couchloop-eq-mcp 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -11
- package/dist/clients/shrinkChatClient.js +1 -1
- package/dist/clients/shrinkChatClient.js.map +1 -1
- package/dist/developer/analyzers/bloat-detector.d.ts +89 -0
- package/dist/developer/analyzers/bloat-detector.d.ts.map +1 -0
- package/dist/developer/analyzers/bloat-detector.js +483 -0
- package/dist/developer/analyzers/bloat-detector.js.map +1 -0
- package/dist/developer/backup/auto-backup.d.ts +96 -0
- package/dist/developer/backup/auto-backup.d.ts.map +1 -0
- package/dist/developer/backup/auto-backup.js +346 -0
- package/dist/developer/backup/auto-backup.js.map +1 -0
- package/dist/developer/blockers/package-blocker.d.ts +33 -0
- package/dist/developer/blockers/package-blocker.d.ts.map +1 -0
- package/dist/developer/blockers/package-blocker.js +224 -0
- package/dist/developer/blockers/package-blocker.js.map +1 -0
- package/dist/developer/evaluators/ai-error-preventer.d.ts +54 -0
- package/dist/developer/evaluators/ai-error-preventer.d.ts.map +1 -0
- package/dist/developer/evaluators/ai-error-preventer.js +270 -0
- package/dist/developer/evaluators/ai-error-preventer.js.map +1 -0
- package/dist/developer/evaluators/build-context-detector.d.ts +44 -0
- package/dist/developer/evaluators/build-context-detector.d.ts.map +1 -0
- package/dist/developer/evaluators/build-context-detector.js +258 -0
- package/dist/developer/evaluators/build-context-detector.js.map +1 -0
- package/dist/developer/evaluators/package-evaluator.d.ts +37 -0
- package/dist/developer/evaluators/package-evaluator.d.ts.map +1 -0
- package/dist/developer/evaluators/package-evaluator.js +278 -0
- package/dist/developer/evaluators/package-evaluator.js.map +1 -0
- package/dist/developer/guards/file-guardian.d.ts +79 -0
- package/dist/developer/guards/file-guardian.d.ts.map +1 -0
- package/dist/developer/guards/file-guardian.js +309 -0
- package/dist/developer/guards/file-guardian.js.map +1 -0
- package/dist/developer/managers/context-manager.d.ts +61 -0
- package/dist/developer/managers/context-manager.d.ts.map +1 -0
- package/dist/developer/managers/context-manager.js +302 -0
- package/dist/developer/managers/context-manager.js.map +1 -0
- package/dist/developer/metrics/complexity-calculator.d.ts +52 -0
- package/dist/developer/metrics/complexity-calculator.d.ts.map +1 -0
- package/dist/developer/metrics/complexity-calculator.js +259 -0
- package/dist/developer/metrics/complexity-calculator.js.map +1 -0
- package/dist/developer/reports/review-summary.d.ts +49 -0
- package/dist/developer/reports/review-summary.d.ts.map +1 -0
- package/dist/developer/reports/review-summary.js +249 -0
- package/dist/developer/reports/review-summary.js.map +1 -0
- package/dist/developer/scanners/review-assistant.d.ts +41 -0
- package/dist/developer/scanners/review-assistant.d.ts.map +1 -0
- package/dist/developer/scanners/review-assistant.js +374 -0
- package/dist/developer/scanners/review-assistant.js.map +1 -0
- package/dist/developer/scanners/secret-scanner.d.ts +66 -0
- package/dist/developer/scanners/secret-scanner.d.ts.map +1 -0
- package/dist/developer/scanners/secret-scanner.js +287 -0
- package/dist/developer/scanners/secret-scanner.js.map +1 -0
- package/dist/developer/scanners/sql-injection-detector.d.ts +54 -0
- package/dist/developer/scanners/sql-injection-detector.d.ts.map +1 -0
- package/dist/developer/scanners/sql-injection-detector.js +174 -0
- package/dist/developer/scanners/sql-injection-detector.js.map +1 -0
- package/dist/developer/scanners/xss-detector.d.ts +60 -0
- package/dist/developer/scanners/xss-detector.d.ts.map +1 -0
- package/dist/developer/scanners/xss-detector.js +229 -0
- package/dist/developer/scanners/xss-detector.js.map +1 -0
- package/dist/developer/types/ai-errors.d.ts +34 -0
- package/dist/developer/types/ai-errors.d.ts.map +1 -0
- package/dist/developer/types/ai-errors.js +271 -0
- package/dist/developer/types/ai-errors.js.map +1 -0
- package/dist/developer/types/package.d.ts +32 -0
- package/dist/developer/types/package.d.ts.map +1 -0
- package/dist/developer/types/package.js +5 -0
- package/dist/developer/types/package.js.map +1 -0
- package/dist/developer/updaters/dependency-updater.d.ts +102 -0
- package/dist/developer/updaters/dependency-updater.d.ts.map +1 -0
- package/dist/developer/updaters/dependency-updater.js +472 -0
- package/dist/developer/updaters/dependency-updater.js.map +1 -0
- package/dist/developer/validators/cargo.d.ts +14 -0
- package/dist/developer/validators/cargo.d.ts.map +1 -0
- package/dist/developer/validators/cargo.js +132 -0
- package/dist/developer/validators/cargo.js.map +1 -0
- package/dist/developer/validators/gem.d.ts +14 -0
- package/dist/developer/validators/gem.d.ts.map +1 -0
- package/dist/developer/validators/gem.js +85 -0
- package/dist/developer/validators/gem.js.map +1 -0
- package/dist/developer/validators/go.d.ts +14 -0
- package/dist/developer/validators/go.d.ts.map +1 -0
- package/dist/developer/validators/go.js +138 -0
- package/dist/developer/validators/go.js.map +1 -0
- package/dist/developer/validators/maven.d.ts +14 -0
- package/dist/developer/validators/maven.d.ts.map +1 -0
- package/dist/developer/validators/maven.js +99 -0
- package/dist/developer/validators/maven.js.map +1 -0
- package/dist/developer/validators/npm.d.ts +14 -0
- package/dist/developer/validators/npm.d.ts.map +1 -0
- package/dist/developer/validators/npm.js +96 -0
- package/dist/developer/validators/npm.js.map +1 -0
- package/dist/developer/validators/nuget.d.ts +15 -0
- package/dist/developer/validators/nuget.d.ts.map +1 -0
- package/dist/developer/validators/nuget.js +107 -0
- package/dist/developer/validators/nuget.js.map +1 -0
- package/dist/developer/validators/pypi.d.ts +14 -0
- package/dist/developer/validators/pypi.d.ts.map +1 -0
- package/dist/developer/validators/pypi.js +118 -0
- package/dist/developer/validators/pypi.js.map +1 -0
- package/dist/developer/validators/registry-manager.d.ts +37 -0
- package/dist/developer/validators/registry-manager.d.ts.map +1 -0
- package/dist/developer/validators/registry-manager.js +89 -0
- package/dist/developer/validators/registry-manager.js.map +1 -0
- package/dist/developer/validators/version-checker.d.ts +145 -0
- package/dist/developer/validators/version-checker.d.ts.map +1 -0
- package/dist/developer/validators/version-checker.js +529 -0
- package/dist/developer/validators/version-checker.js.map +1 -0
- package/dist/server/index.js.map +1 -1
- package/dist/server/middleware/auth.d.ts +7 -9
- package/dist/server/middleware/auth.d.ts.map +1 -1
- package/dist/server/middleware/auth.js.map +1 -1
- package/dist/tools/check-versions.d.ts +100 -0
- package/dist/tools/check-versions.d.ts.map +1 -0
- package/dist/tools/check-versions.js +328 -0
- package/dist/tools/check-versions.js.map +1 -0
- package/dist/tools/detect-code-smell.d.ts +9 -0
- package/dist/tools/detect-code-smell.d.ts.map +1 -0
- package/dist/tools/detect-code-smell.js +231 -0
- package/dist/tools/detect-code-smell.js.map +1 -0
- package/dist/tools/index.d.ts +471 -0
- package/dist/tools/index.d.ts.map +1 -1
- package/dist/tools/index.js +178 -0
- package/dist/tools/index.js.map +1 -1
- package/dist/tools/journey.js +1 -1
- package/dist/tools/journey.js.map +1 -1
- package/dist/tools/pre-review-code.d.ts +71 -0
- package/dist/tools/pre-review-code.d.ts.map +1 -0
- package/dist/tools/pre-review-code.js +159 -0
- package/dist/tools/pre-review-code.js.map +1 -0
- package/dist/tools/preserve-context.d.ts +27 -0
- package/dist/tools/preserve-context.d.ts.map +1 -0
- package/dist/tools/preserve-context.js +98 -0
- package/dist/tools/preserve-context.js.map +1 -0
- package/dist/tools/protect-files.d.ts +224 -0
- package/dist/tools/protect-files.d.ts.map +1 -0
- package/dist/tools/protect-files.js +286 -0
- package/dist/tools/protect-files.js.map +1 -0
- package/dist/tools/scan-security.d.ts +38 -0
- package/dist/tools/scan-security.d.ts.map +1 -0
- package/dist/tools/scan-security.js +237 -0
- package/dist/tools/scan-security.js.map +1 -0
- package/dist/tools/validate_packages.d.ts +8 -0
- package/dist/tools/validate_packages.d.ts.map +1 -0
- package/dist/tools/validate_packages.js +159 -0
- package/dist/tools/validate_packages.js.map +1 -0
- package/dist/types/auth.d.ts +18 -18
- package/dist/types/auth.d.ts.map +1 -1
- package/dist/types/auth.js +91 -36
- package/dist/types/auth.js.map +1 -1
- package/dist/types/context.d.ts +46 -0
- package/dist/types/context.d.ts.map +1 -0
- package/dist/types/context.js +17 -0
- package/dist/types/context.js.map +1 -0
- package/dist/types/file-protection.d.ts +50 -0
- package/dist/types/file-protection.d.ts.map +1 -0
- package/dist/types/file-protection.js +9 -0
- package/dist/types/file-protection.js.map +1 -0
- package/dist/utils/errorHandler.d.ts.map +1 -1
- package/dist/utils/errorHandler.js +2 -1
- package/dist/utils/errorHandler.js.map +1 -1
- package/package.json +23 -2
- package/dist/db/migrate.d.ts +0 -4
- package/dist/db/migrate.d.ts.map +0 -1
- package/dist/db/migrate.js +0 -34
- package/dist/db/migrate.js.map +0 -1
- package/dist/db/migrations/schema.d.ts +0 -1074
- package/dist/db/migrations/schema.d.ts.map +0 -1
- package/dist/db/migrations/schema.js +0 -160
- package/dist/db/migrations/schema.js.map +0 -1
- package/dist/db/schema.d.ts +0 -1576
- package/dist/db/schema.d.ts.map +0 -1
- package/dist/db/schema.js +0 -204
- package/dist/db/schema.js.map +0 -1
- package/dist/db/seed.d.ts +0 -4
- package/dist/db/seed.d.ts.map +0 -1
- package/dist/db/seed.js +0 -57
- package/dist/db/seed.js.map +0 -1
- package/dist/db/seedOAuth.d.ts +0 -4
- package/dist/db/seedOAuth.d.ts.map +0 -1
- package/dist/db/seedOAuth.js +0 -76
- package/dist/db/seedOAuth.js.map +0 -1
- package/dist/governance/config.d.ts +0 -66
- package/dist/governance/config.d.ts.map +0 -1
- package/dist/governance/config.js +0 -238
- package/dist/governance/config.js.map +0 -1
- package/dist/governance/detectors/hallucination.d.ts +0 -61
- package/dist/governance/detectors/hallucination.d.ts.map +0 -1
- package/dist/governance/detectors/hallucination.js +0 -338
- package/dist/governance/detectors/hallucination.js.map +0 -1
- package/dist/governance/detectors/inconsistency.d.ts +0 -99
- package/dist/governance/detectors/inconsistency.d.ts.map +0 -1
- package/dist/governance/detectors/inconsistency.js +0 -548
- package/dist/governance/detectors/inconsistency.js.map +0 -1
- package/dist/governance/detectors/toneDrift.d.ts +0 -63
- package/dist/governance/detectors/toneDrift.d.ts.map +0 -1
- package/dist/governance/detectors/toneDrift.js +0 -421
- package/dist/governance/detectors/toneDrift.js.map +0 -1
- package/dist/governance/detectors/unsafeReasoning.d.ts +0 -54
- package/dist/governance/detectors/unsafeReasoning.d.ts.map +0 -1
- package/dist/governance/detectors/unsafeReasoning.js +0 -473
- package/dist/governance/detectors/unsafeReasoning.js.map +0 -1
- package/dist/governance/evaluationEngine.d.ts +0 -112
- package/dist/governance/evaluationEngine.d.ts.map +0 -1
- package/dist/governance/evaluationEngine.js +0 -265
- package/dist/governance/evaluationEngine.js.map +0 -1
- package/dist/governance/intervention.d.ts +0 -81
- package/dist/governance/intervention.d.ts.map +0 -1
- package/dist/governance/intervention.js +0 -405
- package/dist/governance/intervention.js.map +0 -1
- package/dist/server/oauth/anomalyDetection.d.ts +0 -146
- package/dist/server/oauth/anomalyDetection.d.ts.map +0 -1
- package/dist/server/oauth/anomalyDetection.js +0 -405
- package/dist/server/oauth/anomalyDetection.js.map +0 -1
- package/dist/server/oauth/authServer.d.ts +0 -61
- package/dist/server/oauth/authServer.d.ts.map +0 -1
- package/dist/server/oauth/authServer.js +0 -283
- package/dist/server/oauth/authServer.js.map +0 -1
- package/dist/server/oauth/dpop.d.ts +0 -135
- package/dist/server/oauth/dpop.d.ts.map +0 -1
- package/dist/server/oauth/dpop.js +0 -338
- package/dist/server/oauth/dpop.js.map +0 -1
- package/dist/server/oauth/gdpr/consent.d.ts +0 -173
- package/dist/server/oauth/gdpr/consent.d.ts.map +0 -1
- package/dist/server/oauth/gdpr/consent.js +0 -388
- package/dist/server/oauth/gdpr/consent.js.map +0 -1
- package/dist/server/oauth/gdpr/dataPortability.d.ts +0 -214
- package/dist/server/oauth/gdpr/dataPortability.d.ts.map +0 -1
- package/dist/server/oauth/gdpr/dataPortability.js +0 -486
- package/dist/server/oauth/gdpr/dataPortability.js.map +0 -1
- package/dist/server/oauth/gdpr/index.d.ts +0 -103
- package/dist/server/oauth/gdpr/index.d.ts.map +0 -1
- package/dist/server/oauth/gdpr/index.js +0 -273
- package/dist/server/oauth/gdpr/index.js.map +0 -1
- package/dist/server/oauth/gdpr/rightToErasure.d.ts +0 -184
- package/dist/server/oauth/gdpr/rightToErasure.d.ts.map +0 -1
- package/dist/server/oauth/gdpr/rightToErasure.js +0 -527
- package/dist/server/oauth/gdpr/rightToErasure.js.map +0 -1
- package/dist/server/oauth/monitoring/securityMonitor.d.ts +0 -218
- package/dist/server/oauth/monitoring/securityMonitor.d.ts.map +0 -1
- package/dist/server/oauth/monitoring/securityMonitor.js +0 -615
- package/dist/server/oauth/monitoring/securityMonitor.js.map +0 -1
- package/dist/server/oauth/pkce.d.ts +0 -61
- package/dist/server/oauth/pkce.d.ts.map +0 -1
- package/dist/server/oauth/pkce.js +0 -157
- package/dist/server/oauth/pkce.js.map +0 -1
- package/dist/server/oauth/providers/base.d.ts +0 -147
- package/dist/server/oauth/providers/base.d.ts.map +0 -1
- package/dist/server/oauth/providers/base.js +0 -312
- package/dist/server/oauth/providers/base.js.map +0 -1
- package/dist/server/oauth/providers/github.d.ts +0 -55
- package/dist/server/oauth/providers/github.d.ts.map +0 -1
- package/dist/server/oauth/providers/github.js +0 -225
- package/dist/server/oauth/providers/github.js.map +0 -1
- package/dist/server/oauth/providers/google.d.ts +0 -49
- package/dist/server/oauth/providers/google.d.ts.map +0 -1
- package/dist/server/oauth/providers/google.js +0 -153
- package/dist/server/oauth/providers/google.js.map +0 -1
- package/dist/server/oauth/providers/index.d.ts +0 -9
- package/dist/server/oauth/providers/index.d.ts.map +0 -1
- package/dist/server/oauth/providers/index.js +0 -24
- package/dist/server/oauth/providers/index.js.map +0 -1
- package/dist/server/oauth/refreshTokenRotation.d.ts +0 -114
- package/dist/server/oauth/refreshTokenRotation.d.ts.map +0 -1
- package/dist/server/oauth/refreshTokenRotation.js +0 -344
- package/dist/server/oauth/refreshTokenRotation.js.map +0 -1
- package/dist/server/oauth/security.d.ts +0 -101
- package/dist/server/oauth/security.d.ts.map +0 -1
- package/dist/server/oauth/security.js +0 -268
- package/dist/server/oauth/security.js.map +0 -1
- package/dist/server/oauth/tokenEncryption.d.ts +0 -80
- package/dist/server/oauth/tokenEncryption.d.ts.map +0 -1
- package/dist/server/oauth/tokenEncryption.js +0 -218
- package/dist/server/oauth/tokenEncryption.js.map +0 -1
- package/dist/tools/sendMessage-complex-backup.d.ts +0 -6
- package/dist/tools/sendMessage-complex-backup.d.ts.map +0 -1
- package/dist/tools/sendMessage-complex-backup.js +0 -545
- package/dist/tools/sendMessage-complex-backup.js.map +0 -1
- package/dist/tools/sendMessage-revised.d.ts +0 -11
- package/dist/tools/sendMessage-revised.d.ts.map +0 -1
- package/dist/tools/sendMessage-revised.js +0 -429
- package/dist/tools/sendMessage-revised.js.map +0 -1
- package/dist/tools/sendMessage-truly-simple.d.ts +0 -8
- package/dist/tools/sendMessage-truly-simple.d.ts.map +0 -1
- package/dist/tools/sendMessage-truly-simple.js +0 -299
- package/dist/tools/sendMessage-truly-simple.js.map +0 -1
|
@@ -0,0 +1,229 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* XSS (Cross-Site Scripting) Detector
|
|
3
|
+
* Scans code for XSS vulnerabilities including:
|
|
4
|
+
* - innerHTML usage with untrusted data
|
|
5
|
+
* - Unescaped user input in DOM
|
|
6
|
+
* - eval() and similar dangerous functions
|
|
7
|
+
* - Dangerous DOM manipulation patterns
|
|
8
|
+
*/
|
|
9
|
+
export class XssDetector {
|
|
10
|
+
vulnerabilities = [];
|
|
11
|
+
/**
|
|
12
|
+
* Scan code for XSS vulnerabilities
|
|
13
|
+
*/
|
|
14
|
+
scan(code) {
|
|
15
|
+
this.vulnerabilities = [];
|
|
16
|
+
const lines = code.split('\n');
|
|
17
|
+
lines.forEach((line, idx) => {
|
|
18
|
+
const lineNum = idx + 1;
|
|
19
|
+
this.checkInnerHtmlUsage(line, lineNum);
|
|
20
|
+
this.checkEvalUsage(line, lineNum);
|
|
21
|
+
this.checkUnescapedDomManipulation(line, lineNum);
|
|
22
|
+
this.checkDangerousDomMethods(line, lineNum);
|
|
23
|
+
this.checkReactDangerousHtml(line, lineNum);
|
|
24
|
+
});
|
|
25
|
+
return this.vulnerabilities;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Detect innerHTML usage with variables or user input
|
|
29
|
+
* Pattern: element.innerHTML = userInput
|
|
30
|
+
* Pattern: element.innerHTML = `content ${userVar}`
|
|
31
|
+
*/
|
|
32
|
+
checkInnerHtmlUsage(line, lineNum) {
|
|
33
|
+
const patterns = [
|
|
34
|
+
/\.innerHTML\s*=\s*[^;]+/g,
|
|
35
|
+
/\.innerHTML\s*\+=\s*[^;]+/g,
|
|
36
|
+
/innerHTML\s*=\s*[^;]+/g,
|
|
37
|
+
];
|
|
38
|
+
for (const pattern of patterns) {
|
|
39
|
+
const matches = Array.from(line.matchAll(pattern));
|
|
40
|
+
for (const match of matches) {
|
|
41
|
+
const code = match[0];
|
|
42
|
+
if (this.isCommentOrString(line, line.indexOf(code)))
|
|
43
|
+
continue;
|
|
44
|
+
// Check if it's using a template literal or variable
|
|
45
|
+
if (code.includes('${') || code.includes('"') || code.includes("'") || code.includes('`')) {
|
|
46
|
+
const column = line.indexOf(code) + 1;
|
|
47
|
+
// Extract what's being assigned
|
|
48
|
+
const assignmentMatch = code.match(/=\s*(.+)/);
|
|
49
|
+
const assignedValue = assignmentMatch?.[1]?.trim() || 'untrustedData';
|
|
50
|
+
const severity = code.includes('$') ? 'CRITICAL' : 'HIGH';
|
|
51
|
+
this.vulnerabilities.push({
|
|
52
|
+
type: 'INNERHTML_XSS',
|
|
53
|
+
severity: severity,
|
|
54
|
+
line: lineNum,
|
|
55
|
+
column: column,
|
|
56
|
+
code: code,
|
|
57
|
+
issue: `Direct assignment to innerHTML: ${code}. This allows XSS attacks if ${assignedValue} contains user-controlled content.`,
|
|
58
|
+
cwe: 'CWE-79: Improper Neutralization of Input During Web Page Generation',
|
|
59
|
+
fix: `Use textContent for plain text:\n element.textContent = userInput;\n\nOr sanitize HTML:\n import DOMPurify from 'dompurify';\n element.innerHTML = DOMPurify.sanitize(userInput);\n\nOr use safe methods:\n element.appendChild(document.createTextNode(userInput));\n element.insertAdjacentHTML('beforeend', sanitize(userInput));`
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Detect eval() and similar dangerous functions
|
|
67
|
+
* Pattern: eval(userInput)
|
|
68
|
+
* Pattern: Function(userInput)
|
|
69
|
+
* Pattern: setTimeout(userInput)
|
|
70
|
+
*/
|
|
71
|
+
checkEvalUsage(line, lineNum) {
|
|
72
|
+
const patterns = [
|
|
73
|
+
/\beval\s*\(/gi,
|
|
74
|
+
/\bFunction\s*\(/gi,
|
|
75
|
+
/\bsetTimeout\s*\(\s*[^,)]*\$\{/gi,
|
|
76
|
+
/\bsetInterval\s*\(\s*[^,)]*\$\{/gi,
|
|
77
|
+
/\bnew\s+Function\s*\(/gi,
|
|
78
|
+
];
|
|
79
|
+
for (const pattern of patterns) {
|
|
80
|
+
const matches = Array.from(line.matchAll(pattern));
|
|
81
|
+
for (const match of matches) {
|
|
82
|
+
const code = match[0];
|
|
83
|
+
if (this.isCommentOrString(line, line.indexOf(code)))
|
|
84
|
+
continue;
|
|
85
|
+
const column = line.indexOf(code) + 1;
|
|
86
|
+
const isFunctionConstructor = code.toLowerCase().includes('function');
|
|
87
|
+
const isSetTimeout = code.toLowerCase().includes('settimeout');
|
|
88
|
+
let issue = '';
|
|
89
|
+
let fix = '';
|
|
90
|
+
if (code.toLowerCase().includes('eval')) {
|
|
91
|
+
issue = `Direct use of eval(): ${code}. eval() is dangerous and allows arbitrary code execution.`;
|
|
92
|
+
fix = `Never use eval(). If you need to parse JSON:\n const data = JSON.parse(userInput);\n\nFor dynamic property access:\n const value = obj[propertyName];\n\nFor expressions, use a safe expression evaluator library.`;
|
|
93
|
+
}
|
|
94
|
+
else if (isFunctionConstructor) {
|
|
95
|
+
issue = `Function constructor usage: ${code}. Using Function() with user input allows arbitrary code execution.`;
|
|
96
|
+
fix = `Use JSON.parse() for data:\n const data = JSON.parse(userInput);\n\nFor callbacks, use predefined functions:\n const callbacks = { action1: () => {}, action2: () => {} };\n callbacks[actionName]?.();`;
|
|
97
|
+
}
|
|
98
|
+
else if (isSetTimeout) {
|
|
99
|
+
issue = `setTimeout with dynamic code: ${code}. Passing code as string can lead to code injection.`;
|
|
100
|
+
fix = `Use a function reference instead:\n setTimeout(() => { handleAction(data); }, 1000);\n\nOr define callbacks:\n const handlers = { notify: () => {}, update: () => {} };\n setTimeout(handlers[actionType], 1000);`;
|
|
101
|
+
}
|
|
102
|
+
this.vulnerabilities.push({
|
|
103
|
+
type: 'EVAL_XSS',
|
|
104
|
+
severity: 'CRITICAL',
|
|
105
|
+
line: lineNum,
|
|
106
|
+
column: column,
|
|
107
|
+
code: code,
|
|
108
|
+
issue: issue,
|
|
109
|
+
cwe: 'CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code',
|
|
110
|
+
fix: fix
|
|
111
|
+
});
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Detect unescaped DOM manipulation
|
|
117
|
+
* Pattern: element.insertAdjacentHTML('beforeend', userInput)
|
|
118
|
+
* Pattern: document.write(userInput)
|
|
119
|
+
*/
|
|
120
|
+
checkUnescapedDomManipulation(line, lineNum) {
|
|
121
|
+
const patterns = [
|
|
122
|
+
/insertAdjacentHTML\s*\(/gi,
|
|
123
|
+
/document\.write\s*\(/gi,
|
|
124
|
+
/document\.writeln\s*\(/gi,
|
|
125
|
+
/outerHTML\s*=\s*[^;]+/g,
|
|
126
|
+
];
|
|
127
|
+
for (const pattern of patterns) {
|
|
128
|
+
const matches = Array.from(line.matchAll(pattern));
|
|
129
|
+
for (const match of matches) {
|
|
130
|
+
const code = match[0];
|
|
131
|
+
if (this.isCommentOrString(line, line.indexOf(code)))
|
|
132
|
+
continue;
|
|
133
|
+
const column = line.indexOf(code) + 1;
|
|
134
|
+
let issue = '';
|
|
135
|
+
let fix = '';
|
|
136
|
+
if (code.includes('insertAdjacentHTML')) {
|
|
137
|
+
issue = `insertAdjacentHTML with untrusted data: ${code}. Can lead to XSS if data isn't sanitized.`;
|
|
138
|
+
fix = `Use insertAdjacentElement instead:\n const element = document.createElement('div');\n element.textContent = userInput;\n target.insertAdjacentElement('beforeend', element);\n\nOr sanitize the HTML:\n target.insertAdjacentHTML('beforeend', DOMPurify.sanitize(userInput));`;
|
|
139
|
+
}
|
|
140
|
+
else if (code.includes('document.write') || code.includes('writeln')) {
|
|
141
|
+
issue = `document.write() detected: ${code}. This is dangerous and can cause DOM issues and XSS vulnerabilities.`;
|
|
142
|
+
fix = `Use DOM methods instead:\n const div = document.createElement('div');\n div.textContent = content;\n document.body.appendChild(div);\n\nOr use:\n document.getElementById('target').textContent = content;`;
|
|
143
|
+
}
|
|
144
|
+
else if (code.includes('outerHTML')) {
|
|
145
|
+
issue = `Direct outerHTML assignment: ${code}. Allows XSS if assigned value contains user input.`;
|
|
146
|
+
fix = `Use safer methods:\n element.replaceWith(newElement);\n Or sanitize before:\n element.outerHTML = DOMPurify.sanitize(userInput);`;
|
|
147
|
+
}
|
|
148
|
+
this.vulnerabilities.push({
|
|
149
|
+
type: 'UNESCAPED_DOM',
|
|
150
|
+
severity: 'CRITICAL',
|
|
151
|
+
line: lineNum,
|
|
152
|
+
column: column,
|
|
153
|
+
code: code,
|
|
154
|
+
issue: issue,
|
|
155
|
+
cwe: 'CWE-79: Improper Neutralization of Input During Web Page Generation',
|
|
156
|
+
fix: fix
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Detect dangerous DOM methods
|
|
163
|
+
* Pattern: element.click(userEvent)
|
|
164
|
+
* Pattern: element.setAttribute('onclick', userInput)
|
|
165
|
+
*/
|
|
166
|
+
checkDangerousDomMethods(line, lineNum) {
|
|
167
|
+
const patterns = [
|
|
168
|
+
/setAttribute\s*\(\s*['"]on\w+['"][^)]*\)/gi,
|
|
169
|
+
/\.on\w+\s*=\s*[^;]+\$\{/g,
|
|
170
|
+
/\[['"]on\w+['"]\]\s*=\s*[^;]+/g,
|
|
171
|
+
];
|
|
172
|
+
for (const pattern of patterns) {
|
|
173
|
+
const matches = Array.from(line.matchAll(pattern));
|
|
174
|
+
for (const match of matches) {
|
|
175
|
+
const code = match[0];
|
|
176
|
+
if (this.isCommentOrString(line, line.indexOf(code)))
|
|
177
|
+
continue;
|
|
178
|
+
const column = line.indexOf(code) + 1;
|
|
179
|
+
this.vulnerabilities.push({
|
|
180
|
+
type: 'DANGEROUS_DOM_METHOD',
|
|
181
|
+
severity: 'CRITICAL',
|
|
182
|
+
line: lineNum,
|
|
183
|
+
column: column,
|
|
184
|
+
code: code,
|
|
185
|
+
issue: `Setting event handler with user input: ${code}. This allows JavaScript injection through event handlers.`,
|
|
186
|
+
cwe: 'CWE-79: Improper Neutralization of Input During Web Page Generation',
|
|
187
|
+
fix: `Use addEventListener instead:\n element.addEventListener('click', (e) => handleEvent(e, userData));\n\nOr use data attributes with safe event handlers:\n element.setAttribute('data-action', actionName);\n element.addEventListener('click', () => handler(element.dataset.action));`
|
|
188
|
+
});
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
/**
|
|
193
|
+
* Detect React dangerouslySetInnerHTML usage
|
|
194
|
+
* Pattern: dangerouslySetInnerHTML={{ __html: userInput }}
|
|
195
|
+
*/
|
|
196
|
+
checkReactDangerousHtml(line, lineNum) {
|
|
197
|
+
if (!line.includes('dangerouslySetInnerHTML'))
|
|
198
|
+
return;
|
|
199
|
+
const pattern = /dangerouslySetInnerHTML\s*=\s*\{\s*__html\s*:\s*[^}]+\}/g;
|
|
200
|
+
const matches = Array.from(line.matchAll(pattern));
|
|
201
|
+
for (const match of matches) {
|
|
202
|
+
const code = match[0];
|
|
203
|
+
if (this.isCommentOrString(line, line.indexOf(code)))
|
|
204
|
+
continue;
|
|
205
|
+
const column = line.indexOf(code) + 1;
|
|
206
|
+
// Extract what's being assigned
|
|
207
|
+
const valueMatch = code.match(/__html\s*:\s*(.+)/);
|
|
208
|
+
const value = valueMatch?.[1]?.trim() || 'value';
|
|
209
|
+
this.vulnerabilities.push({
|
|
210
|
+
type: 'REACT_DANGEROUSHTML',
|
|
211
|
+
severity: code.includes('$') ? 'CRITICAL' : 'HIGH',
|
|
212
|
+
line: lineNum,
|
|
213
|
+
column: column,
|
|
214
|
+
code: code,
|
|
215
|
+
issue: `React dangerouslySetInnerHTML usage: ${code}. This is dangerous and can lead to XSS if ${value} contains user-controlled content.`,
|
|
216
|
+
cwe: 'CWE-79: Improper Neutralization of Input During Web Page Generation',
|
|
217
|
+
fix: `Use React's built-in escaping:\n <div>{userInput}</div>\n\nFor safe HTML rendering, sanitize first:\n import DOMPurify from 'dompurify';\n <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(userInput) }} />\n\nOr use a React component library that handles sanitization.`
|
|
218
|
+
});
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* Check if position is inside a comment or string
|
|
223
|
+
*/
|
|
224
|
+
isCommentOrString(line, position) {
|
|
225
|
+
const beforePos = line.substring(0, position);
|
|
226
|
+
return beforePos.includes('//') || beforePos.includes('/*');
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
//# sourceMappingURL=xss-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"xss-detector.js","sourceRoot":"","sources":["../../../src/developer/scanners/xss-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAaH,MAAM,OAAO,WAAW;IACd,eAAe,GAAuB,EAAE,CAAC;IAEjD;;OAEG;IACH,IAAI,CAAC,IAAY;QACf,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAC1B,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,CAAC;YACxB,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACnC,IAAI,CAAC,6BAA6B,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,uBAAuB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CAAC,IAAY,EAAE,OAAe;QACvD,MAAM,QAAQ,GAAG;YACf,0BAA0B;YAC1B,4BAA4B;YAC5B,wBAAwB;SACzB,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAEnD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAE/D,qDAAqD;gBACrD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1F,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAEtC,gCAAgC;oBAChC,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;oBAC/C,MAAM,aAAa,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,eAAe,CAAC;oBAEtE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;oBAE1D,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;wBACxB,IAAI,EAAE,eAAe;wBACrB,QAAQ,EAAE,QAA+B;wBACzC,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,IAAI;wBACV,KAAK,EAAE,mCAAmC,IAAI,gCAAgC,aAAa,oCAAoC;wBAC/H,GAAG,EAAE,qEAAqE;wBAC1E,GAAG,EAAE,2UAA2U;qBACjV,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,cAAc,CAAC,IAAY,EAAE,OAAe;QAClD,MAAM,QAAQ,GAAG;YACf,eAAe;YACf,mBAAmB;YACnB,kCAAkC;YAClC,mCAAmC;YACnC,yBAAyB;SAC1B,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAEnD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAE/D,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtC,MAAM,qBAAqB,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBACtE,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBAE/D,IAAI,KAAK,GAAG,EAAE,CAAC;gBACf,IAAI,GAAG,GAAG,EAAE,CAAC;gBAEb,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACxC,KAAK,GAAG,yBAAyB,IAAI,4DAA4D,CAAC;oBAClG,GAAG,GAAG,sNAAsN,CAAC;gBAC/N,CAAC;qBAAM,IAAI,qBAAqB,EAAE,CAAC;oBACjC,KAAK,GAAG,+BAA+B,IAAI,qEAAqE,CAAC;oBACjH,GAAG,GAAG,4MAA4M,CAAC;gBACrN,CAAC;qBAAM,IAAI,YAAY,EAAE,CAAC;oBACxB,KAAK,GAAG,iCAAiC,IAAI,sDAAsD,CAAC;oBACpG,GAAG,GAAG,sNAAsN,CAAC;gBAC/N,CAAC;gBAED,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;oBACxB,IAAI,EAAE,UAAU;oBAChB,QAAQ,EAAE,UAAU;oBACpB,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,KAAK;oBACZ,GAAG,EAAE,6EAA6E;oBAClF,GAAG,EAAE,GAAG;iBACT,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,6BAA6B,CAAC,IAAY,EAAE,OAAe;QACjE,MAAM,QAAQ,GAAG;YACf,2BAA2B;YAC3B,wBAAwB;YACxB,0BAA0B;YAC1B,wBAAwB;SACzB,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAEnD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAE/D,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAEtC,IAAI,KAAK,GAAG,EAAE,CAAC;gBACf,IAAI,GAAG,GAAG,EAAE,CAAC;gBAEb,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;oBACxC,KAAK,GAAG,2CAA2C,IAAI,4CAA4C,CAAC;oBACpG,GAAG,GAAG,oRAAoR,CAAC;gBAC7R,CAAC;qBAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvE,KAAK,GAAG,8BAA8B,IAAI,uEAAuE,CAAC;oBAClH,GAAG,GAAG,gNAAgN,CAAC;gBACzN,CAAC;qBAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;oBACtC,KAAK,GAAG,gCAAgC,IAAI,qDAAqD,CAAC;oBAClG,GAAG,GAAG,qIAAqI,CAAC;gBAC9I,CAAC;gBAED,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;oBACxB,IAAI,EAAE,eAAe;oBACrB,QAAQ,EAAE,UAAU;oBACpB,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,KAAK;oBACZ,GAAG,EAAE,qEAAqE;oBAC1E,GAAG,EAAE,GAAG;iBACT,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,wBAAwB,CAAC,IAAY,EAAE,OAAe;QAC5D,MAAM,QAAQ,GAAG;YACf,4CAA4C;YAC5C,0BAA0B;YAC1B,gCAAgC;SACjC,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAEnD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBAE/D,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAEtC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;oBACxB,IAAI,EAAE,sBAAsB;oBAC5B,QAAQ,EAAE,UAAU;oBACpB,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,0CAA0C,IAAI,4DAA4D;oBACjH,GAAG,EAAE,qEAAqE;oBAC1E,GAAG,EAAE,2RAA2R;iBACjS,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,uBAAuB,CAAC,IAAY,EAAE,OAAe;QAC3D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,yBAAyB,CAAC;YAAE,OAAO;QAEtD,MAAM,OAAO,GAAG,0DAA0D,CAAC;QAC3E,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAEnD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAAE,SAAS;YAE/D,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAEtC,gCAAgC;YAChC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,OAAO,CAAC;YAEjD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;gBACxB,IAAI,EAAE,qBAAqB;gBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;gBAClD,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,wCAAwC,IAAI,8CAA8C,KAAK,oCAAoC;gBAC1I,GAAG,EAAE,qEAAqE;gBAC1E,GAAG,EAAE,0RAA0R;aAChS,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,IAAY,EAAE,QAAgB;QACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9C,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9D,CAAC;CACF"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AI Error Pattern Catalog
|
|
3
|
+
* Common mistakes AI agents make when writing code
|
|
4
|
+
*/
|
|
5
|
+
export interface AIErrorPattern {
|
|
6
|
+
id: string;
|
|
7
|
+
name: string;
|
|
8
|
+
category: 'build' | 'syntax' | 'logic' | 'security' | 'performance' | 'architecture';
|
|
9
|
+
description: string;
|
|
10
|
+
frequency: 'very-common' | 'common' | 'occasional' | 'rare';
|
|
11
|
+
impact: 'critical' | 'high' | 'medium' | 'low';
|
|
12
|
+
examples: string[];
|
|
13
|
+
detection: string;
|
|
14
|
+
prevention: string;
|
|
15
|
+
autoFixable: boolean;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Catalog of documented AI coding errors
|
|
19
|
+
* Based on real-world observations of AI agent failures
|
|
20
|
+
*/
|
|
21
|
+
export declare const AI_ERROR_CATALOG: AIErrorPattern[];
|
|
22
|
+
/**
|
|
23
|
+
* Get AI errors by category
|
|
24
|
+
*/
|
|
25
|
+
export declare function getErrorsByCategory(category: AIErrorPattern['category']): AIErrorPattern[];
|
|
26
|
+
/**
|
|
27
|
+
* Get high-impact errors that should be prevented first
|
|
28
|
+
*/
|
|
29
|
+
export declare function getCriticalErrors(): AIErrorPattern[];
|
|
30
|
+
/**
|
|
31
|
+
* Get auto-fixable errors
|
|
32
|
+
*/
|
|
33
|
+
export declare function getAutoFixableErrors(): AIErrorPattern[];
|
|
34
|
+
//# sourceMappingURL=ai-errors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-errors.d.ts","sourceRoot":"","sources":["../../../src/developer/types/ai-errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAU,GAAG,aAAa,GAAG,cAAc,CAAC;IACrF,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,aAAa,GAAG,QAAQ,GAAG,YAAY,GAAG,MAAM,CAAC;IAC5D,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAC/C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,cAAc,EAkP5C,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,UAAU,CAAC,GAAG,cAAc,EAAE,CAE1F;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,EAAE,CAKpD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,cAAc,EAAE,CAEvD"}
|
|
@@ -0,0 +1,271 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AI Error Pattern Catalog
|
|
3
|
+
* Common mistakes AI agents make when writing code
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Catalog of documented AI coding errors
|
|
7
|
+
* Based on real-world observations of AI agent failures
|
|
8
|
+
*/
|
|
9
|
+
export const AI_ERROR_CATALOG = [
|
|
10
|
+
{
|
|
11
|
+
id: 'build-context-blindness',
|
|
12
|
+
name: 'Build Context Blindness',
|
|
13
|
+
category: 'build',
|
|
14
|
+
description: 'AI attempts to build/run code without understanding project configuration',
|
|
15
|
+
frequency: 'very-common',
|
|
16
|
+
impact: 'high',
|
|
17
|
+
examples: [
|
|
18
|
+
'Forgetting .js extensions in TypeScript ESM projects',
|
|
19
|
+
'Using require() in ESM modules',
|
|
20
|
+
'Using import in CommonJS without transpilation',
|
|
21
|
+
'Assuming npm when project uses yarn/pnpm'
|
|
22
|
+
],
|
|
23
|
+
detection: 'Check tsconfig.json moduleResolution and package.json type field',
|
|
24
|
+
prevention: 'Run build context detection before any code generation',
|
|
25
|
+
autoFixable: true
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
id: 'package-hallucination',
|
|
29
|
+
name: 'Package Hallucination',
|
|
30
|
+
category: 'syntax',
|
|
31
|
+
description: 'AI suggests packages that don\'t exist (24% of the time)',
|
|
32
|
+
frequency: 'very-common',
|
|
33
|
+
impact: 'high',
|
|
34
|
+
examples: [
|
|
35
|
+
'import { SuperChart } from "react-super-charts" // doesn\'t exist',
|
|
36
|
+
'import reqeusts // typo of "requests"',
|
|
37
|
+
'from beautifulsoup import BeautifulSoup // should be beautifulsoup4'
|
|
38
|
+
],
|
|
39
|
+
detection: 'Real-time package registry validation',
|
|
40
|
+
prevention: 'Validate all package names against npm/pypi/maven registries',
|
|
41
|
+
autoFixable: true
|
|
42
|
+
},
|
|
43
|
+
{
|
|
44
|
+
id: 'async-await-confusion',
|
|
45
|
+
name: 'Async/Await Confusion',
|
|
46
|
+
category: 'logic',
|
|
47
|
+
description: 'AI forgets to await async functions or marks sync functions as async',
|
|
48
|
+
frequency: 'very-common',
|
|
49
|
+
impact: 'high',
|
|
50
|
+
examples: [
|
|
51
|
+
'const data = fetch(url); // Missing await',
|
|
52
|
+
'async function getValue() { return 5; } // Unnecessary async',
|
|
53
|
+
'promises.forEach(async (p) => await p); // Doesn\'t wait'
|
|
54
|
+
],
|
|
55
|
+
detection: 'AST analysis for Promise-returning functions without await',
|
|
56
|
+
prevention: 'Track async context and validate Promise handling',
|
|
57
|
+
autoFixable: true
|
|
58
|
+
},
|
|
59
|
+
{
|
|
60
|
+
id: 'sql-injection-prone',
|
|
61
|
+
name: 'SQL Injection Vulnerability',
|
|
62
|
+
category: 'security',
|
|
63
|
+
description: 'AI generates SQL queries vulnerable to injection',
|
|
64
|
+
frequency: 'common',
|
|
65
|
+
impact: 'critical',
|
|
66
|
+
examples: [
|
|
67
|
+
'db.query(`SELECT * FROM users WHERE id = ${userId}`)',
|
|
68
|
+
'connection.execute("DELETE FROM " + tableName)',
|
|
69
|
+
'WHERE name = \'" + userName + "\'"'
|
|
70
|
+
],
|
|
71
|
+
detection: 'Pattern matching for string concatenation in SQL',
|
|
72
|
+
prevention: 'Force parameterized queries, block string concatenation',
|
|
73
|
+
autoFixable: true
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
id: 'hardcoded-secrets',
|
|
77
|
+
name: 'Hardcoded Secrets',
|
|
78
|
+
category: 'security',
|
|
79
|
+
description: 'AI puts API keys, passwords, and secrets directly in code',
|
|
80
|
+
frequency: 'common',
|
|
81
|
+
impact: 'critical',
|
|
82
|
+
examples: [
|
|
83
|
+
'const API_KEY = "sk-1234567890abcdef"',
|
|
84
|
+
'password: "admin123"',
|
|
85
|
+
'mongodb://user:pass@localhost/db'
|
|
86
|
+
],
|
|
87
|
+
detection: 'Regex patterns for common secret formats',
|
|
88
|
+
prevention: 'Replace with environment variables automatically',
|
|
89
|
+
autoFixable: true
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
id: 'file-path-assumption',
|
|
93
|
+
name: 'File Path Assumption',
|
|
94
|
+
category: 'logic',
|
|
95
|
+
description: 'AI assumes file paths that don\'t exist or uses wrong separators',
|
|
96
|
+
frequency: 'very-common',
|
|
97
|
+
impact: 'medium',
|
|
98
|
+
examples: [
|
|
99
|
+
'fs.readFile("C:\\\\Users\\\\data.txt") // Windows path on Unix',
|
|
100
|
+
'import data from "../../../config" // Wrong relative depth',
|
|
101
|
+
'require("./src/utils") // Path doesn\'t exist'
|
|
102
|
+
],
|
|
103
|
+
detection: 'File system validation before file operations',
|
|
104
|
+
prevention: 'Use path.join() and validate paths exist',
|
|
105
|
+
autoFixable: true
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
id: 'infinite-loop-risk',
|
|
109
|
+
name: 'Infinite Loop Risk',
|
|
110
|
+
category: 'logic',
|
|
111
|
+
description: 'AI creates loops without proper exit conditions',
|
|
112
|
+
frequency: 'occasional',
|
|
113
|
+
impact: 'high',
|
|
114
|
+
examples: [
|
|
115
|
+
'while (true) { if (condition) break; } // Break might never occur',
|
|
116
|
+
'for (let i = 0; i < arr.length; i--) // Wrong increment',
|
|
117
|
+
'do { value = getValue(); } while (value); // No guarantee of falsy'
|
|
118
|
+
],
|
|
119
|
+
detection: 'Static analysis for loop termination conditions',
|
|
120
|
+
prevention: 'Add maximum iteration limits and timeout checks',
|
|
121
|
+
autoFixable: false
|
|
122
|
+
},
|
|
123
|
+
{
|
|
124
|
+
id: 'type-mismatch-blindness',
|
|
125
|
+
name: 'Type Mismatch Blindness',
|
|
126
|
+
category: 'syntax',
|
|
127
|
+
description: 'AI ignores TypeScript types or creates type errors',
|
|
128
|
+
frequency: 'very-common',
|
|
129
|
+
impact: 'medium',
|
|
130
|
+
examples: [
|
|
131
|
+
'function add(a: number, b: number) { return a + b; } add("1", "2")',
|
|
132
|
+
'const user: User = { namn: "John" } // Typo in property name',
|
|
133
|
+
'return null; // Function expects string, not null'
|
|
134
|
+
],
|
|
135
|
+
detection: 'TypeScript compiler API for type checking',
|
|
136
|
+
prevention: 'Run tsc --noEmit before suggesting code',
|
|
137
|
+
autoFixable: true
|
|
138
|
+
},
|
|
139
|
+
{
|
|
140
|
+
id: 'over-engineering',
|
|
141
|
+
name: 'Over-Engineering Simple Tasks',
|
|
142
|
+
category: 'architecture',
|
|
143
|
+
description: 'AI creates unnecessarily complex solutions for simple problems',
|
|
144
|
+
frequency: 'common',
|
|
145
|
+
impact: 'low',
|
|
146
|
+
examples: [
|
|
147
|
+
'// To check if number is even:\nclass EvenChecker { constructor() {} check(n) { return n % 2 === 0; }}',
|
|
148
|
+
'Creating 5 abstraction layers for a 10-line script',
|
|
149
|
+
'Using design patterns where a simple function would suffice'
|
|
150
|
+
],
|
|
151
|
+
detection: 'Complexity metrics vs problem scope analysis',
|
|
152
|
+
prevention: 'Suggest simpler alternatives when complexity exceeds threshold',
|
|
153
|
+
autoFixable: false
|
|
154
|
+
},
|
|
155
|
+
{
|
|
156
|
+
id: 'api-version-mismatch',
|
|
157
|
+
name: 'API Version Mismatch',
|
|
158
|
+
category: 'syntax',
|
|
159
|
+
description: 'AI uses deprecated or future API features',
|
|
160
|
+
frequency: 'common',
|
|
161
|
+
impact: 'medium',
|
|
162
|
+
examples: [
|
|
163
|
+
'React.createClass({}) // Deprecated in React 16+',
|
|
164
|
+
'document.querySelector().showModal() // Not in all browsers',
|
|
165
|
+
'Python 2 print statement in Python 3 code'
|
|
166
|
+
],
|
|
167
|
+
detection: 'Version-aware API compatibility checking',
|
|
168
|
+
prevention: 'Check package.json versions and target environments',
|
|
169
|
+
autoFixable: true
|
|
170
|
+
},
|
|
171
|
+
{
|
|
172
|
+
id: 'resource-leak',
|
|
173
|
+
name: 'Resource Leak',
|
|
174
|
+
category: 'performance',
|
|
175
|
+
description: 'AI forgets to close files, connections, or clean up resources',
|
|
176
|
+
frequency: 'common',
|
|
177
|
+
impact: 'high',
|
|
178
|
+
examples: [
|
|
179
|
+
'const file = fs.openSync(path); // Never closed',
|
|
180
|
+
'setInterval(() => {}, 1000); // Never cleared',
|
|
181
|
+
'eventEmitter.on("data", handler); // Never removed'
|
|
182
|
+
],
|
|
183
|
+
detection: 'Track resource allocation and disposal patterns',
|
|
184
|
+
prevention: 'Auto-add cleanup code, use try-finally blocks',
|
|
185
|
+
autoFixable: true
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
id: 'mutation-of-immutable',
|
|
189
|
+
name: 'Mutating Immutable Data',
|
|
190
|
+
category: 'logic',
|
|
191
|
+
description: 'AI modifies data that should be immutable',
|
|
192
|
+
frequency: 'common',
|
|
193
|
+
impact: 'medium',
|
|
194
|
+
examples: [
|
|
195
|
+
'props.user.name = "New Name" // Mutating React props',
|
|
196
|
+
'const frozen = Object.freeze({}); frozen.x = 1;',
|
|
197
|
+
'Redux state.items.push(newItem) // Direct state mutation'
|
|
198
|
+
],
|
|
199
|
+
detection: 'Track immutable data patterns in framework context',
|
|
200
|
+
prevention: 'Suggest immutable operations (spread, Object.assign)',
|
|
201
|
+
autoFixable: true
|
|
202
|
+
},
|
|
203
|
+
{
|
|
204
|
+
id: 'promise-anti-pattern',
|
|
205
|
+
name: 'Promise Anti-Patterns',
|
|
206
|
+
category: 'logic',
|
|
207
|
+
description: 'AI creates promise anti-patterns like the pyramid of doom',
|
|
208
|
+
frequency: 'common',
|
|
209
|
+
impact: 'low',
|
|
210
|
+
examples: [
|
|
211
|
+
'return new Promise((resolve) => { resolve(asyncFunc()) })',
|
|
212
|
+
'Nested .then() chains instead of async/await',
|
|
213
|
+
'Not returning promises in .then() chains'
|
|
214
|
+
],
|
|
215
|
+
detection: 'AST pattern matching for promise anti-patterns',
|
|
216
|
+
prevention: 'Suggest async/await refactoring',
|
|
217
|
+
autoFixable: true
|
|
218
|
+
},
|
|
219
|
+
{
|
|
220
|
+
id: 'null-reference-error',
|
|
221
|
+
name: 'Null/Undefined Reference',
|
|
222
|
+
category: 'logic',
|
|
223
|
+
description: 'AI doesn\'t check for null/undefined before accessing properties',
|
|
224
|
+
frequency: 'very-common',
|
|
225
|
+
impact: 'high',
|
|
226
|
+
examples: [
|
|
227
|
+
'const name = user.profile.name // user or profile might be null',
|
|
228
|
+
'array[0].value // array might be empty',
|
|
229
|
+
'response.data.items.length // Multiple unchecked properties'
|
|
230
|
+
],
|
|
231
|
+
detection: 'Static analysis for property access chains',
|
|
232
|
+
prevention: 'Add optional chaining or null checks',
|
|
233
|
+
autoFixable: true
|
|
234
|
+
},
|
|
235
|
+
{
|
|
236
|
+
id: 'regex-catastrophic-backtrack',
|
|
237
|
+
name: 'Regex Catastrophic Backtracking',
|
|
238
|
+
category: 'performance',
|
|
239
|
+
description: 'AI creates regex patterns vulnerable to ReDoS attacks',
|
|
240
|
+
frequency: 'rare',
|
|
241
|
+
impact: 'critical',
|
|
242
|
+
examples: [
|
|
243
|
+
'/(a+)+$/',
|
|
244
|
+
'/(.*){1,32000}[bc]/',
|
|
245
|
+
'/^((ab)*)+$/'
|
|
246
|
+
],
|
|
247
|
+
detection: 'Regex complexity analysis for exponential patterns',
|
|
248
|
+
prevention: 'Simplify regex or use alternative parsing methods',
|
|
249
|
+
autoFixable: false
|
|
250
|
+
}
|
|
251
|
+
];
|
|
252
|
+
/**
|
|
253
|
+
* Get AI errors by category
|
|
254
|
+
*/
|
|
255
|
+
export function getErrorsByCategory(category) {
|
|
256
|
+
return AI_ERROR_CATALOG.filter(error => error.category === category);
|
|
257
|
+
}
|
|
258
|
+
/**
|
|
259
|
+
* Get high-impact errors that should be prevented first
|
|
260
|
+
*/
|
|
261
|
+
export function getCriticalErrors() {
|
|
262
|
+
return AI_ERROR_CATALOG.filter(error => error.impact === 'critical' ||
|
|
263
|
+
(error.impact === 'high' && error.frequency === 'very-common'));
|
|
264
|
+
}
|
|
265
|
+
/**
|
|
266
|
+
* Get auto-fixable errors
|
|
267
|
+
*/
|
|
268
|
+
export function getAutoFixableErrors() {
|
|
269
|
+
return AI_ERROR_CATALOG.filter(error => error.autoFixable);
|
|
270
|
+
}
|
|
271
|
+
//# sourceMappingURL=ai-errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-errors.js","sourceRoot":"","sources":["../../../src/developer/types/ai-errors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAeH;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAqB;IAChD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,2EAA2E;QACxF,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,sDAAsD;YACtD,gCAAgC;YAChC,gDAAgD;YAChD,0CAA0C;SAC3C;QACD,SAAS,EAAE,kEAAkE;QAC7E,UAAU,EAAE,wDAAwD;QACpE,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,0DAA0D;QACvE,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,oEAAoE;YACpE,wCAAwC;YACxC,sEAAsE;SACvE;QACD,SAAS,EAAE,uCAAuC;QAClD,UAAU,EAAE,8DAA8D;QAC1E,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,sEAAsE;QACnF,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,4CAA4C;YAC5C,+DAA+D;YAC/D,2DAA2D;SAC5D;QACD,SAAS,EAAE,4DAA4D;QACvE,UAAU,EAAE,mDAAmD;QAC/D,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kDAAkD;QAC/D,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE;YACR,sDAAsD;YACtD,gDAAgD;YAChD,oCAAoC;SACrC;QACD,SAAS,EAAE,kDAAkD;QAC7D,UAAU,EAAE,yDAAyD;QACrE,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2DAA2D;QACxE,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE;YACR,uCAAuC;YACvC,sBAAsB;YACtB,kCAAkC;SACnC;QACD,SAAS,EAAE,0CAA0C;QACrD,UAAU,EAAE,kDAAkD;QAC9D,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,kEAAkE;QAC/E,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE;YACR,iEAAiE;YACjE,6DAA6D;YAC7D,gDAAgD;SACjD;QACD,SAAS,EAAE,+CAA+C;QAC1D,UAAU,EAAE,0CAA0C;QACtD,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,iDAAiD;QAC9D,SAAS,EAAE,YAAY;QACvB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,oEAAoE;YACpE,yDAAyD;YACzD,qEAAqE;SACtE;QACD,SAAS,EAAE,iDAAiD;QAC5D,UAAU,EAAE,iDAAiD;QAC7D,WAAW,EAAE,KAAK;KACnB;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,oDAAoD;QACjE,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE;YACR,oEAAoE;YACpE,+DAA+D;YAC/D,oDAAoD;SACrD;QACD,SAAS,EAAE,2CAA2C;QACtD,UAAU,EAAE,yCAAyC;QACrD,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,cAAc;QACxB,WAAW,EAAE,gEAAgE;QAC7E,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE;YACR,wGAAwG;YACxG,oDAAoD;YACpD,6DAA6D;SAC9D;QACD,SAAS,EAAE,8CAA8C;QACzD,UAAU,EAAE,gEAAgE;QAC5E,WAAW,EAAE,KAAK;KACnB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2CAA2C;QACxD,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE;YACR,mDAAmD;YACnD,8DAA8D;YAC9D,2CAA2C;SAC5C;QACD,SAAS,EAAE,0CAA0C;QACrD,UAAU,EAAE,qDAAqD;QACjE,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,+DAA+D;QAC5E,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,kDAAkD;YAClD,gDAAgD;YAChD,qDAAqD;SACtD;QACD,SAAS,EAAE,iDAAiD;QAC5D,UAAU,EAAE,+CAA+C;QAC3D,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,2CAA2C;QACxD,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE;YACR,uDAAuD;YACvD,iDAAiD;YACjD,2DAA2D;SAC5D;QACD,SAAS,EAAE,oDAAoD;QAC/D,UAAU,EAAE,sDAAsD;QAClE,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,2DAA2D;QACxE,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE;YACR,2DAA2D;YAC3D,8CAA8C;YAC9C,0CAA0C;SAC3C;QACD,SAAS,EAAE,gDAAgD;QAC3D,UAAU,EAAE,iCAAiC;QAC7C,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,kEAAkE;QAC/E,SAAS,EAAE,aAAa;QACxB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,kEAAkE;YAClE,yCAAyC;YACzC,8DAA8D;SAC/D;QACD,SAAS,EAAE,4CAA4C;QACvD,UAAU,EAAE,sCAAsC;QAClD,WAAW,EAAE,IAAI;KAClB;IACD;QACE,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,uDAAuD;QACpE,SAAS,EAAE,MAAM;QACjB,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE;YACR,UAAU;YACV,qBAAqB;YACrB,cAAc;SACf;QACD,SAAS,EAAE,oDAAoD;QAC/D,UAAU,EAAE,mDAAmD;QAC/D,WAAW,EAAE,KAAK;KACnB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAoC;IACtE,OAAO,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,gBAAgB,CAAC,MAAM,CAC5B,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,UAAU;QACpC,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,SAAS,KAAK,aAAa,CAAC,CAC/D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;AAC7D,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Package validation types for developer augmentation features
|
|
3
|
+
*/
|
|
4
|
+
export interface PackageInfo {
|
|
5
|
+
name: string;
|
|
6
|
+
version?: string;
|
|
7
|
+
registry: 'npm' | 'pypi' | 'maven' | 'cargo' | 'gem' | 'nuget' | 'go';
|
|
8
|
+
exists: boolean;
|
|
9
|
+
latestVersion?: string;
|
|
10
|
+
deprecated?: boolean;
|
|
11
|
+
securityIssues?: SecurityIssue[];
|
|
12
|
+
lastChecked?: Date;
|
|
13
|
+
warning?: string;
|
|
14
|
+
}
|
|
15
|
+
export interface SecurityIssue {
|
|
16
|
+
severity: 'low' | 'medium' | 'high' | 'critical';
|
|
17
|
+
description: string;
|
|
18
|
+
cve?: string;
|
|
19
|
+
fixedIn?: string;
|
|
20
|
+
}
|
|
21
|
+
export interface PackageValidationResult {
|
|
22
|
+
package: PackageInfo;
|
|
23
|
+
suggestions?: string[];
|
|
24
|
+
warning?: string;
|
|
25
|
+
blocked: boolean;
|
|
26
|
+
reason?: string;
|
|
27
|
+
}
|
|
28
|
+
export interface RegistryValidator {
|
|
29
|
+
validate(packageName: string, version?: string): Promise<PackageInfo>;
|
|
30
|
+
search(query: string, limit?: number): Promise<PackageInfo[]>;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=package.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package.d.ts","sourceRoot":"","sources":["../../../src/developer/types/package.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,GAAG,OAAO,GAAG,IAAI,CAAC;IACtE,MAAM,EAAE,OAAO,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IACtE,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;CAC/D"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package.js","sourceRoot":"","sources":["../../../src/developer/types/package.ts"],"names":[],"mappings":"AAAA;;GAEG"}
|