CAAC,eAAe;KACzC,CAAC,CAAC;IAEH,WAAW,GAAG,IAAI,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,KAAwB,EACxB,MAAyB,EACzB,OAAqC,EACrC,KAAiC;IAEjC,+CAA+C;IAC/C,MAAM,SAAS,GAA0B,EAAE,CAAC;IAE5C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,iDAAiD;YACjD,IAAI,IAAI,GAAwD,SAAS,CAAC;YAC1E,IAAI,aAAa,GAA4C,UAAU,CAAC;YAExE,mCAAmC;YACnC,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACzB,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CACzB,EAAE,CAAC;gBACF,IAAI,GAAG,YAAY,CAAC;gBACpB,aAAa,GAAG,aAAa,CAAC;YAChC,CAAC;YACD,oCAAoC;iBAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC9C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACvC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;gBAChE,IAAI,GAAG,YAAY,CAAC;YACtB,CAAC;YACD,6BAA6B;iBACxB,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC3C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;gBAC7D,IAAI,GAAG,SAAS,CAAC;YACnB,CAAC;YAED,uBAAuB;YACvB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,IAAI,GAA2C,KAAK,CAAC;YACzD,IAAI,QAAQ;gBAAE,IAAI,GAAG,MAAM,CAAC;iBACvB,IAAI,UAAU;gBAAE,IAAI,GAAG,QAAQ,CAAC;YAErC,+CAA+C;YAC/C,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;gBACzC,SAAS,CAAC,IAAI,CAAC;oBACb,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE;oBAC1C,IAAI;oBACJ,IAAI;oBACJ,cAAc,EAAE,aAAa;oBAC7B,OAAO,EAAE,GAAG,IAAI,cAAc,IAAI,CAAC,IAAI,EAAE;iBAC1C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACxD,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iEAAiE;AACjE,8EAA8E;AAE9E,SAAS,uBAAuB,CAAC,QAA2B;IAC1D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,IAAI,GAAG,CAAC;gBACb,iBAAiB,EAAE,kBAAkB,EAAE,eAAe,EAAE,aAAa;gBACrE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,iBAAiB;gBACrE,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB;aAC3D,CAAC,CAAC;QACL,KAAK,QAAQ;YACX,OAAO,IAAI,GAAG,CAAC;gBACb,MAAM,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,kBAAkB;gBACrE,uBAAuB,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW;aAChE,CAAC,CAAC;QACL,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,IAAI,GAAG,CAAC;gBACb,iBAAiB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,sBAAsB;gBAChF,gBAAgB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,qBAAqB;gBACpF,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,uBAAuB;aACrF,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,IAAI,GAAG,CAAC;gBACb,SAAS,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,qBAAqB;gBAC9E,cAAc,EAAE,eAAe,EAAE,uBAAuB,EAAE,iBAAiB;aAC5E,CAAC,CAAC;QACL,KAAK,MAAM;YACT,OAAO,IAAI,GAAG,CAAC;gBACb,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,WAAW;gBACzD,WAAW,EAAE,kBAAkB,EAAE,MAAM;aACxC,CAAC,CAAC;QACL,KAAK,IAAI;YACP,OAAO,IAAI,GAAG,CAAC;gBACb,iBAAiB,EAAE,sBAAsB,EAAE,oBAAoB;gBAC/D,gBAAgB,EAAE,oBAAoB,EAAE,aAAa;gBACrD,iBAAiB,EAAE,uBAAuB,EAAE,sBAAsB;gBAClE,kBAAkB,EAAE,cAAc,EAAE,eAAe;gBACnD,kBAAkB,EAAE,iBAAiB,EAAE,cAAc;gBACrD,qBAAqB,EAAE,YAAY;aACpC,CAAC,CAAC;QACL;YACE,OAAO,IAAI,GAAG,CAAC;gBACb,mBAAmB,EAAE,4BAA4B,EAAE,mBAAmB;gBACtE,oBAAoB,EAAE,yBAAyB,EAAE,mBAAmB;gBACpE,oBAAoB,EAAE,uBAAuB,EAAE,kBAAkB;aAClE,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,IAAY,EACZ,QAAgB,EAChB,QAA2B,EAC3B,UAA2B,EAAE;IAE7B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAED,uEAAuE;IACvE,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,eAAe,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAEhF,iBAAiB;IACjB,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAEjE,sEAAsE;IACtE,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEpF,4BAA4B;IAC5B,MAAM,IAAI,GAAM,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAK,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,KAAK,GAAK,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,GAAG,GAAO,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,MAAM,GAAG,GAAO,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,mDAAmD;IACnD,yFAAyF;IACzF,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC;QAC1B,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG;QAC5B,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;QACjD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;KAC/C,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,IAAI,gBAAgB,EAAE,CAAC;IAEzD,6DAA6D;IAC7D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;IAE3C,MAAM,QAAQ,GAAG,IAAI,gBAAgB,EAAE,CAAC;IAExC,8CAA8C;IAC9C,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACrC,QAAQ,CAAC,GAAG,CAAC,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;IAChD,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IACxC,QAAQ,CAAC,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC;IACnC,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;IACzC,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAExC,mEAAmE;IACnE,mEAAmE;IACnE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IAEtF,uDAAuD;IACvD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC;QAAc,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC;QAAa,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;IAC3F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC,CAAC;IAC3F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC1F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC;QAAa,QAAQ,CAAC,GAAG,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;IACpF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;IAC5F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAAQ,QAAQ,CAAC,GAAG,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACzF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACpH,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC;QAAU,QAAQ,CAAC,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACvF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC1F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,4BAA4B,CAAC;QAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,uBAAuB,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC1H,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACzF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC;QAAY,QAAQ,CAAC,GAAG,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;QAAW,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAAQ,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAAS,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC1F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,yBAAyB,EAAE,CAAC,CAAC;IAClG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC,CAAC;IAC7F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,uBAAuB,EAAE,CAAC,CAAC;IAC9F,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAAS,QAAQ,CAAC,GAAG,CAAC,IAAI,iBAAiB,EAAE,CAAC,CAAC;IACxF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC;QAAc,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAAM,QAAQ,CAAC,GAAG,CAAC,IAAI,oBAAoB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACpH,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAAO,QAAQ,CAAC,GAAG,CAAC,IAAI,mBAAmB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;IAElH,mBAAmB;IACnB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE1E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAwB,CAAC;IACrE,MAAM,SAAS,GAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAA8B,CAAC;IAE/E,MAAM,KAAK,GAAsB;QAC/B,OAAO,EAAK,UAAU,CAAC,OAAO;QAC9B,KAAK,EAAO,CAAC,GAAG,UAAU,CAAC,KAAK,EAAE,GAAG,SAAS,CAAC,eAAe,CAAC;QAC/D,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,KAAK,EAAO,SAAS,CAAC,eAAe;QACrC,eAAe,EAAE,SAAS,CAAC,eAAe;KAC3C,CAAC;IAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAK,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAE3E,kEAAkE;IAClE,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC,GAAG,CACzC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,EAC/E,IAAI,EACJ,QAAQ,CACT,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAChC,QAAQ;QACR,YAAY,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM;QAClC,UAAU,EAAI,KAAK,CAAC,KAAK,CAAC,MAAM;QAChC,KAAK,EAAS,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC;QACtC,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;QAC3E,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpD,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE;KACnD,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAC5B,IAAY,EACZ,QAAgB,EAChB,OAAwB;IAExB,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3E,aAAa;IACb,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEvD,2CAA2C;IAC3C,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE1E,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;QAC9B,QAAQ;QACR,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM;QACnE,eAAe,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,MAAM;QAC3E,aAAa,EAAE,aAAa,CAAC,MAAM;KACpC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,MAAM,aAAa,GAAwB,EAAE,CAAC;IAE9C,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAE5D,qDAAqD;QACrD,MAAM,UAAU,GACd,KAAK,CAAC,UAAU,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,KAAK,YAAY;YAC9D,KAAK,CAAC,UAAU,KAAK,iBAAiB;YACpC,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,YAAY,CAAC;QAEnB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;YACpE,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE;gBAC5C,QAAQ;gBACR,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,cAAc,OAAO,CAAC,SAAS,gBAAgB,OAAO,CAAC,IAAI,IAAI,CAAC;QACpF,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACvE,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;gBAC7C,QAAQ;gBACR,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,iBAAiB,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAElF,mBAAmB;IACnB,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,EAAE,aAAa,EAAE,iBAAiB,CAAC,CAAC;IAExE,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;QACrC,QAAQ;QACR,YAAY,EAAE,aAAa,CAAC,MAAM;QAClC,iBAAiB,EAAE,iBAAiB,CAAC,MAAM;QAC3C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;KAC5C,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAY,EACZ,QAAgB,EAChB,QAA2B,EAC3B,UAA2B,EAAE;IAE7B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IACrC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;IAEjD,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAExC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEpF,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEtD,2BAA2B;IAC3B,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,IAAI,gBAAgB,EAAE,CAAC;IACzD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAEjD,4BAA4B;IAC5B,IAAI,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAEjG,mFAAmF;IACnF,aAAa,GAAG,wBAAwB,CACtC,aAAa,EACb,KAAK,EACL,eAAe,CAAC,OAAO,EACvB,eAAe,CAAC,OAAO,EACvB,SAAS,EACT,eAAe,CAAC,aAAa,EAC7B,eAAe,CAAC,iBAAiB,CAClC,CAAC;IAEF,sDAAsD;IACtD,aAAa,GAAG,oBAAoB,CAAC,aAAa,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IAEnF,yEAAyE;IACzE,wCAAwC;IACxC,IAAI,iBAAiB,GAAwB,IAAI,GAAG,EAAE,CAAC;IACvD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,iBAAiB,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,mBAAmB,GAAG,wBAAwB,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;gBAAE,OAAO,IAAI,CAAC;YACjD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACtD,MAAM,gBAAgB,GAAG,CAAC,GAAG,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9D,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAC5C,CAAC;YACF,IAAI,CAAC,gBAAgB;gBAAE,OAAO,KAAK,CAAC;YACpC,IAAI,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5D,IAAI,IAAI,MAAM,CAAC,0CAA0C,gBAAgB,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;gBAAE,OAAO,KAAK,CAAC;YACjH,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED,kDAAkD;IAClD,MAAM,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAElG,6EAA6E;IAC7E,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,eAAe,GAAG,iCAAiC,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QACnF,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,eAAe,CAAC,IAAI,CAC1C,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,CACpF,CAAC;YACF,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,gBAAgB;oBACtB,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE;oBAClD,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE;oBAClD,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC;IACvD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAEhD,OAAO;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE;YACR,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,aAAa;YACpB,eAAe;SAChB;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;YAClC,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;YACxC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;SACnC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E;;GAEG;AACH,SAAS,mBAAmB,CAC1B,OAAqC,EACrC,KAAiC,EACjC,KAAyB,EACzB,eAAkG;IAElG,MAAM,eAAe,GAAoB,EAAE,CAAC;IAE5C,MAAM,mBAAmB,GAA6B;QACpD,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,CAAC;QACxH,SAAS,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,CAAC;QACpG,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,MAAM,CAAC;QAC7C,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,CAAC;QACrC,SAAS,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC;QACtD,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACjE,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACpG,SAAS,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QAClD,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC;QAClC,UAAU,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACtG,aAAa,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACpE,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC;QACrF,qBAAqB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,CAAC;QACrJ,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,CAAC;QAC/F,iBAAiB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,CAAC;KAC5K,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,cAAc,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,yEAAyE;gBACzE,IAAI,KAAK,IAAI,eAAe,EAAE,CAAC;oBAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,QAAQ,EAAE,CAAC;wBACb,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,IAAI,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;4BACvC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gCACtB,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAC/D,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,IAAI,KAAK,QAAQ,CAAC;gCACpE,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gCACjE,IAAI,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;oCAC7B,SAAS;gCACX,CAAC;4BACH,CAAC;4BACD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gCACxB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gCAC3D,IAAI,CAAC,gBAAgB,EAAE,CAAC;oCACtB,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAClD,GAAG,CAAC,QAAQ,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAC1D,CAAC;oCACF,IAAI,CAAC,aAAa,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wCAC1D,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,KAAK,CAAC;wCAC/E,IAAI,OAAO,UAAU,KAAK,QAAQ;4CAC9B,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;4CACvF,SAAS;wCACX,CAAC;oCACH,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,MAAM,UAAU,GAAG,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAEzD,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ,EAAE,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;oBACrD,MAAM,EAAE;wBACN,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,IAAI,EAAE,MAAM,CAAC,IAAI;qBAClB;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,IAAI;qBAChB;oBACD,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqC,CAAC;IAC7D,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAEzD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAAuC,EACvC,IAAmC;IAEnC,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,QAAQ,GAAG,EAAE,EAAE,CAAC;QAClB,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;SAAM,IAAI,QAAQ,GAAG,EAAE,EAAE,CAAC;QACzB,UAAU,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;IACD,UAAU,GAAG,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,WAAW,GAAG,KAAK,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,sCAAsC;AACtC,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAA6E,EAC7E,UAA2B,EAAE;IAE7B,MAAM,YAAY,GAAgD,EAAE,CAAC;IACrE,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;IACxC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAoB,CAAC;IAEtD,uBAAuB;IACvB,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,KAAK,EAAE,CAAC;QACjD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5D,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACpD,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,yBAAyB;IACzB,MAAM,eAAe,GAAG,IAAI,aAAa,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;IAEjF,wEAAwE;IACxE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IACpD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACjD,MAAM,iBAAiB,GAAG,yBAAyB,CACjD,YAAY,EAAE,YAAY,CAAC,aAAa,EAAE,iBAAiB,CAC5D,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,MAAM,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,EAAE,EAAE,CAAC;gBACP,EAAE,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACrE,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,IAAI,sBAAsB,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAChE,MAAM,cAAc,GAAG,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC;QAC7D,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,IAAI,gBAAgB,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAE1D,8EAA8E;IAC9E,KAAK,MAAM,OAAO,IAAI,CAAC,GAAG,gBAAgB,EAAE,GAAG,cAAc,CAAC,EAAE,CAAC;QAC/D,MAAM,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,EAAE,EAAE,CAAC;YACP,EAAE,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAI,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvF,MAAM,IAAI,GAAgB;QACxB,IAAI,EAAU,iBAAiB,CAAC,SAAS,CAAC;QAC1C,IAAI,EAAU,iBAAiB,CAAC,SAAS,CAAC;QAC1C,QAAQ,EAAM,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,MAAM;QAC1C,WAAW,EAAG,KAAK,CAAC,MAAM;QAC1B,SAAS,EAAK,QAAQ;QACtB,WAAW,EAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACvC,CAAC;IAEF,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,YAAY;QACnB,cAAc,EAAG,eAAe,CAAC,aAAa;QAC9C,gBAAgB,EAAE,eAAe,CAAC,cAAc;QAChD,WAAW,EAAM,eAAe,CAAC,UAAU;QAC3C,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,MAAM,IAAI,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC;AAC5D,CAAC;AAED,sEAAsE;AACtE,SAAS,iBAAiB,CAAC,KAAe;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;IACrD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC;AACjC,CAAC;AAED,+DAA+D;AAC/D,OAAO,EAAE,eAAe,EAAE,CAAC"}
|
|
@@ -13302,6 +13302,9 @@ var AnalysisPipeline = class {
|
|
|
13302
13302
|
},
|
|
13303
13303
|
addFinding(finding) {
|
|
13304
13304
|
findings.push(finding);
|
|
13305
|
+
},
|
|
13306
|
+
getFindings() {
|
|
13307
|
+
return findings;
|
|
13305
13308
|
}
|
|
13306
13309
|
};
|
|
13307
13310
|
for (const pass of this.passes) {
|
|
@@ -25013,6 +25016,271 @@ function detectHandler(graph, calls) {
|
|
|
25013
25016
|
return false;
|
|
25014
25017
|
}
|
|
25015
25018
|
|
|
25019
|
+
// src/analysis/passes/scan-secrets-pass.ts
|
|
25020
|
+
var TEST_PATH_RE3 = /(?:^|[\\/])(?:test|tests|spec|specs|__tests?__|__mocks?__|fixtures?|testdata)(?:[\\/]|$)/i;
|
|
25021
|
+
var TEST_FILENAME_RE = /(?:\.(?:test|spec)\.[cm]?[jt]sx?|_test\.go|_test\.py|Test\.java|Tests\.java)$/i;
|
|
25022
|
+
function isTestFile(file) {
|
|
25023
|
+
return TEST_PATH_RE3.test(file) || TEST_FILENAME_RE.test(file);
|
|
25024
|
+
}
|
|
25025
|
+
var PROVIDER_PATTERNS = [
|
|
25026
|
+
{
|
|
25027
|
+
name: "AWS access key",
|
|
25028
|
+
regex: /\bAKIA[0-9A-Z]{16}\b/,
|
|
25029
|
+
severity: "critical",
|
|
25030
|
+
level: "error",
|
|
25031
|
+
fix: "Rotate the AWS access key immediately and move it to an environment variable or AWS Secrets Manager."
|
|
25032
|
+
},
|
|
25033
|
+
{
|
|
25034
|
+
name: "GitHub personal access token",
|
|
25035
|
+
regex: /\bghp_[A-Za-z0-9]{36}\b/,
|
|
25036
|
+
severity: "critical",
|
|
25037
|
+
level: "error",
|
|
25038
|
+
fix: "Revoke the token at https://github.com/settings/tokens and store secrets in CI/CD secrets, not source."
|
|
25039
|
+
},
|
|
25040
|
+
{
|
|
25041
|
+
name: "GitHub OAuth token",
|
|
25042
|
+
regex: /\bgho_[A-Za-z0-9]{36}\b/,
|
|
25043
|
+
severity: "critical",
|
|
25044
|
+
level: "error",
|
|
25045
|
+
fix: "Revoke the OAuth token and store secrets outside source control."
|
|
25046
|
+
},
|
|
25047
|
+
{
|
|
25048
|
+
name: "GitHub user-to-server token",
|
|
25049
|
+
regex: /\bghu_[A-Za-z0-9]{36}\b/,
|
|
25050
|
+
severity: "critical",
|
|
25051
|
+
level: "error",
|
|
25052
|
+
fix: "Revoke the GitHub user-to-server token and store secrets outside source control."
|
|
25053
|
+
},
|
|
25054
|
+
{
|
|
25055
|
+
name: "GitHub server-to-server token",
|
|
25056
|
+
regex: /\bghs_[A-Za-z0-9]{36}\b/,
|
|
25057
|
+
severity: "critical",
|
|
25058
|
+
level: "error",
|
|
25059
|
+
fix: "Revoke the GitHub server-to-server token and store secrets outside source control."
|
|
25060
|
+
},
|
|
25061
|
+
{
|
|
25062
|
+
name: "GitHub refresh token",
|
|
25063
|
+
regex: /\bghr_[A-Za-z0-9]{36}\b/,
|
|
25064
|
+
severity: "critical",
|
|
25065
|
+
level: "error",
|
|
25066
|
+
fix: "Revoke the GitHub refresh token and store secrets outside source control."
|
|
25067
|
+
},
|
|
25068
|
+
{
|
|
25069
|
+
name: "Stripe live secret key",
|
|
25070
|
+
regex: /\bsk_live_[A-Za-z0-9]{24,}\b/,
|
|
25071
|
+
severity: "critical",
|
|
25072
|
+
level: "error",
|
|
25073
|
+
fix: "Rotate the Stripe secret key in the Stripe Dashboard and load it from a secrets manager."
|
|
25074
|
+
},
|
|
25075
|
+
{
|
|
25076
|
+
name: "Stripe live publishable key",
|
|
25077
|
+
regex: /\bpk_live_[A-Za-z0-9]{24,}\b/,
|
|
25078
|
+
severity: "high",
|
|
25079
|
+
level: "warning",
|
|
25080
|
+
fix: "Publishable keys are not secret but should still not be checked in to back-end source files; verify front-end vs back-end context."
|
|
25081
|
+
},
|
|
25082
|
+
{
|
|
25083
|
+
name: "OpenAI API key",
|
|
25084
|
+
regex: /\bsk-[A-Za-z0-9]{48}\b/,
|
|
25085
|
+
severity: "critical",
|
|
25086
|
+
level: "error",
|
|
25087
|
+
fix: "Revoke the OpenAI key at https://platform.openai.com/api-keys and load from environment."
|
|
25088
|
+
},
|
|
25089
|
+
{
|
|
25090
|
+
name: "Anthropic API key",
|
|
25091
|
+
regex: /\bsk-ant-[A-Za-z0-9_-]{90,}\b/,
|
|
25092
|
+
severity: "critical",
|
|
25093
|
+
level: "error",
|
|
25094
|
+
fix: "Revoke the Anthropic key in the Console and load from environment."
|
|
25095
|
+
},
|
|
25096
|
+
{
|
|
25097
|
+
name: "Slack token",
|
|
25098
|
+
regex: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/,
|
|
25099
|
+
severity: "critical",
|
|
25100
|
+
level: "error",
|
|
25101
|
+
fix: "Revoke the Slack token and load from environment."
|
|
25102
|
+
},
|
|
25103
|
+
{
|
|
25104
|
+
name: "Google API key",
|
|
25105
|
+
regex: /\bAIza[0-9A-Za-z_-]{35}\b/,
|
|
25106
|
+
severity: "critical",
|
|
25107
|
+
level: "error",
|
|
25108
|
+
fix: "Restrict the Google API key by referrer / IP in the GCP console or revoke it."
|
|
25109
|
+
},
|
|
25110
|
+
{
|
|
25111
|
+
name: "JSON Web Token",
|
|
25112
|
+
regex: /\beyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/,
|
|
25113
|
+
severity: "critical",
|
|
25114
|
+
level: "error",
|
|
25115
|
+
fix: "JWTs in source carry whatever scope they were minted with; rotate signing keys and remove the token."
|
|
25116
|
+
},
|
|
25117
|
+
{
|
|
25118
|
+
name: "PEM private key",
|
|
25119
|
+
regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----/,
|
|
25120
|
+
severity: "critical",
|
|
25121
|
+
level: "error",
|
|
25122
|
+
fix: "Remove the private key from source control immediately, rotate the corresponding public key, and store keys outside the repository."
|
|
25123
|
+
},
|
|
25124
|
+
{
|
|
25125
|
+
name: "npm access token",
|
|
25126
|
+
regex: /\bnpm_[A-Za-z0-9]{36}\b/,
|
|
25127
|
+
severity: "critical",
|
|
25128
|
+
level: "error",
|
|
25129
|
+
fix: "Revoke the npm token at https://www.npmjs.com/settings/<user>/tokens and load from environment."
|
|
25130
|
+
}
|
|
25131
|
+
];
|
|
25132
|
+
var STRING_LITERAL_RE = /(["'`])((?:\\.|(?!\1).){8,200})\1/g;
|
|
25133
|
+
var BASE64ISH_RE = /^[A-Za-z0-9+/=_-]+$/;
|
|
25134
|
+
var HEXISH_RE = /^[a-fA-F0-9]+$/;
|
|
25135
|
+
var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
|
|
25136
|
+
var PLACEHOLDER_RE = /(?:changeme|your[-_]?(?:key|secret|token|password)(?:[-_]?here)?|replace[-_]?me|example[-_]?(?:key|secret|token)?|placeholder|todo|fixme|test[-_]?(?:key|secret|token)|fake[-_]?(?:key|secret|token)|dummy|sample|insert[-_]?your)/i;
|
|
25137
|
+
function isBareHashShape(s) {
|
|
25138
|
+
const n = s.length;
|
|
25139
|
+
if (n !== 32 && n !== 40 && n !== 64) return false;
|
|
25140
|
+
return HEXISH_RE.test(s);
|
|
25141
|
+
}
|
|
25142
|
+
function isAllSameChar(s) {
|
|
25143
|
+
if (s.length < 2) return false;
|
|
25144
|
+
const c = s.charAt(0);
|
|
25145
|
+
for (let i2 = 1; i2 < s.length; i2++) if (s.charAt(i2) !== c) return false;
|
|
25146
|
+
return true;
|
|
25147
|
+
}
|
|
25148
|
+
function tryBase64Decode(s) {
|
|
25149
|
+
if (s.length % 4 !== 0 && !/=+$/.test(s)) return null;
|
|
25150
|
+
try {
|
|
25151
|
+
return globalThis.atob(s);
|
|
25152
|
+
} catch {
|
|
25153
|
+
return null;
|
|
25154
|
+
}
|
|
25155
|
+
}
|
|
25156
|
+
function looksLikeBase64Json(s) {
|
|
25157
|
+
const decoded = tryBase64Decode(s);
|
|
25158
|
+
if (!decoded) return false;
|
|
25159
|
+
const trimmed = decoded.trimStart();
|
|
25160
|
+
return trimmed.startsWith("{") || trimmed.startsWith("[");
|
|
25161
|
+
}
|
|
25162
|
+
function shannonEntropy(s) {
|
|
25163
|
+
const freq = /* @__PURE__ */ new Map();
|
|
25164
|
+
for (const ch of s) freq.set(ch, (freq.get(ch) ?? 0) + 1);
|
|
25165
|
+
const len = s.length;
|
|
25166
|
+
let h = 0;
|
|
25167
|
+
for (const n of freq.values()) {
|
|
25168
|
+
const p = n / len;
|
|
25169
|
+
h -= p * Math.log2(p);
|
|
25170
|
+
}
|
|
25171
|
+
return h;
|
|
25172
|
+
}
|
|
25173
|
+
var CREDENTIAL_NAME_RE = /(?:key|secret|token|password|passwd|credential|api[_-]?key)/i;
|
|
25174
|
+
var TEST_CALL_RE = /\b(?:expect|assert|describe|it|test)\s*\(/;
|
|
25175
|
+
var COMMENT_EXAMPLE_RE = /(?:\/\/|#)\s*(?:example|sample|test|fixture)/i;
|
|
25176
|
+
var ScanSecretsPass = class {
|
|
25177
|
+
name = "scan-secrets";
|
|
25178
|
+
category = "security";
|
|
25179
|
+
run(ctx) {
|
|
25180
|
+
const file = ctx.graph.ir.meta.file;
|
|
25181
|
+
if (isTestFile(file)) {
|
|
25182
|
+
return { providerFindings: 0, entropyFindings: 0 };
|
|
25183
|
+
}
|
|
25184
|
+
const lines = ctx.code.split("\n");
|
|
25185
|
+
const prior = ctx.getFindings?.() ?? [];
|
|
25186
|
+
const seen = /* @__PURE__ */ new Set();
|
|
25187
|
+
for (const f of prior) {
|
|
25188
|
+
if (f.file !== file) continue;
|
|
25189
|
+
if (f.rule_id === "hardcoded-credential" || f.rule_id === "hardcoded-credential-entropy") {
|
|
25190
|
+
seen.add(`${f.line}:${f.rule_id}`);
|
|
25191
|
+
}
|
|
25192
|
+
}
|
|
25193
|
+
let providerFindings = 0;
|
|
25194
|
+
let entropyFindings = 0;
|
|
25195
|
+
for (let i2 = 0; i2 < lines.length; i2++) {
|
|
25196
|
+
const lineText = lines[i2];
|
|
25197
|
+
const lineNum = i2 + 1;
|
|
25198
|
+
for (const pattern of PROVIDER_PATTERNS) {
|
|
25199
|
+
const m = pattern.regex.exec(lineText);
|
|
25200
|
+
if (!m) continue;
|
|
25201
|
+
const key = `${lineNum}:hardcoded-credential`;
|
|
25202
|
+
if (seen.has(key)) continue;
|
|
25203
|
+
seen.add(key);
|
|
25204
|
+
ctx.addFinding({
|
|
25205
|
+
id: `hardcoded-credential-${file}-${lineNum}`,
|
|
25206
|
+
pass: this.name,
|
|
25207
|
+
category: this.category,
|
|
25208
|
+
rule_id: "hardcoded-credential",
|
|
25209
|
+
cwe: "CWE-798",
|
|
25210
|
+
severity: pattern.severity,
|
|
25211
|
+
level: pattern.level,
|
|
25212
|
+
message: `Hardcoded credential: ${pattern.name} detected`,
|
|
25213
|
+
file,
|
|
25214
|
+
line: lineNum,
|
|
25215
|
+
snippet: lineText.trim().substring(0, 120),
|
|
25216
|
+
fix: pattern.fix,
|
|
25217
|
+
evidence: { provider: pattern.name, match: m[0].substring(0, 40) }
|
|
25218
|
+
});
|
|
25219
|
+
providerFindings += 1;
|
|
25220
|
+
break;
|
|
25221
|
+
}
|
|
25222
|
+
}
|
|
25223
|
+
for (let i2 = 0; i2 < lines.length; i2++) {
|
|
25224
|
+
const lineText = lines[i2];
|
|
25225
|
+
const lineNum = i2 + 1;
|
|
25226
|
+
if (TEST_CALL_RE.test(lineText)) continue;
|
|
25227
|
+
if (COMMENT_EXAMPLE_RE.test(lineText)) continue;
|
|
25228
|
+
STRING_LITERAL_RE.lastIndex = 0;
|
|
25229
|
+
let match;
|
|
25230
|
+
while ((match = STRING_LITERAL_RE.exec(lineText)) !== null) {
|
|
25231
|
+
const value = match[2];
|
|
25232
|
+
if (!this.isCandidate(value)) continue;
|
|
25233
|
+
if (!this.passesEntropyGate(value, lineText)) continue;
|
|
25234
|
+
const key = `${lineNum}:hardcoded-credential-entropy`;
|
|
25235
|
+
if (seen.has(key)) continue;
|
|
25236
|
+
if (seen.has(`${lineNum}:hardcoded-credential`)) continue;
|
|
25237
|
+
seen.add(key);
|
|
25238
|
+
ctx.addFinding({
|
|
25239
|
+
id: `hardcoded-credential-entropy-${file}-${lineNum}`,
|
|
25240
|
+
pass: this.name,
|
|
25241
|
+
category: this.category,
|
|
25242
|
+
rule_id: "hardcoded-credential-entropy",
|
|
25243
|
+
cwe: "CWE-798",
|
|
25244
|
+
severity: "high",
|
|
25245
|
+
level: "warning",
|
|
25246
|
+
message: `Possible hardcoded secret: high-entropy string literal (${value.length} chars)`,
|
|
25247
|
+
file,
|
|
25248
|
+
line: lineNum,
|
|
25249
|
+
snippet: lineText.trim().substring(0, 120),
|
|
25250
|
+
fix: "If this is a credential, move it to environment / secrets manager. If it is sample data, add an `example` / `test` marker or disable this pass via `disabledPasses: ['scan-secrets']`.",
|
|
25251
|
+
evidence: { kind: "entropy", length: value.length }
|
|
25252
|
+
});
|
|
25253
|
+
entropyFindings += 1;
|
|
25254
|
+
}
|
|
25255
|
+
}
|
|
25256
|
+
return { providerFindings, entropyFindings };
|
|
25257
|
+
}
|
|
25258
|
+
/** Length + shape + denylist filter before entropy is computed. */
|
|
25259
|
+
isCandidate(s) {
|
|
25260
|
+
if (s.length < 20 || s.length > 200) return false;
|
|
25261
|
+
if (!BASE64ISH_RE.test(s) && !HEXISH_RE.test(s)) return false;
|
|
25262
|
+
if (UUID_RE.test(s)) return false;
|
|
25263
|
+
if (isBareHashShape(s)) return false;
|
|
25264
|
+
if (isAllSameChar(s)) return false;
|
|
25265
|
+
if (PLACEHOLDER_RE.test(s)) return false;
|
|
25266
|
+
if (looksLikeBase64Json(s)) return false;
|
|
25267
|
+
return true;
|
|
25268
|
+
}
|
|
25269
|
+
/**
|
|
25270
|
+
* Shannon-entropy gate. Base64-shaped strings need higher entropy than
|
|
25271
|
+
* hex-shaped (hex alphabet is 4 bits/char by construction). When the
|
|
25272
|
+
* surrounding line contains a credential-shaped variable name, both
|
|
25273
|
+
* thresholds drop by 0.2 bits/char.
|
|
25274
|
+
*/
|
|
25275
|
+
passesEntropyGate(value, lineText) {
|
|
25276
|
+
const isHex = HEXISH_RE.test(value);
|
|
25277
|
+
const boost = CREDENTIAL_NAME_RE.test(lineText) ? 0.2 : 0;
|
|
25278
|
+
const threshold = isHex ? 3.5 - boost : 4.3 - boost;
|
|
25279
|
+
const h = shannonEntropy(value);
|
|
25280
|
+
return h >= threshold;
|
|
25281
|
+
}
|
|
25282
|
+
};
|
|
25283
|
+
|
|
25016
25284
|
// src/analysis/metrics/passes/size-metrics-pass.ts
|
|
25017
25285
|
var SizeMetricsPass = class {
|
|
25018
25286
|
name = "size-metrics";
|
|
@@ -25857,6 +26125,7 @@ async function analyze(code, filePath, language, options = {}) {
|
|
|
25857
26125
|
pipeline.add(new SinkFilterPass());
|
|
25858
26126
|
pipeline.add(new TaintPropagationPass());
|
|
25859
26127
|
pipeline.add(new InterproceduralPass());
|
|
26128
|
+
if (!disabledPasses.has("scan-secrets")) pipeline.add(new ScanSecretsPass());
|
|
25860
26129
|
if (!disabledPasses.has("dead-code")) pipeline.add(new DeadCodePass());
|
|
25861
26130
|
if (!disabledPasses.has("missing-await")) pipeline.add(new MissingAwaitPass());
|
|
25862
26131
|
if (!disabledPasses.has("n-plus-one")) pipeline.add(new NPlusOnePass());
|
|
@@ -33,6 +33,16 @@ export interface PassContext {
|
|
|
33
33
|
* Findings are collected by the pipeline and returned alongside results.
|
|
34
34
|
*/
|
|
35
35
|
addFinding(finding: SastFinding): void;
|
|
36
|
+
/**
|
|
37
|
+
* Read findings emitted by previously-run passes in this pipeline run.
|
|
38
|
+
* Used by dedup-aware passes (e.g. ScanSecretsPass) to avoid double-reporting
|
|
39
|
+
* the same `(file, line, rule_id)` already covered by an earlier pass.
|
|
40
|
+
*
|
|
41
|
+
* Optional: only the real pipeline implementation provides this. Test
|
|
42
|
+
* harnesses that construct a `PassContext` literal may omit it; passes that
|
|
43
|
+
* read it must treat `undefined` as "no prior findings".
|
|
44
|
+
*/
|
|
45
|
+
getFindings?(): readonly SastFinding[];
|
|
36
46
|
}
|
|
37
47
|
/**
|
|
38
48
|
* An analysis pass over a CodeGraph.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analysis-pass.d.ts","sourceRoot":"","sources":["../../src/graph/analysis-pass.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACnE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,4DAA4D;IAC5D,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,4BAA4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,6DAA6D;IAC7D,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAE7B;;;OAGG;IACH,SAAS,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC;IAElC,oEAAoE;IACpE,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAErC;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;CACxC;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY,CAAC,OAAO,GAAG,OAAO;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wEAAwE;IACxE,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,GAAG,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC;CACpC;AAED,8CAA8C;AAC9C,MAAM,WAAW,iBAAiB;IAChC,sEAAsE;IACtE,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,2EAA2E;IAC3E,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED;;;;;;;;GAQG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAE7C,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,GAAG,IAAI;IAKnC,GAAG,CACD,KAAK,EAAE,SAAS,EAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,WAAW,GAClB,iBAAiB;
|
|
1
|
+
{"version":3,"file":"analysis-pass.d.ts","sourceRoot":"","sources":["../../src/graph/analysis-pass.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACnE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,4DAA4D;IAC5D,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,4BAA4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,6DAA6D;IAC7D,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAE7B;;;OAGG;IACH,SAAS,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC;IAElC,oEAAoE;IACpE,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAErC;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;IAEvC;;;;;;;;OAQG;IACH,WAAW,CAAC,IAAI,SAAS,WAAW,EAAE,CAAC;CACxC;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY,CAAC,OAAO,GAAG,OAAO;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wEAAwE;IACxE,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,GAAG,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC;CACpC;AAED,8CAA8C;AAC9C,MAAM,WAAW,iBAAiB;IAChC,sEAAsE;IACtE,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,2EAA2E;IAC3E,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED;;;;;;;;GAQG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAE7C,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,GAAG,IAAI;IAKnC,GAAG,CACD,KAAK,EAAE,SAAS,EAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,WAAW,GAClB,iBAAiB;CAmCrB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analysis-pass.js","sourceRoot":"","sources":["../../src/graph/analysis-pass.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"analysis-pass.js","sourceRoot":"","sources":["../../src/graph/analysis-pass.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAmEH;;;;;;;;GAQG;AACH,MAAM,OAAO,gBAAgB;IACV,MAAM,GAAmB,EAAE,CAAC;IAE7C,GAAG,CAAI,IAAqB;QAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CACD,KAAgB,EAChB,IAAY,EACZ,QAAgB,EAChB,MAAmB;QAEnB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmB,CAAC;QAC3C,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,MAAM,OAAO,GAAgB;YAC3B,KAAK;YACL,IAAI;YACJ,QAAQ;YACR,MAAM;YACN,SAAS,CAAI,QAAgB;gBAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CACb,SAAS,QAAQ,8CAA8C,CAChE,CAAC;gBACJ,CAAC;gBACD,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAM,CAAC;YACpC,CAAC;YACD,SAAS,CAAC,QAAgB;gBACxB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/B,CAAC;YACD,UAAU,CAAC,OAAoB;gBAC7B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,CAAC;YACD,WAAW;gBACT,OAAO,QAAQ,CAAC;YAClB,CAAC;SACF,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC/B,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.27.1",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|