codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (455) hide show
  1. package/README.md +458 -0
  2. package/__tests__/cli-reporter.test.ts +86 -0
  3. package/__tests__/config-loader.test.ts +247 -0
  4. package/__tests__/local-scanner.test.ts +245 -0
  5. package/bin/codeslick.cjs +153 -0
  6. package/dist/packages/cli/src/commands/auth.d.ts +36 -0
  7. package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
  8. package/dist/packages/cli/src/commands/auth.js +226 -0
  9. package/dist/packages/cli/src/commands/auth.js.map +1 -0
  10. package/dist/packages/cli/src/commands/config.d.ts +37 -0
  11. package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
  12. package/dist/packages/cli/src/commands/config.js +196 -0
  13. package/dist/packages/cli/src/commands/config.js.map +1 -0
  14. package/dist/packages/cli/src/commands/init.d.ts +32 -0
  15. package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
  16. package/dist/packages/cli/src/commands/init.js +171 -0
  17. package/dist/packages/cli/src/commands/init.js.map +1 -0
  18. package/dist/packages/cli/src/commands/scan.d.ts +40 -0
  19. package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
  20. package/dist/packages/cli/src/commands/scan.js +204 -0
  21. package/dist/packages/cli/src/commands/scan.js.map +1 -0
  22. package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
  23. package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
  24. package/dist/packages/cli/src/config/config-loader.js +146 -0
  25. package/dist/packages/cli/src/config/config-loader.js.map +1 -0
  26. package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
  27. package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
  28. package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
  29. package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
  30. package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
  31. package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
  32. package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
  33. package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
  34. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
  35. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
  36. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
  37. package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
  38. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
  39. package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
  40. package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
  41. package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
  42. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
  43. package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
  44. package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
  45. package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
  46. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
  47. package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
  48. package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
  49. package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
  50. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
  51. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
  52. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
  53. package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
  54. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
  55. package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
  56. package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
  57. package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
  58. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
  59. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
  60. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
  61. package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
  62. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
  63. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
  64. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
  65. package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
  66. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
  67. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  68. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
  69. package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
  70. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
  71. package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
  72. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
  73. package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
  74. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
  75. package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
  76. package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
  77. package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
  78. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
  79. package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
  80. package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
  81. package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
  82. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
  83. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
  84. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
  85. package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
  86. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
  87. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
  88. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
  89. package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
  90. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
  91. package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
  92. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
  93. package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
  94. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
  95. package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
  96. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
  97. package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
  98. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
  99. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
  100. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
  101. package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
  102. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
  103. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
  104. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
  105. package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
  106. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
  107. package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
  108. package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
  109. package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
  110. package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
  111. package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
  112. package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
  113. package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
  114. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
  115. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
  116. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
  117. package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
  118. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
  119. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
  120. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
  121. package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
  122. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
  123. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
  124. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
  125. package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
  126. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
  127. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
  128. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
  129. package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
  130. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
  131. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
  132. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
  133. package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
  134. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
  135. package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
  136. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
  137. package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
  138. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
  139. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
  140. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
  141. package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
  142. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
  143. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
  144. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
  145. package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
  146. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
  147. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
  148. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
  149. package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
  150. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
  151. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  152. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
  153. package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
  154. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
  155. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
  156. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
  157. package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
  158. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
  159. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
  160. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
  161. package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
  162. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
  163. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
  164. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
  165. package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
  166. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
  167. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
  168. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
  169. package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
  170. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
  171. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
  172. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
  173. package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
  174. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
  175. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
  176. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
  177. package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
  178. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
  179. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
  180. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
  181. package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
  182. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
  183. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
  184. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
  185. package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
  186. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
  187. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
  188. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
  189. package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
  190. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
  191. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
  192. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
  193. package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
  194. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
  195. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
  196. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
  197. package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
  198. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
  199. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
  200. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
  201. package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
  202. package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
  203. package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
  204. package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
  205. package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
  206. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
  207. package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
  208. package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
  209. package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
  210. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
  211. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
  212. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
  213. package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
  214. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
  215. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
  216. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
  217. package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
  218. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
  219. package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
  220. package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
  221. package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
  222. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
  223. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
  224. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
  225. package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
  226. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
  227. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
  228. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
  229. package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
  230. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
  231. package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
  232. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
  233. package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
  234. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
  235. package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
  236. package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
  237. package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
  238. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
  239. package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
  240. package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
  241. package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
  242. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
  243. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  244. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
  245. package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
  246. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
  247. package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
  248. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
  249. package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
  250. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
  251. package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
  252. package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
  253. package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
  254. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
  255. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
  256. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
  257. package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
  258. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
  259. package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
  260. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
  261. package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
  262. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
  263. package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
  264. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
  265. package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
  266. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
  267. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
  268. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
  269. package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
  270. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
  271. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
  272. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
  273. package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
  274. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
  275. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
  276. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
  277. package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
  278. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
  279. package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
  280. package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
  281. package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
  282. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
  283. package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
  284. package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
  285. package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
  286. package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
  287. package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
  288. package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
  289. package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
  290. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
  291. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
  292. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
  293. package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
  294. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
  295. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
  296. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
  297. package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
  298. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
  299. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
  300. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
  301. package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
  302. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
  303. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
  304. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
  305. package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
  306. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
  307. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
  308. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
  309. package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
  310. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
  311. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
  312. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
  313. package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
  314. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
  315. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
  316. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
  317. package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
  318. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
  319. package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
  320. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
  321. package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
  322. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
  323. package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
  324. package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
  325. package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
  326. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
  327. package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
  328. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
  329. package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
  330. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
  331. package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
  332. package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
  333. package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
  334. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
  335. package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
  336. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
  337. package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
  338. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
  339. package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
  340. package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
  341. package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
  342. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
  343. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
  344. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
  345. package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
  346. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
  347. package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
  348. package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
  349. package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
  350. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
  351. package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
  352. package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
  353. package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
  354. package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
  355. package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
  356. package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
  357. package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
  358. package/dist/src/lib/analyzers/types.d.ts +92 -0
  359. package/dist/src/lib/analyzers/types.d.ts.map +1 -0
  360. package/dist/src/lib/analyzers/types.js +3 -0
  361. package/dist/src/lib/analyzers/types.js.map +1 -0
  362. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
  363. package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
  364. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
  365. package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
  366. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
  367. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
  368. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
  369. package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
  370. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
  371. package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
  372. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
  373. package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
  374. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
  375. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
  376. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
  377. package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
  378. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
  379. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
  380. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
  381. package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
  382. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
  383. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
  384. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
  385. package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
  386. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
  387. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
  388. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
  389. package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
  390. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
  391. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
  392. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
  393. package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
  394. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
  395. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
  396. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
  397. package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
  398. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
  399. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
  400. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
  401. package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
  402. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
  403. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
  404. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
  405. package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
  406. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
  407. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
  408. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
  409. package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
  410. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
  411. package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
  412. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
  413. package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
  414. package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
  415. package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
  416. package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
  417. package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
  418. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
  419. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
  420. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
  421. package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
  422. package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
  423. package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
  424. package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
  425. package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
  426. package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
  427. package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
  428. package/dist/src/lib/security/compliance-mapping.js +1342 -0
  429. package/dist/src/lib/security/compliance-mapping.js.map +1 -0
  430. package/dist/src/lib/security/severity-scoring.d.ts +47 -0
  431. package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
  432. package/dist/src/lib/security/severity-scoring.js +965 -0
  433. package/dist/src/lib/security/severity-scoring.js.map +1 -0
  434. package/dist/src/lib/standards/references.d.ts +16 -0
  435. package/dist/src/lib/standards/references.d.ts.map +1 -0
  436. package/dist/src/lib/standards/references.js +1161 -0
  437. package/dist/src/lib/standards/references.js.map +1 -0
  438. package/dist/src/lib/types/index.d.ts +167 -0
  439. package/dist/src/lib/types/index.d.ts.map +1 -0
  440. package/dist/src/lib/types/index.js +3 -0
  441. package/dist/src/lib/types/index.js.map +1 -0
  442. package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
  443. package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
  444. package/dist/src/lib/utils/code-cleaner.js +283 -0
  445. package/dist/src/lib/utils/code-cleaner.js.map +1 -0
  446. package/package.json +51 -0
  447. package/src/commands/auth.ts +308 -0
  448. package/src/commands/config.ts +226 -0
  449. package/src/commands/init.ts +202 -0
  450. package/src/commands/scan.ts +238 -0
  451. package/src/config/config-loader.ts +175 -0
  452. package/src/reporters/cli-reporter.ts +282 -0
  453. package/src/scanner/local-scanner.ts +250 -0
  454. package/tsconfig.json +24 -0
  455. package/tsconfig.tsbuildinfo +1 -0
package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts ADDED
@@ -0,0 +1,59 @@
1
+ /**
2
+ * Variable Tracker Module
3
+ *
4
+ * Pure functions for tracking variable declarations and usages in JavaScript/TypeScript code.
5
+ * Helps detect undeclared variables and reference errors.
6
+ *
7
+ * @module variable-tracker
8
+ */
9
+ import { LineError } from '../types';
10
+ /**
11
+ * Returns the set of built-in JavaScript globals and common APIs
12
+ *
13
+ * @returns Set of built-in identifiers
14
+ */
15
+ export declare function getBuiltIns(): Set<string>;
16
+ /**
17
+ * Returns the set of JavaScript keywords and patterns to skip during variable tracking
18
+ *
19
+ * @returns Set of keywords to skip
20
+ */
21
+ export declare function getSkipPatterns(): Set<string>;
22
+ /**
23
+ * Finds all variable declarations in the code
24
+ *
25
+ * @param lines - Array of code lines
26
+ * @param code - Full source code
27
+ * @param isInsideTemplateLiteral - Function to check if line is inside template literal
28
+ * @returns Set of declared variable names
29
+ */
30
+ export declare function findDeclarations(lines: string[], code: string, isInsideTemplateLiteral: (code: string, lineNumber: number) => boolean): Set<string>;
31
+ /**
32
+ * Finds all variable usages in the code
33
+ *
34
+ * @param lines - Array of code lines
35
+ * @param code - Full source code
36
+ * @param builtIns - Set of built-in identifiers to skip
37
+ * @param skipPatterns - Set of keywords to skip
38
+ * @param removeStringLiterals - Function to remove string literals from a line
39
+ * @param isInsideTemplateLiteral - Function to check if line is inside template literal
40
+ * @returns Array of variable usages with line numbers
41
+ */
42
+ export declare function findUsages(lines: string[], code: string, builtIns: Set<string>, skipPatterns: Set<string>, removeStringLiterals: (line: string) => string, isInsideTemplateLiteral: (code: string, lineNumber: number) => boolean): Array<{
43
+ line: number;
44
+ varName: string;
45
+ }>;
46
+ /**
47
+ * Checks for undeclared variables and returns line errors
48
+ *
49
+ * @param usages - Array of variable usages
50
+ * @param declaredVars - Set of declared variable names
51
+ * @param lines - Array of code lines
52
+ * @param hasJSX - Whether JSX was detected in the code
53
+ * @returns Array of line errors for undeclared variables
54
+ */
55
+ export declare function checkUndeclaredVariables(usages: Array<{
56
+ line: number;
57
+ varName: string;
58
+ }>, declaredVars: Set<string>, lines: string[], hasJSX: boolean): LineError[];
59
+ //# sourceMappingURL=variable-tracker.d.ts.map
package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"variable-tracker.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/helpers/variable-tracker.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC;;;;GAIG;AACH,wBAAgB,WAAW,IAAI,GAAG,CAAC,MAAM,CAAC,CAczC;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,GAAG,CAAC,MAAM,CAAC,CAU7C;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EAAE,EACf,IAAI,EAAE,MAAM,EACZ,uBAAuB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,GACrE,GAAG,CAAC,MAAM,CAAC,CA6Fb;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CACxB,KAAK,EAAE,MAAM,EAAE,EACf,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EACrB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EACzB,oBAAoB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,EAC9C,uBAAuB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,GACrE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAsD1C;AAED;;;;;;;;GAQG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,EAChD,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EACzB,KAAK,EAAE,MAAM,EAAE,EACf,MAAM,EAAE,OAAO,GACd,SAAS,EAAE,CAyBb"}
package/dist/src/lib/analyzers/helpers/variable-tracker.js ADDED
@@ -0,0 +1,231 @@
1
+ "use strict";
2
+ /**
3
+ * Variable Tracker Module
4
+ *
5
+ * Pure functions for tracking variable declarations and usages in JavaScript/TypeScript code.
6
+ * Helps detect undeclared variables and reference errors.
7
+ *
8
+ * @module variable-tracker
9
+ */
10
+ Object.defineProperty(exports, "__esModule", { value: true });
11
+ exports.getBuiltIns = getBuiltIns;
12
+ exports.getSkipPatterns = getSkipPatterns;
13
+ exports.findDeclarations = findDeclarations;
14
+ exports.findUsages = findUsages;
15
+ exports.checkUndeclaredVariables = checkUndeclaredVariables;
16
+ const jsx_helpers_1 = require("./jsx-helpers");
17
+ /**
18
+ * Returns the set of built-in JavaScript globals and common APIs
19
+ *
20
+ * @returns Set of built-in identifiers
21
+ */
22
+ function getBuiltIns() {
23
+ return new Set([
24
+ 'console', 'window', 'document', 'Math', 'Date', 'Array', 'Object', 'String',
25
+ 'Number', 'Boolean', 'Promise', 'Set', 'Map', 'JSON', 'parseInt', 'parseFloat',
26
+ 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'fetch', 'alert',
27
+ 'confirm', 'prompt', 'undefined', 'null', 'true', 'false', 'Infinity', 'NaN',
28
+ 'Error', 'TypeError', 'ReferenceError', 'require', 'module', 'exports', 'process',
29
+ '__dirname', '__filename', 'Buffer', 'global', 'FormData', 'URLSearchParams',
30
+ 'eval', // Built-in function for code execution (dangerous but valid JS)
31
+ // Browser APIs
32
+ 'URL', 'URLSearchParams', 'Response', 'Request', 'Headers',
33
+ // Node.js APIs
34
+ 'exec', 'spawn', 'execFile', 'fork'
35
+ ]);
36
+ }
37
+ /**
38
+ * Returns the set of JavaScript keywords and patterns to skip during variable tracking
39
+ *
40
+ * @returns Set of keywords to skip
41
+ */
42
+ function getSkipPatterns() {
43
+ return new Set(['if', 'else', 'for', 'while', 'switch', 'case', 'break', 'continue',
44
+ 'return', 'try', 'catch', 'finally', 'throw', 'new', 'this', 'super',
45
+ 'typeof', 'instanceof', 'delete', 'void', 'yield', 'await', 'async',
46
+ 'static', 'extends', 'implements', 'Interface', 'type', 'enum', 'export',
47
+ 'default', 'from', 'import', 'as', 'in', 'of', 'do', 'get', 'set',
48
+ // React lifecycle methods
49
+ 'constructor', 'render', 'componentDidMount', 'componentDidUpdate',
50
+ 'componentWillUnmount', 'shouldComponentUpdate', 'componentDidCatch',
51
+ 'getDerivedStateFromProps', 'getSnapshotBeforeUpdate']);
52
+ }
53
+ /**
54
+ * Finds all variable declarations in the code
55
+ *
56
+ * @param lines - Array of code lines
57
+ * @param code - Full source code
58
+ * @param isInsideTemplateLiteral - Function to check if line is inside template literal
59
+ * @returns Set of declared variable names
60
+ */
61
+ function findDeclarations(lines, code, isInsideTemplateLiteral) {
62
+ const declaredVars = new Set();
63
+ lines.forEach((line, index) => {
64
+ const lineNumber = index + 1;
65
+ // Skip lines inside template literals
66
+ if (isInsideTemplateLiteral(code, lineNumber)) {
67
+ return;
68
+ }
69
+ const trimmed = line.trim();
70
+ // Skip comments
71
+ if (trimmed.startsWith('//') || trimmed.startsWith('/*') || trimmed.startsWith('*')) {
72
+ return;
73
+ }
74
+ // Match variable declarations: const/let/var name
75
+ const declMatch = trimmed.match(/\b(const|let|var)\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/g);
76
+ if (declMatch) {
77
+ declMatch.forEach(decl => {
78
+ const varName = decl.replace(/^(const|let|var)\s+/, '').split(/[=\s;,]/)[0];
79
+ declaredVars.add(varName);
80
+ });
81
+ }
82
+ // Match function declarations: function name()
83
+ const funcMatch = trimmed.match(/function\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
84
+ if (funcMatch) {
85
+ declaredVars.add(funcMatch[1]);
86
+ }
87
+ // Match class declarations
88
+ const classMatch = trimmed.match(/class\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
89
+ if (classMatch) {
90
+ declaredVars.add(classMatch[1]);
91
+ }
92
+ // Match imports
93
+ const importMatch = trimmed.match(/import\s+(?:\{([^}]+)\}|([a-zA-Z_$][a-zA-Z0-9_$]*))\s+from/);
94
+ if (importMatch) {
95
+ if (importMatch[1]) {
96
+ importMatch[1].split(',').forEach(name => {
97
+ const cleanName = name.trim().split(/\s+as\s+/)[1] || name.trim();
98
+ declaredVars.add(cleanName);
99
+ });
100
+ }
101
+ else if (importMatch[2]) {
102
+ declaredVars.add(importMatch[2]);
103
+ }
104
+ }
105
+ // Match arrow function parameters (e.g., .then(response => ...), .catch(error => ...))
106
+ const arrowParamMatch = trimmed.matchAll(/\(([a-zA-Z_$][a-zA-Z0-9_$]*)\s*(?:,\s*[a-zA-Z_$][a-zA-Z0-9_$]*)?\)\s*=>/g);
107
+ for (const match of arrowParamMatch) {
108
+ if (match[1])
109
+ declaredVars.add(match[1]);
110
+ }
111
+ // Match single arrow function parameters (e.g., item => ...)
112
+ const singleArrowMatch = trimmed.matchAll(/\b([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=>/g);
113
+ for (const match of singleArrowMatch) {
114
+ if (match[1] && match[1] !== 'null' && match[1] !== 'undefined') {
115
+ declaredVars.add(match[1]);
116
+ }
117
+ }
118
+ // Match function parameters in regular functions: function name(param1, param2)
119
+ const funcParamMatch = trimmed.match(/function\s+[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(([^)]*)\)/);
120
+ if (funcParamMatch && funcParamMatch[1]) {
121
+ funcParamMatch[1].split(',').forEach(param => {
122
+ const paramName = param.trim().split(/[=\s]/)[0];
123
+ if (paramName)
124
+ declaredVars.add(paramName);
125
+ });
126
+ }
127
+ // Match class methods: methodName() { or methodName(params) {
128
+ // This includes React methods like increment(), render(), etc.
129
+ const classMethodMatch = trimmed.match(/^\s*([a-zA-Z_$][a-zA-Z0-9_$]*)\s*\([^)]*\)\s*\{/);
130
+ if (classMethodMatch) {
131
+ declaredVars.add(classMethodMatch[1]);
132
+ // Also collect parameters from class methods
133
+ const methodParamMatch = trimmed.match(/^\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(([^)]*)\)/);
134
+ if (methodParamMatch && methodParamMatch[1]) {
135
+ methodParamMatch[1].split(',').forEach(param => {
136
+ const paramName = param.trim().split(/[=\s:]/)[0]; // Handle TypeScript types too
137
+ if (paramName && paramName !== '')
138
+ declaredVars.add(paramName);
139
+ });
140
+ }
141
+ }
142
+ });
143
+ return declaredVars;
144
+ }
145
+ /**
146
+ * Finds all variable usages in the code
147
+ *
148
+ * @param lines - Array of code lines
149
+ * @param code - Full source code
150
+ * @param builtIns - Set of built-in identifiers to skip
151
+ * @param skipPatterns - Set of keywords to skip
152
+ * @param removeStringLiterals - Function to remove string literals from a line
153
+ * @param isInsideTemplateLiteral - Function to check if line is inside template literal
154
+ * @returns Array of variable usages with line numbers
155
+ */
156
+ function findUsages(lines, code, builtIns, skipPatterns, removeStringLiterals, isInsideTemplateLiteral) {
157
+ const usages = [];
158
+ lines.forEach((line, index) => {
159
+ const lineNumber = index + 1;
160
+ // Skip lines inside template literals
161
+ if (isInsideTemplateLiteral(code, lineNumber)) {
162
+ return;
163
+ }
164
+ const trimmed = line.trim();
165
+ // Skip comments
166
+ if (trimmed.startsWith('//') || trimmed.startsWith('/*') || trimmed.startsWith('*')) {
167
+ return;
168
+ }
169
+ // Skip declaration lines
170
+ if (trimmed.startsWith('const ') || trimmed.startsWith('let ') || trimmed.startsWith('var ') ||
171
+ trimmed.startsWith('function ') || trimmed.startsWith('import ') || trimmed.startsWith('class ')) {
172
+ return;
173
+ }
174
+ // CRITICAL FIX (2025-11-18): Remove BOTH comments AND string content before analyzing
175
+ // Previous bug: Detected words inside strings as variables (e.g., "Test Code" → "Code" flagged)
176
+ // Step 1: Remove comments first
177
+ const lineWithoutComments = line.split('//')[0];
178
+ // Step 2: Remove string literals (replaces string content with spaces)
179
+ const lineWithoutStrings = removeStringLiterals(lineWithoutComments);
180
+ const usagePattern = /(?<![.\w])([a-zA-Z_$][a-zA-Z0-9_$]*)(?=\s*(?:\(|=(?!=)|;|,|\+|-|\*|\/|%|>|<|&|\||$))/g;
181
+ const matches = lineWithoutStrings.matchAll(usagePattern);
182
+ const seenOnLine = new Set();
183
+ for (const match of matches) {
184
+ const varName = match[1];
185
+ const matchIndex = match.index || 0;
186
+ // Skip duplicates, property access, built-ins, keywords
187
+ if (seenOnLine.has(varName) ||
188
+ (matchIndex > 0 && lineWithoutStrings[matchIndex - 1] === '.') ||
189
+ builtIns.has(varName) ||
190
+ skipPatterns.has(varName) ||
191
+ trimmed.includes(`${varName}:`)) {
192
+ continue;
193
+ }
194
+ seenOnLine.add(varName);
195
+ usages.push({ line: lineNumber, varName });
196
+ }
197
+ });
198
+ return usages;
199
+ }
200
+ /**
201
+ * Checks for undeclared variables and returns line errors
202
+ *
203
+ * @param usages - Array of variable usages
204
+ * @param declaredVars - Set of declared variable names
205
+ * @param lines - Array of code lines
206
+ * @param hasJSX - Whether JSX was detected in the code
207
+ * @returns Array of line errors for undeclared variables
208
+ */
209
+ function checkUndeclaredVariables(usages, declaredVars, lines, hasJSX) {
210
+ const lineErrors = [];
211
+ usages.forEach(({ line, varName }) => {
212
+ // Skip JSX elements and attributes if JSX is detected
213
+ if ((0, jsx_helpers_1.isJSXElement)(varName, hasJSX)) {
214
+ return; // Don't report as error
215
+ }
216
+ // Skip if it's JSX text content (appears between > and </ in JSX)
217
+ if ((0, jsx_helpers_1.isJSXTextContent)(varName, line, lines, hasJSX)) {
218
+ return; // It's JSX text content, not a variable
219
+ }
220
+ if (!declaredVars.has(varName)) {
221
+ lineErrors.push({
222
+ line,
223
+ error: `ReferenceError: Variable '${varName}' used but never declared`,
224
+ suggestion: `Declare the variable: const ${varName} = ... or let ${varName} = ...`,
225
+ severity: 'error'
226
+ });
227
+ }
228
+ });
229
+ return lineErrors;
230
+ }
231
+ //# sourceMappingURL=variable-tracker.js.map
package/dist/src/lib/analyzers/helpers/variable-tracker.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"variable-tracker.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/helpers/variable-tracker.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAUH,kCAcC;AAOD,0CAUC;AAUD,4CAiGC;AAaD,gCA6DC;AAWD,4DA8BC;AArQD,+CAA+D;AAG/D;;;;GAIG;AACH,SAAgB,WAAW;IACzB,OAAO,IAAI,GAAG,CAAC;QACb,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;QAC5E,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY;QAC9E,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO;QAC9E,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK;QAC5E,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;QACjF,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,iBAAiB;QAC5E,MAAM,EAAE,gEAAgE;QACxE,eAAe;QACf,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS;QAC1D,eAAe;QACf,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM;KACpC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe;IAC7B,OAAO,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;QACnE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;QACpE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;QACnE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ;QACxE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;QACjE,0BAA0B;QAC1B,aAAa,EAAE,QAAQ,EAAE,mBAAmB,EAAE,oBAAoB;QAClE,sBAAsB,EAAE,uBAAuB,EAAE,mBAAmB;QACpE,0BAA0B,EAAE,yBAAyB,CAAC,CAAC,CAAC;AAC1E,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAC9B,KAAe,EACf,IAAY,EACZ,uBAAsE;IAEtE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAE7B,sCAAsC;QACtC,IAAI,uBAAuB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,gBAAgB;QAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACpF,OAAO;QACT,CAAC;QAED,kDAAkD;QAClD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACnF,IAAI,SAAS,EAAE,CAAC;YACd,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBACvB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5E,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC,CAAC,CAAC;QACL,CAAC;QAED,+CAA+C;QAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACzE,IAAI,SAAS,EAAE,CAAC;YACd,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACvE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QAED,gBAAgB;QAChB,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChG,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;oBACvC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBAClE,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBAC9B,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,uFAAuF;QACvF,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC,0EAA0E,CAAC,CAAC;QACrH,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC,CAAC,CAAC;gBAAE,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QAED,6DAA6D;QAC7D,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,oCAAoC,CAAC,CAAC;QAChF,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,WAAW,EAAE,CAAC;gBAChE,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAC1F,IAAI,cAAc,IAAI,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;YACxC,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;gBAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,IAAI,SAAS;oBAAE,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;QACL,CAAC;QAED,8DAA8D;QAC9D,+DAA+D;QAC/D,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QAC1F,IAAI,gBAAgB,EAAE,CAAC;YACrB,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;YAEtC,6CAA6C;YAC7C,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YACrF,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,8BAA8B;oBACjF,IAAI,SAAS,IAAI,SAAS,KAAK,EAAE;wBAAE,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBACjE,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,UAAU,CACxB,KAAe,EACf,IAAY,EACZ,QAAqB,EACrB,YAAyB,EACzB,oBAA8C,EAC9C,uBAAsE;IAEtE,MAAM,MAAM,GAA6C,EAAE,CAAC;IAE5D,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAE7B,sCAAsC;QACtC,IAAI,uBAAuB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,gBAAgB;QAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACpF,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;YACxF,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrG,OAAO;QACT,CAAC;QAED,sFAAsF;QACtF,gGAAgG;QAChG,gCAAgC;QAChC,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,uEAAuE;QACvE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,uFAAuF,CAAC;QAC7G,MAAM,OAAO,GAAG,kBAAkB,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QAErC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC;YAEpC,wDAAwD;YACxD,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;gBACvB,CAAC,UAAU,GAAG,CAAC,IAAI,kBAAkB,CAAC,UAAU,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC;gBAC9D,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC;gBACrB,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;gBACzB,OAAO,CAAC,QAAQ,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC;gBACpC,SAAS;YACX,CAAC;YAED,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,wBAAwB,CACtC,MAAgD,EAChD,YAAyB,EACzB,KAAe,EACf,MAAe;IAEf,MAAM,UAAU,GAAgB,EAAE,CAAC;IAEnC,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;QACnC,sDAAsD;QACtD,IAAI,IAAA,0BAAY,EAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,kEAAkE;QAClE,IAAI,IAAA,8BAAgB,EAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,wCAAwC;QAClD,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI;gBACJ,KAAK,EAAE,6BAA6B,OAAO,2BAA2B;gBACtE,UAAU,EAAE,+BAA+B,OAAO,iBAAiB,OAAO,QAAQ;gBAClF,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC;AACpB,CAAC"}
package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Java Access Control Security Checks
3
+ * OWASP A01:2025 - Broken Access Control
4
+ *
5
+ * Detects access control vulnerabilities in Java/Spring applications.
6
+ * Updated for OWASP 2025 with enhanced Spring Security patterns (Phase 7B Day 8).
7
+ */
8
+ import { SecurityVulnerability } from '../../types';
9
+ /**
10
+ * Checks for access control security vulnerabilities in Java code
11
+ *
12
+ * Covers:
13
+ * - Check #1: Missing @PreAuthorize/@Secured annotations (HIGH)
14
+ * - Check #2: Hard-coded roles in access control (MEDIUM)
15
+ *
16
+ * @param lines - Array of code lines
17
+ * @returns Array of security vulnerabilities found
18
+ */
19
+ export declare function checkAccessControl(lines: string[]): SecurityVulnerability[];
20
+ //# sourceMappingURL=access-control.d.ts.map
package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/access-control.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,EAAE,CAsKzB"}
package/dist/src/lib/analyzers/java/security-checks/access-control.js ADDED
@@ -0,0 +1,129 @@
1
+ "use strict";
2
+ /**
3
+ * Java Access Control Security Checks
4
+ * OWASP A01:2025 - Broken Access Control
5
+ *
6
+ * Detects access control vulnerabilities in Java/Spring applications.
7
+ * Updated for OWASP 2025 with enhanced Spring Security patterns (Phase 7B Day 8).
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.checkAccessControl = checkAccessControl;
11
+ const createVulnerability_1 = require("../utils/createVulnerability");
12
+ /**
13
+ * Checks for access control security vulnerabilities in Java code
14
+ *
15
+ * Covers:
16
+ * - Check #1: Missing @PreAuthorize/@Secured annotations (HIGH)
17
+ * - Check #2: Hard-coded roles in access control (MEDIUM)
18
+ *
19
+ * @param lines - Array of code lines
20
+ * @returns Array of security vulnerabilities found
21
+ */
22
+ function checkAccessControl(lines) {
23
+ const vulnerabilities = [];
24
+ let inMultiLineComment = false;
25
+ // Public endpoints that don't require authorization
26
+ const publicEndpoints = [
27
+ '/auth', '/login', '/register', '/signup',
28
+ '/health', '/actuator', '/metrics', '/info',
29
+ '/public', '/static', '/css', '/js', '/images',
30
+ '/api-docs', '/swagger', '/favicon'
31
+ ];
32
+ lines.forEach((line, index) => {
33
+ const trimmedLine = line.trim();
34
+ // CRITICAL: Track multi-line comment blocks (/* ... */)
35
+ if (trimmedLine.includes('/*')) {
36
+ inMultiLineComment = true;
37
+ }
38
+ if (trimmedLine.includes('*/')) {
39
+ inMultiLineComment = false;
40
+ return; // Skip the line with */
41
+ }
42
+ // CRITICAL: Skip all lines inside multi-line comments and single-line comments
43
+ if (!trimmedLine ||
44
+ inMultiLineComment ||
45
+ trimmedLine.startsWith('//')) {
46
+ return;
47
+ }
48
+ const lowerLine = trimmedLine.toLowerCase();
49
+ // Check #1: Missing @PreAuthorize/@Secured annotations on controller methods
50
+ // Detect Spring MVC/REST controller method mappings
51
+ const isMappingAnnotation = lowerLine.match(/@(get|post|put|delete|patch|request)mapping/);
52
+ if (isMappingAnnotation) {
53
+ // Extract endpoint path from annotation
54
+ const pathMatch = trimmedLine.match(/@(?:Get|Post|Put|Delete|Patch|Request)Mapping\s*\(\s*["']([^"']+)["']/i);
55
+ const endpointPath = pathMatch ? pathMatch[1] : '';
56
+ // Check if this is a public endpoint
57
+ const isPublicEndpoint = publicEndpoints.some(pub => endpointPath.toLowerCase().includes(pub));
58
+ if (!isPublicEndpoint) {
59
+ // Look for authorization annotations in previous 5 lines (method signature area)
60
+ const prevLines = lines.slice(Math.max(0, index - 5), index);
61
+ const hasAuthorization = prevLines.some(prevLine => {
62
+ const lowerPrev = prevLine.toLowerCase();
63
+ return lowerPrev.includes('@preauthorize') ||
64
+ lowerPrev.includes('@secured') ||
65
+ lowerPrev.includes('@rolesallowed');
66
+ });
67
+ // Look for method declaration in next 2 lines
68
+ const nextLines = lines.slice(index + 1, Math.min(index + 3, lines.length));
69
+ const hasMethodDeclaration = nextLines.some(nextLine => {
70
+ const trimmedNext = nextLine.trim();
71
+ return trimmedNext.match(/^(public|private|protected)\s+\w+\s+\w+\s*\(/);
72
+ });
73
+ // Check if endpoint is sensitive (delete, admin, etc.)
74
+ const isSensitiveEndpoint = endpointPath.toLowerCase().match(/\/(delete|remove|admin|update|edit)/);
75
+ if (!hasAuthorization && (isSensitiveEndpoint || hasMethodDeclaration)) {
76
+ // Find the actual method line number
77
+ let methodLineIndex = index + 1;
78
+ for (let i = index + 1; i < Math.min(index + 3, lines.length); i++) {
79
+ if (lines[i].trim().match(/^(public|private|protected)\s+\w+\s+\w+\s*\(/)) {
80
+ methodLineIndex = i;
81
+ break;
82
+ }
83
+ }
84
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('missing-authorization', 'Controller method missing authorization check', 'Add @PreAuthorize, @Secured, or @RolesAllowed annotation to restrict access', methodLineIndex + 1, 'Controller methods without authorization annotations allow unauthenticated or unauthorized users to access sensitive operations, leading to privilege escalation, data breaches, and unauthorized modifications', '@DeleteMapping("/admin/users/{id}")\npublic void deleteUser(@PathVariable Long id) { } // Missing @PreAuthorize!', [
85
+ 'Unauthorized access to sensitive operations',
86
+ 'Privilege escalation from regular user to admin',
87
+ 'Data breach through unprotected endpoints',
88
+ 'Unauthorized data modification or deletion',
89
+ 'Complete bypass of access control policies'
90
+ ], '@DeleteMapping("/users/{id}")\npublic void deleteUser(@PathVariable Long id) { }', '@PreAuthorize("hasRole(\'ADMIN\') or #id == authentication.principal.id")\n@DeleteMapping("/users/{id}")\npublic void deleteUser(@PathVariable Long id) { }', 'Always add authorization annotations to Spring controller methods. Use @PreAuthorize for fine-grained access control with SpEL expressions'));
91
+ }
92
+ }
93
+ }
94
+ // Check #2: Hard-coded roles in access control
95
+ // Check for hard-coded role strings in annotations
96
+ if (lowerLine.includes('@preauthorize') || lowerLine.includes('@secured') || lowerLine.includes('@rolesallowed')) {
97
+ // Look for quoted role strings (e.g., 'ADMIN', "ROLE_USER")
98
+ const hasQuotedRole = trimmedLine.match(/["'](?:ROLE_)?[A-Z_]+["']/);
99
+ // Exclude if using constants (no quotes around identifier)
100
+ const usesConstant = trimmedLine.match(/@(?:PreAuthorize|Secured|RolesAllowed)\s*\([^"']*(?:ROLE_[A-Z_]+|[A-Z_]+\.[A-Z_]+)[^"']*\)/i);
101
+ // Exclude if using configuration/method reference (e.g., @rolesConfig.getAdminRole())
102
+ const usesExternalConfig = trimmedLine.match(/@\w+\.\w+\(/);
103
+ if (hasQuotedRole && !usesConstant && !usesExternalConfig) {
104
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('hardcoded-roles', 'Authorization check uses hard-coded role string', 'Use role constants or externalize role configuration', index + 1, 'Hard-coding role names in authorization annotations makes roles difficult to change, leads to inconsistencies across the codebase, and violates the principle of configuration externalization', '@PreAuthorize("hasRole(\'ADMIN\')") // Hard-coded role string', [
105
+ 'Difficult to modify roles across large codebases',
106
+ 'Risk of typos and inconsistencies',
107
+ 'Cannot change roles without recompilation',
108
+ 'Violation of configuration externalization principle',
109
+ 'Testing complexity (cannot mock roles easily)'
110
+ ], '@PreAuthorize("hasRole(\'ADMIN\')")', 'public static final String ROLE_ADMIN = "ADMIN";\n@PreAuthorize("hasRole(ROLE_ADMIN)")', 'Define role constants in a central location (e.g., Roles.java) and reference them in authorization annotations'));
111
+ }
112
+ }
113
+ // Check for hard-coded roles in manual role checks (if statements)
114
+ if (lowerLine.match(/\.getrole\s*\(\s*\)\s*\.\s*equals\s*\(/)) {
115
+ const hasQuotedRole = trimmedLine.match(/\.equals\s*\(\s*["'](?:ROLE_)?[A-Z_]+["']\s*\)/);
116
+ if (hasQuotedRole) {
117
+ vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('hardcoded-roles', 'Manual access control uses hard-coded role string', 'Use role constants instead of string literals', index + 1, 'Hard-coding role names in manual access control checks makes the codebase fragile and error-prone', 'if (user.getRole().equals("ADMIN")) { } // Hard-coded role', [
118
+ 'Typos can break access control',
119
+ 'Difficult to refactor role names',
120
+ 'Inconsistent role checking across code',
121
+ 'Cannot configure roles externally',
122
+ 'Maintenance nightmare in large codebases'
123
+ ], 'if (user.getRole().equals("ADMIN")) { }', 'if (user.getRole().equals(Roles.ADMIN)) { }', 'Always use role constants to ensure consistency and enable easy refactoring'));
124
+ }
125
+ }
126
+ });
127
+ return vulnerabilities;
128
+ }
129
+ //# sourceMappingURL=access-control.js.map
package/dist/src/lib/analyzers/java/security-checks/access-control.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"access-control.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/access-control.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAeH,gDAwKC;AApLD,sEAA+E;AAE/E;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAChC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,oDAAoD;IACpD,MAAM,eAAe,GAAG;QACtB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS;QACzC,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO;QAC3C,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;QAC9C,WAAW,EAAE,UAAU,EAAE,UAAU;KACpC,CAAC;IAEF,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,wDAAwD;QACxD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,6EAA6E;QAC7E,oDAAoD;QACpD,MAAM,mBAAmB,GAAG,SAAS,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAE3F,IAAI,mBAAmB,EAAE,CAAC;YACxB,wCAAwC;YACxC,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;YAC9G,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAEnD,qCAAqC;YACrC,MAAM,gBAAgB,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAE/F,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,iFAAiF;gBACjF,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;gBAC7D,MAAM,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBACjD,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;oBACzC,OAAO,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;wBACnC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;wBAC9B,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;gBAC7C,CAAC,CAAC,CAAC;gBAEH,8CAA8C;gBAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5E,MAAM,oBAAoB,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBACrD,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACpC,OAAO,WAAW,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBAC3E,CAAC,CAAC,CAAC;gBAEH,uDAAuD;gBACvD,MAAM,mBAAmB,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;gBAEpG,IAAI,CAAC,gBAAgB,IAAI,CAAC,mBAAmB,IAAI,oBAAoB,CAAC,EAAE,CAAC;oBACvE,qCAAqC;oBACrC,IAAI,eAAe,GAAG,KAAK,GAAG,CAAC,CAAC;oBAChC,KAAK,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;wBACnE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,8CAA8C,CAAC,EAAE,CAAC;4BAC1E,eAAe,GAAG,CAAC,CAAC;4BACpB,MAAM;wBACR,CAAC;oBACH,CAAC;oBAED,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,uBAAuB,EACvB,+CAA+C,EAC/C,6EAA6E,EAC7E,eAAe,GAAG,CAAC,EACnB,iNAAiN,EACjN,kHAAkH,EAClH;wBACE,6CAA6C;wBAC7C,iDAAiD;wBACjD,2CAA2C;wBAC3C,4CAA4C;wBAC5C,4CAA4C;qBAC7C,EACD,kFAAkF,EAClF,6JAA6J,EAC7J,4IAA4I,CAC7I,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,mDAAmD;QACnD,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACjH,4DAA4D;YAC5D,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAErE,2DAA2D;YAC3D,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,6FAA6F,CAAC,CAAC;YAEtI,sFAAsF;YACtF,MAAM,kBAAkB,GAAG,WAAW,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAE5D,IAAI,aAAa,IAAI,CAAC,YAAY,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC1D,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,iBAAiB,EACjB,iDAAiD,EACjD,sDAAsD,EACtD,KAAK,GAAG,CAAC,EACT,gMAAgM,EAChM,+DAA+D,EAC/D;oBACE,kDAAkD;oBAClD,mCAAmC;oBACnC,2CAA2C;oBAC3C,sDAAsD;oBACtD,+CAA+C;iBAChD,EACD,qCAAqC,EACrC,wFAAwF,EACxF,gHAAgH,CACjH,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,IAAI,SAAS,CAAC,KAAK,CAAC,wCAAwC,CAAC,EAAE,CAAC;YAC9D,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAE1F,IAAI,aAAa,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,iBAAiB,EACjB,mDAAmD,EACnD,+CAA+C,EAC/C,KAAK,GAAG,CAAC,EACT,mGAAmG,EACnG,4DAA4D,EAC5D;oBACE,gCAAgC;oBAChC,kCAAkC;oBAClC,wCAAwC;oBACxC,mCAAmC;oBACnC,0CAA0C;iBAC3C,EACD,yCAAyC,EACzC,6CAA6C,EAC7C,6EAA6E,CAC9E,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts ADDED
@@ -0,0 +1,25 @@
1
+ /**
2
+ * Java AI-Generated Code Detection Module
3
+ *
4
+ * Detects AI-generated code patterns as SECURITY RISKS:
5
+ * - 12 hallucination patterns (Python/JavaScript/Rust influence)
6
+ * - 8 code smell heuristics (over-engineering, inconsistency)
7
+ * - Confidence scoring (HIGH/MEDIUM/LOW)
8
+ *
9
+ * OWASP A04:2025 - Insecure Design
10
+ * CWE-1120 - Excessive Code Complexity
11
+ * CWE-758 - Reliance on Undefined Behavior
12
+ *
13
+ * Phase 1.5, Week 5-7 (AI-Generated Code Detection)
14
+ * Created: January 8, 2026
15
+ */
16
+ import { SecurityVulnerability } from '../../types';
17
+ /**
18
+ * Detect AI-generated code in Java
19
+ *
20
+ * @param lines - Array of code lines
21
+ * @param filename - Optional filename (to skip test files)
22
+ * @returns Array of security vulnerabilities (0-1 aggregated vulnerability)
23
+ */
24
+ export declare function checkAIGeneratedCode(lines: string[], filename?: string): SecurityVulnerability[];
25
+ //# sourceMappingURL=ai-generated-code.d.ts.map
package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ai-generated-code.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/ai-generated-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AA+FpD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,EACf,QAAQ,CAAC,EAAE,MAAM,GAChB,qBAAqB,EAAE,CAuJzB"}