driftdetect-detectors 0.1.0

package/dist/auth/middleware-usage.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Middleware Usage Detector - Auth middleware pattern detection
+ *
+ * Detects auth middleware patterns including Express/Koa middleware, Next.js middleware,
+ * route protection patterns, session validation, and JWT verification.
+ *
+ * Flags violations: Unprotected routes, inconsistent middleware usage, missing auth checks.
+ *
+ * @requirements 11.1 - Auth middleware patterns
+ * @requirements 11.7 - Unprotected route detection
+ */
+import type { Language } from 'driftdetect-core';
+import { RegexDetector, type DetectionContext, type DetectionResult } from '../base/index.js';
+export type AuthMiddlewareType = 'express-middleware' | 'nextjs-middleware' | 'route-guard' | 'session-check' | 'api-key-check' | 'jwt-verify';
+export type AuthMiddlewareViolationType = 'unprotected-route' | 'inconsistent-middleware' | 'missing-auth-check';
+export interface AuthMiddlewarePatternInfo {
+    type: AuthMiddlewareType;
+    file: string;
+    line: number;
+    column: number;
+    matchedText: string;
+    middlewareName?: string;
+    context?: string;
+}
+export interface AuthMiddlewareViolationInfo {
+    type: AuthMiddlewareViolationType;
+    file: string;
+    line: number;
+    column: number;
+    endLine: number;
+    endColumn: number;
+    value: string;
+    issue: string;
+    suggestedFix?: string;
+    lineContent: string;
+}
+export interface AuthMiddlewareAnalysis {
+    patterns: AuthMiddlewarePatternInfo[];
+    violations: AuthMiddlewareViolationInfo[];
+    hasAuthMiddleware: boolean;
+    protectedRoutes: number;
+    unprotectedRoutes: number;
+}
+export declare const AUTH_MIDDLEWARE_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const NEXTJS_MIDDLEWARE_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const JWT_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const ROUTE_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp];
+export declare const SENSITIVE_ROUTE_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp];
+export declare const EXCLUDED_FILE_PATTERNS: RegExp[];
+export declare function shouldExcludeFile(filePath: string): boolean;
+export declare function detectAuthMiddleware(content: string, file: string): AuthMiddlewarePatternInfo[];
+export declare function detectUnprotectedRoutes(content: string, file: string, hasAuth: boolean): AuthMiddlewareViolationInfo[];
+export declare function analyzeAuthMiddleware(content: string, file: string): AuthMiddlewareAnalysis;
+export declare class AuthMiddlewareDetector extends RegexDetector {
+    readonly id = "auth/middleware-usage";
+    readonly name = "Auth Middleware Detector";
+    readonly description = "Detects auth middleware patterns and unprotected routes";
+    readonly category = "auth";
+    readonly subcategory = "middleware";
+    readonly supportedLanguages: Language[];
+    detect(context: DetectionContext): Promise<DetectionResult>;
+    generateQuickFix(): null;
+}
+export declare function createAuthMiddlewareDetector(): AuthMiddlewareDetector;
+//# sourceMappingURL=middleware-usage.d.ts.map

package/dist/auth/middleware-usage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware-usage.d.ts","sourceRoot":"","sources":["../../src/auth/middleware-usage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,KAAK,gBAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAE9F,MAAM,MAAM,kBAAkB,GAAG,oBAAoB,GAAG,mBAAmB,GAAG,aAAa,GAAG,eAAe,GAAG,eAAe,GAAG,YAAY,CAAC;AAC/I,MAAM,MAAM,2BAA2B,GAAG,mBAAmB,GAAG,yBAAyB,GAAG,oBAAoB,CAAC;AAEjH,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,kBAAkB,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,2BAA2B;IAC1C,IAAI,EAAE,2BAA2B,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,yBAAyB,EAAE,CAAC;IACtC,UAAU,EAAE,2BAA2B,EAAE,CAAC;IAC1C,iBAAiB,EAAE,OAAO,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAGD,eAAO,MAAM,wBAAwB,mEAU3B,CAAC;AAEX,eAAO,MAAM,0BAA0B,mDAM7B,CAAC;AAEX,eAAO,MAAM,YAAY,2FAaf,CAAC;AAEX,eAAO,MAAM,cAAc,2CAOjB,CAAC;AAEX,eAAO,MAAM,wBAAwB,2CAK3B,CAAC;AAEX,eAAO,MAAM,sBAAsB,UAAyE,CAAC;AAE7G,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE3D;AAeD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,yBAAyB,EAAE,CAkD/F;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,2BAA2B,EAAE,CA8BtH;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,sBAAsB,CAgB3F;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,QAAQ,CAAC,EAAE,2BAA2B;IACtC,QAAQ,CAAC,IAAI,8BAA8B;IAC3C,QAAQ,CAAC,WAAW,6DAA6D;IACjF,QAAQ,CAAC,QAAQ,UAAU;IAC3B,QAAQ,CAAC,WAAW,gBAAgB;IACpC,QAAQ,CAAC,kBAAkB,EAAE,QAAQ,EAAE,CAA0C;IAE3E,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAUjE,gBAAgB,IAAI,IAAI;CAGzB;AAED,wBAAgB,4BAA4B,IAAI,sBAAsB,CAErE"}

package/dist/auth/middleware-usage.js

@@ -0,0 +1,192 @@
+/**
+ * Middleware Usage Detector - Auth middleware pattern detection
+ *
+ * Detects auth middleware patterns including Express/Koa middleware, Next.js middleware,
+ * route protection patterns, session validation, and JWT verification.
+ *
+ * Flags violations: Unprotected routes, inconsistent middleware usage, missing auth checks.
+ *
+ * @requirements 11.1 - Auth middleware patterns
+ * @requirements 11.7 - Unprotected route detection
+ */
+import { RegexDetector } from '../base/index.js';
+// Constants (JavaScript/TypeScript + Python)
+export const AUTH_MIDDLEWARE_PATTERNS = [
+    // JavaScript/TypeScript
+    /(?:requireAuth|isAuthenticated|authenticate|authMiddleware|withAuth|protected)\s*[,(]/gi,
+    /middleware\s*:\s*\[?[^}\]]*(?:auth|protect|guard)/gi,
+    /app\.use\s*\([^)]*(?:passport|session|jwt|auth)/gi,
+    /router\.use\s*\([^)]*(?:auth|protect|verify)/gi,
+    // Python FastAPI
+    /Depends\s*\(\s*(?:get_current_user|verify_token|auth_required)/gi,
+    /dependencies\s*=\s*\[[^\]]*(?:auth|verify|current_user)/gi,
+    /@(?:requires_auth|login_required|authenticated)/gi,
+];
+export const NEXTJS_MIDDLEWARE_PATTERNS = [
+    /export\s+(?:default\s+)?function\s+middleware/gi,
+    /NextResponse\.(?:redirect|rewrite)\s*\(/gi,
+    /getServerSession\s*\(/gi,
+    /getSession\s*\(/gi,
+    /withAuth\s*\(/gi,
+];
+export const JWT_PATTERNS = [
+    // JavaScript/TypeScript
+    /jwt\.verify\s*\(/gi,
+    /jsonwebtoken/gi,
+    /verifyToken\s*\(/gi,
+    /decodeToken\s*\(/gi,
+    /validateToken\s*\(/gi,
+    // Python
+    /jwt\.decode\s*\(/gi,
+    /PyJWT/gi,
+    /python-jose/gi,
+    /verify_token\s*\(/gi,
+    /decode_token\s*\(/gi,
+];
+export const ROUTE_PATTERNS = [
+    // JavaScript/TypeScript
+    /app\.(get|post|put|patch|delete)\s*\(\s*['"`][^'"`]+['"`]/gi,
+    /router\.(get|post|put|patch|delete)\s*\(\s*['"`][^'"`]+['"`]/gi,
+    /export\s+async\s+function\s+(GET|POST|PUT|PATCH|DELETE)/gi,
+    // Python FastAPI
+    /@(?:app|router)\.(get|post|put|patch|delete)\s*\(\s*['"][^'"]+['"]/gi,
+];
+export const SENSITIVE_ROUTE_PATTERNS = [
+    /\/api\/(?:admin|user|account|profile|settings|billing|payment)/i,
+    /\/api\/v\d+\/(?:admin|user|account)/i,
+    /\/dashboard/i,
+    /\/admin/i,
+];
+export const EXCLUDED_FILE_PATTERNS = [/\.test\.[jt]sx?$/, /\.spec\.[jt]sx?$/, /node_modules\//, /\.d\.ts$/];
+export function shouldExcludeFile(filePath) {
+    return EXCLUDED_FILE_PATTERNS.some(p => p.test(filePath));
+}
+function isInsideComment(content, index) {
+    const before = content.slice(0, index);
+    const lastNewline = before.lastIndexOf('\n');
+    const line = before.slice(lastNewline + 1);
+    if (line.includes('//') && index - lastNewline - 1 > line.indexOf('//'))
+        return true;
+    return before.lastIndexOf('/*') > before.lastIndexOf('*/');
+}
+function getPosition(content, index) {
+    const before = content.slice(0, index);
+    return { line: before.split('\n').length, column: index - before.lastIndexOf('\n') };
+}
+export function detectAuthMiddleware(content, file) {
+    const results = [];
+    const lines = content.split('\n');
+    for (const pattern of AUTH_MIDDLEWARE_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: 'express-middleware',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    for (const pattern of NEXTJS_MIDDLEWARE_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: 'nextjs-middleware',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    for (const pattern of JWT_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: 'jwt-verify',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    return results;
+}
+export function detectUnprotectedRoutes(content, file, hasAuth) {
+    const violations = [];
+    const lines = content.split('\n');
+    if (hasAuth)
+        return violations;
+    for (const routePattern of ROUTE_PATTERNS) {
+        const regex = new RegExp(routePattern.source, routePattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const isSensitive = SENSITIVE_ROUTE_PATTERNS.some(p => p.test(match[0]));
+            if (isSensitive) {
+                const { line, column } = getPosition(content, match.index);
+                violations.push({
+                    type: 'unprotected-route',
+                    file, line, column,
+                    endLine: line,
+                    endColumn: column + match[0].length,
+                    value: match[0],
+                    issue: 'Sensitive route without visible auth middleware',
+                    suggestedFix: 'Add authentication middleware to protect this route',
+                    lineContent: lines[line - 1] || '',
+                });
+            }
+        }
+    }
+    return violations;
+}
+export function analyzeAuthMiddleware(content, file) {
+    if (shouldExcludeFile(file)) {
+        return { patterns: [], violations: [], hasAuthMiddleware: false, protectedRoutes: 0, unprotectedRoutes: 0 };
+    }
+    const patterns = detectAuthMiddleware(content, file);
+    const hasAuth = patterns.length > 0;
+    const violations = detectUnprotectedRoutes(content, file, hasAuth);
+    return {
+        patterns,
+        violations,
+        hasAuthMiddleware: hasAuth,
+        protectedRoutes: hasAuth ? patterns.length : 0,
+        unprotectedRoutes: violations.length,
+    };
+}
+export class AuthMiddlewareDetector extends RegexDetector {
+    id = 'auth/middleware-usage';
+    name = 'Auth Middleware Detector';
+    description = 'Detects auth middleware patterns and unprotected routes';
+    category = 'auth';
+    subcategory = 'middleware';
+    supportedLanguages = ['typescript', 'javascript', 'python'];
+    async detect(context) {
+        const { content, file } = context;
+        if (shouldExcludeFile(file))
+            return this.createEmptyResult();
+        const analysis = analyzeAuthMiddleware(content, file);
+        const confidence = analysis.hasAuthMiddleware ? 0.9 : 0.7;
+        return this.createResult([], [], confidence);
+    }
+    generateQuickFix() {
+        return null;
+    }
+}
+export function createAuthMiddlewareDetector() {
+    return new AuthMiddlewareDetector();
+}
+//# sourceMappingURL=middleware-usage.js.map

package/dist/auth/middleware-usage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware-usage.js","sourceRoot":"","sources":["../../src/auth/middleware-usage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EAAE,aAAa,EAA+C,MAAM,kBAAkB,CAAC;AAoC9F,6CAA6C;AAC7C,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,wBAAwB;IACxB,yFAAyF;IACzF,qDAAqD;IACrD,mDAAmD;IACnD,gDAAgD;IAChD,iBAAiB;IACjB,kEAAkE;IAClE,2DAA2D;IAC3D,mDAAmD;CAC3C,CAAC;AAEX,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,iDAAiD;IACjD,2CAA2C;IAC3C,yBAAyB;IACzB,mBAAmB;IACnB,iBAAiB;CACT,CAAC;AAEX,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,wBAAwB;IACxB,oBAAoB;IACpB,gBAAgB;IAChB,oBAAoB;IACpB,oBAAoB;IACpB,sBAAsB;IACtB,SAAS;IACT,oBAAoB;IACpB,SAAS;IACT,eAAe;IACf,qBAAqB;IACrB,qBAAqB;CACb,CAAC;AAEX,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,wBAAwB;IACxB,6DAA6D;IAC7D,gEAAgE;IAChE,2DAA2D;IAC3D,iBAAiB;IACjB,sEAAsE;CAC9D,CAAC;AAEX,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,iEAAiE;IACjE,sCAAsC;IACtC,cAAc;IACd,UAAU;CACF,CAAC;AAEX,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;AAE7G,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,KAAa;IACrD,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrF,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,KAAa;IACjD,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;AACvF,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAe,EAAE,IAAY;IAChE,MAAM,OAAO,GAAgC,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,oBAAoB;gBAC1B,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,0BAA0B,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAe,EAAE,IAAY,EAAE,OAAgB;IACrF,MAAM,UAAU,GAAkC,EAAE,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,IAAI,OAAO;QAAE,OAAO,UAAU,CAAC;IAE/B,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC;QAClE,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YAEpD,MAAM,WAAW,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1E,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC3D,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,mBAAmB;oBACzB,IAAI,EAAE,IAAI,EAAE,MAAM;oBAClB,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;oBACnC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBACf,KAAK,EAAE,iDAAiD;oBACxD,YAAY,EAAE,qDAAqD;oBACnE,WAAW,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAe,EAAE,IAAY;IACjE,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,iBAAiB,EAAE,CAAC,EAAE,CAAC;IAC9G,CAAC;IAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACpC,MAAM,UAAU,GAAG,uBAAuB,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAEnE,OAAO;QACL,QAAQ;QACR,UAAU;QACV,iBAAiB,EAAE,OAAO;QAC1B,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC9C,iBAAiB,EAAE,UAAU,CAAC,MAAM;KACrC,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IAC9C,EAAE,GAAG,uBAAuB,CAAC;IAC7B,IAAI,GAAG,0BAA0B,CAAC;IAClC,WAAW,GAAG,yDAAyD,CAAC;IACxE,QAAQ,GAAG,MAAM,CAAC;IAClB,WAAW,GAAG,YAAY,CAAC;IAC3B,kBAAkB,GAAe,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAEjF,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QAClC,IAAI,iBAAiB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE7D,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAE1D,OAAO,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,4BAA4B;IAC1C,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC"}

package/dist/auth/permission-checks.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Permission Checks Detector - Permission pattern detection
+ *
+ * Detects permission checking patterns including role checks, capability checks,
+ * and authorization guards.
+ *
+ * @requirements 11.3 - Permission check patterns
+ */
+import type { Language } from 'driftdetect-core';
+import { RegexDetector, type DetectionContext, type DetectionResult } from '../base/index.js';
+export type PermissionPatternType = 'role-check' | 'capability-check' | 'permission-guard' | 'access-control';
+export type PermissionViolationType = 'missing-permission-check' | 'inconsistent-permissions';
+export interface PermissionPatternInfo {
+    type: PermissionPatternType;
+    file: string;
+    line: number;
+    column: number;
+    matchedText: string;
+    context?: string;
+}
+export interface PermissionViolationInfo {
+    type: PermissionViolationType;
+    file: string;
+    line: number;
+    column: number;
+    endLine: number;
+    endColumn: number;
+    value: string;
+    issue: string;
+    suggestedFix?: string;
+    lineContent: string;
+}
+export interface PermissionAnalysis {
+    patterns: PermissionPatternInfo[];
+    violations: PermissionViolationInfo[];
+    hasPermissionChecks: boolean;
+}
+export declare const PERMISSION_CHECK_PATTERNS: readonly [RegExp, RegExp, RegExp];
+export declare const AUTHORIZATION_PATTERNS: readonly [RegExp, RegExp, RegExp];
+export declare const GUARD_PATTERNS: readonly [RegExp, RegExp, RegExp];
+export declare const POLICY_PATTERNS: readonly [RegExp, RegExp, RegExp];
+export declare const EXCLUDED_FILE_PATTERNS: RegExp[];
+export declare function shouldExcludeFile(filePath: string): boolean;
+export declare function detectPermissionChecks(content: string, file: string): PermissionPatternInfo[];
+export declare function detectAuthorizationPatterns(content: string, file: string): PermissionPatternInfo[];
+export declare function detectGuardPatterns(content: string, file: string): PermissionPatternInfo[];
+export declare function detectPolicyPatterns(content: string, file: string): PermissionPatternInfo[];
+export declare function analyzePermissions(content: string, file: string): PermissionAnalysis;
+export declare class PermissionChecksDetector extends RegexDetector {
+    readonly id = "auth/permission-checks";
+    readonly name = "Permission Checks Detector";
+    readonly description = "Detects permission checking patterns";
+    readonly category = "auth";
+    readonly subcategory = "permissions";
+    readonly supportedLanguages: Language[];
+    detect(context: DetectionContext): Promise<DetectionResult>;
+    generateQuickFix(): null;
+}
+export declare function createPermissionChecksDetector(): PermissionChecksDetector;
+//# sourceMappingURL=permission-checks.d.ts.map

package/dist/auth/permission-checks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-checks.d.ts","sourceRoot":"","sources":["../../src/auth/permission-checks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,KAAK,gBAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAE9F,MAAM,MAAM,qBAAqB,GAAG,YAAY,GAAG,kBAAkB,GAAG,kBAAkB,GAAG,gBAAgB,CAAC;AAC9G,MAAM,MAAM,uBAAuB,GAAG,0BAA0B,GAAG,0BAA0B,CAAC;AAE9F,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,uBAAuB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,qBAAqB,EAAE,CAAC;IAClC,UAAU,EAAE,uBAAuB,EAAE,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,eAAO,MAAM,yBAAyB,mCAI5B,CAAC;AAEX,eAAO,MAAM,sBAAsB,mCAIzB,CAAC;AAEX,eAAO,MAAM,cAAc,mCAIjB,CAAC;AAEX,eAAO,MAAM,eAAe,mCAIlB,CAAC;AAEX,eAAO,MAAM,sBAAsB,UAAyE,CAAC;AAE7G,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE3D;AAeD,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,qBAAqB,EAAE,CAmB7F;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,qBAAqB,EAAE,CAmBlG;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,qBAAqB,EAAE,CAmB1F;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,qBAAqB,EAAE,CAmB3F;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,kBAAkB,CAapF;AAED,qBAAa,wBAAyB,SAAQ,aAAa;IACzD,QAAQ,CAAC,EAAE,4BAA4B;IACvC,QAAQ,CAAC,IAAI,gCAAgC;IAC7C,QAAQ,CAAC,WAAW,0CAA0C;IAC9D,QAAQ,CAAC,QAAQ,UAAU;IAC3B,QAAQ,CAAC,WAAW,iBAAiB;IACrC,QAAQ,CAAC,kBAAkB,EAAE,QAAQ,EAAE,CAA0C;IAE3E,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAQjE,gBAAgB,IAAI,IAAI;CAGzB;AAED,wBAAgB,8BAA8B,IAAI,wBAAwB,CAEzE"}

package/dist/auth/permission-checks.js

@@ -0,0 +1,159 @@
+/**
+ * Permission Checks Detector - Permission pattern detection
+ *
+ * Detects permission checking patterns including role checks, capability checks,
+ * and authorization guards.
+ *
+ * @requirements 11.3 - Permission check patterns
+ */
+import { RegexDetector } from '../base/index.js';
+export const PERMISSION_CHECK_PATTERNS = [
+    /(?:hasPermission|checkPermission|canAccess|isAllowed)\s*\(/gi,
+    /(?:hasRole|checkRole|isAdmin|isModerator)\s*\(/gi,
+    /user\.(?:role|permissions|capabilities)\s*(?:\.|\.includes|\.has)/gi,
+];
+export const AUTHORIZATION_PATTERNS = [
+    /(?:authorize|guard|protect)\s*\(\s*['"`]\w+['"`]/gi,
+    /\.can\s*\(\s*['"`]\w+['"`]/gi,
+    /ability\.(?:can|cannot)\s*\(/gi,
+];
+export const GUARD_PATTERNS = [
+    /permissions\.(?:check|has|includes)\s*\(/gi,
+    /@(?:Authorize|RequirePermission|Guard)\s*\(/gi,
+    /usePermission\s*\(/gi,
+];
+export const POLICY_PATTERNS = [
+    /policy\.(?:check|allows|denies)\s*\(/gi,
+    /defineAbility/gi,
+    /createPolicy/gi,
+];
+export const EXCLUDED_FILE_PATTERNS = [/\.test\.[jt]sx?$/, /\.spec\.[jt]sx?$/, /node_modules\//, /\.d\.ts$/];
+export function shouldExcludeFile(filePath) {
+    return EXCLUDED_FILE_PATTERNS.some(p => p.test(filePath));
+}
+function isInsideComment(content, index) {
+    const before = content.slice(0, index);
+    const lastNewline = before.lastIndexOf('\n');
+    const line = before.slice(lastNewline + 1);
+    if (line.includes('//') && index - lastNewline - 1 > line.indexOf('//'))
+        return true;
+    return before.lastIndexOf('/*') > before.lastIndexOf('*/');
+}
+function getPosition(content, index) {
+    const before = content.slice(0, index);
+    return { line: before.split('\n').length, column: index - before.lastIndexOf('\n') };
+}
+export function detectPermissionChecks(content, file) {
+    const results = [];
+    const lines = content.split('\n');
+    for (const pattern of PERMISSION_CHECK_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: match[0].toLowerCase().includes('role') ? 'role-check' : 'permission-guard',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    return results;
+}
+export function detectAuthorizationPatterns(content, file) {
+    const results = [];
+    const lines = content.split('\n');
+    for (const pattern of AUTHORIZATION_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: 'access-control',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    return results;
+}
+export function detectGuardPatterns(content, file) {
+    const results = [];
+    const lines = content.split('\n');
+    for (const pattern of GUARD_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: 'permission-guard',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    return results;
+}
+export function detectPolicyPatterns(content, file) {
+    const results = [];
+    const lines = content.split('\n');
+    for (const pattern of POLICY_PATTERNS) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (isInsideComment(content, match.index))
+                continue;
+            const { line, column } = getPosition(content, match.index);
+            results.push({
+                type: 'access-control',
+                file, line, column,
+                matchedText: match[0],
+                context: lines[line - 1] || '',
+            });
+        }
+    }
+    return results;
+}
+export function analyzePermissions(content, file) {
+    if (shouldExcludeFile(file)) {
+        return { patterns: [], violations: [], hasPermissionChecks: false };
+    }
+    const patterns = [
+        ...detectPermissionChecks(content, file),
+        ...detectAuthorizationPatterns(content, file),
+        ...detectGuardPatterns(content, file),
+        ...detectPolicyPatterns(content, file),
+    ];
+    return { patterns, violations: [], hasPermissionChecks: patterns.length > 0 };
+}
+export class PermissionChecksDetector extends RegexDetector {
+    id = 'auth/permission-checks';
+    name = 'Permission Checks Detector';
+    description = 'Detects permission checking patterns';
+    category = 'auth';
+    subcategory = 'permissions';
+    supportedLanguages = ['typescript', 'javascript', 'python'];
+    async detect(context) {
+        const { content, file } = context;
+        if (shouldExcludeFile(file))
+            return this.createEmptyResult();
+        const analysis = analyzePermissions(content, file);
+        return this.createResult([], [], analysis.hasPermissionChecks ? 0.85 : 1.0);
+    }
+    generateQuickFix() {
+        return null;
+    }
+}
+export function createPermissionChecksDetector() {
+    return new PermissionChecksDetector();
+}
+//# sourceMappingURL=permission-checks.js.map

package/dist/auth/permission-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-checks.js","sourceRoot":"","sources":["../../src/auth/permission-checks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,aAAa,EAA+C,MAAM,kBAAkB,CAAC;AAiC9F,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,8DAA8D;IAC9D,kDAAkD;IAClD,qEAAqE;CAC7D,CAAC;AAEX,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,oDAAoD;IACpD,8BAA8B;IAC9B,gCAAgC;CACxB,CAAC;AAEX,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,4CAA4C;IAC5C,+CAA+C;IAC/C,sBAAsB;CACd,CAAC;AAEX,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,wCAAwC;IACxC,iBAAiB;IACjB,gBAAgB;CACR,CAAC;AAEX,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;AAE7G,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,KAAa;IACrD,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrF,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,KAAa;IACjD,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;AACvF,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAe,EAAE,IAAY;IAClE,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,kBAAkB;gBACjF,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,OAAe,EAAE,IAAY;IACvE,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAe,EAAE,IAAY;IAC/D,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,kBAAkB;gBACxB,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAe,EAAE,IAAY;IAChE,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,IAAI,EAAE,MAAM;gBAClB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,OAAO,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAe,EAAE,IAAY;IAC9D,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC;IACtE,CAAC;IAED,MAAM,QAAQ,GAA4B;QACxC,GAAG,sBAAsB,CAAC,OAAO,EAAE,IAAI,CAAC;QACxC,GAAG,2BAA2B,CAAC,OAAO,EAAE,IAAI,CAAC;QAC7C,GAAG,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC;QACrC,GAAG,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC;KACvC,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,mBAAmB,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,MAAM,OAAO,wBAAyB,SAAQ,aAAa;IAChD,EAAE,GAAG,wBAAwB,CAAC;IAC9B,IAAI,GAAG,4BAA4B,CAAC;IACpC,WAAW,GAAG,sCAAsC,CAAC;IACrD,QAAQ,GAAG,MAAM,CAAC;IAClB,WAAW,GAAG,aAAa,CAAC;IAC5B,kBAAkB,GAAe,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAEjF,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QAClC,IAAI,iBAAiB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE7D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9E,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,8BAA8B;IAC5C,OAAO,IAAI,wBAAwB,EAAE,CAAC;AACxC,CAAC"}

package/dist/auth/rbac-patterns.d.ts

@@ -0,0 +1,68 @@
+/**
+ * RBAC Patterns Detector - Role-Based Access Control pattern detection
+ *
+ * Detects RBAC patterns including role definitions, role assignments,
+ * and role-based authorization.
+ *
+ * @requirements 11.4 - RBAC patterns
+ */
+import type { Language } from 'driftdetect-core';
+import { RegexDetector, type DetectionContext, type DetectionResult } from '../base/index.js';
+export type RbacPatternType = 'role-definition' | 'role-assignment' | 'role-check' | 'role-hierarchy';
+export type RbacViolationType = 'missing-role-check' | 'inconsistent-roles';
+export interface RbacPatternInfo {
+    type: RbacPatternType;
+    file: string;
+    line: number;
+    column: number;
+    matchedText: string;
+    roleName?: string;
+    context?: string;
+}
+export interface RbacViolationInfo {
+    type: RbacViolationType;
+    file: string;
+    line: number;
+    column: number;
+    endLine: number;
+    endColumn: number;
+    value: string;
+    issue: string;
+    suggestedFix?: string;
+    lineContent: string;
+}
+export interface RbacAnalysis {
+    patterns: RbacPatternInfo[];
+    violations: RbacViolationInfo[];
+    roles: string[];
+    hasRoleHierarchy: boolean;
+}
+export declare const ROLE_DEFINITION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const ROLE_ASSIGNMENT_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const ROLE_CHECK_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const ROLE_HIERARCHY_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp];
+export declare const EXCLUDED_FILE_PATTERNS: RegExp[];
+export declare function shouldExcludeFile(filePath: string): boolean;
+export declare function detectRoleDefinitions(content: string, file: string): RbacPatternInfo[];
+export declare function detectRoleChecks(content: string, file: string): RbacPatternInfo[];
+export declare function detectRoleAssignments(content: string, file: string): RbacPatternInfo[];
+export declare function detectRoleHierarchy(content: string, file: string): RbacPatternInfo[];
+export declare function analyzeRbac(content: string, file: string): RbacAnalysis;
+export type RBACPatternType = RbacPatternType;
+export type RBACPatternInfo = RbacPatternInfo;
+export type RBACAnalysis = RbacAnalysis;
+export declare const analyzeRBACPatterns: typeof analyzeRbac;
+export declare class RbacPatternsDetector extends RegexDetector {
+    readonly id = "auth/rbac-patterns";
+    readonly name = "RBAC Patterns Detector";
+    readonly description = "Detects Role-Based Access Control patterns";
+    readonly category = "auth";
+    readonly subcategory = "rbac";
+    readonly supportedLanguages: Language[];
+    detect(context: DetectionContext): Promise<DetectionResult>;
+    generateQuickFix(): null;
+}
+export declare const RBACPatternsDetector: typeof RbacPatternsDetector;
+export declare function createRbacPatternsDetector(): RbacPatternsDetector;
+export declare const createRBACPatternsDetector: typeof createRbacPatternsDetector;
+//# sourceMappingURL=rbac-patterns.d.ts.map

package/dist/auth/rbac-patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-patterns.d.ts","sourceRoot":"","sources":["../../src/auth/rbac-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,KAAK,gBAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAE9F,MAAM,MAAM,eAAe,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,YAAY,GAAG,gBAAgB,CAAC;AACtG,MAAM,MAAM,iBAAiB,GAAG,oBAAoB,GAAG,oBAAoB,CAAC;AAE5E,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,iBAAiB,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,eAAO,MAAM,wBAAwB,2EAW3B,CAAC;AAEX,eAAO,MAAM,wBAAwB,mGAc3B,CAAC;AAEX,eAAO,MAAM,mBAAmB,2GAetB,CAAC;AAEX,eAAO,MAAM,uBAAuB,2CAK1B,CAAC;AAEX,eAAO,MAAM,sBAAsB,UAAwH,CAAC;AAE5J,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE3D;AA+BD,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAEtF;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAEjF;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAEtF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAEpF;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,YAAY,CAiBvE;AAGD,MAAM,MAAM,eAAe,GAAG,eAAe,CAAC;AAC9C,MAAM,MAAM,eAAe,GAAG,eAAe,CAAC;AAC9C,MAAM,MAAM,YAAY,GAAG,YAAY,CAAC;AACxC,eAAO,MAAM,mBAAmB,oBAAc,CAAC;AAE/C,qBAAa,oBAAqB,SAAQ,aAAa;IACrD,QAAQ,CAAC,EAAE,wBAAwB;IACnC,QAAQ,CAAC,IAAI,4BAA4B;IACzC,QAAQ,CAAC,WAAW,gDAAgD;IACpE,QAAQ,CAAC,QAAQ,UAAU;IAC3B,QAAQ,CAAC,WAAW,UAAU;IAC9B,QAAQ,CAAC,kBAAkB,EAAE,QAAQ,EAAE,CAA0C;IAE3E,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAQjE,gBAAgB,IAAI,IAAI;CAGzB;AAGD,eAAO,MAAM,oBAAoB,6BAAuB,CAAC;AAEzD,wBAAgB,0BAA0B,IAAI,oBAAoB,CAEjE;AAGD,eAAO,MAAM,0BAA0B,mCAA6B,CAAC"}