codeslick-cli 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +458 -0
- package/__tests__/cli-reporter.test.ts +86 -0
- package/__tests__/config-loader.test.ts +247 -0
- package/__tests__/local-scanner.test.ts +245 -0
- package/bin/codeslick.cjs +153 -0
- package/dist/packages/cli/src/commands/auth.d.ts +36 -0
- package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/auth.js +226 -0
- package/dist/packages/cli/src/commands/auth.js.map +1 -0
- package/dist/packages/cli/src/commands/config.d.ts +37 -0
- package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/config.js +196 -0
- package/dist/packages/cli/src/commands/config.js.map +1 -0
- package/dist/packages/cli/src/commands/init.d.ts +32 -0
- package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/init.js +171 -0
- package/dist/packages/cli/src/commands/init.js.map +1 -0
- package/dist/packages/cli/src/commands/scan.d.ts +40 -0
- package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/scan.js +204 -0
- package/dist/packages/cli/src/commands/scan.js.map +1 -0
- package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
- package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
- package/dist/packages/cli/src/config/config-loader.js +146 -0
- package/dist/packages/cli/src/config/config-loader.js.map +1 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
- package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
- package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
- package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
- package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
- package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
- package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
- package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
- package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
- package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
- package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
- package/dist/src/lib/analyzers/types.d.ts +92 -0
- package/dist/src/lib/analyzers/types.d.ts.map +1 -0
- package/dist/src/lib/analyzers/types.js +3 -0
- package/dist/src/lib/analyzers/types.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
- package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
- package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
- package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
- package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
- package/dist/src/lib/security/compliance-mapping.js +1342 -0
- package/dist/src/lib/security/compliance-mapping.js.map +1 -0
- package/dist/src/lib/security/severity-scoring.d.ts +47 -0
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
- package/dist/src/lib/security/severity-scoring.js +965 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -0
- package/dist/src/lib/standards/references.d.ts +16 -0
- package/dist/src/lib/standards/references.d.ts.map +1 -0
- package/dist/src/lib/standards/references.js +1161 -0
- package/dist/src/lib/standards/references.js.map +1 -0
- package/dist/src/lib/types/index.d.ts +167 -0
- package/dist/src/lib/types/index.d.ts.map +1 -0
- package/dist/src/lib/types/index.js +3 -0
- package/dist/src/lib/types/index.js.map +1 -0
- package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
- package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
- package/dist/src/lib/utils/code-cleaner.js +283 -0
- package/dist/src/lib/utils/code-cleaner.js.map +1 -0
- package/package.json +51 -0
- package/src/commands/auth.ts +308 -0
- package/src/commands/config.ts +226 -0
- package/src/commands/init.ts +202 -0
- package/src/commands/scan.ts +238 -0
- package/src/config/config-loader.ts +175 -0
- package/src/reporters/cli-reporter.ts +282 -0
- package/src/scanner/local-scanner.ts +250 -0
- package/tsconfig.json +24 -0
- package/tsconfig.tsbuildinfo +1 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-control.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/typescript/security-checks/access-control.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAcH,gDAuQC;AAlRD,sEAAqF;AAErF;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAChC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,8CAA8C;QAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO;QAElG,yCAAyC;QACzC,2CAA2C;QAC3C,+EAA+E;QAC/E,8EAA8E;QAC9E,MAAM,kBAAkB,GAAG,2IAA2I,CAAC;QAEvK,IAAI,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtC,+CAA+C;YAC/C,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAEzE,mCAAmC;YACnC,2DAA2D;YAC3D,gCAAgC;YAChC,2BAA2B;YAC3B,2EAA2E;YAC3E,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACtC,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO;gBACL,iBAAiB;gBACjB,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACjC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAC9B,uBAAuB;oBACvB,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;oBACnC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,CAAC;oBAC/C,yBAAyB;oBACzB,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;oBAChC,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC;oBAClC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAC/B,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACjC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC1B,mDAAmD;oBACnD,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACzB,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAChC,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,uBAAuB,EACvB,kGAAkG,EAClG,uHAAuH,EACvH,UAAU,EACV,0MAA0M,EAC1M,sIAAsI,EACtI;oBACE,gFAAgF;oBAChF,qCAAqC;oBACrC,2CAA2C;oBAC3C,qEAAqE;oBACrE,8CAA8C;iBAC/C,EACD,2KAA2K,EAC3K,wQAAwQ,EACxQ,kKAAkK,CACnK,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yFAAyF;QACzF,iDAAiD;QACjD,0DAA0D;QAC1D,uDAAuD;QACvD,uFAAuF;QAEvF,oEAAoE;QACpE,MAAM,kBAAkB,GAAG,2CAA2C,CAAC;QACvE,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAElD,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAEhC,gDAAgD;YAChD,MAAM,mBAAmB,GAAG,kFAAkF,CAAC;YAE/G,IAAI,YAAY,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAC5C,IAAI,QAAQ,GAAG,EAAE,CAAC;gBAClB,IAAI,UAAU,GAAG,EAAE,CAAC;gBAEpB,2EAA2E;gBAC3E,oEAAoE;gBACpE,MAAM,iBAAiB,GAAG,yCAAyC,CAAC;gBACpE,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBAEzD,IAAI,eAAe,EAAE,CAAC;oBACpB,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBACrC,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACzC,CAAC;qBAAM,CAAC;oBACN,sDAAsD;oBACtD,0DAA0D;oBAC1D,MAAM,aAAa,GAAG,uBAAuB,CAAC;oBAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;oBACjD,IAAI,WAAW,EAAE,CAAC;wBAChB,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBACrD,CAAC;oBAED,kCAAkC;oBAClC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;wBACjC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;wBACpC,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;4BACnC,MAAM,eAAe,GAAG,aAAa,CAAC;4BACtC,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;4BACzD,IAAI,aAAa,EAAE,CAAC;gCAClB,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;4BACzD,CAAC;4BACD,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,mDAAmD;gBACnD,IAAI,QAAQ,IAAI,UAAU,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;oBACtD,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,0BAA0B,EAC1B,sHAAsH,EACtH,2LAA2L,EAC3L,UAAU,EACV,4OAA4O,EAC5O,mJAAmJ,EACnJ;wBACE,gCAAgC;wBAChC,4CAA4C;wBAC5C,+CAA+C;wBAC/C,sBAAsB;wBACtB,wCAAwC;wBACxC,2DAA2D;wBAC3D,qDAAqD;qBACtD,EACD,mLAAmL,EACnL,4MAA4M,EAC5M,6KAA6K,CAC9K,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,sDAAsD;QACtD,uEAAuE;QACvE,MAAM,YAAY,GAAG,gEAAgE,CAAC;QACtF,MAAM,cAAc,GAAG,0DAA0D,CAAC;QAElF,IAAI,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;YACjE,+CAA+C;YAC/C,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;gBACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBACnC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC/B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAEnD,sDAAsD;YACtD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACzE,MAAM,kBAAkB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC5C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO;gBACL,4DAA4D;gBAC5D,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBACvE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;oBACnE,sCAAsC;oBACtC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,CAAC;oBAC/C,6BAA6B;oBAC7B,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;oBACjC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;oBAChC,qDAAqD;oBACrD,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CACpG,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,aAAa,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC1C,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,mCAAmC,EACnC,yFAAyF,EACzF,0GAA0G,EAC1G,UAAU,EACV,qJAAqJ,EACrJ,yGAAyG,EACzG;oBACE,uCAAuC;oBACvC,6CAA6C;oBAC7C,gDAAgD;oBAChD,uBAAuB;oBACvB,gDAAgD;iBACjD,EACD,2EAA2E,EAC3E,2FAA2F,EAC3F,qGAAqG,CACtG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,mDAAmD;QACnD,yEAAyE;QACzE,MAAM,qBAAqB,GAAG,oFAAoF,CAAC;QACnH,MAAM,eAAe,GAAG,qEAAqE,CAAC;QAE9F,IAAI,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACzC,4EAA4E;YAC5E,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACxE,MAAM,qBAAqB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC/C,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACpB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACpB,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;gBACxB,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBAC5B,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAC5B,CAAC;YAEF,wEAAwE;YACxE,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACtC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACtB,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAC7B,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAC1B,CAAC;YAEF,IAAI,qBAAqB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAAC,IAAA,2DAAqC,EACxD,2BAA2B,EAC3B,yFAAyF,EACzF,kGAAkG,EAClG,UAAU,EACV,0LAA0L,EAC1L,uHAAuH,EACvH;oBACE,yDAAyD;oBACzD,qCAAqC;oBACrC,uCAAuC;oBACvC,gCAAgC;oBAChC,uBAAuB;oBACvB,2DAA2D;iBAC5D,EACD,mFAAmF,EACnF,kPAAkP,EAClP,4IAA4I,CAC7I,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TypeScript AI-Generated Code Detection Module
|
|
3
|
+
*
|
|
4
|
+
* Detects AI-generated code patterns as SECURITY RISKS:
|
|
5
|
+
* - 17 hallucination patterns (15 JavaScript + 2 TypeScript-specific)
|
|
6
|
+
* - 8 code smell heuristics (over-engineering, inconsistency)
|
|
7
|
+
* - Confidence scoring (HIGH/MEDIUM/LOW)
|
|
8
|
+
*
|
|
9
|
+
* OWASP A04:2025 - Insecure Design
|
|
10
|
+
* CWE-1120 - Excessive Code Complexity
|
|
11
|
+
* CWE-758 - Reliance on Undefined Behavior
|
|
12
|
+
*
|
|
13
|
+
* Phase 1.5, Week 5-7 (AI-Generated Code Detection)
|
|
14
|
+
* Created: January 8, 2026
|
|
15
|
+
*/
|
|
16
|
+
import { SecurityVulnerability } from '../../types';
|
|
17
|
+
/**
|
|
18
|
+
* Detect AI-generated code in TypeScript
|
|
19
|
+
*
|
|
20
|
+
* @param lines - Array of code lines
|
|
21
|
+
* @param filename - Optional filename (to skip test files)
|
|
22
|
+
* @returns Array of security vulnerabilities (0-1 aggregated vulnerability)
|
|
23
|
+
*/
|
|
24
|
+
export declare function checkAIGeneratedCode(lines: string[], filename?: string): SecurityVulnerability[];
|
|
25
|
+
//# sourceMappingURL=ai-generated-code.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-generated-code.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/typescript/security-checks/ai-generated-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAqHpD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,EACf,QAAQ,CAAC,EAAE,MAAM,GAChB,qBAAqB,EAAE,CAuJzB"}
|
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* TypeScript AI-Generated Code Detection Module
|
|
4
|
+
*
|
|
5
|
+
* Detects AI-generated code patterns as SECURITY RISKS:
|
|
6
|
+
* - 17 hallucination patterns (15 JavaScript + 2 TypeScript-specific)
|
|
7
|
+
* - 8 code smell heuristics (over-engineering, inconsistency)
|
|
8
|
+
* - Confidence scoring (HIGH/MEDIUM/LOW)
|
|
9
|
+
*
|
|
10
|
+
* OWASP A04:2025 - Insecure Design
|
|
11
|
+
* CWE-1120 - Excessive Code Complexity
|
|
12
|
+
* CWE-758 - Reliance on Undefined Behavior
|
|
13
|
+
*
|
|
14
|
+
* Phase 1.5, Week 5-7 (AI-Generated Code Detection)
|
|
15
|
+
* Created: January 8, 2026
|
|
16
|
+
*/
|
|
17
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
+
exports.checkAIGeneratedCode = checkAIGeneratedCode;
|
|
19
|
+
const createVulnerability_1 = require("../utils/createVulnerability");
|
|
20
|
+
const ai_code_detection_utils_1 = require("../../helpers/ai-code-detection-utils");
|
|
21
|
+
/**
|
|
22
|
+
* TypeScript hallucination patterns (17 patterns)
|
|
23
|
+
*
|
|
24
|
+
* Includes all JavaScript patterns (15) + TypeScript-specific (2):
|
|
25
|
+
* - Python influence: .append(), .strip(), .len()
|
|
26
|
+
* - Case sensitivity errors: .toUppercase(), .toLowercase()
|
|
27
|
+
* - Non-existent methods: .contains(), .remove(), .split_by()
|
|
28
|
+
* - TypeScript-specific: .as_type(), .typeof()
|
|
29
|
+
*/
|
|
30
|
+
const HALLUCINATION_PATTERNS = new Map([
|
|
31
|
+
// Python-style methods in TypeScript
|
|
32
|
+
['append', {
|
|
33
|
+
correct: '.push()',
|
|
34
|
+
description: 'TypeScript arrays use .push(), not .append(). This is a Python method.'
|
|
35
|
+
}],
|
|
36
|
+
['strip', {
|
|
37
|
+
correct: '.trim()',
|
|
38
|
+
description: 'TypeScript strings use .trim(), not .strip(). This is a Python method.'
|
|
39
|
+
}],
|
|
40
|
+
['len', {
|
|
41
|
+
correct: '.length',
|
|
42
|
+
description: 'TypeScript uses .length property, not .len() method. This is Python/Rust syntax.'
|
|
43
|
+
}],
|
|
44
|
+
['split_by', {
|
|
45
|
+
correct: '.split()',
|
|
46
|
+
description: 'Non-existent method. TypeScript uses .split() with camelCase naming.'
|
|
47
|
+
}],
|
|
48
|
+
// Case sensitivity errors (common AI typos)
|
|
49
|
+
['toUppercase', {
|
|
50
|
+
correct: '.toUpperCase()',
|
|
51
|
+
description: 'Case sensitivity error. Correct method is .toUpperCase() with capital C.'
|
|
52
|
+
}],
|
|
53
|
+
['toLowercase', {
|
|
54
|
+
correct: '.toLowerCase()',
|
|
55
|
+
description: 'Case sensitivity error. Correct method is .toLowerCase() with capital C.'
|
|
56
|
+
}],
|
|
57
|
+
// Non-existent methods (hallucinations)
|
|
58
|
+
['contains', {
|
|
59
|
+
correct: '.includes()',
|
|
60
|
+
description: 'TypeScript arrays/strings use .includes(), not .contains(). This is Java syntax.'
|
|
61
|
+
}],
|
|
62
|
+
['remove', {
|
|
63
|
+
correct: '.splice() or .filter()',
|
|
64
|
+
description: 'Arrays do not have .remove() method. Use .splice() or .filter().'
|
|
65
|
+
}],
|
|
66
|
+
['replace_all', {
|
|
67
|
+
correct: '.replaceAll()',
|
|
68
|
+
description: 'Incorrect method name. TypeScript uses camelCase: .replaceAll().'
|
|
69
|
+
}],
|
|
70
|
+
['substring_of', {
|
|
71
|
+
correct: '.includes()',
|
|
72
|
+
description: 'Non-existent method. Use .includes() to check if string contains substring.'
|
|
73
|
+
}],
|
|
74
|
+
['to_string', {
|
|
75
|
+
correct: '.toString()',
|
|
76
|
+
description: 'TypeScript uses camelCase: .toString(), not snake_case to_string().'
|
|
77
|
+
}],
|
|
78
|
+
['is_empty', {
|
|
79
|
+
correct: '.length === 0',
|
|
80
|
+
description: 'No .is_empty() method. Check .length property instead. This is Rust/Python syntax.'
|
|
81
|
+
}],
|
|
82
|
+
// Rust/Python influence
|
|
83
|
+
['size', {
|
|
84
|
+
correct: '.length or .size',
|
|
85
|
+
description: 'Arrays use .length property. Maps/Sets use .size property (not method).'
|
|
86
|
+
}],
|
|
87
|
+
// Java influence
|
|
88
|
+
['indexOf', {
|
|
89
|
+
correct: '.indexOf() or .findIndex()',
|
|
90
|
+
description: 'Method exists but often misused. Consider .findIndex() for complex searches.'
|
|
91
|
+
}],
|
|
92
|
+
// String method confusion
|
|
93
|
+
['charAt', {
|
|
94
|
+
correct: '[index]',
|
|
95
|
+
description: 'Modern TypeScript prefers bracket notation [index] over .charAt().'
|
|
96
|
+
}],
|
|
97
|
+
// TypeScript-specific hallucinations
|
|
98
|
+
['as_type', {
|
|
99
|
+
correct: 'as Type',
|
|
100
|
+
description: 'No .as_type() method. Use type assertions with "as" keyword: value as Type.'
|
|
101
|
+
}],
|
|
102
|
+
['typeof', {
|
|
103
|
+
correct: 'typeof operator',
|
|
104
|
+
description: 'No .typeof() method. Use typeof operator: typeof variable === "string".'
|
|
105
|
+
}],
|
|
106
|
+
]);
|
|
107
|
+
/**
|
|
108
|
+
* Detect AI-generated code in TypeScript
|
|
109
|
+
*
|
|
110
|
+
* @param lines - Array of code lines
|
|
111
|
+
* @param filename - Optional filename (to skip test files)
|
|
112
|
+
* @returns Array of security vulnerabilities (0-1 aggregated vulnerability)
|
|
113
|
+
*/
|
|
114
|
+
function checkAIGeneratedCode(lines, filename) {
|
|
115
|
+
// Skip test files to reduce false positives
|
|
116
|
+
if ((0, ai_code_detection_utils_1.isTestFile)(filename)) {
|
|
117
|
+
return [];
|
|
118
|
+
}
|
|
119
|
+
let hallucinationCount = 0;
|
|
120
|
+
const hallucinationLines = new Set();
|
|
121
|
+
const detectedPatterns = [];
|
|
122
|
+
// Combined regex for all 17 hallucination patterns (optimized)
|
|
123
|
+
const combinedPattern = new RegExp('\\.' +
|
|
124
|
+
'(append|strip|len|split_by|toUppercase|toLowercase|contains|remove|' +
|
|
125
|
+
'replace_all|substring_of|to_string|is_empty|size|indexOf|charAt|as_type|typeof)' +
|
|
126
|
+
'\\s*\\(', 'g');
|
|
127
|
+
let inMultiLineComment = false;
|
|
128
|
+
// 1. Detect hallucination patterns
|
|
129
|
+
lines.forEach((line, index) => {
|
|
130
|
+
const lineNumber = index + 1;
|
|
131
|
+
const trimmed = line.trim();
|
|
132
|
+
// Track multi-line comments (/* ... */)
|
|
133
|
+
if (trimmed.includes('/*'))
|
|
134
|
+
inMultiLineComment = true;
|
|
135
|
+
if (trimmed.includes('*/')) {
|
|
136
|
+
inMultiLineComment = false;
|
|
137
|
+
return;
|
|
138
|
+
}
|
|
139
|
+
// Skip comments and empty lines
|
|
140
|
+
if (!trimmed || inMultiLineComment || trimmed.startsWith('//'))
|
|
141
|
+
return;
|
|
142
|
+
// Remove string literals and template literals to avoid false positives
|
|
143
|
+
const cleanedLine = (0, ai_code_detection_utils_1.removeCommentsAndStrings)(line, 'typescript');
|
|
144
|
+
// Match hallucination patterns
|
|
145
|
+
const matches = Array.from(cleanedLine.matchAll(combinedPattern));
|
|
146
|
+
for (const match of matches) {
|
|
147
|
+
const method = match[1];
|
|
148
|
+
const details = HALLUCINATION_PATTERNS.get(method);
|
|
149
|
+
if (details) {
|
|
150
|
+
hallucinationCount++;
|
|
151
|
+
hallucinationLines.add(lineNumber);
|
|
152
|
+
detectedPatterns.push(method);
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
});
|
|
156
|
+
// 2. Run heuristic detectors
|
|
157
|
+
const heuristicScores = {
|
|
158
|
+
overEngineeredErrors: (0, ai_code_detection_utils_1.detectOverEngineeredErrorHandling)(lines),
|
|
159
|
+
unnecessaryWrappers: (0, ai_code_detection_utils_1.detectUnnecessaryWrappers)(lines),
|
|
160
|
+
verboseComments: (0, ai_code_detection_utils_1.detectVerboseComments)(lines),
|
|
161
|
+
mixedNaming: (0, ai_code_detection_utils_1.detectMixedNamingConventions)(lines),
|
|
162
|
+
redundantNullChecks: (0, ai_code_detection_utils_1.detectRedundantNullChecks)(lines),
|
|
163
|
+
unnecessaryAsync: (0, ai_code_detection_utils_1.detectUnnecessaryAsync)(lines),
|
|
164
|
+
genericVariables: (0, ai_code_detection_utils_1.detectGenericVariableOveruse)(lines),
|
|
165
|
+
inconsistentStrings: (0, ai_code_detection_utils_1.detectInconsistentStringConcatenation)(lines),
|
|
166
|
+
};
|
|
167
|
+
// 3. Calculate confidence and severity
|
|
168
|
+
const detection = (0, ai_code_detection_utils_1.calculateAICodeConfidence)(hallucinationCount, heuristicScores);
|
|
169
|
+
if (!detection) {
|
|
170
|
+
return []; // No AI-generated code detected
|
|
171
|
+
}
|
|
172
|
+
// 4. Create aggregated vulnerability
|
|
173
|
+
const categoryId = detection.severity === 'CRITICAL' ? 'ai-generated-code-high' :
|
|
174
|
+
detection.severity === 'HIGH' ? 'ai-generated-code-medium' :
|
|
175
|
+
'ai-generated-code-low';
|
|
176
|
+
// Build message based on detection type
|
|
177
|
+
let message = `AI-generated code detected (${detection.confidence} confidence): `;
|
|
178
|
+
if (hallucinationCount > 0) {
|
|
179
|
+
message += `${hallucinationCount} hallucinated method(s) found`;
|
|
180
|
+
if (detectedPatterns.length > 0) {
|
|
181
|
+
const uniquePatterns = Array.from(new Set(detectedPatterns)).slice(0, 3);
|
|
182
|
+
message += ` (.${uniquePatterns.join(', .')})`;
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
else {
|
|
186
|
+
message += 'Multiple code smell patterns detected (over-engineering, inconsistent naming, etc.)';
|
|
187
|
+
}
|
|
188
|
+
// Build suggestion
|
|
189
|
+
const suggestion = hallucinationCount > 0
|
|
190
|
+
? `Replace hallucinated methods with correct TypeScript equivalents. Found: ${Array.from(new Set(detectedPatterns)).map(p => `.${p}()`).join(', ')}. Review and rewrite AI-generated code sections.`
|
|
191
|
+
: 'Simplify code structure, use consistent naming conventions (camelCase), and follow TypeScript idioms. Remove unnecessary async functions, redundant null checks, and over-engineered error handling.';
|
|
192
|
+
// Find first occurrence line for reporting
|
|
193
|
+
const reportLine = hallucinationLines.size > 0
|
|
194
|
+
? Math.min(...hallucinationLines)
|
|
195
|
+
: 1; // Use first line if only heuristics detected
|
|
196
|
+
// Get first detected pattern details for remediation example
|
|
197
|
+
const firstPattern = detectedPatterns[0];
|
|
198
|
+
const firstPatternDetails = firstPattern ? HALLUCINATION_PATTERNS.get(firstPattern) : null;
|
|
199
|
+
return [
|
|
200
|
+
(0, createVulnerability_1.createTypeScriptSecurityVulnerability)({
|
|
201
|
+
category: categoryId,
|
|
202
|
+
severity: detection.severity.toLowerCase(),
|
|
203
|
+
confidence: detection.confidence,
|
|
204
|
+
message,
|
|
205
|
+
line: reportLine,
|
|
206
|
+
suggestion,
|
|
207
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
208
|
+
cwe: 'CWE-1120, CWE-758',
|
|
209
|
+
pciDss: '6.5',
|
|
210
|
+
remediation: {
|
|
211
|
+
explanation: 'AI code generators (like GitHub Copilot, ChatGPT, Claude) can hallucinate non-existent methods or generate over-engineered patterns. ' +
|
|
212
|
+
'This creates reliability issues and potential security vulnerabilities. Hallucinated methods cause runtime errors that expose stack traces with ' +
|
|
213
|
+
'sensitive information. Over-engineered code patterns make security audits difficult, hiding real vulnerabilities. ' +
|
|
214
|
+
'Always verify AI-generated code matches TypeScript specifications and follows security best practices.',
|
|
215
|
+
before: firstPatternDetails
|
|
216
|
+
? `array.${firstPattern}(item) // Hallucinated method`
|
|
217
|
+
: '// Over-engineered or inconsistent code patterns\n// Example: try { ... } catch (e) { if (...) { if (...) { if (...) { } } } }',
|
|
218
|
+
after: firstPatternDetails
|
|
219
|
+
? `array${firstPatternDetails.correct} // Correct TypeScript`
|
|
220
|
+
: '// Simplified, idiomatic code following TypeScript conventions\n// Example: try { ... } catch (e) { logError(e); throw e; }',
|
|
221
|
+
},
|
|
222
|
+
attackVector: {
|
|
223
|
+
description: 'AI-generated code with hallucinated methods creates runtime TypeError exceptions exposing system internals through stack traces. ' +
|
|
224
|
+
'Attackers can trigger these errors repeatedly to map application structure and identify vulnerable endpoints. ' +
|
|
225
|
+
'Inconsistent code patterns make security reviews difficult, allowing real vulnerabilities to hide among AI-generated noise. ' +
|
|
226
|
+
'Over-engineered error handling may leak sensitive information in catch blocks.',
|
|
227
|
+
exploitExample: "User triggers: array.append(item)\n" +
|
|
228
|
+
"Result: TypeError: array.append is not a function\n" +
|
|
229
|
+
"Stack trace reveals: Internal file paths, function names, database schema hints\n" +
|
|
230
|
+
"Attacker uses this to map application architecture and plan targeted attacks.",
|
|
231
|
+
realWorldImpact: [
|
|
232
|
+
'Runtime errors revealing sensitive stack traces with internal paths',
|
|
233
|
+
'Logic bugs in access control or validation code (AI-generated if statements)',
|
|
234
|
+
'Performance degradation from inefficient AI-generated loops and algorithms',
|
|
235
|
+
'Maintenance burden: Developers spend hours debugging AI hallucinations',
|
|
236
|
+
'Hidden security vulnerabilities masked by over-engineered code patterns',
|
|
237
|
+
],
|
|
238
|
+
},
|
|
239
|
+
})
|
|
240
|
+
];
|
|
241
|
+
}
|
|
242
|
+
//# sourceMappingURL=ai-generated-code.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-generated-code.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/typescript/security-checks/ai-generated-code.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AA8HH,oDA0JC;AArRD,sEAAqF;AACrF,mFAY+C;AAU/C;;;;;;;;GAQG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAA+B;IACnE,qCAAqC;IACrC,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACF,CAAC,OAAO,EAAE;YACR,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACF,CAAC,KAAK,EAAE;YACN,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,kFAAkF;SAChG,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,UAAU;YACnB,WAAW,EAAE,sEAAsE;SACpF,CAAC;IAEF,4CAA4C;IAC5C,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,0EAA0E;SACxF,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,0EAA0E;SACxF,CAAC;IAEF,wCAAwC;IACxC,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,kFAAkF;SAChG,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,wBAAwB;YACjC,WAAW,EAAE,kEAAkE;SAChF,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,kEAAkE;SAChF,CAAC;IACF,CAAC,cAAc,EAAE;YACf,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IACF,CAAC,WAAW,EAAE;YACZ,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,qEAAqE;SACnF,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,oFAAoF;SAClG,CAAC;IAEF,wBAAwB;IACxB,CAAC,MAAM,EAAE;YACP,OAAO,EAAE,kBAAkB;YAC3B,WAAW,EAAE,yEAAyE;SACvF,CAAC;IAEF,iBAAiB;IACjB,CAAC,SAAS,EAAE;YACV,OAAO,EAAE,4BAA4B;YACrC,WAAW,EAAE,8EAA8E;SAC5F,CAAC;IAEF,0BAA0B;IAC1B,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,oEAAoE;SAClF,CAAC;IAEF,qCAAqC;IACrC,CAAC,SAAS,EAAE;YACV,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,iBAAiB;YAC1B,WAAW,EAAE,yEAAyE;SACvF,CAAC;CACH,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAClC,KAAe,EACf,QAAiB;IAEjB,4CAA4C;IAC5C,IAAI,IAAA,oCAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC7C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,+DAA+D;IAC/D,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,KAAK;QACL,qEAAqE;QACrE,iFAAiF;QACjF,SAAS,EACT,GAAG,CACJ,CAAC;IAEF,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,wCAAwC;QACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,kBAAkB,GAAG,IAAI,CAAC;QACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO;QAEvE,wEAAwE;QACxE,MAAM,WAAW,GAAG,IAAA,kDAAwB,EAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAEjE,+BAA+B;QAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;QAElE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,OAAO,EAAE,CAAC;gBACZ,kBAAkB,EAAE,CAAC;gBACrB,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACnC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,eAAe,GAAG;QACtB,oBAAoB,EAAE,IAAA,2DAAiC,EAAC,KAAK,CAAC;QAC9D,mBAAmB,EAAE,IAAA,mDAAyB,EAAC,KAAK,CAAC;QACrD,eAAe,EAAE,IAAA,+CAAqB,EAAC,KAAK,CAAC;QAC7C,WAAW,EAAE,IAAA,sDAA4B,EAAC,KAAK,CAAC;QAChD,mBAAmB,EAAE,IAAA,mDAAyB,EAAC,KAAK,CAAC;QACrD,gBAAgB,EAAE,IAAA,gDAAsB,EAAC,KAAK,CAAC;QAC/C,gBAAgB,EAAE,IAAA,sDAA4B,EAAC,KAAK,CAAC;QACrD,mBAAmB,EAAE,IAAA,+DAAqC,EAAC,KAAK,CAAC;KAClE,CAAC;IAEF,uCAAuC;IACvC,MAAM,SAAS,GAAG,IAAA,mDAAyB,EAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IAEjF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,CAAC,CAAC,gCAAgC;IAC7C,CAAC;IAED,qCAAqC;IACrC,MAAM,UAAU,GACd,SAAS,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;QAC9D,SAAS,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC;YAC5D,uBAAuB,CAAC;IAE1B,wCAAwC;IACxC,IAAI,OAAO,GAAG,+BAA+B,SAAS,CAAC,UAAU,gBAAgB,CAAC;IAElF,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,GAAG,kBAAkB,+BAA+B,CAAC;QAChE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,OAAO,IAAI,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;QACjD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,qFAAqF,CAAC;IACnG,CAAC;IAED,mBAAmB;IACnB,MAAM,UAAU,GAAG,kBAAkB,GAAG,CAAC;QACvC,CAAC,CAAC,4EAA4E,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,kDAAkD;QACpM,CAAC,CAAC,sMAAsM,CAAC;IAE3M,2CAA2C;IAC3C,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC;QACjC,CAAC,CAAC,CAAC,CAAC,CAAC,6CAA6C;IAEpD,6DAA6D;IAC7D,MAAM,YAAY,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzC,MAAM,mBAAmB,GAAG,YAAY,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3F,OAAO;QACL,IAAA,2DAAqC,EAAC;YACpC,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAoC;YAC5E,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,OAAO;YACP,IAAI,EAAE,UAAU;YAChB,UAAU;YACV,KAAK,EAAE,4BAA4B;YACnC,GAAG,EAAE,mBAAmB;YACxB,MAAM,EAAE,KAAK;YACb,WAAW,EAAE;gBACX,WAAW,EACT,uIAAuI;oBACvI,kJAAkJ;oBAClJ,oHAAoH;oBACpH,wGAAwG;gBAC1G,MAAM,EAAE,mBAAmB;oBACzB,CAAC,CAAC,SAAS,YAAY,gCAAgC;oBACvD,CAAC,CAAC,gIAAgI;gBACpI,KAAK,EAAE,mBAAmB;oBACxB,CAAC,CAAC,QAAQ,mBAAmB,CAAC,OAAO,yBAAyB;oBAC9D,CAAC,CAAC,6HAA6H;aAClI;YACD,YAAY,EAAE;gBACZ,WAAW,EACT,mIAAmI;oBACnI,gHAAgH;oBAChH,8HAA8H;oBAC9H,gFAAgF;gBAClF,cAAc,EACZ,qCAAqC;oBACrC,qDAAqD;oBACrD,mFAAmF;oBACnF,+EAA+E;gBACjF,eAAe,EAAE;oBACf,qEAAqE;oBACrE,8EAA8E;oBAC9E,4EAA4E;oBAC5E,wEAAwE;oBACxE,yEAAyE;iBAC1E;aACF;SACF,CAAC;KACH,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TypeScript Authentication Security Checks
|
|
3
|
+
* OWASP A07:2021 - Identification and Authentication Failures
|
|
4
|
+
* OWASP A02:2021 - Cryptographic Failures
|
|
5
|
+
*
|
|
6
|
+
* Detects critical authentication vulnerabilities:
|
|
7
|
+
* - Check #3: JWT None Algorithm bypass
|
|
8
|
+
* - Check #4: JWT Weak Secret
|
|
9
|
+
* - Check #88: Plaintext password comparison
|
|
10
|
+
* - Check #89: Weak/predictable token generation
|
|
11
|
+
* - Check #90: Master password backdoors
|
|
12
|
+
*/
|
|
13
|
+
import { SecurityVulnerability } from '../../types';
|
|
14
|
+
/**
|
|
15
|
+
* Checks for authentication vulnerabilities in TypeScript code
|
|
16
|
+
*
|
|
17
|
+
* Covers:
|
|
18
|
+
* - Check #3: JWT None Algorithm bypass (CRITICAL) - Phase A P0
|
|
19
|
+
* - Check #4: JWT Weak Secret (CRITICAL) - Phase A P0
|
|
20
|
+
* - Check #88: Plaintext password comparison (CRITICAL)
|
|
21
|
+
* - Check #89: Weak token generation (HIGH)
|
|
22
|
+
* - Check #90: Master password backdoor (HIGH)
|
|
23
|
+
*
|
|
24
|
+
* @param lines - Array of code lines
|
|
25
|
+
* @returns Array of security vulnerabilities found
|
|
26
|
+
*/
|
|
27
|
+
export declare function checkAuthentication(lines: string[]): SecurityVulnerability[];
|
|
28
|
+
//# sourceMappingURL=authentication.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/typescript/security-checks/authentication.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAYpD;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,EAAE,CAyezB"}
|