codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (455) hide show
  1. package/README.md +458 -0
  2. package/__tests__/cli-reporter.test.ts +86 -0
  3. package/__tests__/config-loader.test.ts +247 -0
  4. package/__tests__/local-scanner.test.ts +245 -0
  5. package/bin/codeslick.cjs +153 -0
  6. package/dist/packages/cli/src/commands/auth.d.ts +36 -0
  7. package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
  8. package/dist/packages/cli/src/commands/auth.js +226 -0
  9. package/dist/packages/cli/src/commands/auth.js.map +1 -0
  10. package/dist/packages/cli/src/commands/config.d.ts +37 -0
  11. package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
  12. package/dist/packages/cli/src/commands/config.js +196 -0
  13. package/dist/packages/cli/src/commands/config.js.map +1 -0
  14. package/dist/packages/cli/src/commands/init.d.ts +32 -0
  15. package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
  16. package/dist/packages/cli/src/commands/init.js +171 -0
  17. package/dist/packages/cli/src/commands/init.js.map +1 -0
  18. package/dist/packages/cli/src/commands/scan.d.ts +40 -0
  19. package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
  20. package/dist/packages/cli/src/commands/scan.js +204 -0
  21. package/dist/packages/cli/src/commands/scan.js.map +1 -0
  22. package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
  23. package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
  24. package/dist/packages/cli/src/config/config-loader.js +146 -0
  25. package/dist/packages/cli/src/config/config-loader.js.map +1 -0
  26. package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
  27. package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
  28. package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
  29. package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
  30. package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
  31. package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
  32. package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
  33. package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
  34. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
  35. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
  36. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
  37. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
  38. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
  39. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
  40. package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
  41. package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
  42. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
  43. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
  44. package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
  45. package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
  46. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
  47. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
  48. package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
  49. package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
  50. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
  51. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
  52. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
  53. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
  54. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
  55. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
  56. package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
  57. package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
  58. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
  59. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
  60. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
  61. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
  62. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
  63. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
  64. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
  65. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
  66. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
  67. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  68. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
  69. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
  70. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
  71. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
  72. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
  73. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
  74. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
  75. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
  76. package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
  77. package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
  78. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
  79. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
  80. package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
  81. package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
  82. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
  83. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
  84. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
  85. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
  86. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
  87. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
  88. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
  89. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
  90. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
  91. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
  92. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
  93. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
  94. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
  95. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
  96. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
  97. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
  98. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
  99. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
  100. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
  101. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
  102. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
  103. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
  104. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
  105. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
  106. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
  107. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
  108. package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
  109. package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
  110. package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
  111. package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
  112. package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
  113. package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
  114. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
  115. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
  116. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
  117. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
  118. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
  119. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
  120. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
  121. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
  122. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
  123. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
  124. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
  125. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
  126. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
  127. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
  128. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
  129. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
  130. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
  131. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
  132. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
  133. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
  134. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
  135. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
  136. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
  137. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
  138. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
  139. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
  140. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
  141. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
  142. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
  143. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
  144. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
  145. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
  146. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
  147. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
  148. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
  149. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
  150. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
  151. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  152. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
  153. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
  154. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
  155. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
  156. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
  157. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
  158. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
  159. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
  160. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
  161. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
  162. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
  163. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
  164. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
  165. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
  166. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
  167. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
  168. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
  169. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
  170. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
  171. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
  172. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
  173. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
  174. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
  175. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
  176. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
  177. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
  178. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
  179. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
  180. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
  181. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
  182. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
  183. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
  184. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
  185. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
  186. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
  187. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
  188. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
  189. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
  190. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
  191. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
  192. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
  193. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
  194. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
  195. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
  196. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
  197. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
  198. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
  199. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
  200. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
  201. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
  202. package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
  203. package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
  204. package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
  205. package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
  206. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
  207. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
  208. package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
  209. package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
  210. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
  211. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
  212. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
  213. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
  214. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
  215. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
  216. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
  217. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
  218. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
  219. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
  220. package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
  221. package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
  222. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
  223. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
  224. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
  225. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
  226. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
  227. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
  228. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
  229. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
  230. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
  231. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
  232. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
  233. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
  234. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
  235. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
  236. package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
  237. package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
  238. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
  239. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
  240. package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
  241. package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
  242. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
  243. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  244. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
  245. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
  246. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
  247. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
  248. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
  249. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
  250. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
  251. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
  252. package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
  253. package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
  254. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
  255. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
  256. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
  257. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
  258. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
  259. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
  260. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
  261. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
  262. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
  263. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
  264. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
  265. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
  266. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
  267. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
  268. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
  269. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
  270. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
  271. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
  272. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
  273. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
  274. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
  275. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
  276. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
  277. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
  278. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
  279. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
  280. package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
  281. package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
  282. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
  283. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
  284. package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
  285. package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
  286. package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
  287. package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
  288. package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
  289. package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
  290. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
  291. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
  292. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
  293. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
  294. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
  295. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
  296. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
  297. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
  298. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
  299. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
  300. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
  301. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
  302. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
  303. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
  304. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
  305. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
  306. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
  307. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
  308. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
  309. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
  310. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
  311. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
  312. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
  313. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
  314. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
  315. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
  316. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
  317. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
  318. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
  319. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
  320. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
  321. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
  322. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
  323. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
  324. package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
  325. package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
  326. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
  327. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
  328. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
  329. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
  330. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
  331. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
  332. package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
  333. package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
  334. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
  335. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
  336. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
  337. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
  338. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
  339. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
  340. package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
  341. package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
  342. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
  343. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
  344. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
  345. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
  346. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
  347. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
  348. package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
  349. package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
  350. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
  351. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
  352. package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
  353. package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
  354. package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
  355. package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
  356. package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
  357. package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
  358. package/dist/src/lib/analyzers/types.d.ts +92 -0
  359. package/dist/src/lib/analyzers/types.d.ts.map +1 -0
  360. package/dist/src/lib/analyzers/types.js +3 -0
  361. package/dist/src/lib/analyzers/types.js.map +1 -0
  362. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
  363. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
  364. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
  365. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
  366. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
  367. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
  368. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
  369. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
  370. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
  371. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
  372. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
  373. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
  374. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
  375. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
  376. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
  377. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
  378. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
  379. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
  380. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
  381. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
  382. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
  383. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
  384. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
  385. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
  386. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
  387. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  388. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
  389. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
  390. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
  391. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
  392. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
  393. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
  394. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
  395. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
  396. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
  397. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
  398. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
  399. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
  400. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
  401. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
  402. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
  403. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
  404. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
  405. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
  406. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
  407. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
  408. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
  409. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
  410. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
  411. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
  412. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
  413. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
  414. package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
  415. package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
  416. package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
  417. package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
  418. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
  419. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
  420. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
  421. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
  422. package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
  423. package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
  424. package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
  425. package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
  426. package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
  427. package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
  428. package/dist/src/lib/security/compliance-mapping.js +1342 -0
  429. package/dist/src/lib/security/compliance-mapping.js.map +1 -0
  430. package/dist/src/lib/security/severity-scoring.d.ts +47 -0
  431. package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
  432. package/dist/src/lib/security/severity-scoring.js +965 -0
  433. package/dist/src/lib/security/severity-scoring.js.map +1 -0
  434. package/dist/src/lib/standards/references.d.ts +16 -0
  435. package/dist/src/lib/standards/references.d.ts.map +1 -0
  436. package/dist/src/lib/standards/references.js +1161 -0
  437. package/dist/src/lib/standards/references.js.map +1 -0
  438. package/dist/src/lib/types/index.d.ts +167 -0
  439. package/dist/src/lib/types/index.d.ts.map +1 -0
  440. package/dist/src/lib/types/index.js +3 -0
  441. package/dist/src/lib/types/index.js.map +1 -0
  442. package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
  443. package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
  444. package/dist/src/lib/utils/code-cleaner.js +283 -0
  445. package/dist/src/lib/utils/code-cleaner.js.map +1 -0
  446. package/package.json +51 -0
  447. package/src/commands/auth.ts +308 -0
  448. package/src/commands/config.ts +226 -0
  449. package/src/commands/init.ts +202 -0
  450. package/src/commands/scan.ts +238 -0
  451. package/src/config/config-loader.ts +175 -0
  452. package/src/reporters/cli-reporter.ts +282 -0
  453. package/src/scanner/local-scanner.ts +250 -0
  454. package/tsconfig.json +24 -0
  455. package/tsconfig.tsbuildinfo +1 -0
package/dist/src/lib/analyzers/javascript/security-checks/access-control.js ADDED
@@ -0,0 +1,168 @@
1
+ "use strict";
2
+ /**
3
+ * JavaScript Access Control Security Checks
4
+ * OWASP A01:2025 - Broken Access Control
5
+ *
6
+ * Detects missing authentication and client-side authorization vulnerabilities.
7
+ * Phase 7B Week 3 Day 11: Cross-language access control checks
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.checkAccessControl = checkAccessControl;
11
+ const createVulnerability_1 = require("../utils/createVulnerability");
12
+ /**
13
+ * Checks for broken access control vulnerabilities in JavaScript code
14
+ *
15
+ * Covers:
16
+ * - Check #92: Missing authentication middleware on routes (HIGH)
17
+ * - Check #93: Client-side only authorization (HIGH)
18
+ * - Check #94: Insecure Direct Object Reference (IDOR) (HIGH) - NEW Dec 30, 2025
19
+ * - Check #95: Hardcoded role checks without server validation (MEDIUM) - NEW Dec 30, 2025
20
+ *
21
+ * @param lines - Array of code lines
22
+ * @returns Array of security vulnerabilities found
23
+ */
24
+ function checkAccessControl(lines) {
25
+ const vulnerabilities = [];
26
+ let inMultiLineComment = false;
27
+ lines.forEach((line, index) => {
28
+ const lineNumber = index + 1;
29
+ const trimmed = line.trim();
30
+ // Track multi-line comment blocks (/* ... */)
31
+ if (trimmed.includes('/*')) {
32
+ inMultiLineComment = true;
33
+ }
34
+ if (trimmed.includes('*/')) {
35
+ inMultiLineComment = false;
36
+ return;
37
+ }
38
+ // Skip comments and empty lines
39
+ if (!trimmed || inMultiLineComment || trimmed.startsWith('//') || trimmed.startsWith('*'))
40
+ return;
41
+ // OWASP A01:2025 - Broken Access Control
42
+ // Check #92: Missing authentication middleware - HIGH
43
+ // Pattern: app.get/post/put/delete/patch routes without authentication
44
+ // FIX (Dec 30, 2025): Remove /api/ restriction - check ALL routes, not just /api/* routes
45
+ const routePattern = /(app|router)\.(get|post|put|delete|patch)\s*\(\s*['"`]\//i;
46
+ const nextApiPattern = /export\s+default\s+(?:async\s+)?function\s+handler\s*\(/i;
47
+ if (trimmed.match(routePattern) || trimmed.match(nextApiPattern)) {
48
+ // Check if route has authentication middleware
49
+ const hasMiddleware = trimmed.includes('authenticate') ||
50
+ trimmed.includes('authMiddleware') ||
51
+ trimmed.includes('requireAuth') ||
52
+ trimmed.includes('isAuthenticated') ||
53
+ trimmed.includes('verifyToken') ||
54
+ trimmed.includes('checkAuth');
55
+ // Check next 15 lines for inline authentication check
56
+ const nextLines = lines.slice(index, Math.min(index + 15, lines.length));
57
+ const hasInlineAuthCheck = nextLines.some(l => {
58
+ const lowerLine = l.toLowerCase();
59
+ return (
60
+ // Check for !req.user or !req.session with 401/unauthorized
61
+ ((lowerLine.includes('!req.user') || lowerLine.includes('!req.session')) &&
62
+ (lowerLine.includes('401') || lowerLine.includes('unauthorized'))) ||
63
+ // Check for req.headers.authorization
64
+ lowerLine.includes('req.headers.authorization') ||
65
+ // Check for JWT verification
66
+ lowerLine.includes('verifytoken') ||
67
+ lowerLine.includes('jwt.verify') ||
68
+ // Check for req.user or req.session existence checks
69
+ (lowerLine.includes('if') && (lowerLine.includes('req.user') || lowerLine.includes('req.session'))));
70
+ });
71
+ if (!hasMiddleware && !hasInlineAuthCheck) {
72
+ vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('missing-authentication-middleware', 'API route missing authentication - allows unauthenticated access to protected resources', 'Add authentication middleware: app.get("/api/users", authenticate, handler) or check req.user in handler', lineNumber, 'API endpoints without authentication allow any user (including attackers) to access protected resources. This is a critical access control failure.', 'app.get("/api/users", (req, res) => res.json(users)); → Anyone can access /api/users without logging in', [
73
+ 'Unauthorized access to sensitive data',
74
+ 'Data breach from unauthenticated API access',
75
+ 'Account enumeration and information disclosure',
76
+ 'Business logic bypass',
77
+ 'Compliance violations (SOC 2, ISO 27001, GDPR)'
78
+ ], 'app.get("/api/users", (req, res) => {\n res.json(users); // No auth\n});', 'app.get("/api/users", authenticate, (req, res) => {\n res.json(users); // Protected\n});', 'All API routes accessing sensitive data must require authentication via middleware or inline checks'));
79
+ }
80
+ }
81
+ // OWASP A01:2025 - Broken Access Control
82
+ // Check #93: Client-side only authorization - HIGH
83
+ // Pattern: Authorization checks in client-side JavaScript (browser code)
84
+ // Common patterns: if (userRole === 'admin'), if (user.isAdmin), element.style.display based on role
85
+ const clientSideAuthPattern = /(if|&&|\|\|)\s*\(\s*(userRole|user\.role|user\.isAdmin|isAdmin|currentUser\.role)/i;
86
+ const uiTogglePattern = /\.style\.display\s*=|\.hidden\s*=|\.classList\.(add|remove|toggle)/i;
87
+ if (trimmed.match(clientSideAuthPattern)) {
88
+ // Check if this is followed by API call or UI toggle (client-side behavior)
89
+ const nextLines = lines.slice(index, Math.min(index + 5, lines.length));
90
+ const hasClientSideBehavior = nextLines.some(l => l.includes('fetch(') ||
91
+ l.includes('axios.') ||
92
+ l.match(uiTogglePattern) ||
93
+ l.includes('getElementById') ||
94
+ l.includes('querySelector'));
95
+ // Make sure this is NOT a server-side check (no req.user or res.status)
96
+ const isServerSide = nextLines.some(l => l.includes('req.user') ||
97
+ l.includes('res.status(403)') ||
98
+ l.includes('res.status(401)') ||
99
+ l.includes('return res.'));
100
+ if (hasClientSideBehavior && !isServerSide) {
101
+ vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('client-side-authorization', 'Authorization enforced only on client-side - can be bypassed by manipulating JavaScript', 'Move authorization logic to server-side: Validate user role in API endpoint, not in browser code', lineNumber, 'Client-side authorization can be easily bypassed by modifying JavaScript in browser DevTools or using direct API calls. Attackers can access admin features by changing local variables.', 'if (userRole === "admin") fetch("/api/admin/delete") → Attacker opens DevTools, sets userRole="admin", bypasses check', [
102
+ 'Complete authorization bypass via DevTools manipulation',
103
+ 'Privilege escalation (user → admin)',
104
+ 'Unauthorized access to admin features',
105
+ 'Data manipulation and deletion',
106
+ 'Business logic bypass',
107
+ 'False sense of security (UI hiding is not access control)'
108
+ ], 'if (userRole === "admin") {\n fetch("/api/admin/delete", { method: "POST" });\n}', 'fetch("/api/admin/delete", { method: "POST" }); // Server validates role\n\n// Server-side:\napp.post("/api/admin/delete", (req, res) => {\n if (req.user.role !== "admin") return res.status(403).send("Forbidden");\n // Perform delete\n});', 'Never rely on client-side checks for authorization. Always validate user permissions on the server before performing sensitive operations.'));
109
+ }
110
+ }
111
+ // OWASP A01:2025 - Broken Access Control
112
+ // Check #94: Insecure Direct Object Reference (IDOR) - HIGH
113
+ // Pattern: Database queries using req.params/req.query without ownership validation
114
+ // Examples: getUserById(req.params.id), findOne({ _id: req.query.userId })
115
+ const idorPattern = /(getUserById|findById|findOne|getById|deleteById|updateById|get\w+ById)\s*\(\s*(req\.params|req\.query|req\.body)/i;
116
+ const dbAccessPattern = /\.(find|findOne|update|delete|remove)\s*\(\s*\{\s*(_?id|userId|user_id|accountId|account_id)\s*:\s*(req\.params|req\.query|req\.body)/i;
117
+ if (trimmed.match(idorPattern) || trimmed.match(dbAccessPattern)) {
118
+ // Check if there's ownership validation in next 10 lines
119
+ const nextLines = lines.slice(index, Math.min(index + 10, lines.length));
120
+ const hasOwnershipCheck = nextLines.some(l => {
121
+ const lowerLine = l.toLowerCase();
122
+ return (
123
+ // Check for ownership validation patterns
124
+ (lowerLine.includes('if') && lowerLine.includes('user') && lowerLine.includes('!==')) ||
125
+ (lowerLine.includes('if') && lowerLine.includes('owner') && lowerLine.includes('!==')) ||
126
+ lowerLine.includes('checkOwnership') ||
127
+ lowerLine.includes('verifyOwner') ||
128
+ lowerLine.includes('isOwner') ||
129
+ (lowerLine.includes('403') || lowerLine.includes('forbidden')) ||
130
+ (lowerLine.includes('401') || lowerLine.includes('unauthorized')));
131
+ });
132
+ if (!hasOwnershipCheck) {
133
+ vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('insecure-direct-object-reference', 'IDOR: Direct object access without ownership validation - users can access others\' data', 'Validate ownership before accessing resources: if (resource.userId !== req.user.id) return res.status(403)', lineNumber, 'Insecure Direct Object References allow attackers to access, modify, or delete resources owned by other users by manipulating ID parameters. This is a critical access control failure.', 'app.get("/user/:userId", (req, res) => res.json(getUserById(req.params.userId))) → Attacker can access /user/123 to see any user\'s profile', [
134
+ 'Unauthorized access to other users\' data',
135
+ 'Privacy violations and data leaks (GDPR, CCPA)',
136
+ 'Horizontal privilege escalation',
137
+ 'Unauthorized data modification or deletion',
138
+ 'Account takeover via accessing sensitive user info',
139
+ 'Business logic bypass'
140
+ ], 'const user = getUserById(req.params.userId);\nres.json(user); // No ownership check', 'const user = getUserById(req.params.userId);\nif (user.id !== req.user.id) return res.status(403).send("Forbidden");\nres.json(user); // Ownership validated', 'Always validate that the authenticated user has permission to access the requested resource before returning it'));
141
+ }
142
+ }
143
+ // OWASP A01:2025 - Broken Access Control
144
+ // Check #95: Hardcoded role checks (privilege escalation risk) - MEDIUM
145
+ // Pattern: if (user.role === 'admin') in server-side code without proper RBAC
146
+ const hardcodedRolePattern = /(if|&&|\|\|)\s*\(\s*(req\.user\.role|user\.role|req\.session\.role)\s*(!==|===)\s*['"`](admin|superuser|root|administrator)['"]/i;
147
+ if (trimmed.match(hardcodedRolePattern)) {
148
+ // This is OK if followed by proper authorization response (403/401)
149
+ const nextLines = lines.slice(index, Math.min(index + 5, lines.length));
150
+ const hasProperAuth = nextLines.some(l => l.includes('res.status(403)') ||
151
+ l.includes('res.status(401)') ||
152
+ l.includes('return res.') ||
153
+ l.includes('throw new'));
154
+ // Flag if it's just an IF without proper auth enforcement
155
+ if (!hasProperAuth && !trimmed.includes('return')) {
156
+ vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('hardcoded-role-check', 'Hardcoded role check may be bypassable - use centralized RBAC middleware instead', 'Use centralized role-based access control (RBAC) middleware instead of scattered role checks', lineNumber, 'Hardcoded role checks scattered throughout code are error-prone and can be bypassed if not implemented consistently. Centralized RBAC middleware provides better security and maintainability.', 'if (req.user.role === "admin") { performAdminAction(); } → Inconsistent checks across codebase lead to bypasses', [
157
+ 'Privilege escalation via inconsistent role checks',
158
+ 'Authorization bypass if checks are incomplete',
159
+ 'Maintenance issues with scattered auth logic',
160
+ 'Role manipulation via session/token tampering',
161
+ 'Business logic bypass'
162
+ ], 'if (req.user.role === "admin") {\n performAdminAction();\n}', '// Use centralized RBAC middleware\napp.post("/admin/action", requireRole("admin"), (req, res) => {\n performAdminAction();\n});', 'Use centralized authorization middleware to enforce role-based access control consistently across all routes'));
163
+ }
164
+ }
165
+ });
166
+ return vulnerabilities;
167
+ }
168
+ //# sourceMappingURL=access-control.js.map
package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"access-control.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/access-control.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAiBH,gDAsNC;AApOD,sEAAqF;AAErF;;;;;;;;;;;GAWG;AACH,SAAgB,kBAAkB,CAChC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,8CAA8C;QAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO;QAElG,yCAAyC;QACzC,sDAAsD;QACtD,uEAAuE;QACvE,0FAA0F;QAC1F,MAAM,YAAY,GAAG,2DAA2D,CAAC;QACjF,MAAM,cAAc,GAAG,0DAA0D,CAAC;QAElF,IAAI,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;YACjE,+CAA+C;YAC/C,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;gBACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC/B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEnD,sDAAsD;YACtD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,kBAAkB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC5C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO;gBACL,4DAA4D;gBAC5D,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBACvE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;oBACnE,sCAAsC;oBACtC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,CAAC;oBAC/C,6BAA6B;oBAC7B,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACjC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;oBAChC,qDAAqD;oBACrD,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CACpG,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,aAAa,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC1C,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,mCAAmC,EACnC,yFAAyF,EACzF,0GAA0G,EAC1G,UAAU,EACV,qJAAqJ,EACrJ,yGAAyG,EACzG;oBACE,uCAAuC;oBACvC,6CAA6C;oBAC7C,gDAAgD;oBAChD,uBAAuB;oBACvB,gDAAgD;iBACjD,EACD,2EAA2E,EAC3E,2FAA2F,EAC3F,qGAAqG,CACtG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,mDAAmD;QACnD,yEAAyE;QACzE,qGAAqG;QACrG,MAAM,qBAAqB,GAAG,oFAAoF,CAAC;QACnH,MAAM,eAAe,GAAG,qEAAqE,CAAC;QAE9F,IAAI,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACzC,4EAA4E;YAC5E,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACxE,MAAM,qBAAqB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC/C,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACpB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACpB,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAC5B,CAAC;YAEF,wEAAwE;YACxE,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACtC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACtB,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAC1B,CAAC;YAEF,IAAI,qBAAqB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,2BAA2B,EAC3B,yFAAyF,EACzF,kGAAkG,EAClG,UAAU,EACV,0LAA0L,EAC1L,uHAAuH,EACvH;oBACE,yDAAyD;oBACzD,qCAAqC;oBACrC,uCAAuC;oBACvC,gCAAgC;oBAChC,uBAAuB;oBACvB,2DAA2D;iBAC5D,EACD,mFAAmF,EACnF,kPAAkP,EAClP,4IAA4I,CAC7I,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,4DAA4D;QAC5D,oFAAoF;QACpF,2EAA2E;QAC3E,MAAM,WAAW,GAAG,oHAAoH,CAAC;QACzI,MAAM,eAAe,GAAG,wIAAwI,CAAC;QAEjK,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;YACjE,yDAAyD;YACzD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC3C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO;gBACL,0CAA0C;gBAC1C,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBACrF,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBACtF,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBACpC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACjC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAC7B,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;oBAC9D,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAClE,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,kCAAkC,EAClC,0FAA0F,EAC1F,4GAA4G,EAC5G,UAAU,EACV,yLAAyL,EACzL,6IAA6I,EAC7I;oBACE,2CAA2C;oBAC3C,gDAAgD;oBAChD,iCAAiC;oBACjC,4CAA4C;oBAC5C,oDAAoD;oBACpD,uBAAuB;iBACxB,EACD,qFAAqF,EACrF,8JAA8J,EAC9J,iHAAiH,CAClH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,wEAAwE;QACxE,8EAA8E;QAC9E,MAAM,oBAAoB,GAAG,kIAAkI,CAAC;QAEhK,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACxC,oEAAoE;YACpE,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACxE,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACvC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACzB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CACxB,CAAC;YAEF,0DAA0D;YAC1D,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClD,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,sBAAsB,EACtB,kFAAkF,EAClF,8FAA8F,EAC9F,UAAU,EACV,gMAAgM,EAChM,iHAAiH,EACjH;oBACE,mDAAmD;oBACnD,+CAA+C;oBAC/C,8CAA8C;oBAC9C,+CAA+C;oBAC/C,uBAAuB;iBACxB,EACD,8DAA8D,EAC9D,mIAAmI,EACnI,8GAA8G,CAC/G,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts ADDED
@@ -0,0 +1,25 @@
1
+ /**
2
+ * JavaScript AI-Generated Code Detection Module
3
+ *
4
+ * Detects AI-generated code patterns as SECURITY RISKS:
5
+ * - 15 hallucination patterns (language confusion, method typos)
6
+ * - 8 code smell heuristics (over-engineering, inconsistency)
7
+ * - Confidence scoring (HIGH/MEDIUM/LOW)
8
+ *
9
+ * OWASP A04:2025 - Insecure Design
10
+ * CWE-1120 - Excessive Code Complexity
11
+ * CWE-758 - Reliance on Undefined Behavior
12
+ *
13
+ * Phase 1.5, Week 5-7 (AI-Generated Code Detection)
14
+ * Created: January 8, 2026
15
+ */
16
+ import { SecurityVulnerability } from '../../types';
17
+ /**
18
+ * Detect AI-generated code in JavaScript
19
+ *
20
+ * @param lines - Array of code lines
21
+ * @param filename - Optional filename (to skip test files)
22
+ * @returns Array of security vulnerabilities (0-1 aggregated vulnerability)
23
+ */
24
+ export declare function checkAIGeneratedCode(lines: string[], filename?: string): SecurityVulnerability[];
25
+ //# sourceMappingURL=ai-generated-code.d.ts.map
package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ai-generated-code.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/ai-generated-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AA0GpD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,EACf,QAAQ,CAAC,EAAE,MAAM,GAChB,qBAAqB,EAAE,CAuJzB"}
package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js ADDED
@@ -0,0 +1,232 @@
1
+ "use strict";
2
+ /**
3
+ * JavaScript AI-Generated Code Detection Module
4
+ *
5
+ * Detects AI-generated code patterns as SECURITY RISKS:
6
+ * - 15 hallucination patterns (language confusion, method typos)
7
+ * - 8 code smell heuristics (over-engineering, inconsistency)
8
+ * - Confidence scoring (HIGH/MEDIUM/LOW)
9
+ *
10
+ * OWASP A04:2025 - Insecure Design
11
+ * CWE-1120 - Excessive Code Complexity
12
+ * CWE-758 - Reliance on Undefined Behavior
13
+ *
14
+ * Phase 1.5, Week 5-7 (AI-Generated Code Detection)
15
+ * Created: January 8, 2026
16
+ */
17
+ Object.defineProperty(exports, "__esModule", { value: true });
18
+ exports.checkAIGeneratedCode = checkAIGeneratedCode;
19
+ const createVulnerability_1 = require("../utils/createVulnerability");
20
+ const ai_code_detection_utils_1 = require("../../helpers/ai-code-detection-utils");
21
+ /**
22
+ * JavaScript hallucination patterns (15 patterns)
23
+ *
24
+ * AI code generators hallucinate methods from other languages:
25
+ * - Python influence: .append(), .strip(), .len()
26
+ * - Case sensitivity errors: .toUppercase(), .toLowercase()
27
+ * - Non-existent methods: .contains(), .remove(), .split_by()
28
+ */
29
+ const HALLUCINATION_PATTERNS = new Map([
30
+ // Python-style methods in JavaScript
31
+ ['append', {
32
+ correct: '.push()',
33
+ description: 'JavaScript arrays use .push(), not .append(). This is a Python method.'
34
+ }],
35
+ ['strip', {
36
+ correct: '.trim()',
37
+ description: 'JavaScript strings use .trim(), not .strip(). This is a Python method.'
38
+ }],
39
+ ['len', {
40
+ correct: '.length',
41
+ description: 'JavaScript uses .length property, not .len() method. This is Python/Rust syntax.'
42
+ }],
43
+ ['split_by', {
44
+ correct: '.split()',
45
+ description: 'Non-existent method. JavaScript uses .split() with camelCase naming.'
46
+ }],
47
+ // Case sensitivity errors (common AI typos)
48
+ ['toUppercase', {
49
+ correct: '.toUpperCase()',
50
+ description: 'Case sensitivity error. Correct method is .toUpperCase() with capital C.'
51
+ }],
52
+ ['toLowercase', {
53
+ correct: '.toLowerCase()',
54
+ description: 'Case sensitivity error. Correct method is .toLowerCase() with capital C.'
55
+ }],
56
+ // Non-existent methods (hallucinations)
57
+ ['contains', {
58
+ correct: '.includes()',
59
+ description: 'JavaScript arrays/strings use .includes(), not .contains(). This is Java syntax.'
60
+ }],
61
+ ['remove', {
62
+ correct: '.splice() or .filter()',
63
+ description: 'Arrays do not have .remove() method. Use .splice() or .filter().'
64
+ }],
65
+ ['replace_all', {
66
+ correct: '.replaceAll()',
67
+ description: 'Incorrect method name. JavaScript uses camelCase: .replaceAll().'
68
+ }],
69
+ ['substring_of', {
70
+ correct: '.includes()',
71
+ description: 'Non-existent method. Use .includes() to check if string contains substring.'
72
+ }],
73
+ ['to_string', {
74
+ correct: '.toString()',
75
+ description: 'JavaScript uses camelCase: .toString(), not snake_case to_string().'
76
+ }],
77
+ ['is_empty', {
78
+ correct: '.length === 0',
79
+ description: 'No .is_empty() method. Check .length property instead. This is Rust/Python syntax.'
80
+ }],
81
+ // Rust/Python influence
82
+ ['size', {
83
+ correct: '.length or .size()',
84
+ description: 'Arrays use .length property. Maps/Sets use .size property (not method).'
85
+ }],
86
+ // Java influence
87
+ ['indexOf', {
88
+ correct: '.indexOf() or .findIndex()',
89
+ description: 'Method exists but often misused. Consider .findIndex() for complex searches.'
90
+ }],
91
+ // String method confusion
92
+ ['charAt', {
93
+ correct: '[index]',
94
+ description: 'Modern JavaScript prefers bracket notation [index] over .charAt().'
95
+ }],
96
+ ]);
97
+ /**
98
+ * Detect AI-generated code in JavaScript
99
+ *
100
+ * @param lines - Array of code lines
101
+ * @param filename - Optional filename (to skip test files)
102
+ * @returns Array of security vulnerabilities (0-1 aggregated vulnerability)
103
+ */
104
+ function checkAIGeneratedCode(lines, filename) {
105
+ // Skip test files to reduce false positives
106
+ if ((0, ai_code_detection_utils_1.isTestFile)(filename)) {
107
+ return [];
108
+ }
109
+ let hallucinationCount = 0;
110
+ const hallucinationLines = new Set();
111
+ const detectedPatterns = [];
112
+ // Combined regex for all 15 hallucination patterns (optimized)
113
+ const combinedPattern = new RegExp('\\.' +
114
+ '(append|strip|len|split_by|toUppercase|toLowercase|contains|remove|' +
115
+ 'replace_all|substring_of|to_string|is_empty|size|indexOf|charAt)' +
116
+ '\\s*\\(', 'g');
117
+ let inMultiLineComment = false;
118
+ // 1. Detect hallucination patterns
119
+ lines.forEach((line, index) => {
120
+ const lineNumber = index + 1;
121
+ const trimmed = line.trim();
122
+ // Track multi-line comments (/* ... */)
123
+ if (trimmed.includes('/*'))
124
+ inMultiLineComment = true;
125
+ if (trimmed.includes('*/')) {
126
+ inMultiLineComment = false;
127
+ return;
128
+ }
129
+ // Skip comments and empty lines
130
+ if (!trimmed || inMultiLineComment || trimmed.startsWith('//'))
131
+ return;
132
+ // Remove string literals and template literals to avoid false positives
133
+ const cleanedLine = (0, ai_code_detection_utils_1.removeCommentsAndStrings)(line, 'javascript');
134
+ // Match hallucination patterns
135
+ const matches = Array.from(cleanedLine.matchAll(combinedPattern));
136
+ for (const match of matches) {
137
+ const method = match[1];
138
+ const details = HALLUCINATION_PATTERNS.get(method);
139
+ if (details) {
140
+ hallucinationCount++;
141
+ hallucinationLines.add(lineNumber);
142
+ detectedPatterns.push(method);
143
+ }
144
+ }
145
+ });
146
+ // 2. Run heuristic detectors
147
+ const heuristicScores = {
148
+ overEngineeredErrors: (0, ai_code_detection_utils_1.detectOverEngineeredErrorHandling)(lines),
149
+ unnecessaryWrappers: (0, ai_code_detection_utils_1.detectUnnecessaryWrappers)(lines),
150
+ verboseComments: (0, ai_code_detection_utils_1.detectVerboseComments)(lines),
151
+ mixedNaming: (0, ai_code_detection_utils_1.detectMixedNamingConventions)(lines),
152
+ redundantNullChecks: (0, ai_code_detection_utils_1.detectRedundantNullChecks)(lines),
153
+ unnecessaryAsync: (0, ai_code_detection_utils_1.detectUnnecessaryAsync)(lines),
154
+ genericVariables: (0, ai_code_detection_utils_1.detectGenericVariableOveruse)(lines),
155
+ inconsistentStrings: (0, ai_code_detection_utils_1.detectInconsistentStringConcatenation)(lines),
156
+ };
157
+ // 3. Calculate confidence and severity
158
+ const detection = (0, ai_code_detection_utils_1.calculateAICodeConfidence)(hallucinationCount, heuristicScores);
159
+ if (!detection) {
160
+ return []; // No AI-generated code detected
161
+ }
162
+ // 4. Create aggregated vulnerability
163
+ const categoryId = detection.severity === 'CRITICAL' ? 'ai-generated-code-high' :
164
+ detection.severity === 'HIGH' ? 'ai-generated-code-medium' :
165
+ 'ai-generated-code-low';
166
+ // Build message based on detection type
167
+ let message = `AI-generated code detected (${detection.confidence} confidence): `;
168
+ if (hallucinationCount > 0) {
169
+ message += `${hallucinationCount} hallucinated method(s) found`;
170
+ if (detectedPatterns.length > 0) {
171
+ const uniquePatterns = Array.from(new Set(detectedPatterns)).slice(0, 3);
172
+ message += ` (.${uniquePatterns.join(', .')})`;
173
+ }
174
+ }
175
+ else {
176
+ message += 'Multiple code smell patterns detected (over-engineering, inconsistent naming, etc.)';
177
+ }
178
+ // Build suggestion
179
+ const suggestion = hallucinationCount > 0
180
+ ? `Replace hallucinated methods with correct JavaScript equivalents. Found: ${Array.from(new Set(detectedPatterns)).map(p => `.${p}()`).join(', ')}. Review and rewrite AI-generated code sections.`
181
+ : 'Simplify code structure, use consistent naming conventions (camelCase), and follow JavaScript idioms. Remove unnecessary async functions, redundant null checks, and over-engineered error handling.';
182
+ // Find first occurrence line for reporting
183
+ const reportLine = hallucinationLines.size > 0
184
+ ? Math.min(...hallucinationLines)
185
+ : 1; // Use first line if only heuristics detected
186
+ // Get first detected pattern details for remediation example
187
+ const firstPattern = detectedPatterns[0];
188
+ const firstPatternDetails = firstPattern ? HALLUCINATION_PATTERNS.get(firstPattern) : null;
189
+ return [
190
+ (0, createVulnerability_1.createJavaScriptSecurityVulnerability)({
191
+ category: categoryId,
192
+ severity: detection.severity.toLowerCase(),
193
+ confidence: detection.confidence,
194
+ message,
195
+ line: reportLine,
196
+ suggestion,
197
+ owasp: 'A04:2025 - Insecure Design',
198
+ cwe: 'CWE-1120, CWE-758',
199
+ pciDss: '6.5',
200
+ remediation: {
201
+ explanation: 'AI code generators (like GitHub Copilot, ChatGPT, Claude) can hallucinate non-existent methods or generate over-engineered patterns. ' +
202
+ 'This creates reliability issues and potential security vulnerabilities. Hallucinated methods cause runtime errors that expose stack traces with ' +
203
+ 'sensitive information. Over-engineered code patterns make security audits difficult, hiding real vulnerabilities. ' +
204
+ 'Always verify AI-generated code matches language specifications and follows security best practices.',
205
+ before: firstPatternDetails
206
+ ? `array.${firstPattern}(item) // Hallucinated method`
207
+ : '// Over-engineered or inconsistent code patterns\n// Example: try { ... } catch (e) { if (...) { if (...) { if (...) { } } } }',
208
+ after: firstPatternDetails
209
+ ? `array${firstPatternDetails.correct} // Correct JavaScript`
210
+ : '// Simplified, idiomatic code following JavaScript conventions\n// Example: try { ... } catch (e) { logError(e); throw e; }',
211
+ },
212
+ attackVector: {
213
+ description: 'AI-generated code with hallucinated methods creates runtime TypeError exceptions exposing system internals through stack traces. ' +
214
+ 'Attackers can trigger these errors repeatedly to map application structure and identify vulnerable endpoints. ' +
215
+ 'Inconsistent code patterns make security reviews difficult, allowing real vulnerabilities to hide among AI-generated noise. ' +
216
+ 'Over-engineered error handling may leak sensitive information in catch blocks.',
217
+ exploitExample: "User triggers: array.append(item)\n" +
218
+ "Result: TypeError: array.append is not a function\n" +
219
+ "Stack trace reveals: Internal file paths, function names, database schema hints\n" +
220
+ "Attacker uses this to map application architecture and plan targeted attacks.",
221
+ realWorldImpact: [
222
+ 'Runtime errors revealing sensitive stack traces with internal paths',
223
+ 'Logic bugs in access control or validation code (AI-generated if statements)',
224
+ 'Performance degradation from inefficient AI-generated loops and algorithms',
225
+ 'Maintenance burden: Developers spend hours debugging AI hallucinations',
226
+ 'Hidden security vulnerabilities masked by over-engineered code patterns',
227
+ ],
228
+ },
229
+ })
230
+ ];
231
+ }
232
+ //# sourceMappingURL=ai-generated-code.js.map
package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ai-generated-code.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/ai-generated-code.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAmHH,oDA0JC;AA1QD,sEAAqF;AACrF,mFAY+C;AAU/C;;;;;;;GAOG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAA+B;IACnE,qCAAqC;IACrC,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACF,CAAC,OAAO,EAAE;YACR,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACF,CAAC,KAAK,EAAE;YACN,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,kFAAkF;SAChG,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,UAAU;YACnB,WAAW,EAAE,sEAAsE;SACpF,CAAC;IAEF,4CAA4C;IAC5C,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,0EAA0E;SACxF,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,0EAA0E;SACxF,CAAC;IAEF,wCAAwC;IACxC,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,kFAAkF;SAChG,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,wBAAwB;YACjC,WAAW,EAAE,kEAAkE;SAChF,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,kEAAkE;SAChF,CAAC;IACF,CAAC,cAAc,EAAE;YACf,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IACF,CAAC,WAAW,EAAE;YACZ,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,qEAAqE;SACnF,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,oFAAoF;SAClG,CAAC;IAEF,wBAAwB;IACxB,CAAC,MAAM,EAAE;YACP,OAAO,EAAE,oBAAoB;YAC7B,WAAW,EAAE,yEAAyE;SACvF,CAAC;IAEF,iBAAiB;IACjB,CAAC,SAAS,EAAE;YACV,OAAO,EAAE,4BAA4B;YACrC,WAAW,EAAE,8EAA8E;SAC5F,CAAC;IAEF,0BAA0B;IAC1B,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,oEAAoE;SAClF,CAAC;CACH,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAClC,KAAe,EACf,QAAiB;IAEjB,4CAA4C;IAC5C,IAAI,IAAA,oCAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC7C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,+DAA+D;IAC/D,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,KAAK;QACL,qEAAqE;QACrE,kEAAkE;QAClE,SAAS,EACT,GAAG,CACJ,CAAC;IAEF,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,wCAAwC;QACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,kBAAkB,GAAG,IAAI,CAAC;QACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO;QAEvE,wEAAwE;QACxE,MAAM,WAAW,GAAG,IAAA,kDAAwB,EAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAEjE,+BAA+B;QAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;QAElE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,OAAO,EAAE,CAAC;gBACZ,kBAAkB,EAAE,CAAC;gBACrB,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACnC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,eAAe,GAAG;QACtB,oBAAoB,EAAE,IAAA,2DAAiC,EAAC,KAAK,CAAC;QAC9D,mBAAmB,EAAE,IAAA,mDAAyB,EAAC,KAAK,CAAC;QACrD,eAAe,EAAE,IAAA,+CAAqB,EAAC,KAAK,CAAC;QAC7C,WAAW,EAAE,IAAA,sDAA4B,EAAC,KAAK,CAAC;QAChD,mBAAmB,EAAE,IAAA,mDAAyB,EAAC,KAAK,CAAC;QACrD,gBAAgB,EAAE,IAAA,gDAAsB,EAAC,KAAK,CAAC;QAC/C,gBAAgB,EAAE,IAAA,sDAA4B,EAAC,KAAK,CAAC;QACrD,mBAAmB,EAAE,IAAA,+DAAqC,EAAC,KAAK,CAAC;KAClE,CAAC;IAEF,uCAAuC;IACvC,MAAM,SAAS,GAAG,IAAA,mDAAyB,EAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IAEjF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,CAAC,CAAC,gCAAgC;IAC7C,CAAC;IAED,qCAAqC;IACrC,MAAM,UAAU,GACd,SAAS,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;QAC9D,SAAS,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC;YAC5D,uBAAuB,CAAC;IAE1B,wCAAwC;IACxC,IAAI,OAAO,GAAG,+BAA+B,SAAS,CAAC,UAAU,gBAAgB,CAAC;IAElF,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,GAAG,kBAAkB,+BAA+B,CAAC;QAChE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,OAAO,IAAI,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;QACjD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,qFAAqF,CAAC;IACnG,CAAC;IAED,mBAAmB;IACnB,MAAM,UAAU,GAAG,kBAAkB,GAAG,CAAC;QACvC,CAAC,CAAC,4EAA4E,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,kDAAkD;QACpM,CAAC,CAAC,sMAAsM,CAAC;IAE3M,2CAA2C;IAC3C,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC;QACjC,CAAC,CAAC,CAAC,CAAC,CAAC,6CAA6C;IAEpD,6DAA6D;IAC7D,MAAM,YAAY,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzC,MAAM,mBAAmB,GAAG,YAAY,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3F,OAAO;QACL,IAAA,2DAAqC,EAAC;YACpC,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAoC;YAC5E,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,OAAO;YACP,IAAI,EAAE,UAAU;YAChB,UAAU;YACV,KAAK,EAAE,4BAA4B;YACnC,GAAG,EAAE,mBAAmB;YACxB,MAAM,EAAE,KAAK;YACb,WAAW,EAAE;gBACX,WAAW,EACT,uIAAuI;oBACvI,kJAAkJ;oBAClJ,oHAAoH;oBACpH,sGAAsG;gBACxG,MAAM,EAAE,mBAAmB;oBACzB,CAAC,CAAC,SAAS,YAAY,gCAAgC;oBACvD,CAAC,CAAC,gIAAgI;gBACpI,KAAK,EAAE,mBAAmB;oBACxB,CAAC,CAAC,QAAQ,mBAAmB,CAAC,OAAO,yBAAyB;oBAC9D,CAAC,CAAC,6HAA6H;aAClI;YACD,YAAY,EAAE;gBACZ,WAAW,EACT,mIAAmI;oBACnI,gHAAgH;oBAChH,8HAA8H;oBAC9H,gFAAgF;gBAClF,cAAc,EACZ,qCAAqC;oBACrC,qDAAqD;oBACrD,mFAAmF;oBACnF,+EAA+E;gBACjF,eAAe,EAAE;oBACf,qEAAqE;oBACrE,8EAA8E;oBAC9E,4EAA4E;oBAC5E,wEAAwE;oBACxE,yEAAyE;iBAC1E;aACF;SACF,CAAC;KACH,CAAC;AACJ,CAAC"}
package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts ADDED
@@ -0,0 +1,27 @@
1
+ /**
2
+ * JavaScript Authentication Failures Security Checks
3
+ * OWASP A07:2025 - Identification and Authentication Failures
4
+ *
5
+ * Detects missing MFA/2FA and lack of rate limiting on authentication endpoints.
6
+ * Phase 7B Week 3 Day 11: Cross-language authentication checks
7
+ */
8
+ import { SecurityVulnerability } from '../../types';
9
+ /**
10
+ * Checks for authentication failure vulnerabilities in JavaScript code
11
+ *
12
+ * Covers (Enhanced Dec 30, 2025 - Phase 2):
13
+ * - Check #94: Missing MFA/2FA on login endpoints (MEDIUM)
14
+ * - Check #95: No rate limiting on login routes (MEDIUM)
15
+ * - Check #96: Plain-text password storage (CRITICAL) - NEW
16
+ * - Check #97: Weak password comparison (HIGH) - NEW
17
+ * - Check #98: Missing password hashing (CRITICAL) - NEW
18
+ * - Check #99: Session fixation vulnerability (HIGH) - NEW
19
+ * - Check #100: JWT without expiration (HIGH) - NEW
20
+ * - Check #101: Insecure session timeout (MEDIUM) - NEW
21
+ * - Check #102: Weak password requirements (LOW) - NEW
22
+ *
23
+ * @param lines - Array of code lines
24
+ * @returns Array of security vulnerabilities found
25
+ */
26
+ export declare function checkAuthenticationFailures(lines: string[]): SecurityVulnerability[];
27
+ //# sourceMappingURL=authentication-failures.d.ts.map
package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authentication-failures.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/authentication-failures.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,EAAE,CAiUzB"}