codeslick-cli 1.1.6 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/__tests__/local-scanner.test.ts +5 -0
- package/dist/packages/cli/src/commands/scan.d.ts.map +1 -1
- package/dist/packages/cli/src/commands/scan.js +3 -1
- package/dist/packages/cli/src/commands/scan.js.map +1 -1
- package/dist/packages/cli/src/config/config-loader.d.ts +2 -2
- package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -1
- package/dist/packages/cli/src/config/config-loader.js +2 -2
- package/dist/packages/cli/src/config/config-loader.js.map +1 -1
- package/dist/packages/cli/src/scanner/local-scanner.d.ts +2 -2
- package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -1
- package/dist/packages/cli/src/scanner/local-scanner.js +10 -1
- package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -1
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.d.ts +20 -0
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.js +211 -0
- package/dist/src/lib/analyzers/go/quality-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.d.ts +20 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.js +201 -0
- package/dist/src/lib/analyzers/go/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.js +545 -0
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.d.ts +23 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.js +321 -0
- package/dist/src/lib/analyzers/go/security-checks/concurrency-safety.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.d.ts +22 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.js +267 -0
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.js +210 -0
- package/dist/src/lib/analyzers/go/security-checks/deserialization.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.js +192 -0
- package/dist/src/lib/analyzers/go/security-checks/error-handling.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.d.ts +24 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.js +401 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.js +252 -0
- package/dist/src/lib/analyzers/go/security-checks/ssrf-detection.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.d.ts +19 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.js +112 -0
- package/dist/src/lib/analyzers/go/security-checks/tls-configuration.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.d.ts +22 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.js +244 -0
- package/dist/src/lib/analyzers/go/security-checks/web-security.js.map +1 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/go/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/go-analyzer.d.ts +48 -0
- package/dist/src/lib/analyzers/go-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go-analyzer.js +233 -0
- package/dist/src/lib/analyzers/go-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -1
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +5 -3
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +23 -5
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.js +17 -1
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -1
- package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -1
- package/dist/src/lib/security/compliance-mapping.js +403 -0
- package/dist/src/lib/security/compliance-mapping.js.map +1 -1
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -1
- package/dist/src/lib/security/severity-scoring.js +169 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -1
- package/dist/src/lib/types/index.d.ts +2 -2
- package/dist/src/lib/types/index.d.ts.map +1 -1
- package/example3.go +23 -0
- package/package.json +1 -1
- package/src/commands/scan.ts +3 -1
- package/src/config/config-loader.ts +3 -3
- package/src/scanner/local-scanner.ts +13 -2
|
@@ -0,0 +1,545 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Go AI-Generated Code Detection Module
|
|
4
|
+
*
|
|
5
|
+
* Detects AI-generated code patterns as SECURITY RISKS:
|
|
6
|
+
* - 12 Go-specific hallucination patterns (JavaScript/Python influence)
|
|
7
|
+
* - 8 code smell heuristics (over-engineering, inconsistency)
|
|
8
|
+
* - Confidence scoring (HIGH/MEDIUM/LOW)
|
|
9
|
+
*
|
|
10
|
+
* OWASP A04:2025 - Insecure Design
|
|
11
|
+
* CWE-1120 - Excessive Code Complexity
|
|
12
|
+
* CWE-758 - Reliance on Undefined Behavior
|
|
13
|
+
*
|
|
14
|
+
* Phase 2, Day 7 (Go Language Support - AI Code Detection)
|
|
15
|
+
* Created: January 19, 2026
|
|
16
|
+
*/
|
|
17
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
+
exports.checkAIGeneratedCode = checkAIGeneratedCode;
|
|
19
|
+
const createVulnerability_1 = require("../utils/createVulnerability");
|
|
20
|
+
const ai_code_detection_utils_1 = require("../../helpers/ai-code-detection-utils");
|
|
21
|
+
/**
|
|
22
|
+
* Go standard library packages (comprehensive list)
|
|
23
|
+
*
|
|
24
|
+
* Any import not in this list is likely an AI hallucination.
|
|
25
|
+
* Source: https://pkg.go.dev/std (Go 1.21+)
|
|
26
|
+
*/
|
|
27
|
+
const GO_STANDARD_LIBRARY = new Set([
|
|
28
|
+
// Core packages
|
|
29
|
+
'archive/tar', 'archive/zip',
|
|
30
|
+
'bufio', 'builtin', 'bytes',
|
|
31
|
+
'compress/bzip2', 'compress/flate', 'compress/gzip', 'compress/lzw', 'compress/zlib',
|
|
32
|
+
'container/heap', 'container/list', 'container/ring',
|
|
33
|
+
'context',
|
|
34
|
+
'crypto', 'crypto/aes', 'crypto/cipher', 'crypto/des', 'crypto/dsa', 'crypto/ecdh', 'crypto/ecdsa',
|
|
35
|
+
'crypto/ed25519', 'crypto/elliptic', 'crypto/hmac', 'crypto/md5', 'crypto/rand', 'crypto/rc4',
|
|
36
|
+
'crypto/rsa', 'crypto/sha1', 'crypto/sha256', 'crypto/sha512', 'crypto/subtle', 'crypto/tls',
|
|
37
|
+
'crypto/x509', 'crypto/x509/pkix',
|
|
38
|
+
'database/sql', 'database/sql/driver',
|
|
39
|
+
'debug/buildinfo', 'debug/dwarf', 'debug/elf', 'debug/gosym', 'debug/macho', 'debug/pe', 'debug/plan9obj',
|
|
40
|
+
'embed',
|
|
41
|
+
'encoding', 'encoding/ascii85', 'encoding/asn1', 'encoding/base32', 'encoding/base64',
|
|
42
|
+
'encoding/binary', 'encoding/csv', 'encoding/gob', 'encoding/hex', 'encoding/json',
|
|
43
|
+
'encoding/pem', 'encoding/xml',
|
|
44
|
+
'errors',
|
|
45
|
+
'expvar',
|
|
46
|
+
'flag',
|
|
47
|
+
'fmt',
|
|
48
|
+
'go/ast', 'go/build', 'go/build/constraint', 'go/constant', 'go/doc', 'go/doc/comment',
|
|
49
|
+
'go/format', 'go/importer', 'go/parser', 'go/printer', 'go/scanner', 'go/token', 'go/types',
|
|
50
|
+
'hash', 'hash/adler32', 'hash/crc32', 'hash/crc64', 'hash/fnv', 'hash/maphash',
|
|
51
|
+
'html', 'html/template',
|
|
52
|
+
'image', 'image/color', 'image/color/palette', 'image/draw', 'image/gif', 'image/jpeg', 'image/png',
|
|
53
|
+
'index/suffixarray',
|
|
54
|
+
'io', 'io/fs', 'io/ioutil',
|
|
55
|
+
'log', 'log/slog', 'log/syslog',
|
|
56
|
+
'math', 'math/big', 'math/bits', 'math/cmplx', 'math/rand',
|
|
57
|
+
'mime', 'mime/multipart', 'mime/quotedprintable',
|
|
58
|
+
'net', 'net/http', 'net/http/cgi', 'net/http/cookiejar', 'net/http/fcgi', 'net/http/httptest',
|
|
59
|
+
'net/http/httptrace', 'net/http/httputil', 'net/http/pprof',
|
|
60
|
+
'net/mail', 'net/netip', 'net/rpc', 'net/rpc/jsonrpc', 'net/smtp', 'net/textproto', 'net/url',
|
|
61
|
+
'os', 'os/exec', 'os/signal', 'os/user',
|
|
62
|
+
'path', 'path/filepath',
|
|
63
|
+
'plugin',
|
|
64
|
+
'reflect',
|
|
65
|
+
'regexp', 'regexp/syntax',
|
|
66
|
+
'runtime', 'runtime/cgo', 'runtime/coverage', 'runtime/debug', 'runtime/metrics', 'runtime/pprof', 'runtime/trace',
|
|
67
|
+
'slices',
|
|
68
|
+
'sort',
|
|
69
|
+
'strconv',
|
|
70
|
+
'strings',
|
|
71
|
+
'sync', 'sync/atomic',
|
|
72
|
+
'syscall', 'syscall/js',
|
|
73
|
+
'testing', 'testing/fstest', 'testing/iotest', 'testing/quick', 'testing/slogtest',
|
|
74
|
+
'text/scanner', 'text/tabwriter', 'text/template', 'text/template/parse',
|
|
75
|
+
'time', 'time/tzdata',
|
|
76
|
+
'unicode', 'unicode/utf16', 'unicode/utf8',
|
|
77
|
+
'unsafe',
|
|
78
|
+
// Golang.org/x (commonly used, often confused as standard)
|
|
79
|
+
'golang.org/x/crypto', 'golang.org/x/net', 'golang.org/x/text', 'golang.org/x/tools',
|
|
80
|
+
'golang.org/x/crypto/bcrypt', 'golang.org/x/crypto/ssh', 'golang.org/x/net/html',
|
|
81
|
+
]);
|
|
82
|
+
/**
|
|
83
|
+
* Go hallucination patterns (12 patterns)
|
|
84
|
+
*
|
|
85
|
+
* AI code generators hallucinate methods from JavaScript/Python:
|
|
86
|
+
* - JavaScript influence: string.toUpperCase(), array.push(), string.charAt()
|
|
87
|
+
* - Python influence: string.upper(), list.append()
|
|
88
|
+
* - Non-existent methods: string.contains(), string.isEmpty()
|
|
89
|
+
*/
|
|
90
|
+
const HALLUCINATION_PATTERNS = new Map([
|
|
91
|
+
// JavaScript-style string methods in Go
|
|
92
|
+
['toUpperCase', {
|
|
93
|
+
correct: 'strings.ToUpper()',
|
|
94
|
+
description: 'Go uses strings.ToUpper(s), not s.toUpperCase(). This is JavaScript syntax.'
|
|
95
|
+
}],
|
|
96
|
+
['toLowerCase', {
|
|
97
|
+
correct: 'strings.ToLower()',
|
|
98
|
+
description: 'Go uses strings.ToLower(s), not s.toLowerCase(). This is JavaScript syntax.'
|
|
99
|
+
}],
|
|
100
|
+
['indexOf', {
|
|
101
|
+
correct: 'strings.Index()',
|
|
102
|
+
description: 'Go uses strings.Index(s, substr), not s.indexOf(). This is JavaScript syntax.'
|
|
103
|
+
}],
|
|
104
|
+
['charAt', {
|
|
105
|
+
correct: '[index]',
|
|
106
|
+
description: 'Go uses indexing s[index], not s.charAt(). This is JavaScript syntax.'
|
|
107
|
+
}],
|
|
108
|
+
['substring', {
|
|
109
|
+
correct: '[start:end]',
|
|
110
|
+
description: 'Go uses slice notation s[start:end], not s.substring(). This is JavaScript syntax.'
|
|
111
|
+
}],
|
|
112
|
+
// Python-style methods in Go
|
|
113
|
+
['upper', {
|
|
114
|
+
correct: 'strings.ToUpper()',
|
|
115
|
+
description: 'Go uses strings.ToUpper(s), not s.upper(). This is Python syntax.'
|
|
116
|
+
}],
|
|
117
|
+
['lower', {
|
|
118
|
+
correct: 'strings.ToLower()',
|
|
119
|
+
description: 'Go uses strings.ToLower(s), not s.lower(). This is Python syntax.'
|
|
120
|
+
}],
|
|
121
|
+
['append', {
|
|
122
|
+
correct: 'built-in append()',
|
|
123
|
+
description: 'Go uses built-in append(slice, elem), not slice.append(). This is Python syntax.'
|
|
124
|
+
}],
|
|
125
|
+
// Non-existent Go methods (AI hallucinations)
|
|
126
|
+
['contains', {
|
|
127
|
+
correct: 'strings.Contains()',
|
|
128
|
+
description: 'Go uses strings.Contains(s, substr), not s.contains(). Method does not exist on strings.'
|
|
129
|
+
}],
|
|
130
|
+
['isEmpty', {
|
|
131
|
+
correct: 'len(s) == 0',
|
|
132
|
+
description: 'Go uses len(s) == 0, not s.isEmpty(). Method does not exist.'
|
|
133
|
+
}],
|
|
134
|
+
['size', {
|
|
135
|
+
correct: 'len()',
|
|
136
|
+
description: 'Go uses len() built-in function, not .size(). This is Java/Python syntax.'
|
|
137
|
+
}],
|
|
138
|
+
['length', {
|
|
139
|
+
correct: 'len()',
|
|
140
|
+
description: 'Go uses len() built-in function, not .length property. This is JavaScript syntax.'
|
|
141
|
+
}],
|
|
142
|
+
]);
|
|
143
|
+
/**
|
|
144
|
+
* Checks for AI-generated code patterns in Go code
|
|
145
|
+
*
|
|
146
|
+
* @param lines - Array of code lines
|
|
147
|
+
* @param filename - Name of the file being analyzed
|
|
148
|
+
* @returns Array of security vulnerabilities found
|
|
149
|
+
*/
|
|
150
|
+
function checkAIGeneratedCode(lines, filename = '') {
|
|
151
|
+
const vulnerabilities = [];
|
|
152
|
+
// Skip test files (AI-generated tests are less critical)
|
|
153
|
+
if ((0, ai_code_detection_utils_1.isTestFile)(filename)) {
|
|
154
|
+
return vulnerabilities;
|
|
155
|
+
}
|
|
156
|
+
const code = lines.join('\n');
|
|
157
|
+
const cleanedCode = (0, ai_code_detection_utils_1.removeCommentsAndStrings)(code, 'go');
|
|
158
|
+
const cleanedLines = cleanedCode.split('\n');
|
|
159
|
+
// Track hallucination detections
|
|
160
|
+
const hallucinationsDetected = [];
|
|
161
|
+
// Track imports and their aliases for package validation
|
|
162
|
+
const importedPackages = new Map();
|
|
163
|
+
// =============================================================================
|
|
164
|
+
// IMPORT PACKAGE VALIDATION (Detect non-existent packages)
|
|
165
|
+
// =============================================================================
|
|
166
|
+
// Track if we're inside an import block
|
|
167
|
+
let inImportBlock = false;
|
|
168
|
+
lines.forEach((line, index) => {
|
|
169
|
+
const lineNumber = index + 1;
|
|
170
|
+
const trimmed = line.trim();
|
|
171
|
+
// Skip comments and empty lines
|
|
172
|
+
if (!trimmed || trimmed.startsWith('//') || trimmed.startsWith('/*')) {
|
|
173
|
+
return;
|
|
174
|
+
}
|
|
175
|
+
// Detect import block start
|
|
176
|
+
if (/^import\s*\(/.test(trimmed)) {
|
|
177
|
+
inImportBlock = true;
|
|
178
|
+
return;
|
|
179
|
+
}
|
|
180
|
+
// Detect import block end
|
|
181
|
+
if (inImportBlock && trimmed === ')') {
|
|
182
|
+
inImportBlock = false;
|
|
183
|
+
return;
|
|
184
|
+
}
|
|
185
|
+
// Single import: import "package/name"
|
|
186
|
+
const singleImportMatch = trimmed.match(/^import\s+"([^"]+)"/);
|
|
187
|
+
if (singleImportMatch) {
|
|
188
|
+
const packagePath = singleImportMatch[1];
|
|
189
|
+
const packageName = packagePath.split('/').pop() || packagePath;
|
|
190
|
+
importedPackages.set(packageName, { packagePath, alias: packageName, line: lineNumber });
|
|
191
|
+
return;
|
|
192
|
+
}
|
|
193
|
+
// Aliased import: import alias "package/name"
|
|
194
|
+
const aliasImportMatch = trimmed.match(/^import\s+(\w+)\s+"([^"]+)"/);
|
|
195
|
+
if (aliasImportMatch) {
|
|
196
|
+
const alias = aliasImportMatch[1];
|
|
197
|
+
const packagePath = aliasImportMatch[2];
|
|
198
|
+
importedPackages.set(alias, { packagePath, alias, line: lineNumber });
|
|
199
|
+
return;
|
|
200
|
+
}
|
|
201
|
+
// Inside import block: "package/name"
|
|
202
|
+
if (inImportBlock) {
|
|
203
|
+
const blockImportMatch = trimmed.match(/^"([^"]+)"/);
|
|
204
|
+
if (blockImportMatch) {
|
|
205
|
+
const packagePath = blockImportMatch[1];
|
|
206
|
+
const packageName = packagePath.split('/').pop() || packagePath;
|
|
207
|
+
importedPackages.set(packageName, { packagePath, alias: packageName, line: lineNumber });
|
|
208
|
+
return;
|
|
209
|
+
}
|
|
210
|
+
// Aliased in block: alias "package/name"
|
|
211
|
+
const blockAliasMatch = trimmed.match(/^(\w+)\s+"([^"]+)"/);
|
|
212
|
+
if (blockAliasMatch) {
|
|
213
|
+
const alias = blockAliasMatch[1];
|
|
214
|
+
const packagePath = blockAliasMatch[2];
|
|
215
|
+
importedPackages.set(alias, { packagePath, alias, line: lineNumber });
|
|
216
|
+
return;
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
});
|
|
220
|
+
// Validate each imported package against Go standard library
|
|
221
|
+
importedPackages.forEach((importInfo, alias) => {
|
|
222
|
+
const { packagePath, line } = importInfo;
|
|
223
|
+
// Skip blank imports (side effects only)
|
|
224
|
+
if (alias === '_') {
|
|
225
|
+
return;
|
|
226
|
+
}
|
|
227
|
+
// Check if package exists in standard library
|
|
228
|
+
// Skip third-party packages (github.com, gopkg.in, etc.)
|
|
229
|
+
const isThirdParty = packagePath.includes('github.com') ||
|
|
230
|
+
packagePath.includes('gitlab.com') ||
|
|
231
|
+
packagePath.includes('gopkg.in') ||
|
|
232
|
+
packagePath.includes('bitbucket.org');
|
|
233
|
+
if (!isThirdParty && !GO_STANDARD_LIBRARY.has(packagePath)) {
|
|
234
|
+
hallucinationsDetected.push(`package:${packagePath}`);
|
|
235
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
236
|
+
category: 'go-ai-hallucination',
|
|
237
|
+
severity: 'critical',
|
|
238
|
+
confidence: 'high',
|
|
239
|
+
message: `AI hallucination detected: Package "${packagePath}" does not exist in Go standard library`,
|
|
240
|
+
line,
|
|
241
|
+
suggestion: `Remove this import or check the correct package name. Common mistakes: "html/sanitize" (use "html" + "html/template"), "crypto/random" (use "crypto/rand"), "ldap/client" (use third-party "github.com/go-ldap/ldap")`,
|
|
242
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
243
|
+
cwe: 'CWE-758',
|
|
244
|
+
pciDss: 'N/A',
|
|
245
|
+
remediation: {
|
|
246
|
+
explanation: `The package "${packagePath}" does not exist in Go's standard library. This is likely AI-generated code that hallucinated a package name. Check the official Go standard library documentation at https://pkg.go.dev/std`,
|
|
247
|
+
before: `import "${packagePath}" // AI hallucination - does not exist`,
|
|
248
|
+
after: `// Use the correct Go standard library package:\n// For HTML sanitization: import "html" and "html/template"\n// For cryptographic random: import "crypto/rand"\n// For LDAP: use third-party "github.com/go-ldap/ldap"`
|
|
249
|
+
},
|
|
250
|
+
attackVector: {
|
|
251
|
+
description: 'Non-existent package imports indicate AI-generated code that has never been compiled or tested. This code will fail to build and likely contains other hallucinated methods and logic.',
|
|
252
|
+
exploitExample: `import "${packagePath}"\n// Compilation error: package ${packagePath} is not in std`,
|
|
253
|
+
realWorldImpact: [
|
|
254
|
+
'Build failures from non-existent packages',
|
|
255
|
+
'Code has never been compiled or run',
|
|
256
|
+
'Likely contains other AI-generated bugs',
|
|
257
|
+
'Security vulnerabilities from untested code paths',
|
|
258
|
+
'Indicates entire codebase may be AI-generated without review'
|
|
259
|
+
]
|
|
260
|
+
}
|
|
261
|
+
}));
|
|
262
|
+
}
|
|
263
|
+
});
|
|
264
|
+
// =============================================================================
|
|
265
|
+
// HALLUCINATION DETECTION (12 Go-specific method patterns)
|
|
266
|
+
// =============================================================================
|
|
267
|
+
lines.forEach((line, index) => {
|
|
268
|
+
const lineNumber = index + 1;
|
|
269
|
+
const trimmed = line.trim();
|
|
270
|
+
// Skip comments and empty lines
|
|
271
|
+
if (!trimmed || trimmed.startsWith('//') || trimmed.startsWith('/*')) {
|
|
272
|
+
return;
|
|
273
|
+
}
|
|
274
|
+
// Check for each hallucination pattern
|
|
275
|
+
HALLUCINATION_PATTERNS.forEach((pattern, method) => {
|
|
276
|
+
// Properties (no parentheses): length, size
|
|
277
|
+
const isProperty = method === 'length' || method === 'size';
|
|
278
|
+
// Pattern: variable.method() for methods, variable.property for properties
|
|
279
|
+
// Case-sensitive to avoid false positives (strings.Contains vs strings.contains)
|
|
280
|
+
const regex = isProperty
|
|
281
|
+
? new RegExp(`\\w+\\.${method}(?!\\w)`) // Property access (no parens, case-sensitive)
|
|
282
|
+
: new RegExp(`\\w+\\.${method}\\s*\\(`);
|
|
283
|
+
if (regex.test(trimmed)) {
|
|
284
|
+
hallucinationsDetected.push(method);
|
|
285
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
286
|
+
category: 'go-ai-hallucination',
|
|
287
|
+
severity: 'critical',
|
|
288
|
+
confidence: 'high',
|
|
289
|
+
message: `AI hallucination detected: .${method}${isProperty ? '' : '()'} does not exist in Go`,
|
|
290
|
+
line: lineNumber,
|
|
291
|
+
suggestion: `Use ${pattern.correct} instead. ${pattern.description}`,
|
|
292
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
293
|
+
cwe: 'CWE-758',
|
|
294
|
+
pciDss: 'N/A',
|
|
295
|
+
remediation: {
|
|
296
|
+
explanation: pattern.description,
|
|
297
|
+
before: `str.${method}${isProperty ? '' : '()'} // AI hallucination - does not compile`,
|
|
298
|
+
after: pattern.correct
|
|
299
|
+
},
|
|
300
|
+
attackVector: {
|
|
301
|
+
description: 'AI-generated code with hallucinated methods will not compile, causing build failures. More critically, it indicates the code was not written by a human developer and has not been tested.',
|
|
302
|
+
exploitExample: `// AI hallucination:\nresult := username.${method}${isProperty ? '' : '()'}\n// Compilation error: ${method} not defined`,
|
|
303
|
+
realWorldImpact: [
|
|
304
|
+
'Build failures from non-existent methods',
|
|
305
|
+
'Code has never been tested or run',
|
|
306
|
+
'Likely contains other AI-generated bugs',
|
|
307
|
+
'Security vulnerabilities from untested code paths',
|
|
308
|
+
'Maintenance burden from incorrect patterns'
|
|
309
|
+
]
|
|
310
|
+
}
|
|
311
|
+
}));
|
|
312
|
+
}
|
|
313
|
+
});
|
|
314
|
+
});
|
|
315
|
+
// =============================================================================
|
|
316
|
+
// METHOD CALLS ON NON-EXISTENT PACKAGES
|
|
317
|
+
// =============================================================================
|
|
318
|
+
// Detect method calls on packages that don't exist (e.g., sanitize.HTML() from "html/sanitize")
|
|
319
|
+
lines.forEach((line, index) => {
|
|
320
|
+
const lineNumber = index + 1;
|
|
321
|
+
const trimmed = line.trim();
|
|
322
|
+
// Skip comments and empty lines
|
|
323
|
+
if (!trimmed || trimmed.startsWith('//') || trimmed.startsWith('/*')) {
|
|
324
|
+
return;
|
|
325
|
+
}
|
|
326
|
+
// Pattern: packageName.MethodName() - detect any method call on a package
|
|
327
|
+
const methodCallMatch = trimmed.match(/(\w+)\.(\w+)\s*\(/g);
|
|
328
|
+
if (methodCallMatch) {
|
|
329
|
+
methodCallMatch.forEach(call => {
|
|
330
|
+
const parts = call.match(/(\w+)\.(\w+)\s*\(/);
|
|
331
|
+
if (!parts)
|
|
332
|
+
return;
|
|
333
|
+
const packageAlias = parts[1];
|
|
334
|
+
const methodName = parts[2];
|
|
335
|
+
// Check if this package alias is from a non-existent import
|
|
336
|
+
const importInfo = importedPackages.get(packageAlias);
|
|
337
|
+
if (importInfo) {
|
|
338
|
+
// Case 1: Package was imported, but doesn't exist in Go stdlib
|
|
339
|
+
const { packagePath } = importInfo;
|
|
340
|
+
// Skip third-party packages
|
|
341
|
+
const isThirdParty = packagePath.includes('github.com') ||
|
|
342
|
+
packagePath.includes('gitlab.com') ||
|
|
343
|
+
packagePath.includes('gopkg.in') ||
|
|
344
|
+
packagePath.includes('bitbucket.org');
|
|
345
|
+
// If package doesn't exist, report method call as hallucination
|
|
346
|
+
if (!isThirdParty && !GO_STANDARD_LIBRARY.has(packagePath)) {
|
|
347
|
+
hallucinationsDetected.push(`method:${packageAlias}.${methodName}`);
|
|
348
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
349
|
+
category: 'go-ai-hallucination',
|
|
350
|
+
severity: 'critical',
|
|
351
|
+
confidence: 'high',
|
|
352
|
+
message: `AI hallucination detected: Method ${packageAlias}.${methodName}() called on non-existent package "${packagePath}"`,
|
|
353
|
+
line: lineNumber,
|
|
354
|
+
suggestion: `Package "${packagePath}" does not exist. Remove this code or use the correct Go standard library package.`,
|
|
355
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
356
|
+
cwe: 'CWE-758',
|
|
357
|
+
pciDss: 'N/A',
|
|
358
|
+
remediation: {
|
|
359
|
+
explanation: `The method call ${packageAlias}.${methodName}() is from package "${packagePath}" which does not exist in Go's standard library. This is AI-generated code that has never been tested.`,
|
|
360
|
+
before: `${packageAlias}.${methodName}() // AI hallucination - package doesn't exist`,
|
|
361
|
+
after: `// Use the correct Go standard library:\n// For HTML sanitization: html.EscapeString() or template.HTMLEscapeString()\n// For crypto random: rand.Read() from "crypto/rand"`
|
|
362
|
+
},
|
|
363
|
+
attackVector: {
|
|
364
|
+
description: 'Method calls on non-existent packages indicate AI-generated code that will not compile. This code has never been tested and likely contains critical security vulnerabilities.',
|
|
365
|
+
exploitExample: `${packageAlias}.${methodName}()\n// Compilation error: package ${packagePath} is not in std`,
|
|
366
|
+
realWorldImpact: [
|
|
367
|
+
'Build failures from method calls on non-existent packages',
|
|
368
|
+
'Code has never been compiled or run',
|
|
369
|
+
'Security vulnerabilities from untested logic',
|
|
370
|
+
'Complete lack of code review or testing',
|
|
371
|
+
'High risk of additional AI hallucinations in surrounding code'
|
|
372
|
+
]
|
|
373
|
+
}
|
|
374
|
+
}));
|
|
375
|
+
}
|
|
376
|
+
}
|
|
377
|
+
else {
|
|
378
|
+
// Case 2: Package was NEVER imported - undefined identifier
|
|
379
|
+
// Check if it looks like a package (not a variable)
|
|
380
|
+
// Skip common Go built-ins and variables that might have methods
|
|
381
|
+
const skipList = ['err', 'ctx', 'req', 'resp', 'w', 'r', 'db', 'tx', 'conn', 'client',
|
|
382
|
+
'config', 'logger', 'cache', 'session', 'user', 'data', 'result',
|
|
383
|
+
'response', 'request', 'handler', 'server', 'router', 'app'];
|
|
384
|
+
// Skip if it's likely a variable name (lowercase first letter and in skip list)
|
|
385
|
+
const isLikelyVariable = /^[a-z]/.test(packageAlias) && skipList.includes(packageAlias.toLowerCase());
|
|
386
|
+
if (!isLikelyVariable) {
|
|
387
|
+
// Check if this looks like a package name that should exist
|
|
388
|
+
// Common hallucinations: crypto.X, html.X, strings.X without importing
|
|
389
|
+
const commonPackages = ['crypto', 'html', 'strings', 'json', 'xml', 'http', 'sql',
|
|
390
|
+
'rand', 'time', 'sync', 'atomic', 'context', 'errors',
|
|
391
|
+
'fmt', 'io', 'os', 'log', 'net', 'url', 'path', 'filepath'];
|
|
392
|
+
if (commonPackages.includes(packageAlias.toLowerCase())) {
|
|
393
|
+
hallucinationsDetected.push(`undefined:${packageAlias}.${methodName}`);
|
|
394
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
395
|
+
category: 'go-ai-hallucination',
|
|
396
|
+
severity: 'critical',
|
|
397
|
+
confidence: 'high',
|
|
398
|
+
message: `AI hallucination detected: Method ${packageAlias}.${methodName}() called on undefined package "${packageAlias}" (never imported)`,
|
|
399
|
+
line: lineNumber,
|
|
400
|
+
suggestion: `Package "${packageAlias}" was never imported. Add the correct import or check if you meant a different package. Common mistake: using "crypto" when "crypto/rand" was imported (should use "rand.${methodName}()")`,
|
|
401
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
402
|
+
cwe: 'CWE-758',
|
|
403
|
+
pciDss: 'N/A',
|
|
404
|
+
remediation: {
|
|
405
|
+
explanation: `The package "${packageAlias}" was never imported. This is likely AI-generated code that confused package import paths with package names. In Go, when you import "crypto/rand", the package name is "rand", not "crypto".`,
|
|
406
|
+
before: `import "crypto/random"\n...\nsessionToken := crypto.RandomString(32) // Wrong: 'crypto' not imported`,
|
|
407
|
+
after: `import "crypto/rand"\n...\ntoken := make([]byte, 32)\nrand.Read(token) // Correct: use 'rand' (from crypto/rand) with proper method`
|
|
408
|
+
},
|
|
409
|
+
attackVector: {
|
|
410
|
+
description: 'Method calls on undefined packages indicate AI-generated code that will not compile. The AI confused import paths with package names, a common hallucination pattern.',
|
|
411
|
+
exploitExample: `${packageAlias}.${methodName}()\n// Compilation error: undefined: ${packageAlias}`,
|
|
412
|
+
realWorldImpact: [
|
|
413
|
+
'Build failures from undefined identifiers',
|
|
414
|
+
'Code has never been compiled or tested',
|
|
415
|
+
'AI confusion between import paths and package names',
|
|
416
|
+
'Indicates lack of understanding of Go package system',
|
|
417
|
+
'High probability of other AI-generated errors'
|
|
418
|
+
]
|
|
419
|
+
}
|
|
420
|
+
}));
|
|
421
|
+
}
|
|
422
|
+
}
|
|
423
|
+
}
|
|
424
|
+
});
|
|
425
|
+
}
|
|
426
|
+
});
|
|
427
|
+
// =============================================================================
|
|
428
|
+
// CODE SMELL HEURISTICS (8 patterns from shared utilities)
|
|
429
|
+
// =============================================================================
|
|
430
|
+
const codeSmells = [];
|
|
431
|
+
// Heuristic 1: Over-engineered error handling (30+ points)
|
|
432
|
+
const errorHandlingScore = (0, ai_code_detection_utils_1.detectOverEngineeredErrorHandling)(cleanedLines);
|
|
433
|
+
if (errorHandlingScore > 0) {
|
|
434
|
+
codeSmells.push({ name: 'over-engineered-error-handling', score: errorHandlingScore });
|
|
435
|
+
}
|
|
436
|
+
// Heuristic 2: Unnecessary wrappers (25+ points)
|
|
437
|
+
const wrappersScore = (0, ai_code_detection_utils_1.detectUnnecessaryWrappers)(cleanedLines);
|
|
438
|
+
if (wrappersScore > 0) {
|
|
439
|
+
codeSmells.push({ name: 'unnecessary-wrappers', score: wrappersScore });
|
|
440
|
+
}
|
|
441
|
+
// Heuristic 3: Verbose comments (20+ points)
|
|
442
|
+
const commentsScore = (0, ai_code_detection_utils_1.detectVerboseComments)(lines);
|
|
443
|
+
if (commentsScore > 0) {
|
|
444
|
+
codeSmells.push({ name: 'verbose-comments', score: commentsScore });
|
|
445
|
+
}
|
|
446
|
+
// Heuristic 4: Mixed naming conventions (15+ points)
|
|
447
|
+
const namingScore = (0, ai_code_detection_utils_1.detectMixedNamingConventions)(cleanedLines);
|
|
448
|
+
if (namingScore > 0) {
|
|
449
|
+
codeSmells.push({ name: 'mixed-naming', score: namingScore });
|
|
450
|
+
}
|
|
451
|
+
// Heuristic 5: Redundant nil checks (10+ points)
|
|
452
|
+
const nullChecksScore = (0, ai_code_detection_utils_1.detectRedundantNullChecks)(cleanedLines);
|
|
453
|
+
if (nullChecksScore > 0) {
|
|
454
|
+
codeSmells.push({ name: 'redundant-nil-checks', score: nullChecksScore });
|
|
455
|
+
}
|
|
456
|
+
// Heuristic 6: Unnecessary goroutines (10+ points) - Go-specific
|
|
457
|
+
const unnecessaryGoroutinesScore = detectUnnecessaryGoroutines(cleanedCode);
|
|
458
|
+
if (unnecessaryGoroutinesScore > 0) {
|
|
459
|
+
codeSmells.push({ name: 'unnecessary-goroutines', score: unnecessaryGoroutinesScore });
|
|
460
|
+
}
|
|
461
|
+
// Heuristic 7: Generic variable overuse (15+ points)
|
|
462
|
+
const genericVarsScore = (0, ai_code_detection_utils_1.detectGenericVariableOveruse)(cleanedLines);
|
|
463
|
+
if (genericVarsScore > 0) {
|
|
464
|
+
codeSmells.push({ name: 'generic-variables', score: genericVarsScore });
|
|
465
|
+
}
|
|
466
|
+
// Heuristic 8: Inconsistent string concatenation (10+ points)
|
|
467
|
+
const stringConcatScore = (0, ai_code_detection_utils_1.detectInconsistentStringConcatenation)(cleanedLines);
|
|
468
|
+
if (stringConcatScore > 0) {
|
|
469
|
+
codeSmells.push({ name: 'inconsistent-strings', score: stringConcatScore });
|
|
470
|
+
}
|
|
471
|
+
// =============================================================================
|
|
472
|
+
// CONFIDENCE SCORING & REPORTING
|
|
473
|
+
// =============================================================================
|
|
474
|
+
// Convert code smells array to HeuristicScores object
|
|
475
|
+
const heuristicScores = {
|
|
476
|
+
overEngineeredErrors: codeSmells.find(s => s.name === 'over-engineered-error-handling')?.score || 0,
|
|
477
|
+
unnecessaryWrappers: codeSmells.find(s => s.name === 'unnecessary-wrappers')?.score || 0,
|
|
478
|
+
verboseComments: codeSmells.find(s => s.name === 'verbose-comments')?.score || 0,
|
|
479
|
+
mixedNaming: codeSmells.find(s => s.name === 'mixed-naming')?.score || 0,
|
|
480
|
+
redundantNullChecks: codeSmells.find(s => s.name === 'redundant-nil-checks')?.score || 0,
|
|
481
|
+
unnecessaryAsync: 0, // Not applicable to Go
|
|
482
|
+
genericVariables: codeSmells.find(s => s.name === 'generic-variables')?.score || 0,
|
|
483
|
+
inconsistentStrings: codeSmells.find(s => s.name === 'inconsistent-strings')?.score || 0,
|
|
484
|
+
};
|
|
485
|
+
const confidence = (0, ai_code_detection_utils_1.calculateAICodeConfidence)(hallucinationsDetected.length, heuristicScores);
|
|
486
|
+
// Report code smell summary if medium/high confidence
|
|
487
|
+
if (confidence && confidence.confidence !== 'LOW' && codeSmells.length > 0) {
|
|
488
|
+
const severity = confidence.confidence === 'HIGH' ? 'high' : 'medium';
|
|
489
|
+
vulnerabilities.push((0, createVulnerability_1.createGoSecurityVulnerability)({
|
|
490
|
+
category: 'go-ai-code-smell',
|
|
491
|
+
severity,
|
|
492
|
+
confidence: confidence.confidence.toLowerCase(),
|
|
493
|
+
message: `AI-generated code detected (${confidence.confidence} confidence, score: ${confidence.heuristicScore})`,
|
|
494
|
+
line: 1,
|
|
495
|
+
suggestion: 'Review code for over-engineering, verbose comments, and mixed conventions. AI-generated code should be tested and refactored.',
|
|
496
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
497
|
+
cwe: 'CWE-1120',
|
|
498
|
+
pciDss: 'N/A',
|
|
499
|
+
remediation: {
|
|
500
|
+
explanation: 'AI-generated code often exhibits patterns like over-engineered error handling, unnecessary abstractions, verbose comments, and mixed naming conventions. This code should be thoroughly reviewed and tested.',
|
|
501
|
+
before: `// AI-generated characteristics:\n// - Verbose comments\n// - Unnecessary wrappers\n// - Mixed naming (snake_case + camelCase)\n// - Over-engineered error handling`,
|
|
502
|
+
after: `// Human-refactored code:\n// - Concise comments only where needed\n// - Direct implementations\n// - Consistent Go naming (camelCase)\n// - Simple error handling`
|
|
503
|
+
},
|
|
504
|
+
attackVector: {
|
|
505
|
+
description: 'AI-generated code may contain subtle bugs, inefficiencies, or security vulnerabilities that were not caught by testing. The code patterns indicate it was not written by an experienced Go developer.',
|
|
506
|
+
exploitExample: 'Code smells detected: ' + codeSmells.map(s => s.name).join(', '),
|
|
507
|
+
realWorldImpact: [
|
|
508
|
+
'Untested code paths with potential bugs',
|
|
509
|
+
'Over-engineered solutions reducing maintainability',
|
|
510
|
+
'Performance issues from unnecessary abstractions',
|
|
511
|
+
'Security vulnerabilities from AI hallucinations',
|
|
512
|
+
'Technical debt from non-idiomatic Go code'
|
|
513
|
+
]
|
|
514
|
+
}
|
|
515
|
+
}));
|
|
516
|
+
}
|
|
517
|
+
return vulnerabilities;
|
|
518
|
+
}
|
|
519
|
+
/**
|
|
520
|
+
* Detects unnecessary goroutines (Go-specific heuristic)
|
|
521
|
+
*
|
|
522
|
+
* Patterns:
|
|
523
|
+
* - Single-line goroutines that could be synchronous
|
|
524
|
+
* - Goroutines without any channel/sync usage
|
|
525
|
+
* - Goroutines that only call one function
|
|
526
|
+
*
|
|
527
|
+
* @param code - Code to analyze
|
|
528
|
+
* @returns Score (10+ points indicates AI pattern)
|
|
529
|
+
*/
|
|
530
|
+
function detectUnnecessaryGoroutines(code) {
|
|
531
|
+
let score = 0;
|
|
532
|
+
// Pattern: go functionCall() with no channels or sync
|
|
533
|
+
const singleLineGoroutines = code.match(/go\s+\w+\s*\([^)]*\)/g) || [];
|
|
534
|
+
singleLineGoroutines.forEach(goroutine => {
|
|
535
|
+
// Check if there's any channel or sync usage nearby (within 100 chars)
|
|
536
|
+
const contextStart = Math.max(0, code.indexOf(goroutine) - 100);
|
|
537
|
+
const contextEnd = Math.min(code.length, code.indexOf(goroutine) + 100);
|
|
538
|
+
const context = code.substring(contextStart, contextEnd);
|
|
539
|
+
if (!/chan|sync\.|<-|WaitGroup/.test(context)) {
|
|
540
|
+
score += 5; // Suspicious: goroutine with no concurrency primitives
|
|
541
|
+
}
|
|
542
|
+
});
|
|
543
|
+
return score;
|
|
544
|
+
}
|
|
545
|
+
//# sourceMappingURL=ai-generated-code.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-generated-code.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/go/security-checks/ai-generated-code.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AA+JH,oDAsbC;AAllBD,sEAA6E;AAC7E,mFAY+C;AAU/C;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAS;IAC1C,gBAAgB;IAChB,aAAa,EAAE,aAAa;IAC5B,OAAO,EAAE,SAAS,EAAE,OAAO;IAC3B,gBAAgB,EAAE,gBAAgB,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe;IACpF,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB;IACpD,SAAS;IACT,QAAQ,EAAE,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc;IAClG,gBAAgB,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY;IAC7F,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY;IAC5F,aAAa,EAAE,kBAAkB;IACjC,cAAc,EAAE,qBAAqB;IACrC,iBAAiB,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,gBAAgB;IACzG,OAAO;IACP,UAAU,EAAE,kBAAkB,EAAE,eAAe,EAAE,iBAAiB,EAAE,iBAAiB;IACrF,iBAAiB,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe;IAClF,cAAc,EAAE,cAAc;IAC9B,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,KAAK;IACL,QAAQ,EAAE,UAAU,EAAE,qBAAqB,EAAE,aAAa,EAAE,QAAQ,EAAE,gBAAgB;IACtF,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU;IAC3F,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc;IAC9E,MAAM,EAAE,eAAe;IACvB,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW;IACnG,mBAAmB;IACnB,IAAI,EAAE,OAAO,EAAE,WAAW;IAC1B,KAAK,EAAE,UAAU,EAAE,YAAY;IAC/B,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW;IAC1D,MAAM,EAAE,gBAAgB,EAAE,sBAAsB;IAChD,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,eAAe,EAAE,mBAAmB;IAC7F,oBAAoB,EAAE,mBAAmB,EAAE,gBAAgB;IAC3D,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS;IAC7F,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,SAAS;IACvC,MAAM,EAAE,eAAe;IACvB,QAAQ;IACR,SAAS;IACT,QAAQ,EAAE,eAAe;IACzB,SAAS,EAAE,aAAa,EAAE,kBAAkB,EAAE,eAAe,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe;IAClH,QAAQ;IACR,MAAM;IACN,SAAS;IACT,SAAS;IACT,MAAM,EAAE,aAAa;IACrB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,eAAe,EAAE,kBAAkB;IAClF,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,qBAAqB;IACxE,MAAM,EAAE,aAAa;IACrB,SAAS,EAAE,eAAe,EAAE,cAAc;IAC1C,QAAQ;IACR,2DAA2D;IAC3D,qBAAqB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,oBAAoB;IACpF,4BAA4B,EAAE,yBAAyB,EAAE,uBAAuB;CACjF,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAA+B;IACnE,wCAAwC;IACxC,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,mBAAmB;YAC5B,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,mBAAmB;YAC5B,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IACF,CAAC,SAAS,EAAE;YACV,OAAO,EAAE,iBAAiB;YAC1B,WAAW,EAAE,+EAA+E;SAC7F,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,uEAAuE;SACrF,CAAC;IACF,CAAC,WAAW,EAAE;YACZ,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,oFAAoF;SAClG,CAAC;IAEF,6BAA6B;IAC7B,CAAC,OAAO,EAAE;YACR,OAAO,EAAE,mBAAmB;YAC5B,WAAW,EAAE,mEAAmE;SACjF,CAAC;IACF,CAAC,OAAO,EAAE;YACR,OAAO,EAAE,mBAAmB;YAC5B,WAAW,EAAE,mEAAmE;SACjF,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,mBAAmB;YAC5B,WAAW,EAAE,kFAAkF;SAChG,CAAC;IAEF,8CAA8C;IAC9C,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,oBAAoB;YAC7B,WAAW,EAAE,0FAA0F;SACxG,CAAC;IACF,CAAC,SAAS,EAAE;YACV,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,8DAA8D;SAC5E,CAAC;IACF,CAAC,MAAM,EAAE;YACP,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,2EAA2E;SACzF,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,mFAAmF;SACjG,CAAC;CACH,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAAC,KAAe,EAAE,WAAmB,EAAE;IACzE,MAAM,eAAe,GAA4B,EAAE,CAAC;IAEpD,yDAAyD;IACzD,IAAI,IAAA,oCAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,WAAW,GAAG,IAAA,kDAAwB,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE7C,iCAAiC;IACjC,MAAM,sBAAsB,GAAa,EAAE,CAAC;IAE5C,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAgE,CAAC;IAEjG,gFAAgF;IAChF,2DAA2D;IAC3D,gFAAgF;IAEhF,wCAAwC;IACxC,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,OAAO;QACT,CAAC;QAED,4BAA4B;QAC5B,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,aAAa,GAAG,IAAI,CAAC;YACrB,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,IAAI,aAAa,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACrC,aAAa,GAAG,KAAK,CAAC;YACtB,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAC/D,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,WAAW,CAAC;YAChE,gBAAgB,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;YACzF,OAAO;QACT,CAAC;QAED,8CAA8C;QAC9C,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACtE,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAClC,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;YACxC,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;YACtE,OAAO;QACT,CAAC;QAED,sCAAsC;QACtC,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACrD,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;gBACxC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,WAAW,CAAC;gBAChE,gBAAgB,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;gBACzF,OAAO;YACT,CAAC;YAED,yCAAyC;YACzC,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC5D,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBACjC,MAAM,WAAW,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBACvC,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;gBACtE,OAAO;YACT,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6DAA6D;IAC7D,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,KAAK,EAAE,EAAE;QAC7C,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC;QAEzC,yCAAyC;QACzC,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YAClB,OAAO;QACT,CAAC;QAED,8CAA8C;QAC9C,yDAAyD;QACzD,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC;YAClC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC;YAClC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC;YAChC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAE3D,IAAI,CAAC,YAAY,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3D,sBAAsB,CAAC,IAAI,CAAC,WAAW,WAAW,EAAE,CAAC,CAAC;YAEtD,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;gBAC5B,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,MAAM;gBAClB,OAAO,EAAE,uCAAuC,WAAW,yCAAyC;gBACpG,IAAI;gBACJ,UAAU,EAAE,uNAAuN;gBACnO,KAAK,EAAE,4BAA4B;gBACnC,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,KAAK;gBACb,WAAW,EAAE;oBACX,WAAW,EAAE,gBAAgB,WAAW,8LAA8L;oBACtO,MAAM,EAAE,WAAW,WAAW,wCAAwC;oBACtE,KAAK,EAAE,yNAAyN;iBACjO;gBACD,YAAY,EAAE;oBACZ,WAAW,EACT,wLAAwL;oBAC1L,cAAc,EAAE,WAAW,WAAW,oCAAoC,WAAW,gBAAgB;oBACrG,eAAe,EAAE;wBACf,2CAA2C;wBAC3C,qCAAqC;wBACrC,yCAAyC;wBACzC,mDAAmD;wBACnD,8DAA8D;qBAC/D;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gFAAgF;IAChF,2DAA2D;IAC3D,gFAAgF;IAEhF,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,sBAAsB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACjD,4CAA4C;YAC5C,MAAM,UAAU,GAAG,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,MAAM,CAAC;YAE5D,2EAA2E;YAC3E,iFAAiF;YACjF,MAAM,KAAK,GAAG,UAAU;gBACtB,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,SAAS,CAAC,CAAE,8CAA8C;gBACvF,CAAC,CAAC,IAAI,MAAM,CAAC,UAAU,MAAM,SAAS,CAAC,CAAC;YAE1C,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxB,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEpC,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;oBAC5B,QAAQ,EAAE,qBAAqB;oBAC/B,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,MAAM;oBAClB,OAAO,EAAE,+BAA+B,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,uBAAuB;oBAC9F,IAAI,EAAE,UAAU;oBAChB,UAAU,EAAE,OAAO,OAAO,CAAC,OAAO,aAAa,OAAO,CAAC,WAAW,EAAE;oBACpE,KAAK,EAAE,4BAA4B;oBACnC,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,KAAK;oBACb,WAAW,EAAE;wBACX,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,MAAM,EAAE,OAAO,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,yCAAyC;wBACvF,KAAK,EAAE,OAAO,CAAC,OAAO;qBACvB;oBACD,YAAY,EAAE;wBACZ,WAAW,EACT,4LAA4L;wBAC9L,cAAc,EAAE,4CAA4C,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,2BAA2B,MAAM,cAAc;wBAC1I,eAAe,EAAE;4BACf,0CAA0C;4BAC1C,mCAAmC;4BACnC,yCAAyC;4BACzC,mDAAmD;4BACnD,4CAA4C;yBAC7C;qBACF;iBACF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,gFAAgF;IAChF,wCAAwC;IACxC,gFAAgF;IAEhF,gGAAgG;IAChG,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,OAAO;QACT,CAAC;QAED,0EAA0E;QAC1E,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC5D,IAAI,eAAe,EAAE,CAAC;YACpB,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAC9C,IAAI,CAAC,KAAK;oBAAE,OAAO;gBAEnB,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAE5B,4DAA4D;gBAC5D,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAEtD,IAAI,UAAU,EAAE,CAAC;oBACf,+DAA+D;oBAC/D,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,CAAC;oBAEnC,4BAA4B;oBAC5B,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC;wBAClC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC;wBAClC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC;wBAChC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;oBAE3D,gEAAgE;oBAChE,IAAI,CAAC,YAAY,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;wBAC3D,sBAAsB,CAAC,IAAI,CAAC,UAAU,YAAY,IAAI,UAAU,EAAE,CAAC,CAAC;wBAEpE,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;4BAC5B,QAAQ,EAAE,qBAAqB;4BAC/B,QAAQ,EAAE,UAAU;4BACpB,UAAU,EAAE,MAAM;4BAClB,OAAO,EAAE,qCAAqC,YAAY,IAAI,UAAU,sCAAsC,WAAW,GAAG;4BAC5H,IAAI,EAAE,UAAU;4BAChB,UAAU,EAAE,YAAY,WAAW,oFAAoF;4BACvH,KAAK,EAAE,4BAA4B;4BACnC,GAAG,EAAE,SAAS;4BACd,MAAM,EAAE,KAAK;4BACb,WAAW,EAAE;gCACX,WAAW,EAAE,mBAAmB,YAAY,IAAI,UAAU,uBAAuB,WAAW,wGAAwG;gCACpM,MAAM,EAAE,GAAG,YAAY,IAAI,UAAU,gDAAgD;gCACrF,KAAK,EAAE,6KAA6K;6BACrL;4BACD,YAAY,EAAE;gCACZ,WAAW,EACT,gLAAgL;gCAClL,cAAc,EAAE,GAAG,YAAY,IAAI,UAAU,qCAAqC,WAAW,gBAAgB;gCAC7G,eAAe,EAAE;oCACf,2DAA2D;oCAC3D,qCAAqC;oCACrC,8CAA8C;oCAC9C,yCAAyC;oCACzC,+DAA+D;iCAChE;6BACF;yBACF,CAAC,CACH,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,4DAA4D;oBAC5D,oDAAoD;oBACpD,iEAAiE;oBACjE,MAAM,QAAQ,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ;wBACpE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ;wBAChE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;oBAE9E,gFAAgF;oBAChF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;oBAEtG,IAAI,CAAC,gBAAgB,EAAE,CAAC;wBACtB,4DAA4D;wBAC5D,uEAAuE;wBACvE,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK;4BAC1D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ;4BACrD,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;wBAEnF,IAAI,cAAc,CAAC,QAAQ,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;4BACxD,sBAAsB,CAAC,IAAI,CAAC,aAAa,YAAY,IAAI,UAAU,EAAE,CAAC,CAAC;4BAEvE,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;gCAC5B,QAAQ,EAAE,qBAAqB;gCAC/B,QAAQ,EAAE,UAAU;gCACpB,UAAU,EAAE,MAAM;gCAClB,OAAO,EAAE,qCAAqC,YAAY,IAAI,UAAU,mCAAmC,YAAY,oBAAoB;gCAC3I,IAAI,EAAE,UAAU;gCAChB,UAAU,EAAE,YAAY,YAAY,4KAA4K,UAAU,MAAM;gCAChO,KAAK,EAAE,4BAA4B;gCACnC,GAAG,EAAE,SAAS;gCACd,MAAM,EAAE,KAAK;gCACb,WAAW,EAAE;oCACX,WAAW,EAAE,gBAAgB,YAAY,+LAA+L;oCACxO,MAAM,EAAE,sGAAsG;oCAC9G,KAAK,EAAE,qIAAqI;iCAC7I;gCACD,YAAY,EAAE;oCACZ,WAAW,EACT,uKAAuK;oCACzK,cAAc,EAAE,GAAG,YAAY,IAAI,UAAU,wCAAwC,YAAY,EAAE;oCACnG,eAAe,EAAE;wCACf,2CAA2C;wCAC3C,wCAAwC;wCACxC,qDAAqD;wCACrD,sDAAsD;wCACtD,+CAA+C;qCAChD;iCACF;6BACF,CAAC,CACH,CAAC;wBACJ,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gFAAgF;IAChF,2DAA2D;IAC3D,gFAAgF;IAEhF,MAAM,UAAU,GAA2C,EAAE,CAAC;IAE9D,2DAA2D;IAC3D,MAAM,kBAAkB,GAAG,IAAA,2DAAiC,EAAC,YAAY,CAAC,CAAC;IAC3E,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC3B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gCAAgC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,iDAAiD;IACjD,MAAM,aAAa,GAAG,IAAA,mDAAyB,EAAC,YAAY,CAAC,CAAC;IAC9D,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,6CAA6C;IAC7C,MAAM,aAAa,GAAG,IAAA,+CAAqB,EAAC,KAAK,CAAC,CAAC;IACnD,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,qDAAqD;IACrD,MAAM,WAAW,GAAG,IAAA,sDAA4B,EAAC,YAAY,CAAC,CAAC;IAC/D,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,iDAAiD;IACjD,MAAM,eAAe,GAAG,IAAA,mDAAyB,EAAC,YAAY,CAAC,CAAC;IAChE,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QACxB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,iEAAiE;IACjE,MAAM,0BAA0B,GAAG,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC5E,IAAI,0BAA0B,GAAG,CAAC,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,IAAA,sDAA4B,EAAC,YAAY,CAAC,CAAC;IACpE,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;QACzB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,8DAA8D;IAC9D,MAAM,iBAAiB,GAAG,IAAA,+DAAqC,EAAC,YAAY,CAAC,CAAC;IAC9E,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;QAC1B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,gFAAgF;IAChF,iCAAiC;IACjC,gFAAgF;IAEhF,sDAAsD;IACtD,MAAM,eAAe,GAAG;QACtB,oBAAoB,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,gCAAgC,CAAC,EAAE,KAAK,IAAI,CAAC;QACnG,mBAAmB,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAAE,KAAK,IAAI,CAAC;QACxF,eAAe,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,EAAE,KAAK,IAAI,CAAC;QAChF,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,EAAE,KAAK,IAAI,CAAC;QACxE,mBAAmB,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAAE,KAAK,IAAI,CAAC;QACxF,gBAAgB,EAAE,CAAC,EAAE,uBAAuB;QAC5C,gBAAgB,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,EAAE,KAAK,IAAI,CAAC;QAClF,mBAAmB,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAAE,KAAK,IAAI,CAAC;KACzF,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,mDAAyB,EAAC,sBAAsB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAE7F,sDAAsD;IACtD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,KAAK,KAAK,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3E,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEtE,eAAe,CAAC,IAAI,CAClB,IAAA,mDAA6B,EAAC;YAC5B,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ;YACR,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,WAAW,EAA+B;YAC5E,OAAO,EAAE,+BAA+B,UAAU,CAAC,UAAU,uBAAuB,UAAU,CAAC,cAAc,GAAG;YAChH,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,+HAA+H;YAC3I,KAAK,EAAE,4BAA4B;YACnC,GAAG,EAAE,UAAU;YACf,MAAM,EAAE,KAAK;YACb,WAAW,EAAE;gBACX,WAAW,EACT,8MAA8M;gBAChN,MAAM,EAAE,qKAAqK;gBAC7K,KAAK,EAAE,oKAAoK;aAC5K;YACD,YAAY,EAAE;gBACZ,WAAW,EACT,uMAAuM;gBACzM,cAAc,EAAE,wBAAwB,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;gBACjF,eAAe,EAAE;oBACf,yCAAyC;oBACzC,oDAAoD;oBACpD,kDAAkD;oBAClD,iDAAiD;oBACjD,2CAA2C;iBAC5C;aACF;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,2BAA2B,CAAC,IAAY;IAC/C,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,sDAAsD;IACtD,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;IAEvE,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;QACvC,uEAAuE;QACvE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC;QACxE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAEzD,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9C,KAAK,IAAI,CAAC,CAAC,CAAC,uDAAuD;QACrE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Go Concurrency Safety Security Checks
|
|
3
|
+
* OWASP A04:2025 - Insecure Design
|
|
4
|
+
*
|
|
5
|
+
* Detects concurrency-related vulnerabilities in Go code including race conditions
|
|
6
|
+
* and goroutine leaks.
|
|
7
|
+
*/
|
|
8
|
+
import { SecurityVulnerability } from '../../types';
|
|
9
|
+
/**
|
|
10
|
+
* Checks for concurrency safety issues
|
|
11
|
+
*
|
|
12
|
+
* Covers:
|
|
13
|
+
* - Check #1: Race conditions (unsynchronized variable access in concurrent contexts) (HIGH)
|
|
14
|
+
* - Map access without mutex protection
|
|
15
|
+
* - Slice modifications without synchronization
|
|
16
|
+
* - Simple variable operations (counter++, assignments) without mutex/atomic
|
|
17
|
+
* - Check #2: Goroutine leaks (unclosed channels) (MEDIUM)
|
|
18
|
+
*
|
|
19
|
+
* @param lines - Array of code lines
|
|
20
|
+
* @returns Array of security vulnerabilities found
|
|
21
|
+
*/
|
|
22
|
+
export declare function checkConcurrencySafety(lines: string[]): SecurityVulnerability[];
|
|
23
|
+
//# sourceMappingURL=concurrency-safety.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"concurrency-safety.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/go/security-checks/concurrency-safety.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,qBAAqB,EAAE,CA2V/E"}
|