codeslick-cli 1.3.0 → 1.4.0

package/dist/src/lib/analyzers/terraform/aws-checks.js

@@ -0,0 +1,538 @@
+"use strict";
+/**
+ * Terraform AWS Security Checks
+ *
+ * WR3 Day 1-2: AWS S3 and IAM security misconfigurations
+ *
+ * Current: 10 checks (S3: 5, IAM: 5)
+ * Future: Will expand to EC2, RDS, Lambda (25 total AWS checks)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkS3PublicACL = checkS3PublicACL;
+exports.checkS3Encryption = checkS3Encryption;
+exports.checkS3Versioning = checkS3Versioning;
+exports.checkS3Logging = checkS3Logging;
+exports.checkS3PublicAccessBlock = checkS3PublicAccessBlock;
+exports.checkIAMWildcardActions = checkIAMWildcardActions;
+exports.checkIAMWildcardResources = checkIAMWildcardResources;
+exports.checkIAMAdminPolicy = checkIAMAdminPolicy;
+exports.checkIAMPrivilegeEscalation = checkIAMPrivilegeEscalation;
+exports.checkIAMAssumeRolePolicy = checkIAMAssumeRolePolicy;
+const parser_1 = require("./parser");
+// ==========================================
+// AWS S3 Security Checks (5 checks)
+// ==========================================
+/**
+ * Check 1: S3 Bucket with Public ACL (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-732 (Incorrect Permission Assignment)
+ */
+function checkS3PublicACL(resource) {
+    if (resource.resourceType !== 'aws_s3_bucket')
+        return null;
+    const acl = (0, parser_1.getAttribute)(resource, 'acl');
+    const publicACLs = ['public-read', 'public-read-write', 'authenticated-read'];
+    if (publicACLs.includes(acl)) {
+        return {
+            severity: 'critical',
+            message: `S3 bucket "${resource.resourceName}" has public ACL: "${acl}"`,
+            line: resource.startLine,
+            suggestion: 'Remove public ACL and use bucket policies with specific principals instead',
+            category: 'Broken Access Control',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+            owasp: 'A01:2021',
+            cwe: 'CWE-732',
+            pciDss: '6.5.8',
+            attackVector: {
+                description: 'Public S3 bucket allows unrestricted internet access to stored data',
+                exploitExample: 'aws s3 ls s3://bucket-name --no-sign-request',
+                realWorldImpact: [
+                    'Unauthorized data access and theft',
+                    'Compliance violations (GDPR, HIPAA)',
+                    'Ransomware attacks on public buckets',
+                ],
+            },
+            remediation: {
+                before: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  acl = "${acl}"\n}`,
+                after: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  # Private bucket (default)\n}`,
+                explanation: 'Remove public ACL and control access via bucket policies or IAM roles',
+            },
+        };
+    }
+    return null;
+}
+/**
+ * Check 2: S3 Bucket Without Encryption (HIGH)
+ * OWASP: A02:2021 - Cryptographic Failures
+ * CWE: CWE-311 (Missing Encryption of Sensitive Data)
+ */
+function checkS3Encryption(resource) {
+    if (resource.resourceType !== 'aws_s3_bucket')
+        return null;
+    const hasEncryption = (0, parser_1.hasAttribute)(resource, 'server_side_encryption_configuration');
+    if (!hasEncryption) {
+        return {
+            severity: 'high',
+            message: `S3 bucket "${resource.resourceName}" does not have server-side encryption enabled`,
+            line: resource.startLine,
+            suggestion: 'Enable AES256 or aws:kms encryption for data at rest',
+            category: 'Cryptographic Failures',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'data-breach',
+            owasp: 'A02:2021',
+            cwe: 'CWE-311',
+            pciDss: '3.4',
+            attackVector: {
+                description: 'Unencrypted data at rest vulnerable to unauthorized access if bucket is compromised',
+                exploitExample: 'Data readable in plaintext if AWS credentials are leaked',
+                realWorldImpact: [
+                    'Data exposure in case of misconfigured permissions',
+                    'Compliance violations for sensitive data storage',
+                    'Increased risk from insider threats',
+                ],
+            },
+            remediation: {
+                before: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  bucket = "my-bucket"\n}`,
+                after: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  bucket = "my-bucket"\n\n  server_side_encryption_configuration {\n    rule {\n      apply_server_side_encryption_by_default {\n        sse_algorithm = "AES256"\n      }\n    }\n  }\n}`,
+                explanation: 'Add server-side encryption with AES256 or AWS KMS',
+            },
+        };
+    }
+    return null;
+}
+/**
+ * Check 3: S3 Bucket Versioning Disabled (MEDIUM)
+ * OWASP: A09:2021 - Security Logging and Monitoring Failures
+ * CWE: CWE-778 (Insufficient Logging)
+ */
+function checkS3Versioning(resource) {
+    if (resource.resourceType !== 'aws_s3_bucket')
+        return null;
+    const versioning = (0, parser_1.getAttribute)(resource, 'versioning.enabled');
+    if (versioning !== true) {
+        return {
+            severity: 'medium',
+            message: `S3 bucket "${resource.resourceName}" does not have versioning enabled`,
+            line: resource.startLine,
+            suggestion: 'Enable versioning to protect against accidental deletion and ransomware',
+            category: 'Security Logging',
+            cvssScore: 5.3,
+            exploitLikelihood: 'medium',
+            impact: 'data-corruption',
+            owasp: 'A09:2021',
+            cwe: 'CWE-778',
+            attackVector: {
+                description: 'Without versioning, deleted or overwritten objects cannot be recovered',
+                exploitExample: 'Ransomware can overwrite files without recovery option',
+                realWorldImpact: [
+                    'Permanent data loss from accidental deletion',
+                    'No recovery from ransomware attacks',
+                    'Compliance issues for data retention requirements',
+                ],
+            },
+            remediation: {
+                before: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  bucket = "my-bucket"\n}`,
+                after: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  bucket = "my-bucket"\n\n  versioning {\n    enabled = true\n  }\n}`,
+                explanation: 'Enable versioning to keep multiple versions of objects for recovery',
+            },
+        };
+    }
+    return null;
+}
+/**
+ * Check 4: S3 Bucket Logging Disabled (MEDIUM)
+ * OWASP: A09:2021 - Security Logging and Monitoring Failures
+ * CWE: CWE-778 (Insufficient Logging)
+ */
+function checkS3Logging(resource) {
+    if (resource.resourceType !== 'aws_s3_bucket')
+        return null;
+    const hasLogging = (0, parser_1.hasAttribute)(resource, 'logging.target_bucket');
+    if (!hasLogging) {
+        return {
+            severity: 'medium',
+            message: `S3 bucket "${resource.resourceName}" does not have access logging enabled`,
+            line: resource.startLine,
+            suggestion: 'Enable access logging to track bucket access and detect unauthorized activity',
+            category: 'Security Logging',
+            cvssScore: 4.3,
+            exploitLikelihood: 'low',
+            impact: 'audit-failure',
+            owasp: 'A09:2021',
+            cwe: 'CWE-778',
+            pciDss: '10.1',
+            attackVector: {
+                description: 'No audit trail for bucket access makes it impossible to detect data theft',
+                exploitExample: 'Attackers can access data without leaving forensic evidence',
+                realWorldImpact: [
+                    'Cannot detect unauthorized access',
+                    'Compliance failures (SOC 2, PCI-DSS)',
+                    'No evidence for incident response',
+                ],
+            },
+            remediation: {
+                before: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  bucket = "my-bucket"\n}`,
+                after: `resource "aws_s3_bucket" "${resource.resourceName}" {\n  bucket = "my-bucket"\n\n  logging {\n    target_bucket = "my-logs-bucket"\n    target_prefix = "s3-access-logs/"\n  }\n}`,
+                explanation: 'Enable access logging to another bucket for security monitoring',
+            },
+        };
+    }
+    return null;
+}
+/**
+ * Check 5: S3 Bucket Public Access Block Missing (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-732 (Incorrect Permission Assignment)
+ */
+function checkS3PublicAccessBlock(resource) {
+    if (resource.resourceType !== 'aws_s3_bucket_public_access_block')
+        return null;
+    const blockPublicAcls = (0, parser_1.getAttribute)(resource, 'block_public_acls');
+    const blockPublicPolicy = (0, parser_1.getAttribute)(resource, 'block_public_policy');
+    const ignorePublicAcls = (0, parser_1.getAttribute)(resource, 'ignore_public_acls');
+    const restrictPublicBuckets = (0, parser_1.getAttribute)(resource, 'restrict_public_buckets');
+    // All four settings should be true for maximum security
+    if (blockPublicAcls !== true ||
+        blockPublicPolicy !== true ||
+        ignorePublicAcls !== true ||
+        restrictPublicBuckets !== true) {
+        return {
+            severity: 'critical',
+            message: `S3 public access block "${resource.resourceName}" is not fully configured`,
+            line: resource.startLine,
+            suggestion: 'Enable all four public access block settings (block_public_acls, block_public_policy, ignore_public_acls, restrict_public_buckets)',
+            category: 'Broken Access Control',
+            cvssScore: 8.6,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+            owasp: 'A01:2021',
+            cwe: 'CWE-732',
+            pciDss: '6.5.8',
+            attackVector: {
+                description: 'Incomplete public access block allows accidental bucket exposure',
+                exploitExample: 'Bucket can be made public via ACLs or policies despite partial blocks',
+                realWorldImpact: [
+                    'Accidental public bucket exposure',
+                    'Bypassing security controls via multiple access methods',
+                    'Data leaks from misconfigured policies',
+                ],
+            },
+            remediation: {
+                before: `resource "aws_s3_bucket_public_access_block" "${resource.resourceName}" {\n  bucket = aws_s3_bucket.example.id\n}`,
+                after: `resource "aws_s3_bucket_public_access_block" "${resource.resourceName}" {\n  bucket = aws_s3_bucket.example.id\n\n  block_public_acls       = true\n  block_public_policy     = true\n  ignore_public_acls      = true\n  restrict_public_buckets = true\n}`,
+                explanation: 'Enable all four settings to prevent public access via any method',
+            },
+        };
+    }
+    return null;
+}
+// ==========================================
+// AWS IAM Security Checks (5 checks)
+// ==========================================
+/**
+ * Check 6: IAM Policy with Wildcard Actions (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+function checkIAMWildcardActions(resource) {
+    if (resource.resourceType !== 'aws_iam_policy' && resource.resourceType !== 'aws_iam_role_policy') {
+        return null;
+    }
+    const policy = (0, parser_1.getAttribute)(resource, 'policy');
+    if (!policy)
+        return null;
+    // Parse policy JSON (might be string or object)
+    let policyObj;
+    if (typeof policy === 'string') {
+        try {
+            policyObj = JSON.parse(policy);
+        }
+        catch {
+            return null; // Can't parse, skip check
+        }
+    }
+    else {
+        policyObj = policy;
+    }
+    // Check for wildcard actions in statements
+    const statements = policyObj?.Statement || [];
+    for (const statement of statements) {
+        if (statement.Effect === 'Allow') {
+            const actions = Array.isArray(statement.Action) ? statement.Action : [statement.Action];
+            if (actions.includes('*')) {
+                return {
+                    severity: 'critical',
+                    message: `IAM policy "${resource.resourceName}" allows wildcard actions (Action: "*")`,
+                    line: resource.startLine,
+                    suggestion: 'Specify explicit actions instead of "*" to follow principle of least privilege',
+                    category: 'Broken Access Control',
+                    cvssScore: 9.8,
+                    exploitLikelihood: 'high',
+                    impact: 'privilege-escalation',
+                    owasp: 'A01:2021',
+                    cwe: 'CWE-269',
+                    pciDss: '7.1',
+                    attackVector: {
+                        description: 'Wildcard actions grant excessive permissions, enabling privilege escalation',
+                        exploitExample: 'Compromised credentials can perform ANY action in AWS account',
+                        realWorldImpact: [
+                            'Full account takeover possible',
+                            'Data exfiltration from all services',
+                            'Ability to create backdoors and persist access',
+                        ],
+                    },
+                    remediation: {
+                        before: `"Action": "*"`,
+                        after: `"Action": ["s3:GetObject", "s3:PutObject"]`,
+                        explanation: 'Replace wildcard with specific actions needed for the use case',
+                    },
+                };
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Check 7: IAM Policy with Wildcard Resources (HIGH)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+function checkIAMWildcardResources(resource) {
+    if (resource.resourceType !== 'aws_iam_policy' && resource.resourceType !== 'aws_iam_role_policy') {
+        return null;
+    }
+    const policy = (0, parser_1.getAttribute)(resource, 'policy');
+    if (!policy)
+        return null;
+    let policyObj;
+    if (typeof policy === 'string') {
+        try {
+            policyObj = JSON.parse(policy);
+        }
+        catch {
+            return null;
+        }
+    }
+    else {
+        policyObj = policy;
+    }
+    const statements = policyObj?.Statement || [];
+    for (const statement of statements) {
+        if (statement.Effect === 'Allow') {
+            const resources = Array.isArray(statement.Resource) ? statement.Resource : [statement.Resource];
+            if (resources.includes('*')) {
+                return {
+                    severity: 'high',
+                    message: `IAM policy "${resource.resourceName}" allows wildcard resources (Resource: "*")`,
+                    line: resource.startLine,
+                    suggestion: 'Specify explicit resource ARNs instead of "*" to limit access scope',
+                    category: 'Broken Access Control',
+                    cvssScore: 8.1,
+                    exploitLikelihood: 'high',
+                    impact: 'privilege-escalation',
+                    owasp: 'A01:2021',
+                    cwe: 'CWE-269',
+                    pciDss: '7.1',
+                    attackVector: {
+                        description: 'Wildcard resources allow actions on ALL resources of a type',
+                        exploitExample: 'S3:DeleteBucket with Resource:* can delete ALL buckets',
+                        realWorldImpact: [
+                            'Overly permissive access across entire AWS account',
+                            'Lateral movement to unintended resources',
+                            'Data deletion or modification across all resources',
+                        ],
+                    },
+                    remediation: {
+                        before: `"Resource": "*"`,
+                        after: `"Resource": "arn:aws:s3:::my-specific-bucket/*"`,
+                        explanation: 'Replace wildcard with specific resource ARNs',
+                    },
+                };
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Check 8: IAM Policy with Admin Permissions (HIGH)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+function checkIAMAdminPolicy(resource) {
+    if (resource.resourceType !== 'aws_iam_role_policy_attachment' && resource.resourceType !== 'aws_iam_user_policy_attachment') {
+        return null;
+    }
+    const policyArn = (0, parser_1.getAttribute)(resource, 'policy_arn');
+    if (policyArn && policyArn.includes('AdministratorAccess')) {
+        return {
+            severity: 'high',
+            message: `IAM attachment "${resource.resourceName}" uses AdministratorAccess managed policy`,
+            line: resource.startLine,
+            suggestion: 'Avoid AdministratorAccess. Create custom policies with minimum required permissions',
+            category: 'Broken Access Control',
+            cvssScore: 7.7,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+            owasp: 'A01:2021',
+            cwe: 'CWE-269',
+            pciDss: '7.1',
+            attackVector: {
+                description: 'AdministratorAccess grants full control over AWS account',
+                exploitExample: 'Compromised admin credentials = complete account takeover',
+                realWorldImpact: [
+                    'Full AWS account compromise',
+                    'Ability to disable logging and monitoring',
+                    'Creation of persistent backdoors',
+                ],
+            },
+            remediation: {
+                before: `policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"`,
+                after: `policy_arn = aws_iam_policy.custom_policy.arn`,
+                explanation: 'Create custom policy with only required permissions instead of admin access',
+            },
+        };
+    }
+    return null;
+}
+/**
+ * Check 9: IAM Policy Allows Privilege Escalation (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+function checkIAMPrivilegeEscalation(resource) {
+    if (resource.resourceType !== 'aws_iam_policy' && resource.resourceType !== 'aws_iam_role_policy') {
+        return null;
+    }
+    const policy = (0, parser_1.getAttribute)(resource, 'policy');
+    if (!policy)
+        return null;
+    let policyObj;
+    if (typeof policy === 'string') {
+        try {
+            policyObj = JSON.parse(policy);
+        }
+        catch {
+            return null;
+        }
+    }
+    else {
+        policyObj = policy;
+    }
+    // Check for dangerous permission combinations that enable privilege escalation
+    const dangerousActions = [
+        'iam:CreatePolicyVersion',
+        'iam:SetDefaultPolicyVersion',
+        'iam:PassRole',
+        'iam:CreateAccessKey',
+        'iam:CreateLoginProfile',
+        'iam:UpdateAssumeRolePolicy',
+        'iam:AttachUserPolicy',
+        'iam:AttachGroupPolicy',
+        'iam:AttachRolePolicy',
+        'iam:PutUserPolicy',
+        'iam:PutGroupPolicy',
+        'iam:PutRolePolicy',
+    ];
+    const statements = policyObj?.Statement || [];
+    for (const statement of statements) {
+        if (statement.Effect === 'Allow') {
+            const actions = Array.isArray(statement.Action) ? statement.Action : [statement.Action];
+            const foundDangerous = actions.filter((action) => dangerousActions.some(dangerous => action === dangerous || action === 'iam:*' || action === '*'));
+            if (foundDangerous.length > 0) {
+                return {
+                    severity: 'critical',
+                    message: `IAM policy "${resource.resourceName}" allows privilege escalation actions: ${foundDangerous.join(', ')}`,
+                    line: resource.startLine,
+                    suggestion: 'Remove or restrict IAM modification permissions to prevent privilege escalation',
+                    category: 'Broken Access Control',
+                    cvssScore: 9.1,
+                    exploitLikelihood: 'high',
+                    impact: 'privilege-escalation',
+                    owasp: 'A01:2021',
+                    cwe: 'CWE-269',
+                    pciDss: '7.1',
+                    attackVector: {
+                        description: 'Policy allows users to grant themselves additional permissions',
+                        exploitExample: 'User can attach AdministratorAccess policy to themselves via iam:AttachUserPolicy',
+                        realWorldImpact: [
+                            'Users can escalate to admin privileges',
+                            'Bypass of access controls and audit trails',
+                            'Permanent backdoor creation',
+                        ],
+                    },
+                    remediation: {
+                        before: `"Action": ["${foundDangerous[0]}", ...]`,
+                        after: `"Action": ["s3:GetObject", "s3:PutObject"]`,
+                        explanation: 'Remove IAM modification permissions unless absolutely necessary and properly restricted',
+                    },
+                };
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Check 10: IAM Role with Overly Permissive Assume Role Policy (MEDIUM)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-732 (Incorrect Permission Assignment)
+ */
+function checkIAMAssumeRolePolicy(resource) {
+    if (resource.resourceType !== 'aws_iam_role')
+        return null;
+    const assumeRolePolicy = (0, parser_1.getAttribute)(resource, 'assume_role_policy');
+    if (!assumeRolePolicy)
+        return null;
+    let policyObj;
+    if (typeof assumeRolePolicy === 'string') {
+        try {
+            policyObj = JSON.parse(assumeRolePolicy);
+        }
+        catch {
+            return null;
+        }
+    }
+    else {
+        policyObj = assumeRolePolicy;
+    }
+    const statements = policyObj?.Statement || [];
+    for (const statement of statements) {
+        if (statement.Effect === 'Allow') {
+            const principal = statement.Principal;
+            // Check for wildcard principals
+            if (principal === '*' || principal?.AWS === '*' || principal?.Service === '*') {
+                return {
+                    severity: 'medium',
+                    message: `IAM role "${resource.resourceName}" has overly permissive assume role policy (Principal: "*")`,
+                    line: resource.startLine,
+                    suggestion: 'Specify explicit principals (AWS account IDs, service names) instead of wildcards',
+                    category: 'Broken Access Control',
+                    cvssScore: 6.5,
+                    exploitLikelihood: 'medium',
+                    impact: 'privilege-escalation',
+                    owasp: 'A01:2021',
+                    cwe: 'CWE-732',
+                    pciDss: '7.1',
+                    attackVector: {
+                        description: 'Wildcard principal allows any AWS entity to assume this role',
+                        exploitExample: 'Any AWS account can assume the role if they know the role ARN',
+                        realWorldImpact: [
+                            'Unauthorized access from external AWS accounts',
+                            'Cross-account privilege escalation',
+                            'Potential data exfiltration',
+                        ],
+                    },
+                    remediation: {
+                        before: `"Principal": "*"`,
+                        after: `"Principal": {\n  "AWS": "arn:aws:iam::123456789012:root"\n}`,
+                        explanation: 'Specify explicit AWS account ARNs or service names instead of wildcards',
+                    },
+                };
+            }
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=aws-checks.js.map

package/dist/src/lib/analyzers/terraform/aws-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-checks.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/terraform/aws-checks.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAeH,4CAqCC;AAOD,8CAoCC;AAOD,8CAmCC;AAOD,wCAoCC;AAOD,4DA6CC;AAWD,0DA0DC;AAOD,8DAwDC;AAOD,kDAqCC;AAOD,kEA4EC;AAOD,4DAwDC;AAtiBD,qCAAsD;AAEtD,6CAA6C;AAC7C,oCAAoC;AACpC,6CAA6C;AAE7C;;;;GAIG;AACH,SAAgB,gBAAgB,CAAC,QAA2B;IAC1D,IAAI,QAAQ,CAAC,YAAY,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,GAAG,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,CAAC,aAAa,EAAE,mBAAmB,EAAE,oBAAoB,CAAC,CAAC;IAE9E,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,cAAc,QAAQ,CAAC,YAAY,sBAAsB,GAAG,GAAG;YACxE,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,UAAU,EAAE,4EAA4E;YACxF,QAAQ,EAAE,uBAAuB;YACjC,SAAS,EAAE,GAAG;YACd,iBAAiB,EAAE,MAAM;YACzB,MAAM,EAAE,aAAa;YACrB,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,OAAO;YACf,YAAY,EAAE;gBACZ,WAAW,EAAE,qEAAqE;gBAClF,cAAc,EAAE,8CAA8C;gBAC9D,eAAe,EAAE;oBACf,oCAAoC;oBACpC,qCAAqC;oBACrC,sCAAsC;iBACvC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,6BAA6B,QAAQ,CAAC,YAAY,iBAAiB,GAAG,MAAM;gBACpF,KAAK,EAAE,6BAA6B,QAAQ,CAAC,YAAY,sCAAsC;gBAC/F,WAAW,EAAE,uEAAuE;aACrF;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,QAA2B;IAC3D,IAAI,QAAQ,CAAC,YAAY,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,aAAa,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,sCAAsC,CAAC,CAAC;IAErF,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO;YACL,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,cAAc,QAAQ,CAAC,YAAY,gDAAgD;YAC5F,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,UAAU,EAAE,sDAAsD;YAClE,QAAQ,EAAE,wBAAwB;YAClC,SAAS,EAAE,GAAG;YACd,iBAAiB,EAAE,QAAQ;YAC3B,MAAM,EAAE,aAAa;YACrB,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,KAAK;YACb,YAAY,EAAE;gBACZ,WAAW,EAAE,qFAAqF;gBAClG,cAAc,EAAE,0DAA0D;gBAC1E,eAAe,EAAE;oBACf,oDAAoD;oBACpD,kDAAkD;oBAClD,qCAAqC;iBACtC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,6BAA6B,QAAQ,CAAC,YAAY,gCAAgC;gBAC1F,KAAK,EAAE,6BAA6B,QAAQ,CAAC,YAAY,gMAAgM;gBACzP,WAAW,EAAE,mDAAmD;aACjE;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,QAA2B;IAC3D,IAAI,QAAQ,CAAC,YAAY,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,UAAU,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;IAEhE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,cAAc,QAAQ,CAAC,YAAY,oCAAoC;YAChF,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,UAAU,EAAE,yEAAyE;YACrF,QAAQ,EAAE,kBAAkB;YAC5B,SAAS,EAAE,GAAG;YACd,iBAAiB,EAAE,QAAQ;YAC3B,MAAM,EAAE,iBAAiB;YACzB,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS;YACd,YAAY,EAAE;gBACZ,WAAW,EAAE,wEAAwE;gBACrF,cAAc,EAAE,wDAAwD;gBACxE,eAAe,EAAE;oBACf,8CAA8C;oBAC9C,qCAAqC;oBACrC,mDAAmD;iBACpD;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,6BAA6B,QAAQ,CAAC,YAAY,gCAAgC;gBAC1F,KAAK,EAAE,6BAA6B,QAAQ,CAAC,YAAY,2EAA2E;gBACpI,WAAW,EAAE,qEAAqE;aACnF;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,QAA2B;IACxD,IAAI,QAAQ,CAAC,YAAY,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,UAAU,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IAEnE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,cAAc,QAAQ,CAAC,YAAY,wCAAwC;YACpF,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,UAAU,EAAE,+EAA+E;YAC3F,QAAQ,EAAE,kBAAkB;YAC5B,SAAS,EAAE,GAAG;YACd,iBAAiB,EAAE,KAAK;YACxB,MAAM,EAAE,eAAe;YACvB,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,MAAM;YACd,YAAY,EAAE;gBACZ,WAAW,EAAE,2EAA2E;gBACxF,cAAc,EAAE,6DAA6D;gBAC7E,eAAe,EAAE;oBACf,mCAAmC;oBACnC,sCAAsC;oBACtC,mCAAmC;iBACpC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,6BAA6B,QAAQ,CAAC,YAAY,gCAAgC;gBAC1F,KAAK,EAAE,6BAA6B,QAAQ,CAAC,YAAY,iIAAiI;gBAC1L,WAAW,EAAE,iEAAiE;aAC/E;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,wBAAwB,CAAC,QAA2B;IAClE,IAAI,QAAQ,CAAC,YAAY,KAAK,mCAAmC;QAAE,OAAO,IAAI,CAAC;IAE/E,MAAM,eAAe,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,iBAAiB,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACxE,MAAM,gBAAgB,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;IACtE,MAAM,qBAAqB,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,yBAAyB,CAAC,CAAC;IAEhF,wDAAwD;IACxD,IACE,eAAe,KAAK,IAAI;QACxB,iBAAiB,KAAK,IAAI;QAC1B,gBAAgB,KAAK,IAAI;QACzB,qBAAqB,KAAK,IAAI,EAC9B,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,2BAA2B,QAAQ,CAAC,YAAY,2BAA2B;YACpF,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,UAAU,EAAE,oIAAoI;YAChJ,QAAQ,EAAE,uBAAuB;YACjC,SAAS,EAAE,GAAG;YACd,iBAAiB,EAAE,MAAM;YACzB,MAAM,EAAE,aAAa;YACrB,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,OAAO;YACf,YAAY,EAAE;gBACZ,WAAW,EAAE,kEAAkE;gBAC/E,cAAc,EAAE,uEAAuE;gBACvF,eAAe,EAAE;oBACf,mCAAmC;oBACnC,yDAAyD;oBACzD,wCAAwC;iBACzC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,iDAAiD,QAAQ,CAAC,YAAY,6CAA6C;gBAC3H,KAAK,EAAE,iDAAiD,QAAQ,CAAC,YAAY,uLAAuL;gBACpQ,WAAW,EAAE,kEAAkE;aAChF;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6CAA6C;AAC7C,qCAAqC;AACrC,6CAA6C;AAE7C;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,QAA2B;IACjE,IAAI,QAAQ,CAAC,YAAY,KAAK,gBAAgB,IAAI,QAAQ,CAAC,YAAY,KAAK,qBAAqB,EAAE,CAAC;QAClG,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,gDAAgD;IAChD,IAAI,SAAc,CAAC;IACnB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,CAAC,0BAA0B;QACzC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,2CAA2C;IAC3C,MAAM,UAAU,GAAG,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC;IAC9C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxF,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,eAAe,QAAQ,CAAC,YAAY,yCAAyC;oBACtF,IAAI,EAAE,QAAQ,CAAC,SAAS;oBACxB,UAAU,EAAE,gFAAgF;oBAC5F,QAAQ,EAAE,uBAAuB;oBACjC,SAAS,EAAE,GAAG;oBACd,iBAAiB,EAAE,MAAM;oBACzB,MAAM,EAAE,sBAAsB;oBAC9B,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,KAAK;oBACb,YAAY,EAAE;wBACZ,WAAW,EAAE,6EAA6E;wBAC1F,cAAc,EAAE,+DAA+D;wBAC/E,eAAe,EAAE;4BACf,gCAAgC;4BAChC,qCAAqC;4BACrC,gDAAgD;yBACjD;qBACF;oBACD,WAAW,EAAE;wBACX,MAAM,EAAE,eAAe;wBACvB,KAAK,EAAE,4CAA4C;wBACnD,WAAW,EAAE,gEAAgE;qBAC9E;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,QAA2B;IACnE,IAAI,QAAQ,CAAC,YAAY,KAAK,gBAAgB,IAAI,QAAQ,CAAC,YAAY,KAAK,qBAAqB,EAAE,CAAC;QAClG,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,IAAI,SAAc,CAAC;IACnB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC;IAC9C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAChG,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO;oBACL,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,eAAe,QAAQ,CAAC,YAAY,6CAA6C;oBAC1F,IAAI,EAAE,QAAQ,CAAC,SAAS;oBACxB,UAAU,EAAE,qEAAqE;oBACjF,QAAQ,EAAE,uBAAuB;oBACjC,SAAS,EAAE,GAAG;oBACd,iBAAiB,EAAE,MAAM;oBACzB,MAAM,EAAE,sBAAsB;oBAC9B,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,KAAK;oBACb,YAAY,EAAE;wBACZ,WAAW,EAAE,6DAA6D;wBAC1E,cAAc,EAAE,wDAAwD;wBACxE,eAAe,EAAE;4BACf,oDAAoD;4BACpD,0CAA0C;4BAC1C,oDAAoD;yBACrD;qBACF;oBACD,WAAW,EAAE;wBACX,MAAM,EAAE,iBAAiB;wBACzB,KAAK,EAAE,iDAAiD;wBACxD,WAAW,EAAE,8CAA8C;qBAC5D;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,QAA2B;IAC7D,IAAI,QAAQ,CAAC,YAAY,KAAK,gCAAgC,IAAI,QAAQ,CAAC,YAAY,KAAK,gCAAgC,EAAE,CAAC;QAC7H,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACvD,IAAI,SAAS,IAAI,SAAS,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC3D,OAAO;YACL,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,mBAAmB,QAAQ,CAAC,YAAY,2CAA2C;YAC5F,IAAI,EAAE,QAAQ,CAAC,SAAS;YACxB,UAAU,EAAE,qFAAqF;YACjG,QAAQ,EAAE,uBAAuB;YACjC,SAAS,EAAE,GAAG;YACd,iBAAiB,EAAE,MAAM;YACzB,MAAM,EAAE,sBAAsB;YAC9B,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,KAAK;YACb,YAAY,EAAE;gBACZ,WAAW,EAAE,0DAA0D;gBACvE,cAAc,EAAE,2DAA2D;gBAC3E,eAAe,EAAE;oBACf,6BAA6B;oBAC7B,2CAA2C;oBAC3C,kCAAkC;iBACnC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,4DAA4D;gBACpE,KAAK,EAAE,+CAA+C;gBACtD,WAAW,EAAE,6EAA6E;aAC3F;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,QAA2B;IACrE,IAAI,QAAQ,CAAC,YAAY,KAAK,gBAAgB,IAAI,QAAQ,CAAC,YAAY,KAAK,qBAAqB,EAAE,CAAC;QAClG,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,IAAI,SAAc,CAAC;IACnB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,+EAA+E;IAC/E,MAAM,gBAAgB,GAAG;QACvB,yBAAyB;QACzB,6BAA6B;QAC7B,cAAc;QACd,qBAAqB;QACrB,wBAAwB;QACxB,4BAA4B;QAC5B,sBAAsB;QACtB,uBAAuB;QACvB,sBAAsB;QACtB,mBAAmB;QACnB,oBAAoB;QACpB,mBAAmB;KACpB,CAAC;IAEF,MAAM,UAAU,GAAG,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC;IAC9C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxF,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,MAAc,EAAE,EAAE,CACvD,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,GAAG,CAAC,CACjG,CAAC;YAEF,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO;oBACL,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,eAAe,QAAQ,CAAC,YAAY,0CAA0C,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAClH,IAAI,EAAE,QAAQ,CAAC,SAAS;oBACxB,UAAU,EAAE,iFAAiF;oBAC7F,QAAQ,EAAE,uBAAuB;oBACjC,SAAS,EAAE,GAAG;oBACd,iBAAiB,EAAE,MAAM;oBACzB,MAAM,EAAE,sBAAsB;oBAC9B,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,KAAK;oBACb,YAAY,EAAE;wBACZ,WAAW,EAAE,gEAAgE;wBAC7E,cAAc,EAAE,mFAAmF;wBACnG,eAAe,EAAE;4BACf,wCAAwC;4BACxC,4CAA4C;4BAC5C,6BAA6B;yBAC9B;qBACF;oBACD,WAAW,EAAE;wBACX,MAAM,EAAE,eAAe,cAAc,CAAC,CAAC,CAAC,SAAS;wBACjD,KAAK,EAAE,4CAA4C;wBACnD,WAAW,EAAE,yFAAyF;qBACvG;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAgB,wBAAwB,CAAC,QAA2B;IAClE,IAAI,QAAQ,CAAC,YAAY,KAAK,cAAc;QAAE,OAAO,IAAI,CAAC;IAE1D,MAAM,gBAAgB,GAAG,IAAA,qBAAY,EAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;IACtE,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAEnC,IAAI,SAAc,CAAC;IACnB,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,gBAAgB,CAAC;IAC/B,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC;IAC9C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;YAEtC,gCAAgC;YAChC,IAAI,SAAS,KAAK,GAAG,IAAI,SAAS,EAAE,GAAG,KAAK,GAAG,IAAI,SAAS,EAAE,OAAO,KAAK,GAAG,EAAE,CAAC;gBAC9E,OAAO;oBACL,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,aAAa,QAAQ,CAAC,YAAY,6DAA6D;oBACxG,IAAI,EAAE,QAAQ,CAAC,SAAS;oBACxB,UAAU,EAAE,mFAAmF;oBAC/F,QAAQ,EAAE,uBAAuB;oBACjC,SAAS,EAAE,GAAG;oBACd,iBAAiB,EAAE,QAAQ;oBAC3B,MAAM,EAAE,sBAAsB;oBAC9B,KAAK,EAAE,UAAU;oBACjB,GAAG,EAAE,SAAS;oBACd,MAAM,EAAE,KAAK;oBACb,YAAY,EAAE;wBACZ,WAAW,EAAE,8DAA8D;wBAC3E,cAAc,EAAE,+DAA+D;wBAC/E,eAAe,EAAE;4BACf,gDAAgD;4BAChD,oCAAoC;4BACpC,6BAA6B;yBAC9B;qBACF;oBACD,WAAW,EAAE;wBACX,MAAM,EAAE,kBAAkB;wBAC1B,KAAK,EAAE,8DAA8D;wBACrE,WAAW,EAAE,yEAAyE;qBACvF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/lib/analyzers/terraform/parser.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Terraform HCL Parser
+ *
+ * WR3: IaC Scanning - Simple regex-based HCL parser
+ * Extracts resource blocks, attributes, and nested blocks from Terraform files
+ *
+ * MVP Approach: Regex-based parsing (fast, good enough for security checks)
+ * Future: Can swap for full HCL library if needed (no API changes required)
+ */
+import { TerraformResource, ParsedTerraform } from './types';
+export declare function parseTerraform(code: string): ParsedTerraform;
+export declare function getAttribute(resource: TerraformResource, path: string): any;
+export declare function hasAttribute(resource: TerraformResource, path: string): boolean;
+//# sourceMappingURL=parser.d.ts.map

package/dist/src/lib/analyzers/terraform/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/terraform/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAkB,iBAAiB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE7E,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CA6E5D;AA0KD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,GAAG,GAAG,CAU3E;AAGD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/E"}