npm - codeslick-cli - Versions diffs - 1.0.0 - Mend

codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/dist/src/lib/analyzers/secrets/validators/context-checker.js ADDED Viewed

@@ -0,0 +1,199 @@
+"use strict";
+/**
+ * Context Checker
+ *
+ * Reduces false positives by analyzing code context.
+ * Identifies safe patterns like:
+ * - Test files
+ * - Example code
+ * - Documentation
+ * - Placeholder values
+ * - Environment variable references
+ *
+ * Created: Phase 1.5, Week 1
+ * Date: January 7, 2026
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPlaceholder = isPlaceholder;
+exports.isSafeContext = isSafeContext;
+exports.isSafeFile = isSafeFile;
+exports.isLikelyFalsePositive = isLikelyFalsePositive;
+exports.calculateContextConfidence = calculateContextConfidence;
+/**
+ * Common placeholder values that are NOT real secrets
+ */
+const PLACEHOLDER_VALUES = [
+    'your_api_key_here',
+    'your_api_key',
+    'your-api-key',
+    'your_secret_key',
+    'your-secret',
+    'example_key',
+    'test_key',
+    'fake_key',
+    'dummy_key',
+    'sample_key',
+    'replace_me',
+    'change_me',
+    'todo',
+    'xxx',
+    'yyy',
+    'zzz',
+    '12345',
+    'abcdef',
+    '000000',
+    'real_key', // Common test value
+];
+/**
+ * Patterns indicating safe context (not real secrets)
+ */
+const SAFE_CONTEXT_PATTERNS = [
+    /process\.env\./i, // Environment variable
+    /os\.environ/i, // Python environment variable
+    /System\.getenv/i, // Java environment variable
+    /config\./i, // Configuration object
+    /\.example/i, // Example file
+    /\.template/i, // Template file
+    /\.sample/i, // Sample file
+    /\/\/ TODO/i, // TODO comment
+    /\/\/ FIXME/i, // FIXME comment
+    /\/\/ Example/i, // Example comment
+    /# Example/i, // Python example comment
+    /# TODO/i, // Python TODO comment
+];
+/**
+ * File patterns indicating test/example/documentation files
+ */
+const SAFE_FILE_PATTERNS = [
+    /\.test\./,
+    /\.spec\./,
+    /\.example\./,
+    /example/i, // Match any file with "example" in name
+    /\.template\./,
+    /\.sample\./,
+    /\.md$/,
+    /\.txt$/,
+    /\/test\//,
+    /\/tests\//,
+    /\/spec\//,
+    /\/specs\//,
+    /\/examples\//,
+    /\/docs\//,
+    /\/documentation\//,
+    /\/__tests__\//,
+    /\/__mocks__\//,
+    /README/i,
+    /CHANGELOG/i,
+    /LICENSE/i,
+];
+/**
+ * Check if value is a placeholder (not a real secret)
+ *
+ * @param value - Secret value to check
+ * @returns True if value is a placeholder
+ */
+function isPlaceholder(value) {
+    const valueLower = value.toLowerCase();
+    // Check against known placeholders
+    for (const placeholder of PLACEHOLDER_VALUES) {
+        if (valueLower.includes(placeholder.toLowerCase())) {
+            return true;
+        }
+    }
+    // Check if value is too simple (repeated characters)
+    if (/^(.)\1+$/.test(value)) {
+        return true; // All same character (e.g., "aaaaaaa")
+    }
+    // Check if value looks like example/test data
+    if (/^(test|example|demo|sample|fake|dummy)/i.test(value)) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if context indicates safe usage (not a real secret)
+ *
+ * @param context - Line of code containing the secret
+ * @returns True if context is safe
+ */
+function isSafeContext(context) {
+    for (const pattern of SAFE_CONTEXT_PATTERNS) {
+        if (pattern.test(context)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Check if file is test/example/documentation
+ *
+ * @param filePath - File path to check
+ * @returns True if file is test/example/docs
+ */
+function isSafeFile(filePath) {
+    for (const pattern of SAFE_FILE_PATTERNS) {
+        if (pattern.test(filePath)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Check if value is likely a false positive
+ * Combines all heuristics to determine if secret detection should be skipped
+ *
+ * @param value - Secret value detected
+ * @param context - Line of code containing the secret
+ * @param filePath - File path
+ * @returns True if likely false positive
+ */
+function isLikelyFalsePositive(value, context, filePath) {
+    // Check 1: Is value a placeholder?
+    if (isPlaceholder(value)) {
+        return true;
+    }
+    // Check 2: Is context safe (env var, config, etc.)?
+    if (isSafeContext(context)) {
+        return true;
+    }
+    // Check 3: Is file test/example/docs?
+    if (isSafeFile(filePath)) {
+        return true;
+    }
+    // Check 4: Value too short (likely not a real secret)
+    if (value.length < 8) {
+        return true;
+    }
+    // Not a false positive
+    return false;
+}
+/**
+ * Calculate confidence score (0-100) based on context
+ * Lower score = more likely false positive
+ *
+ * @param value - Secret value detected
+ * @param context - Line of code
+ * @param filePath - File path
+ * @returns Confidence score (0-100)
+ */
+function calculateContextConfidence(value, context, filePath) {
+    let confidence = 100; // Start at maximum confidence
+    // Reduce confidence for placeholders
+    if (isPlaceholder(value)) {
+        confidence -= 60;
+    }
+    // Reduce confidence for safe contexts
+    if (isSafeContext(context)) {
+        confidence -= 40;
+    }
+    // Reduce confidence for test/example files
+    if (isSafeFile(filePath)) {
+        confidence -= 30;
+    }
+    // Reduce confidence for short values
+    if (value.length < 12) {
+        confidence -= 20;
+    }
+    return Math.max(confidence, 0);
+}
+//# sourceMappingURL=context-checker.js.map

package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"context-checker.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/secrets/validators/context-checker.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AA8EH,sCAqBC;AAQD,sCAQC;AAQD,gCAQC;AAWD,sDA2BC;AAWD,gEA4BC;AA9MD;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,mBAAmB;IACnB,cAAc;IACd,cAAc;IACd,iBAAiB;IACjB,aAAa;IACb,aAAa;IACb,UAAU;IACV,UAAU;IACV,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,UAAU,EAAY,oBAAoB;CAC3C,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,iBAAiB,EAAY,uBAAuB;IACpD,cAAc,EAAe,8BAA8B;IAC3D,iBAAiB,EAAY,4BAA4B;IACzD,WAAW,EAAkB,uBAAuB;IACpD,YAAY,EAAiB,eAAe;IAC5C,aAAa,EAAgB,gBAAgB;IAC7C,WAAW,EAAkB,cAAc;IAC3C,YAAY,EAAiB,eAAe;IAC5C,aAAa,EAAgB,gBAAgB;IAC7C,eAAe,EAAc,kBAAkB;IAC/C,YAAY,EAAiB,yBAAyB;IACtD,SAAS,EAAoB,sBAAsB;CACpD,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,UAAU;IACV,UAAU;IACV,aAAa;IACb,UAAU,EAAe,wCAAwC;IACjE,cAAc;IACd,YAAY;IACZ,OAAO;IACP,QAAQ;IACR,UAAU;IACV,WAAW;IACX,UAAU;IACV,WAAW;IACX,cAAc;IACd,UAAU;IACV,mBAAmB;IACnB,eAAe;IACf,eAAe;IACf,SAAS;IACT,YAAY;IACZ,UAAU;CACX,CAAC;AAEF;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,KAAa;IACzC,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAEvC,mCAAmC;IACnC,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;QAC7C,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC,CAAC,uCAAuC;IACtD,CAAC;IAED,8CAA8C;IAC9C,IAAI,yCAAyC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,OAAe;IAC3C,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;QAC5C,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,QAAgB;IACzC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,qBAAqB,CACnC,KAAa,EACb,OAAe,EACf,QAAgB;IAEhB,mCAAmC;IACnC,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oDAAoD;IACpD,IAAI,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sCAAsC;IACtC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uBAAuB;IACvB,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,0BAA0B,CACxC,KAAa,EACb,OAAe,EACf,QAAgB;IAEhB,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,8BAA8B;IAEpD,qCAAqC;IACrC,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,sCAAsC;IACtC,IAAI,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,2CAA2C;IAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,qCAAqC;IACrC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;AACjC,CAAC"}

package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts ADDED Viewed

@@ -0,0 +1,56 @@
+/**
+ * Entropy Checker
+ *
+ * Calculates Shannon entropy to detect high-randomness strings.
+ * High entropy indicates potential secrets (API keys, tokens, hashes).
+ *
+ * Entropy scale (base-2):
+ * - 0-2: Low entropy (repeated chars, simple patterns)
+ * - 2-3.5: Medium entropy (English text, simple passwords)
+ * - 3.5-4.5: High entropy (mixed alphanumeric, potential secrets)
+ * - 4.5+: Very high entropy (cryptographic-grade randomness)
+ *
+ * Created: Phase 1.5, Week 1
+ * Date: January 7, 2026
+ */
+/**
+ * Calculate Shannon entropy of a string
+ *
+ * @param str - String to analyze
+ * @returns Entropy value (0-8, where 8 is maximum for base-256)
+ */
+export declare function calculateEntropy(str: string): number;
+/**
+ * Check if string has high entropy (likely random/cryptographic)
+ *
+ * @param str - String to analyze
+ * @param threshold - Entropy threshold (default 4.0)
+ * @returns True if entropy exceeds threshold
+ */
+export declare function hasHighEntropy(str: string, threshold?: number): boolean;
+/**
+ * Calculate entropy for each character type separately
+ * Useful for detecting mixed-case alphanumeric secrets
+ *
+ * @param str - String to analyze
+ * @returns Object with entropy breakdown
+ */
+export declare function calculateEntropyBreakdown(str: string): {
+    overall: number;
+    lowercase: number;
+    uppercase: number;
+    digits: number;
+    symbols: number;
+};
+/**
+ * Detect if string has cryptographic-grade randomness
+ * Uses multiple heuristics:
+ * - High overall entropy (>4.5)
+ * - Mixed character types (uppercase, lowercase, digits)
+ * - Length >= 20 characters
+ *
+ * @param str - String to analyze
+ * @returns True if likely cryptographic secret
+ */
+export declare function isCryptographicSecret(str: string): boolean;
+//# sourceMappingURL=entropy-checker.d.ts.map

package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"entropy-checker.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/secrets/validators/entropy-checker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAqBpD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,GAAE,MAAY,GAAG,OAAO,CAE5E;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG;IACtD,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,CAaA;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAmB1D"}

package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js ADDED Viewed

@@ -0,0 +1,102 @@
+"use strict";
+/**
+ * Entropy Checker
+ *
+ * Calculates Shannon entropy to detect high-randomness strings.
+ * High entropy indicates potential secrets (API keys, tokens, hashes).
+ *
+ * Entropy scale (base-2):
+ * - 0-2: Low entropy (repeated chars, simple patterns)
+ * - 2-3.5: Medium entropy (English text, simple passwords)
+ * - 3.5-4.5: High entropy (mixed alphanumeric, potential secrets)
+ * - 4.5+: Very high entropy (cryptographic-grade randomness)
+ *
+ * Created: Phase 1.5, Week 1
+ * Date: January 7, 2026
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateEntropy = calculateEntropy;
+exports.hasHighEntropy = hasHighEntropy;
+exports.calculateEntropyBreakdown = calculateEntropyBreakdown;
+exports.isCryptographicSecret = isCryptographicSecret;
+/**
+ * Calculate Shannon entropy of a string
+ *
+ * @param str - String to analyze
+ * @returns Entropy value (0-8, where 8 is maximum for base-256)
+ */
+function calculateEntropy(str) {
+    if (!str || str.length === 0) {
+        return 0;
+    }
+    // Count character frequencies
+    const frequencies = new Map();
+    for (const char of str) {
+        frequencies.set(char, (frequencies.get(char) || 0) + 1);
+    }
+    // Calculate Shannon entropy: H = -Σ(p(x) * log2(p(x)))
+    let entropy = 0;
+    const length = str.length;
+    for (const count of frequencies.values()) {
+        const probability = count / length;
+        entropy -= probability * Math.log2(probability);
+    }
+    return entropy;
+}
+/**
+ * Check if string has high entropy (likely random/cryptographic)
+ *
+ * @param str - String to analyze
+ * @param threshold - Entropy threshold (default 4.0)
+ * @returns True if entropy exceeds threshold
+ */
+function hasHighEntropy(str, threshold = 4.0) {
+    return calculateEntropy(str) >= threshold;
+}
+/**
+ * Calculate entropy for each character type separately
+ * Useful for detecting mixed-case alphanumeric secrets
+ *
+ * @param str - String to analyze
+ * @returns Object with entropy breakdown
+ */
+function calculateEntropyBreakdown(str) {
+    const lowercase = str.replace(/[^a-z]/g, '');
+    const uppercase = str.replace(/[^A-Z]/g, '');
+    const digits = str.replace(/[^0-9]/g, '');
+    const symbols = str.replace(/[a-zA-Z0-9]/g, '');
+    return {
+        overall: calculateEntropy(str),
+        lowercase: calculateEntropy(lowercase),
+        uppercase: calculateEntropy(uppercase),
+        digits: calculateEntropy(digits),
+        symbols: calculateEntropy(symbols),
+    };
+}
+/**
+ * Detect if string has cryptographic-grade randomness
+ * Uses multiple heuristics:
+ * - High overall entropy (>4.5)
+ * - Mixed character types (uppercase, lowercase, digits)
+ * - Length >= 20 characters
+ *
+ * @param str - String to analyze
+ * @returns True if likely cryptographic secret
+ */
+function isCryptographicSecret(str) {
+    if (str.length < 20) {
+        return false; // Too short for most API keys
+    }
+    const entropy = calculateEntropy(str);
+    if (entropy < 4.5) {
+        return false; // Not random enough
+    }
+    // Check for mixed character types
+    const hasLowercase = /[a-z]/.test(str);
+    const hasUppercase = /[A-Z]/.test(str);
+    const hasDigits = /[0-9]/.test(str);
+    // Cryptographic secrets typically have at least 2 character types
+    const typeCount = [hasLowercase, hasUppercase, hasDigits].filter(Boolean).length;
+    return typeCount >= 2;
+}
+//# sourceMappingURL=entropy-checker.js.map

package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"entropy-checker.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/secrets/validators/entropy-checker.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAQH,4CAqBC;AASD,wCAEC;AASD,8DAmBC;AAYD,sDAmBC;AAjGD;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,CAAC;IACX,CAAC;IAED,8BAA8B;IAC9B,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,uDAAuD;IACvD,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAE1B,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;QACzC,MAAM,WAAW,GAAG,KAAK,GAAG,MAAM,CAAC;QACnC,OAAO,IAAI,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,GAAW,EAAE,YAAoB,GAAG;IACjE,OAAO,gBAAgB,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;AAC5C,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,yBAAyB,CAAC,GAAW;IAOnD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IAEhD,OAAO;QACL,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC;QAC9B,SAAS,EAAE,gBAAgB,CAAC,SAAS,CAAC;QACtC,SAAS,EAAE,gBAAgB,CAAC,SAAS,CAAC;QACtC,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC;QAChC,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC;KACnC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpB,OAAO,KAAK,CAAC,CAAC,8BAA8B;IAC9C,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,CAAC,oBAAoB;IACpC,CAAC;IAED,kCAAkC;IAClC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEpC,kEAAkE;IAClE,MAAM,SAAS,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAEjF,OAAO,SAAS,IAAI,CAAC,CAAC;AACxB,CAAC"}

package/dist/src/lib/analyzers/security-checks/es6-security.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+/**
+ * ES6+ Security Checks Module
+ *
+ * Security vulnerability detection for ES6+ JavaScript patterns.
+ * Detects prototype pollution, URL injection, and template literal injection.
+ *
+ * @module es6-security
+ */
+import { SecurityVulnerability } from '../types';
+export type CreateVulnerabilityFn = (category: string, message: string, suggestion: string, line: number, description: string, exploitExample: string, realWorldImpact: string[], before: string, after: string, explanation: string) => SecurityVulnerability;
+/**
+ * Detects Object.assign() with user input (prototype pollution risk)
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+export declare function detectPrototypePollution(line: string, lineNumber: number, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability | null;
+/**
+ * Detects unsafe URL() constructor with user input (SSRF/open redirect risk)
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+export declare function detectURLInjection(line: string, lineNumber: number, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability | null;
+/**
+ * Detects template literal injection (SQL/command/HTML injection)
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+export declare function detectTemplateLiteralInjection(line: string, lineNumber: number, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability | null;
+//# sourceMappingURL=es6-security.d.ts.map

package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"es6-security.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/security-checks/es6-security.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEjD,MAAM,MAAM,qBAAqB,GAAG,CAClC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EAAE,EACzB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,KAChB,qBAAqB,CAAC;AAE3B;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,GAAG,IAAI,CAmC9B;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,GAAG,IAAI,CAwB9B;AAED;;;;;;;GAOG;AACH,wBAAgB,8BAA8B,CAC5C,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,GAAG,IAAI,CAqE9B"}

package/dist/src/lib/analyzers/security-checks/es6-security.js ADDED Viewed

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * ES6+ Security Checks Module
+ *
+ * Security vulnerability detection for ES6+ JavaScript patterns.
+ * Detects prototype pollution, URL injection, and template literal injection.
+ *
+ * @module es6-security
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectPrototypePollution = detectPrototypePollution;
+exports.detectURLInjection = detectURLInjection;
+exports.detectTemplateLiteralInjection = detectTemplateLiteralInjection;
+/**
+ * Detects Object.assign() with user input (prototype pollution risk)
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+function detectPrototypePollution(line, lineNumber, createVulnerability) {
+    const trimmed = line.trim();
+    if (trimmed.includes('Object.assign') && trimmed.match(/Object\.assign\s*\(\s*\w+/)) {
+        // Check if assigning from user input (with or without dot notation)
+        // Match: req.body, params, query, userInput, props.data, etc.
+        const hasUserInput = trimmed.match(/Object\.assign\s*\(\s*\w+\s*,\s*(req\b|request\b|params\b|query\b|body\b|userInput\b|req\.|request\.|params\.|query\.|body\.|props\.)/);
+        // Exclude safe patterns: Object.assign({}, ...) or Object.assign with literals/defaults
+        const isFirstArgEmpty = trimmed.match(/Object\.assign\s*\(\s*{\s*}\s*,/);
+        const hasOnlyLiterals = trimmed.match(/Object\.assign\s*\([^)]*{[^}]*}[^)]*\)/);
+        const isSafePattern = trimmed.includes('defaults') || trimmed.includes('static') || trimmed.match(/Object\.assign\s*\(\s*{}\s*,\s*\w+\s*,\s*{/);
+        if (hasUserInput && !isFirstArgEmpty && !isSafePattern) {
+            return createVulnerability('prototype-pollution', 'Object.assign with user input can cause prototype pollution', 'Validate keys before assignment or use Object.create(null)', lineNumber, 'Object.assign() with user-controlled input can modify Object.prototype, affecting all objects in the application and leading to security vulnerabilities.', 'Object.assign(config, req.body) where req.body = {"__proto__": {"isAdmin": true}}', [
+                'Prototype pollution attacks',
+                'Privilege escalation',
+                'Authentication bypass',
+                'Remote code execution'
+            ], 'Object.assign(config, req.body);', 'const safeAssign = (target, source) => {\n  const keys = Object.keys(source).filter(key => key !== "__proto__" && key !== "constructor" && key !== "prototype");\n  keys.forEach(key => { target[key] = source[key]; });\n};\nsafeAssign(config, req.body);', 'Filter out __proto__, constructor, and prototype keys before using Object.assign() with user input');
+        }
+    }
+    return null;
+}
+/**
+ * Detects unsafe URL() constructor with user input (SSRF/open redirect risk)
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+function detectURLInjection(line, lineNumber, createVulnerability) {
+    const trimmed = line.trim();
+    if (trimmed.match(/new\s+URL\s*\(/) && trimmed.match(/new\s+URL\s*\(\s*[^)]*\b(req\.|request\.|params\.|query\.|userInput|props\.)/)) {
+        return createVulnerability('url-injection', 'Unsafe URL() constructor with user input', 'Validate URL origin or use URL parsing library', lineNumber, 'Creating URLs from user input can lead to SSRF attacks, open redirects, or accessing internal services that should not be exposed.', 'new URL(req.query.redirect) where redirect = "http://internal-admin.local/secrets"', [
+            'Server-Side Request Forgery (SSRF)',
+            'Open redirect attacks',
+            'Access to internal services',
+            'Information disclosure'
+        ], 'const url = new URL(req.query.redirect);', 'const allowedOrigins = ["https://example.com"];\nconst url = new URL(req.query.redirect);\nif (!allowedOrigins.includes(url.origin)) {\n  throw new Error("Invalid redirect URL");\n}', 'Always validate URL origin against an allowlist before using URLs from user input');
+    }
+    return null;
+}
+/**
+ * Detects template literal injection (SQL/command/HTML injection)
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+function detectTemplateLiteralInjection(line, lineNumber, createVulnerability) {
+    const trimmed = line.trim();
+    // Pattern 1: Specific known user input patterns (original check)
+    const hasKnownUserInput = trimmed.match(/`[^`]*\$\{[^}]*\b(req\.|request\.|params\.|query\.|body\.|userInput|props\.|user\w*\b|filename\b)/);
+    // Pattern 2: HTML with ANY variable interpolation (IMPROVED - catches `<a href="${url}">`)
+    // Detects template literals that contain HTML tags AND variable interpolation
+    const hasHTMLWithVars = trimmed.match(/`[^`]*<\w+[^>]*>/) && trimmed.match(/\$\{[^}]+\}/);
+    if (hasKnownUserInput || hasHTMLWithVars) {
+        // Check if it's being used in dangerous contexts
+        const isDangerous = trimmed.includes('eval') ||
+            trimmed.includes('Function(') ||
+            trimmed.includes('innerHTML') ||
+            trimmed.includes('<script') ||
+            trimmed.match(/\b(SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)\b/i) || // SQL
+            trimmed.match(/\b(exec|spawn|mysqldump|psql|bash|sh)\b/i) || // Command injection
+            trimmed.match(/<\w+[^>]*>/); // HTML injection
+        if (isDangerous) {
+            // Determine specific type
+            let type = 'template-injection';
+            let title = 'Template literal injection allows code/command execution';
+            let suggestion = 'Use parameterized queries or sanitize user input';
+            let explanation = 'Use parameterized queries for SQL, avoid eval/Function, sanitize HTML, validate command inputs';
+            if (trimmed.match(/\b(SELECT|INSERT|UPDATE|DELETE)\b/i)) {
+                type = 'sql-injection';
+                title = 'Template literal with user input in SQL query';
+            }
+            else if (trimmed.match(/\b(exec|spawn|mysqldump)\b/i)) {
+                type = 'command-injection';
+                title = 'Template literal with user input in command execution';
+            }
+            else if (trimmed.match(/<\w+[^>]*>/) && hasHTMLWithVars) {
+                // XSS via HTML template literal
+                type = 'xss';
+                title = 'XSS vulnerability in HTML template literal';
+                suggestion = 'Sanitize variables or use React\'s JSX (auto-escaped)';
+                explanation = 'When rendering HTML with template literals, all variables must be sanitized. Use DOMPurify or avoid template literals for HTML entirely.';
+            }
+            return createVulnerability(type, title, suggestion, lineNumber, 'Template literals with user input in SQL queries, commands, eval, or HTML contexts allow attackers to inject malicious code, leading to XSS, SQL injection, or command execution.', hasHTMLWithVars
+                ? '`<a href="${userInput}">Link</a>` allows XSS if userInput contains javascript:alert(1)'
+                : '`SELECT * FROM users WHERE id = ${userId}` allows SQL injection if userId is not validated', [
+                'SQL injection',
+                'Command injection',
+                'Remote code execution',
+                'XSS attacks',
+                'Data exfiltration'
+            ], hasHTMLWithVars
+                ? 'return `<a href="${url}">Click here</a>`;'
+                : 'const query = `SELECT * FROM users WHERE id = ${userId}`;', hasHTMLWithVars
+                ? '// Option 1: Sanitize URL\nimport DOMPurify from "dompurify";\nconst safeUrl = DOMPurify.sanitize(url, {ALLOWED_URI_REGEXP: /^https?:/});\nreturn `<a href="${safeUrl}">Click here</a>`;\n\n// Option 2: Use React JSX (auto-escaped)\nreturn <a href={url}>Click here</a>;'
+                : 'const query = "SELECT * FROM users WHERE id = ?";\ndb.query(query, [userId]); // Parameterized query', explanation);
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=es6-security.js.map

package/dist/src/lib/analyzers/security-checks/es6-security.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"es6-security.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/security-checks/es6-security.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAyBH,4DAuCC;AAUD,gDA4BC;AAUD,wEAyEC;AAxKD;;;;;;;GAOG;AACH,SAAgB,wBAAwB,CACtC,IAAY,EACZ,UAAkB,EAClB,mBAA0C;IAE1C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC,EAAE,CAAC;QACpF,oEAAoE;QACpE,8DAA8D;QAC9D,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,uIAAuI,CAAC,CAAC;QAE5K,wFAAwF;QACxF,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACzE,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAChF,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAEhJ,IAAI,YAAY,IAAI,CAAC,eAAe,IAAI,CAAC,aAAa,EAAE,CAAC;YACvD,OAAO,mBAAmB,CACxB,qBAAqB,EACrB,6DAA6D,EAC7D,4DAA4D,EAC5D,UAAU,EACV,2JAA2J,EAC3J,mFAAmF,EACnF;gBACE,6BAA6B;gBAC7B,sBAAsB;gBACtB,uBAAuB;gBACvB,uBAAuB;aACxB,EACD,kCAAkC,EAClC,6PAA6P,EAC7P,oGAAoG,CACrG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAChC,IAAY,EACZ,UAAkB,EAClB,mBAA0C;IAE1C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,8EAA8E,CAAC,EAAE,CAAC;QACrI,OAAO,mBAAmB,CACxB,eAAe,EACf,0CAA0C,EAC1C,gDAAgD,EAChD,UAAU,EACV,oIAAoI,EACpI,oFAAoF,EACpF;YACE,oCAAoC;YACpC,uBAAuB;YACvB,6BAA6B;YAC7B,wBAAwB;SACzB,EACD,0CAA0C,EAC1C,uLAAuL,EACvL,mFAAmF,CACpF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAC5C,IAAY,EACZ,UAAkB,EAClB,mBAA0C;IAE1C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,iEAAiE;IACjE,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,mGAAmG,CAAC,CAAC;IAE7I,2FAA2F;IAC3F,8EAA8E;IAC9E,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAE1F,IAAI,iBAAiB,IAAI,eAAe,EAAE,CAAC;QACzC,iDAAiD;QACjD,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC7B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC7B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,IAAI,MAAM;YACxE,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,IAAI,oBAAoB;YACjF,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB;QAEhE,IAAI,WAAW,EAAE,CAAC;YAChB,0BAA0B;YAC1B,IAAI,IAAI,GAAG,oBAAoB,CAAC;YAChC,IAAI,KAAK,GAAG,0DAA0D,CAAC;YACvE,IAAI,UAAU,GAAG,kDAAkD,CAAC;YACpE,IAAI,WAAW,GAAG,gGAAgG,CAAC;YAEnH,IAAI,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,EAAE,CAAC;gBACxD,IAAI,GAAG,eAAe,CAAC;gBACvB,KAAK,GAAG,+CAA+C,CAAC;YAC1D,CAAC;iBAAM,IAAI,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,EAAE,CAAC;gBACxD,IAAI,GAAG,mBAAmB,CAAC;gBAC3B,KAAK,GAAG,uDAAuD,CAAC;YAClE,CAAC;iBAAM,IAAI,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,eAAe,EAAE,CAAC;gBAC1D,gCAAgC;gBAChC,IAAI,GAAG,KAAK,CAAC;gBACb,KAAK,GAAG,4CAA4C,CAAC;gBACrD,UAAU,GAAG,uDAAuD,CAAC;gBACrE,WAAW,GAAG,0IAA0I,CAAC;YAC3J,CAAC;YAED,OAAO,mBAAmB,CACxB,IAAI,EACJ,KAAK,EACL,UAAU,EACV,UAAU,EACV,mLAAmL,EACnL,eAAe;gBACb,CAAC,CAAC,wFAAwF;gBAC1F,CAAC,CAAC,4FAA4F,EAChG;gBACE,eAAe;gBACf,mBAAmB;gBACnB,uBAAuB;gBACvB,aAAa;gBACb,mBAAmB;aACpB,EACD,eAAe;gBACb,CAAC,CAAC,2CAA2C;gBAC7C,CAAC,CAAC,2DAA2D,EAC/D,eAAe;gBACb,CAAC,CAAC,6QAA6Q;gBAC/Q,CAAC,CAAC,sGAAsG,EAC1G,WAAW,CACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * Python Async/Await Security Checks Module
+ *
+ * Security vulnerability detection for Python async/await patterns.
+ * Detects missing await keywords and asyncio.run() misuse.
+ *
+ * @module python-async-security
+ */
+import { SecurityVulnerability } from '../types';
+export type CreateVulnerabilityFn = (category: string, message: string, suggestion: string, line: number, description: string, exploitExample: string, realWorldImpact: string[], before: string, after: string, explanation: string) => SecurityVulnerability;
+/**
+ * Check if line starts an async function definition
+ *
+ * @param line - The code line to check
+ * @returns true if line starts async function
+ */
+export declare function isAsyncFunctionStart(line: string): boolean;
+/**
+ * Check if line ends async function context (dedent back to module level)
+ *
+ * @param line - The code line to check
+ * @param prevIndent - Previous function body indent level
+ * @returns true if async context should end
+ */
+export declare function isAsyncFunctionEnd(line: string, prevIndent: number): boolean;
+/**
+ * Detect missing await on async function calls
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param inAsyncContext - Whether we're inside an async function
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+export declare function detectMissingAwait(line: string, lineNumber: number, inAsyncContext: boolean, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability | null;
+/**
+ * Detect asyncio.run() called inside async function
+ *
+ * @param line - The code line to check
+ * @param lineNumber - The line number
+ * @param inAsyncContext - Whether we're inside an async function
+ * @param createVulnerability - Function to create vulnerability object
+ * @returns SecurityVulnerability if detected, null otherwise
+ */
+export declare function detectAsyncioRunMisuse(line: string, lineNumber: number, inAsyncContext: boolean, createVulnerability: CreateVulnerabilityFn): SecurityVulnerability | null;
+//# sourceMappingURL=python-async-security.d.ts.map

package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"python-async-security.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/security-checks/python-async-security.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEjD,MAAM,MAAM,qBAAqB,GAAG,CAClC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EAAE,EACzB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,KAChB,qBAAqB,CAAC;AAE3B;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE1D;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAY5E;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,OAAO,EACvB,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,GAAG,IAAI,CAgC9B;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,OAAO,EACvB,mBAAmB,EAAE,qBAAqB,GACzC,qBAAqB,GAAG,IAAI,CAwB9B"}