codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (455) hide show
  1. package/README.md +458 -0
  2. package/__tests__/cli-reporter.test.ts +86 -0
  3. package/__tests__/config-loader.test.ts +247 -0
  4. package/__tests__/local-scanner.test.ts +245 -0
  5. package/bin/codeslick.cjs +153 -0
  6. package/dist/packages/cli/src/commands/auth.d.ts +36 -0
  7. package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
  8. package/dist/packages/cli/src/commands/auth.js +226 -0
  9. package/dist/packages/cli/src/commands/auth.js.map +1 -0
  10. package/dist/packages/cli/src/commands/config.d.ts +37 -0
  11. package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
  12. package/dist/packages/cli/src/commands/config.js +196 -0
  13. package/dist/packages/cli/src/commands/config.js.map +1 -0
  14. package/dist/packages/cli/src/commands/init.d.ts +32 -0
  15. package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
  16. package/dist/packages/cli/src/commands/init.js +171 -0
  17. package/dist/packages/cli/src/commands/init.js.map +1 -0
  18. package/dist/packages/cli/src/commands/scan.d.ts +40 -0
  19. package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
  20. package/dist/packages/cli/src/commands/scan.js +204 -0
  21. package/dist/packages/cli/src/commands/scan.js.map +1 -0
  22. package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
  23. package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
  24. package/dist/packages/cli/src/config/config-loader.js +146 -0
  25. package/dist/packages/cli/src/config/config-loader.js.map +1 -0
  26. package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
  27. package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
  28. package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
  29. package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
  30. package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
  31. package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
  32. package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
  33. package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
  34. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
  35. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
  36. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
  37. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
  38. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
  39. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
  40. package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
  41. package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
  42. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
  43. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
  44. package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
  45. package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
  46. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
  47. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
  48. package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
  49. package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
  50. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
  51. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
  52. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
  53. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
  54. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
  55. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
  56. package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
  57. package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
  58. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
  59. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
  60. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
  61. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
  62. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
  63. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
  64. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
  65. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
  66. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
  67. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  68. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
  69. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
  70. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
  71. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
  72. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
  73. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
  74. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
  75. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
  76. package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
  77. package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
  78. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
  79. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
  80. package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
  81. package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
  82. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
  83. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
  84. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
  85. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
  86. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
  87. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
  88. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
  89. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
  90. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
  91. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
  92. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
  93. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
  94. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
  95. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
  96. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
  97. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
  98. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
  99. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
  100. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
  101. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
  102. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
  103. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
  104. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
  105. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
  106. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
  107. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
  108. package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
  109. package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
  110. package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
  111. package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
  112. package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
  113. package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
  114. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
  115. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
  116. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
  117. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
  118. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
  119. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
  120. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
  121. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
  122. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
  123. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
  124. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
  125. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
  126. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
  127. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
  128. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
  129. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
  130. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
  131. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
  132. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
  133. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
  134. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
  135. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
  136. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
  137. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
  138. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
  139. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
  140. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
  141. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
  142. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
  143. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
  144. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
  145. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
  146. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
  147. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
  148. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
  149. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
  150. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
  151. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  152. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
  153. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
  154. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
  155. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
  156. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
  157. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
  158. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
  159. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
  160. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
  161. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
  162. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
  163. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
  164. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
  165. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
  166. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
  167. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
  168. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
  169. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
  170. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
  171. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
  172. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
  173. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
  174. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
  175. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
  176. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
  177. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
  178. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
  179. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
  180. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
  181. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
  182. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
  183. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
  184. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
  185. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
  186. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
  187. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
  188. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
  189. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
  190. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
  191. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
  192. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
  193. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
  194. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
  195. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
  196. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
  197. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
  198. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
  199. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
  200. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
  201. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
  202. package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
  203. package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
  204. package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
  205. package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
  206. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
  207. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
  208. package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
  209. package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
  210. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
  211. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
  212. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
  213. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
  214. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
  215. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
  216. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
  217. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
  218. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
  219. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
  220. package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
  221. package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
  222. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
  223. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
  224. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
  225. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
  226. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
  227. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
  228. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
  229. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
  230. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
  231. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
  232. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
  233. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
  234. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
  235. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
  236. package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
  237. package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
  238. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
  239. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
  240. package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
  241. package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
  242. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
  243. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  244. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
  245. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
  246. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
  247. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
  248. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
  249. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
  250. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
  251. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
  252. package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
  253. package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
  254. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
  255. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
  256. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
  257. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
  258. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
  259. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
  260. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
  261. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
  262. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
  263. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
  264. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
  265. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
  266. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
  267. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
  268. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
  269. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
  270. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
  271. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
  272. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
  273. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
  274. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
  275. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
  276. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
  277. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
  278. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
  279. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
  280. package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
  281. package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
  282. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
  283. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
  284. package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
  285. package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
  286. package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
  287. package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
  288. package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
  289. package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
  290. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
  291. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
  292. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
  293. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
  294. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
  295. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
  296. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
  297. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
  298. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
  299. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
  300. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
  301. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
  302. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
  303. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
  304. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
  305. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
  306. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
  307. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
  308. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
  309. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
  310. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
  311. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
  312. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
  313. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
  314. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
  315. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
  316. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
  317. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
  318. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
  319. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
  320. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
  321. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
  322. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
  323. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
  324. package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
  325. package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
  326. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
  327. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
  328. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
  329. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
  330. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
  331. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
  332. package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
  333. package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
  334. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
  335. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
  336. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
  337. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
  338. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
  339. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
  340. package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
  341. package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
  342. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
  343. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
  344. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
  345. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
  346. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
  347. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
  348. package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
  349. package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
  350. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
  351. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
  352. package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
  353. package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
  354. package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
  355. package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
  356. package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
  357. package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
  358. package/dist/src/lib/analyzers/types.d.ts +92 -0
  359. package/dist/src/lib/analyzers/types.d.ts.map +1 -0
  360. package/dist/src/lib/analyzers/types.js +3 -0
  361. package/dist/src/lib/analyzers/types.js.map +1 -0
  362. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
  363. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
  364. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
  365. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
  366. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
  367. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
  368. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
  369. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
  370. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
  371. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
  372. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
  373. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
  374. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
  375. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
  376. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
  377. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
  378. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
  379. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
  380. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
  381. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
  382. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
  383. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
  384. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
  385. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
  386. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
  387. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  388. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
  389. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
  390. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
  391. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
  392. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
  393. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
  394. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
  395. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
  396. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
  397. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
  398. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
  399. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
  400. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
  401. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
  402. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
  403. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
  404. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
  405. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
  406. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
  407. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
  408. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
  409. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
  410. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
  411. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
  412. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
  413. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
  414. package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
  415. package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
  416. package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
  417. package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
  418. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
  419. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
  420. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
  421. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
  422. package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
  423. package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
  424. package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
  425. package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
  426. package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
  427. package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
  428. package/dist/src/lib/security/compliance-mapping.js +1342 -0
  429. package/dist/src/lib/security/compliance-mapping.js.map +1 -0
  430. package/dist/src/lib/security/severity-scoring.d.ts +47 -0
  431. package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
  432. package/dist/src/lib/security/severity-scoring.js +965 -0
  433. package/dist/src/lib/security/severity-scoring.js.map +1 -0
  434. package/dist/src/lib/standards/references.d.ts +16 -0
  435. package/dist/src/lib/standards/references.d.ts.map +1 -0
  436. package/dist/src/lib/standards/references.js +1161 -0
  437. package/dist/src/lib/standards/references.js.map +1 -0
  438. package/dist/src/lib/types/index.d.ts +167 -0
  439. package/dist/src/lib/types/index.d.ts.map +1 -0
  440. package/dist/src/lib/types/index.js +3 -0
  441. package/dist/src/lib/types/index.js.map +1 -0
  442. package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
  443. package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
  444. package/dist/src/lib/utils/code-cleaner.js +283 -0
  445. package/dist/src/lib/utils/code-cleaner.js.map +1 -0
  446. package/package.json +51 -0
  447. package/src/commands/auth.ts +308 -0
  448. package/src/commands/config.ts +226 -0
  449. package/src/commands/init.ts +202 -0
  450. package/src/commands/scan.ts +238 -0
  451. package/src/config/config-loader.ts +175 -0
  452. package/src/reporters/cli-reporter.ts +282 -0
  453. package/src/scanner/local-scanner.ts +250 -0
  454. package/tsconfig.json +24 -0
  455. package/tsconfig.tsbuildinfo +1 -0
package/dist/src/lib/analyzers/python/security-checks/insecure-design.js ADDED
@@ -0,0 +1,160 @@
1
+ "use strict";
2
+ /**
3
+ * Python Insecure Design Security Checks
4
+ * OWASP A06:2025 - Insecure Design
5
+ *
6
+ * Detects design-level security flaws that cannot be fixed by implementation alone.
7
+ * This is a NEW category in OWASP 2025 focusing on missing security controls.
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.checkInsecureDesign = checkInsecureDesign;
11
+ const createVulnerability_1 = require("../utils/createVulnerability");
12
+ /**
13
+ * Checks for insecure design vulnerabilities in Python code
14
+ *
15
+ * Covers:
16
+ * - Check #1: Missing rate limiting on sensitive endpoints (HIGH)
17
+ * - Check #2: Mass assignment vulnerabilities (HIGH)
18
+ *
19
+ * @param lines - Array of code lines
20
+ * @returns Array of security vulnerabilities found
21
+ */
22
+ function checkInsecureDesign(lines) {
23
+ const vulnerabilities = [];
24
+ let inMultiLineComment = false;
25
+ // Track route context
26
+ let currentRoute = '';
27
+ let routeLineNumber = -1;
28
+ let hasRateLimiting = false;
29
+ lines.forEach((line, index) => {
30
+ const trimmedLine = line.trim();
31
+ // CRITICAL: Track Python triple-quote comment blocks (""" ... """ or ''' ... ''')
32
+ const hasTripleQuote = trimmedLine.includes('"""') || trimmedLine.includes("'''");
33
+ if (hasTripleQuote) {
34
+ if (!inMultiLineComment) {
35
+ // Start of multi-line comment
36
+ inMultiLineComment = true;
37
+ // Check if it closes on the same line (single-line docstring)
38
+ const tripleQuoteCount = (trimmedLine.match(/"""/g) || []).length + (trimmedLine.match(/'''/g) || []).length;
39
+ if (tripleQuoteCount >= 2) {
40
+ // Opens and closes on same line, reset flag
41
+ inMultiLineComment = false;
42
+ }
43
+ return; // Skip this line
44
+ }
45
+ else {
46
+ // End of multi-line comment
47
+ inMultiLineComment = false;
48
+ return; // Skip this line
49
+ }
50
+ }
51
+ // CRITICAL: Skip all lines inside multi-line comments and single-line comments
52
+ if (!trimmedLine ||
53
+ inMultiLineComment ||
54
+ trimmedLine.startsWith('#')) {
55
+ return;
56
+ }
57
+ const lowerLine = trimmedLine.toLowerCase();
58
+ // Check #1: Missing rate limiting on sensitive endpoints
59
+ // Detect rate limiting decorators
60
+ if (lowerLine.includes('@limiter.limit') ||
61
+ lowerLine.includes('@rate_limit') ||
62
+ lowerLine.includes('@throttle')) {
63
+ hasRateLimiting = true;
64
+ return;
65
+ }
66
+ // Detect route decorators
67
+ if (lowerLine.includes('@app.route(') || lowerLine.includes('@route(')) {
68
+ currentRoute = trimmedLine.toLowerCase();
69
+ routeLineNumber = index + 1;
70
+ hasRateLimiting = false; // Reset for new route
71
+ return;
72
+ }
73
+ // Detect function definitions (route handlers)
74
+ if (lowerLine.startsWith('def ')) {
75
+ // Check if route needs rate limiting
76
+ if (currentRoute && !hasRateLimiting) {
77
+ const isSensitiveRoute = currentRoute.includes('/login') ||
78
+ currentRoute.includes('/signin') ||
79
+ currentRoute.includes('/reset') ||
80
+ currentRoute.includes('/password') ||
81
+ currentRoute.includes('/api/') ||
82
+ currentRoute.includes('/verify') ||
83
+ currentRoute.includes('/otp') ||
84
+ currentRoute.includes('/auth') ||
85
+ currentRoute.includes('/token');
86
+ const isPublicStatic = currentRoute.includes('/about') ||
87
+ currentRoute.includes('/contact') ||
88
+ currentRoute.includes('/home') ||
89
+ currentRoute.includes('/static');
90
+ if (isSensitiveRoute && !isPublicStatic && routeLineNumber > 0) {
91
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('missing-rate-limiting', 'Sensitive endpoint missing rate limiting - vulnerable to brute-force and DoS attacks', 'Add rate limiting decorator (@limiter.limit, @rate_limit, or @throttle) to prevent abuse', routeLineNumber, 'Attackers can perform unlimited login attempts, password resets, or API calls, enabling credential stuffing, account enumeration, and denial of service attacks', '@app.route(\'/login\', methods=[\'POST\'])\ndef login():\n user = authenticate(request.form) # No rate limit!', [
92
+ 'Brute-force attacks on login and authentication',
93
+ 'Credential stuffing with stolen password lists',
94
+ 'Account enumeration through timing attacks',
95
+ 'Denial of service through resource exhaustion',
96
+ 'OTP/2FA bypass through unlimited attempts'
97
+ ], '@app.route(\'/login\', methods=[\'POST\'])\ndef login():\n return authenticate(request.form)', '@app.route(\'/login\', methods=[\'POST\'])\n@limiter.limit("5 per minute")\ndef login():\n return authenticate(request.form)', 'Add rate limiting to all sensitive endpoints. Use Flask-Limiter or similar middleware. Recommended limits: 5 attempts/minute for login, 3 attempts/hour for password reset.'));
98
+ }
99
+ }
100
+ // Reset route tracking
101
+ currentRoute = '';
102
+ routeLineNumber = -1;
103
+ hasRateLimiting = false;
104
+ return;
105
+ }
106
+ // Check #2: Mass assignment vulnerabilities
107
+ // Detect direct unpacking of request data to models
108
+ if ((lowerLine.includes('**request.json') ||
109
+ lowerLine.includes('**request.form') ||
110
+ lowerLine.includes('**request.data')) &&
111
+ !lowerLine.includes('form.data')) { // Exclude validated form data
112
+ // Check if there's a whitelist validation nearby
113
+ let hasWhitelist = false;
114
+ for (let i = Math.max(0, index - 5); i <= Math.min(index + 2, lines.length - 1); i++) {
115
+ const nearbyLine = lines[i].trim().toLowerCase();
116
+ if (nearbyLine.includes('allowed_fields') ||
117
+ nearbyLine.includes('whitelist') ||
118
+ nearbyLine.includes('if k in') ||
119
+ nearbyLine.includes('for k, v') && nearbyLine.includes('items()')) {
120
+ hasWhitelist = true;
121
+ break;
122
+ }
123
+ }
124
+ if (!hasWhitelist) {
125
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('mass-assignment', 'Mass assignment vulnerability - allows attackers to modify unintended fields', 'Use explicit field whitelisting or validated form objects instead of direct request data unpacking', index + 1, 'Attackers can inject additional fields in requests to modify protected attributes (is_admin, role, password_hash), escalate privileges, or manipulate business logic', 'user = User(**request.json) # Attacker can set ANY field!\ndb.session.add(user) # Including is_admin=True', [
126
+ 'Privilege escalation through role modification',
127
+ 'Account takeover by changing email/password',
128
+ 'Business logic bypass (price, discount manipulation)',
129
+ 'Data integrity violations',
130
+ 'Unauthorized access to protected resources'
131
+ ], 'user = User(**request.json)\ndb.session.add(user)', 'allowed_fields = [\'name\', \'email\', \'bio\']\ndata = {k: v for k, v in request.json.items() if k in allowed_fields}\nuser = User(**data)', 'Always use explicit field whitelisting. Define allowed fields and filter request data before assignment. Use form validation libraries like WTForms or Marshmallow.'));
132
+ }
133
+ }
134
+ // Detect .update() with request data
135
+ if (lowerLine.includes('.update(request.') &&
136
+ !lowerLine.includes('**') && // Already caught above
137
+ !lowerLine.includes('form.data')) {
138
+ // Check for whitelist
139
+ let hasWhitelist = false;
140
+ for (let i = Math.max(0, index - 5); i <= Math.min(index + 2, lines.length - 1); i++) {
141
+ const nearbyLine = lines[i].trim().toLowerCase();
142
+ if (nearbyLine.includes('allowed_fields') ||
143
+ nearbyLine.includes('whitelist')) {
144
+ hasWhitelist = true;
145
+ break;
146
+ }
147
+ }
148
+ if (!hasWhitelist) {
149
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('mass-assignment', 'Mass assignment vulnerability in model update - allows modification of unintended fields', 'Use explicit field assignment or whitelist validation before updating', index + 1, 'Attackers can inject additional fields to modify protected model attributes, bypass business logic, or escalate privileges', 'user.update(request.json) # Attacker controls ALL updated fields', [
150
+ 'Privilege escalation through protected field modification',
151
+ 'Business logic bypass',
152
+ 'Data integrity violations',
153
+ 'Unauthorized attribute changes'
154
+ ], 'user.update(request.json)', 'allowed_fields = [\'name\', \'email\']\ndata = {k: v for k, v in request.json.items() if k in allowed_fields}\nuser.update(data)', 'Whitelist allowed fields before calling update(). Only allow users to modify fields they should have access to.'));
155
+ }
156
+ }
157
+ });
158
+ return vulnerabilities;
159
+ }
160
+ //# sourceMappingURL=insecure-design.js.map
package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"insecure-design.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/python/security-checks/insecure-design.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAeH,kDAwMC;AApND,sEAAiF;AAEjF;;;;;;;;;GASG;AACH,SAAgB,mBAAmB,CACjC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,sBAAsB;IACtB,IAAI,YAAY,GAAG,EAAE,CAAC;IACtB,IAAI,eAAe,GAAG,CAAC,CAAC,CAAC;IACzB,IAAI,eAAe,GAAG,KAAK,CAAC;IAE5B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,kFAAkF;QAClF,MAAM,cAAc,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAElF,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,8BAA8B;gBAC9B,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,8DAA8D;gBAC9D,MAAM,gBAAgB,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBAC7G,IAAI,gBAAgB,IAAI,CAAC,EAAE,CAAC;oBAC1B,4CAA4C;oBAC5C,kBAAkB,GAAG,KAAK,CAAC;gBAC7B,CAAC;gBACD,OAAO,CAAC,iBAAiB;YAC3B,CAAC;iBAAM,CAAC;gBACN,4BAA4B;gBAC5B,kBAAkB,GAAG,KAAK,CAAC;gBAC3B,OAAO,CAAC,iBAAiB;YAC3B,CAAC;QACH,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,yDAAyD;QAEzD,kCAAkC;QAClC,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YACpC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;YACjC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpC,eAAe,GAAG,IAAI,CAAC;YACvB,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvE,YAAY,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;YACzC,eAAe,GAAG,KAAK,GAAG,CAAC,CAAC;YAC5B,eAAe,GAAG,KAAK,CAAC,CAAC,sBAAsB;YAC/C,OAAO;QACT,CAAC;QAED,+CAA+C;QAC/C,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,qCAAqC;YACrC,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrC,MAAM,gBAAgB,GACpB,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC/B,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAChC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC/B,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAClC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAC9B,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAChC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC7B,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAC9B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAElC,MAAM,cAAc,GAClB,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC/B,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC;oBACjC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAC9B,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBAEnC,IAAI,gBAAgB,IAAI,CAAC,cAAc,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;oBAC/D,eAAe,CAAC,IAAI,CAClB,IAAA,uDAAiC,EAC/B,uBAAuB,EACvB,sFAAsF,EACtF,0FAA0F,EAC1F,eAAe,EACf,iKAAiK,EACjK,mHAAmH,EACnH;wBACE,iDAAiD;wBACjD,gDAAgD;wBAChD,4CAA4C;wBAC5C,+CAA+C;wBAC/C,2CAA2C;qBAC5C,EACD,iGAAiG,EACjG,iIAAiI,EACjI,6KAA6K,CAC9K,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,YAAY,GAAG,EAAE,CAAC;YAClB,eAAe,GAAG,CAAC,CAAC,CAAC;YACrB,eAAe,GAAG,KAAK,CAAC;YACxB,OAAO;QACT,CAAC;QAED,4CAA4C;QAE5C,oDAAoD;QACpD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YACpC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YACpC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YACtC,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,8BAA8B;YAEpE,iDAAiD;YACjD,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrF,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBACjD,IAAI,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBACrC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAChC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAC9B,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtE,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAClB,IAAA,uDAAiC,EAC/B,iBAAiB,EACjB,8EAA8E,EAC9E,oGAAoG,EACpG,KAAK,GAAG,CAAC,EACT,sKAAsK,EACtK,6GAA6G,EAC7G;oBACE,gDAAgD;oBAChD,6CAA6C;oBAC7C,sDAAsD;oBACtD,2BAA2B;oBAC3B,4CAA4C;iBAC7C,EACD,mDAAmD,EACnD,6IAA6I,EAC7I,qKAAqK,CACtK,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACtC,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,uBAAuB;YACpD,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAErC,sBAAsB;YACtB,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrF,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBACjD,IAAI,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBACrC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;oBACrC,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAClB,IAAA,uDAAiC,EAC/B,iBAAiB,EACjB,0FAA0F,EAC1F,uEAAuE,EACvE,KAAK,GAAG,CAAC,EACT,4HAA4H,EAC5H,mEAAmE,EACnE;oBACE,2DAA2D;oBAC3D,uBAAuB;oBACvB,2BAA2B;oBAC3B,gCAAgC;iBACjC,EACD,2BAA2B,EAC3B,kIAAkI,EAClI,iHAAiH,CAClH,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Python Logging Failures Security Checks
3
+ * OWASP A09:2025 - Security Logging and Monitoring Failures
4
+ *
5
+ * Detects insufficient logging of security events and logging of sensitive data.
6
+ * Updated for OWASP 2025 with enhanced monitoring requirements.
7
+ */
8
+ import { SecurityVulnerability } from '../../types';
9
+ /**
10
+ * Checks for logging security vulnerabilities in Python code
11
+ *
12
+ * Covers:
13
+ * - Check #1: Missing security event logging (MEDIUM)
14
+ * - Check #2: Logging sensitive data (HIGH)
15
+ *
16
+ * @param lines - Array of code lines
17
+ * @returns Array of security vulnerabilities found
18
+ */
19
+ export declare function checkLoggingFailures(lines: string[]): SecurityVulnerability[];
20
+ //# sourceMappingURL=logging-failures.d.ts.map
package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"logging-failures.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/python/security-checks/logging-failures.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,EAAE,CA0IzB"}
package/dist/src/lib/analyzers/python/security-checks/logging-failures.js ADDED
@@ -0,0 +1,121 @@
1
+ "use strict";
2
+ /**
3
+ * Python Logging Failures Security Checks
4
+ * OWASP A09:2025 - Security Logging and Monitoring Failures
5
+ *
6
+ * Detects insufficient logging of security events and logging of sensitive data.
7
+ * Updated for OWASP 2025 with enhanced monitoring requirements.
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.checkLoggingFailures = checkLoggingFailures;
11
+ const createVulnerability_1 = require("../utils/createVulnerability");
12
+ /**
13
+ * Checks for logging security vulnerabilities in Python code
14
+ *
15
+ * Covers:
16
+ * - Check #1: Missing security event logging (MEDIUM)
17
+ * - Check #2: Logging sensitive data (HIGH)
18
+ *
19
+ * @param lines - Array of code lines
20
+ * @returns Array of security vulnerabilities found
21
+ */
22
+ function checkLoggingFailures(lines) {
23
+ const vulnerabilities = [];
24
+ let inMultiLineComment = false;
25
+ lines.forEach((line, index) => {
26
+ const trimmedLine = line.trim();
27
+ // CRITICAL: Track Python triple-quote comment blocks (""" ... """ or ''' ... ''')
28
+ const hasTripleQuote = trimmedLine.includes('"""') || trimmedLine.includes("'''");
29
+ if (hasTripleQuote) {
30
+ if (!inMultiLineComment) {
31
+ // Start of multi-line comment
32
+ inMultiLineComment = true;
33
+ // Check if it closes on the same line (single-line docstring)
34
+ const tripleQuoteCount = (trimmedLine.match(/"""/g) || []).length + (trimmedLine.match(/'''/g) || []).length;
35
+ if (tripleQuoteCount >= 2) {
36
+ // Opens and closes on same line, reset flag
37
+ inMultiLineComment = false;
38
+ }
39
+ return; // Skip this line
40
+ }
41
+ else {
42
+ // End of multi-line comment
43
+ inMultiLineComment = false;
44
+ return; // Skip this line
45
+ }
46
+ }
47
+ // CRITICAL: Skip all lines inside multi-line comments and single-line comments
48
+ if (!trimmedLine ||
49
+ inMultiLineComment ||
50
+ trimmedLine.startsWith('#')) {
51
+ return;
52
+ }
53
+ const lowerLine = trimmedLine.toLowerCase();
54
+ // Check #1: Missing security event logging
55
+ // Detect security failures without logging
56
+ const isSecurityFailure = (lowerLine.includes('return') || lowerLine.includes('abort(')) &&
57
+ (lowerLine.includes('401') || lowerLine.includes('403') ||
58
+ lowerLine.includes('"access denied"') || lowerLine.includes("'access denied'") ||
59
+ lowerLine.includes('"unauthorized"') || lowerLine.includes("'unauthorized'") ||
60
+ lowerLine.includes('"invalid credentials"') || lowerLine.includes("'invalid credentials'"));
61
+ if (isSecurityFailure) {
62
+ // Check if logging exists in nearby lines (within 5 lines before)
63
+ let hasLogging = false;
64
+ for (let i = Math.max(0, index - 5); i < index; i++) {
65
+ const prevLine = lines[i].trim().toLowerCase();
66
+ if (prevLine.includes('logger.') ||
67
+ prevLine.includes('logging.') ||
68
+ prevLine.includes('log.')) {
69
+ hasLogging = true;
70
+ break;
71
+ }
72
+ }
73
+ if (!hasLogging) {
74
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('missing-security-logging', 'Security event not logged - authentication/authorization failures should be logged for security monitoring', 'Add logging statement (logger.warning, logger.error) before security failures to track attack attempts', index + 1, 'Without logging security events, attackers can perform reconnaissance, brute-force attacks, and privilege escalation attempts undetected, making incident response and forensics impossible', 'if not user.check_password(password):\n return "Invalid credentials", 401 # No logging!', [
75
+ 'Undetected brute-force and credential stuffing attacks',
76
+ 'No audit trail for security incidents',
77
+ 'Impossible forensics after breach',
78
+ 'Compliance violations (PCI-DSS, HIPAA, SOC2)',
79
+ 'Delayed incident detection and response'
80
+ ], 'if not authenticate(username, password):\n return "Invalid credentials", 401', 'if not authenticate(username, password):\n logger.warning(f"Failed login attempt for {username} from {request.remote_addr}")\n return "Invalid credentials", 401', 'Always log security events: failed logins, authorization failures, access denials. Include username, IP address, and timestamp. Use centralized logging for monitoring.'));
81
+ }
82
+ }
83
+ // Check #2: Logging sensitive data
84
+ // Detect logging of sensitive data
85
+ const hasLogging = lowerLine.includes('logger.') ||
86
+ lowerLine.includes('logging.') ||
87
+ lowerLine.includes('log.');
88
+ if (hasLogging) {
89
+ const sensitivePatterns = [
90
+ 'password',
91
+ 'token',
92
+ 'secret',
93
+ 'api_key',
94
+ 'apikey',
95
+ 'credit_card',
96
+ 'creditcard',
97
+ 'ssn',
98
+ 'private_key',
99
+ 'privatekey',
100
+ 'session_id',
101
+ 'sessionid',
102
+ 'auth_token',
103
+ 'bearer'
104
+ ];
105
+ for (const pattern of sensitivePatterns) {
106
+ if (lowerLine.includes(pattern) && !lowerLine.includes('username')) {
107
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('sensitive-data-logging', 'Sensitive data logged in plaintext - exposes credentials and secrets in log files', 'Never log passwords, tokens, API keys, or other sensitive data. Log only non-sensitive identifiers', index + 1, 'Sensitive data in logs can be exposed through log aggregation systems, backup files, or compromised logging servers, leading to credential theft and unauthorized access', 'logger.info(f"User logged in with password: {password}") # Password exposed in logs!', [
108
+ 'Credential exposure through log files',
109
+ 'API key/token theft from logging systems',
110
+ 'Compliance violations (PCI-DSS, GDPR)',
111
+ 'Secrets leaked through log aggregation tools',
112
+ 'Long-term exposure in log archives'
113
+ ], 'logger.debug(f"Login attempt with password: {password}")', 'logger.info(f"Login attempt for user: {username}") # Only log username, not password', 'Never log passwords, tokens, API keys, credit cards, or other secrets. Log only non-sensitive identifiers like username, user ID, or transaction ID. Sanitize logs before storage.'));
114
+ break; // Only report once per line
115
+ }
116
+ }
117
+ }
118
+ });
119
+ return vulnerabilities;
120
+ }
121
+ //# sourceMappingURL=logging-failures.js.map
package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"logging-failures.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/python/security-checks/logging-failures.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAeH,oDA4IC;AAxJD,sEAAiF;AAEjF;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAClC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,kFAAkF;QAClF,MAAM,cAAc,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAElF,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,8BAA8B;gBAC9B,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,8DAA8D;gBAC9D,MAAM,gBAAgB,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBAC7G,IAAI,gBAAgB,IAAI,CAAC,EAAE,CAAC;oBAC1B,4CAA4C;oBAC5C,kBAAkB,GAAG,KAAK,CAAC;gBAC7B,CAAC;gBACD,OAAO,CAAC,iBAAiB;YAC3B,CAAC;iBAAM,CAAC;gBACN,4BAA4B;gBAC5B,kBAAkB,GAAG,KAAK,CAAC;gBAC3B,OAAO,CAAC,iBAAiB;YAC3B,CAAC;QACH,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,2CAA2C;QAE3C,2CAA2C;QAC3C,MAAM,iBAAiB,GACrB,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACtD,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC9E,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5E,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAE/F,IAAI,iBAAiB,EAAE,CAAC;YACtB,kEAAkE;YAClE,IAAI,UAAU,GAAG,KAAK,CAAC;YACvB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBAC/C,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAC5B,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAC7B,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC9B,UAAU,GAAG,IAAI,CAAC;oBAClB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,eAAe,CAAC,IAAI,CAClB,IAAA,uDAAiC,EAC/B,0BAA0B,EAC1B,4GAA4G,EAC5G,wGAAwG,EACxG,KAAK,GAAG,CAAC,EACT,6LAA6L,EAC7L,6FAA6F,EAC7F;oBACE,wDAAwD;oBACxD,uCAAuC;oBACvC,mCAAmC;oBACnC,8CAA8C;oBAC9C,yCAAyC;iBAC1C,EACD,iFAAiF,EACjF,wKAAwK,EACxK,yKAAyK,CAC1K,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mCAAmC;QAEnC,mCAAmC;QACnC,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC7B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,iBAAiB,GAAG;gBACxB,UAAU;gBACV,OAAO;gBACP,QAAQ;gBACR,SAAS;gBACT,QAAQ;gBACR,aAAa;gBACb,YAAY;gBACZ,KAAK;gBACL,aAAa;gBACb,YAAY;gBACZ,YAAY;gBACZ,WAAW;gBACX,YAAY;gBACZ,QAAQ;aACT,CAAC;YAEF,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACnE,eAAe,CAAC,IAAI,CAClB,IAAA,uDAAiC,EAC/B,wBAAwB,EACxB,mFAAmF,EACnF,oGAAoG,EACpG,KAAK,GAAG,CAAC,EACT,0KAA0K,EAC1K,uFAAuF,EACvF;wBACE,uCAAuC;wBACvC,0CAA0C;wBAC1C,uCAAuC;wBACvC,8CAA8C;wBAC9C,oCAAoC;qBACrC,EACD,0DAA0D,EAC1D,uFAAuF,EACvF,oLAAoL,CACrL,CACF,CAAC;oBACF,MAAM,CAAC,4BAA4B;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts ADDED
@@ -0,0 +1,26 @@
1
+ /**
2
+ * Python NoSQL Injection Security Checks
3
+ * OWASP A03:2021 - Injection (CWE-943)
4
+ *
5
+ * Detects NoSQL injection vulnerabilities in Python code, particularly
6
+ * with MongoDB, Cassandra, Redis, and other NoSQL databases.
7
+ *
8
+ * Created: 2025-12-18 (Phase 0 - Priority 0 Critical Gap)
9
+ */
10
+ import { SecurityVulnerability } from '../../types';
11
+ /**
12
+ * Checks for NoSQL injection vulnerabilities in Python code
13
+ *
14
+ * Covers:
15
+ * - Check #35: MongoDB operator injection (CRITICAL)
16
+ * - Check #36: MongoDB direct JSON payload (CRITICAL)
17
+ * - Check #37: Cassandra CQL string interpolation (CRITICAL)
18
+ * - Check #38: Redis command injection (HIGH)
19
+ * - Check #39: MongoDB $where JavaScript injection (CRITICAL)
20
+ *
21
+ * @param lines - Array of code lines
22
+ * @param userInputVariables - Map of variable names assigned from user input
23
+ * @returns Array of security vulnerabilities found
24
+ */
25
+ export declare function checkNoSQLInjection(lines: string[], userInputVariables: Map<string, number>): SecurityVulnerability[];
26
+ //# sourceMappingURL=nosql-injection.d.ts.map
package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"nosql-injection.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/python/security-checks/nosql-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,EACf,kBAAkB,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACtC,qBAAqB,EAAE,CAmTzB"}
package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js ADDED
@@ -0,0 +1,248 @@
1
+ "use strict";
2
+ /**
3
+ * Python NoSQL Injection Security Checks
4
+ * OWASP A03:2021 - Injection (CWE-943)
5
+ *
6
+ * Detects NoSQL injection vulnerabilities in Python code, particularly
7
+ * with MongoDB, Cassandra, Redis, and other NoSQL databases.
8
+ *
9
+ * Created: 2025-12-18 (Phase 0 - Priority 0 Critical Gap)
10
+ */
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.checkNoSQLInjection = checkNoSQLInjection;
13
+ const createVulnerability_1 = require("../utils/createVulnerability");
14
+ /**
15
+ * Checks for NoSQL injection vulnerabilities in Python code
16
+ *
17
+ * Covers:
18
+ * - Check #35: MongoDB operator injection (CRITICAL)
19
+ * - Check #36: MongoDB direct JSON payload (CRITICAL)
20
+ * - Check #37: Cassandra CQL string interpolation (CRITICAL)
21
+ * - Check #38: Redis command injection (HIGH)
22
+ * - Check #39: MongoDB $where JavaScript injection (CRITICAL)
23
+ *
24
+ * @param lines - Array of code lines
25
+ * @param userInputVariables - Map of variable names assigned from user input
26
+ * @returns Array of security vulnerabilities found
27
+ */
28
+ function checkNoSQLInjection(lines, userInputVariables) {
29
+ const vulnerabilities = [];
30
+ let inMultiLineComment = false;
31
+ // Track MongoDB/NoSQL query variables that use dict-based queries
32
+ const noSqlQueryVariables = new Map(); // variable name -> line number
33
+ // Track CQL query variables with string interpolation
34
+ const cqlInterpolatedVariables = new Map(); // variable name -> line number
35
+ // Track Redis client variables (e.g., r = redis.Redis(), client = redis.StrictRedis())
36
+ const redisClientVariables = new Set(); // variable names
37
+ lines.forEach((line, index) => {
38
+ const lineNumber = index + 1;
39
+ const trimmed = line.trim();
40
+ // CRITICAL: Track Python triple-quote comment blocks (""" ... """ or ''' ... ''')
41
+ const hasTripleQuote = trimmed.includes('"""') || trimmed.includes("'''");
42
+ if (hasTripleQuote) {
43
+ if (!inMultiLineComment) {
44
+ inMultiLineComment = true;
45
+ const tripleQuoteCount = (trimmed.match(/"""/g) || []).length + (trimmed.match(/'''/g) || []).length;
46
+ if (tripleQuoteCount >= 2) {
47
+ inMultiLineComment = false;
48
+ }
49
+ return;
50
+ }
51
+ else {
52
+ inMultiLineComment = false;
53
+ return;
54
+ }
55
+ }
56
+ // CRITICAL: Skip all lines inside multi-line comments and single-line comments
57
+ if (!trimmed || inMultiLineComment || trimmed.startsWith('#')) {
58
+ return;
59
+ }
60
+ // =============================================================================
61
+ // CHECK #35: MongoDB Operator Injection (CRITICAL)
62
+ // =============================================================================
63
+ // Pattern: collection.find(query) where query contains user input that could be dict
64
+ // ENHANCED: Also handle multi-line calls like update_one(\n filter,\n update_data\n)
65
+ // Detect MongoDB query methods: find(), find_one(), update(), delete(), etc.
66
+ const mongoMethodMatch = trimmed.match(/\.(find|find_one|update|update_one|update_many|replace_one|delete|delete_one|delete_many|insert_one|insert_many|find_one_and_update|find_one_and_replace|count|aggregate)\s*\((.*)$/);
67
+ if (mongoMethodMatch) {
68
+ const methodName = mongoMethodMatch[1];
69
+ let allArgs = mongoMethodMatch[2].trim();
70
+ // ENHANCED: Handle multi-line calls (Test 3.3 fix)
71
+ // If the line doesn't end with ), check next few lines for arguments
72
+ if (!allArgs.includes(')')) {
73
+ const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
74
+ for (const nextLine of nextLines) {
75
+ allArgs += ' ' + nextLine.trim();
76
+ if (nextLine.includes(')')) {
77
+ break;
78
+ }
79
+ }
80
+ }
81
+ // Remove trailing ) if present
82
+ allArgs = allArgs.replace(/\).*$/, '').trim();
83
+ // For update_one/update_many/replace_one: check SECOND argument (update document)
84
+ // For insert_one/insert_many: check FIRST argument (document to insert)
85
+ // For find/delete: check FIRST argument (query document)
86
+ const args = allArgs.split(',').map(arg => arg.trim());
87
+ let argToCheck;
88
+ if (methodName.match(/update|replace/)) {
89
+ // Update/replace operations: check second argument (update document)
90
+ argToCheck = args.length > 1 ? args[1] : '';
91
+ }
92
+ else if (methodName.match(/insert/)) {
93
+ // Insert operations: check first argument (document to insert)
94
+ argToCheck = args[0] || '';
95
+ }
96
+ else {
97
+ // Read/delete operations: check first argument (query)
98
+ argToCheck = args[0] || '';
99
+ }
100
+ const queryArg = argToCheck || allArgs;
101
+ // Check if query argument is a user input variable
102
+ if (queryArg && userInputVariables.has(queryArg)) {
103
+ const userInputLine = userInputVariables.get(queryArg);
104
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('nosql-injection', `MongoDB ${methodName}() with user input variable '${queryArg}' (line ${userInputLine}) - operator injection risk`, 'Validate input structure, ensure only expected fields, reject $ operators', lineNumber, `MongoDB query methods accept dict-like objects. If user input contains MongoDB operators like {"$gt": ""}, {"$ne": null}, or {"$or": [...]}, attackers can bypass authentication or access unauthorized data. Variable '${queryArg}' was assigned from user input on line ${userInputLine}.`, `# Line ${userInputLine}:\ncredentials = request.json() # {"username": {"$ne": null}, "password": {"$ne": null}}\n# Line ${lineNumber}:\nuser = db.users.${methodName}(credentials) # Bypasses authentication!`, [
105
+ 'Authentication bypass (login without credentials)',
106
+ 'Unauthorized data access (read all records)',
107
+ 'Data exfiltration via operator injection',
108
+ 'Privilege escalation (access admin accounts)',
109
+ 'Database enumeration'
110
+ ], `user_query = request.json()\nresult = collection.${methodName}(user_query) # Vulnerable to operator injection`, `# Validate input structure and sanitize\nuser_query = request.json()\n\n# Only allow expected fields, reject operators\nallowed_fields = ["username", "email"]\nquery = {k: v for k, v in user_query.items() if k in allowed_fields and not k.startswith("$")}\n\n# Ensure values are strings, not dicts\nfor key, value in query.items():\n if isinstance(value, dict):\n raise ValueError(f"Invalid query structure for field {key}")\n\nresult = collection.${methodName}(query)`, 'Validate input structure: only allow expected fields, reject keys starting with $, ensure values are primitives (not dicts). Use schema validation libraries like pydantic or marshmallow.'));
111
+ }
112
+ // Check for direct request.json() or request.get_json() in query (check all args)
113
+ if (allArgs.includes('request.json') || allArgs.includes('request.get_json')) {
114
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('nosql-injection', `MongoDB ${methodName}() with direct request.json() - operator injection risk`, 'Validate input structure before using in queries', lineNumber, 'Passing request.json() directly to MongoDB query methods allows attackers to inject MongoDB operators like $gt, $ne, $or, bypassing authentication and accessing unauthorized data.', `user = db.users.${methodName}(request.json()) # {"username": {"$ne": null}} bypasses auth`, [
115
+ 'Authentication bypass',
116
+ 'Unauthorized data access',
117
+ 'Data exfiltration',
118
+ 'Privilege escalation',
119
+ 'Complete database compromise'
120
+ ], `result = collection.${methodName}(request.json())`, `# Validate input structure\nfrom pydantic import BaseModel\n\nclass UserQuery(BaseModel):\n username: str # Only string, not dict\n email: str\n\nuser_data = UserQuery(**request.json()) # Validates structure\nresult = collection.${methodName}(user_data.dict())`, 'Use schema validation (pydantic, marshmallow) to ensure query structure. Never pass request.json() directly to query methods.'));
121
+ }
122
+ // Track query variables for data flow analysis
123
+ if (queryArg && !queryArg.includes('(')) {
124
+ noSqlQueryVariables.set(queryArg, lineNumber);
125
+ }
126
+ }
127
+ // =============================================================================
128
+ // CHECK #36: MongoDB dict-based query construction with user input
129
+ // =============================================================================
130
+ // Pattern: query = {"field": user_input} where user_input could be dict
131
+ const dictQueryMatch = trimmed.match(/^(\w+)\s*=\s*\{[^}]*(\w+)[^}]*\}/);
132
+ if (dictQueryMatch) {
133
+ const queryVarName = dictQueryMatch[1];
134
+ const potentialUserInput = dictQueryMatch[2];
135
+ // Check if the value in the dict is a user input variable
136
+ if (userInputVariables.has(potentialUserInput)) {
137
+ noSqlQueryVariables.set(queryVarName, lineNumber);
138
+ }
139
+ }
140
+ // =============================================================================
141
+ // TRACK: Redis Client Variables
142
+ // =============================================================================
143
+ // Track variables assigned from redis.Redis(), redis.StrictRedis(), etc.
144
+ // Pattern: r = redis.Redis(), client = redis.StrictRedis()
145
+ const redisClientMatch = trimmed.match(/^(\w+)\s*=\s*redis\.(Redis|StrictRedis|Sentinel)/);
146
+ if (redisClientMatch) {
147
+ const varName = redisClientMatch[1];
148
+ redisClientVariables.add(varName);
149
+ }
150
+ // =============================================================================
151
+ // TRACK: CQL Query Variables with String Interpolation
152
+ // =============================================================================
153
+ // Track variables assigned with string interpolation (f-strings, .format(), %, +)
154
+ // Pattern: cql = f"SELECT ...", query = "...".format(), query = "..." % var
155
+ const cqlVarMatch = trimmed.match(/^(\w+)\s*=\s*(.+)/);
156
+ if (cqlVarMatch) {
157
+ const varName = cqlVarMatch[1];
158
+ const varValue = cqlVarMatch[2];
159
+ // Check if value contains string interpolation
160
+ const hasInterpolation = varValue.includes('f"') || varValue.includes("f'") ||
161
+ varValue.includes('.format(') ||
162
+ varValue.includes('%s') || varValue.includes('% ') ||
163
+ (varValue.includes('+') && (varValue.includes('"') || varValue.includes("'")));
164
+ if (hasInterpolation && (varValue.includes('SELECT') || varValue.includes('INSERT') || varValue.includes('UPDATE') || varValue.includes('DELETE'))) {
165
+ // This looks like a CQL query with interpolation
166
+ cqlInterpolatedVariables.set(varName, lineNumber);
167
+ }
168
+ }
169
+ // =============================================================================
170
+ // CHECK #37: Cassandra CQL String Interpolation (CRITICAL)
171
+ // =============================================================================
172
+ // Pattern: session.execute() with f-strings, .format(), or % in CQL (inline or variable)
173
+ if (trimmed.includes('session.execute(') || trimmed.includes('execute_async(')) {
174
+ const executeMatch = trimmed.match(/session\.execute(?:_async)?\s*\(([^)]+)\)/);
175
+ let hasVulnerability = false;
176
+ let vulnSource = '';
177
+ // Check 1: Inline string interpolation on same line
178
+ if (trimmed.includes('f"') || trimmed.includes("f'") ||
179
+ trimmed.includes('.format(') ||
180
+ trimmed.includes('%s') ||
181
+ trimmed.includes('+')) {
182
+ hasVulnerability = true;
183
+ vulnSource = 'inline';
184
+ }
185
+ // Check 2: Variable with tracked string interpolation
186
+ if (executeMatch) {
187
+ const executeArg = executeMatch[1].trim();
188
+ if (cqlInterpolatedVariables.has(executeArg)) {
189
+ hasVulnerability = true;
190
+ const interpolatedLine = cqlInterpolatedVariables.get(executeArg);
191
+ vulnSource = `variable '${executeArg}' (constructed with interpolation on line ${interpolatedLine})`;
192
+ }
193
+ }
194
+ if (hasVulnerability) {
195
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('nosql-injection', `Cassandra CQL injection via string interpolation ${vulnSource ? '(' + vulnSource + ')' : ''}`, 'Use session.prepare() with bound parameters', lineNumber, 'String interpolation in Cassandra CQL queries (using f-strings, .format(), % operators, or +) allows attackers to inject malicious CQL code, similar to SQL injection.', 'session.execute(f"SELECT * FROM users WHERE id = \'{user_id}\' ALLOW FILTERING") where user_id = "\' OR 1=1--"', [
196
+ 'Unauthorized data access',
197
+ 'CQL injection attacks',
198
+ 'Data exfiltration',
199
+ 'Authentication bypass',
200
+ 'Database enumeration'
201
+ ], 'cql = f"SELECT * FROM users WHERE id = \'{user_id}\' ALLOW FILTERING"\nsession.execute(cql)', 'from cassandra.cluster import Cluster\ncluster = Cluster()\nsession = cluster.connect("keyspace")\n\n# Use prepared statements\nprepared = session.prepare("SELECT * FROM users WHERE id = ?")\nsession.execute(prepared, (user_id,)) # Parameterized, safe', 'Always use session.prepare() with parameterized queries. Never use string interpolation (f-strings, .format(), %) in CQL queries.'));
202
+ }
203
+ }
204
+ // =============================================================================
205
+ // CHECK #38: Redis Command Injection (HIGH)
206
+ // =============================================================================
207
+ // Pattern: redis.get/set/delete with user-controlled keys or values
208
+ // Matches: redis.get(), r.get(), client.get(), etc. (only tracked Redis clients)
209
+ const redisMethodMatch = trimmed.match(/(\w+)\.(get|set|delete|hget|hset|lpush|rpush|sadd|zadd|incr|decr|append)\s*\(/);
210
+ if (redisMethodMatch) {
211
+ const clientVarName = redisMethodMatch[1];
212
+ // Only check if this is a tracked Redis client
213
+ if (redisClientVariables.has(clientVarName) || clientVarName === 'redis') {
214
+ // Check for user input in Redis commands
215
+ const hasUserInput = Array.from(userInputVariables.keys()).some(varName => trimmed.includes(varName));
216
+ if (hasUserInput) {
217
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('redis-injection', 'Redis command injection with user-controlled key or value', 'Validate and sanitize input, use allowlist for keys', lineNumber, 'Using user input directly in Redis keys or values can lead to key injection attacks, where attackers can access or modify unintended keys, enumerate the keyspace, or cause denial of service.', 'redis.get(user_key) # user_key = "*" (returns all keys), or "\nFLUSHDB\n" (deletes database)', [
218
+ 'Unauthorized data access (read arbitrary keys)',
219
+ 'Data manipulation (modify unintended keys)',
220
+ 'Key enumeration (discover sensitive keys)',
221
+ 'Denial of Service (FLUSHDB, FLUSHALL)',
222
+ 'Cache poisoning'
223
+ ], 'import redis\nr = redis.Redis()\nuser_key = request.args.get("key")\nvalue = r.get(user_key) # Vulnerable', 'import redis\nimport re\n\nr = redis.Redis()\nuser_key = request.args.get("key")\n\n# Validate key format (only alphanumeric + underscore)\nif not re.match(r\'^[a-zA-Z0-9_]+$\', user_key):\n raise ValueError("Invalid key format")\n\n# Prefix user keys to namespace them\nnamespaced_key = f"user:{user_key}"\nvalue = r.get(namespaced_key) # Safe', 'Validate Redis keys with strict allowlists or regex patterns. Namespace user-controlled keys with prefixes. Never allow special characters or newlines in keys.'));
224
+ }
225
+ }
226
+ }
227
+ // =============================================================================
228
+ // CHECK #39: MongoDB $where JavaScript Injection (CRITICAL)
229
+ // =============================================================================
230
+ // Pattern: collection.find({"$where": ...}) with string interpolation
231
+ if (trimmed.includes('$where') || trimmed.includes('"$where"') || trimmed.includes("'$where'")) {
232
+ // Check for string interpolation in $where clause
233
+ if (trimmed.includes('f"') || trimmed.includes("f'") ||
234
+ trimmed.includes('.format(') ||
235
+ trimmed.includes('+')) {
236
+ vulnerabilities.push((0, createVulnerability_1.createPythonSecurityVulnerability)('nosql-injection', 'MongoDB $where clause with JavaScript injection risk', 'Avoid $where entirely, use native MongoDB operators instead', lineNumber, 'MongoDB $where operator executes JavaScript on the server. If user input is interpolated into $where clauses, attackers can inject arbitrary JavaScript code, leading to code execution, data exfiltration, or DoS.', 'collection.find({"$where": f"this.username == \'{username}\'"}) # username = "\'; db.dropDatabase(); \'"', [
237
+ 'Remote Code Execution (JavaScript in MongoDB)',
238
+ 'Database compromise',
239
+ 'Data exfiltration',
240
+ 'Denial of Service (infinite loops)',
241
+ 'Complete server takeover'
242
+ ], 'query = {"$where": f"this.age > {min_age}"}\nresult = collection.find(query)', '# NEVER use $where - use native MongoDB operators instead\nquery = {"age": {"$gt": min_age}} # Native operator, safe\nresult = collection.find(query)', 'Never use MongoDB $where operator with user input. Use native MongoDB operators ($gt, $lt, $eq, etc.) which do not execute code. If $where is absolutely necessary, use prepared statements with proper escaping (but native operators are always preferred).'));
243
+ }
244
+ }
245
+ });
246
+ return vulnerabilities;
247
+ }
248
+ //# sourceMappingURL=nosql-injection.js.map
package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"nosql-injection.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/python/security-checks/nosql-injection.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAmBH,kDAsTC;AAtUD,sEAAiF;AAEjF;;;;;;;;;;;;;GAaG;AACH,SAAgB,mBAAmB,CACjC,KAAe,EACf,kBAAuC;IAEvC,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,kEAAkE;IAClE,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,+BAA+B;IAEtF,sDAAsD;IACtD,MAAM,wBAAwB,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,+BAA+B;IAE3F,uFAAuF;IACvF,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,iBAAiB;IAEjE,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,kFAAkF;QAClF,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE1E,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,MAAM,gBAAgB,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBACrG,IAAI,gBAAgB,IAAI,CAAC,EAAE,CAAC;oBAC1B,kBAAkB,GAAG,KAAK,CAAC;gBAC7B,CAAC;gBACD,OAAO;YACT,CAAC;iBAAM,CAAC;gBACN,kBAAkB,GAAG,KAAK,CAAC;gBAC3B,OAAO;YACT,CAAC;QACH,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,gFAAgF;QAChF,mDAAmD;QACnD,gFAAgF;QAChF,qFAAqF;QACrF,uFAAuF;QAEvF,6EAA6E;QAC7E,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,qLAAqL,CAAC,CAAC;QAE9N,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;YACvC,IAAI,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEzC,mDAAmD;YACnD,qEAAqE;YACrE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC7E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACjC,OAAO,IAAI,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACjC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC3B,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAE9C,kFAAkF;YAClF,wEAAwE;YACxE,yDAAyD;YACzD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAEvD,IAAI,UAAkB,CAAC;YACvB,IAAI,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACvC,qEAAqE;gBACrE,UAAU,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9C,CAAC;iBAAM,IAAI,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtC,+DAA+D;gBAC/D,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,uDAAuD;gBACvD,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,CAAC;YAED,MAAM,QAAQ,GAAG,UAAU,IAAI,OAAO,CAAC;YAEvC,mDAAmD;YACnD,IAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjD,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;gBACxD,eAAe,CAAC,IAAI,CAAC,IAAA,uDAAiC,EACpD,iBAAiB,EACjB,WAAW,UAAU,gCAAgC,QAAQ,WAAW,aAAa,6BAA6B,EAClH,2EAA2E,EAC3E,UAAU,EACV,2NAA2N,QAAQ,0CAA0C,aAAa,GAAG,EAC7R,UAAU,aAAa,qGAAqG,UAAU,sBAAsB,UAAU,2CAA2C,EACjN;oBACE,mDAAmD;oBACnD,6CAA6C;oBAC7C,0CAA0C;oBAC1C,8CAA8C;oBAC9C,sBAAsB;iBACvB,EACD,oDAAoD,UAAU,kDAAkD,EAChH,4cAA4c,UAAU,SAAS,EAC/d,4LAA4L,CAC7L,CAAC,CAAC;YACL,CAAC;YAED,kFAAkF;YAClF,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC7E,eAAe,CAAC,IAAI,CAAC,IAAA,uDAAiC,EACpD,iBAAiB,EACjB,WAAW,UAAU,yDAAyD,EAC9E,kDAAkD,EAClD,UAAU,EACV,qLAAqL,EACrL,mBAAmB,UAAU,+DAA+D,EAC5F;oBACE,uBAAuB;oBACvB,0BAA0B;oBAC1B,mBAAmB;oBACnB,sBAAsB;oBACtB,8BAA8B;iBAC/B,EACD,uBAAuB,UAAU,kBAAkB,EACnD,gPAAgP,UAAU,oBAAoB,EAC9Q,+HAA+H,CAChI,CAAC,CAAC;YACL,CAAC;YAED,+CAA+C;YAC/C,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxC,mBAAmB,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,mEAAmE;QACnE,gFAAgF;QAChF,wEAAwE;QACxE,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACzE,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACvC,MAAM,kBAAkB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YAE7C,0DAA0D;YAC1D,IAAI,kBAAkB,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC/C,mBAAmB,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,gCAAgC;QAChC,gFAAgF;QAChF,yEAAyE;QACzE,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAC3F,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;YACpC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;QAED,gFAAgF;QAChF,uDAAuD;QACvD,gFAAgF;QAChF,kFAAkF;QAClF,4EAA4E;QAC5E,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvD,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YAEhC,+CAA+C;YAC/C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAClD,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC7B,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAClD,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAExG,IAAI,gBAAgB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;gBACnJ,iDAAiD;gBACjD,wBAAwB,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,2DAA2D;QAC3D,gFAAgF;QAChF,yFAAyF;QACzF,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC/E,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAChF,IAAI,gBAAgB,GAAG,KAAK,CAAC;YAC7B,IAAI,UAAU,GAAG,EAAE,CAAC;YAEpB,oDAAoD;YACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAChD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC5B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,gBAAgB,GAAG,IAAI,CAAC;gBACxB,UAAU,GAAG,QAAQ,CAAC;YACxB,CAAC;YAED,sDAAsD;YACtD,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1C,IAAI,wBAAwB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7C,gBAAgB,GAAG,IAAI,CAAC;oBACxB,MAAM,gBAAgB,GAAG,wBAAwB,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC;oBACnE,UAAU,GAAG,aAAa,UAAU,6CAA6C,gBAAgB,GAAG,CAAC;gBACvG,CAAC;YACH,CAAC;YAED,IAAI,gBAAgB,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC,IAAA,uDAAiC,EACpD,iBAAiB,EACjB,oDAAoD,UAAU,CAAC,CAAC,CAAC,GAAG,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAC9F,6CAA6C,EAC7C,UAAU,EACV,wKAAwK,EACxK,gHAAgH,EAChH;oBACE,0BAA0B;oBAC1B,uBAAuB;oBACvB,mBAAmB;oBACnB,uBAAuB;oBACvB,sBAAsB;iBACvB,EACD,6FAA6F,EAC7F,8PAA8P,EAC9P,mIAAmI,CACpI,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,4CAA4C;QAC5C,gFAAgF;QAChF,oEAAoE;QACpE,iFAAiF;QACjF,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,+EAA+E,CAAC,CAAC;QACxH,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAE1C,+CAA+C;YAC/C,IAAI,oBAAoB,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,aAAa,KAAK,OAAO,EAAE,CAAC;gBACzE,yCAAyC;gBACzC,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACxE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC1B,CAAC;gBAEF,IAAI,YAAY,EAAE,CAAC;oBACnB,eAAe,CAAC,IAAI,CAAC,IAAA,uDAAiC,EACpD,iBAAiB,EACjB,2DAA2D,EAC3D,qDAAqD,EACrD,UAAU,EACV,gMAAgM,EAChM,+FAA+F,EAC/F;wBACE,gDAAgD;wBAChD,4CAA4C;wBAC5C,2CAA2C;wBAC3C,uCAAuC;wBACvC,iBAAiB;qBAClB,EACD,4GAA4G,EAC5G,8VAA8V,EAC9V,iKAAiK,CAClK,CAAC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,4DAA4D;QAC5D,gFAAgF;QAChF,sEAAsE;QACtE,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/F,kDAAkD;YAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAChD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC5B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAE1B,eAAe,CAAC,IAAI,CAAC,IAAA,uDAAiC,EACpD,iBAAiB,EACjB,sDAAsD,EACtD,6DAA6D,EAC7D,UAAU,EACV,qNAAqN,EACrN,2GAA2G,EAC3G;oBACE,+CAA+C;oBAC/C,qBAAqB;oBACrB,mBAAmB;oBACnB,oCAAoC;oBACpC,0BAA0B;iBAC3B,EACD,8EAA8E,EAC9E,wJAAwJ,EACxJ,+PAA+P,CAChQ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}