dravix-agent 0.1.0

package/dist/engines/python-sinks.js

@@ -0,0 +1,459 @@
+import { makeFindingId } from "../findings.js";
+import { isLineSuppressed, isTestOrFixturePath } from "./pragma.js";
+// ── Helpers ──────────────────────────────────────────────────────────────
+/** A snippet "looks tainted" if it is NOT a pure string literal. We treat
+ * f-strings as tainted because their substituted parts are interpolation —
+ * which is the entire point of an injection bug. */
+function looksTainted(arg) {
+    const s = arg.trim();
+    if (s === "")
+        return false;
+    // f-string: ALWAYS tainted in a sink context (it interpolates).
+    if (/^[rRbBuU]?[fF]['"]/.test(s))
+        return true;
+    // Triple-quoted literal (basic check): treat as untainted IF no expansion.
+    if (/^[rRbBuU]?(?:"""|''')/.test(s))
+        return false;
+    // Plain string literal (no concat / format / mod): untainted.
+    if (/^[rRbBuU]?['"]/.test(s)) {
+        // Look for concat indicators: + var, % var, .format(, .join(
+        if (/[+%]\s*[a-zA-Z_]/.test(s))
+            return true;
+        if (/\.format\s*\(/.test(s))
+            return true;
+        return false;
+    }
+    // Anything else is a variable / function call / expression → tainted.
+    return true;
+}
+/** Detect ``shell=True`` anywhere in the call args. */
+function hasShellTrue(args) {
+    return /shell\s*=\s*True\b/.test(args);
+}
+/** Detect ``Loader=`` keyword in yaml.load arg list. */
+function hasYamlLoader(args) {
+    return /\bLoader\s*=/.test(args);
+}
+/** Approximate first positional argument from a parenthesized call body.
+ * Naive: split on the first top-level comma. Good enough for the patterns
+ * here; we explicitly do NOT attempt to handle nested calls precisely
+ * because the critic refines. */
+function firstPositionalArg(body) {
+    let depth = 0;
+    let inStr = null;
+    for (let i = 0; i < body.length; i++) {
+        const c = body[i];
+        if (inStr) {
+            if (c === inStr && body[i - 1] !== "\\")
+                inStr = null;
+            continue;
+        }
+        if (c === '"' || c === "'") {
+            inStr = c;
+            continue;
+        }
+        if (c === "(" || c === "[" || c === "{")
+            depth++;
+        else if (c === ")" || c === "]" || c === "}")
+            depth--;
+        else if (c === "," && depth === 0)
+            return body.slice(0, i).trim();
+    }
+    return body.trim();
+}
+// ── Rules ────────────────────────────────────────────────────────────────
+const RULES = [
+    {
+        id: "os-system-tainted",
+        cwe: "CWE-78",
+        severity: "high",
+        what: "os.system() called with non-literal argument",
+        pattern: /\bos\.system\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Replace os.system() with subprocess.run([...], shell=False) passing a list of args. " +
+            "Validate the user-controlled value against a strict allow-list before invoking.",
+    },
+    {
+        id: "subprocess-shell-true",
+        cwe: "CWE-78",
+        severity: "high",
+        what: "subprocess.* called with shell=True and a tainted command",
+        pattern: /\bsubprocess\.(?:run|call|check_output|check_call|Popen)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first, all) => hasShellTrue(all) && looksTainted(first),
+        remediation: "Drop shell=True; pass the command as a list (e.g. ['nslookup', user_input]). " +
+            "shell=True invokes /bin/sh -c which lets the attacker chain commands with ; | & $().",
+    },
+    {
+        id: "subprocess-fstring",
+        cwe: "CWE-78",
+        severity: "high",
+        what: "subprocess.* called with an f-string as the command",
+        pattern: /\bsubprocess\.(?:run|call|check_output|check_call|Popen)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => /^[rRbBuU]?[fF]['"]/.test(first.trim()),
+        remediation: "Build the command as a list: subprocess.run(['nslookup', value], shell=False). " +
+            "An f-string in the command position interpolates user input directly into shell metacharacters.",
+    },
+    {
+        id: "eval-tainted",
+        cwe: "CWE-95",
+        severity: "critical",
+        what: "eval() called with non-literal argument",
+        pattern: /(?<![\w.])eval\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Never eval untrusted input. If you need to evaluate constants safely, use ast.literal_eval(). " +
+            "For JSON, use json.loads(). For dynamic dispatch, use a name→function dict, not eval.",
+    },
+    {
+        id: "exec-tainted",
+        cwe: "CWE-95",
+        severity: "critical",
+        what: "exec() called with non-literal argument",
+        pattern: /(?<![\w.])exec\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Never exec untrusted input. Replace dynamic exec patterns with explicit dispatch over an " +
+            "allow-listed map of behaviors. Code-as-data should be data — JSON / config files / plugins.",
+    },
+    {
+        id: "pickle-loads",
+        cwe: "CWE-502",
+        severity: "high",
+        what: "pickle.{loads,load}() — unsafe deserialization",
+        pattern: /\bpickle\.(?:loads|load)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: () => true, // pickle.loads on ANY untrusted bytes is RCE
+        remediation: "pickle deserialization on untrusted bytes is remote code execution. Switch to JSON / msgpack / " +
+            "protobuf — or sign the pickle blob (HMAC) before reading and verify signature.",
+    },
+    {
+        id: "yaml-load-no-safe-loader",
+        cwe: "CWE-502",
+        severity: "high",
+        what: "yaml.load() without Loader=SafeLoader",
+        pattern: /\byaml\.load\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (_first, all) => !hasYamlLoader(all),
+        remediation: "Use yaml.safe_load(stream) — or yaml.load(stream, Loader=yaml.SafeLoader). Plain yaml.load " +
+            "with the default Loader constructs arbitrary Python objects and can execute attacker code.",
+    },
+    {
+        id: "dynamic-import",
+        cwe: "CWE-94",
+        severity: "high",
+        what: "__import__() called with non-literal argument",
+        pattern: /\b__import__\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Dynamic __import__ on user input lets attackers load any module path. Maintain an explicit " +
+            "allow-list of permitted module names and use importlib.import_module(name) after validating.",
+    },
+    {
+        id: "path-traversal-send-file",
+        cwe: "CWE-22",
+        severity: "high",
+        what: "Flask send_file() with a tainted path",
+        // send_file is essentially "ship this file to the client". Any tainted
+        // arg here is path-traversal-of-the-week — caller can read /etc/passwd.
+        pattern: /\bsend_file\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Resolve the requested name to an allow-listed file under a fixed root; reject anything containing " +
+            "'..', '/', '\\\\', or a colon. Better: use Flask.send_from_directory(safe_root, requested_name) " +
+            "which Flask itself rejects traversal sequences from.",
+    },
+    {
+        id: "ssrf-urlopen",
+        cwe: "CWE-918",
+        severity: "high",
+        what: "urlopen() called with a tainted URL — server-side request forgery",
+        pattern: /\burlopen\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Validate the URL: parse with urllib.parse.urlparse, require an https scheme, and check the host " +
+            "against an allow-list (or at minimum reject 169.254.169.254, localhost, RFC1918 ranges to stop " +
+            "metadata-service / internal-network probes). Consider requests with a timeout + verify=True.",
+    },
+    {
+        id: "weak-crypto-md5",
+        cwe: "CWE-327",
+        severity: "high",
+        what: "MD5 used for hashing — broken; do not use for credentials, tokens, or signatures",
+        // hashlib.md5(<anything>) — MD5 is collisionable, not preimage-resistant
+        // enough for any security use. Allowing checksums is the user's call (a
+        // suppress entry / non-security context) — critic refines.
+        pattern: /\bhashlib\.md5\s*\(/g,
+        isDangerous: () => true,
+        remediation: "Switch to a memory-hard password hash (argon2-cffi / bcrypt / scrypt) for credentials. For " +
+            "integrity / signatures use SHA-256 (hashlib.sha256). If MD5 is required for protocol compatibility " +
+            "(legacy etag, content checksum vs trusted source), suppress with a comment explaining why.",
+    },
+    {
+        id: "weak-crypto-sha1",
+        cwe: "CWE-327",
+        severity: "high",
+        what: "SHA-1 used for hashing — collisions are practical; do not use for security",
+        pattern: /\bhashlib\.sha1\s*\(/g,
+        isDangerous: () => true,
+        remediation: "Replace with hashlib.sha256 or hashlib.sha3_256. For password hashing use argon2 / bcrypt / scrypt. " +
+            "SHA-1 has practical collision attacks (SHAttered) and must not be used for signatures or password storage.",
+    },
+    {
+        id: "weak-crypto-hashlib-new",
+        cwe: "CWE-327",
+        severity: "high",
+        what: "hashlib.new() called with a weak algorithm name (md5/sha1/md4)",
+        pattern: /\bhashlib\.new\s*\(\s*['"]([^'"]+)['"]/g,
+        // Group 1 is the algorithm name string.
+        isDangerous: (first) => /^(md5|sha1|md4|md2|mdc2|ripemd160)$/i.test(first),
+        remediation: "Use hashlib.new('sha256') or a direct constructor (hashlib.sha256). Avoid MD5/SHA1/MD4 for any " +
+            "security-related hashing including passwords, session tokens, signatures, and integrity proofs.",
+    },
+    {
+        id: "open-redirect-flask",
+        cwe: "CWE-601",
+        severity: "high",
+        what: "Flask redirect() with a tainted URL — open redirect / phishing pivot",
+        pattern: /\bredirect\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        fileGate: (c) => /\b(?:from\s+flask\b|import\s+flask\b)/.test(c),
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Validate the next URL: only allow same-host destinations via urlparse + url_for, or maintain " +
+            "an allow-list of safe targets. Never blindly redirect to a value taken from request.args/form.",
+    },
+    {
+        id: "ssrf-requests",
+        cwe: "CWE-918",
+        severity: "high",
+        what: "requests.{get,post,put,delete,patch,head} called with a tainted URL",
+        pattern: /\brequests\.(?:get|post|put|delete|patch|head|request)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Validate the URL: parse with urllib.parse.urlparse, check scheme in {http,https}, resolve hostname " +
+            "and reject loopback / link-local / RFC1918 ranges. Use an allow-list per integration boundary. " +
+            "Set timeout= and verify=True; do not follow redirects to internal hosts.",
+    },
+    {
+        id: "ssti-render-template-string",
+        cwe: "CWE-94",
+        severity: "critical",
+        what: "Jinja render_template_string() with tainted template — server-side template injection (RCE)",
+        pattern: /\brender_template_string\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        // render_template_string is a flask import — gate keeps the FP rate low.
+        fileGate: (c) => /\b(?:from\s+flask\b|import\s+flask\b|render_template_string)/.test(c),
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Never pass user input as the template SOURCE — pass it as a CONTEXT variable to a static template " +
+            "(render_template('view.html', name=user_input)). SSTI in Jinja gives the attacker arbitrary Python " +
+            "execution via {{ ''.__class__.__mro__[1].__subclasses__()[...]() }} sandbox-escape chains.",
+    },
+    {
+        id: "jwt-signature-disabled",
+        cwe: "CWE-347",
+        severity: "critical",
+        what: "JWT decoded with signature verification DISABLED",
+        pattern: /\bjwt\.decode\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (_first, all) => /verify_signature\s*[:=]\s*False/.test(all) || /verify\s*=\s*False/.test(all),
+        remediation: "Remove verify=False / verify_signature=False — that disables ALL authenticity guarantees. Always " +
+            "call jwt.decode(token, key, algorithms=['HS256']) with the actual signing key. If the token must " +
+            "be inspected pre-validation, parse the header only via jwt.get_unverified_header (NEVER trust the body).",
+    },
+    {
+        id: "weak-random-for-security",
+        cwe: "CWE-330",
+        severity: "high",
+        what: "random module used in a security-sensitive context",
+        // Only flag when the FILE contains a security keyword (token / secret /
+        // key / password / nonce / csrf / session / api_key / auth). Files that
+        // use random for dice / Monte Carlo / unit tests don't trigger.
+        pattern: /\brandom\.(?:random|randint|randrange|choice|choices|sample|getrandbits|shuffle|uniform)\s*\(/g,
+        // V2-20b/c — drop \b for snake_case/camelCase-appendable terms. The
+        // \b in /\bsession\b/ doesn't match inside `create_session_id` because
+        // `_` and letters are both word chars (no boundary between `n` and
+        // `_`). For tightly-bounded false-positive terms ("secret" matching
+        // "Secretary") we keep the boundary explicitly.
+        fileGate: (c) => /(?:token|password|nonce|csrf|sessionid|session|sid|api[_-]?key|auth[_-]?key|signing[_-]?key)/i.test(c) ||
+            /\bsecret\b/i.test(c) ||
+            /\bsalt\b/i.test(c),
+        isDangerous: () => true,
+        remediation: "Use the secrets module: secrets.token_urlsafe(), secrets.token_bytes(), secrets.choice(). The random " +
+            "module is a Mersenne Twister — predictable after observing ~624 outputs and unsuitable for tokens, " +
+            "session ids, passwords, nonces, CSRF tokens, or anything an attacker can guess and exploit.",
+    },
+    {
+        id: "xxe-lxml-parse",
+        cwe: "CWE-611",
+        severity: "high",
+        what: "lxml.etree.parse / fromstring without resolve_entities=False — XXE risk",
+        pattern: /\blxml\.etree\.(?:parse|fromstring|XML|HTML)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (_first, all) => !/resolve_entities\s*=\s*False/.test(all),
+        remediation: "Use a hardened parser: parser = lxml.etree.XMLParser(resolve_entities=False, no_network=True, " +
+            "huge_tree=False); etree.parse(source, parser). Plain lxml.etree.parse with the default parser " +
+            "expands external entities and is vulnerable to billion-laughs DoS + SSRF + local file disclosure.",
+    },
+    {
+        id: "flask-debug-true",
+        cwe: "CWE-489",
+        severity: "high",
+        what: "Flask app.run(debug=True) — Werkzeug debugger exposes a Python REPL via PIN bypass",
+        pattern: /\.run\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        fileGate: (c) => /\b(?:from\s+flask\b|import\s+flask\b|Flask\s*\()/.test(c),
+        isDangerous: (_first, all) => /debug\s*=\s*True\b/.test(all),
+        remediation: "Never ship debug=True. Read from env: app.run(debug=os.environ.get('FLASK_ENV')=='development'). " +
+            "The Werkzeug debugger PIN can be derived from publicly-readable values (machine-id + uuid) — Snyk and " +
+            "ProjectDiscovery have weaponised this into one-shot RCE on real-world exposed Flask apps.",
+    },
+    {
+        id: "sqli-cursor-fstring",
+        cwe: "CWE-89",
+        severity: "critical",
+        what: "cursor.execute() called with an f-string (SQL built by string interpolation)",
+        pattern: /\b(?:cursor|cur|conn)\.execute\s*\(\s*([rR]?[fF]['"][\s\S]*?['"])(?:\s*[,)])/g,
+        isDangerous: (first) => /^[rR]?[fF]['"]/.test(first.trim()),
+        remediation: "Use parameter binding: cursor.execute('SELECT ... WHERE col = ?', (value,)). " +
+            "F-string interpolation into SQL is SQL injection by construction; even \"safe-looking\" inputs " +
+            "(numbers, UUIDs) can be exploited via type coercion bugs in the driver.",
+    },
+    {
+        id: "sqli-cursor-percent-format",
+        cwe: "CWE-89",
+        severity: "critical",
+        what: "cursor.execute() with %-format string concatenating a variable into SQL",
+        // Match cursor.execute("SELECT ... %s ..." % var) — Python's `%` operator
+        // applied to a SQL string with non-literal RHS.
+        pattern: /\b(?:cursor|cur|conn)\.execute\s*\(\s*['"][^'"]*%[sd][^'"]*['"]\s*%\s*([^)]+)\)/g,
+        isDangerous: (first) => looksTainted(first),
+        remediation: "Replace the manual %-substitution with DB-API parameter binding: " +
+            "cursor.execute('SELECT ... WHERE col = %s', (value,))  (NOT the Python %-operator — " +
+            "let the driver do the substitution).",
+    },
+    {
+        id: "xxe-stdlib-etree",
+        cwe: "CWE-611",
+        severity: "high",
+        what: "Python stdlib xml.* parser used on untrusted input — XXE / billion laughs",
+        pattern: /\bxml\.(?:sax|dom\.minidom|etree\.ElementTree)\.(?:parse|parseString|fromstring|XML)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: () => true,
+        remediation: "Switch to defusedxml: from defusedxml.ElementTree import parse, fromstring (drop-in replacement). " +
+            "Python's stdlib xml.* documentation explicitly says it is NOT safe for untrusted XML — defusedxml " +
+            "disables entity expansion, external-entity resolution, and DTD loading by default.",
+    },
+    {
+        id: "requests-verify-false",
+        cwe: "CWE-295",
+        severity: "critical",
+        what: "requests.* called with verify=False — TLS certificate verification disabled",
+        pattern: /\brequests\.(?:get|post|put|delete|patch|head|request)\s*\(([^()]*(?:\([^()]*\)[^()]*)*)\)/g,
+        isDangerous: (_first, all) => /\bverify\s*=\s*False\b/.test(all),
+        remediation: "Remove verify=False. If the target uses a private CA, point verify= to your CA bundle path " +
+            "(verify='/etc/ssl/private-ca.pem'). Disabling verification removes ALL guarantees about who you " +
+            "are talking to — a MITM can transparently read and modify the traffic.",
+    },
+    {
+        id: "fail-open-permission-except",
+        cwe: "CWE-755",
+        severity: "high",
+        // Auth-named function whose body contains `except ... return True`.
+        // Real-world ransom: a DB blip → all-access-granted for an hour.
+        what: "Authorization function returns True from an exception handler — fail-OPEN on errors (CWE-755 + CWE-863)",
+        // Match a def with auth-suggestive name; capture up to 4000 chars of
+        // body in group 1. isDangerous checks the body for an `except: return True`.
+        // Naming prefixes restricted to security-critical ones so non-auth
+        // utility funcs (is_debug, is_dry_run) don't false-positive.
+        pattern: /def\s+(?:can_|may_|has_(?:perm|access|role|right|priv)|is_(?:admin|allowed|authorized|authenticated|owner|trusted|permitted|approved|staff|superuser|root)|check_(?:perm|access|auth)|authorize|verify_(?:token|bearer|signature|jwt|owner|access|password)|allow_|grant_)\w*\s*\([^)]*\)[^:]*:([\s\S]{0,4000})/g,
+        isDangerous: (_first, body) => /\bexcept\b[^:]*:[\s\S]{0,500}?\breturn\s+True\b/.test(body),
+        remediation: "Fail CLOSED: replace `except: return True` with `except Exception as e: log.exception(...); " +
+            "return False`. Authorization functions MUST default to DENYING access when the dependency (DB, " +
+            "network, cache) is unavailable — a fail-open default lets a transient outage silently grant " +
+            "unrestricted access (real-world: TJ-Maxx 2007, AT&T 2010). If the caller needs to differentiate " +
+            "'denied' from 'unknown', raise a typed error and let an outer middleware decide.",
+    },
+    {
+        id: "non-constant-time-compare",
+        cwe: "CWE-208",
+        severity: "high",
+        what: "Non-constant-time comparison of secret material (token / password / HMAC / signature) using == or != — timing side-channel leak",
+        // Match ANY var-to-var (or var-to-literal) comparison. The
+        // isDangerous predicate decides if it's a secret comparison.
+        pattern: /\b([a-zA-Z_]\w*\s*(?:==|!=)\s*(?:[a-zA-Z_]\w*|['"][^'"]*['"]|None|True|False|\d+))/g,
+        isDangerous: (expr) => {
+            // Nullity / empty / boolean checks are NOT timing-sensitive.
+            if (/(?:==|!=)\s*(?:None|null|undefined|False|True|0|''|"")/.test(expr))
+                return false;
+            const m = expr.match(/^([a-zA-Z_]\w*)\s*(?:==|!=)\s*(.+)$/);
+            if (!m)
+                return false;
+            const lhs = m[1];
+            const rhs = m[2].trim();
+            if (lhs === rhs)
+                return false; // var == var → bogus
+            // Either side contains a secret-named word (case-insensitive, camelCase-friendly).
+            const SECRET = /(token|secret|password|hmac|signature|api[_-]?key|auth[_-]?key|csrf|nonce|session[_-]?id|bearer|mac|digest|salt)/i;
+            return SECRET.test(lhs) || SECRET.test(rhs);
+        },
+        remediation: "Use hmac.compare_digest(supplied, expected) for any secret comparison — it runs in constant time " +
+            "regardless of how many bytes match, so an attacker cannot recover the secret one byte at a time " +
+            "by measuring response latency. Applies to bearer tokens, CSRF tokens, HMAC verification, password " +
+            "equality checks, JWT signature compares, and webhook signing-secret validation.",
+    },
+];
+// ── Engine ───────────────────────────────────────────────────────────────
+export class PythonSinksEngine {
+    name = "python-sinks";
+    languages = ["python"];
+    async available() {
+        return true; // pure JS regex; always available
+    }
+    async run(input) {
+        const t0 = Date.now();
+        const findings = [];
+        if (input.lang !== "python") {
+            return { engine: this.name, findings: [], unavailable: false, durationMs: 0 };
+        }
+        if (isTestOrFixturePath(input.filePath)) {
+            return { engine: this.name, findings: [], unavailable: false, durationMs: 0 };
+        }
+        const content = input.content;
+        const lines = content.split(/\r?\n/);
+        for (const rule of RULES) {
+            // File-level gate: skip the whole rule if the file doesn't fit
+            // the framework/context it targets (cheaper than per-match check).
+            if (rule.fileGate && !rule.fileGate(content))
+                continue;
+            rule.pattern.lastIndex = 0;
+            let m;
+            while ((m = rule.pattern.exec(content)) !== null) {
+                const allArgs = m[1] ?? "";
+                const firstArg = firstPositionalArg(allArgs);
+                if (!rule.isDangerous(firstArg, allArgs, content))
+                    continue;
+                const upTo = content.slice(0, m.index);
+                const line = upTo.split(/\r?\n/).length;
+                const snippet = (lines[line - 1] ?? "").slice(0, 400);
+                if (isLineSuppressed(snippet, rule.id))
+                    continue;
+                findings.push({
+                    id: makeFindingId({
+                        engine: this.name,
+                        file: input.filePath,
+                        line,
+                        rule_id: rule.id,
+                    }),
+                    engine: "python-sinks",
+                    file: input.filePath,
+                    line,
+                    rule_id: rule.id,
+                    cwe: rule.cwe,
+                    severity: rule.severity,
+                    message: `${rule.what}. Likely ${rule.cwe} — review and remediate before merging.`,
+                    evidence: { snippet },
+                    // 0.75 = enough to drive a high-severity block via decide() rules
+                    // AND to route the critic for refinement (stage1_findings signal),
+                    // but the critic can refute with its own counter-finding.
+                    confidence: 0.75,
+                    source: "pattern",
+                    remediation: rule.remediation,
+                });
+            }
+        }
+        return {
+            engine: this.name,
+            findings,
+            unavailable: false,
+            durationMs: Date.now() - t0,
+        };
+    }
+}
+// Internal exports for unit tests only.
+export const _testing = { RULES, looksTainted, firstPositionalArg, hasShellTrue, hasYamlLoader };
+//# sourceMappingURL=python-sinks.js.map

package/dist/engines/python-sinks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"python-sinks.js","sourceRoot":"","sources":["../../src/engines/python-sinks.ts"],"names":[],"mappings":"AAiCA,OAAO,EAAW,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAExD,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAuBpE,4EAA4E;AAE5E;;oDAEoD;AACpD,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC3B,gEAAgE;IAChE,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,2EAA2E;IAC3E,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,8DAA8D;IAC9D,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,6DAA6D;QAC7D,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,sEAAsE;IACtE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uDAAuD;AACvD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,wDAAwD;AACxD,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED;;;iCAGiC;AACjC,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QACnB,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;gBAAE,KAAK,GAAG,IAAI,CAAC;YACtD,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YAC3B,KAAK,GAAG,CAAC,CAAC;YACV,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aAC5C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACjD,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpE,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;AACrB,CAAC;AAED,4EAA4E;AAE5E,MAAM,KAAK,GAA4B;IACrC;QACE,EAAE,EAAE,mBAAmB;QACvB,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,8CAA8C;QACpD,OAAO,EAAE,mDAAmD;QAC5D,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,sFAAsF;YACtF,iFAAiF;KACpF;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,2DAA2D;QACjE,OAAO,EACL,+FAA+F;QACjG,WAAW,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC;QACrE,WAAW,EACT,+EAA+E;YAC/E,sFAAsF;KACzF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qDAAqD;QAC3D,OAAO,EACL,+FAA+F;QACjG,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAC/D,WAAW,EACT,iFAAiF;YACjF,iGAAiG;KACpG;IACD;QACE,EAAE,EAAE,cAAc;QAClB,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,yCAAyC;QAC/C,OAAO,EAAE,qDAAqD;QAC9D,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,gGAAgG;YAChG,uFAAuF;KAC1F;IACD;QACE,EAAE,EAAE,cAAc;QAClB,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,yCAAyC;QAC/C,OAAO,EAAE,qDAAqD;QAC9D,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,2FAA2F;YAC3F,6FAA6F;KAChG;IACD;QACE,EAAE,EAAE,cAAc;QAClB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,gDAAgD;QACtD,OAAO,EAAE,+DAA+D;QACxE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,6CAA6C;QACtE,WAAW,EACT,iGAAiG;YACjG,gFAAgF;KACnF;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,mDAAmD;QAC5D,WAAW,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC;QACjD,WAAW,EACT,6FAA6F;YAC7F,4FAA4F;KAC/F;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,+CAA+C;QACrD,OAAO,EAAE,mDAAmD;QAC5D,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,6FAA6F;YAC7F,8FAA8F;KACjG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,uCAAuC;QAC7C,uEAAuE;QACvE,wEAAwE;QACxE,OAAO,EAAE,kDAAkD;QAC3D,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,oGAAoG;YACpG,kGAAkG;YAClG,sDAAsD;KACzD;IACD;QACE,EAAE,EAAE,cAAc;QAClB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,mEAAmE;QACzE,OAAO,EAAE,gDAAgD;QACzD,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,kGAAkG;YAClG,iGAAiG;YACjG,8FAA8F;KACjG;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kFAAkF;QACxF,yEAAyE;QACzE,wEAAwE;QACxE,2DAA2D;QAC3D,OAAO,EAAE,sBAAsB;QAC/B,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI;QACvB,WAAW,EACT,6FAA6F;YAC7F,qGAAqG;YACrG,4FAA4F;KAC/F;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,4EAA4E;QAClF,OAAO,EAAE,uBAAuB;QAChC,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI;QACvB,WAAW,EACT,sGAAsG;YACtG,4GAA4G;KAC/G;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,gEAAgE;QACtE,OAAO,EAAE,yCAAyC;QAClD,wCAAwC;QACxC,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,sCAAsC,CAAC,IAAI,CAAC,KAAK,CAAC;QAC1E,WAAW,EACT,iGAAiG;YACjG,iGAAiG;KACpG;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,sEAAsE;QAC5E,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,uCAAuC,CAAC,IAAI,CAAC,CAAC,CAAC;QAChE,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,+FAA+F;YAC/F,gGAAgG;KACnG;IACD;QACE,EAAE,EAAE,eAAe;QACnB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qEAAqE;QAC3E,OAAO,EAAE,6FAA6F;QACtG,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,qGAAqG;YACrG,iGAAiG;YACjG,0EAA0E;KAC7E;IACD;QACE,EAAE,EAAE,6BAA6B;QACjC,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,6FAA6F;QACnG,OAAO,EAAE,+DAA+D;QACxE,yEAAyE;QACzE,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CACd,8DAA8D,CAAC,IAAI,CAAC,CAAC,CAAC;QACxE,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,oGAAoG;YACpG,qGAAqG;YACrG,4FAA4F;KAC/F;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kDAAkD;QACxD,OAAO,EAAE,oDAAoD;QAC7D,WAAW,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAC3B,iCAAiC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC;QAC/E,WAAW,EACT,mGAAmG;YACnG,mGAAmG;YACnG,0GAA0G;KAC7G;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oDAAoD;QAC1D,wEAAwE;QACxE,wEAAwE;QACxE,gEAAgE;QAChE,OAAO,EACL,gGAAgG;QAClG,oEAAoE;QACpE,uEAAuE;QACvE,mEAAmE;QACnE,oEAAoE;QACpE,gDAAgD;QAChD,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CACd,+FAA+F,CAAC,IAAI,CAClG,CAAC,CACF;YACD,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACrB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QACrB,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI;QACvB,WAAW,EACT,uGAAuG;YACvG,qGAAqG;YACrG,6FAA6F;KAChG;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,yEAAyE;QAC/E,OAAO,EAAE,mFAAmF;QAC5F,WAAW,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,8BAA8B,CAAC,IAAI,CAAC,GAAG,CAAC;QACvE,WAAW,EACT,gGAAgG;YAChG,gGAAgG;YAChG,mGAAmG;KACtG;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oFAAoF;QAC1F,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kDAAkD,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3E,WAAW,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC;QAC5D,WAAW,EACT,mGAAmG;YACnG,wGAAwG;YACxG,2FAA2F;KAC9F;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,8EAA8E;QACpF,OAAO,EAAE,+EAA+E;QACxF,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAC3D,WAAW,EACT,+EAA+E;YAC/E,iGAAiG;YACjG,yEAAyE;KAC5E;IACD;QACE,EAAE,EAAE,4BAA4B;QAChC,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,yEAAyE;QAC/E,0EAA0E;QAC1E,gDAAgD;QAChD,OAAO,EACL,kFAAkF;QACpF,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;QAC3C,WAAW,EACT,mEAAmE;YACnE,sFAAsF;YACtF,sCAAsC;KACzC;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,2EAA2E;QACjF,OAAO,EACL,2HAA2H;QAC7H,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI;QACvB,WAAW,EACT,oGAAoG;YACpG,oGAAoG;YACpG,oFAAoF;KACvF;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,6EAA6E;QACnF,OAAO,EACL,6FAA6F;QAC/F,WAAW,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC;QAChE,WAAW,EACT,6FAA6F;YAC7F,kGAAkG;YAClG,wEAAwE;KAC3E;IACD;QACE,EAAE,EAAE,6BAA6B;QACjC,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,oEAAoE;QACpE,iEAAiE;QACjE,IAAI,EACF,yGAAyG;QAC3G,qEAAqE;QACrE,6EAA6E;QAC7E,mEAAmE;QACnE,6DAA6D;QAC7D,OAAO,EACL,kTAAkT;QACpT,WAAW,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAC5B,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC;QAC9D,WAAW,EACT,8FAA8F;YAC9F,iGAAiG;YACjG,8FAA8F;YAC9F,kGAAkG;YAClG,kFAAkF;KACrF;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,IAAI,EACF,iIAAiI;QACnI,2DAA2D;QAC3D,6DAA6D;QAC7D,OAAO,EACL,qFAAqF;QACvF,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE;YACpB,6DAA6D;YAC7D,IAAI,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YACtF,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YAC5D,IAAI,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACrB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;YAClB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,GAAG,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAC,qBAAqB;YACpD,mFAAmF;YACnF,MAAM,MAAM,GACV,mHAAmH,CAAC;YACtH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9C,CAAC;QACD,WAAW,EACT,mGAAmG;YACnG,kGAAkG;YAClG,oGAAoG;YACpG,iFAAiF;KACpF;CACF,CAAC;AAEF,4EAA4E;AAE5E,MAAM,OAAO,iBAAiB;IACnB,IAAI,GAAG,cAAuB,CAAC;IAC/B,SAAS,GAAwB,CAAC,QAAQ,CAAC,CAAC;IAErD,KAAK,CAAC,SAAS;QACb,OAAO,IAAI,CAAC,CAAC,kCAAkC;IACjD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAqB;QAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;QAChF,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,+DAA+D;YAC/D,mEAAmE;YACnE,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,SAAS;YACvD,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAC3B,IAAI,CAAyB,CAAC;YAC9B,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACjD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC7C,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;oBAAE,SAAS;gBAE5D,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;gBACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;gBACxC,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACtD,IAAI,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;oBAAE,SAAS;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,aAAa,CAAC;wBAChB,MAAM,EAAE,IAAI,CAAC,IAAI;wBACjB,IAAI,EAAE,KAAK,CAAC,QAAQ;wBACpB,IAAI;wBACJ,OAAO,EAAE,IAAI,CAAC,EAAE;qBACjB,CAAC;oBACF,MAAM,EAAE,cAAc;oBACtB,IAAI,EAAE,KAAK,CAAC,QAAQ;oBACpB,IAAI;oBACJ,OAAO,EAAE,IAAI,CAAC,EAAE;oBAChB,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,YAAY,IAAI,CAAC,GAAG,yCAAyC;oBAClF,QAAQ,EAAE,EAAE,OAAO,EAAE;oBACrB,kEAAkE;oBAClE,mEAAmE;oBACnE,0DAA0D;oBAC1D,UAAU,EAAE,IAAI;oBAChB,MAAM,EAAE,SAAS;oBACjB,WAAW,EAAE,IAAI,CAAC,WAAW;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,IAAI;YACjB,QAAQ;YACR,WAAW,EAAE,KAAK;YAClB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE;SAC5B,CAAC;IACJ,CAAC;CACF;AAED,wCAAwC;AACxC,MAAM,CAAC,MAAM,QAAQ,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC"}

package/dist/engines/registry.d.ts

@@ -0,0 +1,26 @@
+import { Engine } from "./types.js";
+/** Stage-1 engines. Ordered by typical latency (fast first).
+ *
+ * ``joernEngine`` and ``pysaEngine`` are here despite being expensive —
+ * that expense lives in ``aegis index --joern`` / ``aegis index --pysa``
+ * (CPG build / taint summary build). At gate time these engines just
+ * read pre-computed ``findings.jsonl`` files, so they're milliseconds. */
+export declare const ENGINES: ReadonlyArray<Engine>;
+/** Stage-2 engines.
+ *
+ * Both engines spend an LLM message + are gated by the orchestrator's
+ * routing predicate (only invoked when stage-1 surfaced something OR
+ * Vul-RAG signal is above threshold).
+ *
+ * ``propertyTestEngine`` PROVES bugs by generating a Hypothesis property
+ * via Claude and executing it in a WSL sandbox. A counterexample = a
+ * definitive bug (not a speculative judgement) so its findings get
+ * confidence 0.95 — effectively a hard block when severity high. */
+export declare const STAGE2_ENGINES: ReadonlyArray<Engine>;
+/** All engines (stage 1 + stage 2) — used by `aegis doctor` to report
+ * availability across the full set. */
+export declare const ALL_ENGINES: ReadonlyArray<Engine>;
+/** Subset by name — used by CLI / tests to filter. Searches stage-1 and
+ * stage-2 engines so e.g. ``engineByName("llm-critic")`` works. */
+export declare function engineByName(name: string): Engine | undefined;
+//# sourceMappingURL=registry.d.ts.map

package/dist/engines/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/engines/registry.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAQpC;;;;;0EAK0E;AAC1E,eAAO,MAAM,OAAO,EAAE,aAAa,CAAC,MAAM,CAYxC,CAAC;AAEH;;;;;;;;;oEASoE;AACpE,eAAO,MAAM,cAAc,EAAE,aAAa,CAAC,MAAM,CAG/C,CAAC;AAEH;uCACuC;AACvC,eAAO,MAAM,WAAW,EAAE,aAAa,CAAC,MAAM,CAG5C,CAAC;AAEH;mEACmE;AACnE,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAE7D"}

package/dist/engines/registry.js

@@ -0,0 +1,70 @@
+/** Registry of all engines.
+ *
+ * Engines are split into two stages:
+ *   - ``ENGINES`` (stage 1): fast deterministic — run in parallel on every file.
+ *     Latency budget ≤ 500 ms p95.
+ *   - ``STAGE2_ENGINES`` (stage 2): the LLM critic. Runs only when the
+ *     orchestrator's routing predicate decides it's worth the LLM cost. Sees
+ *     the merged stage-1 findings + project context + Vul-RAG hits.
+ *
+ * Keeping the two arrays separate makes the orchestrator's two-stage loop
+ * obvious and lets ad-hoc callers (tests, CLI) skip stage 2 trivially.
+ */
+import { AiSinksEngine } from "./ai-sinks.js";
+import { joernEngine } from "./joern.js";
+import { JsSinksEngine } from "./js-sinks.js";
+import { llmCriticEngine } from "./llm-critic.js";
+import { propertyTestEngine } from "./property-test.js";
+import { pysaEngine } from "./pysa.js";
+import { PythonSinksEngine } from "./python-sinks.js";
+import { ESLintEngine } from "./eslint.js";
+import { PyrightEngine } from "./pyright.js";
+import { SecretScanEngine } from "./secret-scan.js";
+import { SemgrepEngine } from "./semgrep.js";
+import { TreeSitterEngine } from "./treesitter.js";
+import { TscEngine } from "./tsc.js";
+/** Stage-1 engines. Ordered by typical latency (fast first).
+ *
+ * ``joernEngine`` and ``pysaEngine`` are here despite being expensive —
+ * that expense lives in ``aegis index --joern`` / ``aegis index --pysa``
+ * (CPG build / taint summary build). At gate time these engines just
+ * read pre-computed ``findings.jsonl`` files, so they're milliseconds. */
+export const ENGINES = Object.freeze([
+    new SecretScanEngine(),
+    new PythonSinksEngine(),
+    new JsSinksEngine(),
+    new AiSinksEngine(),
+    new TreeSitterEngine(),
+    new ESLintEngine(),
+    new PyrightEngine(),
+    new TscEngine(),
+    new SemgrepEngine(),
+    joernEngine,
+    pysaEngine,
+]);
+/** Stage-2 engines.
+ *
+ * Both engines spend an LLM message + are gated by the orchestrator's
+ * routing predicate (only invoked when stage-1 surfaced something OR
+ * Vul-RAG signal is above threshold).
+ *
+ * ``propertyTestEngine`` PROVES bugs by generating a Hypothesis property
+ * via Claude and executing it in a WSL sandbox. A counterexample = a
+ * definitive bug (not a speculative judgement) so its findings get
+ * confidence 0.95 — effectively a hard block when severity high. */
+export const STAGE2_ENGINES = Object.freeze([
+    llmCriticEngine,
+    propertyTestEngine,
+]);
+/** All engines (stage 1 + stage 2) — used by `aegis doctor` to report
+ * availability across the full set. */
+export const ALL_ENGINES = Object.freeze([
+    ...ENGINES,
+    ...STAGE2_ENGINES,
+]);
+/** Subset by name — used by CLI / tests to filter. Searches stage-1 and
+ * stage-2 engines so e.g. ``engineByName("llm-critic")`` works. */
+export function engineByName(name) {
+    return ALL_ENGINES.find((e) => e.name === name);
+}
+//# sourceMappingURL=registry.js.map

package/dist/engines/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/engines/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC;;;;;0EAK0E;AAC1E,MAAM,CAAC,MAAM,OAAO,GAA0B,MAAM,CAAC,MAAM,CAAC;IAC1D,IAAI,gBAAgB,EAAE;IACtB,IAAI,iBAAiB,EAAE;IACvB,IAAI,aAAa,EAAE;IACnB,IAAI,aAAa,EAAE;IACnB,IAAI,gBAAgB,EAAE;IACtB,IAAI,YAAY,EAAE;IAClB,IAAI,aAAa,EAAE;IACnB,IAAI,SAAS,EAAE;IACf,IAAI,aAAa,EAAE;IACnB,WAAW;IACX,UAAU;CACX,CAAC,CAAC;AAEH;;;;;;;;;oEASoE;AACpE,MAAM,CAAC,MAAM,cAAc,GAA0B,MAAM,CAAC,MAAM,CAAC;IACjE,eAAe;IACf,kBAAkB;CACnB,CAAC,CAAC;AAEH;uCACuC;AACvC,MAAM,CAAC,MAAM,WAAW,GAA0B,MAAM,CAAC,MAAM,CAAC;IAC9D,GAAG,OAAO;IACV,GAAG,cAAc;CAClB,CAAC,CAAC;AAEH;mEACmE;AACnE,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AAClD,CAAC"}

package/dist/engines/secret-scan.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Embedded secret scanner — no external binary.
+ *
+ * Rules adapted from the public `gitleaks` ruleset (MIT) — covers the
+ * highest-volume real-world leak shapes: AWS keys, GitHub/GitLab/Slack
+ * tokens, Stripe, JWT, generic private keys, and high-entropy
+ * `*KEY|*TOKEN|*SECRET|*PASS*` assignments.
+ *
+ * False-positive mitigation: a value containing `EXAMPLE`, `PLACEHOLDER`,
+ * `<your-...>`, `xxxx...`, or fewer than 10 effectively-unique chars is
+ * skipped — empirically these are all template / docs.
+ */
+import { Engine, EngineRunInput, EngineRunResult } from "./types.js";
+import { Lang } from "../lang.js";
+export declare class SecretScanEngine implements Engine {
+    readonly name = "secret-scan";
+    readonly languages: "all";
+    available(): Promise<boolean>;
+    run(input: EngineRunInput): Promise<EngineRunResult>;
+}
+export declare const SECRET_SCAN_LANGS: ReadonlyArray<Lang>;
+//# sourceMappingURL=secret-scan.d.ts.map

package/dist/engines/secret-scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scan.d.ts","sourceRoot":"","sources":["../../src/engines/secret-scan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAErE,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AA+GlC,qBAAa,gBAAiB,YAAW,MAAM;IAC7C,QAAQ,CAAC,IAAI,iBAAiB;IAC9B,QAAQ,CAAC,SAAS,EAAG,KAAK,CAAU;IAE9B,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAI7B,GAAG,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC;CAgD3D;AAQD,eAAO,MAAM,iBAAiB,EAAE,aAAa,CAAC,IAAI,CAkBjD,CAAC"}