circle-ir 3.84.0 → 3.85.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/passes/scan-secrets-pass.d.ts +12 -4
- package/dist/analysis/passes/scan-secrets-pass.d.ts.map +1 -1
- package/dist/analysis/passes/scan-secrets-pass.js +207 -9
- package/dist/analysis/passes/scan-secrets-pass.js.map +1 -1
- package/dist/browser/circle-ir.js +138 -9
- package/package.json +1 -1
|
@@ -50,10 +50,18 @@ export declare class ScanSecretsPass implements AnalysisPass<ScanSecretsPassResu
|
|
|
50
50
|
/** Length + shape + denylist filter before entropy is computed. */
|
|
51
51
|
private isCandidate;
|
|
52
52
|
/**
|
|
53
|
-
* Shannon-entropy gate
|
|
54
|
-
*
|
|
55
|
-
*
|
|
56
|
-
*
|
|
53
|
+
* Shannon-entropy gate (#125 Gate 4 — REQUIRED field-name match).
|
|
54
|
+
*
|
|
55
|
+
* The entropy layer emits ONLY when the enclosing assignment LHS
|
|
56
|
+
* identifier matches a credential keyword (password / secret / token /
|
|
57
|
+
* api_key / etc.). Without this requirement, the layer flagged every
|
|
58
|
+
* high-entropy string — attribution keys, base64 resource blobs, public
|
|
59
|
+
* encoding alphabets — as credentials. Provider patterns (Layer 1) and
|
|
60
|
+
* named-credential matcher (Layer 1b) remain the recall safety net for
|
|
61
|
+
* credentials that don't fit the `FIELD = "..."` shape.
|
|
62
|
+
*
|
|
63
|
+
* Base64-shaped strings need higher entropy than hex-shaped (hex alphabet
|
|
64
|
+
* is 4 bits/char by construction).
|
|
57
65
|
*/
|
|
58
66
|
private passesEntropyGate;
|
|
59
67
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-secrets-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"scan-secrets-pass.d.ts","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AA2a9E,MAAM,WAAW,qBAAqB;IACpC,wEAAwE;IACxE,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,eAAgB,YAAW,YAAY,CAAC,qBAAqB,CAAC;IACzE,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,QAAQ,EAAG,UAAU,CAAU;IAExC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,qBAAqB;IAkJ5C,mEAAmE;IACnE,OAAO,CAAC,WAAW;IAanB;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,iBAAiB;CAO1B"}
|
|
@@ -46,6 +46,18 @@ const TEST_FILENAME_RE = /(?:\.(?:test|spec)\.[cm]?[jt]sx?|_test\.go|_test\.py|T
|
|
|
46
46
|
function isTestFile(file) {
|
|
47
47
|
return TEST_PATH_RE.test(file) || TEST_FILENAME_RE.test(file);
|
|
48
48
|
}
|
|
49
|
+
// ---------------------------------------------------------------------------
|
|
50
|
+
// Generated-code skip heuristic (#125)
|
|
51
|
+
//
|
|
52
|
+
// Generated files routinely embed high-entropy attribution keys, provenance
|
|
53
|
+
// hashes, and embedded resource blobs that trip the entropy layer. Wholesale
|
|
54
|
+
// skip them, same as test files. Cognium-dev #125.
|
|
55
|
+
// ---------------------------------------------------------------------------
|
|
56
|
+
const GENERATED_PATH_RE = /(?:^|[\\/])(?:gen|generated|build[\\/]generated|src[\\/](?:main|test)[\\/]generated|target[\\/]generated-sources|target[\\/]generated-test-sources|node_modules[\\/]\.cache)(?:[\\/]|$)/i;
|
|
57
|
+
const GENERATED_FILENAME_RE = /__[ch]\.java$|\.pb\.go$|_pb2\.py$|\.generated\.[cm]?[jt]sx?$/i;
|
|
58
|
+
function isGeneratedFile(file) {
|
|
59
|
+
return GENERATED_PATH_RE.test(file) || GENERATED_FILENAME_RE.test(file);
|
|
60
|
+
}
|
|
49
61
|
const PROVIDER_PATTERNS = [
|
|
50
62
|
{
|
|
51
63
|
name: 'AWS access key',
|
|
@@ -262,6 +274,168 @@ function shannonEntropy(s) {
|
|
|
262
274
|
/** Words near the literal that imply credential context — used to lower the entropy threshold. */
|
|
263
275
|
const CREDENTIAL_NAME_RE = /(?:key|secret|token|password|passwd|credential|api[_-]?key)/i;
|
|
264
276
|
// ---------------------------------------------------------------------------
|
|
277
|
+
// Context-gate pre-scans (#125)
|
|
278
|
+
//
|
|
279
|
+
// The entropy layer alone fires on any high-entropy string. To kill the
|
|
280
|
+
// noise from generated attribution keys, embedded resource blobs, and
|
|
281
|
+
// public-spec constant tables, we layer three context-aware suppressions on
|
|
282
|
+
// top of the entropy gate: annotation-arg span, array-literal span, and
|
|
283
|
+
// enclosing field-name credential match.
|
|
284
|
+
//
|
|
285
|
+
// All three are regex-based (no AST), matching the existing pass design.
|
|
286
|
+
// ---------------------------------------------------------------------------
|
|
287
|
+
/**
|
|
288
|
+
* Pre-scan: return the set of 1-indexed line numbers that fall inside any
|
|
289
|
+
* `@Annotation( ... )` argument span (Java annotations, JS/TS decorators,
|
|
290
|
+
* Python decorators) or `#[...]` attribute span (Rust). String literals on
|
|
291
|
+
* suppressed lines are treated as annotation metadata, not credentials.
|
|
292
|
+
*
|
|
293
|
+
* Cognium-dev #125 Gate 1.
|
|
294
|
+
*/
|
|
295
|
+
function findAnnotationLineRanges(code) {
|
|
296
|
+
const lines = code.split('\n');
|
|
297
|
+
const inAnnotation = new Set();
|
|
298
|
+
// Match `@SomeAnnotation(` (Java/TS/Python with optional `.qualifier`) OR `#[`.
|
|
299
|
+
const OPEN_RE = /(?:@[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*\s*\(|#\[)/g;
|
|
300
|
+
for (let i = 0; i < lines.length; i++) {
|
|
301
|
+
OPEN_RE.lastIndex = 0;
|
|
302
|
+
let m;
|
|
303
|
+
while ((m = OPEN_RE.exec(lines[i])) !== null) {
|
|
304
|
+
const isRustAttr = m[0].startsWith('#[');
|
|
305
|
+
const openCh = isRustAttr ? '[' : '(';
|
|
306
|
+
const closeCh = isRustAttr ? ']' : ')';
|
|
307
|
+
// Walk forward tracking paren/bracket depth, skipping inside string literals.
|
|
308
|
+
let depth = 1;
|
|
309
|
+
let li = i;
|
|
310
|
+
let col = m.index + m[0].length;
|
|
311
|
+
// Soft cap to avoid runaway on unmatched parens.
|
|
312
|
+
let lineBudget = 200;
|
|
313
|
+
inAnnotation.add(li + 1);
|
|
314
|
+
while (depth > 0 && li < lines.length && lineBudget > 0) {
|
|
315
|
+
const ln = lines[li];
|
|
316
|
+
let inStr = null;
|
|
317
|
+
while (col < ln.length && depth > 0) {
|
|
318
|
+
const ch = ln[col];
|
|
319
|
+
if (inStr !== null) {
|
|
320
|
+
if (ch === '\\') {
|
|
321
|
+
col += 2;
|
|
322
|
+
continue;
|
|
323
|
+
}
|
|
324
|
+
if (ch === inStr)
|
|
325
|
+
inStr = null;
|
|
326
|
+
}
|
|
327
|
+
else if (ch === '"' || ch === "'" || ch === '`') {
|
|
328
|
+
inStr = ch;
|
|
329
|
+
}
|
|
330
|
+
else if (ch === openCh) {
|
|
331
|
+
depth++;
|
|
332
|
+
}
|
|
333
|
+
else if (ch === closeCh) {
|
|
334
|
+
depth--;
|
|
335
|
+
}
|
|
336
|
+
col++;
|
|
337
|
+
}
|
|
338
|
+
if (depth > 0) {
|
|
339
|
+
li++;
|
|
340
|
+
col = 0;
|
|
341
|
+
lineBudget--;
|
|
342
|
+
if (li < lines.length)
|
|
343
|
+
inAnnotation.add(li + 1);
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
}
|
|
348
|
+
return inAnnotation;
|
|
349
|
+
}
|
|
350
|
+
/**
|
|
351
|
+
* Pre-scan: return the set of 1-indexed line numbers that fall inside any
|
|
352
|
+
* array/object literal containing ≥3 string-literal elements (constant
|
|
353
|
+
* data table). Catches the `String[] X = { "...", "...", "...", ... }`
|
|
354
|
+
* shape (Java) and `const X = ["...", "...", "..."]` shape (JS/TS/Python).
|
|
355
|
+
*
|
|
356
|
+
* Cognium-dev #125 Gate 3.
|
|
357
|
+
*/
|
|
358
|
+
function findStringArrayLineRanges(code) {
|
|
359
|
+
const lines = code.split('\n');
|
|
360
|
+
const inArray = new Set();
|
|
361
|
+
// Match assignment opener to array/object literal: `= {`, `= [`.
|
|
362
|
+
const OPEN_RE = /=\s*([{\[])/g;
|
|
363
|
+
const STR_LITERAL_COUNT_RE = /(["'`])(?:\\.|(?!\1).)*\1/g;
|
|
364
|
+
for (let i = 0; i < lines.length; i++) {
|
|
365
|
+
OPEN_RE.lastIndex = 0;
|
|
366
|
+
let m;
|
|
367
|
+
while ((m = OPEN_RE.exec(lines[i])) !== null) {
|
|
368
|
+
const openCh = m[1];
|
|
369
|
+
const closeCh = openCh === '{' ? '}' : ']';
|
|
370
|
+
let depth = 1;
|
|
371
|
+
let li = i;
|
|
372
|
+
let col = m.index + m[0].length;
|
|
373
|
+
let lineBudget = 500;
|
|
374
|
+
const spanLines = [li + 1];
|
|
375
|
+
let spanText = '';
|
|
376
|
+
while (depth > 0 && li < lines.length && lineBudget > 0) {
|
|
377
|
+
const ln = lines[li];
|
|
378
|
+
let inStr = null;
|
|
379
|
+
const start = col;
|
|
380
|
+
while (col < ln.length && depth > 0) {
|
|
381
|
+
const ch = ln[col];
|
|
382
|
+
if (inStr !== null) {
|
|
383
|
+
if (ch === '\\') {
|
|
384
|
+
col += 2;
|
|
385
|
+
continue;
|
|
386
|
+
}
|
|
387
|
+
if (ch === inStr)
|
|
388
|
+
inStr = null;
|
|
389
|
+
}
|
|
390
|
+
else if (ch === '"' || ch === "'" || ch === '`') {
|
|
391
|
+
inStr = ch;
|
|
392
|
+
}
|
|
393
|
+
else if (ch === openCh) {
|
|
394
|
+
depth++;
|
|
395
|
+
}
|
|
396
|
+
else if (ch === closeCh) {
|
|
397
|
+
depth--;
|
|
398
|
+
}
|
|
399
|
+
col++;
|
|
400
|
+
}
|
|
401
|
+
spanText += ln.substring(start, col) + '\n';
|
|
402
|
+
if (depth > 0) {
|
|
403
|
+
li++;
|
|
404
|
+
col = 0;
|
|
405
|
+
lineBudget--;
|
|
406
|
+
if (li < lines.length)
|
|
407
|
+
spanLines.push(li + 1);
|
|
408
|
+
}
|
|
409
|
+
}
|
|
410
|
+
// Count string literals inside the span; if ≥3, mark all span lines.
|
|
411
|
+
STR_LITERAL_COUNT_RE.lastIndex = 0;
|
|
412
|
+
let strCount = 0;
|
|
413
|
+
while (STR_LITERAL_COUNT_RE.exec(spanText) !== null) {
|
|
414
|
+
strCount++;
|
|
415
|
+
if (strCount >= 3)
|
|
416
|
+
break;
|
|
417
|
+
}
|
|
418
|
+
if (strCount >= 3) {
|
|
419
|
+
for (const ln of spanLines)
|
|
420
|
+
inArray.add(ln);
|
|
421
|
+
}
|
|
422
|
+
}
|
|
423
|
+
}
|
|
424
|
+
return inArray;
|
|
425
|
+
}
|
|
426
|
+
/**
|
|
427
|
+
* Per-literal field-name extractor (#125 Gate 4).
|
|
428
|
+
*
|
|
429
|
+
* Extracts the assignment LHS identifier preceding the quoted string on the
|
|
430
|
+
* given line. Returns null if the literal is not an assignment value
|
|
431
|
+
* (e.g. annotation arg, function call arg, return expression).
|
|
432
|
+
*/
|
|
433
|
+
const FIELD_ASSIGN_RE = /(?:^|[\s,(])([A-Za-z_$][\w$]*)\s*[:=]\s*["'`]/;
|
|
434
|
+
function extractEnclosingFieldName(lineText) {
|
|
435
|
+
const m = FIELD_ASSIGN_RE.exec(lineText);
|
|
436
|
+
return m ? m[1] : null;
|
|
437
|
+
}
|
|
438
|
+
// ---------------------------------------------------------------------------
|
|
265
439
|
// Per-line FP-guard substrings (entropy layer only)
|
|
266
440
|
// ---------------------------------------------------------------------------
|
|
267
441
|
const TEST_CALL_RE = /\b(?:expect|assert|describe|it|test)\s*\(/;
|
|
@@ -271,7 +445,7 @@ export class ScanSecretsPass {
|
|
|
271
445
|
category = 'security';
|
|
272
446
|
run(ctx) {
|
|
273
447
|
const file = ctx.graph.ir.meta.file;
|
|
274
|
-
if (isTestFile(file)) {
|
|
448
|
+
if (isTestFile(file) || isGeneratedFile(file)) {
|
|
275
449
|
return { providerFindings: 0, entropyFindings: 0 };
|
|
276
450
|
}
|
|
277
451
|
const lines = ctx.code.split('\n');
|
|
@@ -285,6 +459,11 @@ export class ScanSecretsPass {
|
|
|
285
459
|
seen.add(`${f.line}:${f.rule_id}`);
|
|
286
460
|
}
|
|
287
461
|
}
|
|
462
|
+
// Pre-scan: line ranges to suppress in the entropy layer (#125 Gates 1 & 3).
|
|
463
|
+
// Provider patterns and named-credential layers are intentionally NOT gated
|
|
464
|
+
// by these — they retain full recall on real credential shapes.
|
|
465
|
+
const annotationLines = findAnnotationLineRanges(ctx.code);
|
|
466
|
+
const arrayLines = findStringArrayLineRanges(ctx.code);
|
|
288
467
|
let providerFindings = 0;
|
|
289
468
|
let entropyFindings = 0;
|
|
290
469
|
// Layer 1: provider patterns (line-by-line).
|
|
@@ -359,6 +538,13 @@ export class ScanSecretsPass {
|
|
|
359
538
|
continue;
|
|
360
539
|
if (COMMENT_EXAMPLE_RE.test(lineText))
|
|
361
540
|
continue;
|
|
541
|
+
// #125 Gate 1: skip annotation-arg spans (e.g. `@Original(key="...")`).
|
|
542
|
+
if (annotationLines.has(lineNum))
|
|
543
|
+
continue;
|
|
544
|
+
// #125 Gate 3: skip array/object literal spans with ≥3 string elements
|
|
545
|
+
// (constant data tables — solar terms, encoding alphabets, etc.).
|
|
546
|
+
if (arrayLines.has(lineNum))
|
|
547
|
+
continue;
|
|
362
548
|
// Reset regex state per line; STRING_LITERAL_RE is global.
|
|
363
549
|
STRING_LITERAL_RE.lastIndex = 0;
|
|
364
550
|
let match;
|
|
@@ -366,6 +552,9 @@ export class ScanSecretsPass {
|
|
|
366
552
|
const value = match[2];
|
|
367
553
|
if (!this.isCandidate(value))
|
|
368
554
|
continue;
|
|
555
|
+
// #125 Gate 4 length floor: short high-entropy literals are too noisy.
|
|
556
|
+
if (value.length < 32)
|
|
557
|
+
continue;
|
|
369
558
|
if (!this.passesEntropyGate(value, lineText))
|
|
370
559
|
continue;
|
|
371
560
|
const key = `${lineNum}:hardcoded-credential-entropy`;
|
|
@@ -417,17 +606,26 @@ export class ScanSecretsPass {
|
|
|
417
606
|
return true;
|
|
418
607
|
}
|
|
419
608
|
/**
|
|
420
|
-
* Shannon-entropy gate
|
|
421
|
-
*
|
|
422
|
-
*
|
|
423
|
-
*
|
|
609
|
+
* Shannon-entropy gate (#125 Gate 4 — REQUIRED field-name match).
|
|
610
|
+
*
|
|
611
|
+
* The entropy layer emits ONLY when the enclosing assignment LHS
|
|
612
|
+
* identifier matches a credential keyword (password / secret / token /
|
|
613
|
+
* api_key / etc.). Without this requirement, the layer flagged every
|
|
614
|
+
* high-entropy string — attribution keys, base64 resource blobs, public
|
|
615
|
+
* encoding alphabets — as credentials. Provider patterns (Layer 1) and
|
|
616
|
+
* named-credential matcher (Layer 1b) remain the recall safety net for
|
|
617
|
+
* credentials that don't fit the `FIELD = "..."` shape.
|
|
618
|
+
*
|
|
619
|
+
* Base64-shaped strings need higher entropy than hex-shaped (hex alphabet
|
|
620
|
+
* is 4 bits/char by construction).
|
|
424
621
|
*/
|
|
425
622
|
passesEntropyGate(value, lineText) {
|
|
623
|
+
const fieldName = extractEnclosingFieldName(lineText);
|
|
624
|
+
if (fieldName === null || !CREDENTIAL_NAME_RE.test(fieldName))
|
|
625
|
+
return false;
|
|
426
626
|
const isHex = HEXISH_RE.test(value);
|
|
427
|
-
const
|
|
428
|
-
|
|
429
|
-
const h = shannonEntropy(value);
|
|
430
|
-
return h >= threshold;
|
|
627
|
+
const threshold = isHex ? 3.3 : 4.1;
|
|
628
|
+
return shannonEntropy(value) >= threshold;
|
|
431
629
|
}
|
|
432
630
|
}
|
|
433
631
|
//# sourceMappingURL=scan-secrets-pass.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-secrets-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAKH,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,0EAA0E;AAC1E,MAAM,YAAY,GAAG,2FAA2F,CAAC;AACjH,MAAM,gBAAgB,GAAG,gFAAgF,CAAC;AAE1G,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAiBD,MAAM,iBAAiB,GAAsB;IAC3C;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sBAAsB;QAC7B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kFAAkF;KACxF;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oFAAoF;KAC1F;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;QAClC,GAAG,EAAE,oIAAoI;KAC1I;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sEAAsE;QAC7E,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,qIAAqI;KAC3I;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,iGAAiG;KACvG;CACF,CAAC;AAEF,8EAA8E;AAC9E,uCAAuC;AACvC,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,4EAA4E;AAC5E,0DAA0D;AAC1D,2EAA2E;AAC3E,qEAAqE;AACrE,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,0EAA0E;AAC1E,uEAAuE;AACvE,EAAE;AACF,aAAa;AACb,gEAAgE;AAChE,uCAAuC;AACvC,4EAA4E;AAC5E,sDAAsD;AACtD,0EAA0E;AAC1E,iFAAiF;AACjF,iEAAiE;AACjE,EAAE;AACF,qEAAqE;AACrE,8EAA8E;AAE9E,MAAM,eAAe,GACnB,8JAA8J,CAAC;AAEjK,MAAM,qBAAqB,GAAG,yDAAyD,CAAC;AACxF,MAAM,qBAAqB,GAAG,uCAAuC,CAAC;AACtE,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D,iGAAiG;AACjG,SAAS,4BAA4B,CAAC,IAAY;IAChD,sFAAsF;IACtF,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAClD,qEAAqE;IACrE,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnB,oEAAoE;IACpE,wEAAwE;IACxE,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,6CAA6C;IAC7C,IAAI,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,iBAAiB,GAAG,oCAAoC,CAAC;AAE/D,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,OAAO,GAAG,iEAAiE,CAAC;AAElF,MAAM,cAAc,GAClB,qOAAqO,CAAC;AAExO,4GAA4G;AAC5G,SAAS,eAAe,CAAC,CAAS;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACvE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0FAA0F;AAC1F,SAAS,eAAe,CAAC,CAAS;IAChC,mEAAmE;IACnE,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,uFAAuF;AACvF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,OAAO,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IACpC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QAClB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kGAAkG;AAClG,MAAM,kBAAkB,GAAG,8DAA8D,CAAC;AAE1F,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,2CAA2C,CAAC;AACjE,MAAM,kBAAkB,GAAG,+CAA+C,CAAC;AAY3E,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,cAAc,CAAC;IACtB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;QAEpC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,gBAAgB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC;QACxC,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YAC9B,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,IAAI,CAAC,CAAC,OAAO,KAAK,8BAA8B,EAAE,CAAC;gBACzF,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,6CAA6C;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAEjB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;oBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,sBAAsB;oBAC/B,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,yBAAyB,OAAO,CAAC,IAAI,WAAW;oBACzD,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;iBACnE,CAAC,CAAC;gBACH,gBAAgB,IAAI,CAAC,CAAC;gBACtB,sEAAsE;gBACtE,4DAA4D;gBAC5D,MAAM;YACR,CAAC;QACH,CAAC;QAED,kEAAkE;QAClE,2EAA2E;QAC3E,qEAAqE;QACrE,gEAAgE;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,GAAG,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,CAAC,GAAG;gBAAE,SAAS;YAEnB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,GAAG,CAAC,UAAU,CAAC;gBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;gBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,sBAAsB;gBAC/B,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,2BAA2B,GAAG,CAAC,IAAI,6BAA6B;gBACzE,IAAI;gBACJ,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC1C,GAAG,EAAE,iHAAiH;gBACtH,QAAQ,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;aACvD,CAAC,CAAC;YACH,gBAAgB,IAAI,CAAC,CAAC;QACxB,CAAC;QAED,oDAAoD;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAC1C,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEhD,2DAA2D;YAC3D,iBAAiB,CAAC,SAAS,GAAG,CAAC,CAAC;YAChC,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACvC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC;oBAAE,SAAS;gBAEvD,MAAM,GAAG,GAAG,GAAG,OAAO,+BAA+B,CAAC;gBACtD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,kEAAkE;gBAClE,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,uBAAuB,CAAC;oBAAE,SAAS;gBAC1D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,gCAAgC,IAAI,IAAI,OAAO,EAAE;oBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,8BAA8B;oBACvC,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,SAAS;oBAChB,OAAO,EAAE,2DAA2D,KAAK,CAAC,MAAM,SAAS;oBACzF,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,0LAA0L;oBAC/L,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;iBACpD,CAAC,CAAC;gBACH,eAAe,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC;IAC/C,CAAC;IAED,mEAAmE;IAC3D,WAAW,CAAC,CAAS;QAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,IAAI,eAAe,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACnC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,sEAAsE;QACtE,wCAAwC;QACxC,IAAI,mBAAmB,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,KAAa,EAAE,QAAgB;QACvD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,CAAC,IAAI,SAAS,CAAC;IACxB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"scan-secrets-pass.js","sourceRoot":"","sources":["../../../src/analysis/passes/scan-secrets-pass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAKH,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,0EAA0E;AAC1E,MAAM,YAAY,GAAG,2FAA2F,CAAC;AACjH,MAAM,gBAAgB,GAAG,gFAAgF,CAAC;AAE1G,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChE,CAAC;AAED,8EAA8E;AAC9E,uCAAuC;AACvC,EAAE;AACF,4EAA4E;AAC5E,6EAA6E;AAC7E,mDAAmD;AACnD,8EAA8E;AAE9E,MAAM,iBAAiB,GACrB,0LAA0L,CAAC;AAC7L,MAAM,qBAAqB,GAAG,+DAA+D,CAAC;AAE9F,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1E,CAAC;AAiBD,MAAM,iBAAiB,GAAsB;IAC3C;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sBAAsB;QAC7B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,kFAAkF;KACxF;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oFAAoF;KAC1F;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;QAClC,GAAG,EAAE,oIAAoI;KAC1I;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sEAAsE;QAC7E,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,sGAAsG;KAC5G;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,qIAAqI;KAC3I;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;QACpC,GAAG,EAAE,iGAAiG;KACvG;CACF,CAAC;AAEF,8EAA8E;AAC9E,uCAAuC;AACvC,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,4EAA4E;AAC5E,0DAA0D;AAC1D,2EAA2E;AAC3E,qEAAqE;AACrE,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,0EAA0E;AAC1E,uEAAuE;AACvE,EAAE;AACF,aAAa;AACb,gEAAgE;AAChE,uCAAuC;AACvC,4EAA4E;AAC5E,sDAAsD;AACtD,0EAA0E;AAC1E,iFAAiF;AACjF,iEAAiE;AACjE,EAAE;AACF,qEAAqE;AACrE,8EAA8E;AAE9E,MAAM,eAAe,GACnB,8JAA8J,CAAC;AAEjK,MAAM,qBAAqB,GAAG,yDAAyD,CAAC;AACxF,MAAM,qBAAqB,GAAG,uCAAuC,CAAC;AACtE,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D,iGAAiG;AACjG,SAAS,4BAA4B,CAAC,IAAY;IAChD,sFAAsF;IACtF,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAClD,qEAAqE;IACrE,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnB,oEAAoE;IACpE,wEAAwE;IACxE,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,6CAA6C;IAC7C,IAAI,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,iBAAiB,GAAG,oCAAoC,CAAC;AAE/D,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,OAAO,GAAG,iEAAiE,CAAC;AAElF,MAAM,cAAc,GAClB,qOAAqO,CAAC;AAExO,4GAA4G;AAC5G,SAAS,eAAe,CAAC,CAAS;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACvE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0FAA0F;AAC1F,SAAS,eAAe,CAAC,CAAS;IAChC,mEAAmE;IACnE,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,uFAAuF;AACvF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,OAAO,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IACpC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC;QAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QAClB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,kGAAkG;AAClG,MAAM,kBAAkB,GAAG,8DAA8D,CAAC;AAE1F,8EAA8E;AAC9E,gCAAgC;AAChC,EAAE;AACF,wEAAwE;AACxE,sEAAsE;AACtE,4EAA4E;AAC5E,wEAAwE;AACxE,yCAAyC;AACzC,EAAE;AACF,yEAAyE;AACzE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,gFAAgF;IAChF,MAAM,OAAO,GAAG,gDAAgD,CAAC;IACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7C,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACtC,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACvC,8EAA8E;YAC9E,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,IAAI,EAAE,GAAG,CAAC,CAAC;YACX,IAAI,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAChC,iDAAiD;YACjD,IAAI,UAAU,GAAG,GAAG,CAAC;YACrB,YAAY,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACzB,OAAO,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrB,IAAI,KAAK,GAA2B,IAAI,CAAC;gBACzC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;oBACnB,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;wBACnB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;4BAAC,GAAG,IAAI,CAAC,CAAC;4BAAC,SAAS;wBAAC,CAAC;wBACxC,IAAI,EAAE,KAAK,KAAK;4BAAE,KAAK,GAAG,IAAI,CAAC;oBACjC,CAAC;yBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;wBAClD,KAAK,GAAG,EAAqB,CAAC;oBAChC,CAAC;yBAAM,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;wBACzB,KAAK,EAAE,CAAC;oBACV,CAAC;yBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;wBAC1B,KAAK,EAAE,CAAC;oBACV,CAAC;oBACD,GAAG,EAAE,CAAC;gBACR,CAAC;gBACD,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,EAAE,EAAE,CAAC;oBACL,GAAG,GAAG,CAAC,CAAC;oBACR,UAAU,EAAE,CAAC;oBACb,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM;wBAAE,YAAY,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAAC,IAAY;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,iEAAiE;IACjE,MAAM,OAAO,GAAG,cAAc,CAAC;IAC/B,MAAM,oBAAoB,GAAG,4BAA4B,CAAC;IAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,CAAyB,CAAC;QAC9B,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACpB,MAAM,OAAO,GAAG,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YAC3C,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,IAAI,EAAE,GAAG,CAAC,CAAC;YACX,IAAI,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAChC,IAAI,UAAU,GAAG,GAAG,CAAC;YACrB,MAAM,SAAS,GAAa,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACrC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,OAAO,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;gBACrB,IAAI,KAAK,GAA2B,IAAI,CAAC;gBACzC,MAAM,KAAK,GAAG,GAAG,CAAC;gBAClB,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;oBACnB,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;wBACnB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;4BAAC,GAAG,IAAI,CAAC,CAAC;4BAAC,SAAS;wBAAC,CAAC;wBACxC,IAAI,EAAE,KAAK,KAAK;4BAAE,KAAK,GAAG,IAAI,CAAC;oBACjC,CAAC;yBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;wBAClD,KAAK,GAAG,EAAqB,CAAC;oBAChC,CAAC;yBAAM,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;wBACzB,KAAK,EAAE,CAAC;oBACV,CAAC;yBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;wBAC1B,KAAK,EAAE,CAAC;oBACV,CAAC;oBACD,GAAG,EAAE,CAAC;gBACR,CAAC;gBACD,QAAQ,IAAI,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC;gBAC5C,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,EAAE,EAAE,CAAC;oBACL,GAAG,GAAG,CAAC,CAAC;oBACR,UAAU,EAAE,CAAC;oBACb,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM;wBAAE,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YACD,qEAAqE;YACrE,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;YACnC,IAAI,QAAQ,GAAG,CAAC,CAAC;YACjB,OAAO,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpD,QAAQ,EAAE,CAAC;gBACX,IAAI,QAAQ,IAAI,CAAC;oBAAE,MAAM;YAC3B,CAAC;YACD,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;gBAClB,KAAK,MAAM,EAAE,IAAI,SAAS;oBAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,eAAe,GACnB,+CAA+C,CAAC;AAElD,SAAS,yBAAyB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACzB,CAAC;AAED,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,2CAA2C,CAAC;AACjE,MAAM,kBAAkB,GAAG,+CAA+C,CAAC;AAY3E,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,cAAc,CAAC;IACtB,QAAQ,GAAG,UAAmB,CAAC;IAExC,GAAG,CAAC,GAAgB;QAClB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;QAEpC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,OAAO,EAAE,gBAAgB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC;QACxC,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YAC9B,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,IAAI,CAAC,CAAC,OAAO,KAAK,8BAA8B,EAAE,CAAC;gBACzF,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,4EAA4E;QAC5E,gEAAgE;QAChE,MAAM,eAAe,GAAG,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEvD,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,6CAA6C;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAEjB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;oBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,sBAAsB;oBAC/B,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,OAAO,EAAE,yBAAyB,OAAO,CAAC,IAAI,WAAW;oBACzD,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;iBACnE,CAAC,CAAC;gBACH,gBAAgB,IAAI,CAAC,CAAC;gBACtB,sEAAsE;gBACtE,4DAA4D;gBAC5D,MAAM;YACR,CAAC;QACH,CAAC;QAED,kEAAkE;QAClE,2EAA2E;QAC3E,qEAAqE;QACrE,gEAAgE;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,GAAG,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,CAAC,GAAG;gBAAE,SAAS;YAEnB,MAAM,GAAG,GAAG,GAAG,OAAO,uBAAuB,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,GAAG,CAAC,UAAU,CAAC;gBACb,EAAE,EAAE,wBAAwB,IAAI,IAAI,OAAO,EAAE;gBAC7C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,sBAAsB;gBAC/B,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,2BAA2B,GAAG,CAAC,IAAI,6BAA6B;gBACzE,IAAI;gBACJ,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC1C,GAAG,EAAE,iHAAiH;gBACtH,QAAQ,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE;aACvD,CAAC,CAAC;YACH,gBAAgB,IAAI,CAAC,CAAC;QACxB,CAAC;QAED,oDAAoD;QACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAC1C,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAChD,wEAAwE;YACxE,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC3C,uEAAuE;YACvE,kEAAkE;YAClE,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAEtC,2DAA2D;YAC3D,iBAAiB,CAAC,SAAS,GAAG,CAAC,CAAC;YAChC,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACvC,uEAAuE;gBACvE,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;oBAAE,SAAS;gBAChC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC;oBAAE,SAAS;gBAEvD,MAAM,GAAG,GAAG,GAAG,OAAO,+BAA+B,CAAC;gBACtD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,kEAAkE;gBAClE,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,uBAAuB,CAAC;oBAAE,SAAS;gBAC1D,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,GAAG,CAAC,UAAU,CAAC;oBACb,EAAE,EAAE,gCAAgC,IAAI,IAAI,OAAO,EAAE;oBACrD,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,8BAA8B;oBACvC,GAAG,EAAE,SAAS;oBACd,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,SAAS;oBAChB,OAAO,EAAE,2DAA2D,KAAK,CAAC,MAAM,SAAS;oBACzF,IAAI;oBACJ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC1C,GAAG,EAAE,0LAA0L;oBAC/L,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;iBACpD,CAAC,CAAC;gBACH,eAAe,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC;IAC/C,CAAC;IAED,mEAAmE;IAC3D,WAAW,CAAC,CAAS;QAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,IAAI,eAAe,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACnC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,sEAAsE;QACtE,wCAAwC;QACxC,IAAI,mBAAmB,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;;;;OAaG;IACK,iBAAiB,CAAC,KAAa,EAAE,QAAgB;QACvD,MAAM,SAAS,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QACtD,IAAI,SAAS,KAAK,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAC5E,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACpC,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC;IAC5C,CAAC;CACF"}
|
|
@@ -28845,6 +28845,11 @@ var TEST_FILENAME_RE = /(?:\.(?:test|spec)\.[cm]?[jt]sx?|_test\.go|_test\.py|Tes
|
|
|
28845
28845
|
function isTestFile(file) {
|
|
28846
28846
|
return TEST_PATH_RE3.test(file) || TEST_FILENAME_RE.test(file);
|
|
28847
28847
|
}
|
|
28848
|
+
var GENERATED_PATH_RE = /(?:^|[\\/])(?:gen|generated|build[\\/]generated|src[\\/](?:main|test)[\\/]generated|target[\\/]generated-sources|target[\\/]generated-test-sources|node_modules[\\/]\.cache)(?:[\\/]|$)/i;
|
|
28849
|
+
var GENERATED_FILENAME_RE = /__[ch]\.java$|\.pb\.go$|_pb2\.py$|\.generated\.[cm]?[jt]sx?$/i;
|
|
28850
|
+
function isGeneratedFile(file) {
|
|
28851
|
+
return GENERATED_PATH_RE.test(file) || GENERATED_FILENAME_RE.test(file);
|
|
28852
|
+
}
|
|
28848
28853
|
var PROVIDER_PATTERNS = [
|
|
28849
28854
|
{
|
|
28850
28855
|
name: "AWS access key",
|
|
@@ -29011,6 +29016,117 @@ function shannonEntropy(s) {
|
|
|
29011
29016
|
return h;
|
|
29012
29017
|
}
|
|
29013
29018
|
var CREDENTIAL_NAME_RE = /(?:key|secret|token|password|passwd|credential|api[_-]?key)/i;
|
|
29019
|
+
function findAnnotationLineRanges(code) {
|
|
29020
|
+
const lines = code.split("\n");
|
|
29021
|
+
const inAnnotation = /* @__PURE__ */ new Set();
|
|
29022
|
+
const OPEN_RE = /(?:@[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*\s*\(|#\[)/g;
|
|
29023
|
+
for (let i2 = 0; i2 < lines.length; i2++) {
|
|
29024
|
+
OPEN_RE.lastIndex = 0;
|
|
29025
|
+
let m;
|
|
29026
|
+
while ((m = OPEN_RE.exec(lines[i2])) !== null) {
|
|
29027
|
+
const isRustAttr = m[0].startsWith("#[");
|
|
29028
|
+
const openCh = isRustAttr ? "[" : "(";
|
|
29029
|
+
const closeCh = isRustAttr ? "]" : ")";
|
|
29030
|
+
let depth = 1;
|
|
29031
|
+
let li = i2;
|
|
29032
|
+
let col = m.index + m[0].length;
|
|
29033
|
+
let lineBudget = 200;
|
|
29034
|
+
inAnnotation.add(li + 1);
|
|
29035
|
+
while (depth > 0 && li < lines.length && lineBudget > 0) {
|
|
29036
|
+
const ln = lines[li];
|
|
29037
|
+
let inStr = null;
|
|
29038
|
+
while (col < ln.length && depth > 0) {
|
|
29039
|
+
const ch = ln[col];
|
|
29040
|
+
if (inStr !== null) {
|
|
29041
|
+
if (ch === "\\") {
|
|
29042
|
+
col += 2;
|
|
29043
|
+
continue;
|
|
29044
|
+
}
|
|
29045
|
+
if (ch === inStr) inStr = null;
|
|
29046
|
+
} else if (ch === '"' || ch === "'" || ch === "`") {
|
|
29047
|
+
inStr = ch;
|
|
29048
|
+
} else if (ch === openCh) {
|
|
29049
|
+
depth++;
|
|
29050
|
+
} else if (ch === closeCh) {
|
|
29051
|
+
depth--;
|
|
29052
|
+
}
|
|
29053
|
+
col++;
|
|
29054
|
+
}
|
|
29055
|
+
if (depth > 0) {
|
|
29056
|
+
li++;
|
|
29057
|
+
col = 0;
|
|
29058
|
+
lineBudget--;
|
|
29059
|
+
if (li < lines.length) inAnnotation.add(li + 1);
|
|
29060
|
+
}
|
|
29061
|
+
}
|
|
29062
|
+
}
|
|
29063
|
+
}
|
|
29064
|
+
return inAnnotation;
|
|
29065
|
+
}
|
|
29066
|
+
function findStringArrayLineRanges(code) {
|
|
29067
|
+
const lines = code.split("\n");
|
|
29068
|
+
const inArray = /* @__PURE__ */ new Set();
|
|
29069
|
+
const OPEN_RE = /=\s*([{\[])/g;
|
|
29070
|
+
const STR_LITERAL_COUNT_RE = /(["'`])(?:\\.|(?!\1).)*\1/g;
|
|
29071
|
+
for (let i2 = 0; i2 < lines.length; i2++) {
|
|
29072
|
+
OPEN_RE.lastIndex = 0;
|
|
29073
|
+
let m;
|
|
29074
|
+
while ((m = OPEN_RE.exec(lines[i2])) !== null) {
|
|
29075
|
+
const openCh = m[1];
|
|
29076
|
+
const closeCh = openCh === "{" ? "}" : "]";
|
|
29077
|
+
let depth = 1;
|
|
29078
|
+
let li = i2;
|
|
29079
|
+
let col = m.index + m[0].length;
|
|
29080
|
+
let lineBudget = 500;
|
|
29081
|
+
const spanLines = [li + 1];
|
|
29082
|
+
let spanText = "";
|
|
29083
|
+
while (depth > 0 && li < lines.length && lineBudget > 0) {
|
|
29084
|
+
const ln = lines[li];
|
|
29085
|
+
let inStr = null;
|
|
29086
|
+
const start2 = col;
|
|
29087
|
+
while (col < ln.length && depth > 0) {
|
|
29088
|
+
const ch = ln[col];
|
|
29089
|
+
if (inStr !== null) {
|
|
29090
|
+
if (ch === "\\") {
|
|
29091
|
+
col += 2;
|
|
29092
|
+
continue;
|
|
29093
|
+
}
|
|
29094
|
+
if (ch === inStr) inStr = null;
|
|
29095
|
+
} else if (ch === '"' || ch === "'" || ch === "`") {
|
|
29096
|
+
inStr = ch;
|
|
29097
|
+
} else if (ch === openCh) {
|
|
29098
|
+
depth++;
|
|
29099
|
+
} else if (ch === closeCh) {
|
|
29100
|
+
depth--;
|
|
29101
|
+
}
|
|
29102
|
+
col++;
|
|
29103
|
+
}
|
|
29104
|
+
spanText += ln.substring(start2, col) + "\n";
|
|
29105
|
+
if (depth > 0) {
|
|
29106
|
+
li++;
|
|
29107
|
+
col = 0;
|
|
29108
|
+
lineBudget--;
|
|
29109
|
+
if (li < lines.length) spanLines.push(li + 1);
|
|
29110
|
+
}
|
|
29111
|
+
}
|
|
29112
|
+
STR_LITERAL_COUNT_RE.lastIndex = 0;
|
|
29113
|
+
let strCount = 0;
|
|
29114
|
+
while (STR_LITERAL_COUNT_RE.exec(spanText) !== null) {
|
|
29115
|
+
strCount++;
|
|
29116
|
+
if (strCount >= 3) break;
|
|
29117
|
+
}
|
|
29118
|
+
if (strCount >= 3) {
|
|
29119
|
+
for (const ln of spanLines) inArray.add(ln);
|
|
29120
|
+
}
|
|
29121
|
+
}
|
|
29122
|
+
}
|
|
29123
|
+
return inArray;
|
|
29124
|
+
}
|
|
29125
|
+
var FIELD_ASSIGN_RE = /(?:^|[\s,(])([A-Za-z_$][\w$]*)\s*[:=]\s*["'`]/;
|
|
29126
|
+
function extractEnclosingFieldName(lineText) {
|
|
29127
|
+
const m = FIELD_ASSIGN_RE.exec(lineText);
|
|
29128
|
+
return m ? m[1] : null;
|
|
29129
|
+
}
|
|
29014
29130
|
var TEST_CALL_RE = /\b(?:expect|assert|describe|it|test)\s*\(/;
|
|
29015
29131
|
var COMMENT_EXAMPLE_RE = /(?:\/\/|#)\s*(?:example|sample|test|fixture)/i;
|
|
29016
29132
|
var ScanSecretsPass = class {
|
|
@@ -29018,7 +29134,7 @@ var ScanSecretsPass = class {
|
|
|
29018
29134
|
category = "security";
|
|
29019
29135
|
run(ctx) {
|
|
29020
29136
|
const file = ctx.graph.ir.meta.file;
|
|
29021
|
-
if (isTestFile(file)) {
|
|
29137
|
+
if (isTestFile(file) || isGeneratedFile(file)) {
|
|
29022
29138
|
return { providerFindings: 0, entropyFindings: 0 };
|
|
29023
29139
|
}
|
|
29024
29140
|
const lines = ctx.code.split("\n");
|
|
@@ -29030,6 +29146,8 @@ var ScanSecretsPass = class {
|
|
|
29030
29146
|
seen.add(`${f.line}:${f.rule_id}`);
|
|
29031
29147
|
}
|
|
29032
29148
|
}
|
|
29149
|
+
const annotationLines = findAnnotationLineRanges(ctx.code);
|
|
29150
|
+
const arrayLines = findStringArrayLineRanges(ctx.code);
|
|
29033
29151
|
let providerFindings = 0;
|
|
29034
29152
|
let entropyFindings = 0;
|
|
29035
29153
|
for (let i2 = 0; i2 < lines.length; i2++) {
|
|
@@ -29090,11 +29208,14 @@ var ScanSecretsPass = class {
|
|
|
29090
29208
|
const lineNum = i2 + 1;
|
|
29091
29209
|
if (TEST_CALL_RE.test(lineText)) continue;
|
|
29092
29210
|
if (COMMENT_EXAMPLE_RE.test(lineText)) continue;
|
|
29211
|
+
if (annotationLines.has(lineNum)) continue;
|
|
29212
|
+
if (arrayLines.has(lineNum)) continue;
|
|
29093
29213
|
STRING_LITERAL_RE.lastIndex = 0;
|
|
29094
29214
|
let match;
|
|
29095
29215
|
while ((match = STRING_LITERAL_RE.exec(lineText)) !== null) {
|
|
29096
29216
|
const value = match[2];
|
|
29097
29217
|
if (!this.isCandidate(value)) continue;
|
|
29218
|
+
if (value.length < 32) continue;
|
|
29098
29219
|
if (!this.passesEntropyGate(value, lineText)) continue;
|
|
29099
29220
|
const key = `${lineNum}:hardcoded-credential-entropy`;
|
|
29100
29221
|
if (seen.has(key)) continue;
|
|
@@ -29132,17 +29253,25 @@ var ScanSecretsPass = class {
|
|
|
29132
29253
|
return true;
|
|
29133
29254
|
}
|
|
29134
29255
|
/**
|
|
29135
|
-
* Shannon-entropy gate
|
|
29136
|
-
*
|
|
29137
|
-
*
|
|
29138
|
-
*
|
|
29256
|
+
* Shannon-entropy gate (#125 Gate 4 — REQUIRED field-name match).
|
|
29257
|
+
*
|
|
29258
|
+
* The entropy layer emits ONLY when the enclosing assignment LHS
|
|
29259
|
+
* identifier matches a credential keyword (password / secret / token /
|
|
29260
|
+
* api_key / etc.). Without this requirement, the layer flagged every
|
|
29261
|
+
* high-entropy string — attribution keys, base64 resource blobs, public
|
|
29262
|
+
* encoding alphabets — as credentials. Provider patterns (Layer 1) and
|
|
29263
|
+
* named-credential matcher (Layer 1b) remain the recall safety net for
|
|
29264
|
+
* credentials that don't fit the `FIELD = "..."` shape.
|
|
29265
|
+
*
|
|
29266
|
+
* Base64-shaped strings need higher entropy than hex-shaped (hex alphabet
|
|
29267
|
+
* is 4 bits/char by construction).
|
|
29139
29268
|
*/
|
|
29140
29269
|
passesEntropyGate(value, lineText) {
|
|
29270
|
+
const fieldName = extractEnclosingFieldName(lineText);
|
|
29271
|
+
if (fieldName === null || !CREDENTIAL_NAME_RE.test(fieldName)) return false;
|
|
29141
29272
|
const isHex = HEXISH_RE.test(value);
|
|
29142
|
-
const
|
|
29143
|
-
|
|
29144
|
-
const h = shannonEntropy(value);
|
|
29145
|
-
return h >= threshold;
|
|
29273
|
+
const threshold = isHex ? 3.3 : 4.1;
|
|
29274
|
+
return shannonEntropy(value) >= threshold;
|
|
29146
29275
|
}
|
|
29147
29276
|
};
|
|
29148
29277
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "circle-ir",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.85.0",
|
|
4
4
|
"description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|