codeslick-cli 1.0.0

package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-misconfiguration.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/security-misconfiguration.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAqBH,sEAq0BC;AAv1BD,sEAAqF;AAErF;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,6BAA6B,CAC3C,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,iBAAiB,GAAG,KAAK,CAAC,CAAC,iCAAiC;IAChE,IAAI,eAAe,GAAG,KAAK,CAAC,CAAC,0CAA0C;IACvE,IAAI,aAAa,GAAG,KAAK,CAAC,CAAC,6BAA6B;IACxD,IAAI,WAAW,GAAG,KAAK,CAAC,CAAC,6BAA6B;IAEtD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,wDAAwD;QACxD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC;YAC5B,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,iCAAiC;QACjC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACpH,eAAe,GAAG,IAAI,CAAC;QACzB,CAAC;QAED,6BAA6B;QAC7B,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;YACnI,aAAa,GAAG,IAAI,CAAC;QACvB,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YACtI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAChG,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,mEAAmE;QACnE,uGAAuG;QACvG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC1D,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACpE,CAAC,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACrE,CAAC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YAC9E,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACpF,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9F,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,qDAAqD;gBAC9D,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,8EAA8E;gBAC1F,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,yEAAyE;oBACtF,MAAM,EAAE,+BAA+B;oBACvC,KAAK,EAAE,sDAAsD;iBAC9D;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,+FAA+F;oBAC5G,eAAe,EAAE;wBACf,+CAA+C;wBAC/C,+CAA+C;wBAC/C,6CAA6C;wBAC7C,uCAAuC;qBACxC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,kFAAkF;QAClF,sFAAsF;QACtF,MAAM,aAAa,GAAG,+CAA+C,CAAC,IAAI,CAAC,WAAW,CAAC;YACjE,oDAAoD,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7F,MAAM,gBAAgB,GAAG,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpE,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAElG,IAAI,aAAa,IAAI,gBAAgB,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,yCAAyC;gBAClD,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,yEAAyE;gBACrF,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,kGAAkG;oBAC/G,MAAM,EAAE,iCAAiC;oBACzC,KAAK,EAAE,kEAAkE;iBAC1E;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,mFAAmF;oBAChG,eAAe,EAAE;wBACf,+CAA+C;wBAC/C,+BAA+B;wBAC/B,4CAA4C;wBAC5C,iCAAiC;qBAClC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC1B,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC5B,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YACxF,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;gBAC1E,SAAS,CAAC,QAAQ,CAAC,6BAA6B,CAAC;gBACjD,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC9D,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,mDAAmD;gBAC5D,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,2CAA2C;gBACvD,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,6DAA6D;oBAC1E,MAAM,EAAE,gCAAgC;oBACxC,KAAK,EAAE,2DAA2D;iBACnE;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,4EAA4E;oBACzF,eAAe,EAAE;wBACf,2CAA2C;wBAC3C,sCAAsC;wBACtC,8CAA8C;wBAC9C,wCAAwC;qBACzC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,mDAAmD;QACnD,wEAAwE;QACxE,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC3D,CAAC,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAChF,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,sEAAsE;gBAClF,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,QAAQ;gBACb,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,6EAA6E;oBAC1F,MAAM,EAAE,wCAAwC;oBAChD,KAAK,EAAE,2DAA2D;iBACnE;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,qEAAqE;oBAClF,eAAe,EAAE;wBACf,+CAA+C;wBAC/C,4CAA4C;wBAC5C,wCAAwC;wBACxC,kCAAkC;qBACnC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,sEAAsE;QACtE,IAAI,aAAa,IAAI,WAAW,IAAI,CAAC,eAAe,EAAE,CAAC;YACrD,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,QAAQ;gBACpB,OAAO,EAAE,qDAAqD;gBAC9D,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,0EAA0E;gBACtF,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,+GAA+G;oBAC5H,MAAM,EAAE,wCAAwC;oBAChD,KAAK,EAAE,sJAAsJ;iBAC9J;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,yDAAyD;oBACtE,eAAe,EAAE;wBACf,8BAA8B;wBAC9B,6BAA6B;wBAC7B,mCAAmC;wBACnC,yBAAyB;wBACzB,eAAe;qBAChB;iBACF;aACF,CAAC,CACH,CAAC;YACF,mBAAmB;YACnB,WAAW,GAAG,KAAK,CAAC;QACtB,CAAC;QAED,2CAA2C;QAC3C,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC7B,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACpE,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,uCAAuC;gBAChD,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,sDAAsD;gBAClE,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,8EAA8E;oBAC3F,MAAM,EAAE,kEAAkE;oBAC1E,KAAK,EAAE,gEAAgE;iBACxE;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,wEAAwE;oBACrF,eAAe,EAAE;wBACf,gDAAgD;wBAChD,sCAAsC;wBACtC,wCAAwC;wBACxC,0CAA0C;qBAC3C;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC9D,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAChE,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC9B,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACpE,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAC9D,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAChE,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;oBAC1E,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC1E,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,qDAAqD;gBAC9D,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,+EAA+E;gBAC3F,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,sEAAsE;oBACnF,MAAM,EAAE,0DAA0D;oBAClE,KAAK,EAAE,+EAA+E;iBACvF;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,sEAAsE;oBACnF,eAAe,EAAE;wBACf,4BAA4B;wBAC5B,2CAA2C;wBAC3C,oCAAoC;wBACpC,iCAAiC;qBAClC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,8CAA8C;QAC9C,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvG,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACxC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACrD,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACtD,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvD,yFAAyF;oBACzF,MAAM,iBAAiB,GACrB,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC;wBACnC,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC9B,WAAW,CAAC,QAAQ,CAAC,cAAc,CAAC;wBACpC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC;wBAClC,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC;wBACjC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;oBAErC,IAAI,CAAC,iBAAiB,EAAE,CAAC;wBACvB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;4BACpC,QAAQ,EAAE,2BAA2B;4BACrC,QAAQ,EAAE,MAAM;4BAChB,UAAU,EAAE,QAAQ;4BACpB,OAAO,EAAE,0DAA0D;4BACrE,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,UAAU,EAAE,yEAAyE;4BACrF,KAAK,EAAE,UAAU;4BACjB,GAAG,EAAE,SAAS;4BACd,MAAM,EAAE,iBAAiB;4BACzB,WAAW,EAAE;gCACX,WAAW,EAAE,+DAA+D;gCAC5E,MAAM,EAAE,0CAA0C;gCAClD,KAAK,EAAE,6EAA6E;6BACrF;4BACD,YAAY,EAAE;gCACZ,WAAW,EAAE,gEAAgE;gCAC7E,eAAe,EAAE;oCACf,oCAAoC;oCACpC,8BAA8B;oCAC9B,2BAA2B;oCAC3B,iCAAiC;iCAClC;6BACF;yBACF,CAAC,CACH,CAAC;oBACF,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC7B,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC;YACpF,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,QAAQ;gBACpB,OAAO,EAAE,oEAAoE;gBAC7E,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,sEAAsE;gBAClF,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,QAAQ;gBACb,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,kFAAkF;oBAC/F,MAAM,EAAE,2BAA2B;oBACnC,KAAK,EAAE,2EAA2E;iBACnF;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,8EAA8E;oBAC3F,eAAe,EAAE;wBACf,qCAAqC;wBACrC,6CAA6C;wBAC7C,kCAAkC;wBAClC,0CAA0C;qBAC3C;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,8DAA8D;QAC9D,IAAI,SAAS,CAAC,KAAK,CAAC,mCAAmC,CAAC,EAAE,CAAC;YACzD,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,SAAS,CAAC;YACrF,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,sBAAsB,MAAM,6CAA6C;gBAClF,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,WAAW,MAAM,qDAAqD;gBAClF,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,QAAQ;gBACb,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,GAAG,MAAM,sFAAsF;oBAC5G,MAAM,EAAE,OAAO,MAAM,CAAC,WAAW,EAAE,uCAAuC;oBAC1E,KAAK,EAAE,aAAa,MAAM,2GAA2G,MAAM,CAAC,WAAW,EAAE,yBAAyB;iBACnL;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,GAAG,MAAM,oEAAoE;oBAC1F,eAAe,EAAE;wBACf,uDAAuD;wBACvD,kCAAkC;wBAClC,sCAAsC;wBACtC,sCAAsC;qBACvC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,gFAAgF;QAChF,mEAAmE;QACnE,gFAAgF;QAEhF,0DAA0D;QAC1D,oCAAoC;QACpC,MAAM,gBAAgB,GAAG,GAAG,EAAE;YAC5B,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpC,2BAA2B;gBAC3B,IAAI,WAAW,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnF,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,4CAA4C;gBAC5C,MAAM,SAAS,GAAG,EAAE,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClC,IAAI,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC/E,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,iCAAiC;oBACjC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC3D,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,IAAI,gBAAgB,EAAE,EAAE,CAAC;YACvB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,uFAAuF;gBAChG,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,mCAAmC;gBAC/C,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,qLAAqL;oBAClM,MAAM,EAAE,oDAAoD;oBAC5D,KAAK,EAAE,kLAAkL;iBAC1L;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,+DAA+D;oBAC5E,eAAe,EAAE;wBACf,oCAAoC;wBACpC,kCAAkC;wBAClC,mBAAmB;wBACnB,kBAAkB;wBAClB,sBAAsB;qBACvB;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,2DAA2D;QAC3D,MAAM,iBAAiB,GAAG,GAAG,EAAE;YAC7B,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpC,2BAA2B;gBAC3B,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClE,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,4CAA4C;gBAC5C,MAAM,SAAS,GAAG,EAAE,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC9D,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,iCAAiC;oBACjC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC3D,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,IAAI,iBAAiB,EAAE,EAAE,CAAC;YACxB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,6EAA6E;gBACtF,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,8CAA8C;gBAC1D,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,0JAA0J;oBACvK,MAAM,EAAE,mCAAmC;oBAC3C,KAAK,EAAE,gHAAgH;iBACxH;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,0DAA0D;oBACvE,eAAe,EAAE;wBACf,2BAA2B;wBAC3B,uBAAuB;wBACvB,mBAAmB;wBACnB,kBAAkB;wBAClB,uBAAuB;qBACxB;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,mEAAmE;QACnE,yDAAyD;QACzD,MAAM,qBAAqB,GAAG,GAAG,EAAE;YACjC,MAAM,SAAS,GAAG,EAAE,CAAC;YACrB,IAAI,kBAAkB,GAAG,KAAK,CAAC;YAE/B,gDAAgD;YAChD,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpC,uDAAuD;gBACvD,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBACvE,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;wBACnC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;wBACjC,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;wBAC7F,kBAAkB,GAAG,IAAI,CAAC;wBAC1B,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,kBAAkB,CAAC;QAC5B,CAAC,CAAC;QAEF,IAAI,qBAAqB,EAAE,EAAE,CAAC;YAC5B,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;gBACpC,QAAQ,EAAE,2BAA2B;gBACrC,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,sEAAsE;gBAC/E,IAAI,EAAE,KAAK,GAAG,CAAC;gBACf,UAAU,EAAE,8DAA8D;gBAC1E,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,iBAAiB;gBACzB,WAAW,EAAE;oBACX,WAAW,EAAE,4LAA4L;oBACzM,MAAM,EAAE,oHAAoH;oBAC5H,KAAK,EAAE,kLAAkL;iBAC1L;gBACD,YAAY,EAAE;oBACZ,WAAW,EAAE,oEAAoE;oBACjF,eAAe,EAAE;wBACf,uCAAuC;wBACvC,yBAAyB;wBACzB,uBAAuB;wBACvB,qCAAqC;qBACtC;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,gFAAgF;QAChF,qDAAqD;QACrD,gFAAgF;QAEhF,8BAA8B;QAC9B,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAClE,iBAAiB,GAAG,IAAI,CAAC;QAC3B,CAAC;QAED,8DAA8D;QAC9D,MAAM,kBAAkB,GAAG,WAAW,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAC/E,IAAI,kBAAkB,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YAEnD,8CAA8C;YAC9C,MAAM,gBAAgB,GACpB,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC9B,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC/B,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACjC,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACjC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAChC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC/B,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC/B,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAElC,IAAI,gBAAgB,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;oBACpC,QAAQ,EAAE,2BAA2B;oBACrC,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,MAAM;oBAClB,OAAO,EAAE,8BAA8B,MAAM,mDAAmD;oBAChG,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,UAAU,EAAE,8DAA8D;oBAC1E,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,WAAW,EAAE;wBACX,WAAW,EAAE,2MAA2M;wBACxN,MAAM,EAAE,OAAO,kBAAkB,CAAC,CAAC,CAAC,uCAAuC;wBAC3E,KAAK,EAAE,4GAA4G,kBAAkB,CAAC,CAAC,CAAC,uDAAuD;qBAChM;oBACD,YAAY,EAAE;wBACZ,WAAW,EAAE,2EAA2E;wBACxF,eAAe,EAAE;4BACf,8DAA8D;4BAC9D,qCAAqC;4BACrC,gCAAgC;4BAChC,8BAA8B;yBAC/B;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACrE,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,kFAAkF;YAClF,IAAI,WAAW,GAAG,KAAK,CAAC;YACxB,MAAM,SAAS,GAAG,EAAE,CAAC;YACrB,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClC,WAAW,GAAG,IAAI,CAAC;oBACnB,MAAM;gBACR,CAAC;gBACD,uDAAuD;gBACvD,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzD,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;oBACpC,QAAQ,EAAE,2BAA2B;oBACrC,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,MAAM;oBAClB,OAAO,EAAE,gEAAgE;oBACzE,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,UAAU,EAAE,qEAAqE;oBACjF,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,WAAW,EAAE;wBACX,WAAW,EAAE,yMAAyM;wBACtN,MAAM,EAAE,oEAAoE;wBAC5E,KAAK,EAAE,wGAAwG;qBAChH;oBACD,YAAY,EAAE;wBACZ,WAAW,EAAE,0EAA0E;wBACvF,eAAe,EAAE;4BACf,2CAA2C;4BAC3C,6CAA6C;4BAC7C,uDAAuD;yBACxD;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,kEAAkE;QAClE,gFAAgF;QAEhF,wDAAwD;QACxD,qEAAqE;QACrE,+CAA+C;QAC/C,MAAM,sBAAsB,GAAG,uDAAuD,CAAC;QAEvF,IAAI,WAAW,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC9C,yCAAyC;YACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,yBAAyB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACnD,MAAM,aAAa,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,OAAO,CACL,CAAC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;oBAC1E,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC;wBAC5E,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,eAAe,CAAC;wBAChF,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CACrE,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,yBAAyB,EAAE,CAAC;gBAC9B,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;oBACpC,QAAQ,EAAE,2BAA2B;oBACrC,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,MAAM;oBAClB,OAAO,EAAE,6DAA6D;oBACtE,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,UAAU,EAAE,gFAAgF;oBAC5F,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,WAAW,EAAE;wBACX,WAAW,EAAE,+NAA+N;wBAC5O,MAAM,EAAE,6EAA6E;wBACrF,KAAK,EAAE,2KAA2K;qBACnL;oBACD,YAAY,EAAE;wBACZ,WAAW,EAAE,+FAA+F;wBAC5G,eAAe,EAAE;4BACf,4CAA4C;4BAC5C,0CAA0C;4BAC1C,4CAA4C;4BAC5C,wCAAwC;4BACxC,wCAAwC;4BACxC,sDAAsD;yBACvD;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yEAAyE;QACzE,uFAAuF;QACvF,MAAM,oBAAoB,GAAG,wEAAwE,CAAC;QAEtG,IAAI,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC5C,kDAAkD;YAClD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,oBAAoB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC9C,MAAM,aAAa,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,OAAO,CACL,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACrC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACrC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAClC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC,CAClC,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,oBAAoB,EAAE,CAAC;gBACzB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;oBACpC,QAAQ,EAAE,2BAA2B;oBACrC,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,MAAM;oBAClB,OAAO,EAAE,gFAAgF;oBACzF,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,UAAU,EAAE,8EAA8E;oBAC1F,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,WAAW,EAAE;wBACX,WAAW,EAAE,2KAA2K;wBACxL,MAAM,EAAE,mFAAmF;wBAC3F,KAAK,EAAE,0NAA0N;qBAClO;oBACD,YAAY,EAAE;wBACZ,WAAW,EAAE,4FAA4F;wBACzG,eAAe,EAAE;4BACf,+BAA+B;4BAC/B,iCAAiC;4BACjC,gCAAgC;4BAChC,8BAA8B;4BAC9B,mCAAmC;4BACnC,qCAAqC;yBACtC;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,uDAAuD;QACvD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAC9E,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YAChF,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9D,CAAC,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC/B,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAElC,uCAAuC;YACvC,MAAM,mBAAmB,GAAG,WAAW,CAAC,KAAK,CAAC,qCAAqC,CAAC;gBACvD,WAAW,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAE9F,IAAI,mBAAmB,EAAE,CAAC;gBACxB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EAAC;oBACpC,QAAQ,EAAE,2BAA2B;oBACrC,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,QAAQ;oBACpB,OAAO,EAAE,kEAAkE;oBAC3E,IAAI,EAAE,KAAK,GAAG,CAAC;oBACf,UAAU,EAAE,+DAA+D;oBAC3E,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,WAAW,EAAE;wBACX,WAAW,EAAE,6FAA6F;wBAC1G,MAAM,EAAE,uCAAuC;wBAC/C,KAAK,EAAE,+EAA+E;qBACvF;oBACD,YAAY,EAAE;wBACZ,WAAW,EAAE,4EAA4E;wBACzF,eAAe,EAAE;4BACf,yBAAyB;4BACzB,qBAAqB;4BACrB,+BAA+B;4BAC/B,uBAAuB;yBACxB;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts

@@ -0,0 +1,25 @@
+/**
+ * JavaScript Software and Data Integrity Security Checks
+ * OWASP A08:2025 - Software and Data Integrity Failures
+ *
+ * Detects missing integrity verification for code, packages, and data.
+ * This category covers supply chain attacks, unsigned code, and missing integrity checks.
+ *
+ * Created: Dec 30, 2025
+ * Purpose: Detect software integrity vulnerabilities that enable supply chain attacks
+ */
+import { SecurityVulnerability } from '../../types';
+/**
+ * Checks for software integrity vulnerabilities in JavaScript code
+ *
+ * Covers:
+ * - Check #1: Dynamic code loading without integrity verification (HIGH)
+ * - Check #2: Missing Subresource Integrity (SRI) for CDN scripts (MEDIUM)
+ * - Check #3: Package installation without lock files (MEDIUM)
+ * - Check #4: Downloading executable code from HTTP (not HTTPS) (HIGH)
+ *
+ * @param lines - Array of code lines
+ * @returns Array of security vulnerabilities found
+ */
+export declare function checkSoftwareIntegrity(lines: string[]): SecurityVulnerability[];
+//# sourceMappingURL=software-integrity.d.ts.map

package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"software-integrity.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/software-integrity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,EAAE,CAoPzB"}

package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js

@@ -0,0 +1,168 @@
+"use strict";
+/**
+ * JavaScript Software and Data Integrity Security Checks
+ * OWASP A08:2025 - Software and Data Integrity Failures
+ *
+ * Detects missing integrity verification for code, packages, and data.
+ * This category covers supply chain attacks, unsigned code, and missing integrity checks.
+ *
+ * Created: Dec 30, 2025
+ * Purpose: Detect software integrity vulnerabilities that enable supply chain attacks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSoftwareIntegrity = checkSoftwareIntegrity;
+const createVulnerability_1 = require("../utils/createVulnerability");
+/**
+ * Checks for software integrity vulnerabilities in JavaScript code
+ *
+ * Covers:
+ * - Check #1: Dynamic code loading without integrity verification (HIGH)
+ * - Check #2: Missing Subresource Integrity (SRI) for CDN scripts (MEDIUM)
+ * - Check #3: Package installation without lock files (MEDIUM)
+ * - Check #4: Downloading executable code from HTTP (not HTTPS) (HIGH)
+ *
+ * @param lines - Array of code lines
+ * @returns Array of security vulnerabilities found
+ */
+function checkSoftwareIntegrity(lines) {
+    const vulnerabilities = [];
+    let inMultiLineComment = false;
+    lines.forEach((line, index) => {
+        const trimmedLine = line.trim();
+        // Track multi-line comment blocks (/* ... */)
+        if (trimmedLine.includes('/*')) {
+            inMultiLineComment = true;
+        }
+        if (trimmedLine.includes('*/')) {
+            inMultiLineComment = false;
+            return;
+        }
+        // Skip comments and empty lines
+        if (!trimmedLine ||
+            inMultiLineComment ||
+            trimmedLine.startsWith('//') ||
+            trimmedLine.startsWith('*')) {
+            return;
+        }
+        const lowerLine = trimmedLine.toLowerCase();
+        // Check #1: Dynamic script loading without integrity check
+        // Pattern: Loading external scripts dynamically via createElement, require(), import()
+        const dynamicScriptPattern = /createElement\s*\(\s*['"`]script/i;
+        const dynamicImportPattern = /import\s*\(\s*['"`]http/i;
+        const requirePattern = /require\s*\(\s*['"`]http/i;
+        if (trimmedLine.match(dynamicScriptPattern) ||
+            trimmedLine.match(dynamicImportPattern) ||
+            trimmedLine.match(requirePattern)) {
+            // Check for integrity attribute in next few lines
+            const nextLines = lines.slice(index, Math.min(index + 10, lines.length));
+            const hasIntegrityCheck = nextLines.some(l => {
+                const lowerNextLine = l.toLowerCase();
+                return (lowerNextLine.includes('integrity') ||
+                    lowerNextLine.includes('sha256') ||
+                    lowerNextLine.includes('sha384') ||
+                    lowerNextLine.includes('sha512') ||
+                    lowerNextLine.includes('checksum') ||
+                    lowerNextLine.includes('hash'));
+            });
+            if (!hasIntegrityCheck) {
+                vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('dynamic-script-no-integrity', 'Dynamic script loading without integrity verification - vulnerable to supply chain attacks', 'Add Subresource Integrity (SRI) hash to verify script integrity: script.integrity = "sha384-..."', index + 1, 'Loading external scripts without integrity verification allows attackers to inject malicious code if the CDN is compromised or the connection is intercepted.', 'const script = document.createElement("script"); script.src = "https://cdn.com/lib.js"; → CDN compromise injects malicious code', [
+                    'Supply chain attacks via CDN compromise',
+                    'Man-in-the-middle code injection',
+                    'Remote code execution from tampered scripts',
+                    'Data theft via malicious code',
+                    'Cryptojacking and malware distribution'
+                ], 'const script = document.createElement("script");\nscript.src = "https://cdn.com/lib.js";\ndocument.body.appendChild(script);', 'const script = document.createElement("script");\nscript.src = "https://cdn.com/lib.js";\nscript.integrity = "sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/ux...";\nscript.crossOrigin = "anonymous";\ndocument.body.appendChild(script);', 'Always verify integrity of dynamically loaded scripts using SRI hashes to prevent supply chain attacks.'));
+            }
+        }
+        // Check #2: Missing SRI in HTML script tags loaded from CDN
+        // Pattern: <script src="https://cdn.com/lib.js"></script> (without integrity attribute)
+        const scriptTagPattern = /<script\s+src\s*=\s*['"`]https?:\/\/(cdn|unpkg|jsdelivr|cdnjs)/i;
+        if (trimmedLine.match(scriptTagPattern)) {
+            // Check if the same line or next line has integrity attribute
+            const hasIntegrity = trimmedLine.includes('integrity') ||
+                (index + 1 < lines.length && lines[index + 1].includes('integrity'));
+            if (!hasIntegrity) {
+                vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('missing-sri-cdn', 'CDN script without Subresource Integrity (SRI) - vulnerable if CDN is compromised', 'Add integrity attribute with SRI hash: <script src="..." integrity="sha384-..." crossorigin="anonymous">', index + 1, 'Scripts loaded from CDNs without SRI can be tampered with if the CDN is compromised or the connection is intercepted, allowing arbitrary code execution.', '<script src="https://cdn.com/jquery.js"></script> → If CDN is hacked, malicious code executes on your site', [
+                    'CDN compromise enables code injection',
+                    'Supply chain attacks',
+                    'Malicious code execution on all pages',
+                    'Session hijacking and data theft',
+                    'SEO poisoning and defacement'
+                ], '<script src="https://cdn.com/jquery.min.js"></script>', '<script src="https://cdn.com/jquery.min.js"\n        integrity="sha384-tsQFqpEReu7ZLhBV2VZlAu7zcOV+rXbYlF2cq..."\n        crossorigin="anonymous"></script>', 'Use SRI for all scripts loaded from third-party CDNs to prevent supply chain attacks.'));
+            }
+        }
+        // Check #3: Downloading executable code from external sources
+        // Pattern: fetch("http://example.com/code.js").then(code => eval(code))
+        // Pattern: downloading .js, .wasm, .jar files from URLs
+        const downloadCodePattern = /(fetch|axios\.get|http\.get|https\.get|request)\s*\(\s*['"`]http.*\.(js|wasm|jar|exe|dll|so)/i;
+        const downloadThenEvalPattern = /fetch.*\.then.*eval|axios.*\.then.*eval|http\.get.*eval/i;
+        if (trimmedLine.match(downloadCodePattern) || trimmedLine.match(downloadThenEvalPattern)) {
+            // Check for integrity verification
+            const nextLines = lines.slice(index, Math.min(index + 15, lines.length));
+            const hasVerification = nextLines.some(l => {
+                const lowerNextLine = l.toLowerCase();
+                return (lowerNextLine.includes('verify') ||
+                    lowerNextLine.includes('checksum') ||
+                    lowerNextLine.includes('hash') ||
+                    lowerNextLine.includes('signature') ||
+                    lowerNextLine.includes('integrity') ||
+                    lowerNextLine.includes('sha256') ||
+                    lowerNextLine.includes('sha384') ||
+                    lowerNextLine.includes('sha512'));
+            });
+            if (!hasVerification) {
+                vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('unverified-code-download', 'Downloading and executing code without integrity verification - enables remote code injection', 'Verify code integrity using cryptographic hashes before execution', index + 1, 'Downloading and executing code from external sources without integrity verification allows attackers to inject malicious code through man-in-the-middle attacks or compromised servers.', 'fetch("http://cdn.com/plugin.js").then(r => r.text()).then(code => eval(code)) → MITM attacker injects malicious code', [
+                    'Remote code execution from tampered downloads',
+                    'Supply chain attacks',
+                    'Man-in-the-middle code injection',
+                    'Malware installation',
+                    'Complete application compromise'
+                ], 'fetch("http://example.com/plugin.js")\n  .then(r => r.text())\n  .then(code => eval(code));', '// Verify integrity before execution\nconst expectedHash = "sha256-abc123...";\nfetch("https://example.com/plugin.js")\n  .then(r => r.text())\n  .then(async code => {\n    const hash = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(code));\n    if (hash !== expectedHash) throw new Error("Integrity check failed");\n    eval(code);\n  });', 'Always verify code integrity using cryptographic hashes before executing downloaded code.'));
+            }
+        }
+        // Check #4: HTTP (not HTTPS) for code/package downloads
+        // Pattern: Loading scripts, packages, or code from HTTP URLs (not HTTPS)
+        const httpCodePattern = /(fetch|axios|http\.get|request|import|require|script\.src\s*=)\s*.*['"`]http:\/\/.*\.(js|json|wasm|jar)/i;
+        if (trimmedLine.match(httpCodePattern)) {
+            vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('http-code-download', 'Downloading code over HTTP (not HTTPS) - vulnerable to man-in-the-middle attacks', 'Use HTTPS for all code downloads to prevent tampering', index + 1, 'Downloading code over unencrypted HTTP connections allows attackers to intercept and modify the code in transit, injecting malicious payloads.', 'fetch("http://cdn.com/lib.js") → Network attacker intercepts and injects crypto-mining malware', [
+                'Man-in-the-middle code injection',
+                'Malware distribution',
+                'Remote code execution',
+                'Data theft via injected code',
+                'Cryptojacking'
+            ], 'fetch("http://cdn.com/library.js")', 'fetch("https://cdn.com/library.js") // Use HTTPS', 'Always use HTTPS for downloading code, packages, and scripts to prevent man-in-the-middle tampering.'));
+        }
+        // Check #5: npm install without package-lock.json (mentioned in code comments or documentation)
+        // This is more of a project-level check, so we look for documentation about missing lock files
+        if (lowerLine.includes('npm install') && lowerLine.includes('no-save')) {
+            vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('npm-no-lock', 'npm install with --no-save skips lock file - enables dependency confusion attacks', 'Remove --no-save flag to generate package-lock.json for reproducible builds', index + 1, 'Installing npm packages without generating a lock file allows package versions to change between installs, enabling dependency confusion and supply chain attacks.', 'npm install --no-save package → Next install may fetch compromised version', [
+                'Dependency confusion attacks',
+                'Supply chain compromise',
+                'Non-reproducible builds',
+                'Version tampering',
+                'Malicious package substitution'
+            ], 'npm install --no-save lodash', 'npm install lodash // Generates package-lock.json', 'Always use lock files (package-lock.json, yarn.lock) to ensure reproducible and secure dependency installations.'));
+        }
+        // Check #6: Unsigned/unverified package installations
+        // Pattern: Using npm/yarn without signature verification
+        if ((lowerLine.includes('npm install') || lowerLine.includes('yarn add')) &&
+            !lowerLine.includes('--verify-signatures') &&
+            !lowerLine.includes('--integrity')) {
+            // Only flag if it's installing from a non-standard registry or specific package
+            const isNonStandardRegistry = lowerLine.includes('--registry') ||
+                lowerLine.includes('http://') ||
+                lowerLine.includes('https://registry.npmjs.org') === false;
+            if (isNonStandardRegistry) {
+                vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('unverified-package-install', 'Installing packages from non-standard registry without signature verification', 'Use npm audit signatures or verify package integrity before installation', index + 1, 'Installing packages from non-standard registries without signature verification allows attackers to substitute malicious packages.', 'npm install --registry=http://malicious.com package → Installs compromised version', [
+                    'Malicious package installation',
+                    'Supply chain attacks',
+                    'Backdoor injection',
+                    'Code execution via compromised dependencies',
+                    'Data exfiltration'
+                ], 'npm install --registry=http://custom-registry.com package', 'npm install --registry=https://custom-registry.com package\nnpm audit signatures // Verify package integrity', 'Use package signature verification and trusted registries to prevent supply chain attacks.'));
+            }
+        }
+    });
+    return vulnerabilities;
+}
+//# sourceMappingURL=software-integrity.js.map

package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"software-integrity.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/software-integrity.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAiBH,wDAsPC;AApQD,sEAAqF;AAErF;;;;;;;;;;;GAWG;AACH,SAAgB,sBAAsB,CACpC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,8CAA8C;QAC9C,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC;YAC5B,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,2DAA2D;QAC3D,uFAAuF;QACvF,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;QACjE,MAAM,oBAAoB,GAAG,0BAA0B,CAAC;QACxD,MAAM,cAAc,GAAG,2BAA2B,CAAC;QAEnD,IAAI,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC;YACvC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC;YACvC,WAAW,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;YAEtC,kDAAkD;YAClD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC3C,MAAM,aAAa,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,OAAO,CACL,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACnC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAClC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC/B,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,6BAA6B,EAC7B,4FAA4F,EAC5F,kGAAkG,EAClG,KAAK,GAAG,CAAC,EACT,+JAA+J,EAC/J,iIAAiI,EACjI;oBACE,yCAAyC;oBACzC,kCAAkC;oBAClC,6CAA6C;oBAC7C,+BAA+B;oBAC/B,wCAAwC;iBACzC,EACD,8HAA8H,EAC9H,sOAAsO,EACtO,yGAAyG,CAC1G,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,wFAAwF;QACxF,MAAM,gBAAgB,GAAG,iEAAiE,CAAC;QAE3F,IAAI,WAAW,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACxC,8DAA8D;YAC9D,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC;gBACpD,CAAC,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAEvE,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,iBAAiB,EACjB,mFAAmF,EACnF,0GAA0G,EAC1G,KAAK,GAAG,CAAC,EACT,0JAA0J,EAC1J,4GAA4G,EAC5G;oBACE,uCAAuC;oBACvC,sBAAsB;oBACtB,uCAAuC;oBACvC,kCAAkC;oBAClC,8BAA8B;iBAC/B,EACD,uDAAuD,EACvD,6JAA6J,EAC7J,uFAAuF,CACxF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,wEAAwE;QACxE,wDAAwD;QACxD,MAAM,mBAAmB,GAAG,+FAA+F,CAAC;QAC5H,MAAM,uBAAuB,GAAG,0DAA0D,CAAC;QAE3F,IAAI,WAAW,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,CAAC;YACzF,mCAAmC;YACnC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACzC,MAAM,aAAa,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,OAAO,CACL,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAClC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC9B,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACnC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACnC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACjC,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,0BAA0B,EAC1B,+FAA+F,EAC/F,mEAAmE,EACnE,KAAK,GAAG,CAAC,EACT,yLAAyL,EACzL,uHAAuH,EACvH;oBACE,+CAA+C;oBAC/C,sBAAsB;oBACtB,kCAAkC;oBAClC,sBAAsB;oBACtB,iCAAiC;iBAClC,EACD,6FAA6F,EAC7F,qWAAqW,EACrW,2FAA2F,CAC5F,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,yEAAyE;QACzE,MAAM,eAAe,GAAG,0GAA0G,CAAC;QAEnI,IAAI,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,oBAAoB,EACpB,kFAAkF,EAClF,uDAAuD,EACvD,KAAK,GAAG,CAAC,EACT,gJAAgJ,EAChJ,gGAAgG,EAChG;gBACE,kCAAkC;gBAClC,sBAAsB;gBACtB,uBAAuB;gBACvB,8BAA8B;gBAC9B,eAAe;aAChB,EACD,oCAAoC,EACpC,kDAAkD,EAClD,sGAAsG,CACvG,CACF,CAAC;QACJ,CAAC;QAED,gGAAgG;QAChG,+FAA+F;QAC/F,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvE,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,aAAa,EACb,mFAAmF,EACnF,6EAA6E,EAC7E,KAAK,GAAG,CAAC,EACT,oKAAoK,EACpK,4EAA4E,EAC5E;gBACE,8BAA8B;gBAC9B,yBAAyB;gBACzB,yBAAyB;gBACzB,mBAAmB;gBACnB,gCAAgC;aACjC,EACD,8BAA8B,EAC9B,mDAAmD,EACnD,kHAAkH,CACnH,CACF,CAAC;QACJ,CAAC;QAED,sDAAsD;QACtD,yDAAyD;QACzD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACrE,CAAC,SAAS,CAAC,QAAQ,CAAC,qBAAqB,CAAC;YAC1C,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAEvC,gFAAgF;YAChF,MAAM,qBAAqB,GAAG,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC/B,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC7B,SAAS,CAAC,QAAQ,CAAC,4BAA4B,CAAC,KAAK,KAAK,CAAC;YAE1F,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,4BAA4B,EAC5B,+EAA+E,EAC/E,0EAA0E,EAC1E,KAAK,GAAG,CAAC,EACT,oIAAoI,EACpI,oFAAoF,EACpF;oBACE,gCAAgC;oBAChC,sBAAsB;oBACtB,oBAAoB;oBACpB,6CAA6C;oBAC7C,mBAAmB;iBACpB,EACD,2DAA2D,EAC3D,8GAA8G,EAC9G,4FAA4F,CAC7F,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts

@@ -0,0 +1,27 @@
+/**
+ * JavaScript Storage Security Detection Module
+ *
+ * Detects insecure data storage vulnerabilities:
+ * - localStorage/sessionStorage for sensitive data
+ * - Missing security flags on cookies
+ * - Insecure data transmission
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module storage-security
+ */
+import { SecurityVulnerability } from '../../types';
+/**
+ * Type for createSecurityVulnerability function
+ */
+export type CreateVulnerabilityFn = (id: string, message: string, fix: string, lineNumber: number, explanation: string, example: string, impacts: string[], codeExample: string, fixedCodeExample: string, fixDetails: string) => SecurityVulnerability;
+/**
+ * Check for storage security vulnerabilities in JavaScript code
+ *
+ * @param code - Full source code
+ * @param createVulnerability - Function to create vulnerability objects
+ * @returns Array of detected vulnerabilities
+ */
+export declare function checkStorageSecurity(code: string, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability[];
+//# sourceMappingURL=storage-security.d.ts.map

package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage-security.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/storage-security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,CAClC,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EAAE,EACjB,WAAW,EAAE,MAAM,EACnB,gBAAgB,EAAE,MAAM,EACxB,UAAU,EAAE,MAAM,KACf,qBAAqB,CAAC;AAE3B;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,EACZ,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,EAAE,CA+JzB"}

package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * JavaScript Storage Security Detection Module
+ *
+ * Detects insecure data storage vulnerabilities:
+ * - localStorage/sessionStorage for sensitive data
+ * - Missing security flags on cookies
+ * - Insecure data transmission
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module storage-security
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkStorageSecurity = checkStorageSecurity;
+/**
+ * Check for storage security vulnerabilities in JavaScript code
+ *
+ * @param code - Full source code
+ * @param createVulnerability - Function to create vulnerability objects
+ * @returns Array of detected vulnerabilities
+ */
+function checkStorageSecurity(code, createVulnerability) {
+    const vulnerabilities = [];
+    const lines = code.split('\n');
+    let inMultiLineComment = false;
+    lines.forEach((line, index) => {
+        const lineNumber = index + 1;
+        const trimmed = line.trim();
+        // Track multi-line comment blocks
+        if (trimmed.includes('/*')) {
+            inMultiLineComment = true;
+        }
+        if (trimmed.includes('*/')) {
+            inMultiLineComment = false;
+            return;
+        }
+        // Skip comments and empty lines
+        if (!trimmed || inMultiLineComment || trimmed.startsWith('//') || trimmed.startsWith('*')) {
+            return;
+        }
+        // OWASP A02:2021 - Cryptographic Failures
+        // 1. localStorage for sensitive data - MEDIUM
+        if (trimmed.match(/localStorage\.(setItem|set)\([^)]*(?:token|password|key|secret)/i)) {
+            vulnerabilities.push(createVulnerability('insecure-storage', 'localStorage is not secure for sensitive data', 'Use httpOnly cookies or server-side sessions', lineNumber, 'localStorage is accessible to any JavaScript on the page, making it vulnerable to XSS attacks. Stored data persists indefinitely.', 'localStorage.setItem("authToken", token) // Accessible to any script, vulnerable to XSS', [
+                'Token theft via XSS',
+                'Credential exposure',
+                'No protection from malicious scripts',
+                'Data persists across sessions (privacy issue)'
+            ], 'localStorage.setItem("authToken", jwtToken);', '// Server-side: Set httpOnly cookie (not accessible to JavaScript)\nres.cookie("authToken", jwtToken, { httpOnly: true, secure: true, sameSite: "strict" });', 'Store sensitive data server-side or in httpOnly cookies. Use sessionStorage for temporary data, but never for sensitive information'));
+        }
+        // 2. sessionStorage for sensitive data - MEDIUM
+        if (trimmed.match(/sessionStorage\.(setItem|set)\([^)]*(?:token|password|key|secret)/i)) {
+            vulnerabilities.push(createVulnerability('insecure-storage', 'sessionStorage is vulnerable to XSS attacks', 'Use httpOnly cookies or server-side sessions', lineNumber, 'sessionStorage is accessible to any JavaScript on the page, making it vulnerable to XSS attacks. While it clears on tab close, it\'s still exposed during the session.', 'sessionStorage.setItem("authToken", token) // Accessible to any script, vulnerable to XSS', [
+                'Token theft via XSS',
+                'Credential exposure',
+                'No protection from malicious scripts',
+                'Cross-tab vulnerabilities'
+            ], 'sessionStorage.setItem("authToken", jwtToken);', '// Server-side: Set httpOnly cookie (not accessible to JavaScript)\nres.cookie("authToken", jwtToken, { httpOnly: true, secure: true, sameSite: "strict" });', 'Store sensitive data server-side or in httpOnly cookies. sessionStorage is cleared on tab close but remains vulnerable to XSS during the session'));
+        }
+        // 3. Storing credit card data - CRITICAL
+        if (trimmed.match(/localStorage|sessionStorage|cookie/i) &&
+            trimmed.match(/card|cvv|cvc|expiry|ccn|credit/i)) {
+            vulnerabilities.push(createVulnerability('pci-dss-violation', 'Storing credit card data violates PCI-DSS compliance', 'Never store credit card data locally - use tokenization or payment gateway APIs', lineNumber, 'Storing credit card data (even temporarily) violates PCI-DSS compliance standards and creates massive liability. Use payment gateway tokenization instead.', 'localStorage.setItem("cardNumber", ccn) // PCI-DSS violation, massive fines, liability', [
+                'PCI-DSS compliance violations (fines up to $500K/month)',
+                'Credit card theft',
+                'Financial fraud',
+                'Legal liability',
+                'Brand reputation damage'
+            ], 'localStorage.setItem("savedCard", cardNumber);', '// Use payment gateway tokenization:\nconst token = await stripe.createToken({ number: cardNumber });\n// Only store the token, never the actual card data', 'NEVER store credit card numbers, CVV, or expiry dates. Use payment gateway APIs (Stripe, PayPal) that provide tokenization'));
+        }
+        // 4. Unencrypted sensitive data in localStorage - HIGH
+        if (trimmed.match(/localStorage\.setItem|sessionStorage\.setItem/i) &&
+            !trimmed.match(/encrypt|cipher|AES/) &&
+            trimmed.match(/ssn|social.*security|passport|license|medical|health/i)) {
+            vulnerabilities.push(createVulnerability('unencrypted-pii', 'Storing unencrypted PII (Personally Identifiable Information) in browser storage', 'Avoid storing PII locally. If absolutely necessary, encrypt it client-side before storage', lineNumber, 'Storing PII in browser storage without encryption exposes sensitive personal data to XSS attacks and creates GDPR/privacy law violations.', 'localStorage.setItem("ssn", userSSN) // Unencrypted PII accessible to any script', [
+                'GDPR/privacy law violations',
+                'Identity theft',
+                'Medical privacy violations (HIPAA)',
+                'PII exposure via XSS',
+                'Regulatory fines'
+            ], 'localStorage.setItem("ssn", userSSN);', '// Option 1: Don\'t store PII locally\n// Option 2: If necessary, encrypt before storing:\nconst crypto = require("crypto-js");\nconst encrypted = crypto.AES.encrypt(data, encryptionKey).toString();\nlocalStorage.setItem("data", encrypted);', 'Avoid storing PII in browser storage. If absolutely required, encrypt it client-side using strong encryption (AES-256) before storage'));
+        }
+        // 5. IndexedDB for sensitive data without encryption - MEDIUM
+        if (trimmed.match(/indexedDB|IDBDatabase/i) &&
+            trimmed.match(/password|token|key|secret|ssn|card/i) &&
+            !trimmed.match(/encrypt|cipher/i)) {
+            vulnerabilities.push(createVulnerability('insecure-indexeddb', 'Storing sensitive data in IndexedDB without encryption', 'Encrypt sensitive data before storing in IndexedDB', lineNumber, 'IndexedDB stores data unencrypted on disk. Any process with file system access (malware, other apps) can read the database directly.', 'db.put({ id: 1, password: userPassword }) // Stored unencrypted on disk', [
+                'Data exposure to local malware',
+                'File system access vulnerabilities',
+                'Offline data theft',
+                'No protection at rest'
+            ], 'const store = db.transaction(["users"], "readwrite").objectStore("users");\nstore.add({ id: 1, password: password });', 'const crypto = require("crypto-js");\nconst encrypted = crypto.AES.encrypt(password, key).toString();\nstore.add({ id: 1, password: encrypted });', 'Encrypt all sensitive data before storing in IndexedDB using strong client-side encryption (AES-256)'));
+        }
+        // 6. Web SQL Database usage - HIGH (deprecated)
+        if (trimmed.match(/openDatabase|executeSql/i)) {
+            vulnerabilities.push(createVulnerability('deprecated-websql', 'Web SQL Database is deprecated and removed from standards', 'Migrate to IndexedDB or server-side storage', lineNumber, 'Web SQL Database has been removed from web standards and is no longer supported in modern browsers. It also lacks security features.', 'const db = openDatabase("mydb", "1.0", "My Database", 2 * 1024 * 1024); // Deprecated API', [
+                'Browser incompatibility (removed from standards)',
+                'No future support or security updates',
+                'Potential data loss during migration',
+                'SQL injection if queries not parameterized'
+            ], 'const db = openDatabase("mydb", "1.0", "Database", 5 * 1024 * 1024);', '// Migrate to IndexedDB:\nconst request = indexedDB.open("mydb", 1);\nrequest.onsuccess = (event) => {\n  const db = event.target.result;\n  // Use IndexedDB instead\n};', 'Migrate from Web SQL to IndexedDB for client-side storage, or use server-side storage for sensitive data'));
+        }
+    });
+    return vulnerabilities;
+}
+//# sourceMappingURL=storage-security.js.map

package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage-security.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/storage-security.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AA2BH,oDAkKC;AAzKD;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAClC,IAAY,EACZ,mBAA0C;IAE1C,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,kCAAkC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1F,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,8CAA8C;QAC9C,IAAI,OAAO,CAAC,KAAK,CAAC,kEAAkE,CAAC,EAAE,CAAC;YACtF,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,kBAAkB,EAClB,+CAA+C,EAC/C,8CAA8C,EAC9C,UAAU,EACV,mIAAmI,EACnI,yFAAyF,EACzF;gBACE,qBAAqB;gBACrB,qBAAqB;gBACrB,sCAAsC;gBACtC,+CAA+C;aAChD,EACD,8CAA8C,EAC9C,8JAA8J,EAC9J,qIAAqI,CACtI,CAAC,CAAC;QACL,CAAC;QAED,gDAAgD;QAChD,IAAI,OAAO,CAAC,KAAK,CAAC,oEAAoE,CAAC,EAAE,CAAC;YACxF,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,kBAAkB,EAClB,6CAA6C,EAC7C,8CAA8C,EAC9C,UAAU,EACV,wKAAwK,EACxK,2FAA2F,EAC3F;gBACE,qBAAqB;gBACrB,qBAAqB;gBACrB,sCAAsC;gBACtC,2BAA2B;aAC5B,EACD,gDAAgD,EAChD,8JAA8J,EAC9J,kJAAkJ,CACnJ,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,IAAI,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC;YACrD,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,mBAAmB,EACnB,sDAAsD,EACtD,iFAAiF,EACjF,UAAU,EACV,4JAA4J,EAC5J,wFAAwF,EACxF;gBACE,yDAAyD;gBACzD,mBAAmB;gBACnB,iBAAiB;gBACjB,iBAAiB;gBACjB,yBAAyB;aAC1B,EACD,gDAAgD,EAChD,4JAA4J,EAC5J,4HAA4H,CAC7H,CAAC,CAAC;QACL,CAAC;QAED,uDAAuD;QACvD,IAAI,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC;YAC/D,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC;YACpC,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,EAAE,CAAC;YAC3E,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,iBAAiB,EACjB,kFAAkF,EAClF,2FAA2F,EAC3F,UAAU,EACV,2IAA2I,EAC3I,kFAAkF,EAClF;gBACE,6BAA6B;gBAC7B,gBAAgB;gBAChB,oCAAoC;gBACpC,sBAAsB;gBACtB,kBAAkB;aACnB,EACD,uCAAuC,EACvC,kPAAkP,EAClP,uIAAuI,CACxI,CAAC,CAAC;QACL,CAAC;QAED,8DAA8D;QAC9D,IAAI,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC;YACvC,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC;YACpD,CAAC,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,oBAAoB,EACpB,wDAAwD,EACxD,oDAAoD,EACpD,UAAU,EACV,sIAAsI,EACtI,yEAAyE,EACzE;gBACE,gCAAgC;gBAChC,oCAAoC;gBACpC,oBAAoB;gBACpB,uBAAuB;aACxB,EACD,uHAAuH,EACvH,mJAAmJ,EACnJ,sGAAsG,CACvG,CAAC,CAAC;QACL,CAAC;QAED,gDAAgD;QAChD,IAAI,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;YAC9C,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,mBAAmB,EACnB,2DAA2D,EAC3D,6CAA6C,EAC7C,UAAU,EACV,sIAAsI,EACtI,2FAA2F,EAC3F;gBACE,kDAAkD;gBAClD,uCAAuC;gBACvC,sCAAsC;gBACtC,4CAA4C;aAC7C,EACD,sEAAsE,EACtE,2KAA2K,EAC3K,0GAA0G,CAC3G,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts

@@ -0,0 +1,28 @@
+/**
+ * JavaScript XSS and DOM Security Detection Module
+ *
+ * Detects Cross-Site Scripting (XSS) and DOM manipulation vulnerabilities:
+ * - innerHTML/outerHTML with unsanitized content
+ * - document.write usage
+ * - Open redirect vulnerabilities
+ * - Insecure cookie configuration
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module xss-dom-security
+ */
+import { SecurityVulnerability } from '../../types';
+/**
+ * Type for createSecurityVulnerability function
+ */
+export type CreateVulnerabilityFn = (id: string, message: string, fix: string, lineNumber: number, explanation: string, example: string, impacts: string[], codeExample: string, fixedCodeExample: string, fixDetails: string) => SecurityVulnerability;
+/**
+ * Check for XSS and DOM security vulnerabilities in JavaScript code
+ *
+ * @param code - Full source code
+ * @param createVulnerability - Function to create vulnerability objects
+ * @returns Array of detected vulnerabilities
+ */
+export declare function checkXSSDOMSecurity(code: string, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability[];
+//# sourceMappingURL=xss-dom-security.d.ts.map

package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss-dom-security.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/xss-dom-security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,CAClC,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EAAE,EACjB,WAAW,EAAE,MAAM,EACnB,gBAAgB,EAAE,MAAM,EACxB,UAAU,EAAE,MAAM,KACf,qBAAqB,CAAC;AAE3B;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,EAAE,CAiNzB"}

package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js

@@ -0,0 +1,143 @@
+"use strict";
+/**
+ * JavaScript XSS and DOM Security Detection Module
+ *
+ * Detects Cross-Site Scripting (XSS) and DOM manipulation vulnerabilities:
+ * - innerHTML/outerHTML with unsanitized content
+ * - document.write usage
+ * - Open redirect vulnerabilities
+ * - Insecure cookie configuration
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module xss-dom-security
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkXSSDOMSecurity = checkXSSDOMSecurity;
+/**
+ * Check for XSS and DOM security vulnerabilities in JavaScript code
+ *
+ * @param code - Full source code
+ * @param createVulnerability - Function to create vulnerability objects
+ * @returns Array of detected vulnerabilities
+ */
+function checkXSSDOMSecurity(code, createVulnerability) {
+    const vulnerabilities = [];
+    const lines = code.split('\n');
+    let inMultiLineComment = false;
+    lines.forEach((line, index) => {
+        const lineNumber = index + 1;
+        const trimmed = line.trim();
+        // Track multi-line comment blocks
+        if (trimmed.includes('/*')) {
+            inMultiLineComment = true;
+        }
+        if (trimmed.includes('*/')) {
+            inMultiLineComment = false;
+            return;
+        }
+        // Skip comments and empty lines
+        if (!trimmed || inMultiLineComment || trimmed.startsWith('//') || trimmed.startsWith('*')) {
+            return;
+        }
+        // OWASP A03:2021 - XSS (Cross-Site Scripting)
+        // 1. innerHTML with variables - CRITICAL (ENHANCED Dec 30, 2025)
+        // BUGFIX: Previously only detected concatenation (+ or ${}), missed direct assignment
+        // Now catches: document.innerHTML = userInput (no concat) AND element.innerHTML = "<div>" + userInput
+        const innerHTMLMatch = trimmed.match(/\.innerHTML\s*=/);
+        if (innerHTMLMatch) {
+            // Detect dynamic content (concatenation, template literals, OR variable assignment)
+            const hasConcatenation = trimmed.includes('+') || trimmed.includes('${');
+            const hasVariableAssignment = trimmed.match(/\.innerHTML\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*/); // = variableName
+            const isStaticString = trimmed.match(/\.innerHTML\s*=\s*["'`][^"'`]*["'`]\s*;?\s*$/); // = "static string" only
+            if ((hasConcatenation || hasVariableAssignment) && !isStaticString) {
+                vulnerabilities.push(createVulnerability('xss', 'XSS: innerHTML with unsanitized user content', 'Use textContent, DOMPurify.sanitize(), or createElement()', lineNumber, 'An attacker can inject malicious JavaScript code through user input, stealing session cookies, credentials, or performing actions on behalf of the user.', 'element.innerHTML = userInput where userInput = "<img src=x onerror=alert(document.cookie)>"', [
+                    'Session hijacking (cookie theft)',
+                    'Credential theft (keylogging)',
+                    'Phishing attacks',
+                    'Malware distribution',
+                    'Defacement'
+                ], 'element.innerHTML = userContent;', 'element.textContent = userContent; // Safe for plain text\n// Or: element.innerHTML = DOMPurify.sanitize(userContent);', 'Use textContent for plain text, or sanitize HTML with DOMPurify before setting innerHTML'));
+            }
+        }
+        // 2. outerHTML - CRITICAL (ENHANCED Dec 30, 2025)
+        // Same fix as innerHTML: catch direct variable assignment
+        const outerHTMLMatch = trimmed.match(/\.outerHTML\s*=/);
+        if (outerHTMLMatch) {
+            const hasConcatenation = trimmed.includes('+') || trimmed.includes('${');
+            const hasVariableAssignment = trimmed.match(/\.outerHTML\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*/);
+            const isStaticString = trimmed.match(/\.outerHTML\s*=\s*["'`][^"'`]*["'`]\s*;?\s*$/);
+            if ((hasConcatenation || hasVariableAssignment) && !isStaticString) {
+                vulnerabilities.push(createVulnerability('xss', 'XSS: outerHTML with unsanitized variables', 'Use safe DOM methods or DOMPurify.sanitize()', lineNumber, 'Setting outerHTML with user content allows XSS attacks by replacing the entire element with malicious HTML.', 'element.outerHTML = userHTML where userHTML contains <img src=x onerror=alert(1)>', [
+                    'Cross-site scripting (XSS)',
+                    'Session hijacking',
+                    'Credential theft',
+                    'Malware distribution'
+                ], 'element.outerHTML = userContent;', 'const div = document.createElement("div");\ndiv.textContent = userContent;\nelement.replaceWith(div);', 'Create elements using createElement() and set content with textContent, or sanitize HTML with DOMPurify'));
+            }
+        }
+        // 3. document.write - MEDIUM
+        if (trimmed.includes('document.write')) {
+            vulnerabilities.push(createVulnerability('document-write', 'document.write is deprecated and can cause XSS', 'Use createElement() and appendChild() instead', lineNumber, 'document.write() is synchronous, deprecated, and can be exploited for XSS if used with untrusted data.', 'document.write("<div>" + userInput + "</div>")', [
+                'XSS vulnerability',
+                'Performance issues (parser-blocking)',
+                'Overwrites page content if called after page load'
+            ], 'document.write("<h1>" + title + "</h1>");', 'const h1 = document.createElement("h1");\nh1.textContent = title;\ndocument.body.appendChild(h1);', 'Use modern DOM APIs: createElement(), textContent, and appendChild()'));
+        }
+        // OWASP A01:2021 - Broken Access Control
+        // 4. Open redirect vulnerability - MEDIUM
+        if (trimmed.match(/\.redirect\s*\(/) || trimmed.match(/location\.href\s*=/) || trimmed.match(/window\.location\s*=/)) {
+            const hasUserInput = trimmed.match(/req\.query|req\.body|req\.params|params\.|query\.|body\./) ||
+                trimmed.match(/\$\{.*\}/) ||
+                trimmed.match(/\+\s*[\w.]+/);
+            if (hasUserInput) {
+                vulnerabilities.push(createVulnerability('open-redirect', 'Open redirect vulnerability - unvalidated URL redirect', 'Validate redirect URLs against whitelist of allowed domains', lineNumber, 'Redirecting users to attacker-controlled URLs enables phishing attacks. Users trust redirects from legitimate domains, making them vulnerable to credential theft.', 'res.redirect(req.query.url) where url = "https://evil.com/phishing" // User thinks they\'re on legitimate site', [
+                    'Phishing attacks (credential theft)',
+                    'Malware distribution',
+                    'OAuth token theft (authorization code interception)',
+                    'Reputation damage (domain used for phishing)',
+                    'Session hijacking'
+                ], 'res.redirect(req.query.returnUrl);', 'const allowedDomains = ["example.com", "app.example.com"];\nconst url = new URL(req.query.returnUrl, "https://example.com");\nif (!allowedDomains.includes(url.hostname)) {\n  return res.status(400).send("Invalid redirect");\n}\nres.redirect(url.href);', 'Validate all redirect URLs against a whitelist of allowed domains. Use URL() constructor to parse and check hostname before redirecting'));
+            }
+        }
+        // OWASP A05:2021 - Security Misconfiguration
+        // 5. Insecure cookie configuration - HIGH
+        if (trimmed.match(/\.cookie\s*\([^)]*\)/) && trimmed.match(/res\.|response\./)) {
+            const hasHttpOnly = trimmed.match(/httpOnly\s*:\s*true/i);
+            const hasSecure = trimmed.match(/secure\s*:\s*true/i);
+            const hasSameSite = trimmed.match(/sameSite/i);
+            if (!hasHttpOnly || !hasSecure || !hasSameSite) {
+                vulnerabilities.push(createVulnerability('insecure-cookie', 'Cookie set without security flags (httpOnly, secure, sameSite)', 'Add httpOnly: true, secure: true, sameSite: "strict" to cookie options', lineNumber, 'Cookies without security flags are vulnerable to XSS attacks (JavaScript access), man-in-the-middle attacks (transmitted over HTTP), and CSRF attacks (cross-site request forgery).', 'res.cookie("sessionId", token) // No httpOnly = XSS can steal, no secure = transmitted over HTTP', [
+                    'Session hijacking via XSS (cookie theft)',
+                    'Man-in-the-middle attacks (HTTP transmission)',
+                    'CSRF attacks (cross-site requests)',
+                    'Session fixation attacks'
+                ], 'res.cookie("sessionId", sessionId);', 'res.cookie("sessionId", sessionId, {\n  httpOnly: true,  // Not accessible to JavaScript\n  secure: true,    // Only sent over HTTPS\n  sameSite: "strict" // Prevents CSRF attacks\n});', 'Always set httpOnly (prevents XSS), secure (HTTPS only), and sameSite (prevents CSRF) flags on session cookies'));
+            }
+        }
+        // 6. Clickjacking vulnerability - MEDIUM
+        if (trimmed.match(/X-Frame-Options|frame-ancestors/) && trimmed.match(/ALLOW-FROM|'self'/i)) {
+            vulnerabilities.push(createVulnerability('clickjacking', 'Weak clickjacking protection - X-Frame-Options set to allow framing', 'Set X-Frame-Options: DENY or use Content-Security-Policy: frame-ancestors \'none\'', lineNumber, 'Allowing the page to be embedded in iframes enables clickjacking attacks where attackers overlay invisible frames to trick users into clicking malicious actions.', 'res.setHeader("X-Frame-Options", "ALLOW-FROM https://example.com") // Deprecated and allows framing', [
+                'Clickjacking attacks (invisible overlay)',
+                'Unauthorized actions (like/share/delete)',
+                'Credential theft (fake login overlay)',
+                'Malware distribution'
+            ], 'res.setHeader("X-Frame-Options", "SAMEORIGIN");', 'res.setHeader("X-Frame-Options", "DENY"); // Prevent all framing\n// Or: res.setHeader("Content-Security-Policy", "frame-ancestors \'none\'");', 'Use X-Frame-Options: DENY to prevent all framing, or Content-Security-Policy: frame-ancestors \'none\' for modern browsers'));
+        }
+        // 7. Missing Content-Security-Policy - MEDIUM
+        if (trimmed.match(/res\.setHeader|response\.setHeader/) && !trimmed.match(/Content-Security-Policy/i)) {
+            // Only flag if setting other security headers (indicates security awareness but CSP missing)
+            if (trimmed.match(/X-Frame-Options|X-Content-Type-Options|Strict-Transport-Security/i)) {
+                vulnerabilities.push(createVulnerability('missing-csp', 'Missing Content-Security-Policy header', 'Add Content-Security-Policy header to prevent XSS and data injection attacks', lineNumber, 'Content-Security-Policy (CSP) is a critical security header that prevents XSS attacks by restricting which scripts can execute on the page.', 'res.setHeader("X-Frame-Options", "DENY"); // Good, but missing CSP header', [
+                    'XSS attacks (inline scripts can execute)',
+                    'Data injection attacks',
+                    'Clickjacking (without frame-ancestors)',
+                    'Mixed content vulnerabilities'
+                ], 'res.setHeader("X-Frame-Options", "DENY");', 'res.setHeader("Content-Security-Policy", "default-src \'self\'; script-src \'self\'; object-src \'none\'");', 'Add Content-Security-Policy header to restrict script sources and prevent XSS. Start with a strict policy and relax as needed'));
+            }
+        }
+    });
+    return vulnerabilities;
+}
+//# sourceMappingURL=xss-dom-security.js.map

package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss-dom-security.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/xss-dom-security.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AA2BH,kDAoNC;AA3ND;;;;;;GAMG;AACH,SAAgB,mBAAmB,CACjC,IAAY,EACZ,mBAA0C;IAE1C,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,kCAAkC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1F,OAAO;QACT,CAAC;QAED,8CAA8C;QAC9C,iEAAiE;QACjE,sFAAsF;QACtF,sGAAsG;QACtG,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACxD,IAAI,cAAc,EAAE,CAAC;YACnB,oFAAoF;YACpF,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,qBAAqB,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC,CAAC,iBAAiB;YAC5G,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC,CAAC,yBAAyB;YAE/G,IAAI,CAAC,gBAAgB,IAAI,qBAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACnE,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,KAAK,EACL,8CAA8C,EAC9C,2DAA2D,EAC3D,UAAU,EACV,0JAA0J,EAC1J,8FAA8F,EAC9F;oBACE,kCAAkC;oBAClC,+BAA+B;oBAC/B,kBAAkB;oBAClB,sBAAsB;oBACtB,YAAY;iBACb,EACD,kCAAkC,EAClC,wHAAwH,EACxH,0FAA0F,CAC3F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,0DAA0D;QAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACxD,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,qBAAqB,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC1F,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAErF,IAAI,CAAC,gBAAgB,IAAI,qBAAqB,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACnE,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,KAAK,EACL,2CAA2C,EAC3C,8CAA8C,EAC9C,UAAU,EACV,6GAA6G,EAC7G,mFAAmF,EACnF;oBACE,4BAA4B;oBAC5B,mBAAmB;oBACnB,kBAAkB;oBAClB,sBAAsB;iBACvB,EACD,kCAAkC,EAClC,uGAAuG,EACvG,yGAAyG,CAC1G,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,gBAAgB,EAChB,gDAAgD,EAChD,+CAA+C,EAC/C,UAAU,EACV,wGAAwG,EACxG,gDAAgD,EAChD;gBACE,mBAAmB;gBACnB,sCAAsC;gBACtC,mDAAmD;aACpD,EACD,2CAA2C,EAC3C,mGAAmG,EACnG,sEAAsE,CACvE,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,0CAA0C;QAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACrH,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC;gBACzE,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC;gBACzB,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAElD,IAAI,YAAY,EAAE,CAAC;gBACjB,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,eAAe,EACf,wDAAwD,EACxD,6DAA6D,EAC7D,UAAU,EACV,oKAAoK,EACpK,gHAAgH,EAChH;oBACE,qCAAqC;oBACrC,sBAAsB;oBACtB,qDAAqD;oBACrD,8CAA8C;oBAC9C,mBAAmB;iBACpB,EACD,oCAAoC,EACpC,6PAA6P,EAC7P,yIAAyI,CAC1I,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,0CAA0C;QAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/E,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAC1D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACtD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAE/C,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/C,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,iBAAiB,EACjB,gEAAgE,EAChE,wEAAwE,EACxE,UAAU,EACV,qLAAqL,EACrL,kGAAkG,EAClG;oBACE,0CAA0C;oBAC1C,+CAA+C;oBAC/C,oCAAoC;oBACpC,0BAA0B;iBAC3B,EACD,qCAAqC,EACrC,0LAA0L,EAC1L,gHAAgH,CACjH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC5F,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,cAAc,EACd,qEAAqE,EACrE,oFAAoF,EACpF,UAAU,EACV,mKAAmK,EACnK,qGAAqG,EACrG;gBACE,0CAA0C;gBAC1C,0CAA0C;gBAC1C,uCAAuC;gBACvC,sBAAsB;aACvB,EACD,iDAAiD,EACjD,gJAAgJ,EAChJ,4HAA4H,CAC7H,CAAC,CAAC;QACL,CAAC;QAED,8CAA8C;QAC9C,IAAI,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;YACtG,6FAA6F;YAC7F,IAAI,OAAO,CAAC,KAAK,CAAC,mEAAmE,CAAC,EAAE,CAAC;gBACvF,eAAe,CAAC,IAAI,CAAC,mBAAmB,CACtC,aAAa,EACb,wCAAwC,EACxC,8EAA8E,EAC9E,UAAU,EACV,6IAA6I,EAC7I,2EAA2E,EAC3E;oBACE,0CAA0C;oBAC1C,wBAAwB;oBACxB,wCAAwC;oBACxC,+BAA+B;iBAChC,EACD,2CAA2C,EAC3C,6GAA6G,EAC7G,+HAA+H,CAChI,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}