codeslick-cli 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -19
- package/dist/packages/cli/src/reporters/cli-reporter.js +7 -7
- package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -1
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.d.ts +5 -2
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.d.ts.map +1 -1
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.js +61 -5
- package/dist/src/lib/analyzers/go/security-checks/ai-generated-code.js.map +1 -1
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.d.ts +6 -4
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.d.ts.map +1 -1
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.js +97 -4
- package/dist/src/lib/analyzers/go/security-checks/credentials-crypto.js.map +1 -1
- package/dist/src/lib/analyzers/go/security-checks/enhanced-supply-chain.d.ts +21 -0
- package/dist/src/lib/analyzers/go/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/enhanced-supply-chain.js +114 -0
- package/dist/src/lib/analyzers/go/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.d.ts +1 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.d.ts.map +1 -1
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.js +48 -0
- package/dist/src/lib/analyzers/go/security-checks/injection-attacks.js.map +1 -1
- package/dist/src/lib/analyzers/go-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/go-analyzer.js +3 -0
- package/dist/src/lib/analyzers/go-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +226 -2
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -1
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +1108 -23
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -1
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -1
- package/dist/src/lib/analyzers/helpers/variable-tracker.js +6 -4
- package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -1
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +2 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -1
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +76 -12
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -1
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +2 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -1
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +99 -6
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -1
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -1
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +41 -3
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -1
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +3 -2
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -1
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +82 -11
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -1
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +3 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -1
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +75 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -1
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/javascript-analyzer.js +9 -2
- package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +3 -2
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +113 -10
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +2 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +48 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +3 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +84 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +4 -2
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +43 -3
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.js +19 -3
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +2 -2
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +3 -3
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +8 -1
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +2 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +49 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +13 -11
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +79 -22
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -1
- package/dist/src/lib/analyzers/typescript/security-checks/type-safety.d.ts +24 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-safety.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-safety.js +181 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-safety.js.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/typescript-analyzer.js +3 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -1
- package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -1
- package/dist/src/lib/security/compliance-mapping.js +19 -0
- package/dist/src/lib/security/compliance-mapping.js.map +1 -1
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -1
- package/dist/src/lib/security/severity-scoring.js +7 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -1
- package/package.json +1 -1
- package/src/reporters/cli-reporter.ts +7 -7
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enhanced-supply-chain.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/enhanced-supply-chain.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAoBH,4DAsUC;AAvVD,sEAA+E;AAE/E;;;;;;;;;;;;;;GAcG;AACH,SAAgB,wBAAwB,CACtC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,iEAAiE;IACjE,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,iEAAiE;IACjE,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,2CAA2C;IAE9F,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,wDAAwD;QACxD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,+DAA+D;QAC/D,qFAAqF;QACrF,4EAA4E;QAC5E,iDAAiD;QACjD,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,0CAA0C;QAC1C,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC;YAC1C,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC;YAClC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,QAAQ,EAAE,CAAC;gBACb,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,qFAAqF;QACrF,mFAAmF;QACnF,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;YACnE,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7E,kEAAkE;YAClE,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,qCAAqC,CAAC;gBACzD,WAAW,CAAC,KAAK,CAAC,+BAA+B,CAAC;gBAClD,WAAW,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAChF,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;gBAClC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,wBAAwB,CAAC;YACpF,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACtC,iEAAiE;YACjE,IAAI,aAAa,GAAG,KAAK,CAAC;YAE1B,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBACrF,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;YAED,mDAAmD;YACnD,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClC,aAAa,GAAG,IAAI,CAAC;oBACrB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,MAAM,kBAAkB,GAAG,qCAAqC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAEnF,iCAAiC;YACjC,MAAM,qBAAqB,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAChG,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,mBAAmB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC7C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAClE,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBAC/B,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YAC/E,CAAC,CAAC,CAAC;YAEH,IAAI,aAAa,IAAI,CAAC,kBAAkB,IAAI,CAAC,qBAAqB,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBAC3F,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,uBAAuB,EACvB,wEAAwE,EACxE,qFAAqF,EACrF,KAAK,GAAG,CAAC,EACT,oMAAoM,EACpM,oGAAoG,EACpG;oBACE,6DAA6D;oBAC7D,2CAA2C;oBAC3C,uCAAuC;oBACvC,4CAA4C;oBAC5C,sCAAsC;iBACvC,EACD,0BAA0B,EAC1B,yJAAyJ,EACzJ,qIAAqI,CACtI,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACtE,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,2BAA2B,EAC3B,iEAAiE,EACjE,0EAA0E,EAC1E,KAAK,GAAG,CAAC,EACT,qFAAqF,EACrF,kEAAkE,EAClE;gBACE,mDAAmD;gBACnD,gDAAgD;gBAChD,uDAAuD;gBACvD,sDAAsD;aACvD,EACD,2CAA2C,EAC3C,4CAA4C,EAC5C,mFAAmF,CACpF,CACF,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,sEAAsE;QACtE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACpE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,qBAAqB;gBACrD,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,qBAAqB;gBACtD,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,sBAAsB;gBACxD,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,sBAAsB;gBACxD,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB;gBACpD,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB;gBACpD,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,wBAAwB;YAChE,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,uBAAuB,EACvB,mEAAmE,EACnE,8DAA8D,EAC9D,KAAK,GAAG,CAAC,EACT,mFAAmF,EACnF,uDAAuD,EACvD;gBACE,6CAA6C;gBAC7C,gDAAgD;gBAChD,6CAA6C;gBAC7C,wCAAwC;aACzC,EACD,6CAA6C,EAC7C,4EAA4E,EAC5E,iGAAiG,CAClG,CACF,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACvE,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACtE,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACzC,OAAO,SAAS,CAAC,QAAQ,CAAC,mBAAmB,CAAC;oBACvC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;oBAChC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACzE,CAAC,CAAC,EAAE,CAAC;YACP,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,oBAAoB,EACpB,qDAAqD,EACrD,4EAA4E,EAC5E,KAAK,GAAG,CAAC,EACT,yEAAyE,EACzE,uEAAuE,EACvE;gBACE,6CAA6C;gBAC7C,kDAAkD;gBAClD,yCAAyC;gBACzC,4CAA4C;aAC7C,EACD,gEAAgE,EAChE,+JAA+J,EAC/J,6EAA6E,CAC9E,CACF,CAAC;QACJ,CAAC;QAED,kDAAkD;QAClD,uEAAuE;QACvE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YAC3G,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACzE,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC;gBAC7B,4EAA4E;gBAC5E,SAAS,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;YAExE,4DAA4D;YAC5D,MAAM,kBAAkB,GAAG,WAAW,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAEtF,0DAA0D;YAC1D,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9F,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACnE,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC3E,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,sBAAsB,EACtB,sFAAsF,EACtF,mEAAmE,EACnE,KAAK,GAAG,CAAC,EACT,2GAA2G,EAC3G,uEAAuE,EACvE;oBACE,0DAA0D;oBAC1D,uDAAuD;oBACvD,mDAAmD;oBACnD,4CAA4C;iBAC7C,EACD,2DAA2D,EAC3D,qJAAqJ,EACrJ,6GAA6G,CAC9G,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC;YAClC,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACnE,CAAC,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;YACtF,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,0BAA0B,EAC1B,qEAAqE,EACrE,8EAA8E,EAC9E,KAAK,GAAG,CAAC,EACT,gGAAgG,EAChG,kFAAkF,EAClF;gBACE,kDAAkD;gBAClD,iDAAiD;gBACjD,8CAA8C;gBAC9C,4CAA4C;aAC7C,EACD,yDAAyD,EACzD,qGAAqG,EACrG,6FAA6F,CAC9F,CACF,CAAC;QACJ,CAAC;QAED,wFAAwF;QACxF,iGAAiG;QACjG,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC/E,gCAAgC;YAChC,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAErF,IAAI,cAAc,EAAE,CAAC;gBACnB,mEAAmE;gBACnE,IAAI,gBAAgB,GAAG,KAAK,CAAC;gBAC7B,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;oBACzC,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACnC,gBAAgB,GAAG,IAAI,CAAC;wBACxB,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,iEAAiE;gBACjE,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC7F,MAAM,iBAAiB,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;oBAC9C,MAAM,YAAY,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;oBACrC,OAAO,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACjC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC/B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC/B,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC5B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAChE,YAAY,CAAC,QAAQ,CAAC,eAAe,CAAC;wBACtC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC/E,CAAC,CAAC,CAAC;gBAEH,mFAAmF;gBACnF,IAAI,CAAC,iBAAiB,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;oBAC7G,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,gDAAgD,EAChD,4EAA4E,EAC5E,mFAAmF,EACnF,KAAK,GAAG,CAAC,EACT,uPAAuP,EACvP,8MAA8M,EAC9M;wBACE,+CAA+C;wBAC/C,kDAAkD;wBAClD,gDAAgD;wBAChD,0BAA0B;wBAC1B,uBAAuB;wBACvB,wCAAwC;qBACzC,EACD,gFAAgF,EAChF,6bAA6b,EAC7b,oKAAoK,CACrK,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
1
|
+
{"version":3,"file":"enhanced-supply-chain.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/enhanced-supply-chain.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAwDH,4DAkaC;AAvdD,sEAA+E;AAE/E;;;;;GAKG;AACH,MAAM,wBAAwB,GAAG;IAC/B,oCAAoC;IACpC,qCAAqC,EAAE,kCAAkC;IACzE,yCAAyC,EAAE,qBAAqB;IAChE,gCAAgC,EAAE,4BAA4B;IAC9D,gCAAgC;IAChC,2CAA2C;IAC3C,oCAAoC;IACpC,mCAAmC;IACnC,iCAAiC;IACjC,uBAAuB;IACvB,oBAAoB;IACpB,+BAA+B;IAC/B,uCAAuC;IACvC,6CAA6C,EAAE,uBAAuB;IACtE,yCAAyC;CAC1C,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,YAAY;IACZ,YAAY;IACZ,qBAAqB;IACrB,eAAe;IACf,aAAa;CACd,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,wBAAwB,CACtC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,iEAAiE;IACjE,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,iEAAiE;IACjE,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,2CAA2C;IAE9F,0EAA0E;IAC1E,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,IAAI,kBAAkB,GAAkB,IAAI,CAAC;IAE7C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,wDAAwD;QACxD,4DAA4D;QAC5D,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9D,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,kBAAkB,EAAE,CAAC;YACrD,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,8DAA8D;QAC9D,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACvE,IAAI,YAAY,EAAE,CAAC;gBACjB,cAAc,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;gBACjC,kBAAkB,GAAG,KAAK,GAAG,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,cAAc,EAAE,CAAC;YACzD,MAAM,eAAe,GAAG,WAAW,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;YAChF,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBACtC,MAAM,eAAe,GAAG,GAAG,cAAc,IAAI,UAAU,EAAE,CAAC;gBAE1D,8CAA8C;gBAC9C,IAAI,wBAAwB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;oBACvD,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,yBAAyB,EACzB,iDAAiD,eAAe,GAAG,EACnE,oFAAoF,EACpF,kBAAmB,EAAE,yBAAyB;oBAC9C,YAAY,eAAe,kHAAkH,EAC7I,4BAA4B,cAAc,6BAA6B,UAAU,8BAA8B,EAC/G;wBACE,iDAAiD;wBACjD,sCAAsC;wBACtC,yCAAyC;wBACzC,8CAA8C;wBAC9C,8CAA8C;qBAC/C,EACD,4BAA4B,cAAc,6BAA6B,UAAU,eAAe,EAChG,cAAc,eAAe,yHAAyH,EACtJ,6FAA6F,CAC9F,CACF,CAAC;gBACJ,CAAC;gBAED,uBAAuB;gBACvB,cAAc,GAAG,IAAI,CAAC;gBACtB,kBAAkB,GAAG,IAAI,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACxC,cAAc,GAAG,IAAI,CAAC;YACtB,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QAED,0CAA0C;QAC1C,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC;YAC1C,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC;YAClC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,QAAQ,EAAE,CAAC;gBACb,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,qFAAqF;QACrF,mFAAmF;QACnF,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;YACnE,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7E,kEAAkE;YAClE,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,qCAAqC,CAAC;gBACzD,WAAW,CAAC,KAAK,CAAC,+BAA+B,CAAC;gBAClD,WAAW,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAChF,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;gBAClC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,wBAAwB,CAAC;YACpF,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACtC,iEAAiE;YACjE,IAAI,aAAa,GAAG,KAAK,CAAC;YAE1B,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBACrF,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;YAED,mDAAmD;YACnD,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClC,aAAa,GAAG,IAAI,CAAC;oBACrB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,MAAM,kBAAkB,GAAG,qCAAqC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAEnF,iCAAiC;YACjC,MAAM,qBAAqB,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAChG,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9D,MAAM,mBAAmB,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBAC7C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;oBAClE,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBAC/B,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YAC/E,CAAC,CAAC,CAAC;YAEH,IAAI,aAAa,IAAI,CAAC,kBAAkB,IAAI,CAAC,qBAAqB,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBAC3F,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,uBAAuB,EACvB,wEAAwE,EACxE,qFAAqF,EACrF,KAAK,GAAG,CAAC,EACT,oMAAoM,EACpM,oGAAoG,EACpG;oBACE,6DAA6D;oBAC7D,2CAA2C;oBAC3C,uCAAuC;oBACvC,4CAA4C;oBAC5C,sCAAsC;iBACvC,EACD,0BAA0B,EAC1B,yJAAyJ,EACzJ,qIAAqI,CACtI,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACtE,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,2BAA2B,EAC3B,iEAAiE,EACjE,0EAA0E,EAC1E,KAAK,GAAG,CAAC,EACT,qFAAqF,EACrF,kEAAkE,EAClE;gBACE,mDAAmD;gBACnD,gDAAgD;gBAChD,uDAAuD;gBACvD,sDAAsD;aACvD,EACD,2CAA2C,EAC3C,4CAA4C,EAC5C,mFAAmF,CACpF,CACF,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,sEAAsE;QACtE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACpE,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,qBAAqB;gBACrD,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,qBAAqB;gBACtD,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,sBAAsB;gBACxD,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,sBAAsB;gBACxD,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB;gBACpD,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,oBAAoB;gBACpD,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,wBAAwB;YAChE,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,uBAAuB,EACvB,mEAAmE,EACnE,8DAA8D,EAC9D,KAAK,GAAG,CAAC,EACT,mFAAmF,EACnF,uDAAuD,EACvD;gBACE,6CAA6C;gBAC7C,gDAAgD;gBAChD,6CAA6C;gBAC7C,wCAAwC;aACzC,EACD,6CAA6C,EAC7C,4EAA4E,EAC5E,iGAAiG,CAClG,CACF,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACvE,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACtE,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACzC,OAAO,SAAS,CAAC,QAAQ,CAAC,mBAAmB,CAAC;oBACvC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;oBAChC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACzE,CAAC,CAAC,EAAE,CAAC;YACP,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,oBAAoB,EACpB,qDAAqD,EACrD,4EAA4E,EAC5E,KAAK,GAAG,CAAC,EACT,yEAAyE,EACzE,uEAAuE,EACvE;gBACE,6CAA6C;gBAC7C,kDAAkD;gBAClD,yCAAyC;gBACzC,4CAA4C;aAC7C,EACD,gEAAgE,EAChE,+JAA+J,EAC/J,6EAA6E,CAC9E,CACF,CAAC;QACJ,CAAC;QAED,kDAAkD;QAClD,uEAAuE;QACvE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YAC3G,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACzE,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC;gBAC7B,4EAA4E;gBAC5E,SAAS,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;YAExE,4DAA4D;YAC5D,MAAM,kBAAkB,GAAG,WAAW,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAEtF,0DAA0D;YAC1D,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9F,MAAM,cAAc,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACnE,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC3E,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,sBAAsB,EACtB,sFAAsF,EACtF,mEAAmE,EACnE,KAAK,GAAG,CAAC,EACT,2GAA2G,EAC3G,uEAAuE,EACvE;oBACE,0DAA0D;oBAC1D,uDAAuD;oBACvD,mDAAmD;oBACnD,4CAA4C;iBAC7C,EACD,2DAA2D,EAC3D,qJAAqJ,EACrJ,6GAA6G,CAC9G,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC;YAClC,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACnE,CAAC,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;YACtF,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,0BAA0B,EAC1B,qEAAqE,EACrE,8EAA8E,EAC9E,KAAK,GAAG,CAAC,EACT,gGAAgG,EAChG,kFAAkF,EAClF;gBACE,kDAAkD;gBAClD,iDAAiD;gBACjD,8CAA8C;gBAC9C,4CAA4C;aAC7C,EACD,yDAAyD,EACzD,qGAAqG,EACrG,6FAA6F,CAC9F,CACF,CAAC;QACJ,CAAC;QAED,wFAAwF;QACxF,iGAAiG;QACjG,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC/E,gCAAgC;YAChC,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAErF,IAAI,cAAc,EAAE,CAAC;gBACnB,mEAAmE;gBACnE,IAAI,gBAAgB,GAAG,KAAK,CAAC;gBAC7B,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;oBACzC,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACnC,gBAAgB,GAAG,IAAI,CAAC;wBACxB,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,iEAAiE;gBACjE,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC7F,MAAM,iBAAiB,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;oBAC9C,MAAM,YAAY,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;oBACrC,OAAO,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACjC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC/B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC/B,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC5B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAChE,YAAY,CAAC,QAAQ,CAAC,eAAe,CAAC;wBACtC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC/E,CAAC,CAAC,CAAC;gBAEH,mFAAmF;gBACnF,IAAI,CAAC,iBAAiB,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;oBAC7G,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,gDAAgD,EAChD,4EAA4E,EAC5E,mFAAmF,EACnF,KAAK,GAAG,CAAC,EACT,uPAAuP,EACvP,8MAA8M,EAC9M;wBACE,+CAA+C;wBAC/C,kDAAkD;wBAClD,gDAAgD;wBAChD,0BAA0B;wBAC1B,uBAAuB;wBACvB,wCAAwC;qBACzC,EACD,gFAAgF,EAChF,6bAA6b,EAC7b,oKAAoK,CACrK,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,oFAAoF;QACpF,6DAA6D;QAC7D,uEAAuE;QACvE,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;YACvF,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;YACjE,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAEzC,qDAAqD;YACrD,KAAK,MAAM,gBAAgB,IAAI,wBAAwB,EAAE,CAAC;gBACxD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAE1D,0DAA0D;gBAC1D,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC9F,eAAe,CAAC,IAAI,CAClB,IAAA,qDAA+B,EAC7B,yBAAyB,EACzB,iDAAiD,gBAAgB,GAAG,EACpE,oFAAoF,EACpF,KAAK,GAAG,CAAC,EACT,YAAY,gBAAgB,kHAAkH,EAC9I,QAAQ,gBAAgB,2BAA2B,EACnD;wBACE,iDAAiD;wBACjD,sCAAsC;wBACtC,yCAAyC;wBACzC,8CAA8C;wBAC9C,8CAA8C;qBAC/C,EACD,oBAAoB,gBAAgB,MAAM,EAC1C,cAAc,gBAAgB,sIAAsI,EACpK,6FAA6F,CAC9F,CACF,CAAC;oBACF,MAAM,CAAC,4BAA4B;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
* - Command Injection (CRITICAL)
|
|
9
9
|
* - LDAP Injection (HIGH)
|
|
10
10
|
* - XPath Injection (HIGH)
|
|
11
|
+
* - Path Traversal (HIGH) - Priority 1 Fix (Jan 23, 2026)
|
|
11
12
|
*
|
|
12
13
|
* All checks follow the pattern matching approach to identify vulnerable
|
|
13
14
|
* string concatenation in security-sensitive contexts.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"injection-attacks.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/injection-attacks.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"injection-attacks.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/injection-attacks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,qBAAqB,EAAE,CAyT9E"}
|
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
* - Command Injection (CRITICAL)
|
|
10
10
|
* - LDAP Injection (HIGH)
|
|
11
11
|
* - XPath Injection (HIGH)
|
|
12
|
+
* - Path Traversal (HIGH) - Priority 1 Fix (Jan 23, 2026)
|
|
12
13
|
*
|
|
13
14
|
* All checks follow the pattern matching approach to identify vulnerable
|
|
14
15
|
* string concatenation in security-sensitive contexts.
|
|
@@ -70,7 +71,14 @@ function checkInjectionAttacks(lines) {
|
|
|
70
71
|
const hasSQLKeywords = trimmed.match(/\b(SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)\b/i);
|
|
71
72
|
const hasStringConcat = trimmed.includes(' + ') || trimmed.includes('+ "') || trimmed.includes('" +');
|
|
72
73
|
const isQueryStringConstruction = hasSQLKeywords && hasStringConcat;
|
|
73
|
-
|
|
74
|
+
// CRITICAL FIX: Skip if using PreparedStatement (SAFE parameterized queries)
|
|
75
|
+
// PreparedStatement with ? placeholders is the CORRECT way to prevent SQL injection
|
|
76
|
+
const isPreparedStatementUsage = trimmed.match(/PreparedStatement/) ||
|
|
77
|
+
(trimmed.match(/VALUES\s*\(\s*\?/) || trimmed.match(/WHERE.*=\s*\?/)) ||
|
|
78
|
+
(index < lines.length - 3 &&
|
|
79
|
+
lines.slice(index + 1, index + 4).some(l => l.match(/PreparedStatement|\.setString|\.setInt|\.setLong/)));
|
|
80
|
+
if ((hasJDBCExecution || hasJPAHibernate || hasMyBatisVuln || hasStringBuilderSQL || isQueryStringConstruction) &&
|
|
81
|
+
!isPreparedStatementUsage) {
|
|
74
82
|
let message = 'SQL Injection vulnerability detected';
|
|
75
83
|
let recommendation = 'Use PreparedStatement with parameterized queries or JPA with named parameters';
|
|
76
84
|
if (hasJPAHibernate) {
|
|
@@ -98,6 +106,9 @@ function checkInjectionAttacks(lines) {
|
|
|
98
106
|
// - Environment variable injection
|
|
99
107
|
// Pattern 1: Runtime.exec with concatenation
|
|
100
108
|
const hasRuntimeExec = trimmed.match(/\.exec\s*\(/i) && trimmed.includes('+');
|
|
109
|
+
// Pattern 1b: Runtime.exec with variable argument - CRITICAL (Priority 1 Fix - Jan 23, 2026)
|
|
110
|
+
// Detects: Runtime.getRuntime().exec(cmd) where cmd is a variable
|
|
111
|
+
const runtimeExecWithVar = trimmed.match(/Runtime\.getRuntime\(\)\.exec\s*\(\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*\)/);
|
|
101
112
|
// Pattern 2: ProcessBuilder with shell invocation
|
|
102
113
|
const hasProcessBuilderShell = trimmed.match(/ProcessBuilder\s*\(/) &&
|
|
103
114
|
(trimmed.match(/"sh"|"bash"|"cmd\.exe"|"\/c"/) ||
|
|
@@ -108,10 +119,14 @@ function checkInjectionAttacks(lines) {
|
|
|
108
119
|
const hasCommonsExec = trimmed.match(/CommandLine\s*\(/) || trimmed.match(/\.execute\s*\(/);
|
|
109
120
|
// Pattern 5: String command construction (for next line exec check)
|
|
110
121
|
const isCommandConstruction = trimmed.match(/String\s+\w*(cmd|command|exec)\w*\s*=/) && trimmed.includes('+');
|
|
111
|
-
if (hasRuntimeExec || hasProcessBuilderShell || hasProcessBuilderConcat || hasCommonsExec || isCommandConstruction) {
|
|
122
|
+
if (hasRuntimeExec || runtimeExecWithVar || hasProcessBuilderShell || hasProcessBuilderConcat || hasCommonsExec || isCommandConstruction) {
|
|
112
123
|
let message = 'Command Injection vulnerability detected';
|
|
113
124
|
let recommendation = 'Use ProcessBuilder with separate arguments array, never concatenate user input into shell commands';
|
|
114
|
-
if (
|
|
125
|
+
if (runtimeExecWithVar) {
|
|
126
|
+
message = 'CRITICAL: Runtime.exec() with variable - command injection risk';
|
|
127
|
+
recommendation = 'Use ProcessBuilder with separate arguments array. Validate input strictly if Runtime.exec() is unavoidable';
|
|
128
|
+
}
|
|
129
|
+
else if (hasProcessBuilderShell) {
|
|
115
130
|
message = 'Command Injection vulnerability detected - ProcessBuilder with shell invocation';
|
|
116
131
|
recommendation = 'Do not invoke shell (sh, bash, cmd.exe). Use ProcessBuilder with direct command and separate arguments';
|
|
117
132
|
}
|
|
@@ -195,6 +210,29 @@ function checkInjectionAttacks(lines) {
|
|
|
195
210
|
'Business logic bypass'
|
|
196
211
|
], 'String query = "//users/user[username=\'" + username + "\' and password=\'" + password + "\']";\nxpath.evaluate(query, doc);', '// Use parameterized XPath (if supported) or sanitize input\nString safeUsername = username.replaceAll("[\'\\\"\\\\]", "");\nString query = "//users/user[username=\'" + safeUsername + "\']";\n// Better: Use XPathExpression with setXPathVariableResolver', 'Validate and sanitize user input by removing XPath metacharacters. Preferably use XPath parameterization if your XML library supports it, or switch to safer alternatives like XQuery with parameters'));
|
|
197
212
|
}
|
|
213
|
+
// 5. Path Traversal - String concatenation in file paths - HIGH (Priority 1 Fix - Jan 23, 2026)
|
|
214
|
+
// Detects: "/path/" + userInput, basePath + userVar, etc.
|
|
215
|
+
// Pattern: File operations (FileInputStream, FileReader, FileOutputStream, File) with concatenation
|
|
216
|
+
const pathConcatMatch = trimmed.match(/(['"])([^'"]*\/[^'"]*)\1\s*\+\s*([a-zA-Z_][a-zA-Z0-9_]*)/);
|
|
217
|
+
const reverseConcatMatch = !pathConcatMatch ? trimmed.match(/([a-zA-Z_][a-zA-Z0-9_]*)\s*\+\s*(['"])([^'"]*\/[^'"]*)\2/) : null;
|
|
218
|
+
const fileOperationWithConcat = (trimmed.match(/new\s+(FileInputStream|FileReader|FileOutputStream|FileWriter|File|RandomAccessFile)\s*\([^)]*\+[^)]*\)/) ||
|
|
219
|
+
trimmed.match(/Files\.(read|write|delete|copy|move)\s*\([^)]*\+[^)]*\)/) ||
|
|
220
|
+
trimmed.match(/Path\.of\s*\([^)]*\+[^)]*\)/));
|
|
221
|
+
if ((pathConcatMatch || reverseConcatMatch || fileOperationWithConcat) &&
|
|
222
|
+
!trimmed.includes('Paths.get') && // Paths.get still needs validation but is slightly safer
|
|
223
|
+
!trimmed.includes('.trim()') && // Skip simple string operations
|
|
224
|
+
!trimmed.includes('.replace(')) { // Skip string sanitization
|
|
225
|
+
const alreadyFlagged = vulnerabilities.some(v => v.line === lineNumber && v.category === 'path-traversal');
|
|
226
|
+
if (!alreadyFlagged) {
|
|
227
|
+
vulnerabilities.push((0, createVulnerability_1.createJavaSecurityVulnerability)('path-traversal', 'Path traversal vulnerability - unsanitized user input in file path', 'Validate and sanitize file paths - use Path.normalize(), whitelist allowed paths, or use File.getCanonicalPath() with base directory check', lineNumber, 'String concatenation with user input in file paths allows attackers to access arbitrary files using path traversal sequences like ../ or absolute paths. This can expose sensitive files like /etc/passwd, configuration files, application.properties, or source code.', 'String fullPath = "/var/uploads/" + userPath where userPath = "../../etc/passwd" or "/etc/shadow"', [
|
|
228
|
+
'Arbitrary file read via path traversal (../../etc/passwd)',
|
|
229
|
+
'Access to configuration files (application.properties, database credentials)',
|
|
230
|
+
'Source code disclosure',
|
|
231
|
+
'Private key theft (/home/user/.ssh/id_rsa)',
|
|
232
|
+
'Information disclosure for further attacks'
|
|
233
|
+
], 'String readFile(String userPath) {\n String fullPath = "/var/uploads/" + userPath; // Vulnerable!\n return Files.readString(Paths.get(fullPath));\n}', 'import java.nio.file.Path;\nimport java.nio.file.Paths;\n\nString readFile(String userPath) {\n // Sanitize: Remove directory components\n String safeFilename = Paths.get(userPath).getFileName().toString();\n \n // Validate: Check against whitelist\n Set<String> allowedFiles = Set.of("data.txt", "config.json", "report.pdf");\n if (!allowedFiles.contains(safeFilename)) {\n throw new SecurityException("File not allowed");\n }\n \n // Construct safe path\n Path basePath = Paths.get("/var/uploads");\n Path filePath = basePath.resolve(safeFilename).normalize();\n \n // Verify still within base directory (prevents traversal)\n if (!filePath.startsWith(basePath)) {\n throw new SecurityException("Path traversal detected");\n }\n \n return Files.readString(filePath);\n}', 'Never concatenate user input directly into file paths. Use Path.getFileName() to extract filename only, validate against a whitelist of allowed files, construct paths with resolve() and normalize(), and verify the final path stays within the intended base directory. Use File.getCanonicalPath() to resolve symlinks and prevent traversal bypasses.'));
|
|
234
|
+
}
|
|
235
|
+
}
|
|
198
236
|
});
|
|
199
237
|
return vulnerabilities;
|
|
200
238
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"injection-attacks.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/injection-attacks.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"injection-attacks.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/security-checks/injection-attacks.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAWH,sDAyTC;AAjUD,sEAA+E;AAE/E;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,KAAe;IACnD,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,8CAA8C;QAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO;QAElG,qDAAqD;QACrD,WAAW;QACX,wDAAwD;QACxD,+DAA+D;QAC/D,yDAAyD;QACzD,wDAAwD;QACxD,mCAAmC;QACnC,gEAAgE;QAEhE,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC;YACrC,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAElE,6FAA6F;QAC7F,2EAA2E;QAC3E,MAAM,qBAAqB,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC;YACpC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAExE,mGAAmG;QACnG,MAAM,mBAAmB,GAAG,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACrF,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,qBAAqB,GAAG,mBAAmB,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACtE,CAAC,CAAC,KAAK,CAAC,6BAA6B,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC,CACrG,CAAC;QAEF,MAAM,eAAe,GAAG,qBAAqB,IAAI,qBAAqB,CAAC;QAEvE,uEAAuE;QACvE,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC;YAC3B,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC;QAE5H,qCAAqC;QACrC,MAAM,mBAAmB,GAAG,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC;YAC3D,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,KAAK,GAAG,CAAC;gBAC3C,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC,CACpE,CAAC,CAAC;QAEjC,mDAAmD;QACnD,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACtF,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACtG,MAAM,yBAAyB,GAAG,cAAc,IAAI,eAAe,CAAC;QAEpE,6EAA6E;QAC7E,oFAAoF;QACpF,MAAM,wBAAwB,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC;YACjC,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACrE,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC;gBACxB,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAC5D,CAAC,CAAC;QAEtC,IAAI,CAAC,gBAAgB,IAAI,eAAe,IAAI,cAAc,IAAI,mBAAmB,IAAI,yBAAyB,CAAC;YAC3G,CAAC,wBAAwB,EAAE,CAAC;YAC9B,IAAI,OAAO,GAAG,sCAAsC,CAAC;YACrD,IAAI,cAAc,GAAG,+EAA+E,CAAC;YAErG,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,GAAG,kEAAkE,CAAC;gBAC7E,cAAc,GAAG,gFAAgF,CAAC;YACpG,CAAC;iBAAM,IAAI,cAAc,EAAE,CAAC;gBAC1B,OAAO,GAAG,uDAAuD,CAAC;gBAClE,cAAc,GAAG,2EAA2E,CAAC;YAC/F,CAAC;YAED,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,eAAe,EACf,OAAO,EACP,cAAc,EACd,UAAU,EACV,4TAA4T,EAC5T,iKAAiK,EACjK;gBACE,0CAA0C;gBAC1C,uBAAuB;gBACvB,kDAAkD;gBAClD,uCAAuC;gBACvC,6BAA6B;gBAC7B,uBAAuB;aACxB,EACD,+GAA+G,EAC/G,+HAA+H,EAC/H,+NAA+N,CAChO,CAAC,CAAC;QACL,CAAC;QAED,yDAAyD;QACzD,WAAW;QACX,0DAA0D;QAC1D,8DAA8D;QAC9D,wCAAwC;QACxC,mCAAmC;QAEnC,6CAA6C;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAE9E,6FAA6F;QAC7F,kEAAkE;QAClE,MAAM,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;QAE/G,kDAAkD;QAClD,MAAM,sBAAsB,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC;YACnC,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC;gBAC7C,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;QAEhF,+CAA+C;QAC/C,MAAM,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAE7F,0CAA0C;QAC1C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE5F,oEAAoE;QACpE,MAAM,qBAAqB,GAAG,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAE9G,IAAI,cAAc,IAAI,kBAAkB,IAAI,sBAAsB,IAAI,uBAAuB,IAAI,cAAc,IAAI,qBAAqB,EAAE,CAAC;YACzI,IAAI,OAAO,GAAG,0CAA0C,CAAC;YACzD,IAAI,cAAc,GAAG,oGAAoG,CAAC;YAE1H,IAAI,kBAAkB,EAAE,CAAC;gBACvB,OAAO,GAAG,iEAAiE,CAAC;gBAC5E,cAAc,GAAG,4GAA4G,CAAC;YAChI,CAAC;iBAAM,IAAI,sBAAsB,EAAE,CAAC;gBAClC,OAAO,GAAG,iFAAiF,CAAC;gBAC5F,cAAc,GAAG,wGAAwG,CAAC;YAC5H,CAAC;iBAAM,IAAI,cAAc,EAAE,CAAC;gBAC1B,OAAO,GAAG,iEAAiE,CAAC;gBAC5E,cAAc,GAAG,4GAA4G,CAAC;YAChI,CAAC;YAED,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,mBAAmB,EACnB,OAAO,EACP,cAAc,EACd,UAAU,EACV,0TAA0T,EAC1T,wHAAwH,EACxH;gBACE,4BAA4B;gBAC5B,gCAAgC;gBAChC,mBAAmB;gBACnB,2BAA2B;gBAC3B,mCAAmC;gBACnC,oCAAoC;aACrC,EACD,6IAA6I,EAC7I,kKAAkK,EAClK,sSAAsS,CACvS,CAAC,CAAC;QACL,CAAC;QAED,kDAAkD;QAClD,WAAW;QACX,uDAAuD;QACvD,kDAAkD;QAClD,qDAAqD;QACrD,6CAA6C;QAC7C,gDAAgD;QAChD,4CAA4C;QAE5C,mDAAmD;QACnD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC;YAC/B,CAAC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC;gBAC/D,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,6BAA6B;QAE7F,wDAAwD;QACxD,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAElE,oDAAoD;QACpD,iEAAiE;QACjE,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACvF,MAAM,iBAAiB,GAAG,eAAe;YACb,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;gBACjD,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAE1F,iFAAiF;QACjF,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACjF,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAEzH,IAAI,aAAa,IAAI,gBAAgB,IAAI,iBAAiB,IAAI,aAAa,EAAE,CAAC;YAC5E,0EAA0E;YAC1E,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;gBACxB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC;gBACpB,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;gBACvB,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC;gBAClB,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CACpB,CAAC;YAEF,gEAAgE;YAChE,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACpB,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;oBACjD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;oBAC7C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAE3E,IAAI,eAAe,IAAI,eAAe,IAAI,gBAAgB,EAAE,CAAC;gBAC3D,IAAI,OAAO,GAAG,uCAAuC,CAAC;gBACtD,IAAI,cAAc,GAAG,yFAAyF,CAAC;gBAE/G,IAAI,gBAAgB,EAAE,CAAC;oBACrB,OAAO,GAAG,oEAAoE,CAAC;oBAC/E,cAAc,GAAG,iFAAiF,CAAC;gBACrG,CAAC;qBAAM,IAAI,iBAAiB,EAAE,CAAC;oBAC7B,OAAO,GAAG,yDAAyD,CAAC;oBACpE,cAAc,GAAG,4EAA4E,CAAC;gBAChG,CAAC;gBAED,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,gBAAgB,EAChB,OAAO,EACP,cAAc,EACd,UAAU,EACV,8SAA8S,EAC9S,mIAAmI,EACnI;oBACE,uBAAuB;oBACvB,0BAA0B;oBAC1B,uBAAuB;oBACvB,mDAAmD;oBACnD,sBAAsB;oBACtB,wBAAwB;iBACzB,EACD,kHAAkH,EAClH,8PAA8P,EAC9P,yRAAyR,CAC1R,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;YACvE,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,iBAAiB,EACjB,wCAAwC,EACxC,4EAA4E,EAC5E,UAAU,EACV,sPAAsP,EACtP,iKAAiK,EACjK;gBACE,uBAAuB;gBACvB,8BAA8B;gBAC9B,wBAAwB;gBACxB,2BAA2B;gBAC3B,uBAAuB;aACxB,EACD,8HAA8H,EAC9H,8PAA8P,EAC9P,uMAAuM,CACxM,CAAC,CAAC;QACL,CAAC;QAED,gGAAgG;QAChG,0DAA0D;QAC1D,oGAAoG;QACpG,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAClG,MAAM,kBAAkB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/H,MAAM,uBAAuB,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,yGAAyG,CAAC;YACvH,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC;YACxE,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAEhF,IAAI,CAAC,eAAe,IAAI,kBAAkB,IAAI,uBAAuB,CAAC;YAClE,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAK,yDAAyD;YAC5F,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAO,gCAAgC;YACnE,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAE,2BAA2B;YAEhE,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9C,CAAC,CAAC,IAAI,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,gBAAgB,CACzD,CAAC;YAEF,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,eAAe,CAAC,IAAI,CAAC,IAAA,qDAA+B,EAClD,gBAAgB,EAChB,oEAAoE,EACpE,4IAA4I,EAC5I,UAAU,EACV,yQAAyQ,EACzQ,mGAAmG,EACnG;oBACE,2DAA2D;oBAC3D,8EAA8E;oBAC9E,wBAAwB;oBACxB,4CAA4C;oBAC5C,4CAA4C;iBAC7C,EACD,6JAA6J,EAC7J,s0BAAs0B,EACt0B,4VAA4V,CAC7V,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
* JavaScript AI-Generated Code Detection Module
|
|
3
3
|
*
|
|
4
4
|
* Detects AI-generated code patterns as SECURITY RISKS:
|
|
5
|
-
* -
|
|
6
|
-
* -
|
|
5
|
+
* - 24 hallucination patterns (13 base + 10 React + 1 Next.js)
|
|
6
|
+
* - 13 code smell heuristics (8 original + 5 perfect code)
|
|
7
7
|
* - Confidence scoring (HIGH/MEDIUM/LOW)
|
|
8
8
|
*
|
|
9
9
|
* OWASP A04:2025 - Insecure Design
|
|
@@ -12,6 +12,7 @@
|
|
|
12
12
|
*
|
|
13
13
|
* Phase 1.5, Week 5-7 (AI-Generated Code Detection)
|
|
14
14
|
* Created: January 8, 2026
|
|
15
|
+
* Updated: January 22, 2026 (Added perfect code detectors + Next.js patterns)
|
|
15
16
|
*/
|
|
16
17
|
import { SecurityVulnerability } from '../../types';
|
|
17
18
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ai-generated-code.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/ai-generated-code.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"ai-generated-code.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/ai-generated-code.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAwJpD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,EACf,QAAQ,CAAC,EAAE,MAAM,GAChB,qBAAqB,EAAE,CAkLzB"}
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
* JavaScript AI-Generated Code Detection Module
|
|
4
4
|
*
|
|
5
5
|
* Detects AI-generated code patterns as SECURITY RISKS:
|
|
6
|
-
* -
|
|
7
|
-
* -
|
|
6
|
+
* - 24 hallucination patterns (13 base + 10 React + 1 Next.js)
|
|
7
|
+
* - 13 code smell heuristics (8 original + 5 perfect code)
|
|
8
8
|
* - Confidence scoring (HIGH/MEDIUM/LOW)
|
|
9
9
|
*
|
|
10
10
|
* OWASP A04:2025 - Insecure Design
|
|
@@ -13,18 +13,20 @@
|
|
|
13
13
|
*
|
|
14
14
|
* Phase 1.5, Week 5-7 (AI-Generated Code Detection)
|
|
15
15
|
* Created: January 8, 2026
|
|
16
|
+
* Updated: January 22, 2026 (Added perfect code detectors + Next.js patterns)
|
|
16
17
|
*/
|
|
17
18
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
19
|
exports.checkAIGeneratedCode = checkAIGeneratedCode;
|
|
19
20
|
const createVulnerability_1 = require("../utils/createVulnerability");
|
|
20
21
|
const ai_code_detection_utils_1 = require("../../helpers/ai-code-detection-utils");
|
|
21
22
|
/**
|
|
22
|
-
* JavaScript hallucination patterns (
|
|
23
|
+
* JavaScript hallucination patterns (25 patterns)
|
|
23
24
|
*
|
|
24
25
|
* AI code generators hallucinate methods from other languages:
|
|
25
26
|
* - Python influence: .append(), .strip(), .len()
|
|
26
27
|
* - Case sensitivity errors: .toUppercase(), .toLowercase()
|
|
27
28
|
* - Non-existent methods: .contains(), .remove(), .split_by()
|
|
29
|
+
* - React/Next.js mistakes: useEffects, componentWillMount, setState, forceUpdate
|
|
28
30
|
*/
|
|
29
31
|
const HALLUCINATION_PATTERNS = new Map([
|
|
30
32
|
// Python-style methods in JavaScript
|
|
@@ -83,6 +85,54 @@ const HALLUCINATION_PATTERNS = new Map([
|
|
|
83
85
|
correct: '.length or .size()',
|
|
84
86
|
description: 'Arrays use .length property. Maps/Sets use .size property (not method).'
|
|
85
87
|
}],
|
|
88
|
+
// React/Next.js AI hallucinations (10 new patterns)
|
|
89
|
+
['useEffects', {
|
|
90
|
+
correct: 'useEffect',
|
|
91
|
+
description: 'React hook is useEffect (singular), not useEffects (plural). Common AI typo.'
|
|
92
|
+
}],
|
|
93
|
+
['componentWillMount', {
|
|
94
|
+
correct: 'useEffect or constructor',
|
|
95
|
+
description: 'Deprecated React lifecycle method (removed in React 17). AI training data is outdated.'
|
|
96
|
+
}],
|
|
97
|
+
['componentWillReceiveProps', {
|
|
98
|
+
correct: 'getDerivedStateFromProps or useEffect',
|
|
99
|
+
description: 'Deprecated React lifecycle method (removed in React 17). AI uses pre-2018 patterns.'
|
|
100
|
+
}],
|
|
101
|
+
['componentWillUpdate', {
|
|
102
|
+
correct: 'getSnapshotBeforeUpdate or useEffect',
|
|
103
|
+
description: 'Deprecated React lifecycle method (removed in React 17). AI training data outdated.'
|
|
104
|
+
}],
|
|
105
|
+
['replaceState', {
|
|
106
|
+
correct: 'setState',
|
|
107
|
+
description: 'Removed React method (deprecated since React 0.13, 2015). AI uses ancient patterns.'
|
|
108
|
+
}],
|
|
109
|
+
['isMounted', {
|
|
110
|
+
correct: 'Use cleanup in useEffect',
|
|
111
|
+
description: 'Anti-pattern removed from React. AI generates outdated code from pre-2016 training data.'
|
|
112
|
+
}],
|
|
113
|
+
['getInitialState', {
|
|
114
|
+
correct: 'useState or state = {} in constructor',
|
|
115
|
+
description: 'Old React.createClass syntax (pre-ES6 classes). AI uses patterns from React < 0.14 (2015).'
|
|
116
|
+
}],
|
|
117
|
+
['setProps', {
|
|
118
|
+
correct: 'Props are immutable - do not set them',
|
|
119
|
+
description: 'Removed React anti-pattern. Props cannot be modified in React components.'
|
|
120
|
+
}],
|
|
121
|
+
['transferPropsTo', {
|
|
122
|
+
correct: 'Use spread operator: {...props}',
|
|
123
|
+
description: 'Very old React utility (removed 2014). AI training includes ancient React docs.'
|
|
124
|
+
}],
|
|
125
|
+
['unstable_renderSubtreeIntoContainer', {
|
|
126
|
+
correct: 'createPortal',
|
|
127
|
+
description: 'Legacy React method. Modern React uses ReactDOM.createPortal() for portals.'
|
|
128
|
+
}],
|
|
129
|
+
// Next.js AI hallucinations (1 pattern)
|
|
130
|
+
// Note: Removed Vue 3 ($emit, data) and Svelte ($set, setState) patterns - they're context-dependent
|
|
131
|
+
// and cause false positives in React code. Would need framework detection to use safely.
|
|
132
|
+
['getInitialProps', {
|
|
133
|
+
correct: 'getServerSideProps or getStaticProps',
|
|
134
|
+
description: 'getInitialProps is legacy Next.js (pre-9.3). Modern Next.js uses getServerSideProps or getStaticProps. AI using outdated patterns.'
|
|
135
|
+
}],
|
|
86
136
|
// Note: .indexOf() and .charAt() are VALID JavaScript methods - do not flag them
|
|
87
137
|
]);
|
|
88
138
|
/**
|
|
@@ -100,12 +150,15 @@ function checkAIGeneratedCode(lines, filename) {
|
|
|
100
150
|
let hallucinationCount = 0;
|
|
101
151
|
const hallucinationLines = new Set();
|
|
102
152
|
const detectedPatterns = [];
|
|
103
|
-
// Combined regex for hallucination patterns (
|
|
104
|
-
// Note:
|
|
105
|
-
const
|
|
153
|
+
// Combined regex for method call hallucination patterns (.method())
|
|
154
|
+
// Note: Removed Vue/Svelte patterns ($emit, data, $set, setState) - context-dependent, cause false positives
|
|
155
|
+
const methodCallPattern = new RegExp('\\.' +
|
|
106
156
|
'(append|strip|len|split_by|toUppercase|toLowercase|contains|remove|' +
|
|
107
|
-
'replace_all|substring_of|to_string|is_empty|size
|
|
157
|
+
'replace_all|substring_of|to_string|is_empty|size|' +
|
|
158
|
+
'useEffects|replaceState|isMounted|setProps|transferPropsTo|unstable_renderSubtreeIntoContainer)' +
|
|
108
159
|
'\\s*\\(', 'g');
|
|
160
|
+
// Regex for React/Next.js lifecycle method declarations (componentWillMount, getInitialProps, etc.)
|
|
161
|
+
const lifecyclePattern = new RegExp('\\b(componentWillMount|componentWillReceiveProps|componentWillUpdate|getInitialState|getInitialProps)\\s*\\(', 'g');
|
|
109
162
|
let inMultiLineComment = false;
|
|
110
163
|
// 1. Detect hallucination patterns
|
|
111
164
|
lines.forEach((line, index) => {
|
|
@@ -123,9 +176,20 @@ function checkAIGeneratedCode(lines, filename) {
|
|
|
123
176
|
return;
|
|
124
177
|
// Remove string literals and template literals to avoid false positives
|
|
125
178
|
const cleanedLine = (0, ai_code_detection_utils_1.removeCommentsAndStrings)(line, 'javascript');
|
|
126
|
-
// Match
|
|
127
|
-
const
|
|
128
|
-
for (const match of
|
|
179
|
+
// Match method call patterns (.method())
|
|
180
|
+
const methodCallMatches = Array.from(cleanedLine.matchAll(methodCallPattern));
|
|
181
|
+
for (const match of methodCallMatches) {
|
|
182
|
+
const method = match[1];
|
|
183
|
+
const details = HALLUCINATION_PATTERNS.get(method);
|
|
184
|
+
if (details) {
|
|
185
|
+
hallucinationCount++;
|
|
186
|
+
hallucinationLines.add(lineNumber);
|
|
187
|
+
detectedPatterns.push(method);
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
// Match React lifecycle method declarations
|
|
191
|
+
const lifecycleMatches = Array.from(cleanedLine.matchAll(lifecyclePattern));
|
|
192
|
+
for (const match of lifecycleMatches) {
|
|
129
193
|
const method = match[1];
|
|
130
194
|
const details = HALLUCINATION_PATTERNS.get(method);
|
|
131
195
|
if (details) {
|
|
@@ -135,8 +199,9 @@ function checkAIGeneratedCode(lines, filename) {
|
|
|
135
199
|
}
|
|
136
200
|
}
|
|
137
201
|
});
|
|
138
|
-
// 2. Run heuristic detectors
|
|
202
|
+
// 2. Run heuristic detectors (13 total: 8 original + 5 perfect code)
|
|
139
203
|
const heuristicScores = {
|
|
204
|
+
// Original 8 heuristics
|
|
140
205
|
overEngineeredErrors: (0, ai_code_detection_utils_1.detectOverEngineeredErrorHandling)(lines),
|
|
141
206
|
unnecessaryWrappers: (0, ai_code_detection_utils_1.detectUnnecessaryWrappers)(lines),
|
|
142
207
|
verboseComments: (0, ai_code_detection_utils_1.detectVerboseComments)(lines),
|
|
@@ -145,6 +210,12 @@ function checkAIGeneratedCode(lines, filename) {
|
|
|
145
210
|
unnecessaryAsync: (0, ai_code_detection_utils_1.detectUnnecessaryAsync)(lines),
|
|
146
211
|
genericVariables: (0, ai_code_detection_utils_1.detectGenericVariableOveruse)(lines),
|
|
147
212
|
inconsistentStrings: (0, ai_code_detection_utils_1.detectInconsistentStringConcatenation)(lines),
|
|
213
|
+
// Perfect code heuristics (5 new)
|
|
214
|
+
zeroEdgeCases: (0, ai_code_detection_utils_1.detectZeroEdgeCases)(lines),
|
|
215
|
+
uniformIndentation: (0, ai_code_detection_utils_1.detectUniformIndentation)(lines),
|
|
216
|
+
textbookVariableNames: (0, ai_code_detection_utils_1.detectTextbookVariableNames)(lines),
|
|
217
|
+
noCommentsWithPerfectStructure: (0, ai_code_detection_utils_1.detectNoCommentsWithPerfectStructure)(lines),
|
|
218
|
+
excessiveParameterValidation: (0, ai_code_detection_utils_1.detectExcessiveParameterValidation)(lines),
|
|
148
219
|
};
|
|
149
220
|
// 3. Calculate confidence and severity
|
|
150
221
|
const detection = (0, ai_code_detection_utils_1.calculateAICodeConfidence)(hallucinationCount, heuristicScores);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ai-generated-code.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/ai-generated-code.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"ai-generated-code.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/ai-generated-code.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAiKH,oDAqLC;AAnVD,sEAAqF;AACrF,mFAiB+C;AAU/C;;;;;;;;GAQG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAA+B;IACnE,qCAAqC;IACrC,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACF,CAAC,OAAO,EAAE;YACR,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACF,CAAC,KAAK,EAAE;YACN,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,kFAAkF;SAChG,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,UAAU;YACnB,WAAW,EAAE,sEAAsE;SACpF,CAAC;IAEF,4CAA4C;IAC5C,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,0EAA0E;SACxF,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,gBAAgB;YACzB,WAAW,EAAE,0EAA0E;SACxF,CAAC;IAEF,wCAAwC;IACxC,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,kFAAkF;SAChG,CAAC;IACF,CAAC,QAAQ,EAAE;YACT,OAAO,EAAE,wBAAwB;YACjC,WAAW,EAAE,kEAAkE;SAChF,CAAC;IACF,CAAC,aAAa,EAAE;YACd,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,kEAAkE;SAChF,CAAC;IACF,CAAC,cAAc,EAAE;YACf,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IACF,CAAC,WAAW,EAAE;YACZ,OAAO,EAAE,aAAa;YACtB,WAAW,EAAE,qEAAqE;SACnF,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,eAAe;YACxB,WAAW,EAAE,oFAAoF;SAClG,CAAC;IAEF,wBAAwB;IACxB,CAAC,MAAM,EAAE;YACP,OAAO,EAAE,oBAAoB;YAC7B,WAAW,EAAE,yEAAyE;SACvF,CAAC;IAEF,oDAAoD;IACpD,CAAC,YAAY,EAAE;YACb,OAAO,EAAE,WAAW;YACpB,WAAW,EAAE,8EAA8E;SAC5F,CAAC;IACF,CAAC,oBAAoB,EAAE;YACrB,OAAO,EAAE,0BAA0B;YACnC,WAAW,EAAE,wFAAwF;SACtG,CAAC;IACF,CAAC,2BAA2B,EAAE;YAC5B,OAAO,EAAE,uCAAuC;YAChD,WAAW,EAAE,qFAAqF;SACnG,CAAC;IACF,CAAC,qBAAqB,EAAE;YACtB,OAAO,EAAE,sCAAsC;YAC/C,WAAW,EAAE,qFAAqF;SACnG,CAAC;IACF,CAAC,cAAc,EAAE;YACf,OAAO,EAAE,UAAU;YACnB,WAAW,EAAE,qFAAqF;SACnG,CAAC;IACF,CAAC,WAAW,EAAE;YACZ,OAAO,EAAE,0BAA0B;YACnC,WAAW,EAAE,0FAA0F;SACxG,CAAC;IACF,CAAC,iBAAiB,EAAE;YAClB,OAAO,EAAE,uCAAuC;YAChD,WAAW,EAAE,4FAA4F;SAC1G,CAAC;IACF,CAAC,UAAU,EAAE;YACX,OAAO,EAAE,uCAAuC;YAChD,WAAW,EAAE,2EAA2E;SACzF,CAAC;IACF,CAAC,iBAAiB,EAAE;YAClB,OAAO,EAAE,iCAAiC;YAC1C,WAAW,EAAE,iFAAiF;SAC/F,CAAC;IACF,CAAC,qCAAqC,EAAE;YACtC,OAAO,EAAE,cAAc;YACvB,WAAW,EAAE,6EAA6E;SAC3F,CAAC;IAEF,wCAAwC;IACxC,qGAAqG;IACrG,yFAAyF;IACzF,CAAC,iBAAiB,EAAE;YAClB,OAAO,EAAE,sCAAsC;YAC/C,WAAW,EAAE,oIAAoI;SAClJ,CAAC;IAEF,iFAAiF;CAClF,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAClC,KAAe,EACf,QAAiB;IAEjB,4CAA4C;IAC5C,IAAI,IAAA,oCAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC7C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,oEAAoE;IACpE,6GAA6G;IAC7G,MAAM,iBAAiB,GAAG,IAAI,MAAM,CAClC,KAAK;QACL,qEAAqE;QACrE,mDAAmD;QACnD,iGAAiG;QACjG,SAAS,EACT,GAAG,CACJ,CAAC;IAEF,oGAAoG;IACpG,MAAM,gBAAgB,GAAG,IAAI,MAAM,CACjC,8GAA8G,EAC9G,GAAG,CACJ,CAAC;IAEF,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,UAAU,GAAG,KAAK,GAAG,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,wCAAwC;QACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,kBAAkB,GAAG,IAAI,CAAC;QACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,kBAAkB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO;QAEvE,wEAAwE;QACxE,MAAM,WAAW,GAAG,IAAA,kDAAwB,EAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAEjE,yCAAyC;QACzC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAC9E,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,OAAO,EAAE,CAAC;gBACZ,kBAAkB,EAAE,CAAC;gBACrB,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACnC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC5E,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,OAAO,EAAE,CAAC;gBACZ,kBAAkB,EAAE,CAAC;gBACrB,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACnC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,qEAAqE;IACrE,MAAM,eAAe,GAAG;QACtB,wBAAwB;QACxB,oBAAoB,EAAE,IAAA,2DAAiC,EAAC,KAAK,CAAC;QAC9D,mBAAmB,EAAE,IAAA,mDAAyB,EAAC,KAAK,CAAC;QACrD,eAAe,EAAE,IAAA,+CAAqB,EAAC,KAAK,CAAC;QAC7C,WAAW,EAAE,IAAA,sDAA4B,EAAC,KAAK,CAAC;QAChD,mBAAmB,EAAE,IAAA,mDAAyB,EAAC,KAAK,CAAC;QACrD,gBAAgB,EAAE,IAAA,gDAAsB,EAAC,KAAK,CAAC;QAC/C,gBAAgB,EAAE,IAAA,sDAA4B,EAAC,KAAK,CAAC;QACrD,mBAAmB,EAAE,IAAA,+DAAqC,EAAC,KAAK,CAAC;QACjE,kCAAkC;QAClC,aAAa,EAAE,IAAA,6CAAmB,EAAC,KAAK,CAAC;QACzC,kBAAkB,EAAE,IAAA,kDAAwB,EAAC,KAAK,CAAC;QACnD,qBAAqB,EAAE,IAAA,qDAA2B,EAAC,KAAK,CAAC;QACzD,8BAA8B,EAAE,IAAA,8DAAoC,EAAC,KAAK,CAAC;QAC3E,4BAA4B,EAAE,IAAA,4DAAkC,EAAC,KAAK,CAAC;KACxE,CAAC;IAEF,uCAAuC;IACvC,MAAM,SAAS,GAAG,IAAA,mDAAyB,EAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IAEjF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,CAAC,CAAC,gCAAgC;IAC7C,CAAC;IAED,qCAAqC;IACrC,MAAM,UAAU,GACd,SAAS,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;QAC9D,SAAS,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC;YAC5D,uBAAuB,CAAC;IAE1B,wCAAwC;IACxC,IAAI,OAAO,GAAG,+BAA+B,SAAS,CAAC,UAAU,gBAAgB,CAAC;IAElF,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,GAAG,kBAAkB,+BAA+B,CAAC;QAChE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,OAAO,IAAI,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;QACjD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,qFAAqF,CAAC;IACnG,CAAC;IAED,mBAAmB;IACnB,MAAM,UAAU,GAAG,kBAAkB,GAAG,CAAC;QACvC,CAAC,CAAC,4EAA4E,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,kDAAkD;QACpM,CAAC,CAAC,sMAAsM,CAAC;IAE3M,2CAA2C;IAC3C,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC;QACjC,CAAC,CAAC,CAAC,CAAC,CAAC,6CAA6C;IAEpD,6DAA6D;IAC7D,MAAM,YAAY,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzC,MAAM,mBAAmB,GAAG,YAAY,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3F,OAAO;QACL,IAAA,2DAAqC,EAAC;YACpC,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAoC;YAC5E,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,OAAO;YACP,IAAI,EAAE,UAAU;YAChB,UAAU;YACV,KAAK,EAAE,4BAA4B;YACnC,GAAG,EAAE,mBAAmB;YACxB,MAAM,EAAE,KAAK;YACb,WAAW,EAAE;gBACX,WAAW,EACT,uIAAuI;oBACvI,kJAAkJ;oBAClJ,oHAAoH;oBACpH,sGAAsG;gBACxG,MAAM,EAAE,mBAAmB;oBACzB,CAAC,CAAC,SAAS,YAAY,gCAAgC;oBACvD,CAAC,CAAC,gIAAgI;gBACpI,KAAK,EAAE,mBAAmB;oBACxB,CAAC,CAAC,QAAQ,mBAAmB,CAAC,OAAO,yBAAyB;oBAC9D,CAAC,CAAC,6HAA6H;aAClI;YACD,YAAY,EAAE;gBACZ,WAAW,EACT,mIAAmI;oBACnI,gHAAgH;oBAChH,8HAA8H;oBAC9H,gFAAgF;gBAClF,cAAc,EACZ,qCAAqC;oBACrC,qDAAqD;oBACrD,mFAAmF;oBACnF,+EAA+E;gBACjF,eAAe,EAAE;oBACf,qEAAqE;oBACrE,8EAA8E;oBAC9E,4EAA4E;oBAC5E,wEAAwE;oBACxE,yEAAyE;iBAC1E;aACF;SACF,CAAC;KACH,CAAC;AACJ,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* JavaScript Enhanced Supply Chain Security Checks
|
|
3
3
|
* OWASP A03:2025 - Software Supply Chain Failures (Enhanced)
|
|
4
|
+
* Phase 1.5 Week 12: Added Check #6 for known malicious packages
|
|
4
5
|
*
|
|
5
6
|
* Enhanced supply chain security checks building on existing dependency scanning.
|
|
6
7
|
* Focuses on runtime dependencies, package integrity, and malicious code patterns.
|
|
@@ -15,6 +16,8 @@ import { SecurityVulnerability } from '../../types';
|
|
|
15
16
|
* - Check #3: Suspicious package patterns (HIGH)
|
|
16
17
|
* - Check #4: Unrestricted CDN usage (MEDIUM)
|
|
17
18
|
* - Check #5: Package typosquatting patterns (MEDIUM)
|
|
19
|
+
* - Check #6: Known malicious packages in source code (CRITICAL)
|
|
20
|
+
* - Check #7: Known malicious packages in package.json (CRITICAL) 🆕
|
|
18
21
|
*
|
|
19
22
|
* @param lines - Array of code lines
|
|
20
23
|
* @returns Array of security vulnerabilities found
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enhanced-supply-chain.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"enhanced-supply-chain.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AA4BpD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,EAAE,CAuPzB"}
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* JavaScript Enhanced Supply Chain Security Checks
|
|
4
4
|
* OWASP A03:2025 - Software Supply Chain Failures (Enhanced)
|
|
5
|
+
* Phase 1.5 Week 12: Added Check #6 for known malicious packages
|
|
5
6
|
*
|
|
6
7
|
* Enhanced supply chain security checks building on existing dependency scanning.
|
|
7
8
|
* Focuses on runtime dependencies, package integrity, and malicious code patterns.
|
|
@@ -9,6 +10,30 @@
|
|
|
9
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
11
|
exports.checkEnhancedSupplyChain = checkEnhancedSupplyChain;
|
|
11
12
|
const createVulnerability_1 = require("../utils/createVulnerability");
|
|
13
|
+
/**
|
|
14
|
+
* Curated list of known malicious npm packages
|
|
15
|
+
* Source: OSSF Malicious Packages Database + historical incidents
|
|
16
|
+
* Updated: January 2026
|
|
17
|
+
*
|
|
18
|
+
* Note: This list contains CONFIRMED malicious packages only.
|
|
19
|
+
* Typosquatting patterns are detected separately by Check #3.
|
|
20
|
+
*/
|
|
21
|
+
const KNOWN_MALICIOUS_PACKAGES = [
|
|
22
|
+
// Historical high-profile confirmed malware incidents
|
|
23
|
+
'event-stream', // Backdoor in popular package (2018)
|
|
24
|
+
'ua-parser-js', // Cryptominer (2021)
|
|
25
|
+
'coa', // Cryptominer (2021)
|
|
26
|
+
'rc', // Cryptominer (2021)
|
|
27
|
+
'flatmap-stream', // Backdoor (2018)
|
|
28
|
+
'node-fabric', // Malicious package
|
|
29
|
+
'ffmpeg.js', // Malicious package
|
|
30
|
+
'npm-script-demo', // Test malware package
|
|
31
|
+
// Recent confirmed malware campaigns (2024-2026)
|
|
32
|
+
'noblox.js-proxy', // Roblox credential stealer
|
|
33
|
+
'discord-selfbot-v14', // Discord token stealer
|
|
34
|
+
'node-obfuscate', // Obfuscated malware
|
|
35
|
+
'advanced-npm-publish' // Malicious publishing tool
|
|
36
|
+
];
|
|
12
37
|
/**
|
|
13
38
|
* Checks for enhanced supply chain security vulnerabilities in JavaScript code
|
|
14
39
|
*
|
|
@@ -18,6 +43,8 @@ const createVulnerability_1 = require("../utils/createVulnerability");
|
|
|
18
43
|
* - Check #3: Suspicious package patterns (HIGH)
|
|
19
44
|
* - Check #4: Unrestricted CDN usage (MEDIUM)
|
|
20
45
|
* - Check #5: Package typosquatting patterns (MEDIUM)
|
|
46
|
+
* - Check #6: Known malicious packages in source code (CRITICAL)
|
|
47
|
+
* - Check #7: Known malicious packages in package.json (CRITICAL) 🆕
|
|
21
48
|
*
|
|
22
49
|
* @param lines - Array of code lines
|
|
23
50
|
* @returns Array of security vulnerabilities found
|
|
@@ -107,6 +134,54 @@ function checkEnhancedSupplyChain(lines) {
|
|
|
107
134
|
'Credential theft and data exfiltration'
|
|
108
135
|
], 'npm install reactjs', 'npm install react // use official package name', 'Package names should be verified against official registries to avoid typosquatting attacks'));
|
|
109
136
|
}
|
|
137
|
+
// Check #6: Known malicious packages (OSSF database)
|
|
138
|
+
// Phase 1.5 Week 12: Detect require/import of packages confirmed as malicious
|
|
139
|
+
if (lowerLine.includes('require(') || lowerLine.includes('import ') ||
|
|
140
|
+
lowerLine.includes('import(')) {
|
|
141
|
+
// Extract package name from require/import statement (before any inline comment)
|
|
142
|
+
const codeBeforeComment = trimmedLine.split('//')[0];
|
|
143
|
+
const requireMatch = codeBeforeComment.match(/require\s*\(\s*['"]([^'"]+)['"]\s*\)/);
|
|
144
|
+
const importMatch = codeBeforeComment.match(/import\s+.*?from\s+['"]([^'"]+)['"]/);
|
|
145
|
+
const dynamicImportMatch = codeBeforeComment.match(/import\s*\(\s*['"]([^'"]+)['"]\s*\)/);
|
|
146
|
+
const packageName = (requireMatch || importMatch || dynamicImportMatch)?.[1];
|
|
147
|
+
if (packageName) {
|
|
148
|
+
// Extract package name without path (e.g., "lodash/get" -> "lodash")
|
|
149
|
+
const basePackageName = packageName.split('/')[0];
|
|
150
|
+
if (KNOWN_MALICIOUS_PACKAGES.includes(basePackageName)) {
|
|
151
|
+
vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('known-malicious-package', `CRITICAL: Known malicious package detected - "${basePackageName}"`, 'Remove this package immediately and check for compromise', index + 1, `Package "${basePackageName}" is confirmed malicious by OSSF database. This package has been involved in supply chain attacks.`, `require("${basePackageName}") // confirmed malware`, [
|
|
152
|
+
'Malicious code execution from confirmed malware',
|
|
153
|
+
'Data theft and credential harvesting',
|
|
154
|
+
'Backdoor installation and remote access',
|
|
155
|
+
'Supply chain compromise and lateral movement',
|
|
156
|
+
'System compromise and persistence mechanisms'
|
|
157
|
+
], `require("${basePackageName}")`, `// Remove "${basePackageName}" - this package is malicious\n// Check package.json and remove from dependencies\n// Review code for any malicious activity`, `This package is listed in the OSSF Malicious Packages Database. Immediate removal required.`));
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
// Check #7: Known malicious packages in package.json
|
|
162
|
+
// Detect dependency declarations in package.json files
|
|
163
|
+
// Pattern: "package-name": "version" (with optional quotes and colons)
|
|
164
|
+
if (lowerLine.includes('"') && lowerLine.includes(':')) {
|
|
165
|
+
// Extract package name from JSON dependency line
|
|
166
|
+
// Pattern: "event-stream": "^3.3.4" or 'event-stream': '^3.3.4'
|
|
167
|
+
const jsonDependencyMatch = trimmedLine.match(/["']([a-z0-9@.\-_/]+)["']\s*:\s*["']/i);
|
|
168
|
+
if (jsonDependencyMatch) {
|
|
169
|
+
const packageName = jsonDependencyMatch[1];
|
|
170
|
+
// Extract base package name (handle scoped packages like @org/package)
|
|
171
|
+
const basePackageName = packageName.startsWith('@')
|
|
172
|
+
? packageName.split('/').slice(0, 2).join('/') // Keep @org/package
|
|
173
|
+
: packageName.split('/')[0]; // Get first part
|
|
174
|
+
if (KNOWN_MALICIOUS_PACKAGES.includes(basePackageName)) {
|
|
175
|
+
vulnerabilities.push((0, createVulnerability_1.createJavaScriptSecurityVulnerability)('known-malicious-package', `CRITICAL: Known malicious package detected - "${basePackageName}"`, 'Remove this package immediately from package.json and run npm install', index + 1, `Package "${basePackageName}" is confirmed malicious by OSSF database. This package has been involved in supply chain attacks.`, `"${basePackageName}": "^1.0.0" // confirmed malware in package.json`, [
|
|
176
|
+
'Malicious code execution from confirmed malware',
|
|
177
|
+
'Data theft and credential harvesting',
|
|
178
|
+
'Backdoor installation and remote access',
|
|
179
|
+
'Supply chain compromise and lateral movement',
|
|
180
|
+
'System compromise and persistence mechanisms'
|
|
181
|
+
], `"${basePackageName}": "^1.0.0"`, `// Remove "${basePackageName}" - this package is malicious\n// Delete from package.json dependencies\n// Run: npm uninstall ${basePackageName}\n// Review code for any malicious activity`, `This package is listed in the OSSF Malicious Packages Database. Immediate removal required.`));
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
}
|
|
110
185
|
});
|
|
111
186
|
return vulnerabilities;
|
|
112
187
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enhanced-supply-chain.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"enhanced-supply-chain.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA6CH,4DAyPC;AAnSD,sEAAqF;AAErF;;;;;;;GAOG;AACH,MAAM,wBAAwB,GAAG;IAC/B,sDAAsD;IACtD,cAAc,EAAS,qCAAqC;IAC5D,cAAc,EAAS,qBAAqB;IAC5C,KAAK,EAAkB,qBAAqB;IAC5C,IAAI,EAAmB,qBAAqB;IAC5C,gBAAgB,EAAO,kBAAkB;IACzC,aAAa,EAAU,oBAAoB;IAC3C,WAAW,EAAY,oBAAoB;IAC3C,iBAAiB,EAAM,uBAAuB;IAC9C,iDAAiD;IACjD,iBAAiB,EAAM,4BAA4B;IACnD,qBAAqB,EAAE,wBAAwB;IAC/C,gBAAgB,EAAO,qBAAqB;IAC5C,sBAAsB,CAAC,4BAA4B;CACpD,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,SAAgB,wBAAwB,CACtC,KAAe;IAEf,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAEhC,wDAAwD;QACxD,4DAA4D;QAC5D,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9D,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,kBAAkB,EAAE,CAAC;YACrD,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,CAAC,wBAAwB;QAClC,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW;YACZ,kBAAkB;YAClB,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC;YAC5B,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAE5C,yDAAyD;QACzD,qDAAqD;QACrD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACjE,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACjE,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;YACpE,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnE,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,6BAA6B,EAC7B,sDAAsD,EACtD,+EAA+E,EAC/E,KAAK,GAAG,CAAC,EACT,+FAA+F,EAC/F,gEAAgE,EAChE;gBACE,gDAAgD;gBAChD,gDAAgD;gBAChD,8CAA8C;gBAC9C,qDAAqD;aACtD,EACD,0CAA0C,EAC1C,kEAAkE,EAClE,uGAAuG,CACxG,CACF,CAAC;QACJ,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAChE,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7D,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,4BAA4B,EAC5B,+DAA+D,EAC/D,oFAAoF,EACpF,KAAK,GAAG,CAAC,EACT,uFAAuF,EACvF,8DAA8D,EAC9D;gBACE,6CAA6C;gBAC7C,iDAAiD;gBACjD,qCAAqC;gBACrC,8CAA8C;aAC/C,EACD,mCAAmC,EACnC,yHAAyH,EACzH,4FAA4F,CAC7F,CACF,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACjE,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAChE,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAChE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClE,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;gBACtE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACzE,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,4BAA4B,EAC5B,gDAAgD,EAChD,oEAAoE,EACpE,KAAK,GAAG,CAAC,EACT,mFAAmF,EACnF,yCAAyC,EACzC;gBACE,6CAA6C;gBAC7C,sCAAsC;gBACtC,yCAAyC;gBACzC,mDAAmD;aACpD,EACD,mBAAmB,EACnB,kDAAkD,EAClD,0EAA0E,CAC3E,CACF,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC3D,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC;gBACrE,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;YAC5C,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,wBAAwB,EACxB,mDAAmD,EACnD,yDAAyD,EACzD,KAAK,GAAG,CAAC,EACT,uFAAuF,EACvF,iFAAiF,EACjF;gBACE,0CAA0C;gBAC1C,mDAAmD;gBACnD,2CAA2C;gBAC3C,8CAA8C;aAC/C,EACD,+CAA+C,EAC/C,sEAAsE,EACtE,qEAAqE,CACtE,CACF,CAAC;QACJ,CAAC;QAED,sDAAsD;QACtD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACrE,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC/D,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC3D,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;gBACnE,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACpE,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,+BAA+B,EAC/B,mDAAmD,EACnD,kFAAkF,EAClF,KAAK,GAAG,CAAC,EACT,sEAAsE,EACtE,0CAA0C,EAC1C;gBACE,+DAA+D;gBAC/D,gDAAgD;gBAChD,uDAAuD;gBACvD,wCAAwC;aACzC,EACD,qBAAqB,EACrB,gDAAgD,EAChD,6FAA6F,CAC9F,CACF,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,8EAA8E;QAC9E,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC/D,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAElC,iFAAiF;YACjF,MAAM,iBAAiB,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACrF,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACnF,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YAE1F,MAAM,WAAW,GAAG,CAAC,YAAY,IAAI,WAAW,IAAI,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAE7E,IAAI,WAAW,EAAE,CAAC;gBAChB,qEAAqE;gBACrE,MAAM,eAAe,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAElD,IAAI,wBAAwB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;oBACvD,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,yBAAyB,EACzB,iDAAiD,eAAe,GAAG,EACnE,0DAA0D,EAC1D,KAAK,GAAG,CAAC,EACT,YAAY,eAAe,oGAAoG,EAC/H,YAAY,eAAe,yBAAyB,EACpD;wBACE,iDAAiD;wBACjD,sCAAsC;wBACtC,yCAAyC;wBACzC,8CAA8C;wBAC9C,8CAA8C;qBAC/C,EACD,YAAY,eAAe,IAAI,EAC/B,cAAc,eAAe,8HAA8H,EAC3J,6FAA6F,CAC9F,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,uDAAuD;QACvD,uEAAuE;QACvE,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAEvD,iDAAiD;YACjD,gEAAgE;YAChE,MAAM,mBAAmB,GAAG,WAAW,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAEvF,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,WAAW,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;gBAE3C,uEAAuE;gBACvE,MAAM,eAAe,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;oBACjD,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAE,oBAAoB;oBACpE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAqB,iBAAiB;gBAEpE,IAAI,wBAAwB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;oBACvD,eAAe,CAAC,IAAI,CAClB,IAAA,2DAAqC,EACnC,yBAAyB,EACzB,iDAAiD,eAAe,GAAG,EACnE,uEAAuE,EACvE,KAAK,GAAG,CAAC,EACT,YAAY,eAAe,oGAAoG,EAC/H,IAAI,eAAe,kDAAkD,EACrE;wBACE,iDAAiD;wBACjD,sCAAsC;wBACtC,yCAAyC;wBACzC,8CAA8C;wBAC9C,8CAA8C;qBAC/C,EACD,IAAI,eAAe,aAAa,EAChC,cAAc,eAAe,kGAAkG,eAAe,6CAA6C,EAC3L,6FAA6F,CAC9F,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IAEH,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"javascript-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/javascript-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAIH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AA0C7C,qBAAa,kBAAmB,YAAW,aAAa;IACtD,SAAgB,QAAQ,EAAE,iBAAiB,CAAgB;IAErD,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmEtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAapD,eAAe;;;;;IAQf,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,0BAA0B;IAkFlC,OAAO,CAAC,2BAA2B;IAsEnC,OAAO,CAAC,yBAAyB;IAmCjC,OAAO,CAAC,oBAAoB;IAsC5B,OAAO,CAAC,mBAAmB;IAoC3B,OAAO,CAAC,iBAAiB;IAuBzB,OAAO,CAAC,sBAAsB;IAgG9B,OAAO,CAAC,qBAAqB;IAiD7B,OAAO,CAAC,cAAc;YAiCR,aAAa;
|
|
1
|
+
{"version":3,"file":"javascript-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/javascript-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAIH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AA0C7C,qBAAa,kBAAmB,YAAW,aAAa;IACtD,SAAgB,QAAQ,EAAE,iBAAiB,CAAgB;IAErD,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmEtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAapD,eAAe;;;;;IAQf,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,0BAA0B;IAkFlC,OAAO,CAAC,2BAA2B;IAsEnC,OAAO,CAAC,yBAAyB;IAmCjC,OAAO,CAAC,oBAAoB;IAsC5B,OAAO,CAAC,mBAAmB;IAoC3B,OAAO,CAAC,iBAAiB;IAuBzB,OAAO,CAAC,sBAAsB;IAgG9B,OAAO,CAAC,qBAAqB;IAiD7B,OAAO,CAAC,cAAc;YAiCR,aAAa;IA4R3B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,2BAA2B;IAoBnC,OAAO,CAAC,sBAAsB;IAyG9B,OAAO,CAAC,qBAAqB;IAgC7B,OAAO,CAAC,sBAAsB;IAqE9B,OAAO,CAAC,uBAAuB;IAwF/B,OAAO,CAAC,uBAAuB;IAwD/B,OAAO,CAAC,kBAAkB;IAkE1B,OAAO,CAAC,oBAAoB;IAyD5B,OAAO,CAAC,mBAAmB;IAsD3B;;;;;;;OAOG;IACH,OAAO,CAAC,wBAAwB;IA0KhC,OAAO,CAAC,cAAc;IAmDtB,OAAO,CAAC,kBAAkB;IAkC1B,OAAO,CAAC,2BAA2B;IAwCnC,OAAO,CAAC,eAAe;IAkwBvB,OAAO,CAAC,gBAAgB;IA2CxB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,0BAA0B;CAkDnC"}
|
|
@@ -654,9 +654,16 @@ class JavaScriptAnalyzer {
|
|
|
654
654
|
// BUG FIX (2025-11-18): Use CodeCleaner.removeLineComments() instead of split('//')
|
|
655
655
|
// Previous bug: split('//') also splits URLs like http://localhost
|
|
656
656
|
// Example: 'http://localhost:3000' → 'http:' (loses everything after //)
|
|
657
|
+
// BUG FIX (2026-01-23): Remove regex patterns before counting quotes
|
|
658
|
+
// Previous bug: /"/g regex patterns caused "unclosed double quotes" false positives
|
|
659
|
+
// Example: .replace(/"/g, '"') → regex quote counted as string quote
|
|
657
660
|
const codeWithoutComments = code_cleaner_1.CodeCleaner.removeLineComments(line, 'javascript');
|
|
658
|
-
|
|
659
|
-
|
|
661
|
+
// Remove regex patterns (e.g., /pattern/flags) before counting quotes
|
|
662
|
+
// Match regex patterns: /.../ with optional flags (g, i, m, s, u, y)
|
|
663
|
+
// Must handle escaped slashes inside regex: /\// and complex patterns
|
|
664
|
+
const codeWithoutRegex = codeWithoutComments.replace(/\/(?:[^\/\n\\]|\\.)+\/[gimsuvy]*/g, '');
|
|
665
|
+
const singleQuotes = (codeWithoutRegex.match(/'/g) || []).length;
|
|
666
|
+
const doubleQuotes = (codeWithoutRegex.match(/"/g) || []).length;
|
|
660
667
|
if (singleQuotes % 2 !== 0) {
|
|
661
668
|
lineErrors.push({
|
|
662
669
|
line: lineNumber,
|