circle-ir 3.83.0 → 3.85.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/passes/language-sources-pass.d.ts.map +1 -1
- package/dist/analysis/passes/language-sources-pass.js +291 -0
- package/dist/analysis/passes/language-sources-pass.js.map +1 -1
- package/dist/analysis/passes/scan-secrets-pass.d.ts +12 -4
- package/dist/analysis/passes/scan-secrets-pass.d.ts.map +1 -1
- package/dist/analysis/passes/scan-secrets-pass.js +207 -9
- package/dist/analysis/passes/scan-secrets-pass.js.map +1 -1
- package/dist/analysis/taint-matcher.d.ts.map +1 -1
- package/dist/analysis/taint-matcher.js +96 -0
- package/dist/analysis/taint-matcher.js.map +1 -1
- package/dist/browser/circle-ir.js +370 -9
- package/dist/core/circle-ir-core.cjs +52 -0
- package/dist/core/circle-ir-core.js +52 -0
- package/package.json +1 -1
|
@@ -46,6 +46,18 @@ const TEST_FILENAME_RE = /(?:\.(?:test|spec)\.[cm]?[jt]sx?|_test\.go|_test\.py|T
|
|
|
46
46
|
function isTestFile(file) {
|
|
47
47
|
return TEST_PATH_RE.test(file) || TEST_FILENAME_RE.test(file);
|
|
48
48
|
}
|
|
49
|
+
// ---------------------------------------------------------------------------
|
|
50
|
+
// Generated-code skip heuristic (#125)
|
|
51
|
+
//
|
|
52
|
+
// Generated files routinely embed high-entropy attribution keys, provenance
|
|
53
|
+
// hashes, and embedded resource blobs that trip the entropy layer. Wholesale
|
|
54
|
+
// skip them, same as test files. Cognium-dev #125.
|
|
55
|
+
// ---------------------------------------------------------------------------
|
|
56
|
+
const GENERATED_PATH_RE = /(?:^|[\\/])(?:gen|generated|build[\\/]generated|src[\\/](?:main|test)[\\/]generated|target[\\/]generated-sources|target[\\/]generated-test-sources|node_modules[\\/]\.cache)(?:[\\/]|$)/i;
|
|
57
|
+
const GENERATED_FILENAME_RE = /__[ch]\.java$|\.pb\.go$|_pb2\.py$|\.generated\.[cm]?[jt]sx?$/i;
|
|
58
|
+
function isGeneratedFile(file) {
|
|
59
|
+
return GENERATED_PATH_RE.test(file) || GENERATED_FILENAME_RE.test(file);
|
|
60
|
+
}
|
|
49
61
|
const PROVIDER_PATTERNS = [
|
|
50
62
|
{
|
|
51
63
|
name: 'AWS access key',
|
|
@@ -262,6 +274,168 @@ function shannonEntropy(s) {
|
|
|
262
274
|
/** Words near the literal that imply credential context — used to lower the entropy threshold. */
|
|
263
275
|
const CREDENTIAL_NAME_RE = /(?:key|secret|token|password|passwd|credential|api[_-]?key)/i;
|
|
264
276
|
// ---------------------------------------------------------------------------
|
|
277
|
+
// Context-gate pre-scans (#125)
|
|
278
|
+
//
|
|
279
|
+
// The entropy layer alone fires on any high-entropy string. To kill the
|
|
280
|
+
// noise from generated attribution keys, embedded resource blobs, and
|
|
281
|
+
// public-spec constant tables, we layer three context-aware suppressions on
|
|
282
|
+
// top of the entropy gate: annotation-arg span, array-literal span, and
|
|
283
|
+
// enclosing field-name credential match.
|
|
284
|
+
//
|
|
285
|
+
// All three are regex-based (no AST), matching the existing pass design.
|
|
286
|
+
// ---------------------------------------------------------------------------
|
|
287
|
+
/**
|
|
288
|
+
* Pre-scan: return the set of 1-indexed line numbers that fall inside any
|
|
289
|
+
* `@Annotation( ... )` argument span (Java annotations, JS/TS decorators,
|
|
290
|
+
* Python decorators) or `#[...]` attribute span (Rust). String literals on
|
|
291
|
+
* suppressed lines are treated as annotation metadata, not credentials.
|
|
292
|
+
*
|
|
293
|
+
* Cognium-dev #125 Gate 1.
|
|
294
|
+
*/
|
|
295
|
+
function findAnnotationLineRanges(code) {
|
|
296
|
+
const lines = code.split('\n');
|
|
297
|
+
const inAnnotation = new Set();
|
|
298
|
+
// Match `@SomeAnnotation(` (Java/TS/Python with optional `.qualifier`) OR `#[`.
|
|
299
|
+
const OPEN_RE = /(?:@[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*\s*\(|#\[)/g;
|
|
300
|
+
for (let i = 0; i < lines.length; i++) {
|
|
301
|
+
OPEN_RE.lastIndex = 0;
|
|
302
|
+
let m;
|
|
303
|
+
while ((m = OPEN_RE.exec(lines[i])) !== null) {
|
|
304
|
+
const isRustAttr = m[0].startsWith('#[');
|
|
305
|
+
const openCh = isRustAttr ? '[' : '(';
|
|
306
|
+
const closeCh = isRustAttr ? ']' : ')';
|
|
307
|
+
// Walk forward tracking paren/bracket depth, skipping inside string literals.
|
|
308
|
+
let depth = 1;
|
|
309
|
+
let li = i;
|
|
310
|
+
let col = m.index + m[0].length;
|
|
311
|
+
// Soft cap to avoid runaway on unmatched parens.
|
|
312
|
+
let lineBudget = 200;
|
|
313
|
+
inAnnotation.add(li + 1);
|
|
314
|
+
while (depth > 0 && li < lines.length && lineBudget > 0) {
|
|
315
|
+
const ln = lines[li];
|
|
316
|
+
let inStr = null;
|
|
317
|
+
while (col < ln.length && depth > 0) {
|
|
318
|
+
const ch = ln[col];
|
|
319
|
+
if (inStr !== null) {
|
|
320
|
+
if (ch === '\\') {
|
|
321
|
+
col += 2;
|
|
322
|
+
continue;
|
|
323
|
+
}
|
|
324
|
+
if (ch === inStr)
|
|
325
|
+
inStr = null;
|
|
326
|
+
}
|
|
327
|
+
else if (ch === '"' || ch === "'" || ch === '`') {
|
|
328
|
+
inStr = ch;
|
|
329
|
+
}
|
|
330
|
+
else if (ch === openCh) {
|
|
331
|
+
depth++;
|
|
332
|
+
}
|
|
333
|
+
else if (ch === closeCh) {
|
|
334
|
+
depth--;
|
|
335
|
+
}
|
|
336
|
+
col++;
|
|
337
|
+
}
|
|
338
|
+
if (depth > 0) {
|
|
339
|
+
li++;
|
|
340
|
+
col = 0;
|
|
341
|
+
lineBudget--;
|
|
342
|
+
if (li < lines.length)
|
|
343
|
+
inAnnotation.add(li + 1);
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
}
|
|
348
|
+
return inAnnotation;
|
|
349
|
+
}
|
|
350
|
+
/**
|
|
351
|
+
* Pre-scan: return the set of 1-indexed line numbers that fall inside any
|
|
352
|
+
* array/object literal containing ≥3 string-literal elements (constant
|
|
353
|
+
* data table). Catches the `String[] X = { "...", "...", "...", ... }`
|
|
354
|
+
* shape (Java) and `const X = ["...", "...", "..."]` shape (JS/TS/Python).
|
|
355
|
+
*
|
|
356
|
+
* Cognium-dev #125 Gate 3.
|
|
357
|
+
*/
|
|
358
|
+
function findStringArrayLineRanges(code) {
|
|
359
|
+
const lines = code.split('\n');
|
|
360
|
+
const inArray = new Set();
|
|
361
|
+
// Match assignment opener to array/object literal: `= {`, `= [`.
|
|
362
|
+
const OPEN_RE = /=\s*([{\[])/g;
|
|
363
|
+
const STR_LITERAL_COUNT_RE = /(["'`])(?:\\.|(?!\1).)*\1/g;
|
|
364
|
+
for (let i = 0; i < lines.length; i++) {
|
|
365
|
+
OPEN_RE.lastIndex = 0;
|
|
366
|
+
let m;
|
|
367
|
+
while ((m = OPEN_RE.exec(lines[i])) !== null) {
|
|
368
|
+
const openCh = m[1];
|
|
369
|
+
const closeCh = openCh === '{' ? '}' : ']';
|
|
370
|
+
let depth = 1;
|
|
371
|
+
let li = i;
|
|
372
|
+
let col = m.index + m[0].length;
|
|
373
|
+
let lineBudget = 500;
|
|
374
|
+
const spanLines = [li + 1];
|
|
375
|
+
let spanText = '';
|
|
376
|
+
while (depth > 0 && li < lines.length && lineBudget > 0) {
|
|
377
|
+
const ln = lines[li];
|
|
378
|
+
let inStr = null;
|
|
379
|
+
const start = col;
|
|
380
|
+
while (col < ln.length && depth > 0) {
|
|
381
|
+
const ch = ln[col];
|
|
382
|
+
if (inStr !== null) {
|
|
383
|
+
if (ch === '\\') {
|
|
384
|
+
col += 2;
|
|
385
|
+
continue;
|
|
386
|
+
}
|
|
387
|
+
if (ch === inStr)
|
|
388
|
+
inStr = null;
|
|
389
|
+
}
|
|
390
|
+
else if (ch === '"' || ch === "'" || ch === '`') {
|
|
391
|
+
inStr = ch;
|
|
392
|
+
}
|
|
393
|
+
else if (ch === openCh) {
|
|
394
|
+
depth++;
|
|
395
|
+
}
|
|
396
|
+
else if (ch === closeCh) {
|
|
397
|
+
depth--;
|
|
398
|
+
}
|
|
399
|
+
col++;
|
|
400
|
+
}
|
|
401
|
+
spanText += ln.substring(start, col) + '\n';
|
|
402
|
+
if (depth > 0) {
|
|
403
|
+
li++;
|
|
404
|
+
col = 0;
|
|
405
|
+
lineBudget--;
|
|
406
|
+
if (li < lines.length)
|
|
407
|
+
spanLines.push(li + 1);
|
|
408
|
+
}
|
|
409
|
+
}
|
|
410
|
+
// Count string literals inside the span; if ≥3, mark all span lines.
|
|
411
|
+
STR_LITERAL_COUNT_RE.lastIndex = 0;
|
|
412
|
+
let strCount = 0;
|
|
413
|
+
while (STR_LITERAL_COUNT_RE.exec(spanText) !== null) {
|
|
414
|
+
strCount++;
|
|
415
|
+
if (strCount >= 3)
|
|
416
|
+
break;
|
|
417
|
+
}
|
|
418
|
+
if (strCount >= 3) {
|
|
419
|
+
for (const ln of spanLines)
|
|
420
|
+
inArray.add(ln);
|
|
421
|
+
}
|
|
422
|
+
}
|
|
423
|
+
}
|
|
424
|
+
return inArray;
|
|
425
|
+
}
|
|
426
|
+
/**
|
|
427
|
+
* Per-literal field-name extractor (#125 Gate 4).
|
|
428
|
+
*
|
|
429
|
+
* Extracts the assignment LHS identifier preceding the quoted string on the
|
|
430
|
+
* given line. Returns null if the literal is not an assignment value
|
|
431
|
+
* (e.g. annotation arg, function call arg, return expression).
|
|
432
|
+
*/
|
|
433
|
+
const FIELD_ASSIGN_RE = /(?:^|[\s,(])([A-Za-z_$][\w$]*)\s*[:=]\s*["'`]/;
|
|
434
|
+
function extractEnclosingFieldName(lineText) {
|
|
435
|
+
const m = FIELD_ASSIGN_RE.exec(lineText);
|
|
436
|
+
return m ? m[1] : null;
|
|
437
|
+
}
|
|
438
|
+
// ---------------------------------------------------------------------------
|
|
265
439
|
// Per-line FP-guard substrings (entropy layer only)
|
|
266
440
|
// ---------------------------------------------------------------------------
|
|
267
441
|
const TEST_CALL_RE = /\b(?:expect|assert|describe|it|test)\s*\(/;
|
|
@@ -271,7 +445,7 @@ export class ScanSecretsPass {
|
|
|
271
445
|
category = 'security';
|
|
272
446
|
run(ctx) {
|
|
273
447
|
const file = ctx.graph.ir.meta.file;
|
|
274
|
-
if (isTestFile(file)) {
|
|
448
|
+
if (isTestFile(file) || isGeneratedFile(file)) {
|
|
275
449
|
return { providerFindings: 0, entropyFindings: 0 };
|
|
276
450
|
}
|
|
277
451
|
const lines = ctx.code.split('\n');
|
|
@@ -285,6 +459,11 @@ export class ScanSecretsPass {
|
|
|
285
459
|
seen.add(`${f.line}:${f.rule_id}`);
|
|
286
460
|
}
|
|
287
461
|
}
|
|
462
|
+
// Pre-scan: line ranges to suppress in the entropy layer (#125 Gates 1 & 3).
|
|
463
|
+
// Provider patterns and named-credential layers are intentionally NOT gated
|
|
464
|
+
// by these — they retain full recall on real credential shapes.
|
|
465
|
+
const annotationLines = findAnnotationLineRanges(ctx.code);
|
|
466
|
+
const arrayLines = findStringArrayLineRanges(ctx.code);
|
|
288
467
|
let providerFindings = 0;
|
|
289
468
|
let entropyFindings = 0;
|
|
290
469
|
// Layer 1: provider patterns (line-by-line).
|
|
@@ -359,6 +538,13 @@ export class ScanSecretsPass {
|
|
|
359
538
|
continue;
|
|
360
539
|
if (COMMENT_EXAMPLE_RE.test(lineText))
|
|
361
540
|
continue;
|
|
541
|
+
// #125 Gate 1: skip annotation-arg spans (e.g. `@Original(key="...")`).
|
|
542
|
+
if (annotationLines.has(lineNum))
|
|
543
|
+
continue;
|
|
544
|
+
// #125 Gate 3: skip array/object literal spans with ≥3 string elements
|
|
545
|
+
// (constant data tables — solar terms, encoding alphabets, etc.).
|
|
546
|
+
if (arrayLines.has(lineNum))
|
|
547
|
+
continue;
|
|
362
548
|
// Reset regex state per line; STRING_LITERAL_RE is global.
|
|
363
549
|
STRING_LITERAL_RE.lastIndex = 0;
|
|
364
550
|
let match;
|
|
@@ -366,6 +552,9 @@ export class ScanSecretsPass {
|
|
|
366
552
|
const value = match[2];
|
|
367
553
|
if (!this.isCandidate(value))
|
|
368
554
|
continue;
|
|
555
|
+
// #125 Gate 4 length floor: short high-entropy literals are too noisy.
|
|
556
|
+
if (value.length < 32)
|
|
557
|
+
continue;
|
|
369
558
|
if (!this.passesEntropyGate(value, lineText))
|
|
370
559
|
continue;
|
|
371
560
|
const key = `${lineNum}:hardcoded-credential-entropy`;
|
|
@@ -417,17 +606,26 @@ export class ScanSecretsPass {
|
|
|
417
606
|
return true;
|
|
418
607
|
}
|
|
419
608
|
/**
|
|
420
|
-
* Shannon-entropy gate
|
|
421
|
-
*
|
|
422
|
-
*
|
|
423
|
-
*
|
|
609
|
+
* Shannon-entropy gate (#125 Gate 4 — REQUIRED field-name match).
|
|
610
|
+
*
|
|
611
|
+
* The entropy layer emits ONLY when the enclosing assignment LHS
|
|
612
|
+
* identifier matches a credential keyword (password / secret / token /
|
|
613
|
+
* api_key / etc.). Without this requirement, the layer flagged every
|
|
614
|
+
* high-entropy string — attribution keys, base64 resource blobs, public
|
|
615
|
+
* encoding alphabets — as credentials. Provider patterns (Layer 1) and
|
|
616
|
+
* named-credential matcher (Layer 1b) remain the recall safety net for
|
|
617
|
+
* credentials that don't fit the `FIELD = "..."` shape.
|
|
618
|
+
*
|
|
619
|
+
* Base64-shaped strings need higher entropy than hex-shaped (hex alphabet
|
|
620
|
+
* is 4 bits/char by construction).
|
|
424
621
|
*/
|
|
425
622
|
passesEntropyGate(value, lineText) {
|
|
623
|
+
const fieldName = extractEnclosingFieldName(lineText);
|
|
624
|
+
if (fieldName === null || !CREDENTIAL_NAME_RE.test(fieldName))
|
|
625
|
+
return false;
|
|
426
626
|
const isHex = HEXISH_RE.test(value);
|
|
427
|
-
const
|
|
428
|
-
|
|
429
|
-
const h = shannonEntropy(value);
|
|
430
|
-
return h >= threshold;
|
|
627
|
+
const threshold = isHex ? 3.3 : 4.1;
|
|
628
|
+
return shannonEntropy(value) >= threshold;
|
|
431
629
|
}
|
|
432
630
|
}
|
|
433
631
|
//# sourceMappingURL=scan-secrets-pass.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-secrets-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAKH,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,0EAA0E;AAC1E,MAAM,YAAY,GAAG,2FAA2F,CAAC;AACjH,MAAM,gBAAgB,GAAG,gFAAgF,CAAC;AAE1G,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAiBD,MAAM,iBAAiB,GAAsB;IAC3C;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sBAAsB;QAC7B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kFAAkF;KACxF;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oFAAoF;KAC1F;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;QAClC,GAAG,EAAE,oIAAoI;KAC1I;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sEAAsE;QAC7E,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,qIAAqI;KAC3I;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,iGAAiG;KACvG;CACF,CAAC;AAEF,8EAA8E;AAC9E,uCAAuC;AACvC,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,4EAA4E;AAC5E,0DAA0D;AAC1D,2EAA2E;AAC3E,qEAAqE;AACrE,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,0EAA0E;AAC1E,uEAAuE;AACvE,EAAE;AACF,aAAa;AACb,gEAAgE;AAChE,uCAAuC;AACvC,4EAA4E;AAC5E,sDAAsD;AACtD,0EAA0E;AAC1E,iFAAiF;AACjF,iEAAiE;AACjE,EAAE;AACF,qEAAqE;AACrE,8EAA8E;AAE9E,MAAM,eAAe,GACnB,8JAA8J,CAAC;AAEjK,MAAM,qBAAqB,GAAG,yDAAyD,CAAC;AACxF,MAAM,qBAAqB,GAAG,uCAAuC,CAAC;AACtE,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D,iGAAiG;AACjG,SAAS,4BAA4B,CAAC,IAAY;IAChD,sFAAsF;IACtF,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAClD,qEAAqE;IACrE,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnB,oEAAoE;IACpE,wEAAwE;IACxE,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,6CAA6C;IAC7C,IAAI,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,iBAAiB,GAAG,oCAAoC,CAAC;AAE/D,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,OAAO,GAAG,iEAAiE,CAAC;AAElF,MAAM,cAAc,GAClB,qOAAqO,CAAC;AAExO,4GAA4G;AAC5G,SAAS,eAAe,CAAC,CAAS;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACvE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0FAA0F;AAC1F,SAAS,eAAe,CAAC,CAAS;IAChC,mEAAmE;IACnE,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,uFAAuF;AACvF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,OAAO,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IACpC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QAClB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kGAAkG;AAClG,MAAM,kBAAkB,GAAG,8DAA8D,CAAC;AAE1F,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,2CAA2C,CAAC;AACjE,MAAM,kBAAkB,GAAG,+CAA+C,CAAC;AAY3E,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,cAAc,CAAC;IACtB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;QAEpC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,gBAAgB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC;QACxC,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YAC9B,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,IAAI,CAAC,CAAC,OAAO,KAAK,8BAA8B,EAAE,CAAC;gBACzF,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,6CAA6C;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAEjB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;oBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,sBAAsB;oBAC/B,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,yBAAyB,OAAO,CAAC,IAAI,WAAW;oBACzD,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;iBACnE,CAAC,CAAC;gBACH,gBAAgB,IAAI,CAAC,CAAC;gBACtB,sEAAsE;gBACtE,4DAA4D;gBAC5D,MAAM;YACR,CAAC;QACH,CAAC;QAED,kEAAkE;QAClE,2EAA2E;QAC3E,qEAAqE;QACrE,gEAAgE;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,GAAG,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,CAAC,GAAG;gBAAE,SAAS;YAEnB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,GAAG,CAAC,UAAU,CAAC;gBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;gBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,sBAAsB;gBAC/B,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,2BAA2B,GAAG,CAAC,IAAI,6BAA6B;gBACzE,IAAI;gBACJ,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC1C,GAAG,EAAE,iHAAiH;gBACtH,QAAQ,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;aACvD,CAAC,CAAC;YACH,gBAAgB,IAAI,CAAC,CAAC;QACxB,CAAC;QAED,oDAAoD;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAC1C,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEhD,2DAA2D;YAC3D,iBAAiB,CAAC,SAAS,GAAG,CAAC,CAAC;YAChC,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACvC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC;oBAAE,SAAS;gBAEvD,MAAM,GAAG,GAAG,GAAG,OAAO,+BAA+B,CAAC;gBACtD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,kEAAkE;gBAClE,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,uBAAuB,CAAC;oBAAE,SAAS;gBAC1D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,gCAAgC,IAAI,IAAI,OAAO,EAAE;oBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,8BAA8B;oBACvC,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,SAAS;oBAChB,OAAO,EAAE,2DAA2D,KAAK,CAAC,MAAM,SAAS;oBACzF,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,0LAA0L;oBAC/L,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;iBACpD,CAAC,CAAC;gBACH,eAAe,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC;IAC/C,CAAC;IAED,mEAAmE;IAC3D,WAAW,CAAC,CAAS;QAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,IAAI,eAAe,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACnC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,sEAAsE;QACtE,wCAAwC;QACxC,IAAI,mBAAmB,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,KAAa,EAAE,QAAgB;QACvD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,CAAC,IAAI,SAAS,CAAC;IACxB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"scan-secrets-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAKH,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,0EAA0E;AAC1E,MAAM,YAAY,GAAG,2FAA2F,CAAC;AACjH,MAAM,gBAAgB,GAAG,gFAAgF,CAAC;AAE1G,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAED,8EAA8E;AAC9E,uCAAuC;AACvC,EAAE;AACF,4EAA4E;AAC5E,6EAA6E;AAC7E,mDAAmD;AACnD,8EAA8E;AAE9E,MAAM,iBAAiB,GACrB,0LAA0L,CAAC;AAC7L,MAAM,qBAAqB,GAAG,+DAA+D,CAAC;AAE9F,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1E,CAAC;AAiBD,MAAM,iBAAiB,GAAsB;IAC3C;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sBAAsB;QAC7B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kFAAkF;KACxF;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oFAAoF;KAC1F;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;QAClC,GAAG,EAAE,oIAAoI;KAC1I;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sEAAsE;QAC7E,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,qIAAqI;KAC3I;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,iGAAiG;KACvG;CACF,CAAC;AAEF,8EAA8E;AAC9E,uCAAuC;AACvC,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,4EAA4E;AAC5E,0DAA0D;AAC1D,2EAA2E;AAC3E,qEAAqE;AACrE,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,0EAA0E;AAC1E,uEAAuE;AACvE,EAAE;AACF,aAAa;AACb,gEAAgE;AAChE,uCAAuC;AACvC,4EAA4E;AAC5E,sDAAsD;AACtD,0EAA0E;AAC1E,iFAAiF;AACjF,iEAAiE;AACjE,EAAE;AACF,qEAAqE;AACrE,8EAA8E;AAE9E,MAAM,eAAe,GACnB,8JAA8J,CAAC;AAEjK,MAAM,qBAAqB,GAAG,yDAAyD,CAAC;AACxF,MAAM,qBAAqB,GAAG,uCAAuC,CAAC;AACtE,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D,iGAAiG;AACjG,SAAS,4BAA4B,CAAC,IAAY;IAChD,sFAAsF;IACtF,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAClD,qEAAqE;IACrE,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnB,oEAAoE;IACpE,wEAAwE;IACxE,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,6CAA6C;IAC7C,IAAI,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,iBAAiB,GAAG,oCAAoC,CAAC;AAE/D,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,OAAO,GAAG,iEAAiE,CAAC;AAElF,MAAM,cAAc,GAClB,qOAAqO,CAAC;AAExO,4GAA4G;AAC5G,SAAS,eAAe,CAAC,CAAS;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACvE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0FAA0F;AAC1F,SAAS,eAAe,CAAC,CAAS;IAChC,mEAAmE;IACnE,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,uFAAuF;AACvF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,OAAO,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IACpC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QAClB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kGAAkG;AAClG,MAAM,kBAAkB,GAAG,8DAA8D,CAAC;AAE1F,8EAA8E;AAC9E,gCAAgC;AAChC,EAAE;AACF,wEAAwE;AACxE,sEAAsE;AACtE,4EAA4E;AAC5E,wEAAwE;AACxE,yCAAyC;AACzC,EAAE;AACF,yEAAyE;AACzE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,gFAAgF;IAChF,MAAM,OAAO,GAAG,gDAAgD,CAAC;IACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7C,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACtC,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACvC,8EAA8E;YAC9E,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,IAAI,EAAE,GAAG,CAAC,CAAC;YACX,IAAI,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAChC,iDAAiD;YACjD,IAAI,UAAU,GAAG,GAAG,CAAC;YACrB,YAAY,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACzB,OAAO,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrB,IAAI,KAAK,GAA2B,IAAI,CAAC;gBACzC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;oBACnB,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;wBACnB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;4BAAC,GAAG,IAAI,CAAC,CAAC;4BAAC,SAAS;wBAAC,CAAC;wBACxC,IAAI,EAAE,KAAK,KAAK;4BAAE,KAAK,GAAG,IAAI,CAAC;oBACjC,CAAC;yBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;wBAClD,KAAK,GAAG,EAAqB,CAAC;oBAChC,CAAC;yBAAM,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;wBACzB,KAAK,EAAE,CAAC;oBACV,CAAC;yBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;wBAC1B,KAAK,EAAE,CAAC;oBACV,CAAC;oBACD,GAAG,EAAE,CAAC;gBACR,CAAC;gBACD,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,EAAE,EAAE,CAAC;oBACL,GAAG,GAAG,CAAC,CAAC;oBACR,UAAU,EAAE,CAAC;oBACb,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM;wBAAE,YAAY,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAAC,IAAY;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,iEAAiE;IACjE,MAAM,OAAO,GAAG,cAAc,CAAC;IAC/B,MAAM,oBAAoB,GAAG,4BAA4B,CAAC;IAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACpB,MAAM,OAAO,GAAG,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YAC3C,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,IAAI,EAAE,GAAG,CAAC,CAAC;YACX,IAAI,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAChC,IAAI,UAAU,GAAG,GAAG,CAAC;YACrB,MAAM,SAAS,GAAa,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACrC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,OAAO,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrB,IAAI,KAAK,GAA2B,IAAI,CAAC;gBACzC,MAAM,KAAK,GAAG,GAAG,CAAC;gBAClB,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;oBACnB,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;wBACnB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;4BAAC,GAAG,IAAI,CAAC,CAAC;4BAAC,SAAS;wBAAC,CAAC;wBACxC,IAAI,EAAE,KAAK,KAAK;4BAAE,KAAK,GAAG,IAAI,CAAC;oBACjC,CAAC;yBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;wBAClD,KAAK,GAAG,EAAqB,CAAC;oBAChC,CAAC;yBAAM,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;wBACzB,KAAK,EAAE,CAAC;oBACV,CAAC;yBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;wBAC1B,KAAK,EAAE,CAAC;oBACV,CAAC;oBACD,GAAG,EAAE,CAAC;gBACR,CAAC;gBACD,QAAQ,IAAI,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC;gBAC5C,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,EAAE,EAAE,CAAC;oBACL,GAAG,GAAG,CAAC,CAAC;oBACR,UAAU,EAAE,CAAC;oBACb,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM;wBAAE,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YACD,qEAAqE;YACrE,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;YACnC,IAAI,QAAQ,GAAG,CAAC,CAAC;YACjB,OAAO,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpD,QAAQ,EAAE,CAAC;gBACX,IAAI,QAAQ,IAAI,CAAC;oBAAE,MAAM;YAC3B,CAAC;YACD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;gBAClB,KAAK,MAAM,EAAE,IAAI,SAAS;oBAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,eAAe,GACnB,+CAA+C,CAAC;AAElD,SAAS,yBAAyB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACzB,CAAC;AAED,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,2CAA2C,CAAC;AACjE,MAAM,kBAAkB,GAAG,+CAA+C,CAAC;AAY3E,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,cAAc,CAAC;IACtB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;QAEpC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,OAAO,EAAE,gBAAgB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC;QACxC,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YAC9B,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,IAAI,CAAC,CAAC,OAAO,KAAK,8BAA8B,EAAE,CAAC;gBACzF,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,4EAA4E;QAC5E,gEAAgE;QAChE,MAAM,eAAe,GAAG,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEvD,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,6CAA6C;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAEjB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;oBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,sBAAsB;oBAC/B,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,yBAAyB,OAAO,CAAC,IAAI,WAAW;oBACzD,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;iBACnE,CAAC,CAAC;gBACH,gBAAgB,IAAI,CAAC,CAAC;gBACtB,sEAAsE;gBACtE,4DAA4D;gBAC5D,MAAM;YACR,CAAC;QACH,CAAC;QAED,kEAAkE;QAClE,2EAA2E;QAC3E,qEAAqE;QACrE,gEAAgE;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,GAAG,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,CAAC,GAAG;gBAAE,SAAS;YAEnB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,GAAG,CAAC,UAAU,CAAC;gBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;gBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,sBAAsB;gBAC/B,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,2BAA2B,GAAG,CAAC,IAAI,6BAA6B;gBACzE,IAAI;gBACJ,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC1C,GAAG,EAAE,iHAAiH;gBACtH,QAAQ,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;aACvD,CAAC,CAAC;YACH,gBAAgB,IAAI,CAAC,CAAC;QACxB,CAAC;QAED,oDAAoD;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAC1C,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAChD,wEAAwE;YACxE,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC3C,uEAAuE;YACvE,kEAAkE;YAClE,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAEtC,2DAA2D;YAC3D,iBAAiB,CAAC,SAAS,GAAG,CAAC,CAAC;YAChC,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACvC,uEAAuE;gBACvE,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;oBAAE,SAAS;gBAChC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC;oBAAE,SAAS;gBAEvD,MAAM,GAAG,GAAG,GAAG,OAAO,+BAA+B,CAAC;gBACtD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,kEAAkE;gBAClE,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,uBAAuB,CAAC;oBAAE,SAAS;gBAC1D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,gCAAgC,IAAI,IAAI,OAAO,EAAE;oBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,8BAA8B;oBACvC,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,SAAS;oBAChB,OAAO,EAAE,2DAA2D,KAAK,CAAC,MAAM,SAAS;oBACzF,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,0LAA0L;oBAC/L,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;iBACpD,CAAC,CAAC;gBACH,eAAe,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC;IAC/C,CAAC;IAED,mEAAmE;IAC3D,WAAW,CAAC,CAAS;QAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,IAAI,eAAe,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACnC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,sEAAsE;QACtE,wCAAwC;QACxC,IAAI,mBAAmB,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;;;;OAaG;IACK,iBAAiB,CAAC,KAAa,EAAE,QAAgB;QACvD,MAAM,SAAS,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QACtD,IAAI,SAAS,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAC5E,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACpC,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC;IAC5C,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-matcher.d.ts","sourceRoot":"","sources":["../../src/analysis/taint-matcher.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAkB,KAAK,EAAwB,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACpJ,OAAO,KAAK,EAAE,WAAW,EAAiB,WAAW,EAAoB,MAAM,oBAAoB,CAAC;AACpG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAuB7E;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,QAAQ,EAAE,EACjB,KAAK,EAAE,QAAQ,EAAE,EACjB,MAAM,GAAE,WAAgC,EACxC,aAAa,CAAC,EAAE,qBAAqB,EACrC,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,IAAI,CAAC,EAAE,MAAM,GACZ,KAAK,CAOP;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,WAAW,EAAE,EACtB,KAAK,EAAE,SAAS,EAAE,EAClB,IAAI,EAAE,MAAM,GACX,IAAI,CAYN;
|
|
1
|
+
{"version":3,"file":"taint-matcher.d.ts","sourceRoot":"","sources":["../../src/analysis/taint-matcher.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAkB,KAAK,EAAwB,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACpJ,OAAO,KAAK,EAAE,WAAW,EAAiB,WAAW,EAAoB,MAAM,oBAAoB,CAAC;AACpG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAuB7E;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,QAAQ,EAAE,EACjB,KAAK,EAAE,QAAQ,EAAE,EACjB,MAAM,GAAE,WAAgC,EACxC,aAAa,CAAC,EAAE,qBAAqB,EACrC,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,IAAI,CAAC,EAAE,MAAM,GACZ,KAAK,CAOP;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,WAAW,EAAE,EACtB,KAAK,EAAE,SAAS,EAAE,EAClB,IAAI,EAAE,MAAM,GACX,IAAI,CAYN;AA6+CD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,WAAW,GACnB,OAAO,CAET"}
|
|
@@ -578,6 +578,95 @@ function isSafeGoExecCommandCall(call, pattern, language) {
|
|
|
578
578
|
// shell metacharacters. Sink is safe.
|
|
579
579
|
return true;
|
|
580
580
|
}
|
|
581
|
+
/**
|
|
582
|
+
* Check if a Rust `Command::new(...).arg(...).args(...).spawn().output()`
|
|
583
|
+
* chain is safe-by-shape: the program (bound at `Command::new("prog")`) is a
|
|
584
|
+
* string literal AND not a shell program. In that shape Rust invokes
|
|
585
|
+
* `execvp(program, argv)` directly without spawning a shell, so tainted argv
|
|
586
|
+
* elements passed via `.arg()` / `.args()` cannot escape into shell
|
|
587
|
+
* metacharacters.
|
|
588
|
+
*
|
|
589
|
+
* Cases:
|
|
590
|
+
* Command::new("ls") → safe (constructor, non-shell literal)
|
|
591
|
+
* Command::new("ls").args(&[user_input]) → safe (chained, literal program)
|
|
592
|
+
* Command::new("ls").arg(user_input).spawn() → safe (chained, literal program)
|
|
593
|
+
* Command::new("sh").arg("-c").arg(taintedCmd) → unsafe (shell program)
|
|
594
|
+
* Command::new(taintedProg) → unsafe (program itself tainted)
|
|
595
|
+
* let cmd = Command::new("ls"); cmd.args(&[x]); → unsafe-by-default
|
|
596
|
+
* (binding tracking out
|
|
597
|
+
* of scope; safe only
|
|
598
|
+
* via direct chain)
|
|
599
|
+
*
|
|
600
|
+
* Only suppresses when the program literal can be read DIRECTLY from the call
|
|
601
|
+
* or its receiver chain text — variable-bound receivers stay dangerous.
|
|
602
|
+
*
|
|
603
|
+
* cognium-dev #115 FP-21.
|
|
604
|
+
*/
|
|
605
|
+
function isSafeRustCommandCall(call, pattern, language) {
|
|
606
|
+
if (language !== 'rust')
|
|
607
|
+
return false;
|
|
608
|
+
if (pattern.type !== 'command_injection')
|
|
609
|
+
return false;
|
|
610
|
+
// Two source rules emit Rust Command sinks (config-loader.ts):
|
|
611
|
+
// (a) `{ method: 'arg'|'args'|'new'|'spawn'|'output', class: 'Command', ... }`
|
|
612
|
+
// — the per-class rules (rust.json + L1798).
|
|
613
|
+
// (b) `{ method: 'spawn', languages: [...'rust'], ... }` (L662) — a
|
|
614
|
+
// class-less universal-spawn rule that fires for Rust too.
|
|
615
|
+
// Allow both shapes through to the per-method shape checks below.
|
|
616
|
+
if (pattern.class !== undefined && pattern.class !== 'Command')
|
|
617
|
+
return false;
|
|
618
|
+
const SHELL_PROGRAMS = new Set([
|
|
619
|
+
'sh', 'bash', 'zsh', 'dash', 'ash', 'ksh',
|
|
620
|
+
'cmd', 'cmd.exe', 'powershell', 'pwsh',
|
|
621
|
+
'powershell.exe', 'pwsh.exe',
|
|
622
|
+
]);
|
|
623
|
+
// Extract a program literal from text containing `Command::new("...")`
|
|
624
|
+
// or `Command::new('...')` (anywhere in the receiver chain — Rust builder
|
|
625
|
+
// patterns can put any number of `.arg()` calls between the constructor
|
|
626
|
+
// and the eventual sink method).
|
|
627
|
+
// Returns the basename, or null if no literal.
|
|
628
|
+
const PROGRAM_RE = /\bCommand\s*::\s*new\s*\(\s*(?:r?"([^"]*)"|'([^']*)')/;
|
|
629
|
+
const extractProgram = (text) => {
|
|
630
|
+
const m = PROGRAM_RE.exec(text);
|
|
631
|
+
if (!m)
|
|
632
|
+
return null;
|
|
633
|
+
const lit = m[1] ?? m[2] ?? '';
|
|
634
|
+
return lit.split('/').pop() ?? lit;
|
|
635
|
+
};
|
|
636
|
+
if (pattern.method === 'new') {
|
|
637
|
+
// Constructor: arg[0] is the program. Check the literal directly.
|
|
638
|
+
const programArg = call.arguments.find(a => a.position === 0);
|
|
639
|
+
if (!programArg)
|
|
640
|
+
return false;
|
|
641
|
+
let program;
|
|
642
|
+
if (programArg.literal !== null && programArg.literal !== undefined) {
|
|
643
|
+
program = String(programArg.literal).split('/').pop() ?? String(programArg.literal);
|
|
644
|
+
}
|
|
645
|
+
else {
|
|
646
|
+
const expr = (programArg.expression ?? '').trim();
|
|
647
|
+
if (!(expr.startsWith('"') || expr.startsWith("'"))) {
|
|
648
|
+
return false; // non-literal program — keep dangerous
|
|
649
|
+
}
|
|
650
|
+
const stripped = expr.slice(1, -1);
|
|
651
|
+
program = stripped.split('/').pop() ?? stripped;
|
|
652
|
+
}
|
|
653
|
+
return !SHELL_PROGRAMS.has(program);
|
|
654
|
+
}
|
|
655
|
+
if (pattern.method === 'arg' ||
|
|
656
|
+
pattern.method === 'args' ||
|
|
657
|
+
pattern.method === 'spawn' ||
|
|
658
|
+
pattern.method === 'output') {
|
|
659
|
+
// Chained call: receiver text should start with `Command::new("literal")`.
|
|
660
|
+
// If the receiver is a bare identifier (variable-bound), we cannot prove
|
|
661
|
+
// safety without binding tracking — keep dangerous.
|
|
662
|
+
const receiverText = call.receiver ?? '';
|
|
663
|
+
const program = extractProgram(receiverText);
|
|
664
|
+
if (program === null)
|
|
665
|
+
return false;
|
|
666
|
+
return !SHELL_PROGRAMS.has(program);
|
|
667
|
+
}
|
|
668
|
+
return false;
|
|
669
|
+
}
|
|
581
670
|
/**
|
|
582
671
|
* Match a Java class-literal expression: `Foo.class`, `com.example.Foo.class`,
|
|
583
672
|
* `User<T>.class` (loose), `Foo[].class`. Does NOT match `Class.forName(...)`,
|
|
@@ -630,6 +719,13 @@ function findSinks(calls, patterns, typeHierarchy, language, sourceLines) {
|
|
|
630
719
|
if (isSafeGoExecCommandCall(call, pattern, language)) {
|
|
631
720
|
continue;
|
|
632
721
|
}
|
|
722
|
+
// Skip Rust Command::new("prog").arg/args/spawn/output calls in
|
|
723
|
+
// safe shape: program literal is a non-shell binary. Rust invokes
|
|
724
|
+
// execvp() directly so subsequent argv elements cannot escape into
|
|
725
|
+
// shell metacharacters. cognium-dev #115 FP-21.
|
|
726
|
+
if (isSafeRustCommandCall(call, pattern, language)) {
|
|
727
|
+
continue;
|
|
728
|
+
}
|
|
633
729
|
// Skip typed deserialization overloads where the target type is a
|
|
634
730
|
// compile-time class literal (e.g. `ObjectMapper.readValue(json,
|
|
635
731
|
// User.class)`). Jackson/Gson/FastJson cannot deserialize arbitrary
|