driftdetect-core 0.4.1 → 0.4.2

package/dist/call-graph/enrichment/remediation-generator.js

@@ -0,0 +1,609 @@
+/**
+ * Remediation Generator
+ *
+ * Generates actionable remediation guidance for security findings.
+ * Provides step-by-step instructions, code examples, and effort estimates.
+ */
+/**
+ * Category-specific remediation templates
+ */
+const REMEDIATION_TEMPLATES = {
+    injection: {
+        summary: 'Use parameterized queries or prepared statements to prevent injection attacks',
+        steps: [
+            'Identify all user input that flows into the vulnerable code path',
+            'Replace string concatenation with parameterized queries',
+            'Use ORM methods instead of raw SQL where possible',
+            'Implement input validation as defense in depth',
+            'Add automated tests to verify the fix',
+        ],
+        codeExamples: [
+            {
+                description: 'SQL Injection - Use parameterized queries',
+                language: 'typescript',
+                vulnerable: `const query = \`SELECT * FROM users WHERE id = '\${userId}'\`;
+db.query(query);`,
+                fixed: `const query = 'SELECT * FROM users WHERE id = $1';
+db.query(query, [userId]);`,
+            },
+            {
+                description: 'SQL Injection - Use ORM',
+                language: 'typescript',
+                vulnerable: `db.query(\`SELECT * FROM users WHERE email = '\${email}'\`);`,
+                fixed: `await prisma.user.findUnique({ where: { email } });`,
+            },
+            {
+                description: 'Command Injection - Use safe APIs',
+                language: 'typescript',
+                vulnerable: `exec(\`ls \${userInput}\`);`,
+                fixed: `execFile('ls', [userInput], { shell: false });`,
+            },
+        ],
+        effort: {
+            time: 'hours',
+            complexity: 'simple',
+            regressionRisk: 'low',
+        },
+        references: [
+            {
+                title: 'OWASP SQL Injection Prevention Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+            {
+                title: 'CWE-89: SQL Injection',
+                url: 'https://cwe.mitre.org/data/definitions/89.html',
+                type: 'cwe',
+            },
+        ],
+    },
+    'broken-auth': {
+        summary: 'Implement secure authentication with proper session management',
+        steps: [
+            'Review authentication flow for weaknesses',
+            'Implement secure password hashing (bcrypt, argon2)',
+            'Use secure session tokens with proper expiration',
+            'Implement rate limiting on authentication endpoints',
+            'Add multi-factor authentication for sensitive operations',
+            'Log authentication events for monitoring',
+        ],
+        codeExamples: [
+            {
+                description: 'Secure password hashing',
+                language: 'typescript',
+                vulnerable: `const hash = md5(password);`,
+                fixed: `const hash = await bcrypt.hash(password, 12);`,
+            },
+            {
+                description: 'Secure session configuration',
+                language: 'typescript',
+                vulnerable: `app.use(session({ secret: 'secret' }));`,
+                fixed: `app.use(session({
+  secret: process.env.SESSION_SECRET,
+  resave: false,
+  saveUninitialized: false,
+  cookie: {
+    secure: true,
+    httpOnly: true,
+    sameSite: 'strict',
+    maxAge: 3600000
+  }
+}));`,
+            },
+        ],
+        effort: {
+            time: 'days',
+            complexity: 'moderate',
+            regressionRisk: 'medium',
+        },
+        references: [
+            {
+                title: 'OWASP Authentication Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+        ],
+    },
+    'sensitive-exposure': {
+        summary: 'Protect sensitive data with encryption and access controls',
+        steps: [
+            'Identify all sensitive data in the affected code path',
+            'Encrypt sensitive data at rest and in transit',
+            'Remove sensitive data from logs and error messages',
+            'Implement proper access controls',
+            'Review data retention policies',
+        ],
+        codeExamples: [
+            {
+                description: 'Remove sensitive data from logs',
+                language: 'typescript',
+                vulnerable: `logger.info('User login', { email, password });`,
+                fixed: `logger.info('User login', { email, password: '[REDACTED]' });`,
+            },
+            {
+                description: 'Encrypt sensitive fields',
+                language: 'typescript',
+                vulnerable: `await db.user.create({ data: { ssn: userSSN } });`,
+                fixed: `const encryptedSSN = await encrypt(userSSN);
+await db.user.create({ data: { ssn: encryptedSSN } });`,
+            },
+        ],
+        effort: {
+            time: 'days',
+            complexity: 'moderate',
+            regressionRisk: 'medium',
+        },
+        references: [
+            {
+                title: 'OWASP Cryptographic Storage Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+        ],
+    },
+    xxe: {
+        summary: 'Disable external entity processing in XML parsers',
+        steps: [
+            'Identify all XML parsing in the application',
+            'Disable DTD processing and external entities',
+            'Use JSON instead of XML where possible',
+            'Validate and sanitize XML input',
+        ],
+        codeExamples: [
+            {
+                description: 'Disable XXE in XML parser',
+                language: 'typescript',
+                vulnerable: `const parser = new DOMParser();
+parser.parseFromString(xmlInput, 'text/xml');`,
+                fixed: `import { XMLParser } from 'fast-xml-parser';
+const parser = new XMLParser({
+  allowBooleanAttributes: true,
+  ignoreDeclaration: true,
+  processEntities: false
+});
+parser.parse(xmlInput);`,
+            },
+        ],
+        effort: {
+            time: 'hours',
+            complexity: 'simple',
+            regressionRisk: 'low',
+        },
+        references: [
+            {
+                title: 'OWASP XXE Prevention Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+            {
+                title: 'CWE-611: XXE',
+                url: 'https://cwe.mitre.org/data/definitions/611.html',
+                type: 'cwe',
+            },
+        ],
+    },
+    'broken-access': {
+        summary: 'Implement proper authorization checks at every access point',
+        steps: [
+            'Map all access control requirements for affected resources',
+            'Implement authorization checks before data access',
+            'Use role-based or attribute-based access control',
+            'Deny by default - require explicit grants',
+            'Log access control decisions for audit',
+        ],
+        codeExamples: [
+            {
+                description: 'Add authorization check',
+                language: 'typescript',
+                vulnerable: `app.get('/users/:id', async (req, res) => {
+  const user = await db.user.findUnique({ where: { id: req.params.id } });
+  res.json(user);
+});`,
+                fixed: `app.get('/users/:id', authorize('users:read'), async (req, res) => {
+  if (req.user.id !== req.params.id && !req.user.isAdmin) {
+    throw new ForbiddenError('Cannot access other users');
+  }
+  const user = await db.user.findUnique({ where: { id: req.params.id } });
+  res.json(user);
+});`,
+            },
+        ],
+        effort: {
+            time: 'days',
+            complexity: 'moderate',
+            regressionRisk: 'medium',
+        },
+        references: [
+            {
+                title: 'OWASP Authorization Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+        ],
+    },
+    misconfig: {
+        summary: 'Review and harden security configuration',
+        steps: [
+            'Review security headers and CORS configuration',
+            'Disable debug mode and verbose errors in production',
+            'Remove default credentials and unnecessary features',
+            'Implement security hardening checklist',
+            'Set up configuration validation in CI/CD',
+        ],
+        codeExamples: [
+            {
+                description: 'Add security headers',
+                language: 'typescript',
+                vulnerable: `app.use(cors());`,
+                fixed: `app.use(helmet());
+app.use(cors({
+  origin: process.env.ALLOWED_ORIGINS?.split(','),
+  credentials: true
+}));`,
+            },
+        ],
+        effort: {
+            time: 'hours',
+            complexity: 'simple',
+            regressionRisk: 'low',
+        },
+        references: [
+            {
+                title: 'OWASP Secure Headers Project',
+                url: 'https://owasp.org/www-project-secure-headers/',
+                type: 'owasp',
+            },
+        ],
+    },
+    xss: {
+        summary: 'Sanitize output and use context-aware encoding',
+        steps: [
+            'Identify all user input that is rendered in responses',
+            'Apply context-appropriate output encoding',
+            'Use Content Security Policy headers',
+            'Implement input validation as defense in depth',
+            'Use frameworks with automatic XSS protection',
+        ],
+        codeExamples: [
+            {
+                description: 'Escape HTML output',
+                language: 'typescript',
+                vulnerable: `element.innerHTML = userInput;`,
+                fixed: `element.textContent = userInput;
+// Or use a sanitization library:
+element.innerHTML = DOMPurify.sanitize(userInput);`,
+            },
+            {
+                description: 'React - avoid dangerouslySetInnerHTML',
+                language: 'typescript',
+                vulnerable: `<div dangerouslySetInnerHTML={{ __html: userContent }} />`,
+                fixed: `<div>{userContent}</div>
+// Or sanitize if HTML is required:
+<div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(userContent) }} />`,
+            },
+        ],
+        effort: {
+            time: 'hours',
+            complexity: 'simple',
+            regressionRisk: 'low',
+        },
+        references: [
+            {
+                title: 'OWASP XSS Prevention Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+            {
+                title: 'CWE-79: XSS',
+                url: 'https://cwe.mitre.org/data/definitions/79.html',
+                type: 'cwe',
+            },
+        ],
+    },
+    deserialization: {
+        summary: 'Avoid deserializing untrusted data or use safe alternatives',
+        steps: [
+            'Identify all deserialization of external data',
+            'Replace unsafe deserialization with JSON parsing',
+            'Implement integrity checks (signatures) if serialization is required',
+            'Use allowlists for permitted classes',
+            'Monitor for deserialization attacks',
+        ],
+        codeExamples: [
+            {
+                description: 'Avoid unsafe deserialization',
+                language: 'typescript',
+                vulnerable: `const obj = eval('(' + userInput + ')');`,
+                fixed: `const obj = JSON.parse(userInput);
+// Validate the parsed object against a schema
+const validated = schema.parse(obj);`,
+            },
+        ],
+        effort: {
+            time: 'days',
+            complexity: 'moderate',
+            regressionRisk: 'medium',
+        },
+        references: [
+            {
+                title: 'OWASP Deserialization Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+        ],
+    },
+    components: {
+        summary: 'Update vulnerable dependencies and implement dependency management',
+        steps: [
+            'Update the vulnerable package to a patched version',
+            'Review changelog for breaking changes',
+            'Run tests to verify compatibility',
+            'Set up automated dependency scanning in CI/CD',
+            'Consider using lockfiles and pinned versions',
+        ],
+        codeExamples: [],
+        effort: {
+            time: 'hours',
+            complexity: 'simple',
+            regressionRisk: 'medium',
+        },
+        references: [
+            {
+                title: 'OWASP Dependency Check',
+                url: 'https://owasp.org/www-project-dependency-check/',
+                type: 'owasp',
+            },
+        ],
+    },
+    logging: {
+        summary: 'Implement comprehensive security logging and monitoring',
+        steps: [
+            'Add logging for security-relevant events',
+            'Ensure logs do not contain sensitive data',
+            'Implement log aggregation and alerting',
+            'Set up monitoring for suspicious patterns',
+            'Define incident response procedures',
+        ],
+        codeExamples: [
+            {
+                description: 'Add security event logging',
+                language: 'typescript',
+                vulnerable: `// No logging
+await authenticateUser(email, password);`,
+                fixed: `const result = await authenticateUser(email, password);
+if (!result.success) {
+  securityLogger.warn('Authentication failed', {
+    email,
+    ip: req.ip,
+    userAgent: req.headers['user-agent'],
+    reason: result.reason
+  });
+}`,
+            },
+        ],
+        effort: {
+            time: 'days',
+            complexity: 'moderate',
+            regressionRisk: 'low',
+        },
+        references: [
+            {
+                title: 'OWASP Logging Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+        ],
+    },
+    ssrf: {
+        summary: 'Validate and restrict outbound requests to prevent SSRF',
+        steps: [
+            'Validate and sanitize all URLs from user input',
+            'Use allowlists for permitted domains/IPs',
+            'Block requests to internal networks and metadata endpoints',
+            'Disable unnecessary URL schemes',
+            'Implement network segmentation',
+        ],
+        codeExamples: [
+            {
+                description: 'Validate URLs before fetching',
+                language: 'typescript',
+                vulnerable: `const response = await fetch(userProvidedUrl);`,
+                fixed: `const url = new URL(userProvidedUrl);
+if (!ALLOWED_HOSTS.includes(url.hostname)) {
+  throw new Error('Host not allowed');
+}
+if (url.protocol !== 'https:') {
+  throw new Error('Only HTTPS allowed');
+}
+const response = await fetch(url.toString());`,
+            },
+        ],
+        effort: {
+            time: 'hours',
+            complexity: 'moderate',
+            regressionRisk: 'low',
+        },
+        references: [
+            {
+                title: 'OWASP SSRF Prevention Cheat Sheet',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html',
+                type: 'owasp',
+            },
+        ],
+    },
+    other: {
+        summary: 'Review and address the security finding based on its specific context',
+        steps: [
+            'Analyze the finding to understand the vulnerability',
+            'Research best practices for this type of issue',
+            'Implement appropriate mitigations',
+            'Add tests to verify the fix',
+            'Document the remediation for future reference',
+        ],
+        codeExamples: [],
+        effort: {
+            time: 'hours',
+            complexity: 'moderate',
+            regressionRisk: 'medium',
+        },
+        references: [
+            {
+                title: 'OWASP Cheat Sheet Series',
+                url: 'https://cheatsheetseries.owasp.org/',
+                type: 'owasp',
+            },
+        ],
+    },
+};
+// ============================================================================
+// Remediation Generator
+// ============================================================================
+/**
+ * Generates remediation guidance for security findings
+ */
+export class RemediationGenerator {
+    /**
+     * Generate remediation guidance for a finding
+     */
+    generate(finding, dataImpact) {
+        const template = REMEDIATION_TEMPLATES[finding.category];
+        // Build context-aware steps
+        const steps = this.buildSteps(finding, dataImpact, template.steps);
+        // Filter relevant code examples
+        const codeExamples = this.filterCodeExamples(finding, template.codeExamples);
+        // Adjust effort based on data impact
+        const effort = this.adjustEffort(template.effort, dataImpact);
+        // Build references including CWE/OWASP from finding
+        const references = this.buildReferences(finding, template.references);
+        return {
+            summary: this.buildSummary(finding, dataImpact, template.summary),
+            steps,
+            codeExamples,
+            effort,
+            references,
+        };
+    }
+    /**
+     * Build context-aware summary
+     */
+    buildSummary(_finding, dataImpact, baseSummary) {
+        let summary = baseSummary;
+        // Add data impact context
+        if (dataImpact.sensitiveFields.length > 0) {
+            const fieldTypes = [...new Set(dataImpact.sensitiveFields.map((f) => f.field.sensitivityType))];
+            summary += `. This vulnerability can reach ${fieldTypes.join(', ')} data`;
+        }
+        // Add regulatory context
+        if (dataImpact.regulations.length > 0) {
+            summary += `. Regulatory implications: ${dataImpact.regulations.join(', ')}`;
+        }
+        return summary;
+    }
+    /**
+     * Build context-aware remediation steps
+     */
+    buildSteps(finding, dataImpact, baseSteps) {
+        const steps = baseSteps.map((description, index) => ({
+            order: index + 1,
+            description,
+            file: index === 0 ? finding.file : undefined,
+            line: index === 0 ? finding.line : undefined,
+        }));
+        // Add data-specific steps if sensitive data is involved
+        if (dataImpact.sensitiveFields.length > 0) {
+            steps.push({
+                order: steps.length + 1,
+                description: `Review access to sensitive fields: ${dataImpact.sensitiveFields
+                    .slice(0, 3)
+                    .map((f) => `${f.field.table}.${f.field.field}`)
+                    .join(', ')}${dataImpact.sensitiveFields.length > 3 ? '...' : ''}`,
+            });
+        }
+        // Add regulatory compliance step if needed
+        if (dataImpact.regulations.length > 0) {
+            steps.push({
+                order: steps.length + 1,
+                description: `Verify compliance with ${dataImpact.regulations.join(', ')} requirements after remediation`,
+            });
+        }
+        return steps;
+    }
+    /**
+     * Filter code examples relevant to the finding
+     */
+    filterCodeExamples(_finding, examples) {
+        // For now, return all examples for the category
+        // Could be enhanced to filter based on language, framework, etc.
+        return examples;
+    }
+    /**
+     * Adjust effort estimate based on data impact
+     */
+    adjustEffort(baseEffort, dataImpact) {
+        let effort = { ...baseEffort };
+        // Increase complexity if many sensitive fields are involved
+        if (dataImpact.sensitiveFields.length > 5) {
+            if (effort.complexity === 'simple')
+                effort.complexity = 'moderate';
+            else if (effort.complexity === 'moderate')
+                effort.complexity = 'complex';
+        }
+        // Increase regression risk if many tables are affected
+        if (dataImpact.tables.length > 3) {
+            if (effort.regressionRisk === 'low')
+                effort.regressionRisk = 'medium';
+            else if (effort.regressionRisk === 'medium')
+                effort.regressionRisk = 'high';
+        }
+        // Increase time if attack surface is large
+        if (dataImpact.attackSurfaceSize > 20) {
+            if (effort.time === 'minutes')
+                effort.time = 'hours';
+            else if (effort.time === 'hours')
+                effort.time = 'days';
+        }
+        return effort;
+    }
+    /**
+     * Build comprehensive references
+     */
+    buildReferences(finding, baseReferences) {
+        const references = [...baseReferences];
+        // Add CWE references from finding
+        if (finding.cwe) {
+            for (const cwe of finding.cwe) {
+                const cweId = cwe.replace('CWE-', '');
+                references.push({
+                    title: `CWE-${cweId}`,
+                    url: `https://cwe.mitre.org/data/definitions/${cweId}.html`,
+                    type: 'cwe',
+                });
+            }
+        }
+        // Add OWASP references from finding
+        if (finding.owasp) {
+            for (const owasp of finding.owasp) {
+                references.push({
+                    title: `OWASP ${owasp}`,
+                    url: `https://owasp.org/Top10/`,
+                    type: 'owasp',
+                });
+            }
+        }
+        // Deduplicate by URL
+        const seen = new Set();
+        return references.filter((ref) => {
+            if (seen.has(ref.url))
+                return false;
+            seen.add(ref.url);
+            return true;
+        });
+    }
+}
+/**
+ * Create a new remediation generator
+ */
+export function createRemediationGenerator() {
+    return new RemediationGenerator();
+}
+//# sourceMappingURL=remediation-generator.js.map

package/dist/call-graph/enrichment/remediation-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remediation-generator.js","sourceRoot":"","sources":["../../../src/call-graph/enrichment/remediation-generator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyBH;;GAEG;AACH,MAAM,qBAAqB,GAAiD;IAC1E,SAAS,EAAE;QACT,OAAO,EAAE,+EAA+E;QACxF,KAAK,EAAE;YACL,kEAAkE;YAClE,yDAAyD;YACzD,mDAAmD;YACnD,gDAAgD;YAChD,uCAAuC;SACxC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE;iBACH;gBACT,KAAK,EAAE;2BACY;aACpB;YACD;gBACE,WAAW,EAAE,yBAAyB;gBACtC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,8DAA8D;gBAC1E,KAAK,EAAE,qDAAqD;aAC7D;YACD;gBACE,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,6BAA6B;gBACzC,KAAK,EAAE,gDAAgD;aACxD;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,KAAK;SACtB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,4CAA4C;gBACnD,GAAG,EAAE,0FAA0F;gBAC/F,IAAI,EAAE,OAAO;aACd;YACD;gBACE,KAAK,EAAE,uBAAuB;gBAC9B,GAAG,EAAE,gDAAgD;gBACrD,IAAI,EAAE,KAAK;aACZ;SACF;KACF;IAED,aAAa,EAAE;QACb,OAAO,EAAE,gEAAgE;QACzE,KAAK,EAAE;YACL,2CAA2C;YAC3C,oDAAoD;YACpD,kDAAkD;YAClD,qDAAqD;YACrD,0DAA0D;YAC1D,0CAA0C;SAC3C;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,yBAAyB;gBACtC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,6BAA6B;gBACzC,KAAK,EAAE,+CAA+C;aACvD;YACD;gBACE,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,yCAAyC;gBACrD,KAAK,EAAE;;;;;;;;;;KAUV;aACE;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,QAAQ;SACzB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,kCAAkC;gBACzC,GAAG,EAAE,gFAAgF;gBACrF,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,oBAAoB,EAAE;QACpB,OAAO,EAAE,4DAA4D;QACrE,KAAK,EAAE;YACL,uDAAuD;YACvD,+CAA+C;YAC/C,oDAAoD;YACpD,kCAAkC;YAClC,gCAAgC;SACjC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,iDAAiD;gBAC7D,KAAK,EAAE,+DAA+D;aACvE;YACD;gBACE,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,mDAAmD;gBAC/D,KAAK,EAAE;uDACwC;aAChD;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,QAAQ;SACzB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,yCAAyC;gBAChD,GAAG,EAAE,uFAAuF;gBAC5F,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,GAAG,EAAE;QACH,OAAO,EAAE,mDAAmD;QAC5D,KAAK,EAAE;YACL,6CAA6C;YAC7C,8CAA8C;YAC9C,wCAAwC;YACxC,iCAAiC;SAClC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,2BAA2B;gBACxC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE;8CAC0B;gBACtC,KAAK,EAAE;;;;;;wBAMS;aACjB;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,KAAK;SACtB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,kCAAkC;gBACzC,GAAG,EAAE,gGAAgG;gBACrG,IAAI,EAAE,OAAO;aACd;YACD;gBACE,KAAK,EAAE,cAAc;gBACrB,GAAG,EAAE,iDAAiD;gBACtD,IAAI,EAAE,KAAK;aACZ;SACF;KACF;IAED,eAAe,EAAE;QACf,OAAO,EAAE,6DAA6D;QACtE,KAAK,EAAE;YACL,4DAA4D;YAC5D,mDAAmD;YACnD,kDAAkD;YAClD,2CAA2C;YAC3C,wCAAwC;SACzC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,yBAAyB;gBACtC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE;;;IAGhB;gBACI,KAAK,EAAE;;;;;;IAMX;aACG;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,QAAQ;SACzB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,iCAAiC;gBACxC,GAAG,EAAE,+EAA+E;gBACpF,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,SAAS,EAAE;QACT,OAAO,EAAE,0CAA0C;QACnD,KAAK,EAAE;YACL,gDAAgD;YAChD,qDAAqD;YACrD,qDAAqD;YACrD,wCAAwC;YACxC,0CAA0C;SAC3C;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,sBAAsB;gBACnC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,kBAAkB;gBAC9B,KAAK,EAAE;;;;KAIV;aACE;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,KAAK;SACtB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,8BAA8B;gBACrC,GAAG,EAAE,+CAA+C;gBACpD,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,GAAG,EAAE;QACH,OAAO,EAAE,gDAAgD;QACzD,KAAK,EAAE;YACL,uDAAuD;YACvD,2CAA2C;YAC3C,qCAAqC;YACrC,gDAAgD;YAChD,8CAA8C;SAC/C;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,gCAAgC;gBAC5C,KAAK,EAAE;;mDAEoC;aAC5C;YACD;gBACE,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,2DAA2D;gBACvE,KAAK,EAAE;;8EAE+D;aACvE;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,KAAK;SACtB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,kCAAkC;gBACzC,GAAG,EAAE,iGAAiG;gBACtG,IAAI,EAAE,OAAO;aACd;YACD;gBACE,KAAK,EAAE,aAAa;gBACpB,GAAG,EAAE,gDAAgD;gBACrD,IAAI,EAAE,KAAK;aACZ;SACF;KACF;IAED,eAAe,EAAE;QACf,OAAO,EAAE,6DAA6D;QACtE,KAAK,EAAE;YACL,+CAA+C;YAC/C,kDAAkD;YAClD,sEAAsE;YACtE,sCAAsC;YACtC,qCAAqC;SACtC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,0CAA0C;gBACtD,KAAK,EAAE;;qCAEsB;aAC9B;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,QAAQ;SACzB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,mCAAmC;gBAC1C,GAAG,EAAE,iFAAiF;gBACtF,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,UAAU,EAAE;QACV,OAAO,EAAE,oEAAoE;QAC7E,KAAK,EAAE;YACL,oDAAoD;YACpD,uCAAuC;YACvC,mCAAmC;YACnC,+CAA+C;YAC/C,8CAA8C;SAC/C;QACD,YAAY,EAAE,EAAE;QAChB,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;SACzB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,wBAAwB;gBAC/B,GAAG,EAAE,iDAAiD;gBACtD,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,OAAO,EAAE;QACP,OAAO,EAAE,yDAAyD;QAClE,KAAK,EAAE;YACL,0CAA0C;YAC1C,2CAA2C;YAC3C,wCAAwC;YACxC,2CAA2C;YAC3C,qCAAqC;SACtC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE;yCACqB;gBACjC,KAAK,EAAE;;;;;;;;EAQb;aACK;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,KAAK;SACtB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,2BAA2B;gBAClC,GAAG,EAAE,yEAAyE;gBAC9E,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,IAAI,EAAE;QACJ,OAAO,EAAE,yDAAyD;QAClE,KAAK,EAAE;YACL,gDAAgD;YAChD,0CAA0C;YAC1C,4DAA4D;YAC5D,iCAAiC;YACjC,gCAAgC;SACjC;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,+BAA+B;gBAC5C,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,gDAAgD;gBAC5D,KAAK,EAAE;;;;;;;8CAO+B;aACvC;SACF;QACD,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,KAAK;SACtB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,mCAAmC;gBAC1C,GAAG,EAAE,wGAAwG;gBAC7G,IAAI,EAAE,OAAO;aACd;SACF;KACF;IAED,KAAK,EAAE;QACL,OAAO,EAAE,uEAAuE;QAChF,KAAK,EAAE;YACL,qDAAqD;YACrD,gDAAgD;YAChD,mCAAmC;YACnC,6BAA6B;YAC7B,+CAA+C;SAChD;QACD,YAAY,EAAE,EAAE;QAChB,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,QAAQ;SACzB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,0BAA0B;gBACjC,GAAG,EAAE,qCAAqC;gBAC1C,IAAI,EAAE,OAAO;aACd;SACF;KACF;CACF,CAAC;AAEF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;OAEG;IACH,QAAQ,CACN,OAAwB,EACxB,UAAsB;QAEtB,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEzD,4BAA4B;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEnE,gCAAgC;QAChC,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;QAE7E,qCAAqC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAE9D,oDAAoD;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;QAEtE,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC;YACjE,KAAK;YACL,YAAY;YACZ,MAAM;YACN,UAAU;SACX,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,YAAY,CAClB,QAAyB,EACzB,UAAsB,EACtB,WAAmB;QAEnB,IAAI,OAAO,GAAG,WAAW,CAAC;QAE1B,0BAA0B;QAC1B,IAAI,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAC5B,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAC/D,CAAC,CAAC;YACH,OAAO,IAAI,kCAAkC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;QAC5E,CAAC;QAED,yBAAyB;QACzB,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,8BAA8B,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/E,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,UAAU,CAChB,OAAwB,EACxB,UAAsB,EACtB,SAAmB;QAEnB,MAAM,KAAK,GAAsB,SAAS,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YACtE,KAAK,EAAE,KAAK,GAAG,CAAC;YAChB,WAAW;YACX,IAAI,EAAE,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;YAC5C,IAAI,EAAE,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;SAC7C,CAAC,CAAC,CAAC;QAEJ,wDAAwD;QACxD,IAAI,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;gBACvB,WAAW,EAAE,sCAAsC,UAAU,CAAC,eAAe;qBAC1E,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;qBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;qBAC/C,IAAI,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;aACrE,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC;gBACT,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;gBACvB,WAAW,EAAE,0BAA0B,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,iCAAiC;aAC1G,CAAC,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,QAAyB,EACzB,QAAuB;QAEvB,gDAAgD;QAChD,iEAAiE;QACjE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,YAAY,CAClB,UAA6B,EAC7B,UAAsB;QAEtB,IAAI,MAAM,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;QAE/B,4DAA4D;QAC5D,IAAI,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,IAAI,MAAM,CAAC,UAAU,KAAK,QAAQ;gBAAE,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;iBAC9D,IAAI,MAAM,CAAC,UAAU,KAAK,UAAU;gBAAE,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC;QAC3E,CAAC;QAED,uDAAuD;QACvD,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,IAAI,MAAM,CAAC,cAAc,KAAK,KAAK;gBAAE,MAAM,CAAC,cAAc,GAAG,QAAQ,CAAC;iBACjE,IAAI,MAAM,CAAC,cAAc,KAAK,QAAQ;gBAAE,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC;QAC9E,CAAC;QAED,2CAA2C;QAC3C,IAAI,UAAU,CAAC,iBAAiB,GAAG,EAAE,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS;gBAAE,MAAM,CAAC,IAAI,GAAG,OAAO,CAAC;iBAChD,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO;gBAAE,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC;QACzD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,eAAe,CACrB,OAAwB,EACxB,cAA2B;QAE3B,MAAM,UAAU,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC;QAEvC,kCAAkC;QAClC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBACtC,UAAU,CAAC,IAAI,CAAC;oBACd,KAAK,EAAE,OAAO,KAAK,EAAE;oBACrB,GAAG,EAAE,0CAA0C,KAAK,OAAO;oBAC3D,IAAI,EAAE,KAAK;iBACZ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClC,UAAU,CAAC,IAAI,CAAC;oBACd,KAAK,EAAE,SAAS,KAAK,EAAE;oBACvB,GAAG,EAAE,0BAA0B;oBAC/B,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;YAC/B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YACpC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,IAAI,oBAAoB,EAAE,CAAC;AACpC,CAAC"}