circle-ir 3.49.0 → 3.50.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/findings.d.ts +9 -1
- package/dist/analysis/findings.d.ts.map +1 -1
- package/dist/analysis/findings.js +12 -5
- package/dist/analysis/findings.js.map +1 -1
- package/dist/analysis/passes/interprocedural-pass.d.ts.map +1 -1
- package/dist/analysis/passes/interprocedural-pass.js +4 -1
- package/dist/analysis/passes/interprocedural-pass.js.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.d.ts.map +1 -1
- package/dist/analysis/passes/taint-propagation-pass.js +108 -15
- package/dist/analysis/passes/taint-propagation-pass.js.map +1 -1
- package/dist/browser/circle-ir.js +88 -12
- package/package.json +1 -1
|
@@ -4,9 +4,17 @@
|
|
|
4
4
|
* Combines taint sources, sinks, and data flow analysis to generate
|
|
5
5
|
* vulnerability findings with paths and remediation suggestions.
|
|
6
6
|
*/
|
|
7
|
-
import type { TaintSource, TaintSink, DFG, Finding } from '../types/index.js';
|
|
7
|
+
import type { TaintSource, TaintSink, DFG, Finding, SinkType } from '../types/index.js';
|
|
8
8
|
/**
|
|
9
9
|
* Generate vulnerability findings from taint analysis results.
|
|
10
10
|
*/
|
|
11
11
|
export declare function generateFindings(sources: TaintSource[], sinks: TaintSink[], dfg: DFG, fileName: string): Finding[];
|
|
12
|
+
/**
|
|
13
|
+
* Check if a source type can potentially reach a sink type.
|
|
14
|
+
*
|
|
15
|
+
* Exported so detection passes (e.g. `detectExpressionScanFlows` in
|
|
16
|
+
* `taint-propagation-pass.ts`) can gate emit-time flows on the same
|
|
17
|
+
* source-to-sink coverage matrix that `generateFindings` uses below.
|
|
18
|
+
*/
|
|
19
|
+
export declare function canSourceReachSink(sourceType: string, sinkType: SinkType): boolean;
|
|
12
20
|
//# sourceMappingURL=findings.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,GAAG,EAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,GAAG,EAEH,OAAO,EAEP,QAAQ,EACT,MAAM,mBAAmB,CAAC;AAQ3B;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,WAAW,EAAE,EACtB,KAAK,EAAE,SAAS,EAAE,EAClB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CAkGX;AAiCD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAuBlF"}
|
|
@@ -125,15 +125,22 @@ function mergeDiscoveryMethod(a, b) {
|
|
|
125
125
|
}
|
|
126
126
|
/**
|
|
127
127
|
* Check if a source type can potentially reach a sink type.
|
|
128
|
+
*
|
|
129
|
+
* Exported so detection passes (e.g. `detectExpressionScanFlows` in
|
|
130
|
+
* `taint-propagation-pass.ts`) can gate emit-time flows on the same
|
|
131
|
+
* source-to-sink coverage matrix that `generateFindings` uses below.
|
|
128
132
|
*/
|
|
129
|
-
function canSourceReachSink(sourceType, sinkType) {
|
|
133
|
+
export function canSourceReachSink(sourceType, sinkType) {
|
|
130
134
|
const sourceToSinkMapping = {
|
|
131
|
-
|
|
135
|
+
// code_injection added to http_param/http_query/http_header/http_cookie:
|
|
136
|
+
// `eval(req.query.x)`, `Function(req.header('x'))`, `vm.runInThisContext(req.cookies.c)`
|
|
137
|
+
// are all real RCE patterns in JS web apps (cognium-dev #83).
|
|
138
|
+
http_param: ['sql_injection', 'command_injection', 'path_traversal', 'xss', 'xpath_injection', 'ldap_injection', 'ssrf', 'mybatis_mapper_call', 'code_injection'],
|
|
132
139
|
http_body: ['sql_injection', 'command_injection', 'deserialization', 'xxe', 'xss', 'code_injection', 'mybatis_mapper_call'],
|
|
133
|
-
http_header: ['sql_injection', 'xss', 'ssrf', 'mybatis_mapper_call'],
|
|
134
|
-
http_cookie: ['sql_injection', 'xss', 'mybatis_mapper_call'],
|
|
140
|
+
http_header: ['sql_injection', 'xss', 'ssrf', 'mybatis_mapper_call', 'code_injection'],
|
|
141
|
+
http_cookie: ['sql_injection', 'xss', 'mybatis_mapper_call', 'code_injection'],
|
|
135
142
|
http_path: ['path_traversal', 'sql_injection', 'ssrf', 'mybatis_mapper_call'],
|
|
136
|
-
http_query: ['sql_injection', 'command_injection', 'xss', 'ssrf', 'mybatis_mapper_call'],
|
|
143
|
+
http_query: ['sql_injection', 'command_injection', 'xss', 'ssrf', 'mybatis_mapper_call', 'code_injection'],
|
|
137
144
|
io_input: ['command_injection', 'path_traversal', 'deserialization', 'xxe', 'code_injection', 'xss'],
|
|
138
145
|
env_input: ['command_injection', 'path_traversal'],
|
|
139
146
|
db_input: ['xss', 'sql_injection'], // Second-order injection
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findings.js","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,OAAO,EACL,iBAAiB,IAAI,YAAY,EACjC,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAsB,EACtB,KAAkB,EAClB,GAAQ,EACR,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,iDAAiD;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,qDAAqD;YACrD,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAEpD,IAAI,UAAU,CAAC,UAAU,IAAI,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,YAAY,CAAC;oBAC5B,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,UAAU,EAAE,UAAU,CAAC,UAAU;iBAClC,CAAC,CAAC;gBACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;gBAEjE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO,SAAS,EAAE,EAAE;oBACxB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ;oBACR,UAAU;oBACV,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,IAAI,EAAE,MAAM,CAAC,QAAQ;qBACtB;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,QAAQ;qBACpB;oBACD,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;oBAC9D,WAAW,EAAE,UAAU,CAAC,UAAU,IAAI,UAAU,GAAG,GAAG;oBACtD,WAAW,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC;oBAC1D,WAAW,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtC,YAAY,EAAE;wBACZ,iBAAiB,EAAE,UAAU,CAAC,UAAU;wBACxC,YAAY,EAAE,KAAK;wBACnB,cAAc,EAAE,CAAC;wBACjB,eAAe,EAAE,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC;qBACtD;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,mDAAmD;IACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,CAAC,CAAC,QAAQ,GAAG;gBACX,GAAG,CAAC,CAAC,QAAQ;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;aACxD,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,CAAE,QAAQ,CAAC,QAAQ,EAAE,OAAiD,IAAI,EAAE,CAAC,CAAC;YAC9F,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3D,QAAQ,CAAC,QAAQ,GAAG,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YACtD,MAAM,eAAe,GAAG,oBAAoB,CAC1C,QAAQ,CAAC,YAAY,CAAC,eAAe,EACrC,CAAC,CAAC,YAAY,CAAC,eAAe,CAC/B,CAAC;YACF,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACvC,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;gBACnC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;gBAC3B,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;gBACvC,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;YACjC,CAAC;YACD,QAAQ,CAAC,YAAY,CAAC,eAAe,GAAG,eAAe,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7C,kCAAkC;IAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,sBAAsB,CAC7B,MAAmB,EACnB,IAAe;IAEf,MAAM,GAAG,GAAG,MAAM,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC7C,IAAI,GAAG,KAAK,GAAG;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAC3B,CAAyC,EACzC,CAAyC;IAEzC,MAAM,IAAI,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC3B,MAAM,KAAK,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC5B,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,UAAkB,EAAE,QAAkB;IAChE,MAAM,mBAAmB,GAA+B;QACtD,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,CAAC;QAC/I,SAAS,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;QAC3H,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC;QACpE,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,qBAAqB,CAAC;QAC5D,SAAS,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,EAAE,qBAAqB,CAAC;QAC7E,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,CAAC;QACxF,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACpG,SAAS,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QAClD,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,yBAAyB;QAC7D,UAAU,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;QAC/F,aAAa,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACpE,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,sBAAsB;QAC7G,qBAAqB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,CAAC,EAAE,qBAAqB;QACnM,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,CAAC,EAAE,2BAA2B;KAC7H,CAAC;IAEF,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5D,CAAC;AAQD;;GAEG;AACH,SAAS,aAAa,CAAC,MAAmB,EAAE,IAAe,EAAE,GAAQ;IACnE,MAAM,IAAI,GAAe,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,wCAAwC;IACxC,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CACvD,CAAC;IAEF,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACnC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,CACnD,CAAC;IAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IACxD,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;IAEhC,yDAAyD;IACzD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,qBAAqB,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,uBAAuB;gBACvB,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;oBAC/C,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,IAAI,CAAC;4BACR,IAAI,EAAE,EAAE,EAAE,2BAA2B;4BACrC,MAAM,EAAE,EAAE;4BACV,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,QAAQ;4BAC7B,QAAQ,EAAE,GAAG,CAAC,QAAQ;yBACvB,CAAC,CAAC;wBACH,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,6DAA6D;IAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QAC5C,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,IAAI,EAAE,GAAG,CAAC,aAAa;oBACvB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,QAAQ,CAAC,GAAG;oBAClB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,SAAiB,EACjB,OAAsB,EACtB,MAAkB,EAClB,GAAQ,EACR,UAAuB,IAAI,GAAG,EAAE,EAChC,OAAiB,EAAE;IAEnB,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IAEtC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAErB,uCAAuC;IACvC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QAC7F,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAmB,EAAE,IAAe;IACpE,8DAA8D;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AACjD,CAAC;AAGD;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,kBAAkB;IAExC,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAE9D,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;SAAM,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC1B,UAAU,IAAI,IAAI,CAAC;IACrB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/C,IAAI,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,GAAG,UAAU,6BAA6B,IAAI,QAAQ,QAAQ,+BAA+B,CAAC;IACvG,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,OAAO,GAAG,UAAU,aAAa,QAAQ,+BAA+B,CAAC;IAC3E,CAAC;IAED,OAAO,GAAG,UAAU,cAAc,QAAQ,oCAAoC,CAAC;AACjF,CAAC"}
|
|
1
|
+
{"version":3,"file":"findings.js","sourceRoot":"","sources":["../../src/analysis/findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,OAAO,EACL,iBAAiB,IAAI,YAAY,EACjC,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAsB,EACtB,KAAkB,EAClB,GAAQ,EACR,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,iDAAiD;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,qDAAqD;YACrD,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAEpD,IAAI,UAAU,CAAC,UAAU,IAAI,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,YAAY,CAAC;oBAC5B,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,UAAU,EAAE,UAAU,CAAC,UAAU;iBAClC,CAAC,CAAC;gBACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;gBAEjE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,OAAO,SAAS,EAAE,EAAE;oBACxB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ;oBACR,UAAU;oBACV,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,IAAI,EAAE,MAAM,CAAC,QAAQ;qBACtB;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,IAAI,CAAC,QAAQ;qBACpB;oBACD,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;oBAC9D,WAAW,EAAE,UAAU,CAAC,UAAU,IAAI,UAAU,GAAG,GAAG;oBACtD,WAAW,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC;oBAC1D,WAAW,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtC,YAAY,EAAE;wBACZ,iBAAiB,EAAE,UAAU,CAAC,UAAU;wBACxC,YAAY,EAAE,KAAK;wBACnB,cAAc,EAAE,CAAC;wBACjB,eAAe,EAAE,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC;qBACtD;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,mDAAmD;IACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,CAAC,CAAC,QAAQ,GAAG;gBACX,GAAG,CAAC,CAAC,QAAQ;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;aACxD,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,CAAE,QAAQ,CAAC,QAAQ,EAAE,OAAiD,IAAI,EAAE,CAAC,CAAC;YAC9F,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3D,QAAQ,CAAC,QAAQ,GAAG,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YACtD,MAAM,eAAe,GAAG,oBAAoB,CAC1C,QAAQ,CAAC,YAAY,CAAC,eAAe,EACrC,CAAC,CAAC,YAAY,CAAC,eAAe,CAC/B,CAAC;YACF,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACvC,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;gBACnC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;gBAC3B,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;gBACvC,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;gBACrC,QAAQ,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;YACjC,CAAC;YACD,QAAQ,CAAC,YAAY,CAAC,eAAe,GAAG,eAAe,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7C,kCAAkC;IAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,sBAAsB,CAC7B,MAAmB,EACnB,IAAe;IAEf,MAAM,GAAG,GAAG,MAAM,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,IAAI,QAAQ,CAAC;IAC7C,IAAI,GAAG,KAAK,GAAG;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAC3B,CAAyC,EACzC,CAAyC;IAEzC,MAAM,IAAI,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC3B,MAAM,KAAK,GAAG,CAAC,IAAI,QAAQ,CAAC;IAC5B,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB,EAAE,QAAkB;IACvE,MAAM,mBAAmB,GAA+B;QACtD,yEAAyE;QACzE,yFAAyF;QACzF,8DAA8D;QAC9D,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QACjK,SAAS,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;QAC3H,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QACtF,WAAW,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QAC9E,SAAS,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,MAAM,EAAE,qBAAqB,CAAC;QAC7E,UAAU,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;QAC1G,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,CAAC;QACpG,SAAS,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QAClD,QAAQ,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,yBAAyB;QAC7D,UAAU,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;QAC/F,aAAa,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC;QACpE,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,sBAAsB;QAC7G,qBAAqB,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,CAAC,EAAE,qBAAqB;QACnM,YAAY,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,CAAC,EAAE,2BAA2B;KAC7H,CAAC;IAEF,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5D,CAAC;AAQD;;GAEG;AACH,SAAS,aAAa,CAAC,MAAmB,EAAE,IAAe,EAAE,GAAQ;IACnE,MAAM,IAAI,GAAe,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,wCAAwC;IACxC,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CACvD,CAAC;IAEF,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACnC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,CACnD,CAAC;IAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IACxD,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;IAEhC,yDAAyD;IACzD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,qBAAqB,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,uBAAuB;gBACvB,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,CAAC;oBAC/C,IAAI,GAAG,EAAE,CAAC;wBACR,IAAI,CAAC,IAAI,CAAC;4BACR,IAAI,EAAE,EAAE,EAAE,2BAA2B;4BACrC,MAAM,EAAE,EAAE;4BACV,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,QAAQ;4BAC7B,QAAQ,EAAE,GAAG,CAAC,QAAQ;yBACvB,CAAC,CAAC;wBACH,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,6DAA6D;IAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QAC5C,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,IAAI,EAAE,GAAG,CAAC,aAAa;oBACvB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC;oBACR,IAAI,EAAE,EAAE;oBACR,MAAM,EAAE,EAAE;oBACV,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,QAAQ,CAAC,GAAG;oBAClB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,SAAiB,EACjB,OAAsB,EACtB,MAAkB,EAClB,GAAQ,EACR,UAAuB,IAAI,GAAG,EAAE,EAChC,OAAiB,EAAE;IAEnB,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,SAAS,KAAK,OAAO;QAAE,OAAO,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IAEtC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAErB,uCAAuC;IACvC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QAC7F,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAmB,EAAE,IAAe;IACpE,8DAA8D;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AACjD,CAAC;AAGD;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,kBAAkB;IAExC,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAE9D,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,UAAU,IAAI,GAAG,CAAC;IACpB,CAAC;SAAM,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC1B,UAAU,IAAI,IAAI,CAAC;IACrB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAmB,EAAE,IAAe,EAAE,UAAsB;IACvF,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/C,IAAI,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,GAAG,UAAU,6BAA6B,IAAI,QAAQ,QAAQ,+BAA+B,CAAC;IACvG,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,OAAO,GAAG,UAAU,aAAa,QAAQ,+BAA+B,CAAC;IAC3E,CAAC;IAED,OAAO,GAAG,UAAU,cAAc,QAAQ,oCAAoC,CAAC;AACjF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interprocedural-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAO9E,MAAM,WAAW,yBAAyB;IACxC,8DAA8D;IAC9D,eAAe,EAAE,SAAS,EAAE,CAAC;IAC7B,8DAA8D;IAC9D,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,6DAA6D;IAC7D,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAED,qBAAa,mBAAoB,YAAW,YAAY,CAAC,yBAAyB,CAAC;IACjF,QAAQ,CAAC,IAAI,qBAAqB;IAClC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,yBAAyB;
|
|
1
|
+
{"version":3,"file":"interprocedural-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAO9E,MAAM,WAAW,yBAAyB;IACxC,8DAA8D;IAC9D,eAAe,EAAE,SAAS,EAAE,CAAC;IAC7B,8DAA8D;IAC9D,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,6DAA6D;IAC7D,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAED,qBAAa,mBAAoB,YAAW,YAAY,CAAC,yBAAyB,CAAC;IACjF,QAAQ,CAAC,IAAI,qBAAqB;IAClC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,yBAAyB;CA0KjD"}
|
|
@@ -24,7 +24,10 @@ export class InterproceduralPass {
|
|
|
24
24
|
const taintProp = ctx.getResult('taint-propagation');
|
|
25
25
|
const { sources, sinks, sanitizers } = sinkFilter;
|
|
26
26
|
if (sources.length === 0) {
|
|
27
|
-
|
|
27
|
+
// Preserve flows synthesized by TaintPropagationPass (e.g. Python alias
|
|
28
|
+
// expansion for-loop / inline-source cases from cognium-dev #76/#83 where
|
|
29
|
+
// no real source was registered but a derived var reaches a sink).
|
|
30
|
+
return { additionalSinks: [], additionalFlows: [...taintProp.flows] };
|
|
28
31
|
}
|
|
29
32
|
const additionalSinks = [];
|
|
30
33
|
const additionalFlows = [...taintProp.flows];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interprocedural-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAW3D,MAAM,OAAO,mBAAmB;IACrB,IAAI,GAAG,iBAAiB,CAAC;IACzB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QAEtB,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA6B,mBAAmB,CAAC,CAAC;QAEnF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,
|
|
1
|
+
{"version":3,"file":"interprocedural-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/interprocedural-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAW3D,MAAM,OAAO,mBAAmB;IACrB,IAAI,GAAG,iBAAiB,CAAC;IACzB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QAEtB,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA6B,mBAAmB,CAAC,CAAC;QAEnF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,wEAAwE;YACxE,0EAA0E;YAC1E,mEAAmE;YACnE,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QACxE,CAAC;QAED,MAAM,eAAe,GAAgB,EAAE,CAAC;QACxC,MAAM,eAAe,GAAoB,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9D,IAAI,eAAgD,CAAC;QAErD,6EAA6E;QAC7E,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,SAAS,GAAG,sBAAsB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE;gBAC1E,gBAAgB,EAAE,SAAS,CAAC,OAAO;aACpC,CAAC,CAAC;YAEH,gFAAgF;YAChF,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;gBAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB;oBAAE,SAAS;gBACpD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,wDAAwD;YACxD,IAAI,SAAS,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzC,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAU,CAAC;gBAC/C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;oBAC7B,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;wBACrC,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;wBAC9C,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;gBAED,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;oBAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB;wBAAE,SAAS;oBAEpD,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;wBACvC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;4BAAE,SAAS;wBAE/D,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAC5D,IAAI,CAAC,MAAM;4BAAE,SAAS;wBACtB,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO;4BAAE,SAAS;wBACzE,IAAI,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;4BAAE,SAAS;wBAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;4BAC7B,IAAI,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ;gCAAE,SAAS;4BAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAuB,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG;gCAAE,SAAS;4BACjF,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAAC;gCAAE,SAAS;4BAEpG,eAAe,CAAC,IAAI,CAAC;gCACnB,WAAW,EAAE,MAAM,CAAC,IAAI;gCACxB,SAAS,EAAI,IAAI,CAAC,IAAI;gCACtB,WAAW,EAAE,MAAM,CAAC,IAAI;gCACxB,SAAS,EAAI,IAAI,CAAC,IAAI;gCACtB,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAa,IAAI,EAAE,MAAM,CAAC,IAAI,EAAK,IAAI,EAAE,QAAiB,EAAE;oCACvF,EAAE,QAAQ,EAAE,WAAW,MAAM,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAG,IAAI,EAAE,KAAiB,EAAE;oCACvF,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAe,IAAI,EAAE,IAAI,CAAC,IAAI,EAAO,IAAI,EAAE,MAAiB,EAAE;iCACxF;gCACD,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;gCACtD,SAAS,EAAE,KAAK;6BACjB,CAAC,CAAC;4BACH,MAAM,CAAC,gCAAgC;wBACzC,CAAC;wBACD,MAAM,CAAC,mCAAmC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;YACjD,eAAe,GAAG;gBAChB,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;gBACrD,aAAa,EAAE,YAAY;gBAC3B,YAAY,EAAE,SAAS,CAAC,SAAS;qBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;qBAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACZ,MAAM,EAAS,IAAI,CAAC,YAAY;oBAChC,MAAM,EAAS,IAAI,CAAC,YAAY;oBAChC,SAAS,EAAM,IAAI,CAAC,QAAQ;oBAC5B,YAAY,EAAG,IAAI,CAAC,WAAW;oBAC/B,aAAa,EAAE,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;iBAC/D,CAAC,CAAC;aACN,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,uEAAuE;YACvE,wEAAwE;YACxE,8EAA8E;YAC9E,6EAA6E;YAC7E,gFAAgF;YAChF,4EAA4E;YAC5E,yEAAyE;YACzE,6EAA6E;YAC7E,4EAA4E;YAC5E,sEAAsE;YACtE,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB;gBACjC,CAAC,CAAC,IAAI,KAAK,uBAAuB,CACrC,CAAC;YACF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC;YAC/D,CAAC;YACD,MAAM,SAAS,GAAG,sBAAsB,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE,UAAU,EAAE;gBAC/E,gBAAgB,EAAE,SAAS,CAAC,OAAO;aACpC,CAAC,CAAC;YAEH,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,eAAe,EAAE,CAAC;gBAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,IAAI,SAAS,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,IAAI,SAAS,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9E,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;gBACjD,eAAe,GAAG;oBAChB,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;oBACrD,aAAa,EAAE,YAAY;oBAC3B,YAAY,EAAE,SAAS,CAAC,SAAS;yBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;yBAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACZ,MAAM,EAAS,IAAI,CAAC,YAAY;wBAChC,MAAM,EAAS,IAAI,CAAC,YAAY;wBAChC,SAAS,EAAM,IAAI,CAAC,QAAQ;wBAC5B,YAAY,EAAG,IAAI,CAAC,WAAW;wBAC/B,aAAa,EAAE,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;qBAC/D,CAAC,CAAC;iBACN,CAAC;YACJ,CAAC;YAED,8DAA8D;YAC9D,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;oBACnC,eAAe,CAAC,IAAI,CAAC;wBACnB,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;wBAC5B,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;wBAC5B,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,IAAI,EAAE;4BACJ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4BACrE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAQ,IAAI,EAAE,MAAiB,EAAE;yBACtE;wBACD,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU;wBACnD,SAAS,EAAE,KAAK;qBACjB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,0EAA0E;QAC1E,oEAAoE;QACpE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,oBAAoB,CAAC,EAAE,EAAE,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC;IAC/D,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-propagation-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"taint-propagation-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAQ9E,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB;AAED,qBAAa,oBAAqB,YAAW,YAAY,CAAC,0BAA0B,CAAC;IACnF,QAAQ,CAAC,IAAI,uBAAuB;IACpC,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,0BAA0B;CAmIlD"}
|
|
@@ -13,6 +13,7 @@
|
|
|
13
13
|
import { propagateTaint } from '../taint-propagation.js';
|
|
14
14
|
import { isFalsePositive, isCorrelatedPredicateFP } from '../constant-propagation.js';
|
|
15
15
|
import { buildPythonTaintedVars, buildRustTaintedVars } from './language-sources-pass.js';
|
|
16
|
+
import { canSourceReachSink } from '../findings.js';
|
|
16
17
|
export class TaintPropagationPass {
|
|
17
18
|
name = 'taint-propagation';
|
|
18
19
|
category = 'security';
|
|
@@ -22,7 +23,14 @@ export class TaintPropagationPass {
|
|
|
22
23
|
const constProp = ctx.getResult('constant-propagation');
|
|
23
24
|
const sinkFilter = ctx.getResult('sink-filter');
|
|
24
25
|
const { sources, sinks, sanitizers } = sinkFilter;
|
|
25
|
-
if (
|
|
26
|
+
if (sinks.length === 0) {
|
|
27
|
+
return { flows: [] };
|
|
28
|
+
}
|
|
29
|
+
// No real sources, but Python may still synthesize sources from derived
|
|
30
|
+
// tainted vars (e.g. for-loop iterables — cognium-dev #76/#83). Defer the
|
|
31
|
+
// empty-source early-return for Python so detectExpressionScanFlows runs.
|
|
32
|
+
const canSynthesize = ctx.language === 'python' && typeof ctx.code === 'string';
|
|
33
|
+
if (sources.length === 0 && !canSynthesize) {
|
|
26
34
|
return { flows: [] };
|
|
27
35
|
}
|
|
28
36
|
// DFG-based taint propagation
|
|
@@ -363,10 +371,10 @@ function detectParameterSinkFlows(types, calls, sources, sinks, unreachableLines
|
|
|
363
371
|
*/
|
|
364
372
|
function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachableLines, code, language) {
|
|
365
373
|
const flows = [];
|
|
366
|
-
//
|
|
374
|
+
// Variable-name scan path: only consider sources that carry an explicit
|
|
375
|
+
// variable name. The colocation path below (cognium-dev #83) runs even
|
|
376
|
+
// when this set is empty, so we no longer early-return.
|
|
367
377
|
const sourcesWithVar = sources.filter((s) => typeof s.variable === 'string' && s.variable.length > 0);
|
|
368
|
-
if (sourcesWithVar.length === 0)
|
|
369
|
-
return flows;
|
|
370
378
|
// Per-alias sanitizer coverage (cognium-dev #65 pt2).
|
|
371
379
|
//
|
|
372
380
|
// When Python alias expansion (below) adds a derived variable like
|
|
@@ -400,22 +408,43 @@ function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachabl
|
|
|
400
408
|
if (language === 'python' && typeof code === 'string') {
|
|
401
409
|
const derived = buildPythonTaintedVars(code);
|
|
402
410
|
if (derived.size > 0) {
|
|
411
|
+
const existingVars = new Set(sourcesWithVar.map(s => s.variable));
|
|
403
412
|
// Earliest real source — used as the anchor for synthetic source lines.
|
|
413
|
+
// When no real source has a `variable` field, we fall back to a per-var
|
|
414
|
+
// synthetic anchor at the derivation line (typical for the for-loop /
|
|
415
|
+
// bare-inline cases targeted by cognium-dev #76 / #83).
|
|
416
|
+
const hasRealSource = sourcesWithVar.length > 0;
|
|
404
417
|
let anchor = sourcesWithVar[0];
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
418
|
+
if (anchor) {
|
|
419
|
+
for (const s of sourcesWithVar) {
|
|
420
|
+
if (s.line < anchor.line)
|
|
421
|
+
anchor = s;
|
|
422
|
+
}
|
|
408
423
|
}
|
|
409
|
-
const
|
|
410
|
-
for (const [varName] of derived) {
|
|
424
|
+
for (const [varName, originLine] of derived) {
|
|
411
425
|
if (!varName || existingVars.has(varName))
|
|
412
426
|
continue;
|
|
413
427
|
// Don't shadow real sources; build a minimal synthetic record that
|
|
414
|
-
// satisfies the scan loop below.
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
428
|
+
// satisfies the scan loop below. When no real source exists, anchor
|
|
429
|
+
// the synthetic source at the derivation line itself with a generic
|
|
430
|
+
// `http_param` type — the for-loop / bare-inline patterns we want
|
|
431
|
+
// to recover here are all web-request-derived in practice.
|
|
432
|
+
if (hasRealSource && anchor) {
|
|
433
|
+
sourcesWithVar.push({
|
|
434
|
+
...anchor,
|
|
435
|
+
variable: varName,
|
|
436
|
+
});
|
|
437
|
+
}
|
|
438
|
+
else {
|
|
439
|
+
sourcesWithVar.push({
|
|
440
|
+
type: 'http_param',
|
|
441
|
+
location: `<derived> ${varName}`,
|
|
442
|
+
severity: 'high',
|
|
443
|
+
line: originLine,
|
|
444
|
+
confidence: 0.9,
|
|
445
|
+
variable: varName,
|
|
446
|
+
});
|
|
447
|
+
}
|
|
419
448
|
existingVars.add(varName);
|
|
420
449
|
}
|
|
421
450
|
// cognium-dev #65 pt2: record per-alias sanitizer coverage.
|
|
@@ -466,7 +495,7 @@ function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachabl
|
|
|
466
495
|
// produce a flow back to the original `web::Form<T>` parameter source.
|
|
467
496
|
// `buildRustTaintedVars` does a fixpoint over let-bindings + assignments
|
|
468
497
|
// seeded with the real source variables.
|
|
469
|
-
if (language === 'rust' && typeof code === 'string') {
|
|
498
|
+
if (language === 'rust' && typeof code === 'string' && sourcesWithVar.length > 0) {
|
|
470
499
|
const seedVars = new Set(sourcesWithVar.map(s => s.variable));
|
|
471
500
|
const derived = buildRustTaintedVars(code, seedVars);
|
|
472
501
|
if (derived.size > 0) {
|
|
@@ -556,6 +585,70 @@ function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachabl
|
|
|
556
585
|
}
|
|
557
586
|
}
|
|
558
587
|
}
|
|
588
|
+
// cognium-dev #83: inline-source colocation.
|
|
589
|
+
//
|
|
590
|
+
// When a source expression is used INLINE as a sink argument — e.g.
|
|
591
|
+
// `Runtime.getRuntime().exec(req.getParameter("u"))` (Java),
|
|
592
|
+
// `eval(req.query.x)` (JS), `os.system(request.args.get("u"))` (Python) —
|
|
593
|
+
// the source pattern matcher emits a source at `sink.line`, and no
|
|
594
|
+
// `variable` is bound (the arg node isn't a simple identifier).
|
|
595
|
+
// The DFG-based `propagateTaint` skips it (no `arg.variable`) and the
|
|
596
|
+
// variable-name scan above ignores it (no `source.variable`).
|
|
597
|
+
//
|
|
598
|
+
// Emit a direct flow when (a) the source line is the sink line, and
|
|
599
|
+
// (b) the source type can reach the sink type. Sanitizer checks are
|
|
600
|
+
// intentionally not applied here because an inline source has no
|
|
601
|
+
// intermediate assignment line for a sanitizer to wrap, and the
|
|
602
|
+
// sink-call expression itself either contains the raw source or
|
|
603
|
+
// doesn't; if a sanitizer wraps the source inside the arg expression
|
|
604
|
+
// (e.g. `exec(escape(req.query.x))`), the sanitizer pass will already
|
|
605
|
+
// mark the sink as sanitized via `sinkSanitizationMap`.
|
|
606
|
+
//
|
|
607
|
+
// Subsumes cognium-dev#76's "Python for-loop iterable inline source"
|
|
608
|
+
// for the simple cases where the source pattern matches the iterable
|
|
609
|
+
// and the loop variable is used on the same line.
|
|
610
|
+
//
|
|
611
|
+
// Restricted to sources with no `variable` field: an inline-pattern
|
|
612
|
+
// source has no enclosing assignment, so it can't be confused with an
|
|
613
|
+
// assignment-style source whose use happens to land on the same line
|
|
614
|
+
// (the latter must still respect "source precedes sink" — see the
|
|
615
|
+
// taint-propagation-pass "does NOT emit when source line is at or
|
|
616
|
+
// after sink line" regression guard).
|
|
617
|
+
const sourcesByLine = new Map();
|
|
618
|
+
for (const s of sources) {
|
|
619
|
+
if (s.variable && s.variable.length > 0)
|
|
620
|
+
continue;
|
|
621
|
+
const arr = sourcesByLine.get(s.line) ?? [];
|
|
622
|
+
arr.push(s);
|
|
623
|
+
sourcesByLine.set(s.line, arr);
|
|
624
|
+
}
|
|
625
|
+
for (const sink of sinks) {
|
|
626
|
+
if (unreachableLines.has(sink.line))
|
|
627
|
+
continue;
|
|
628
|
+
const colocSources = sourcesByLine.get(sink.line);
|
|
629
|
+
if (!colocSources || colocSources.length === 0)
|
|
630
|
+
continue;
|
|
631
|
+
for (const source of colocSources) {
|
|
632
|
+
if (!canSourceReachSink(source.type, sink.type))
|
|
633
|
+
continue;
|
|
634
|
+
if (flows.some(f => f.source_line === source.line &&
|
|
635
|
+
f.sink_line === sink.line &&
|
|
636
|
+
f.sink_type === sink.type))
|
|
637
|
+
continue;
|
|
638
|
+
flows.push({
|
|
639
|
+
source_line: source.line,
|
|
640
|
+
sink_line: sink.line,
|
|
641
|
+
source_type: source.type,
|
|
642
|
+
sink_type: sink.type,
|
|
643
|
+
path: [
|
|
644
|
+
{ variable: '<inline>', line: source.line, type: 'source' },
|
|
645
|
+
{ variable: '<inline>', line: sink.line, type: 'sink' },
|
|
646
|
+
],
|
|
647
|
+
confidence: source.confidence * sink.confidence * 0.85,
|
|
648
|
+
sanitized: false,
|
|
649
|
+
});
|
|
650
|
+
}
|
|
651
|
+
}
|
|
559
652
|
return flows;
|
|
560
653
|
}
|
|
561
654
|
//# sourceMappingURL=taint-propagation-pass.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-propagation-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAM1F,MAAM,OAAO,oBAAoB;IACtB,IAAI,GAAG,mBAAmB,CAAC;IAC3B,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;QAElC,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvB,CAAC;QAED,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;QAE5E,uEAAuE;QACvE,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC1D,IAAI,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEjE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACrE,IAAI,OAAO,CAAC,eAAe;oBAAE,OAAO,KAAK,CAAC;YAC5C,CAAC;YAED,IAAI,uBAAuB,CAAC,SAAS,EAAE,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3D,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,MAAM,KAAK,GAAoB,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YACH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC,CAAC;QAEJ,kCAAkC;QAClC,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,oBAAoB,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACpI,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,MAAM,eAAe,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC1H,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC;gBAAE,SAAS;YAE9F,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC5G,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,EAAE;QACF,6DAA6D;QAC7D,0EAA0E;QAC1E,2EAA2E;QAC3E,oDAAoD;QACpD,gEAAgE;QAChE,wEAAwE;QACxE,uDAAuD;QACvD,EAAE;QACF,mEAAmE;QACnE,0EAA0E;QAC1E,iEAAiE;QACjE,oEAAoE;QACpE,uEAAuE;QACvE,0EAA0E;QAC1E,uEAAuE;QACvE,MAAM,aAAa,GAAG,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7I,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW;gBAC/B,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS;gBAC3B,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAC5B;gBAAE,SAAS;YAEZ,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;CACF;AAED,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,SAAS,qBAAqB,CAC5B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,WAAwB,EACxB,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC;oBAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;oBAC7E,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;wBAC1B,IAAI,MAAM,EAAE,CAAC;4BACX,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCACjE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;iCAClE;gCACD,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK;6BAClC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;oBACnB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;oBAC5B,yDAAyD;oBACzD,MAAM,kBAAkB,GAAG;wBACzB,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;wBAC9C,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,mBAAmB,EAAE;wBAC/C,EAAE,MAAM,EAAE,KAAK,EAAO,EAAE,EAAE,cAAc,EAAE;wBAC1C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;qBAC/C,CAAC;oBACF,KAAK,MAAM,EAAE,EAAE,EAAE,IAAI,kBAAkB,EAAE,CAAC;wBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;wBAC7B,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC/B,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC;4BAC/F,IAAI,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;gCACxE,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gCAC1B,IAAI,MAAM,EAAE,CAAC;oCACX,KAAK,CAAC,IAAI,CAAC;wCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,IAAI,EAAE;4CACJ,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4CACvE,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yCACxE;wCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;qCACnC,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,oBAA8C,EAC9C,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC3E,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,QAAQ,GAAI,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,cAAc,GAAG,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAC3D,IAAI,cAAc,EAAE,CAAC;wBACnB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1E,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,MAAM,EAAE,CAAC;gCACX,KAAK,CAAC,IAAI,CAAC;oCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,IAAI,EAAE;wCACJ,EAAE,QAAQ,EAAE,SAAS,EAAqB,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;wCACtF,EAAE,QAAQ,EAAE,GAAG,SAAS,IAAI,QAAQ,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;qCACtF;oCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;iCACnC,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAwB,EACxB,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAwD,CAAC;IAC7F,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAClE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,SAAS,GAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxD,IAAI,CAAC,YAAY,EAAE,CAAC;oBAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;oBAAC,oBAAoB,CAAC,GAAG,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;gBAAC,CAAC;gBACpG,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAElD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;YAClC,IAAI,CAAC,UAAU;gBAAE,SAAS;YAC1B,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAChE,IAAI,CAAC,kBAAkB;gBAAE,SAAS;YAElC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,iEAAiE;oBACjE,+EAA+E;oBAC/E,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;wBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC9C,SAAS;oBACX,CAAC;oBACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACzD,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;wBAChG,IAAI,CAAC,MAAM,EAAE,CAAC;4BACZ,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCAC3E,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAS,IAAI,EAAE,MAAiB,EAAE;iCAC5E;gCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;6BACnC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wFAAwF;IACxF,KAAK,KAAK,CAAC;IACX,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAS,yBAAyB,CAChC,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,UAA2C,EAC3C,gBAA6B,EAC7B,IAAa,EACb,QAAiB;IAEjB,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,0EAA0E;IAC1E,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAwC,EAAE,CAChF,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CACxD,CAAC;IACF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9C,sDAAsD;IACtD,EAAE;IACF,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,iEAAiE;IACjE,gEAAgE;IAChE,8DAA8D;IAC9D,+DAA+D;IAC/D,gDAAgD;IAChD,EAAE;IACF,mEAAmE;IACnE,gEAAgE;IAChE,2DAA2D;IAC3D,iEAAiE;IACjE,yCAAyC;IACzC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEzD,0EAA0E;IAC1E,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,6EAA6E;IAC7E,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,2DAA2D;IAC3D,EAAE;IACF,uEAAuE;IACvE,wEAAwE;IACxE,gEAAgE;IAChE,IAAI,QAAQ,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACrB,wEAAwE;YACxE,IAAI,MAAM,GAA6B,cAAc,CAAC,CAAC,CAAC,CAAC;YACzD,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;gBAC/B,IAAI,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI;oBAAE,MAAM,GAAG,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClE,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,CAAC;gBAChC,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;oBAAE,SAAS;gBACpD,mEAAmE;gBACnE,iCAAiC;gBACjC,cAAc,CAAC,IAAI,CAAC;oBAClB,GAAG,MAAM;oBACT,QAAQ,EAAE,OAAO;iBAClB,CAAC,CAAC;gBACH,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAED,4DAA4D;YAC5D,gEAAgE;YAChE,gEAAgE;YAChE,oDAAoD;YACpD,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA6B,CAAC;gBAC9D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBAC/C,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACZ,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBACpC,CAAC;gBACD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACnC,KAAK,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,OAAO,EAAE,CAAC;oBAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;oBAClD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;wBAAE,SAAS;oBACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;oBACjD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;oBACvD,IAAI,CAAC,QAAQ;wBAAE,SAAS;oBACxB,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;oBACxB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;wBAC3B,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;wBAC7D,IAAI,CAAC,QAAQ;4BAAE,SAAS;wBACxB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;wBAC5E,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,OAAO,GAAG,CAAC;4BAAE,SAAS;wBAC3C,IAAI,GAAG,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBACzC,IAAI,CAAC,GAAG,EAAE,CAAC;4BAAC,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;4BAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;wBAAC,CAAC;wBAC3E,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,SAAS;4BAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,oCAAoC;IACpC,+BAA+B;IAC/B,0BAA0B;IAC1B,0BAA0B;IAC1B,uEAAuE;IACvE,yEAAyE;IACzE,yCAAyC;IACzC,IAAI,QAAQ,KAAK,MAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACrD,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACrB,IAAI,MAAM,GAA6B,cAAc,CAAC,CAAC,CAAC,CAAC;YACzD,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;gBAC/B,IAAI,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI;oBAAE,MAAM,GAAG,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClE,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,CAAC;gBAChC,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;oBAAE,SAAS;gBACpD,cAAc,CAAC,IAAI,CAAC;oBAClB,GAAG,MAAM;oBACT,QAAQ,EAAE,OAAO;iBAClB,CAAC,CAAC;gBACH,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,wEAAwE;IACxE,+EAA+E;IAC/E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YAAE,SAAS;QACtC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;gBAC5B,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEpB,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;oBACpC,0DAA0D;oBAC1D,IAAI,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI;wBAAE,SAAS;oBAEvC,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBACxC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;wBAAE,SAAS;oBAEpC,kEAAkE;oBAClE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI;wBAC7B,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI;wBACzB,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAC1B;wBAAE,SAAS;oBAEZ,8DAA8D;oBAC9D,8DAA8D;oBAC9D,+CAA+C;oBAC/C,4DAA4D;oBAC5D,IAAI,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC3D,MAAM;oBACR,CAAC;oBAED,KAAK,CAAC,IAAI,CAAC;wBACT,WAAW,EAAE,MAAM,CAAC,IAAI;wBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,WAAW,EAAE,MAAM,CAAC,IAAI;wBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,IAAI,EAAE;4BACJ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4BACzE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yBAC1E;wBACD,UAAU,EAAE,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,GAAG;wBACrD,SAAS,EAAE,KAAK;qBACjB,CAAC,CAAC;oBACH,MAAM,CAAC,+BAA+B;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
1
|
+
{"version":3,"file":"taint-propagation-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/taint-propagation-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAC1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAMpD,MAAM,OAAO,oBAAoB;IACtB,IAAI,GAAG,mBAAmB,CAAC;IAC3B,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;QACtB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;QAElC,MAAM,SAAS,GAAK,GAAG,CAAC,SAAS,CAA2B,sBAAsB,CAAC,CAAC;QACpF,MAAM,UAAU,GAAI,GAAG,CAAC,SAAS,CAAmB,aAAa,CAAC,CAAC;QACnE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAElD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvB,CAAC;QACD,wEAAwE;QACxE,0EAA0E;QAC1E,0EAA0E;QAC1E,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC;QAChF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvB,CAAC;QAED,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;QAE5E,uEAAuE;QACvE,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC1D,IAAI,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEjE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACrE,IAAI,OAAO,CAAC,eAAe;oBAAE,OAAO,KAAK,CAAC;YAC5C,CAAC;YAED,IAAI,uBAAuB,CAAC,SAAS,EAAE,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3D,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,MAAM,KAAK,GAAoB,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YAC7B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;YACzB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YACH,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC,CAAC;QAEJ,kCAAkC;QAClC,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,oBAAoB,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACpI,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,MAAM,eAAe,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC1H,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC;gBAAE,SAAS;YAE9F,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC5G,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,EAAE;QACF,6DAA6D;QAC7D,0EAA0E;QAC1E,2EAA2E;QAC3E,oDAAoD;QACpD,gEAAgE;QAChE,wEAAwE;QACxE,uDAAuD;QACvD,EAAE;QACF,mEAAmE;QACnE,0EAA0E;QAC1E,iEAAiE;QACjE,oEAAoE;QACpE,uEAAuE;QACvE,0EAA0E;QAC1E,uEAAuE;QACvE,MAAM,aAAa,GAAG,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7I,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW;gBAC/B,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS;gBAC3B,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAC5B;gBAAE,SAAS;YAEZ,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/B,IAAI,EAAI,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,EAAI;gBAC/B,IAAI,EAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;aAClE,CAAC;YACF,IAAI,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC;gBAAE,SAAS;YAE/D,IAAI,IAAI,GAAG,KAAK,CAAC;YACjB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,eAAe,EAAE,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;oBAAC,MAAM;gBAAC,CAAC;YACnG,CAAC;YACD,IAAI,IAAI;gBAAE,SAAS;YAEnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;CACF;AAED,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,SAAS,qBAAqB,CAC5B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,WAAwB,EACxB,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC;oBAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;oBAC7E,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;wBAC1B,IAAI,MAAM,EAAE,CAAC;4BACX,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCAC9C,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCACjE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;iCAClE;gCACD,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK;6BAClC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;oBACnB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;oBAC5B,yDAAyD;oBACzD,MAAM,kBAAkB,GAAG;wBACzB,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;wBAC9C,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,mBAAmB,EAAE;wBAC/C,EAAE,MAAM,EAAE,KAAK,EAAO,EAAE,EAAE,cAAc,EAAE;wBAC1C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,MAAM,EAAM,EAAE,EAAE,eAAe,EAAE;wBAC3C,EAAE,MAAM,EAAE,SAAS,EAAG,EAAE,EAAE,kBAAkB,EAAE;qBAC/C,CAAC;oBACF,KAAK,MAAM,EAAE,EAAE,EAAE,IAAI,kBAAkB,EAAE,CAAC;wBACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;wBAC7B,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC/B,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC;4BAC/F,IAAI,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;gCACxE,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gCAC1B,IAAI,MAAM,EAAE,CAAC;oCACX,KAAK,CAAC,IAAI,CAAC;wCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;wCAC9C,IAAI,EAAE;4CACJ,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4CACvE,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yCACxE;wCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;qCACnC,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,oBAA8C,EAC9C,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,gEAAgE;gBAChE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC3E,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,QAAQ,GAAI,gBAAgB,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,cAAc,GAAG,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAC3D,IAAI,cAAc,EAAE,CAAC;wBACnB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1E,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,MAAM,EAAE,CAAC;gCACX,KAAK,CAAC,IAAI,CAAC;oCACT,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;oCAC9C,IAAI,EAAE;wCACJ,EAAE,QAAQ,EAAE,SAAS,EAAqB,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;wCACtF,EAAE,QAAQ,EAAE,GAAG,SAAS,IAAI,QAAQ,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;qCACtF;oCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;iCACnC,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAwB,EACxB,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,gBAA6B;IAE7B,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAwD,CAAC;IAC7F,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAClE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,SAAS,GAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxD,IAAI,CAAC,YAAY,EAAE,CAAC;oBAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;oBAAC,oBAAoB,CAAC,GAAG,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;gBAAC,CAAC;gBACpG,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAElD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;YAClC,IAAI,CAAC,UAAU;gBAAE,SAAS;YAC1B,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAChE,IAAI,CAAC,kBAAkB;gBAAE,SAAS;YAElC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,iEAAiE;oBACjE,+EAA+E;oBAC/E,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;wBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC9C,SAAS;oBACX,CAAC;oBACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACzD,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;wBAChG,IAAI,CAAC,MAAM,EAAE,CAAC;4BACZ,KAAK,CAAC,IAAI,CAAC;gCACT,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI;gCACnD,IAAI,EAAE;oCACJ,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oCAC3E,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAS,IAAI,EAAE,MAAiB,EAAE;iCAC5E;gCACD,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK;6BACnC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wFAAwF;IACxF,KAAK,KAAK,CAAC;IACX,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAS,yBAAyB,CAChC,KAAwB,EACxB,OAAqC,EACrC,KAAiC,EACjC,UAA2C,EAC3C,gBAA6B,EAC7B,IAAa,EACb,QAAiB;IAEjB,MAAM,KAAK,GAA+B,EAAE,CAAC;IAE7C,wEAAwE;IACxE,uEAAuE;IACvE,wDAAwD;IACxD,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAwC,EAAE,CAChF,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CACxD,CAAC;IAEF,sDAAsD;IACtD,EAAE;IACF,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,iEAAiE;IACjE,gEAAgE;IAChE,8DAA8D;IAC9D,+DAA+D;IAC/D,gDAAgD;IAChD,EAAE;IACF,mEAAmE;IACnE,gEAAgE;IAChE,2DAA2D;IAC3D,iEAAiE;IACjE,yCAAyC;IACzC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEzD,0EAA0E;IAC1E,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,6EAA6E;IAC7E,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,2DAA2D;IAC3D,EAAE;IACF,uEAAuE;IACvE,wEAAwE;IACxE,gEAAgE;IAChE,IAAI,QAAQ,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClE,wEAAwE;YACxE,wEAAwE;YACxE,sEAAsE;YACtE,wDAAwD;YACxD,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;YAChD,IAAI,MAAM,GAAyC,cAAc,CAAC,CAAC,CAAC,CAAC;YACrE,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;oBAC/B,IAAI,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI;wBAAE,MAAM,GAAG,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;YACD,KAAK,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,OAAO,EAAE,CAAC;gBAC5C,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;oBAAE,SAAS;gBACpD,mEAAmE;gBACnE,oEAAoE;gBACpE,oEAAoE;gBACpE,kEAAkE;gBAClE,2DAA2D;gBAC3D,IAAI,aAAa,IAAI,MAAM,EAAE,CAAC;oBAC5B,cAAc,CAAC,IAAI,CAAC;wBAClB,GAAG,MAAM;wBACT,QAAQ,EAAE,OAAO;qBAClB,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,YAAY;wBAClB,QAAQ,EAAE,aAAa,OAAO,EAAE;wBAChC,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,UAAU;wBAChB,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,OAAO;qBAClB,CAAC,CAAC;gBACL,CAAC;gBACD,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAED,4DAA4D;YAC5D,gEAAgE;YAChE,gEAAgE;YAChE,oDAAoD;YACpD,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA6B,CAAC;gBAC9D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBAC/C,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACZ,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBACpC,CAAC;gBACD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACnC,KAAK,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,OAAO,EAAE,CAAC;oBAC5C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;oBAClD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;wBAAE,SAAS;oBACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;oBACjD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;oBACvD,IAAI,CAAC,QAAQ;wBAAE,SAAS;oBACxB,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;oBACxB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;wBAC3B,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;wBAC7D,IAAI,CAAC,QAAQ;4BAAE,SAAS;wBACxB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;wBAC5E,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,OAAO,GAAG,CAAC;4BAAE,SAAS;wBAC3C,IAAI,GAAG,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBACzC,IAAI,CAAC,GAAG,EAAE,CAAC;4BAAC,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;4BAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;wBAAC,CAAC;wBAC3E,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,SAAS;4BAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,oCAAoC;IACpC,+BAA+B;IAC/B,0BAA0B;IAC1B,0BAA0B;IAC1B,uEAAuE;IACvE,yEAAyE;IACzE,yCAAyC;IACzC,IAAI,QAAQ,KAAK,MAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9D,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACrD,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACrB,IAAI,MAAM,GAA6B,cAAc,CAAC,CAAC,CAAC,CAAC;YACzD,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;gBAC/B,IAAI,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI;oBAAE,MAAM,GAAG,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClE,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,CAAC;gBAChC,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;oBAAE,SAAS;gBACpD,cAAc,CAAC,IAAI,CAAC;oBAClB,GAAG,MAAM;oBACT,QAAQ,EAAE,OAAO;iBAClB,CAAC,CAAC;gBACH,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,wEAAwE;IACxE,+EAA+E;IAC/E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YAAE,SAAS;QACtC,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACjD,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBACD,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;gBAC5B,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEpB,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;oBACpC,0DAA0D;oBAC1D,IAAI,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI;wBAAE,SAAS;oBAEvC,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBACxC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;wBAAE,SAAS;oBAEpC,kEAAkE;oBAClE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI;wBAC7B,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI;wBACzB,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAC1B;wBAAE,SAAS;oBAEZ,8DAA8D;oBAC9D,8DAA8D;oBAC9D,+CAA+C;oBAC/C,4DAA4D;oBAC5D,IAAI,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC3D,MAAM;oBACR,CAAC;oBAED,KAAK,CAAC,IAAI,CAAC;wBACT,WAAW,EAAE,MAAM,CAAC,IAAI;wBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,WAAW,EAAE,MAAM,CAAC,IAAI;wBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;wBACtB,IAAI,EAAE;4BACJ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;4BACzE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;yBAC1E;wBACD,UAAU,EAAE,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,GAAG;wBACrD,SAAS,EAAE,KAAK;qBACjB,CAAC,CAAC;oBACH,MAAM,CAAC,+BAA+B;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,EAAE;IACF,oEAAoE;IACpE,6DAA6D;IAC7D,0EAA0E;IAC1E,mEAAmE;IACnE,gEAAgE;IAChE,sEAAsE;IACtE,8DAA8D;IAC9D,EAAE;IACF,oEAAoE;IACpE,oEAAoE;IACpE,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,qEAAqE;IACrE,sEAAsE;IACtE,wDAAwD;IACxD,EAAE;IACF,qEAAqE;IACrE,qEAAqE;IACrE,kDAAkD;IAClD,EAAE;IACF,oEAAoE;IACpE,sEAAsE;IACtE,qEAAqE;IACrE,kEAAkE;IAClE,kEAAkE;IAClE,sCAAsC;IACtC,MAAM,aAAa,GAAG,IAAI,GAAG,EAA0B,CAAC;IACxD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAClD,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5C,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9C,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACzD,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAC1D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjB,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI;gBAC7B,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI;gBACzB,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,IAAI,CAC1B;gBAAE,SAAS;YACZ,KAAK,CAAC,IAAI,CAAC;gBACT,WAAW,EAAE,MAAM,CAAC,IAAI;gBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;gBACtB,WAAW,EAAE,MAAM,CAAC,IAAI;gBACxB,SAAS,EAAI,IAAI,CAAC,IAAI;gBACtB,IAAI,EAAE;oBACJ,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,QAAiB,EAAE;oBACpE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAI,IAAI,EAAE,MAAiB,EAAE;iBACrE;gBACD,UAAU,EAAE,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;gBACtD,SAAS,EAAE,KAAK;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -13551,6 +13551,35 @@ function formatCallCode(call) {
|
|
|
13551
13551
|
return `${call.method_name}(${args2})`;
|
|
13552
13552
|
}
|
|
13553
13553
|
|
|
13554
|
+
// src/analysis/findings.ts
|
|
13555
|
+
function canSourceReachSink(sourceType, sinkType) {
|
|
13556
|
+
const sourceToSinkMapping = {
|
|
13557
|
+
// code_injection added to http_param/http_query/http_header/http_cookie:
|
|
13558
|
+
// `eval(req.query.x)`, `Function(req.header('x'))`, `vm.runInThisContext(req.cookies.c)`
|
|
13559
|
+
// are all real RCE patterns in JS web apps (cognium-dev #83).
|
|
13560
|
+
http_param: ["sql_injection", "command_injection", "path_traversal", "xss", "xpath_injection", "ldap_injection", "ssrf", "mybatis_mapper_call", "code_injection"],
|
|
13561
|
+
http_body: ["sql_injection", "command_injection", "deserialization", "xxe", "xss", "code_injection", "mybatis_mapper_call"],
|
|
13562
|
+
http_header: ["sql_injection", "xss", "ssrf", "mybatis_mapper_call", "code_injection"],
|
|
13563
|
+
http_cookie: ["sql_injection", "xss", "mybatis_mapper_call", "code_injection"],
|
|
13564
|
+
http_path: ["path_traversal", "sql_injection", "ssrf", "mybatis_mapper_call"],
|
|
13565
|
+
http_query: ["sql_injection", "command_injection", "xss", "ssrf", "mybatis_mapper_call", "code_injection"],
|
|
13566
|
+
io_input: ["command_injection", "path_traversal", "deserialization", "xxe", "code_injection", "xss"],
|
|
13567
|
+
env_input: ["command_injection", "path_traversal"],
|
|
13568
|
+
db_input: ["xss", "sql_injection"],
|
|
13569
|
+
// Second-order injection
|
|
13570
|
+
file_input: ["deserialization", "xxe", "path_traversal", "command_injection", "code_injection"],
|
|
13571
|
+
network_input: ["sql_injection", "command_injection", "xss", "ssrf"],
|
|
13572
|
+
config_param: ["sql_injection", "command_injection", "path_traversal", "xss", "ssrf"],
|
|
13573
|
+
// Servlet init params
|
|
13574
|
+
interprocedural_param: ["sql_injection", "command_injection", "path_traversal", "xss", "xpath_injection", "ldap_injection", "ssrf", "code_injection", "mybatis_mapper_call"],
|
|
13575
|
+
// Cross-method taint
|
|
13576
|
+
plugin_param: ["sql_injection", "command_injection", "path_traversal", "xss", "code_injection"]
|
|
13577
|
+
// Plugin/config parameters
|
|
13578
|
+
};
|
|
13579
|
+
const validSinks = sourceToSinkMapping[sourceType];
|
|
13580
|
+
return validSinks ? validSinks.includes(sinkType) : false;
|
|
13581
|
+
}
|
|
13582
|
+
|
|
13554
13583
|
// src/graph/code-graph.ts
|
|
13555
13584
|
var CodeGraph = class {
|
|
13556
13585
|
ir;
|
|
@@ -22449,7 +22478,11 @@ var TaintPropagationPass = class {
|
|
|
22449
22478
|
const constProp = ctx.getResult("constant-propagation");
|
|
22450
22479
|
const sinkFilter = ctx.getResult("sink-filter");
|
|
22451
22480
|
const { sources, sinks, sanitizers } = sinkFilter;
|
|
22452
|
-
if (
|
|
22481
|
+
if (sinks.length === 0) {
|
|
22482
|
+
return { flows: [] };
|
|
22483
|
+
}
|
|
22484
|
+
const canSynthesize = ctx.language === "python" && typeof ctx.code === "string";
|
|
22485
|
+
if (sources.length === 0 && !canSynthesize) {
|
|
22453
22486
|
return { flows: [] };
|
|
22454
22487
|
}
|
|
22455
22488
|
const propagationResult = propagateTaint(graph, sources, sinks, sanitizers);
|
|
@@ -22723,22 +22756,35 @@ function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachabl
|
|
|
22723
22756
|
const sourcesWithVar = sources.filter(
|
|
22724
22757
|
(s) => typeof s.variable === "string" && s.variable.length > 0
|
|
22725
22758
|
);
|
|
22726
|
-
if (sourcesWithVar.length === 0) return flows;
|
|
22727
22759
|
const aliasSanitizedFor = /* @__PURE__ */ new Map();
|
|
22728
22760
|
if (language === "python" && typeof code === "string") {
|
|
22729
22761
|
const derived = buildPythonTaintedVars(code);
|
|
22730
22762
|
if (derived.size > 0) {
|
|
22763
|
+
const existingVars = new Set(sourcesWithVar.map((s) => s.variable));
|
|
22764
|
+
const hasRealSource = sourcesWithVar.length > 0;
|
|
22731
22765
|
let anchor = sourcesWithVar[0];
|
|
22732
|
-
|
|
22733
|
-
|
|
22766
|
+
if (anchor) {
|
|
22767
|
+
for (const s of sourcesWithVar) {
|
|
22768
|
+
if (s.line < anchor.line) anchor = s;
|
|
22769
|
+
}
|
|
22734
22770
|
}
|
|
22735
|
-
const
|
|
22736
|
-
for (const [varName] of derived) {
|
|
22771
|
+
for (const [varName, originLine] of derived) {
|
|
22737
22772
|
if (!varName || existingVars.has(varName)) continue;
|
|
22738
|
-
|
|
22739
|
-
|
|
22740
|
-
|
|
22741
|
-
|
|
22773
|
+
if (hasRealSource && anchor) {
|
|
22774
|
+
sourcesWithVar.push({
|
|
22775
|
+
...anchor,
|
|
22776
|
+
variable: varName
|
|
22777
|
+
});
|
|
22778
|
+
} else {
|
|
22779
|
+
sourcesWithVar.push({
|
|
22780
|
+
type: "http_param",
|
|
22781
|
+
location: `<derived> ${varName}`,
|
|
22782
|
+
severity: "high",
|
|
22783
|
+
line: originLine,
|
|
22784
|
+
confidence: 0.9,
|
|
22785
|
+
variable: varName
|
|
22786
|
+
});
|
|
22787
|
+
}
|
|
22742
22788
|
existingVars.add(varName);
|
|
22743
22789
|
}
|
|
22744
22790
|
if (sanitizers && sanitizers.length > 0) {
|
|
@@ -22772,7 +22818,7 @@ function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachabl
|
|
|
22772
22818
|
}
|
|
22773
22819
|
}
|
|
22774
22820
|
}
|
|
22775
|
-
if (language === "rust" && typeof code === "string") {
|
|
22821
|
+
if (language === "rust" && typeof code === "string" && sourcesWithVar.length > 0) {
|
|
22776
22822
|
const seedVars = new Set(sourcesWithVar.map((s) => s.variable));
|
|
22777
22823
|
const derived = buildRustTaintedVars(code, seedVars);
|
|
22778
22824
|
if (derived.size > 0) {
|
|
@@ -22840,6 +22886,36 @@ function detectExpressionScanFlows(calls, sources, sinks, sanitizers, unreachabl
|
|
|
22840
22886
|
}
|
|
22841
22887
|
}
|
|
22842
22888
|
}
|
|
22889
|
+
const sourcesByLine = /* @__PURE__ */ new Map();
|
|
22890
|
+
for (const s of sources) {
|
|
22891
|
+
if (s.variable && s.variable.length > 0) continue;
|
|
22892
|
+
const arr = sourcesByLine.get(s.line) ?? [];
|
|
22893
|
+
arr.push(s);
|
|
22894
|
+
sourcesByLine.set(s.line, arr);
|
|
22895
|
+
}
|
|
22896
|
+
for (const sink of sinks) {
|
|
22897
|
+
if (unreachableLines.has(sink.line)) continue;
|
|
22898
|
+
const colocSources = sourcesByLine.get(sink.line);
|
|
22899
|
+
if (!colocSources || colocSources.length === 0) continue;
|
|
22900
|
+
for (const source of colocSources) {
|
|
22901
|
+
if (!canSourceReachSink(source.type, sink.type)) continue;
|
|
22902
|
+
if (flows.some(
|
|
22903
|
+
(f) => f.source_line === source.line && f.sink_line === sink.line && f.sink_type === sink.type
|
|
22904
|
+
)) continue;
|
|
22905
|
+
flows.push({
|
|
22906
|
+
source_line: source.line,
|
|
22907
|
+
sink_line: sink.line,
|
|
22908
|
+
source_type: source.type,
|
|
22909
|
+
sink_type: sink.type,
|
|
22910
|
+
path: [
|
|
22911
|
+
{ variable: "<inline>", line: source.line, type: "source" },
|
|
22912
|
+
{ variable: "<inline>", line: sink.line, type: "sink" }
|
|
22913
|
+
],
|
|
22914
|
+
confidence: source.confidence * sink.confidence * 0.85,
|
|
22915
|
+
sanitized: false
|
|
22916
|
+
});
|
|
22917
|
+
}
|
|
22918
|
+
}
|
|
22843
22919
|
return flows;
|
|
22844
22920
|
}
|
|
22845
22921
|
|
|
@@ -22854,7 +22930,7 @@ var InterproceduralPass = class {
|
|
|
22854
22930
|
const taintProp = ctx.getResult("taint-propagation");
|
|
22855
22931
|
const { sources, sinks, sanitizers } = sinkFilter;
|
|
22856
22932
|
if (sources.length === 0) {
|
|
22857
|
-
return { additionalSinks: [], additionalFlows: [] };
|
|
22933
|
+
return { additionalSinks: [], additionalFlows: [...taintProp.flows] };
|
|
22858
22934
|
}
|
|
22859
22935
|
const additionalSinks = [];
|
|
22860
22936
|
const additionalFlows = [...taintProp.flows];
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.50.0",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|