codeslick-cli 1.3.0 → 1.4.1

package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts

@@ -13,38 +13,8 @@
  * Date: January 7, 2026
  */
 import { SecurityVulnerability } from '../types';
-/**
- * Secret pattern definition
- */
-export interface SecretPattern {
-    /** Pattern identifier (e.g., 'aws-access-key', 'github-token') */
-    id: string;
-    /** Human-readable name */
-    name: string;
-    /** Regex pattern to match the secret */
-    pattern: RegExp;
-    /** Minimum entropy threshold (0-8, where 8 is maximum randomness) */
-    minEntropy?: number;
-    /** Description of the secret type */
-    description: string;
-    /** Severity: 'critical', 'high', 'medium' */
-    severity: 'critical' | 'high' | 'medium';
-    /** OWASP 2025 category */
-    owaspCategory: string;
-    /** CWE identifier */
-    cwe: string;
-}
-/**
- * Secret detection result
- */
-export interface SecretMatch {
-    pattern: SecretPattern;
-    value: string;
-    line: number;
-    column: number;
-    entropy: number;
-    context: string;
-}
+import type { SecretPattern, SecretMatch } from './types';
+export type { SecretPattern, SecretMatch };
 /**
  * Main secrets analyzer class
  */
@@ -76,6 +46,10 @@ export declare class SecretsAnalyzer {
      * Get fix recommendation based on secret type and language
      */
     private getRecommendation;
+    /**
+     * Get code fix example based on language
+     */
+    private getFixExample;
     /**
      * Calculate confidence score (0-100) based on entropy and context
      */

package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secrets-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAQjD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAkB;;IAYlC;;;;;;;OAOG;IACI,WAAW,CAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,YAAY,GAAG,IAAI,GAC/D,qBAAqB,EAAE;IAiC1B;;OAEG;IACH,OAAO,CAAC,WAAW;IA4BnB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgB3B;;OAEG;IACH,OAAO,CAAC,UAAU;IASlB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAiBzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAiB5B;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAEvD"}
+{"version":3,"file":"secrets-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAWjD,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAC1D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AAE3C;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAkB;;IAYlC;;;;;;;OAOG;IACI,WAAW,CAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,YAAY,GAAG,IAAI,GAC/D,qBAAqB,EAAE;IAiC1B;;OAEG;IACH,OAAO,CAAC,WAAW;IA4BnB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAwC3B;;OAEG;IACH,OAAO,CAAC,UAAU;IASlB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAiBzB;;OAEG;IACH,OAAO,CAAC,aAAa;IAerB;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAiB5B;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAEvD"}

package/dist/src/lib/analyzers/secrets/secrets-analyzer.js

@@ -22,6 +22,8 @@ const credentials_1 = require("./patterns/credentials");
 const tokens_1 = require("./patterns/tokens");
 const entropy_checker_1 = require("./validators/entropy-checker");
 const context_checker_1 = require("./validators/context-checker");
+const severity_scoring_1 = require("../../security/severity-scoring");
+const compliance_mapping_1 = require("../../security/compliance-mapping");
 /**
  * Main secrets analyzer class
  */
@@ -95,14 +97,37 @@ class SecretsAnalyzer {
      * Create a security vulnerability from a secret match
      */
     createVulnerability(match, filePath, language) {
+        // Use centralized scoring system for consistent CVSS scores
+        const category = `hardcoded-secret-${match.pattern.id}`;
+        const scoring = (0, severity_scoring_1.calculateSeverityScore)(category);
+        const compliance = (0, compliance_mapping_1.getComplianceMapping)(category);
         return {
-            severity: match.pattern.severity,
+            severity: scoring.severity,
             message: `Hardcoded secret detected: ${match.pattern.name} - ${this.maskSecret(match.value)}`,
             line: match.line,
             suggestion: this.getRecommendation(match.pattern, language),
-            category: `hardcoded-secret-${match.pattern.id}`,
-            owasp: match.pattern.owaspCategory,
-            cwe: match.pattern.cwe,
+            category,
+            cvssScore: scoring.cvssScore,
+            exploitLikelihood: scoring.exploitLikelihood,
+            impact: scoring.impact,
+            owasp: compliance.owasp || match.pattern.owaspCategory,
+            cwe: compliance.cwe || match.pattern.cwe,
+            pciDss: compliance.pciDss,
+            attackVector: {
+                description: `Hardcoded ${match.pattern.name.toLowerCase()} exposed in source code. Visible to anyone with repository access.`,
+                exploitExample: `Attacker with code access can extract: ${this.maskSecret(match.value)}`,
+                realWorldImpact: [
+                    'Unauthorized access to systems',
+                    'Cannot rotate without code deployment',
+                    'Persists in Git history forever',
+                    'PCI-DSS, SOC 2, ISO 27001 violations',
+                ],
+            },
+            remediation: {
+                before: match.context,
+                after: this.getFixExample(match.pattern, language),
+                explanation: this.getRecommendation(match.pattern, language),
+            },
         };
     }
     /**
@@ -133,6 +158,25 @@ class SecretsAnalyzer {
             `4. Add to .gitignore if stored in config file\n` +
             `5. Rotate the exposed secret immediately`;
     }
+    /**
+     * Get code fix example based on language
+     */
+    getFixExample(pattern, language) {
+        const varName = pattern.id.toUpperCase().replace(/-/g, '_');
+        if (language === 'python') {
+            return `import os\n${varName} = os.environ.get("${varName}")  # Store in .env file`;
+        }
+        else if (language === 'java') {
+            return `String ${varName.toLowerCase()} = System.getenv("${varName}");`;
+        }
+        else if (language === 'go') {
+            return `import "os"\n${varName.toLowerCase()} := os.Getenv("${varName}")`;
+        }
+        else {
+            // JavaScript/TypeScript
+            return `const ${varName.toLowerCase()} = process.env.${varName};  // Store in .env file`;
+        }
+    }
     /**
      * Calculate confidence score (0-100) based on entropy and context
      */

package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map

@@ -1 +1 @@
-{"version":3,"file":"secrets-analyzer.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAoNH,sDAEC;AAnND,kDAAuD;AACvD,0DAA+D;AAC/D,wDAA6D;AAC7D,8CAAmD;AACnD,kEAAgE;AAChE,kEAAqE;AAoCrE;;GAEG;AACH,MAAa,eAAe;IAG1B;QACE,iDAAiD;QACjD,IAAI,CAAC,QAAQ,GAAG;YACd,GAAG,2BAAgB;YACnB,GAAG,mCAAoB;YACvB,GAAG,iCAAmB;YACtB,GAAG,uBAAc;SAClB,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,WAAW,CAChB,IAAY,EACZ,QAAgB,EAChB,QAAgE;QAEhE,MAAM,eAAe,GAA4B,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE/B,6BAA6B;QAC7B,KAAK,IAAI,SAAS,GAAG,CAAC,EAAE,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;YAC9B,MAAM,UAAU,GAAG,SAAS,GAAG,CAAC,CAAC;YAEjC,6BAA6B;YAC7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;gBAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,+BAA+B;oBAC/B,IAAI,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;wBAC7D,SAAS,CAAC,2BAA2B;oBACvC,CAAC;oBAED,4BAA4B;oBAC5B,IAAI,IAAA,uCAAqB,EAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;wBAChE,SAAS,CAAC,8BAA8B;oBAC1C,CAAC;oBAED,uBAAuB;oBACvB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,WAAW,CACjB,IAAY,EACZ,OAAsB,EACtB,UAAkB;QAElB,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,IAAI,KAA6B,CAAC;QAElC,sCAAsC;QACtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAEtD,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,OAAO,GAAG,IAAA,kCAAgB,EAAC,KAAK,CAAC,CAAC;YAExC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO;gBACP,KAAK;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,KAAK,CAAC,KAAK;gBACnB,OAAO;gBACP,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,KAAkB,EAClB,QAAgB,EAChB,QAAgB;QAEhB,OAAO;YACL,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;YAChC,OAAO,EAAE,8BAA8B,KAAK,CAAC,OAAO,CAAC,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;YAC7F,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,UAAU,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;YAC3D,QAAQ,EAAE,oBAAoB,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE;YAChD,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa;YAClC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG;SACvB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAAa;QAC9B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/C,OAAO,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,OAAsB,EAAE,QAAgB;QAChE,MAAM,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC;QAE/C,MAAM,aAAa,GAAG,QAAQ,KAAK,QAAQ;YACzC,CAAC,CAAC,2BAA2B;YAC7B,CAAC,CAAC,QAAQ,KAAK,MAAM;gBACrB,CAAC,CAAC,0BAA0B;gBAC5B,CAAC,CAAC,qBAAqB,CAAC;QAE1B,OAAO,GAAG,kBAAkB,wBAAwB;YAClD,0CAA0C;YAC1C,oEAAoE;YACpE,WAAW,aAAa,IAAI;YAC5B,iDAAiD;YACjD,0CAA0C,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,KAAkB;QAC5C,IAAI,UAAU,GAAG,EAAE,CAAC,CAAC,kBAAkB;QAEvC,qCAAqC;QACrC,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YACxB,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YAC/B,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,8CAA8C;QAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5E,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;CACF;AAhKD,0CAgKC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO,IAAI,eAAe,EAAE,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"secrets-analyzer.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAkOH,sDAEC;AAjOD,kDAAuD;AACvD,0DAA+D;AAC/D,wDAA6D;AAC7D,8CAAmD;AACnD,kEAAgE;AAChE,kEAAqE;AACrE,sEAAyE;AACzE,0EAAyE;AAMzE;;GAEG;AACH,MAAa,eAAe;IAG1B;QACE,iDAAiD;QACjD,IAAI,CAAC,QAAQ,GAAG;YACd,GAAG,2BAAgB;YACnB,GAAG,mCAAoB;YACvB,GAAG,iCAAmB;YACtB,GAAG,uBAAc;SAClB,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,WAAW,CAChB,IAAY,EACZ,QAAgB,EAChB,QAAgE;QAEhE,MAAM,eAAe,GAA4B,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE/B,6BAA6B;QAC7B,KAAK,IAAI,SAAS,GAAG,CAAC,EAAE,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;YAC9B,MAAM,UAAU,GAAG,SAAS,GAAG,CAAC,CAAC;YAEjC,6BAA6B;YAC7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;gBAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,+BAA+B;oBAC/B,IAAI,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;wBAC7D,SAAS,CAAC,2BAA2B;oBACvC,CAAC;oBAED,4BAA4B;oBAC5B,IAAI,IAAA,uCAAqB,EAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;wBAChE,SAAS,CAAC,8BAA8B;oBAC1C,CAAC;oBAED,uBAAuB;oBACvB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,WAAW,CACjB,IAAY,EACZ,OAAsB,EACtB,UAAkB;QAElB,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,IAAI,KAA6B,CAAC;QAElC,sCAAsC;QACtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAEtD,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,OAAO,GAAG,IAAA,kCAAgB,EAAC,KAAK,CAAC,CAAC;YAExC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO;gBACP,KAAK;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,KAAK,CAAC,KAAK;gBACnB,OAAO;gBACP,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,KAAkB,EAClB,QAAgB,EAChB,QAAgB;QAEhB,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,oBAAoB,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,QAAQ,CAAC,CAAC;QAElD,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,OAAO,EAAE,8BAA8B,KAAK,CAAC,OAAO,CAAC,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;YAC7F,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,UAAU,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;YAC3D,QAAQ;YACR,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa;YACtD,GAAG,EAAE,UAAU,CAAC,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG;YACxC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,YAAY,EAAE;gBACZ,WAAW,EAAE,aAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,oEAAoE;gBAC9H,cAAc,EAAE,0CAA0C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACxF,eAAe,EAAE;oBACf,gCAAgC;oBAChC,uCAAuC;oBACvC,iCAAiC;oBACjC,sCAAsC;iBACvC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,KAAK,CAAC,OAAO;gBACrB,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;gBAClD,WAAW,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;aAC7D;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAAa;QAC9B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/C,OAAO,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,OAAsB,EAAE,QAAgB;QAChE,MAAM,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC;QAE/C,MAAM,aAAa,GAAG,QAAQ,KAAK,QAAQ;YACzC,CAAC,CAAC,2BAA2B;YAC7B,CAAC,CAAC,QAAQ,KAAK,MAAM;gBACrB,CAAC,CAAC,0BAA0B;gBAC5B,CAAC,CAAC,qBAAqB,CAAC;QAE1B,OAAO,GAAG,kBAAkB,wBAAwB;YAClD,0CAA0C;YAC1C,oEAAoE;YACpE,WAAW,aAAa,IAAI;YAC5B,iDAAiD;YACjD,0CAA0C,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAsB,EAAE,QAAgB;QAC5D,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAE5D,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,cAAc,OAAO,sBAAsB,OAAO,0BAA0B,CAAC;QACtF,CAAC;aAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC/B,OAAO,UAAU,OAAO,CAAC,WAAW,EAAE,qBAAqB,OAAO,KAAK,CAAC;QAC1E,CAAC;aAAM,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YAC7B,OAAO,gBAAgB,OAAO,CAAC,WAAW,EAAE,kBAAkB,OAAO,IAAI,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,wBAAwB;YACxB,OAAO,SAAS,OAAO,CAAC,WAAW,EAAE,kBAAkB,OAAO,0BAA0B,CAAC;QAC3F,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,KAAkB;QAC5C,IAAI,UAAU,GAAG,EAAE,CAAC,CAAC,kBAAkB;QAEvC,qCAAqC;QACrC,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YACxB,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YAC/B,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,8CAA8C;QAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5E,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;CACF;AA1MD,0CA0MC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO,IAAI,eAAe,EAAE,CAAC;AAC/B,CAAC"}

package/dist/src/lib/analyzers/secrets/types.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Shared types for the Secrets Detection module.
+ *
+ * Extracted here to break the circular dependency between secrets-analyzer.ts
+ * and the pattern files (patterns/* imported SecretPattern from secrets-analyzer,
+ * which already imported from patterns/*).
+ */
+/**
+ * Secret pattern definition
+ */
+export interface SecretPattern {
+    /** Pattern identifier (e.g., 'aws-access-key', 'github-token') */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Regex pattern to match the secret */
+    pattern: RegExp;
+    /** Minimum entropy threshold (0-8, where 8 is maximum randomness) */
+    minEntropy?: number;
+    /** Description of the secret type */
+    description: string;
+    /** Severity: 'critical', 'high', 'medium' */
+    severity: 'critical' | 'high' | 'medium';
+    /** OWASP 2025 category */
+    owaspCategory: string;
+    /** CWE identifier */
+    cwe: string;
+}
+/**
+ * Secret detection result
+ */
+export interface SecretMatch {
+    pattern: SecretPattern;
+    value: string;
+    line: number;
+    column: number;
+    entropy: number;
+    context: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/lib/analyzers/secrets/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB"}

package/dist/src/lib/analyzers/secrets/types.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * Shared types for the Secrets Detection module.
+ *
+ * Extracted here to break the circular dependency between secrets-analyzer.ts
+ * and the pattern files (patterns/* imported SecretPattern from secrets-analyzer,
+ * which already imported from patterns/*).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/src/lib/analyzers/secrets/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/types.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/dist/src/lib/analyzers/terraform/aws-checks.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Terraform AWS Security Checks
+ *
+ * WR3 Day 1-2: AWS S3 and IAM security misconfigurations
+ *
+ * Current: 10 checks (S3: 5, IAM: 5)
+ * Future: Will expand to EC2, RDS, Lambda (25 total AWS checks)
+ */
+import { SecurityVulnerability } from '../types';
+import { TerraformResource } from './types';
+/**
+ * Check 1: S3 Bucket with Public ACL (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-732 (Incorrect Permission Assignment)
+ */
+export declare function checkS3PublicACL(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 2: S3 Bucket Without Encryption (HIGH)
+ * OWASP: A02:2021 - Cryptographic Failures
+ * CWE: CWE-311 (Missing Encryption of Sensitive Data)
+ */
+export declare function checkS3Encryption(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 3: S3 Bucket Versioning Disabled (MEDIUM)
+ * OWASP: A09:2021 - Security Logging and Monitoring Failures
+ * CWE: CWE-778 (Insufficient Logging)
+ */
+export declare function checkS3Versioning(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 4: S3 Bucket Logging Disabled (MEDIUM)
+ * OWASP: A09:2021 - Security Logging and Monitoring Failures
+ * CWE: CWE-778 (Insufficient Logging)
+ */
+export declare function checkS3Logging(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 5: S3 Bucket Public Access Block Missing (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-732 (Incorrect Permission Assignment)
+ */
+export declare function checkS3PublicAccessBlock(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 6: IAM Policy with Wildcard Actions (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+export declare function checkIAMWildcardActions(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 7: IAM Policy with Wildcard Resources (HIGH)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+export declare function checkIAMWildcardResources(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 8: IAM Policy with Admin Permissions (HIGH)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+export declare function checkIAMAdminPolicy(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 9: IAM Policy Allows Privilege Escalation (CRITICAL)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-269 (Improper Privilege Management)
+ */
+export declare function checkIAMPrivilegeEscalation(resource: TerraformResource): SecurityVulnerability | null;
+/**
+ * Check 10: IAM Role with Overly Permissive Assume Role Policy (MEDIUM)
+ * OWASP: A01:2021 - Broken Access Control
+ * CWE: CWE-732 (Incorrect Permission Assignment)
+ */
+export declare function checkIAMAssumeRolePolicy(resource: TerraformResource): SecurityVulnerability | null;
+//# sourceMappingURL=aws-checks.d.ts.map

package/dist/src/lib/analyzers/terraform/aws-checks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-checks.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/terraform/aws-checks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAO5C;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAqC1F;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAoC3F;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAmC3F;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAoCxF;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CA6ClG;AAMD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CA0DjG;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAwDnG;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAqC7F;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CA4ErG;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,qBAAqB,GAAG,IAAI,CAwDlG"}