codeslick-cli 1.1.6 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/__tests__/local-scanner.test.ts +5 -0
- package/dist/packages/cli/src/commands/scan.d.ts.map +1 -1
- package/dist/packages/cli/src/commands/scan.js +3 -1
- package/dist/packages/cli/src/commands/scan.js.map +1 -1
- package/dist/packages/cli/src/config/config-loader.d.ts +2 -2
- package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -1
- package/dist/packages/cli/src/config/config-loader.js +2 -2
- package/dist/packages/cli/src/config/config-loader.js.map +1 -1
- package/dist/packages/cli/src/scanner/local-scanner.d.ts +2 -2
- package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -1
- package/dist/packages/cli/src/scanner/local-scanner.js +10 -1
- package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -1
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.d.ts +20 -0
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.js +211 -0
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.d.ts +20 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.js +201 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.js +545 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.d.ts +23 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.js +321 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.d.ts +22 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.js +267 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.js +210 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.js +192 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.d.ts +24 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.js +401 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.js +252 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.js +112 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.d.ts +22 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.js +244 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.js.map +1 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/go-analyzer.d.ts +48 -0
- package/dist/src/lib/analyzers/go-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go-analyzer.js +233 -0
- package/dist/src/lib/analyzers/go-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -1
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +5 -3
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +23 -5
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.js +17 -1
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -1
- package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -1
- package/dist/src/lib/security/compliance-mapping.js +403 -0
- package/dist/src/lib/security/compliance-mapping.js.map +1 -1
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -1
- package/dist/src/lib/security/severity-scoring.js +169 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -1
- package/dist/src/lib/types/index.d.ts +2 -2
- package/dist/src/lib/types/index.d.ts.map +1 -1
- package/example3.go +23 -0
- package/package.json +1 -1
- package/src/commands/scan.ts +3 -1
- package/src/config/config-loader.ts +3 -3
- package/src/scanner/local-scanner.ts +13 -2
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Go Access Control Security Checks
|
|
4
|
+
* OWASP A01:2025 - Broken Access Control
|
|
5
|
+
*
|
|
6
|
+
* Detects access control vulnerabilities in Go code.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.checkAccessControl = checkAccessControl;
|
|
10
|
+
const createVulnerability_1 = require("../utils/createVulnerability");
|
|
11
|
+
/**
|
|
12
|
+
* Checks for access control vulnerabilities
|
|
13
|
+
*
|
|
14
|
+
* Covers:
|
|
15
|
+
* - Check #1: Path traversal vulnerabilities (CRITICAL)
|
|
16
|
+
* - Check #2: Missing authentication checks (HIGH)
|
|
17
|
+
* - Check #3: Missing CSRF protection (MEDIUM)
|
|
18
|
+
*
|
|
19
|
+
* @param lines - Array of code lines
|
|
20
|
+
* @returns Array of security vulnerabilities found
|
|
21
|
+
*/
|
|
22
|
+
function checkAccessControl(lines) {
|
|
23
|
+
const vulnerabilities = [];
|
|
24
|
+
let inMultiLineComment = false;
|
|
25
|
+
// Track variables that contain user input
|
|
26
|
+
const userInputVariables = new Map();
|
|
27
|
+
lines.forEach((line, index) => {
|
|
28
|
+
const lineNumber = index + 1;
|
|
29
|
+
const trimmed = line.trim();
|
|
30
|
+
// Track multi-line comments (/* ... */)
|
|
31
|
+
if (trimmed.includes('/*')) {
|
|
32
|
+
inMultiLineComment = true;
|
|
33
|
+
}
|
|
34
|
+
if (trimmed.includes('*/')) {
|
|
35
|
+
inMultiLineComment = false;
|
|
36
|
+
return;
|
|
37
|
+
}
|
|
38
|
+
// Skip comments and empty lines
|
|
39
|
+
if (!trimmed || inMultiLineComment || trimmed.startsWith('//')) {
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
// =============================================================================
|
|
43
|
+
// Track user input sources (for path traversal detection)
|
|
44
|
+
// =============================================================================
|
|
45
|
+
// Track variables from HTTP requests, form data, query params
|
|
46
|
+
const userInputMatch = trimmed.match(/(\w+)\s*(?::=|=)\s*(?:r\.(?:URL\.Query\(\)|FormValue|PostFormValue|Header\.Get)|chi\.URLParam|mux\.Vars|c\.(?:Query|Param|PostForm)|ctx\.(?:Query|Param)|gin\.Context\.(?:Query|Param))/i);
|
|
47
|
+
if (userInputMatch) {
|
|
48
|
+
const variableName = userInputMatch[1];
|
|
49
|
+
userInputVariables.set(variableName, lineNumber);
|
|
50
|
+
}
|
|
51
|
+
// =============================================================================
|
|
52
|
+
// Check #1: Path Traversal Vulnerabilities
|
|
53
|
+
// =============================================================================
|
|
54
|
+
// CVSS 8.6 - HIGH
|
|
55
|
+
// Detects unsafe file path operations with user input
|
|
56
|
+
const hasFileOperation = /(?:os\.Open|ioutil\.ReadFile|os\.ReadFile|os\.Create|os\.WriteFile|filepath\.Join)\s*\(/i.test(trimmed);
|
|
57
|
+
const hasUnsafePath = /filepath\.Join\s*\([^)]*\+|os\.(?:Open|Create|ReadFile)\s*\([^)]*\+/i.test(trimmed);
|
|
58
|
+
// Check if using user input in file operations
|
|
59
|
+
let usesUserInput = false;
|
|
60
|
+
userInputVariables.forEach((declaredLine, varName) => {
|
|
61
|
+
if (trimmed.includes(varName) && declaredLine < lineNumber) {
|
|
62
|
+
usesUserInput = true;
|
|
63
|
+
}
|
|
64
|
+
});
|
|
65
|
+
// Check for direct user input patterns
|
|
66
|
+
const hasDirectUserInput = /r\.(?:URL\.Query|FormValue|PostFormValue)|chi\.URLParam|mux\.Vars|c\.(?:Query|Param)|ctx\.(?:Query|Param)/.test(trimmed);
|
|
67
|
+
if (hasFileOperation && (hasUnsafePath || usesUserInput || hasDirectUserInput)) {
|
|
68
|
+
// Exclude safe patterns
|
|
69
|
+
const hasSafeValidation = /filepath\.Clean|filepath\.Abs|strings\.Contains.*\.\.|path\.IsAbs/.test(trimmed);
|
|
70
|
+
if (!hasSafeValidation) {
|
|
71
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
72
|
+
category: 'go-path-traversal',
|
|
73
|
+
severity: 'high',
|
|
74
|
+
confidence: 'high',
|
|
75
|
+
message: 'Path traversal vulnerability - user input used in file operations',
|
|
76
|
+
line: lineNumber,
|
|
77
|
+
suggestion: 'Validate file paths with filepath.Clean(), check for "..", and use allowlist of permitted directories',
|
|
78
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
79
|
+
cwe: 'CWE-22',
|
|
80
|
+
pciDss: 'PCI DSS 6.5.8',
|
|
81
|
+
remediation: {
|
|
82
|
+
explanation: 'Path traversal allows attackers to access files outside the intended directory using "../" sequences. Always validate and sanitize file paths from user input.',
|
|
83
|
+
before: `filename := r.URL.Query().Get("file")\ndata, _ := os.ReadFile(filename) // DANGEROUS`,
|
|
84
|
+
after: `filename := r.URL.Query().Get("file")\ncleanPath := filepath.Clean(filename)\nif strings.Contains(cleanPath, "..") {\n return errors.New("invalid path")\n}\ndata, _ := os.ReadFile(filepath.Join("/safe/dir", cleanPath))`
|
|
85
|
+
},
|
|
86
|
+
attackVector: {
|
|
87
|
+
description: 'Attackers can use "../" sequences to traverse directories and access sensitive files like /etc/passwd, application secrets, or source code.',
|
|
88
|
+
exploitExample: `// Vulnerable code:\nfilename := r.URL.Query().Get("file")\nos.ReadFile(filename)\n// Attacker requests: ?file=../../../../etc/passwd\n// Application reads sensitive system files`,
|
|
89
|
+
realWorldImpact: [
|
|
90
|
+
'Read sensitive files (/etc/passwd, config files, source code)',
|
|
91
|
+
'Overwrite critical files',
|
|
92
|
+
'Execute arbitrary code via file upload',
|
|
93
|
+
'Data breach and system compromise',
|
|
94
|
+
'Compliance violations (PCI DSS, SOC 2)'
|
|
95
|
+
]
|
|
96
|
+
}
|
|
97
|
+
}));
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
// =============================================================================
|
|
101
|
+
// Check #2: Missing Authentication Checks
|
|
102
|
+
// =============================================================================
|
|
103
|
+
// CVSS 8.6 - HIGH
|
|
104
|
+
// Detects HTTP handlers without authentication
|
|
105
|
+
const isHTTPHandler = /func\s+\w+\s*\(\s*w\s+http\.ResponseWriter\s*,\s*r\s+\*http\.Request\s*\)|router\.(?:GET|POST|PUT|DELETE|PATCH)|http\.HandleFunc|mux\.HandleFunc|chi\.(?:Get|Post|Put|Delete)|gin\.(?:GET|POST|PUT|DELETE)/.test(trimmed);
|
|
106
|
+
// Check if this is a sensitive endpoint (admin, delete, update, etc.)
|
|
107
|
+
const isSensitiveEndpoint = /\/admin|\/delete|\/update|\/create|DELETE|PUT|PATCH|func\s+(?:Delete|Update|Create|Admin)/i.test(trimmed);
|
|
108
|
+
if (isHTTPHandler && isSensitiveEndpoint) {
|
|
109
|
+
// Look ahead for authentication checks in the next few lines
|
|
110
|
+
let hasAuthCheck = false;
|
|
111
|
+
const lookAheadLines = 10;
|
|
112
|
+
for (let i = index; i < Math.min(index + lookAheadLines, lines.length); i++) {
|
|
113
|
+
const nextLine = lines[i].toLowerCase();
|
|
114
|
+
if (/auth|jwt|token|session|cookie|middleware|authenticate|authorize|checkpermission|requireauth/.test(nextLine)) {
|
|
115
|
+
hasAuthCheck = true;
|
|
116
|
+
break;
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
if (!hasAuthCheck) {
|
|
120
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
121
|
+
category: 'go-missing-auth',
|
|
122
|
+
severity: 'high',
|
|
123
|
+
confidence: 'medium',
|
|
124
|
+
message: 'Potentially missing authentication check on sensitive endpoint',
|
|
125
|
+
line: lineNumber,
|
|
126
|
+
suggestion: 'Add authentication middleware or checks before processing sensitive operations',
|
|
127
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
128
|
+
cwe: 'CWE-306',
|
|
129
|
+
pciDss: 'PCI DSS 6.5.10',
|
|
130
|
+
remediation: {
|
|
131
|
+
explanation: 'Sensitive endpoints must verify user authentication before processing requests. Use middleware or explicit authentication checks.',
|
|
132
|
+
before: `router.DELETE("/admin/users/:id", func(w http.ResponseWriter, r *http.Request) {\n // No auth check - anyone can delete users!\n deleteUser(id)\n})`,
|
|
133
|
+
after: `router.DELETE("/admin/users/:id", authMiddleware, func(w http.ResponseWriter, r *http.Request) {\n // authMiddleware validates JWT/session\n deleteUser(id)\n})`
|
|
134
|
+
},
|
|
135
|
+
attackVector: {
|
|
136
|
+
description: 'Without authentication, attackers can access admin functions, delete data, modify records, or perform privileged operations.',
|
|
137
|
+
exploitExample: `// Vulnerable endpoint:\nrouter.DELETE("/admin/users/:id", deleteUser)\n// Attacker sends: DELETE /admin/users/1\n// Application deletes user without authentication`,
|
|
138
|
+
realWorldImpact: [
|
|
139
|
+
'Unauthorized access to admin functions',
|
|
140
|
+
'Data deletion or modification',
|
|
141
|
+
'Privilege escalation',
|
|
142
|
+
'Account takeover',
|
|
143
|
+
'Complete system compromise'
|
|
144
|
+
]
|
|
145
|
+
}
|
|
146
|
+
}));
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
// =============================================================================
|
|
150
|
+
// Check #3: Missing CSRF Protection
|
|
151
|
+
// =============================================================================
|
|
152
|
+
// CVSS 6.5 - MEDIUM
|
|
153
|
+
// Detects state-changing operations without CSRF tokens
|
|
154
|
+
const isStateChangingHandler = /router\.(?:POST|PUT|DELETE|PATCH)|http\.HandleFunc.*(?:POST|PUT|DELETE)|mux\.HandleFunc.*(?:POST|PUT|DELETE)|(?:chi|r)\.(?:Post|Put|Delete|Patch)|gin\.(?:POST|PUT|DELETE|PATCH)/.test(trimmed);
|
|
155
|
+
// Check if method check is present
|
|
156
|
+
const hasMethodCheck = /r\.Method\s*==|(?:chi|r)\.(?:Post|Put|Delete)|gin\.(?:POST|PUT|DELETE)/.test(trimmed);
|
|
157
|
+
if ((isStateChangingHandler || hasMethodCheck) && /POST|PUT|DELETE|PATCH|Post|Put|Delete|Patch/.test(trimmed)) {
|
|
158
|
+
// Look for CSRF protection in surrounding code
|
|
159
|
+
let hasCSRFProtection = false;
|
|
160
|
+
const csrfLookAhead = 15;
|
|
161
|
+
for (let i = Math.max(0, index - 5); i < Math.min(index + csrfLookAhead, lines.length); i++) {
|
|
162
|
+
const checkLine = lines[i].toLowerCase();
|
|
163
|
+
if (/csrf|csrftoken|x-csrf-token|_csrf|gorilla\/csrf|nosurf/.test(checkLine)) {
|
|
164
|
+
hasCSRFProtection = true;
|
|
165
|
+
break;
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
if (!hasCSRFProtection && !trimmed.includes('API') && !trimmed.includes('/api/')) {
|
|
169
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
170
|
+
category: 'go-missing-csrf',
|
|
171
|
+
severity: 'medium',
|
|
172
|
+
confidence: 'medium',
|
|
173
|
+
message: 'Potentially missing CSRF protection on state-changing endpoint',
|
|
174
|
+
line: lineNumber,
|
|
175
|
+
suggestion: 'Add CSRF token validation using gorilla/csrf or similar middleware for non-API endpoints',
|
|
176
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
177
|
+
cwe: 'CWE-352',
|
|
178
|
+
pciDss: 'PCI DSS 6.5.9',
|
|
179
|
+
remediation: {
|
|
180
|
+
explanation: 'CSRF attacks trick authenticated users into performing unwanted actions. Use CSRF tokens for all state-changing operations (POST/PUT/DELETE). APIs using JWT/Bearer tokens are typically exempt.',
|
|
181
|
+
before: `router.POST("/transfer", func(w http.ResponseWriter, r *http.Request) {\n // No CSRF check - vulnerable to CSRF\n transferMoney(from, to, amount)\n})`,
|
|
182
|
+
after: `import "github.com/gorilla/csrf"\n\ncsrfMiddleware := csrf.Protect(key)\nrouter.POST("/transfer", csrfMiddleware(func(w http.ResponseWriter, r *http.Request) {\n transferMoney(from, to, amount)\n}))`
|
|
183
|
+
},
|
|
184
|
+
attackVector: {
|
|
185
|
+
description: 'Attackers craft malicious websites that submit forms to your application using the victim\'s authenticated session, performing unwanted actions.',
|
|
186
|
+
exploitExample: `// Vulnerable endpoint:\nrouter.POST("/transfer", transferMoney)\n// Attacker creates malicious page:\n<form action="https://victim.com/transfer" method="POST">\n <input name="to" value="attacker">\n <input name="amount" value="1000">\n</form>\n<script>document.forms[0].submit()</script>`,
|
|
187
|
+
realWorldImpact: [
|
|
188
|
+
'Unauthorized funds transfer',
|
|
189
|
+
'Account settings modification',
|
|
190
|
+
'Password changes',
|
|
191
|
+
'Data deletion or modification',
|
|
192
|
+
'Privilege escalation'
|
|
193
|
+
]
|
|
194
|
+
}
|
|
195
|
+
}));
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
});
|
|
199
|
+
return vulnerabilities;
|
|
200
|
+
}
|
|
201
|
+
//# sourceMappingURL=access-control.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-control.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/go/security-checks/access-control.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAgBH,gDAmPC;AAhQD,sEAA6E;AAE7E;;;;;;;;;;GAUG;AACH,SAAgB,kBAAkB,CAAC,KAAe;IAChD,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,0CAA0C;IAC1C,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAErD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,wCAAwC;QACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,gFAAgF;QAChF,0DAA0D;QAC1D,gFAAgF;QAEhF,8DAA8D;QAC9D,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAClC,0LAA0L,CAC3L,CAAC;QAEF,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACvC,kBAAkB,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QACnD,CAAC;QAED,gFAAgF;QAChF,2CAA2C;QAC3C,gFAAgF;QAChF,kBAAkB;QAClB,sDAAsD;QAEtD,MAAM,gBAAgB,GACpB,0FAA0F,CAAC,IAAI,CAC7F,OAAO,CACR,CAAC;QACJ,MAAM,aAAa,GAAG,sEAAsE,CAAC,IAAI,CAC/F,OAAO,CACR,CAAC;QAEF,+CAA+C;QAC/C,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,kBAAkB,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,OAAO,EAAE,EAAE;YACnD,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,YAAY,GAAG,UAAU,EAAE,CAAC;gBAC3D,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,uCAAuC;QACvC,MAAM,kBAAkB,GACtB,2GAA2G,CAAC,IAAI,CAC9G,OAAO,CACR,CAAC;QAEJ,IAAI,gBAAgB,IAAI,CAAC,aAAa,IAAI,aAAa,IAAI,kBAAkB,CAAC,EAAE,CAAC;YAC/E,wBAAwB;YACxB,MAAM,iBAAiB,GACrB,mEAAmE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEpF,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvB,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;oBAC5B,QAAQ,EAAE,mBAAmB;oBAC7B,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,MAAM;oBAClB,OAAO,EAAE,mEAAmE;oBAC5E,IAAI,EAAE,UAAU;oBAChB,UAAU,EACR,uGAAuG;oBACzG,KAAK,EAAE,kCAAkC;oBACzC,GAAG,EAAE,QAAQ;oBACb,MAAM,EAAE,eAAe;oBACvB,WAAW,EAAE;wBACX,WAAW,EACT,gKAAgK;wBAClK,MAAM,EAAE,sFAAsF;wBAC9F,KAAK,EAAE,+NAA+N;qBACvO;oBACD,YAAY,EAAE;wBACZ,WAAW,EACT,6IAA6I;wBAC/I,cAAc,EAAE,oLAAoL;wBACpM,eAAe,EAAE;4BACf,+DAA+D;4BAC/D,0BAA0B;4BAC1B,wCAAwC;4BACxC,mCAAmC;4BACnC,wCAAwC;yBACzC;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,0CAA0C;QAC1C,gFAAgF;QAChF,kBAAkB;QAClB,+CAA+C;QAE/C,MAAM,aAAa,GACjB,4MAA4M,CAAC,IAAI,CAC/M,OAAO,CACR,CAAC;QAEJ,sEAAsE;QACtE,MAAM,mBAAmB,GACvB,4FAA4F,CAAC,IAAI,CAC/F,OAAO,CACR,CAAC;QAEJ,IAAI,aAAa,IAAI,mBAAmB,EAAE,CAAC;YACzC,6DAA6D;YAC7D,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,MAAM,cAAc,GAAG,EAAE,CAAC;YAC1B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5E,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACxC,IACE,6FAA6F,CAAC,IAAI,CAChG,QAAQ,CACT,EACD,CAAC;oBACD,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;oBAC5B,QAAQ,EAAE,iBAAiB;oBAC3B,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,QAAQ;oBACpB,OAAO,EAAE,gEAAgE;oBACzE,IAAI,EAAE,UAAU;oBAChB,UAAU,EACR,gFAAgF;oBAClF,KAAK,EAAE,kCAAkC;oBACzC,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,gBAAgB;oBACxB,WAAW,EAAE;wBACX,WAAW,EACT,mIAAmI;wBACrI,MAAM,EAAE,2JAA2J;wBACnK,KAAK,EAAE,uKAAuK;qBAC/K;oBACD,YAAY,EAAE;wBACZ,WAAW,EACT,8HAA8H;wBAChI,cAAc,EAAE,sKAAsK;wBACtL,eAAe,EAAE;4BACf,wCAAwC;4BACxC,+BAA+B;4BAC/B,sBAAsB;4BACtB,kBAAkB;4BAClB,4BAA4B;yBAC7B;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gFAAgF;QAChF,oCAAoC;QACpC,gFAAgF;QAChF,oBAAoB;QACpB,wDAAwD;QAExD,MAAM,sBAAsB,GAC1B,kLAAkL,CAAC,IAAI,CACrL,OAAO,CACR,CAAC;QAEJ,mCAAmC;QACnC,MAAM,cAAc,GAAG,wEAAwE,CAAC,IAAI,CAClG,OAAO,CACR,CAAC;QAEF,IAAI,CAAC,sBAAsB,IAAI,cAAc,CAAC,IAAI,6CAA6C,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9G,+CAA+C;YAC/C,IAAI,iBAAiB,GAAG,KAAK,CAAC;YAC9B,MAAM,aAAa,GAAG,EAAE,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5F,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACzC,IAAI,wDAAwD,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC7E,iBAAiB,GAAG,IAAI,CAAC;oBACzB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,iBAAiB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjF,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;oBAC5B,QAAQ,EAAE,iBAAiB;oBAC3B,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,QAAQ;oBACpB,OAAO,EAAE,gEAAgE;oBACzE,IAAI,EAAE,UAAU;oBAChB,UAAU,EACR,0FAA0F;oBAC5F,KAAK,EAAE,kCAAkC;oBACzC,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,eAAe;oBACvB,WAAW,EAAE;wBACX,WAAW,EACT,kMAAkM;wBACpM,MAAM,EAAE,6JAA6J;wBACrK,KAAK,EAAE,2MAA2M;qBACnN;oBACD,YAAY,EAAE;wBACZ,WAAW,EACT,kJAAkJ;wBACpJ,cAAc,EAAE,wSAAwS;wBACxT,eAAe,EAAE;4BACf,6BAA6B;4BAC7B,+BAA+B;4BAC/B,kBAAkB;4BAClB,+BAA+B;4BAC/B,sBAAsB;yBACvB;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Go AI-Generated Code Detection Module
|
|
3
|
+
*
|
|
4
|
+
* Detects AI-generated code patterns as SECURITY RISKS:
|
|
5
|
+
* - 12 Go-specific hallucination patterns (JavaScript/Python influence)
|
|
6
|
+
* - 8 code smell heuristics (over-engineering, inconsistency)
|
|
7
|
+
* - Confidence scoring (HIGH/MEDIUM/LOW)
|
|
8
|
+
*
|
|
9
|
+
* OWASP A04:2025 - Insecure Design
|
|
10
|
+
* CWE-1120 - Excessive Code Complexity
|
|
11
|
+
* CWE-758 - Reliance on Undefined Behavior
|
|
12
|
+
*
|
|
13
|
+
* Phase 2, Day 7 (Go Language Support - AI Code Detection)
|
|
14
|
+
* Created: January 19, 2026
|
|
15
|
+
*/
|
|
16
|
+
import { SecurityVulnerability } from '../../types';
|
|
17
|
+
/**
|
|
18
|
+
* Checks for AI-generated code patterns in Go code
|
|
19
|
+
*
|
|
20
|
+
* @param lines - Array of code lines
|
|
21
|
+
* @param filename - Name of the file being analyzed
|
|
22
|
+
* @returns Array of security vulnerabilities found
|
|
23
|
+
*/
|
|
24
|
+
export declare function checkAIGeneratedCode(lines: string[], filename?: string): SecurityVulnerability[];
|
|
25
|
+
//# sourceMappingURL=ai-generated-code.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-generated-code.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/go/security-checks/ai-generated-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAsJpD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,QAAQ,GAAE,MAAW,GAAG,qBAAqB,EAAE,CAsbpG"}
|