npm - codeslick-cli - Versions diffs - 1.4.0 → 1.4.2 - Mend

codeslick-cli 1.4.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/dist/src/lib/analyzers/iac/pii-patterns.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * PII Detection Patterns for IaC Security Analysis
+ *
+ * Defines 12 PII pattern detectors for GDPR/HIPAA compliance:
+ * - 4 Critical: SSN, Credit Cards, Medical Records, Bank Accounts
+ * - 5 High: Emails, Passports, Driver's License, Tax IDs, IP Addresses
+ * - 3 Medium: Phone Numbers, Birth Dates, Full Names
+ */
+import { SecurityVulnerability } from '../types';
+export interface PIIPattern {
+    regex: RegExp;
+    severity: 'critical' | 'high' | 'medium';
+    owasp: string;
+    cwe: string;
+    cvssScore: number;
+    description: string;
+    validate?: (match: string) => boolean;
+    excludePatterns?: RegExp[];
+}
+export declare const PII_PATTERNS: Record<string, PIIPattern>;
+/**
+ * Validate credit card number using Luhn algorithm
+ * https://en.wikipedia.org/wiki/Luhn_algorithm
+ */
+export declare function validateCreditCard(cardNumber: string): boolean;
+/**
+ * Validate IBAN bank account number
+ * https://en.wikipedia.org/wiki/International_Bank_Account_Number
+ */
+export declare function validateIBAN(iban: string): boolean;
+/**
+ * Check if a match should be excluded based on pattern exclusions
+ */
+export declare function shouldExcludeMatch(match: string, pattern: PIIPattern): boolean;
+/**
+ * Create a SecurityVulnerability object for detected PII
+ */
+export declare function createPIIVulnerability(type: string, pattern: PIIPattern, match: string, context: {
+    resourceName: string;
+    attributePath: string;
+    line?: number;
+}): SecurityVulnerability;
+//# sourceMappingURL=pii-patterns.d.ts.map

package/dist/src/lib/analyzers/iac/pii-patterns.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii-patterns.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/iac/pii-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEjD,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAiHnD,CAAC;AAEF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CA4B9D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CA+BlD;AAeD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAM9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,UAAU,EACnB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE;IACP,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GACA,qBAAqB,CA4BvB"}

package/dist/src/lib/analyzers/iac/pii-patterns.js ADDED Viewed

@@ -0,0 +1,228 @@
+"use strict";
+/**
+ * PII Detection Patterns for IaC Security Analysis
+ *
+ * Defines 12 PII pattern detectors for GDPR/HIPAA compliance:
+ * - 4 Critical: SSN, Credit Cards, Medical Records, Bank Accounts
+ * - 5 High: Emails, Passports, Driver's License, Tax IDs, IP Addresses
+ * - 3 Medium: Phone Numbers, Birth Dates, Full Names
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PII_PATTERNS = void 0;
+exports.validateCreditCard = validateCreditCard;
+exports.validateIBAN = validateIBAN;
+exports.shouldExcludeMatch = shouldExcludeMatch;
+exports.createPIIVulnerability = createPIIVulnerability;
+exports.PII_PATTERNS = {
+    ssn: {
+        regex: /\b\d{3}-\d{2}-\d{4}\b/g,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.0,
+        description: 'Social Security Number detected',
+    },
+    creditCard: {
+        regex: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.8,
+        description: 'Credit card number detected',
+        validate: validateCreditCard,
+    },
+    medicalRecord: {
+        regex: /\b(?:MRN|Medical Record|Patient ID)[\s:]+(\d{8,12})\b/gi,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.5,
+        description: 'Medical record number detected',
+    },
+    bankAccount: {
+        regex: /\b[A-Z]{2}\d{2}[A-Z0-9]{10,30}\b/g,
+        severity: 'critical',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 9.3,
+        description: 'Bank account number (IBAN) detected',
+        validate: validateIBAN,
+    },
+    email: {
+        regex: /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/g,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 7.5,
+        description: 'Email address detected (GDPR personal data)',
+        excludePatterns: [
+            /\b(team|support|info|contact|admin|devops|noreply|no-reply|help|security)@/i,
+        ],
+    },
+    passport: {
+        regex: /\b(?:PASSPORT|PP)[\s:]+([A-Z0-9]{6,9})\b/gi,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 8.0,
+        description: 'Passport number detected',
+    },
+    driversLicense: {
+        regex: /\b(?:DL|Driver(?:'s)?\s+License)[\s:]+([A-Z0-9]{8,20})\b/gi,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 7.8,
+        description: 'Driver\'s license number detected',
+    },
+    taxId: {
+        regex: /\b(?:EIN|Tax\s+ID|VAT)[\s:]+(\d{2}-\d{7}|\d{9})\b/gi,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 7.5,
+        description: 'Tax ID/EIN number detected',
+    },
+    ipAddress: {
+        regex: /\b(?:\d{1,3}\.){3}\d{1,3}\b|(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
+        severity: 'high',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 6.5,
+        description: 'IP address detected (GDPR identifiable under certain contexts)',
+    },
+    phoneNumber: {
+        regex: /\b\+?1?[-.\s]?\(?[2-9]\d{2}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/g,
+        severity: 'medium',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 5.5,
+        description: 'Phone number detected',
+    },
+    birthDate: {
+        regex: /\b(?:DOB|Birth\s*Date|Date\s*of\s*Birth)[\s:]+(\d{1,2}[-/]\d{1,2}[-/]\d{2,4})\b/gi,
+        severity: 'medium',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 5.0,
+        description: 'Birth date detected',
+    },
+    fullName: {
+        regex: /\b(?:Name|Full\s*Name)[\s:]+([A-Z][a-z]+\s+(?:[A-Z][a-z]+\.?\s+)?[A-Z][a-z]+)\b/g,
+        severity: 'medium',
+        owasp: 'A02:2021',
+        cwe: 'CWE-359',
+        cvssScore: 4.5,
+        description: 'Full name detected',
+    },
+};
+/**
+ * Validate credit card number using Luhn algorithm
+ * https://en.wikipedia.org/wiki/Luhn_algorithm
+ */
+function validateCreditCard(cardNumber) {
+    // Remove spaces and dashes
+    const digits = cardNumber.replace(/[\s-]/g, '');
+    // Must be 13-19 digits
+    if (!/^\d{13,19}$/.test(digits)) {
+        return false;
+    }
+    // Luhn algorithm
+    let sum = 0;
+    let isEven = false;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let digit = parseInt(digits[i], 10);
+        if (isEven) {
+            digit *= 2;
+            if (digit > 9) {
+                digit -= 9;
+            }
+        }
+        sum += digit;
+        isEven = !isEven;
+    }
+    return sum % 10 === 0;
+}
+/**
+ * Validate IBAN bank account number
+ * https://en.wikipedia.org/wiki/International_Bank_Account_Number
+ */
+function validateIBAN(iban) {
+    // Remove spaces
+    const normalized = iban.replace(/\s/g, '').toUpperCase();
+    // Must start with 2 letters (country code) followed by 2 digits (check digits)
+    if (!/^[A-Z]{2}\d{2}[A-Z0-9]+$/.test(normalized)) {
+        return false;
+    }
+    // Length check (IBAN is 15-34 characters)
+    if (normalized.length < 15 || normalized.length > 34) {
+        return false;
+    }
+    // Move first 4 characters to end
+    const rearranged = normalized.slice(4) + normalized.slice(0, 4);
+    // Convert letters to numbers (A=10, B=11, ..., Z=35)
+    const numericString = rearranged
+        .split('')
+        .map(char => {
+        const code = char.charCodeAt(0);
+        if (code >= 65 && code <= 90) {
+            return (code - 55).toString();
+        }
+        return char;
+    })
+        .join('');
+    // Mod 97 check
+    return mod97(numericString) === 1;
+}
+/**
+ * Calculate mod 97 for large numbers (used in IBAN validation)
+ */
+function mod97(numericString) {
+    let remainder = 0;
+    for (let i = 0; i < numericString.length; i++) {
+        remainder = (remainder * 10 + parseInt(numericString[i], 10)) % 97;
+    }
+    return remainder;
+}
+/**
+ * Check if a match should be excluded based on pattern exclusions
+ */
+function shouldExcludeMatch(match, pattern) {
+    if (!pattern.excludePatterns) {
+        return false;
+    }
+    return pattern.excludePatterns.some(excludePattern => excludePattern.test(match));
+}
+/**
+ * Create a SecurityVulnerability object for detected PII
+ */
+function createPIIVulnerability(type, pattern, match, context) {
+    return {
+        severity: pattern.severity,
+        message: `${pattern.description} in ${context.resourceName}.${context.attributePath}`,
+        line: context.line,
+        suggestion: 'Remove hardcoded PII. Use secrets manager or environment variables instead.',
+        category: 'PII Exposure',
+        cvssScore: pattern.cvssScore,
+        exploitLikelihood: 'high',
+        impact: 'data-breach',
+        owasp: pattern.owasp,
+        cwe: pattern.cwe,
+        pciDss: '3.2',
+        attackVector: {
+            description: `Hardcoded ${type} in IaC exposes sensitive data in version control`,
+            exploitExample: `git log reveals ${type} in commit history`,
+            realWorldImpact: [
+                'GDPR/HIPAA compliance violations',
+                'Data breach via repository access',
+                'PII exposure in CI/CD logs',
+            ],
+        },
+        remediation: {
+            before: `${context.attributePath} = "${match}"`,
+            after: `${context.attributePath} = var.${type}_from_secrets`,
+            explanation: 'Store PII in secrets manager and reference via variables',
+        },
+    };
+}
+//# sourceMappingURL=pii-patterns.js.map

package/dist/src/lib/analyzers/iac/pii-patterns.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pii-patterns.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/iac/pii-patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAsIH,gDA4BC;AAMD,oCA+BC;AAkBD,gDAMC;AAKD,wDAqCC;AA1PY,QAAA,YAAY,GAA+B;IACtD,GAAG,EAAE;QACH,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,iCAAiC;KAC/C;IAED,UAAU,EAAE;QACV,KAAK,EAAE,6CAA6C;QACpD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,6BAA6B;QAC1C,QAAQ,EAAE,kBAAkB;KAC7B;IAED,aAAa,EAAE;QACb,KAAK,EAAE,yDAAyD;QAChE,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,gCAAgC;KAC9C;IAED,WAAW,EAAE;QACX,KAAK,EAAE,mCAAmC;QAC1C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,YAAY;KACvB;IAED,KAAK,EAAE;QACL,KAAK,EAAE,qDAAqD;QAC5D,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,6CAA6C;QAC1D,eAAe,EAAE;YACf,6EAA6E;SAC9E;KACF;IAED,QAAQ,EAAE;QACR,KAAK,EAAE,4CAA4C;QACnD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,0BAA0B;KACxC;IAED,cAAc,EAAE;QACd,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,mCAAmC;KACjD;IAED,KAAK,EAAE;QACL,KAAK,EAAE,qDAAqD;QAC5D,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,4BAA4B;KAC1C;IAED,SAAS,EAAE;QACT,KAAK,EAAE,yEAAyE;QAChF,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,gEAAgE;KAC9E;IAED,WAAW,EAAE;QACX,KAAK,EAAE,2DAA2D;QAClE,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,uBAAuB;KACrC;IAED,SAAS,EAAE;QACT,KAAK,EAAE,mFAAmF;QAC1F,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,qBAAqB;KACnC;IAED,QAAQ,EAAE;QACR,KAAK,EAAE,kFAAkF;QACzF,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,UAAU;QACjB,GAAG,EAAE,SAAS;QACd,SAAS,EAAE,GAAG;QACd,WAAW,EAAE,oBAAoB;KAClC;CACF,CAAC;AAEF;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,UAAkB;IACnD,2BAA2B;IAC3B,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEhD,uBAAuB;IACvB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iBAAiB;IACjB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpC,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QAED,GAAG,IAAI,KAAK,CAAC;QACb,MAAM,GAAG,CAAC,MAAM,CAAC;IACnB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,IAAY;IACvC,gBAAgB;IAChB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAEzD,+EAA+E;IAC/E,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iCAAiC;IACjC,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEhE,qDAAqD;IACrD,MAAM,aAAa,GAAG,UAAU;SAC7B,KAAK,CAAC,EAAE,CAAC;SACT,GAAG,CAAC,IAAI,CAAC,EAAE;QACV,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;SACD,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,eAAe;IACf,OAAO,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAS,KAAK,CAAC,aAAqB;IAClC,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,SAAS,GAAG,CAAC,SAAS,GAAG,EAAE,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;IACrE,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,KAAa,EAAE,OAAmB;IACnE,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACpF,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,IAAY,EACZ,OAAmB,EACnB,KAAa,EACb,OAIC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,GAAG,OAAO,CAAC,WAAW,OAAO,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,aAAa,EAAE;QACrF,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,UAAU,EAAE,6EAA6E;QACzF,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,iBAAiB,EAAE,MAAM;QACzB,MAAM,EAAE,aAAa;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,MAAM,EAAE,KAAK;QACb,YAAY,EAAE;YACZ,WAAW,EAAE,aAAa,IAAI,mDAAmD;YACjF,cAAc,EAAE,mBAAmB,IAAI,oBAAoB;YAC3D,eAAe,EAAE;gBACf,kCAAkC;gBAClC,mCAAmC;gBACnC,4BAA4B;aAC7B;SACF;QACD,WAAW,EAAE;YACX,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,OAAO,KAAK,GAAG;YAC/C,KAAK,EAAE,GAAG,OAAO,CAAC,aAAa,UAAU,IAAI,eAAe;YAC5D,WAAW,EAAE,0DAA0D;SACxE;KACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/analyzers/java-analyzer.d.ts CHANGED Viewed

@@ -205,6 +205,11 @@ export declare class JavaAnalyzer implements ICodeAnalyzer {
      */
     private deduplicateVulnerabilities;
     private calculateMetrics;
+    /**
+     * Detect AI Hallucinations - Common method name errors from AI code generators
+     * February 6, 2026 - Individual line detection for Monaco editor highlighting
+     */
+    private detectAIHallucinations;
     /**
      * Detect if code is likely production code based on file path
      * Feature 1 Phase 1: Environment context for smart triage

package/dist/src/lib/analyzers/java-analyzer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"java-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/java-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;~~AAuB7C~~,qBAAa,YAAa,YAAW,aAAa;IAChD,SAAgB,QAAQ,EAAE,iBAAiB,CAAU;IAE/C,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;~~IA6CtD~~,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;~~IA0FrB~~;;;;;;;OAOG;IACH,OAAO,CAAC,2BAA2B;IAiFnC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IA4D9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyC9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqDzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;;;;OAMG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAoCjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgD/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAkClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkC3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAoC5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA8B5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAuEhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAwChC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqD1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAoDxB;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA0E/B;;;;OAIG;IACH,OAAO,CAAC,gCAAgC;IAsCxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwD9B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+DpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAyErC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAoClC,OAAO,CAAC,cAAc;IAyDtB,OAAO,CAAC,kBAAkB;IAqC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,eAAe;IAwCvB;;;;;;;;;;;;OAYG;IACH;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,gBAAgB;IA6BxB;;;OAGG;IACH,OAAO,CAAC,uBAAuB;CA+BhC"}
1	+ {"version":3,"file":"java-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/java-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAwB7C,qBAAa,YAAa,YAAW,aAAa;IAChD,SAAgB,QAAQ,EAAE,iBAAiB,CAAU;IAE/C,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmDtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;IA2FrB;;;;;;;OAOG;IACH,OAAO,CAAC,2BAA2B;IAiFnC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IA4D9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyC9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqDzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;;;;OAMG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAoCjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgD/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAkClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkC3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAoC5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA8B5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAuEhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAwChC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqD1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAoDxB;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA0E/B;;;;OAIG;IACH,OAAO,CAAC,gCAAgC;IAsCxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwD9B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+DpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAyErC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAoClC,OAAO,CAAC,cAAc;IAyDtB,OAAO,CAAC,kBAAkB;IAqC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,eAAe;IAwCvB;;;;;;;;;;;;OAYG;IACH;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,gBAAgB;IA6BxB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAoD9B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;CA+BhC"}

package/dist/src/lib/analyzers/java-analyzer.js CHANGED Viewed

@@ -51,6 +51,7 @@ const logging_failures_1 = require("./java/security-checks/logging-failures");
 const secrets_analyzer_1 = require("./secrets/secrets-analyzer");
 const ai_generated_code_1 = require("./java/security-checks/ai-generated-code");
 const triage_service_1 = require("../security/triage-service");
+const ignore_patterns_1 = require("../utils/ignore-patterns");
 class JavaAnalyzer {
     constructor() {
         this.language = 'java';
@@ -72,6 +73,8 @@ class JavaAnalyzer {
             // AI-Generated Code Detection (Phase 1.5, Week 5-7)
             const lines = input.code.split('\n');
             result.security.vulnerabilities.push(...(0, ai_generated_code_1.checkAIGeneratedCode)(lines, input.filename));
+            // Filter suppressed vulnerabilities (inline comments: // codeslick-ignore-next-line)
+            result.security.vulnerabilities = (0, ignore_patterns_1.filterSuppressedVulnerabilities)(input.code, result.security.vulnerabilities);
             // Feature 1 Phase 1: Smart Triage with EPSS scoring
             // Enhance vulnerabilities with priority scores and exploit predictions
             try {
@@ -188,6 +191,7 @@ class JavaAnalyzer {
         this.detectExceptionHandling(code, lineErrors);
         this.detectDuplicateVariables(code, lineErrors);
         this.detectMethodNamingIssues(code, lineErrors);
+        this.detectAIHallucinations(code, lineErrors); // Feb 6, 2026: Individual line detection
         this.detectMagicNumbers(code, lineErrors);
         this.detectGodClasses(code, lineErrors);
         this.detectTooManyParameters(code, lineErrors);
@@ -1733,6 +1737,53 @@ class JavaAnalyzer {
         result.metrics.complexity = complexity;
         result.metrics.maintainability = Math.max(0, 100 - complexity * 3);
     }
+    /**
+     * Detect AI Hallucinations - Common method name errors from AI code generators
+     * February 6, 2026 - Individual line detection for Monaco editor highlighting
+     */
+    detectAIHallucinations(code, lineErrors) {
+        const lines = code.split('\n');
+        // Java AI hallucination patterns (22 patterns)
+        const hallucinationMap = new Map([
+            // Python-style methods in Java
+            ['append', { description: 'Lists use .add(), not .append() (Python method). Note: StringBuilder uses .append()', correct: '.add() for List' }],
+            ['len', { description: 'Use .length() for arrays, .size() for Collections (not Python .len())', correct: '.length() or .size()' }],
+            ['strip', { description: 'Use .trim() to remove whitespace (Python method)', correct: '.trim()' }],
+            // JavaScript-style methods
+            ['push', { description: 'Collections use .add(), not .push() (JavaScript method)', correct: '.add()' }],
+            // Rust/Python influence (snake_case)
+            ['to_string', { description: 'Java uses camelCase: .toString() not snake_case', correct: '.toString()' }],
+            ['is_empty', { description: 'Java uses camelCase: .isEmpty() not snake_case', correct: '.isEmpty()' }],
+            // Non-existent methods
+            ['trim_', { description: 'Non-existent method. Use .trim() with no underscore', correct: '.trim()' }],
+            ['substring_of', { description: 'Non-existent method. Use .contains()', correct: '.contains()' }],
+            ['split_by', { description: 'Non-existent method. Use .split()', correct: '.split()' }],
+            ['contains_key', { description: 'Maps use .containsKey() with camelCase', correct: '.containsKey()' }],
+            ['get_or_default', { description: 'Use .getOrDefault() with camelCase', correct: '.getOrDefault()' }],
+            ['find_first', { description: 'Streams use .findFirst() with camelCase', correct: '.findFirst()' }],
+        ]);
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//') || line.trim().startsWith('/*'))
+                return;
+            // Remove comments to prevent false positives
+            const lineWithoutComments = line.replace(/\/\/.*$/, '').replace(/\/\*.*?\*\//g, '');
+            // Detect method hallucinations: .method(
+            const methodMatches = lineWithoutComments.matchAll(/\.(\w+)\s*\(/g);
+            for (const match of methodMatches) {
+                const method = match[1];
+                const details = hallucinationMap.get(method);
+                if (details) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `NoSuchMethodError: ${details.description}`,
+                        suggestion: `Use ${details.correct}`,
+                        severity: 'error'
+                    });
+                }
+            }
+        });
+    }
     /**
      * Detect if code is likely production code based on file path
      * Feature 1 Phase 1: Environment context for smart triage