driftdetect-core 0.4.0 → 0.4.2

package/dist/call-graph/enrichment/types.d.ts

@@ -0,0 +1,402 @@
+/**
+ * Enrichment Engine Types
+ *
+ * Enterprise-grade types for security finding enrichment.
+ * Transforms raw vulnerability findings into actionable intelligence
+ * by connecting them to their actual data impact through call graph analysis.
+ */
+import type { DataAccessPoint, SensitiveField, SensitivityType, DataOperation } from '../../boundaries/types.js';
+import type { CallPathNode } from '../types.js';
+/**
+ * Severity levels following CVSS-like classification
+ */
+export type FindingSeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+/**
+ * Finding categories aligned with CWE/OWASP
+ */
+export type FindingCategory = 'injection' | 'broken-auth' | 'sensitive-exposure' | 'xxe' | 'broken-access' | 'misconfig' | 'xss' | 'deserialization' | 'components' | 'logging' | 'ssrf' | 'other';
+/**
+ * A security finding from any scanner (SAST, DAST, SCA, etc.)
+ * Designed to be scanner-agnostic - can ingest from Semgrep, CodeQL, Snyk, etc.
+ */
+export interface SecurityFinding {
+    /** Unique finding identifier */
+    id: string;
+    /** Rule/check that triggered this finding */
+    ruleId: string;
+    /** Human-readable title */
+    title: string;
+    /** Detailed description */
+    description: string;
+    /** Finding category */
+    category: FindingCategory;
+    /** Severity level */
+    severity: FindingSeverity;
+    /** Source file */
+    file: string;
+    /** Line number */
+    line: number;
+    /** Column number */
+    column?: number | undefined;
+    /** End line (for multi-line findings) */
+    endLine?: number | undefined;
+    /** End column */
+    endColumn?: number | undefined;
+    /** Code snippet at the finding location */
+    snippet?: string | undefined;
+    /** CWE identifiers */
+    cwe?: string[] | undefined;
+    /** OWASP category */
+    owasp?: string[] | undefined;
+    /** CVE if applicable (for dependency vulnerabilities) */
+    cve?: string | undefined;
+    /** CVSS score if available */
+    cvss?: number | undefined;
+    /** Scanner that produced this finding */
+    scanner?: string | undefined;
+    /** Scanner-specific metadata */
+    metadata?: Record<string, unknown> | undefined;
+}
+/**
+ * Classification of data sensitivity for impact scoring
+ */
+export interface DataSensitivityProfile {
+    /** Sensitivity type */
+    type: SensitivityType;
+    /** Regulatory implications */
+    regulations: DataRegulation[];
+    /** Base impact score (0-100) */
+    baseScore: number;
+    /** Description of why this is sensitive */
+    rationale: string;
+}
+/**
+ * Regulatory frameworks that may apply
+ */
+export type DataRegulation = 'gdpr' | 'ccpa' | 'hipaa' | 'pci-dss' | 'sox' | 'ferpa' | 'glba' | 'coppa' | 'lgpd' | 'pipeda';
+/**
+ * A single data access that can be reached from a vulnerability
+ */
+export interface ReachableData {
+    /** The data access point */
+    access: DataAccessPoint;
+    /** Call path from vulnerability to this access */
+    callPath: CallPathNode[];
+    /** Depth in call graph */
+    depth: number;
+    /** Sensitive fields accessed */
+    sensitiveFields: SensitiveField[];
+    /** Operations performed */
+    operations: DataOperation[];
+    /** Impact score for this specific access (0-100) */
+    impactScore: number;
+    /** Why this access matters */
+    impactRationale: string;
+}
+/**
+ * Aggregated data impact from a vulnerability
+ */
+export interface DataImpact {
+    /** All tables that can be reached */
+    tables: string[];
+    /** All sensitive fields that can be reached */
+    sensitiveFields: SensitiveFieldImpact[];
+    /** Detailed reachable data with paths */
+    reachableData: ReachableData[];
+    /** Maximum call depth to reach data */
+    maxDepth: number;
+    /** Total functions in attack surface */
+    attackSurfaceSize: number;
+    /** Regulatory implications */
+    regulations: DataRegulation[];
+    /** Overall data impact score (0-100) */
+    score: number;
+    /** Impact classification */
+    classification: ImpactClassification;
+}
+/**
+ * Sensitive field with impact analysis
+ */
+export interface SensitiveFieldImpact {
+    /** Field information */
+    field: SensitiveField;
+    /** Number of paths to reach this field */
+    pathCount: number;
+    /** Shortest path depth */
+    shortestPath: number;
+    /** Operations that can be performed */
+    operations: DataOperation[];
+    /** Regulatory implications for this field */
+    regulations: DataRegulation[];
+    /** Impact score for this field (0-100) */
+    impactScore: number;
+}
+/**
+ * Impact classification levels
+ */
+export type ImpactClassification = 'catastrophic' | 'severe' | 'significant' | 'moderate' | 'minimal' | 'none';
+/**
+ * Blast radius - what else could be affected by exploiting this vulnerability
+ */
+export interface BlastRadius {
+    /** Entry points that can reach this vulnerability */
+    entryPoints: EntryPointInfo[];
+    /** Other vulnerabilities that share code paths */
+    relatedVulnerabilities: string[];
+    /** Functions in the blast radius */
+    affectedFunctions: AffectedFunction[];
+    /** Total lines of code in blast radius */
+    linesOfCode: number;
+    /** Blast radius score (0-100) */
+    score: number;
+    /** Classification */
+    classification: BlastRadiusClassification;
+}
+/**
+ * Entry point information
+ */
+export interface EntryPointInfo {
+    /** Function ID */
+    functionId: string;
+    /** Function name */
+    name: string;
+    /** File path */
+    file: string;
+    /** Line number */
+    line: number;
+    /** Entry point type */
+    type: EntryPointType;
+    /** Is this publicly accessible? */
+    isPublic: boolean;
+    /** Authentication required? */
+    requiresAuth: boolean;
+    /** Path to vulnerability */
+    pathToVulnerability: CallPathNode[];
+}
+/**
+ * Entry point types
+ */
+export type EntryPointType = 'api-endpoint' | 'web-route' | 'message-handler' | 'scheduled-job' | 'cli-command' | 'exported-function' | 'main';
+/**
+ * A function affected by the vulnerability
+ */
+export interface AffectedFunction {
+    /** Function ID */
+    functionId: string;
+    /** Function name */
+    name: string;
+    /** File path */
+    file: string;
+    /** Line number */
+    line: number;
+    /** How this function is affected */
+    affectedBy: 'direct' | 'caller' | 'callee';
+    /** Distance from vulnerability */
+    distance: number;
+}
+/**
+ * Blast radius classification
+ */
+export type BlastRadiusClassification = 'critical' | 'high' | 'medium' | 'low' | 'contained';
+/**
+ * Priority score components
+ */
+export interface PriorityScore {
+    /** Overall priority score (0-100) */
+    overall: number;
+    /** Severity component */
+    severityScore: number;
+    /** Data impact component */
+    dataImpactScore: number;
+    /** Blast radius component */
+    blastRadiusScore: number;
+    /** Exploitability component */
+    exploitabilityScore: number;
+    /** Priority tier */
+    tier: PriorityTier;
+    /** Factors that increased priority */
+    increasingFactors: string[];
+    /** Factors that decreased priority */
+    decreasingFactors: string[];
+}
+/**
+ * Priority tiers for remediation
+ */
+export type PriorityTier = 'P0' | 'P1' | 'P2' | 'P3' | 'P4';
+/**
+ * Remediation guidance
+ */
+export interface RemediationGuidance {
+    /** Short summary of what to fix */
+    summary: string;
+    /** Detailed steps */
+    steps: RemediationStep[];
+    /** Code examples */
+    codeExamples: CodeExample[];
+    /** Estimated effort */
+    effort: RemediationEffort;
+    /** Related documentation */
+    references: Reference[];
+}
+/**
+ * A remediation step
+ */
+export interface RemediationStep {
+    /** Step number */
+    order: number;
+    /** Step description */
+    description: string;
+    /** File to modify (if applicable) */
+    file?: string | undefined;
+    /** Line to modify (if applicable) */
+    line?: number | undefined;
+}
+/**
+ * Code example for remediation
+ */
+export interface CodeExample {
+    /** Description of the example */
+    description: string;
+    /** Language */
+    language: string;
+    /** The vulnerable code */
+    vulnerable: string;
+    /** The fixed code */
+    fixed: string;
+}
+/**
+ * Remediation effort estimate
+ */
+export interface RemediationEffort {
+    /** Estimated time */
+    time: 'minutes' | 'hours' | 'days' | 'weeks';
+    /** Complexity */
+    complexity: 'trivial' | 'simple' | 'moderate' | 'complex' | 'architectural';
+    /** Risk of regression */
+    regressionRisk: 'low' | 'medium' | 'high';
+}
+/**
+ * Reference documentation
+ */
+export interface Reference {
+    /** Reference title */
+    title: string;
+    /** URL */
+    url: string;
+    /** Reference type */
+    type: 'documentation' | 'cwe' | 'owasp' | 'blog' | 'advisory';
+}
+/**
+ * The fully enriched security finding
+ */
+export interface EnrichedFinding {
+    /** Original finding */
+    finding: SecurityFinding;
+    /** Data impact analysis */
+    dataImpact: DataImpact;
+    /** Blast radius analysis */
+    blastRadius: BlastRadius;
+    /** Priority score */
+    priority: PriorityScore;
+    /** Remediation guidance */
+    remediation: RemediationGuidance;
+    /** Enrichment metadata */
+    enrichment: EnrichmentMetadata;
+}
+/**
+ * Metadata about the enrichment process
+ */
+export interface EnrichmentMetadata {
+    /** When enrichment was performed */
+    enrichedAt: string;
+    /** Enrichment engine version */
+    engineVersion: string;
+    /** Call graph version used */
+    callGraphVersion: string;
+    /** Confidence in the enrichment (0-1) */
+    confidence: number;
+    /** Warnings or limitations */
+    warnings: string[];
+    /** Processing time in ms */
+    processingTimeMs: number;
+}
+/**
+ * Options for batch enrichment
+ */
+export interface EnrichmentOptions {
+    /** Maximum call depth to traverse */
+    maxDepth?: number | undefined;
+    /** Include unresolved calls in analysis */
+    includeUnresolved?: boolean | undefined;
+    /** Minimum confidence for data access */
+    minConfidence?: number | undefined;
+    /** Custom sensitivity mappings */
+    sensitivityOverrides?: Record<string, SensitivityType> | undefined;
+    /** Custom regulation mappings */
+    regulationOverrides?: Record<string, DataRegulation[]> | undefined;
+    /** Skip blast radius analysis (faster) */
+    skipBlastRadius?: boolean | undefined;
+    /** Skip remediation guidance (faster) */
+    skipRemediation?: boolean | undefined;
+    /** Parallel processing limit */
+    parallelLimit?: number | undefined;
+}
+/**
+ * Result of batch enrichment
+ */
+export interface EnrichmentResult {
+    /** Enriched findings */
+    findings: EnrichedFinding[];
+    /** Summary statistics */
+    summary: EnrichmentSummary;
+    /** Processing metadata */
+    metadata: BatchMetadata;
+}
+/**
+ * Summary of enrichment results
+ */
+export interface EnrichmentSummary {
+    /** Total findings processed */
+    totalFindings: number;
+    /** Findings by priority tier */
+    byPriority: Record<PriorityTier, number>;
+    /** Findings by impact classification */
+    byImpact: Record<ImpactClassification, number>;
+    /** Findings by category */
+    byCategory: Record<FindingCategory, number>;
+    /** Total sensitive fields at risk */
+    sensitiveFieldsAtRisk: number;
+    /** Total tables at risk */
+    tablesAtRisk: number;
+    /** Regulations implicated */
+    regulationsImplicated: DataRegulation[];
+    /** Top priority findings */
+    topPriority: EnrichedFinding[];
+}
+/**
+ * Batch processing metadata
+ */
+export interface BatchMetadata {
+    /** Processing start time */
+    startedAt: string;
+    /** Processing end time */
+    completedAt: string;
+    /** Total processing time in ms */
+    totalTimeMs: number;
+    /** Average time per finding in ms */
+    avgTimePerFindingMs: number;
+    /** Findings that failed enrichment */
+    failures: EnrichmentFailure[];
+}
+/**
+ * Enrichment failure information
+ */
+export interface EnrichmentFailure {
+    /** Finding ID */
+    findingId: string;
+    /** Error message */
+    error: string;
+    /** Error type */
+    type: 'not-found' | 'parse-error' | 'timeout' | 'unknown';
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/call-graph/enrichment/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/call-graph/enrichment/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AACjH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAMhD;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE9E;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,WAAW,GACX,aAAa,GACb,oBAAoB,GACpB,KAAK,GACL,eAAe,GACf,WAAW,GACX,KAAK,GACL,iBAAiB,GACjB,YAAY,GACZ,SAAS,GACT,MAAM,GACN,OAAO,CAAC;AAEZ;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,6CAA6C;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,QAAQ,EAAE,eAAe,CAAC;IAC1B,qBAAqB;IACrB,QAAQ,EAAE,eAAe,CAAC;IAC1B,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,sBAAsB;IACtB,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC3B,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC7B,yDAAyD;IACzD,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,gCAAgC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAC;CAChD;AAMD;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,uBAAuB;IACvB,IAAI,EAAE,eAAe,CAAC;IACtB,8BAA8B;IAC9B,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,MAAM,GACN,OAAO,GACP,SAAS,GACT,KAAK,GACL,OAAO,GACP,MAAM,GACN,OAAO,GACP,MAAM,GACN,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,MAAM,EAAE,eAAe,CAAC;IACxB,kDAAkD;IAClD,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,0BAA0B;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,gCAAgC;IAChC,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,2BAA2B;IAC3B,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,oDAAoD;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,qCAAqC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,+CAA+C;IAC/C,eAAe,EAAE,oBAAoB,EAAE,CAAC;IACxC,yCAAyC;IACzC,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,8BAA8B;IAC9B,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,4BAA4B;IAC5B,cAAc,EAAE,oBAAoB,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,wBAAwB;IACxB,KAAK,EAAE,cAAc,CAAC;IACtB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,uCAAuC;IACvC,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,6CAA6C;IAC7C,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAC5B,cAAc,GACd,QAAQ,GACR,aAAa,GACb,UAAU,GACV,SAAS,GACT,MAAM,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,qDAAqD;IACrD,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,kDAAkD;IAClD,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,oCAAoC;IACpC,iBAAiB,EAAE,gBAAgB,EAAE,CAAC;IACtC,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,cAAc,EAAE,yBAAyB,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,IAAI,EAAE,cAAc,CAAC;IACrB,mCAAmC;IACnC,QAAQ,EAAE,OAAO,CAAC;IAClB,+BAA+B;IAC/B,YAAY,EAAE,OAAO,CAAC;IACtB,4BAA4B;IAC5B,mBAAmB,EAAE,YAAY,EAAE,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,cAAc,GACd,WAAW,GACX,iBAAiB,GACjB,eAAe,GACf,aAAa,GACb,mBAAmB,GACnB,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,oCAAoC;IACpC,UAAU,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC3C,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,yBAAyB,GACjC,UAAU,GACV,MAAM,GACN,QAAQ,GACR,KAAK,GACL,WAAW,CAAC;AAMhB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,qCAAqC;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,6BAA6B;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,+BAA+B;IAC/B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,sCAAsC;IACtC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,sCAAsC;IACtC,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,GACJ,IAAI,CAAC;AAET;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,qBAAqB;IACrB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,oBAAoB;IACpB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,uBAAuB;IACvB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,4BAA4B;IAC5B,UAAU,EAAE,SAAS,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kBAAkB;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,qCAAqC;IACrC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,qBAAqB;IACrB,IAAI,EAAE,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IAC7C,iBAAiB;IACjB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,eAAe,CAAC;IAC5E,yBAAyB;IACzB,cAAc,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,sBAAsB;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU;IACV,GAAG,EAAE,MAAM,CAAC;IACZ,qBAAqB;IACrB,IAAI,EAAE,eAAe,GAAG,KAAK,GAAG,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC;CAC/D;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uBAAuB;IACvB,OAAO,EAAE,eAAe,CAAC;IACzB,2BAA2B;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,4BAA4B;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,qBAAqB;IACrB,QAAQ,EAAE,aAAa,CAAC;IACxB,2BAA2B;IAC3B,WAAW,EAAE,mBAAmB,CAAC;IACjC,0BAA0B;IAC1B,UAAU,EAAE,kBAAkB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,gCAAgC;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,8BAA8B;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,yCAAyC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,4BAA4B;IAC5B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAMD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,2CAA2C;IAC3C,iBAAiB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IACxC,yCAAyC;IACzC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,kCAAkC;IAClC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,CAAC;IACnE,iCAAiC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,GAAG,SAAS,CAAC;IACnE,0CAA0C;IAC1C,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IACtC,yCAAyC;IACzC,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IACtC,gCAAgC;IAChC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wBAAwB;IACxB,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,yBAAyB;IACzB,OAAO,EAAE,iBAAiB,CAAC;IAC3B,0BAA0B;IAC1B,QAAQ,EAAE,aAAa,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,+BAA+B;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzC,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC/C,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC5C,qCAAqC;IACrC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,2BAA2B;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,6BAA6B;IAC7B,qBAAqB,EAAE,cAAc,EAAE,CAAC;IACxC,4BAA4B;IAC5B,WAAW,EAAE,eAAe,EAAE,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,sCAAsC;IACtC,QAAQ,EAAE,iBAAiB,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB;IACjB,IAAI,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,GAAG,SAAS,CAAC;CAC3D"}

package/dist/call-graph/enrichment/types.js

@@ -0,0 +1,9 @@
+/**
+ * Enrichment Engine Types
+ *
+ * Enterprise-grade types for security finding enrichment.
+ * Transforms raw vulnerability findings into actionable intelligence
+ * by connecting them to their actual data impact through call graph analysis.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/call-graph/enrichment/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/call-graph/enrichment/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/call-graph/extractors/base-extractor.d.ts

@@ -0,0 +1,112 @@
+/**
+ * Base Call Graph Extractor
+ *
+ * Abstract base class for language-specific extractors.
+ * Provides common utilities and defines the extraction interface.
+ */
+import type { CallGraphLanguage, FileExtractionResult, FunctionExtraction, CallExtraction, ImportExtraction, ExportExtraction, ClassExtraction, ParameterInfo } from '../types.js';
+/**
+ * Abstract base class for call graph extractors
+ */
+export declare abstract class BaseCallGraphExtractor {
+    /** Language this extractor handles */
+    abstract readonly language: CallGraphLanguage;
+    /** File extensions this extractor handles */
+    abstract readonly extensions: string[];
+    /**
+     * Extract functions, calls, imports, and exports from source code
+     */
+    abstract extract(source: string, filePath: string): FileExtractionResult;
+    /**
+     * Check if this extractor can handle a file
+     */
+    canHandle(filePath: string): boolean;
+    /**
+     * Get file extension
+     */
+    protected getExtension(filePath: string): string;
+    /**
+     * Generate a unique function ID
+     */
+    protected generateFunctionId(file: string, name: string, line: number): string;
+    /**
+     * Create an empty extraction result
+     */
+    protected createEmptyResult(file: string): FileExtractionResult;
+    /**
+     * Create a function extraction
+     */
+    protected createFunction(opts: {
+        name: string;
+        qualifiedName?: string;
+        startLine: number;
+        endLine: number;
+        startColumn?: number;
+        endColumn?: number;
+        parameters?: ParameterInfo[];
+        returnType?: string | undefined;
+        isMethod?: boolean;
+        isStatic?: boolean;
+        isExported?: boolean;
+        isConstructor?: boolean;
+        isAsync?: boolean;
+        className?: string | undefined;
+        moduleName?: string | undefined;
+        decorators?: string[];
+        bodyStartLine?: number;
+        bodyEndLine?: number;
+    }): FunctionExtraction;
+    /**
+     * Create a call extraction
+     */
+    protected createCall(opts: {
+        calleeName: string;
+        receiver?: string | undefined;
+        fullExpression?: string;
+        line: number;
+        column?: number;
+        argumentCount?: number;
+        isMethodCall?: boolean;
+        isConstructorCall?: boolean;
+    }): CallExtraction;
+    /**
+     * Create an import extraction
+     */
+    protected createImport(opts: {
+        source: string;
+        names: Array<{
+            imported: string;
+            local?: string;
+            isDefault?: boolean;
+            isNamespace?: boolean;
+        }>;
+        line: number;
+        isTypeOnly?: boolean;
+    }): ImportExtraction;
+    /**
+     * Create an export extraction
+     */
+    protected createExport(opts: {
+        name: string;
+        isDefault?: boolean;
+        isReExport?: boolean;
+        source?: string | undefined;
+        line: number;
+    }): ExportExtraction;
+    /**
+     * Create a class extraction
+     */
+    protected createClass(opts: {
+        name: string;
+        startLine: number;
+        endLine: number;
+        baseClasses?: string[];
+        methods?: string[];
+        isExported?: boolean;
+    }): ClassExtraction;
+    /**
+     * Parse parameter string into ParameterInfo
+     */
+    protected parseParameter(name: string, type?: string, hasDefault?: boolean, isRest?: boolean): ParameterInfo;
+}
+//# sourceMappingURL=base-extractor.d.ts.map

package/dist/call-graph/extractors/base-extractor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-extractor.d.ts","sourceRoot":"","sources":["../../../src/call-graph/extractors/base-extractor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EAClB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,aAAa,EACd,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,8BAAsB,sBAAsB;IAC1C,sCAAsC;IACtC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IAE9C,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAEvC;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,oBAAoB;IAExE;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAKpC;;OAEG;IACH,SAAS,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAKhD;;OAEG;IACH,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM;IAI9E;;OAEG;IACH,SAAS,CAAC,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB;IAa/D;;OAEG;IACH,SAAS,CAAC,cAAc,CAAC,IAAI,EAAE;QAC7B,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,aAAa,EAAE,CAAC;QAC7B,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAChC,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC/B,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAChC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,kBAAkB;IAgCtB;;OAEG;IACH,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE;QACzB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,iBAAiB,CAAC,EAAE,OAAO,CAAC;KAC7B,GAAG,cAAc;IAalB;;OAEG;IACH,SAAS,CAAC,YAAY,CAAC,IAAI,EAAE;QAC3B,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,KAAK,CAAC;YACX,QAAQ,EAAE,MAAM,CAAC;YACjB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB,WAAW,CAAC,EAAE,OAAO,CAAC;SACvB,CAAC,CAAC;QACH,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,GAAG,gBAAgB;IAcpB;;OAEG;IACH,SAAS,CAAC,YAAY,CAAC,IAAI,EAAE;QAC3B,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC5B,IAAI,EAAE,MAAM,CAAC;KACd,GAAG,gBAAgB;IAUpB;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,IAAI,EAAE;QAC1B,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,GAAG,eAAe;IAWnB;;OAEG;IACH,SAAS,CAAC,cAAc,CACtB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,EACb,UAAU,UAAQ,EAClB,MAAM,UAAQ,GACb,aAAa;CAGjB"}

package/dist/call-graph/extractors/base-extractor.js

@@ -0,0 +1,140 @@
+/**
+ * Base Call Graph Extractor
+ *
+ * Abstract base class for language-specific extractors.
+ * Provides common utilities and defines the extraction interface.
+ */
+/**
+ * Abstract base class for call graph extractors
+ */
+export class BaseCallGraphExtractor {
+    /**
+     * Check if this extractor can handle a file
+     */
+    canHandle(filePath) {
+        const ext = this.getExtension(filePath);
+        return this.extensions.includes(ext);
+    }
+    /**
+     * Get file extension
+     */
+    getExtension(filePath) {
+        const lastDot = filePath.lastIndexOf('.');
+        return lastDot >= 0 ? filePath.slice(lastDot) : '';
+    }
+    /**
+     * Generate a unique function ID
+     */
+    generateFunctionId(file, name, line) {
+        return `${file}:${name}:${line}`;
+    }
+    /**
+     * Create an empty extraction result
+     */
+    createEmptyResult(file) {
+        return {
+            file,
+            language: this.language,
+            functions: [],
+            calls: [],
+            imports: [],
+            exports: [],
+            classes: [],
+            errors: [],
+        };
+    }
+    /**
+     * Create a function extraction
+     */
+    createFunction(opts) {
+        // Use provided qualifiedName or compute from className/moduleName
+        const qualifiedName = opts.qualifiedName ?? (opts.className
+            ? `${opts.className}.${opts.name}`
+            : opts.moduleName
+                ? `${opts.moduleName}.${opts.name}`
+                : opts.name);
+        return {
+            name: opts.name,
+            qualifiedName,
+            startLine: opts.startLine,
+            endLine: opts.endLine,
+            startColumn: opts.startColumn ?? 0,
+            endColumn: opts.endColumn ?? 0,
+            parameters: opts.parameters ?? [],
+            returnType: opts.returnType,
+            isMethod: opts.isMethod ?? false,
+            isStatic: opts.isStatic ?? false,
+            isExported: opts.isExported ?? false,
+            isConstructor: opts.isConstructor ?? false,
+            isAsync: opts.isAsync ?? false,
+            className: opts.className,
+            moduleName: opts.moduleName,
+            decorators: opts.decorators ?? [],
+            bodyStartLine: opts.bodyStartLine ?? opts.startLine,
+            bodyEndLine: opts.bodyEndLine ?? opts.endLine,
+        };
+    }
+    /**
+     * Create a call extraction
+     */
+    createCall(opts) {
+        return {
+            calleeName: opts.calleeName,
+            receiver: opts.receiver,
+            fullExpression: opts.fullExpression ?? opts.calleeName,
+            line: opts.line,
+            column: opts.column ?? 0,
+            argumentCount: opts.argumentCount ?? 0,
+            isMethodCall: opts.isMethodCall ?? !!opts.receiver,
+            isConstructorCall: opts.isConstructorCall ?? false,
+        };
+    }
+    /**
+     * Create an import extraction
+     */
+    createImport(opts) {
+        return {
+            source: opts.source,
+            names: opts.names.map((n) => ({
+                imported: n.imported,
+                local: n.local ?? n.imported,
+                isDefault: n.isDefault ?? false,
+                isNamespace: n.isNamespace ?? false,
+            })),
+            line: opts.line,
+            isTypeOnly: opts.isTypeOnly ?? false,
+        };
+    }
+    /**
+     * Create an export extraction
+     */
+    createExport(opts) {
+        return {
+            name: opts.name,
+            isDefault: opts.isDefault ?? false,
+            isReExport: opts.isReExport ?? false,
+            source: opts.source,
+            line: opts.line,
+        };
+    }
+    /**
+     * Create a class extraction
+     */
+    createClass(opts) {
+        return {
+            name: opts.name,
+            startLine: opts.startLine,
+            endLine: opts.endLine,
+            baseClasses: opts.baseClasses ?? [],
+            methods: opts.methods ?? [],
+            isExported: opts.isExported ?? false,
+        };
+    }
+    /**
+     * Parse parameter string into ParameterInfo
+     */
+    parseParameter(name, type, hasDefault = false, isRest = false) {
+        return { name, type, hasDefault, isRest };
+    }
+}
+//# sourceMappingURL=base-extractor.js.map