npm - codeslick-cli - Versions diffs - 1.3.0 → 1.4.1 - Mend

codeslick-cli 1.3.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/dist/src/lib/analyzers/iac/pii-detector.js ADDED Viewed

@@ -0,0 +1,199 @@
+"use strict";
+/**
+ * PII Detection for Infrastructure as Code (IaC)
+ *
+ * Scans Terraform (and future Kubernetes/CloudFormation) files for hardcoded
+ * Personally Identifiable Information (PII) that violates GDPR/HIPAA compliance.
+ *
+ * Strategic Value: Closes competitive gap with Precogs.ai, applies to all IaC languages.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkResourcePII = checkResourcePII;
+exports.checkVariablePII = checkVariablePII;
+exports.checkLocalsPII = checkLocalsPII;
+exports.checkOutputPII = checkOutputPII;
+const pii_patterns_1 = require("./pii-patterns");
+/**
+ * Scan text content for PII patterns
+ * @param text - Text to scan (attribute value, tag, variable default, etc.)
+ * @param context - Context info (resource name, attribute path, line number)
+ * @returns Array of vulnerabilities found
+ */
+function scanTextForPII(text, context) {
+    const vulnerabilities = [];
+    // Check each PII pattern
+    for (const [type, pattern] of Object.entries(pii_patterns_1.PII_PATTERNS)) {
+        const matches = text.matchAll(pattern.regex);
+        for (const match of matches) {
+            const matchedText = match[0];
+            // Check if match should be excluded
+            if ((0, pii_patterns_1.shouldExcludeMatch)(matchedText, pattern)) {
+                continue;
+            }
+            // Validate if pattern has custom validation function
+            if (pattern.validate && !pattern.validate(matchedText)) {
+                continue;
+            }
+            vulnerabilities.push((0, pii_patterns_1.createPIIVulnerability)(type, pattern, matchedText, context));
+        }
+    }
+    return vulnerabilities;
+}
+/**
+ * Recursively scan nested objects for PII
+ */
+function scanNestedObject(obj, context) {
+    const vulnerabilities = [];
+    if (typeof obj === 'string') {
+        vulnerabilities.push(...scanTextForPII(obj, context));
+    }
+    else if (Array.isArray(obj)) {
+        obj.forEach((item, index) => {
+            vulnerabilities.push(...scanNestedObject(item, {
+                ...context,
+                attributePath: `${context.attributePath}[${index}]`,
+            }));
+        });
+    }
+    else if (obj && typeof obj === 'object') {
+        Object.entries(obj).forEach(([key, value]) => {
+            vulnerabilities.push(...scanNestedObject(value, {
+                ...context,
+                attributePath: `${context.attributePath}.${key}`,
+            }));
+        });
+    }
+    return vulnerabilities;
+}
+/**
+ * Check Terraform resources for PII in attributes
+ */
+function checkResourcePII(resource) {
+    const vulnerabilities = [];
+    // Scan ALL attributes recursively (not just predefined list)
+    // This catches PII in any attribute location
+    for (const [key, value] of Object.entries(resource.attributes)) {
+        if (typeof value === 'string') {
+            const found = scanTextForPII(value, {
+                resourceName: resource.resourceName,
+                attributePath: key,
+                line: resource.startLine,
+            });
+            vulnerabilities.push(...found);
+        }
+        else if (value && typeof value === 'object') {
+            // Scan nested objects (tags, environment vars, metadata)
+            const found = scanNestedObject(value, {
+                resourceName: resource.resourceName,
+                attributePath: key,
+                line: resource.startLine,
+            });
+            vulnerabilities.push(...found);
+        }
+    }
+    // Also scan nested blocks
+    if (resource.blocks) {
+        for (const block of resource.blocks) {
+            for (const [key, value] of Object.entries(block.attributes)) {
+                if (typeof value === 'string') {
+                    const found = scanTextForPII(value, {
+                        resourceName: resource.resourceName,
+                        attributePath: `${block.type}.${key}`,
+                        line: block.startLine,
+                    });
+                    vulnerabilities.push(...found);
+                }
+                else if (value && typeof value === 'object') {
+                    const found = scanNestedObject(value, {
+                        resourceName: resource.resourceName,
+                        attributePath: `${block.type}.${key}`,
+                        line: block.startLine,
+                    });
+                    vulnerabilities.push(...found);
+                }
+            }
+        }
+    }
+    return vulnerabilities;
+}
+/**
+ * Check Terraform variables for PII in default values
+ */
+function checkVariablePII(variable) {
+    if (variable.type !== 'variable')
+        return [];
+    const defaultValue = variable.attributes.default;
+    if (!defaultValue)
+        return [];
+    const variableName = variable.labels[0] || 'unknown';
+    if (typeof defaultValue === 'string') {
+        return scanTextForPII(defaultValue, {
+            resourceName: 'variable',
+            attributePath: `${variableName}.default`,
+            line: variable.startLine,
+        });
+    }
+    else if (typeof defaultValue === 'object') {
+        return scanNestedObject(defaultValue, {
+            resourceName: 'variable',
+            attributePath: `${variableName}.default`,
+            line: variable.startLine,
+        });
+    }
+    return [];
+}
+/**
+ * Check Terraform locals for PII in values
+ */
+function checkLocalsPII(locals) {
+    if (locals.type !== 'locals')
+        return [];
+    const vulnerabilities = [];
+    // Scan all local variable definitions
+    for (const [key, value] of Object.entries(locals.attributes)) {
+        if (typeof value === 'string') {
+            const found = scanTextForPII(value, {
+                resourceName: 'locals',
+                attributePath: key,
+                line: locals.startLine,
+            });
+            vulnerabilities.push(...found);
+        }
+        else if (typeof value === 'object') {
+            const found = scanNestedObject(value, {
+                resourceName: 'locals',
+                attributePath: key,
+                line: locals.startLine,
+            });
+            vulnerabilities.push(...found);
+        }
+    }
+    return vulnerabilities;
+}
+/**
+ * Check Terraform outputs for PII exposure
+ */
+function checkOutputPII(output) {
+    if (output.type !== 'output')
+        return [];
+    const value = output.attributes.value;
+    if (!value)
+        return [];
+    const outputName = output.labels[0] || 'unknown';
+    if (typeof value === 'string') {
+        return scanTextForPII(value, {
+            resourceName: 'output',
+            attributePath: `${outputName}.value`,
+            line: output.startLine,
+        });
+    }
+    else if (typeof value === 'object') {
+        return scanNestedObject(value, {
+            resourceName: 'output',
+            attributePath: `${outputName}.value`,
+            line: output.startLine,
+        });
+    }
+    return [];
+}
+//# sourceMappingURL=pii-detector.js.map

package/dist/src/lib/analyzers/iac/pii-detector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii-detector.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/iac/pii-detector.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAsFH,4CAgDC;AAKD,4CAuBC;AAKD,wCAyBC;AAKD,wCAuBC;AAvND,iDAIwB;AAExB;;;;;GAKG;AACH,SAAS,cAAc,CACrB,IAAY,EACZ,OAAuE;IAEvE,MAAM,eAAe,GAA4B,EAAE,CAAC;IAEpD,yBAAyB;IACzB,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,2BAAY,CAAC,EAAE,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAE7C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7B,oCAAoC;YACpC,IAAI,IAAA,iCAAkB,EAAC,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC7C,SAAS;YACX,CAAC;YAED,qDAAqD;YACrD,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvD,SAAS;YACX,CAAC;YAED,eAAe,CAAC,IAAI,CAClB,IAAA,qCAAsB,EAAC,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAC5D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,GAAY,EACZ,OAAuE;IAEvE,MAAM,eAAe,GAA4B,EAAE,CAAC;IAEpD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,eAAe,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC1B,eAAe,CAAC,IAAI,CAClB,GAAG,gBAAgB,CAAC,IAAI,EAAE;gBACxB,GAAG,OAAO;gBACV,aAAa,EAAE,GAAG,OAAO,CAAC,aAAa,IAAI,KAAK,GAAG;aACpD,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YAC3C,eAAe,CAAC,IAAI,CAClB,GAAG,gBAAgB,CAAC,KAAK,EAAE;gBACzB,GAAG,OAAO;gBACV,aAAa,EAAE,GAAG,OAAO,CAAC,aAAa,IAAI,GAAG,EAAE;aACjD,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAA2B;IAC1D,MAAM,eAAe,GAA4B,EAAE,CAAC;IAEpD,6DAA6D;IAC7D,6CAA6C;IAC7C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,EAAE;gBAClC,YAAY,EAAE,QAAQ,CAAC,YAAY;gBACnC,aAAa,EAAE,GAAG;gBAClB,IAAI,EAAE,QAAQ,CAAC,SAAS;aACzB,CAAC,CAAC;YACH,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QACjC,CAAC;aAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9C,yDAAyD;YACzD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE;gBACpC,YAAY,EAAE,QAAQ,CAAC,YAAY;gBACnC,aAAa,EAAE,GAAG;gBAClB,IAAI,EAAE,QAAQ,CAAC,SAAS;aACzB,CAAC,CAAC;YACH,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpB,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC5D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,EAAE;wBAClC,YAAY,EAAE,QAAQ,CAAC,YAAY;wBACnC,aAAa,EAAE,GAAG,KAAK,CAAC,IAAI,IAAI,GAAG,EAAE;wBACrC,IAAI,EAAE,KAAK,CAAC,SAAS;qBACtB,CAAC,CAAC;oBACH,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;gBACjC,CAAC;qBAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC9C,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE;wBACpC,YAAY,EAAE,QAAQ,CAAC,YAAY;wBACnC,aAAa,EAAE,GAAG,KAAK,CAAC,IAAI,IAAI,GAAG,EAAE;wBACrC,IAAI,EAAE,KAAK,CAAC,SAAS;qBACtB,CAAC,CAAC;oBACH,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAwB;IACvD,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAE5C,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;IACjD,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAE7B,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;IAErD,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO,cAAc,CAAC,YAAY,EAAE;YAClC,YAAY,EAAE,UAAU;YACxB,aAAa,EAAE,GAAG,YAAY,UAAU;YACxC,IAAI,EAAE,QAAQ,CAAC,SAAS;SACzB,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,gBAAgB,CAAC,YAAY,EAAE;YACpC,YAAY,EAAE,UAAU;YACxB,aAAa,EAAE,GAAG,YAAY,UAAU;YACxC,IAAI,EAAE,QAAQ,CAAC,SAAS;SACzB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAsB;IACnD,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,eAAe,GAA4B,EAAE,CAAC;IAEpD,sCAAsC;IACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,EAAE;gBAClC,YAAY,EAAE,QAAQ;gBACtB,aAAa,EAAE,GAAG;gBAClB,IAAI,EAAE,MAAM,CAAC,SAAS;aACvB,CAAC,CAAC;YACH,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QACjC,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE;gBACpC,YAAY,EAAE,QAAQ;gBACtB,aAAa,EAAE,GAAG;gBAClB,IAAI,EAAE,MAAM,CAAC,SAAS;aACvB,CAAC,CAAC;YACH,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAsB;IACnD,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;IAEjD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,EAAE;YAC3B,YAAY,EAAE,QAAQ;YACtB,aAAa,EAAE,GAAG,UAAU,QAAQ;YACpC,IAAI,EAAE,MAAM,CAAC,SAAS;SACvB,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO,gBAAgB,CAAC,KAAK,EAAE;YAC7B,YAAY,EAAE,QAAQ;YACtB,aAAa,EAAE,GAAG,UAAU,QAAQ;YACpC,IAAI,EAAE,MAAM,CAAC,SAAS;SACvB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/src/lib/analyzers/iac/pii-patterns.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * PII Detection Patterns for IaC Security Analysis
+ *
+ * Defines 12 PII pattern detectors for GDPR/HIPAA compliance:
+ * - 4 Critical: SSN, Credit Cards, Medical Records, Bank Accounts
+ * - 5 High: Emails, Passports, Driver's License, Tax IDs, IP Addresses
+ * - 3 Medium: Phone Numbers, Birth Dates, Full Names
+ */
+import { SecurityVulnerability } from '../types';
+export interface PIIPattern {
+    regex: RegExp;
+    severity: 'critical' | 'high' | 'medium';
+    owasp: string;
+    cwe: string;
+    cvssScore: number;
+    description: string;
+    validate?: (match: string) => boolean;
+    excludePatterns?: RegExp[];
+}
+export declare const PII_PATTERNS: Record<string, PIIPattern>;
+/**
+ * Validate credit card number using Luhn algorithm
+ * https://en.wikipedia.org/wiki/Luhn_algorithm
+ */
+export declare function validateCreditCard(cardNumber: string): boolean;
+/**
+ * Validate IBAN bank account number
+ * https://en.wikipedia.org/wiki/International_Bank_Account_Number
+ */
+export declare function validateIBAN(iban: string): boolean;
+/**
+ * Check if a match should be excluded based on pattern exclusions
+ */
+export declare function shouldExcludeMatch(match: string, pattern: PIIPattern): boolean;
+/**
+ * Create a SecurityVulnerability object for detected PII
+ */
+export declare function createPIIVulnerability(type: string, pattern: PIIPattern, match: string, context: {
+    resourceName: string;
+    attributePath: string;
+    line?: number;
+}): SecurityVulnerability;
+//# sourceMappingURL=pii-patterns.d.ts.map

package/dist/src/lib/analyzers/iac/pii-patterns.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii-patterns.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/iac/pii-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEjD,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAiHnD,CAAC;AAEF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CA4B9D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CA+BlD;AAeD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAM9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,UAAU,EACnB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE;IACP,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GACA,qBAAqB,CA4BvB"}

package/dist/src/lib/analyzers/iac/pii-patterns.js ADDED Viewed

@@ -0,0 +1,228 @@
+"use strict";
+/**
+ * PII Detection Patterns for IaC Security Analysis
+ *
+ * Defines 12 PII pattern detectors for GDPR/HIPAA compliance:
+ * - 4 Critical: SSN, Credit Cards, Medical Records, Bank Accounts
+ * - 5 High: Emails, Passports, Driver's License, Tax IDs, IP Addresses
+ * - 3 Medium: Phone Numbers, Birth Dates, Full Names
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PII_PATTERNS = void 0;
+exports.validateCreditCard = validateCreditCard;
+exports.validateIBAN = validateIBAN;
+exports.shouldExcludeMatch = shouldExcludeMatch;
+exports.createPIIVulnerability = createPIIVulnerability;
+exports.PII_PATTERNS = {
+    ssn: {
+        regex: /\b\d{3}-\d{2}-\d{4}\b/g,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.0,
+        description: 'Social Security Number detected',
+    },
+    creditCard: {
+        regex: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.8,
+        description: 'Credit card number detected',
+        validate: validateCreditCard,
+    },
+    medicalRecord: {
+        regex: /\b(?:MRN|Medical Record|Patient ID)[\s:]+(\d{8,12})\b/gi,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.5,
+        description: 'Medical record number detected',
+    },
+    bankAccount: {
+        regex: /\b[A-Z]{2}\d{2}[A-Z0-9]{10,30}\b/g,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.3,
+        description: 'Bank account number (IBAN) detected',
+        validate: validateIBAN,
+    },
+    email: {
+        regex: /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/g,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 7.5,
+        description: 'Email address detected (GDPR personal data)',
+        excludePatterns: [
+            /\b(team|support|info|contact|admin|devops|noreply|no-reply|help|security)@/i,
+        ],
+    },
+    passport: {
+        regex: /\b(?:PASSPORT|PP)[\s:]+([A-Z0-9]{6,9})\b/gi,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 8.0,
+        description: 'Passport number detected',
+    },
+    driversLicense: {
+        regex: /\b(?:DL|Driver(?:'s)?\s+License)[\s:]+([A-Z0-9]{8,20})\b/gi,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 7.8,
+        description: 'Driver\'s license number detected',
+    },
+    taxId: {
+        regex: /\b(?:EIN|Tax\s+ID|VAT)[\s:]+(\d{2}-\d{7}|\d{9})\b/gi,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 7.5,
+        description: 'Tax ID/EIN number detected',
+    },
+    ipAddress: {
+        regex: /\b(?:\d{1,3}\.){3}\d{1,3}\b|(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 6.5,
+        description: 'IP address detected (GDPR identifiable under certain contexts)',
+    },
+    phoneNumber: {
+        regex: /\b\+?1?[-.\s]?\(?[2-9]\d{2}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/g,
+        severity: 'medium',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 5.5,
+        description: 'Phone number detected',
+    },
+    birthDate: {
+        regex: /\b(?:DOB|Birth\s*Date|Date\s*of\s*Birth)[\s:]+(\d{1,2}[-/]\d{1,2}[-/]\d{2,4})\b/gi,
+        severity: 'medium',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 5.0,
+        description: 'Birth date detected',
+    },
+    fullName: {
+        regex: /\b(?:Name|Full\s*Name)[\s:]+([A-Z][a-z]+\s+(?:[A-Z][a-z]+\.?\s+)?[A-Z][a-z]+)\b/g,
+        severity: 'medium',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 4.5,
+        description: 'Full name detected',
+    },
+};
+/**
+ * Validate credit card number using Luhn algorithm
+ * https://en.wikipedia.org/wiki/Luhn_algorithm
+ */
+function validateCreditCard(cardNumber) {
+    // Remove spaces and dashes
+    const digits = cardNumber.replace(/[\s-]/g, '');
+    // Must be 13-19 digits
+    if (!/^\d{13,19}$/.test(digits)) {
+        return false;
+    }
+    // Luhn algorithm
+    let sum = 0;
+    let isEven = false;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let digit = parseInt(digits[i], 10);
+        if (isEven) {
+            digit *= 2;
+            if (digit > 9) {
+                digit -= 9;
+            }
+        }
+        sum += digit;
+        isEven = !isEven;
+    }
+    return sum % 10 === 0;
+}
+/**
+ * Validate IBAN bank account number
+ * https://en.wikipedia.org/wiki/International_Bank_Account_Number
+ */
+function validateIBAN(iban) {
+    // Remove spaces
+    const normalized = iban.replace(/\s/g, '').toUpperCase();
+    // Must start with 2 letters (country code) followed by 2 digits (check digits)
+    if (!/^[A-Z]{2}\d{2}[A-Z0-9]+$/.test(normalized)) {
+        return false;
+    }
+    // Length check (IBAN is 15-34 characters)
+    if (normalized.length < 15 || normalized.length > 34) {
+        return false;
+    }
+    // Move first 4 characters to end
+    const rearranged = normalized.slice(4) + normalized.slice(0, 4);
+    // Convert letters to numbers (A=10, B=11, ..., Z=35)
+    const numericString = rearranged
+        .split('')
+        .map(char => {
+        const code = char.charCodeAt(0);
+        if (code >= 65 && code <= 90) {
+            return (code - 55).toString();
+        }
+        return char;
+    })
+        .join('');
+    // Mod 97 check
+    return mod97(numericString) === 1;
+}
+/**
+ * Calculate mod 97 for large numbers (used in IBAN validation)
+ */
+function mod97(numericString) {
+    let remainder = 0;
+    for (let i = 0; i < numericString.length; i++) {
+        remainder = (remainder * 10 + parseInt(numericString[i], 10)) % 97;
+    }
+    return remainder;
+}
+/**
+ * Check if a match should be excluded based on pattern exclusions
+ */
+function shouldExcludeMatch(match, pattern) {
+    if (!pattern.excludePatterns) {
+        return false;
+    }
+    return pattern.excludePatterns.some(excludePattern => excludePattern.test(match));
+}
+/**
+ * Create a SecurityVulnerability object for detected PII
+ */
+function createPIIVulnerability(type, pattern, match, context) {
+    return {
+        severity: pattern.severity,
+        message: `${pattern.description} in ${context.resourceName}.${context.attributePath}`,
+        line: context.line,
+        suggestion: 'Remove hardcoded PII. Use secrets manager or environment variables instead.',
+        category: 'PII Exposure',
+        cvssScore: pattern.cvssScore,
+        exploitLikelihood: 'high',
+        impact: 'data-breach',
+        owasp: pattern.owasp,
+        cwe: pattern.cwe,
+        pciDss: '3.2',
+        attackVector: {
+            description: `Hardcoded ${type} in IaC exposes sensitive data in version control`,
+            exploitExample: `git log reveals ${type} in commit history`,
+            realWorldImpact: [
+                'GDPR/HIPAA compliance violations',
+                'Data breach via repository access',
+                'PII exposure in CI/CD logs',
+            ],
+        },
+        remediation: {
+            before: `${context.attributePath} = "${match}"`,
+            after: `${context.attributePath} = var.${type}_from_secrets`,
+            explanation: 'Store PII in secrets manager and reference via variables',
+        },
+    };
+}
+//# sourceMappingURL=pii-patterns.js.map

package/dist/src/lib/analyzers/iac/pii-patterns.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii-patterns.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/iac/pii-patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAsIH,gDA4BC;AAMD,oCA+BC;AAkBD,gDAMC;AAKD,wDAqCC;AA1PY,QAAA,YAAY,GAA+B;IACtD,GAAG,EAAE;QACH,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,iCAAiC;KAC/C;IAED,UAAU,EAAE;QACV,KAAK,EAAE,6CAA6C;QACpD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,6BAA6B;QAC1C,QAAQ,EAAE,kBAAkB;KAC7B;IAED,aAAa,EAAE;QACb,KAAK,EAAE,yDAAyD;QAChE,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,gCAAgC;KAC9C;IAED,WAAW,EAAE;QACX,KAAK,EAAE,mCAAmC;QAC1C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,YAAY;KACvB;IAED,KAAK,EAAE;QACL,KAAK,EAAE,qDAAqD;QAC5D,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,6CAA6C;QAC1D,eAAe,EAAE;YACf,6EAA6E;SAC9E;KACF;IAED,QAAQ,EAAE;QACR,KAAK,EAAE,4CAA4C;QACnD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,0BAA0B;KACxC;IAED,cAAc,EAAE;QACd,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,mCAAmC;KACjD;IAED,KAAK,EAAE;QACL,KAAK,EAAE,qDAAqD;QAC5D,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,4BAA4B;KAC1C;IAED,SAAS,EAAE;QACT,KAAK,EAAE,yEAAyE;QAChF,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,gEAAgE;KAC9E;IAED,WAAW,EAAE;QACX,KAAK,EAAE,2DAA2D;QAClE,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,uBAAuB;KACrC;IAED,SAAS,EAAE;QACT,KAAK,EAAE,mFAAmF;QAC1F,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,qBAAqB;KACnC;IAED,QAAQ,EAAE;QACR,KAAK,EAAE,kFAAkF;QACzF,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,oBAAoB;KAClC;CACF,CAAC;AAEF;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,UAAkB;IACnD,2BAA2B;IAC3B,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEhD,uBAAuB;IACvB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iBAAiB;IACjB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpC,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QAED,GAAG,IAAI,KAAK,CAAC;QACb,MAAM,GAAG,CAAC,MAAM,CAAC;IACnB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,IAAY;IACvC,gBAAgB;IAChB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAEzD,+EAA+E;IAC/E,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iCAAiC;IACjC,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEhE,qDAAqD;IACrD,MAAM,aAAa,GAAG,UAAU;SAC7B,KAAK,CAAC,EAAE,CAAC;SACT,GAAG,CAAC,IAAI,CAAC,EAAE;QACV,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;SACD,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,eAAe;IACf,OAAO,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAS,KAAK,CAAC,aAAqB;IAClC,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,SAAS,GAAG,CAAC,SAAS,GAAG,EAAE,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;IACrE,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,KAAa,EAAE,OAAmB;IACnE,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACpF,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,IAAY,EACZ,OAAmB,EACnB,KAAa,EACb,OAIC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,GAAG,OAAO,CAAC,WAAW,OAAO,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,aAAa,EAAE;QACrF,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,UAAU,EAAE,6EAA6E;QACzF,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,iBAAiB,EAAE,MAAM;QACzB,MAAM,EAAE,aAAa;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,MAAM,EAAE,KAAK;QACb,YAAY,EAAE;YACZ,WAAW,EAAE,aAAa,IAAI,mDAAmD;YACjF,cAAc,EAAE,mBAAmB,IAAI,oBAAoB;YAC3D,eAAe,EAAE;gBACf,kCAAkC;gBAClC,mCAAmC;gBACnC,4BAA4B;aAC7B;SACF;QACD,WAAW,EAAE;YACX,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,OAAO,KAAK,GAAG;YAC/C,KAAK,EAAE,GAAG,OAAO,CAAC,aAAa,UAAU,IAAI,eAAe;YAC5D,WAAW,EAAE,0DAA0D;SACxE;KACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/analyzers/java-analyzer.d.ts CHANGED Viewed

@@ -205,6 +205,11 @@ export declare class JavaAnalyzer implements ICodeAnalyzer {
      */
     private deduplicateVulnerabilities;
     private calculateMetrics;
+    /**
+     * Detect AI Hallucinations - Common method name errors from AI code generators
+     * February 6, 2026 - Individual line detection for Monaco editor highlighting
+     */
+    private detectAIHallucinations;
     /**
      * Detect if code is likely production code based on file path
      * Feature 1 Phase 1: Environment context for smart triage

package/dist/src/lib/analyzers/java-analyzer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"java-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/java-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;~~AAuB7C~~,qBAAa,YAAa,YAAW,aAAa;IAChD,SAAgB,QAAQ,EAAE,iBAAiB,CAAU;IAE/C,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;~~IA6CtD~~,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;~~IA0FrB~~;;;;;;;OAOG;IACH,OAAO,CAAC,2BAA2B;IAiFnC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IA4D9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyC9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqDzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;;;;OAMG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAoCjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgD/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAkClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkC3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAoC5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA8B5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAuEhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAwChC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqD1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAoDxB;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA0E/B;;;;OAIG;IACH,OAAO,CAAC,gCAAgC;IAsCxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwD9B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+DpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAyErC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAoClC,OAAO,CAAC,cAAc;IAyDtB,OAAO,CAAC,kBAAkB;IAqC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,eAAe;IAwCvB;;;;;;;;;;;;OAYG;IACH;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,gBAAgB;IA6BxB;;;OAGG;IACH,OAAO,CAAC,uBAAuB;CA+BhC"}
1	+ {"version":3,"file":"java-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/java-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAwB7C,qBAAa,YAAa,YAAW,aAAa;IAChD,SAAgB,QAAQ,EAAE,iBAAiB,CAAU;IAE/C,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmDtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;IA2FrB;;;;;;;OAOG;IACH,OAAO,CAAC,2BAA2B;IAiFnC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IA4D9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyC9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqDzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;;;;OAMG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAoCjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgD/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAkClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkC3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAoC5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA8B5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAuEhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAwChC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqD1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAoDxB;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA0E/B;;;;OAIG;IACH,OAAO,CAAC,gCAAgC;IAsCxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwD9B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+DpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAyErC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAoClC,OAAO,CAAC,cAAc;IAyDtB,OAAO,CAAC,kBAAkB;IAqC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,eAAe;IAwCvB;;;;;;;;;;;;OAYG;IACH;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,gBAAgB;IA6BxB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAoD9B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;CA+BhC"}

package/dist/src/lib/analyzers/java-analyzer.js CHANGED Viewed

@@ -51,6 +51,7 @@ const logging_failures_1 = require("./java/security-checks/logging-failures");
 const secrets_analyzer_1 = require("./secrets/secrets-analyzer");
 const ai_generated_code_1 = require("./java/security-checks/ai-generated-code");
 const triage_service_1 = require("../security/triage-service");
+const ignore_patterns_1 = require("../utils/ignore-patterns");
 class JavaAnalyzer {
     constructor() {
         this.language = 'java';
@@ -72,6 +73,8 @@ class JavaAnalyzer {
             // AI-Generated Code Detection (Phase 1.5, Week 5-7)
             const lines = input.code.split('\n');
             result.security.vulnerabilities.push(...(0, ai_generated_code_1.checkAIGeneratedCode)(lines, input.filename));
+            // Filter suppressed vulnerabilities (inline comments: // codeslick-ignore-next-line)
+            result.security.vulnerabilities = (0, ignore_patterns_1.filterSuppressedVulnerabilities)(input.code, result.security.vulnerabilities);
             // Feature 1 Phase 1: Smart Triage with EPSS scoring
             // Enhance vulnerabilities with priority scores and exploit predictions
             try {
@@ -188,6 +191,7 @@ class JavaAnalyzer {
         this.detectExceptionHandling(code, lineErrors);
         this.detectDuplicateVariables(code, lineErrors);
         this.detectMethodNamingIssues(code, lineErrors);
+        this.detectAIHallucinations(code, lineErrors); // Feb 6, 2026: Individual line detection
         this.detectMagicNumbers(code, lineErrors);
         this.detectGodClasses(code, lineErrors);
         this.detectTooManyParameters(code, lineErrors);
@@ -1733,6 +1737,53 @@ class JavaAnalyzer {
         result.metrics.complexity = complexity;
         result.metrics.maintainability = Math.max(0, 100 - complexity * 3);
     }
+    /**
+     * Detect AI Hallucinations - Common method name errors from AI code generators
+     * February 6, 2026 - Individual line detection for Monaco editor highlighting
+     */
+    detectAIHallucinations(code, lineErrors) {
+        const lines = code.split('\n');
+        // Java AI hallucination patterns (22 patterns)
+        const hallucinationMap = new Map([
+            // Python-style methods in Java
+            ['append', { description: 'Lists use .add(), not .append() (Python method). Note: StringBuilder uses .append()', correct: '.add() for List' }],
+            ['len', { description: 'Use .length() for arrays, .size() for Collections (not Python .len())', correct: '.length() or .size()' }],
+            ['strip', { description: 'Use .trim() to remove whitespace (Python method)', correct: '.trim()' }],
+            // JavaScript-style methods
+            ['push', { description: 'Collections use .add(), not .push() (JavaScript method)', correct: '.add()' }],
+            // Rust/Python influence (snake_case)
+            ['to_string', { description: 'Java uses camelCase: .toString() not snake_case', correct: '.toString()' }],
+            ['is_empty', { description: 'Java uses camelCase: .isEmpty() not snake_case', correct: '.isEmpty()' }],
+            // Non-existent methods
+            ['trim_', { description: 'Non-existent method. Use .trim() with no underscore', correct: '.trim()' }],
+            ['substring_of', { description: 'Non-existent method. Use .contains()', correct: '.contains()' }],
+            ['split_by', { description: 'Non-existent method. Use .split()', correct: '.split()' }],
+            ['contains_key', { description: 'Maps use .containsKey() with camelCase', correct: '.containsKey()' }],
+            ['get_or_default', { description: 'Use .getOrDefault() with camelCase', correct: '.getOrDefault()' }],
+            ['find_first', { description: 'Streams use .findFirst() with camelCase', correct: '.findFirst()' }],
+        ]);
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//') || line.trim().startsWith('/*'))
+                return;
+            // Remove comments to prevent false positives
+            const lineWithoutComments = line.replace(/\/\/.*$/, '').replace(/\/\*.*?\*\//g, '');
+            // Detect method hallucinations: .method(
+            const methodMatches = lineWithoutComments.matchAll(/\.(\w+)\s*\(/g);
+            for (const match of methodMatches) {
+                const method = match[1];
+                const details = hallucinationMap.get(method);
+                if (details) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `NoSuchMethodError: ${details.description}`,
+                        suggestion: `Use ${details.correct}`,
+                        severity: 'error'
+                    });
+                }
+            }
+        });
+    }
     /**
      * Detect if code is likely production code based on file path
      * Feature 1 Phase 1: Environment context for smart triage