driftdetect-detectors 0.1.0

package/dist/security/secret-management.js

@@ -0,0 +1,547 @@
+/**
+ * Secret Management Detector - Secret and credential handling pattern detection
+ *
+ * Detects secret management patterns including:
+ * - Hardcoded secrets and credentials
+ * - Environment variable usage
+ * - Secret manager integrations
+ * - API key patterns
+ * - Credential rotation patterns
+ *
+ * @requirements 16.6 - Secret management patterns
+ */
+import { RegexDetector } from '../base/regex-detector.js';
+// ============================================================================
+// Constants
+// ============================================================================
+export const ENV_VARIABLE_PATTERNS = [
+    /process\.env\.[A-Z_][A-Z0-9_]*/gi,
+    /process\.env\[['"`][A-Z_][A-Z0-9_]*['"`]\]/gi,
+    /import\.meta\.env\.[A-Z_][A-Z0-9_]*/gi,
+    /Deno\.env\.get\s*\(\s*['"`][A-Z_][A-Z0-9_]*['"`]\s*\)/gi,
+    /os\.environ\[['"`][A-Z_][A-Z0-9_]*['"`]\]/gi,
+    /os\.getenv\s*\(\s*['"`][A-Z_][A-Z0-9_]*['"`]\s*\)/gi,
+    /ENV\[['"`][A-Z_][A-Z0-9_]*['"`]\]/gi,
+    /\$\{[A-Z_][A-Z0-9_]*\}/gi,
+];
+export const SECRET_MANAGER_PATTERNS = [
+    /SecretsManager/gi,
+    /SecretManagerServiceClient/gi,
+    /getSecretValue/gi,
+    /secretsmanager/gi,
+    /aws-sdk.*secrets/gi,
+    /@aws-sdk\/client-secrets-manager/gi,
+    /google-cloud.*secret/gi,
+    /azure.*keyvault/gi,
+    /KeyVaultClient/gi,
+    /SecretClient/gi,
+];
+export const VAULT_PATTERNS = [
+    /hashicorp.*vault/gi,
+    /vault\.read/gi,
+    /vault\.write/gi,
+    /VaultClient/gi,
+    /hvac\./gi,
+    /vault-client/gi,
+    /node-vault/gi,
+    /VAULT_ADDR/gi,
+    /VAULT_TOKEN/gi,
+];
+export const KEY_ROTATION_PATTERNS = [
+    /rotateSecret/gi,
+    /keyRotation/gi,
+    /rotate.*key/gi,
+    /key.*rotation/gi,
+    /credential.*rotation/gi,
+    /rotate.*credential/gi,
+    /refreshToken/gi,
+    /renewToken/gi,
+];
+export const CREDENTIAL_STORE_PATTERNS = [
+    /CredentialStore/gi,
+    /KeychainAccess/gi,
+    /SecureStorage/gi,
+    /EncryptedSharedPreferences/gi,
+    /keytar/gi,
+    /node-keytar/gi,
+    /credential-manager/gi,
+    /windows-credential/gi,
+];
+export const CONFIG_ENCRYPTION_PATTERNS = [
+    /encryptConfig/gi,
+    /decryptConfig/gi,
+    /sealed.*secret/gi,
+    /SealedSecret/gi,
+    /sops/gi,
+    /age.*encrypt/gi,
+    /gpg.*encrypt/gi,
+    /kms.*encrypt/gi,
+];
+// Hardcoded secret patterns - these are violations
+export const HARDCODED_SECRET_PATTERNS = [
+    /['"`](?:sk|pk|api|secret|key)[-_]?[a-zA-Z0-9]{20,}['"`]/gi,
+    /['"`][a-zA-Z0-9+/]{40,}={0,2}['"`]/gi, // Base64 encoded secrets
+    /password\s*[=:]\s*['"`][^'"`]{8,}['"`]/gi,
+    /secret\s*[=:]\s*['"`][^'"`]{8,}['"`]/gi,
+    /apiKey\s*[=:]\s*['"`][^'"`]{16,}['"`]/gi,
+    /api_key\s*[=:]\s*['"`][^'"`]{16,}['"`]/gi,
+    /privateKey\s*[=:]\s*['"`][^'"`]{20,}['"`]/gi,
+    /private_key\s*[=:]\s*['"`][^'"`]{20,}['"`]/gi,
+];
+export const HARDCODED_API_KEY_PATTERNS = [
+    /['"`]AIza[0-9A-Za-z-_]{35}['"`]/gi, // Google API key
+    /['"`]AKIA[0-9A-Z]{16}['"`]/gi, // AWS Access Key
+    /['"`]sk-[a-zA-Z0-9]{48}['"`]/gi, // OpenAI API key
+    /['"`]ghp_[a-zA-Z0-9]{36}['"`]/gi, // GitHub Personal Access Token
+    /['"`]gho_[a-zA-Z0-9]{36}['"`]/gi, // GitHub OAuth Token
+    /['"`]xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}['"`]/gi, // Slack token
+    /['"`]sk_live_[a-zA-Z0-9]{24,}['"`]/gi, // Stripe live key
+    /['"`]sk_test_[a-zA-Z0-9]{24,}['"`]/gi, // Stripe test key
+    /['"`]SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}['"`]/gi, // SendGrid API key
+];
+export const HARDCODED_PASSWORD_PATTERNS = [
+    /password\s*[=:]\s*['"`](?!process\.env|import\.meta\.env|\$\{)[^'"`]{4,}['"`]/gi,
+    /passwd\s*[=:]\s*['"`](?!process\.env|import\.meta\.env|\$\{)[^'"`]{4,}['"`]/gi,
+    /pwd\s*[=:]\s*['"`](?!process\.env|import\.meta\.env|\$\{)[^'"`]{4,}['"`]/gi,
+    /DB_PASSWORD\s*[=:]\s*['"`](?!process\.env|import\.meta\.env|\$\{)[^'"`]{4,}['"`]/gi,
+    /DATABASE_PASSWORD\s*[=:]\s*['"`](?!process\.env|import\.meta\.env|\$\{)[^'"`]{4,}['"`]/gi,
+];
+export const HARDCODED_TOKEN_PATTERNS = [
+    /token\s*[=:]\s*['"`](?!process\.env|import\.meta\.env|\$\{)[a-zA-Z0-9_-]{20,}['"`]/gi,
+    /bearer\s+[a-zA-Z0-9_-]{20,}/gi,
+    /authorization\s*[=:]\s*['"`]Bearer\s+[a-zA-Z0-9_-]{20,}['"`]/gi,
+    /jwt\s*[=:]\s*['"`]eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+['"`]/gi,
+];
+export const EXPOSED_CREDENTIAL_PATTERNS = [
+    /console\.log\s*\([^)]*(?:password|secret|token|apiKey|api_key|credential)/gi,
+    /console\.debug\s*\([^)]*(?:password|secret|token|apiKey|api_key|credential)/gi,
+    /logger\.[a-z]+\s*\([^)]*(?:password|secret|token|apiKey|api_key|credential)/gi,
+    /print\s*\([^)]*(?:password|secret|token|apiKey|api_key|credential)/gi,
+];
+export const INSECURE_STORAGE_PATTERNS = [
+    /localStorage\.setItem\s*\([^)]*(?:token|secret|password|apiKey|api_key)/gi,
+    /sessionStorage\.setItem\s*\([^)]*(?:token|secret|password|apiKey|api_key)/gi,
+    /document\.cookie\s*=.*(?:token|secret|password|apiKey|api_key)/gi,
+    /window\.__[A-Z_]*(?:TOKEN|SECRET|KEY)/gi,
+];
+// ============================================================================
+// Analysis Functions
+// ============================================================================
+export function shouldExcludeFile(filePath) {
+    const excludePatterns = [
+        /\.test\.[jt]sx?$/,
+        /\.spec\.[jt]sx?$/,
+        /__tests__\//,
+        /\.d\.ts$/,
+        /node_modules\//,
+        /\.min\.[jt]s$/,
+        /\.example$/,
+        /\.sample$/,
+        /\.template$/,
+    ];
+    return excludePatterns.some((p) => p.test(filePath));
+}
+export function detectEnvVariables(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of ENV_VARIABLE_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'env-variable',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    context: line.trim(),
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectSecretManager(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of SECRET_MANAGER_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                let provider = 'unknown';
+                if (/aws|secretsmanager/i.test(match[0]))
+                    provider = 'aws';
+                else if (/google|gcp/i.test(match[0]))
+                    provider = 'gcp';
+                else if (/azure|keyvault/i.test(match[0]))
+                    provider = 'azure';
+                results.push({
+                    type: 'secret-manager',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    provider,
+                    context: line.trim(),
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectVaultIntegration(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of VAULT_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'vault-integration',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    provider: 'hashicorp',
+                    context: line.trim(),
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectKeyRotation(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of KEY_ROTATION_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'key-rotation',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    context: line.trim(),
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectCredentialStore(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of CREDENTIAL_STORE_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'credential-store',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    context: line.trim(),
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectConfigEncryption(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of CONFIG_ENCRYPTION_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'config-encryption',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    context: line.trim(),
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectHardcodedSecrets(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Skip comments
+        if (/^\s*\/\/|^\s*\/\*|^\s*\*|^\s*#/.test(line))
+            continue;
+        for (const pattern of HARDCODED_SECRET_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'hardcoded-secret',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0].substring(0, 20) + '...',
+                    issue: 'Potential hardcoded secret detected',
+                    suggestedFix: 'Use environment variables or a secret manager',
+                    severity: 'critical',
+                    secretType: 'generic',
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectHardcodedApiKeys(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (/^\s*\/\/|^\s*\/\*|^\s*\*|^\s*#/.test(line))
+            continue;
+        for (const pattern of HARDCODED_API_KEY_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                let secretType = 'api-key';
+                if (/AIza/.test(match[0]))
+                    secretType = 'google-api-key';
+                else if (/AKIA/.test(match[0]))
+                    secretType = 'aws-access-key';
+                else if (/sk-/.test(match[0]))
+                    secretType = 'openai-api-key';
+                else if (/ghp_|gho_/.test(match[0]))
+                    secretType = 'github-token';
+                else if (/xox/.test(match[0]))
+                    secretType = 'slack-token';
+                else if (/sk_live|sk_test/.test(match[0]))
+                    secretType = 'stripe-key';
+                else if (/SG\./.test(match[0]))
+                    secretType = 'sendgrid-key';
+                results.push({
+                    type: 'hardcoded-api-key',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0].substring(0, 15) + '...',
+                    issue: `Hardcoded ${secretType} detected`,
+                    suggestedFix: 'Store API keys in environment variables or secret manager',
+                    severity: 'critical',
+                    secretType,
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectHardcodedPasswords(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (/^\s*\/\/|^\s*\/\*|^\s*\*|^\s*#/.test(line))
+            continue;
+        // Skip type definitions and interfaces
+        if (/:\s*string|interface\s+|type\s+/.test(line))
+            continue;
+        for (const pattern of HARDCODED_PASSWORD_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'hardcoded-password',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: '[REDACTED]',
+                    issue: 'Hardcoded password detected',
+                    suggestedFix: 'Use environment variables for passwords',
+                    severity: 'critical',
+                    secretType: 'password',
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectHardcodedTokens(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (/^\s*\/\/|^\s*\/\*|^\s*\*|^\s*#/.test(line))
+            continue;
+        for (const pattern of HARDCODED_TOKEN_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                let secretType = 'token';
+                if (/jwt|eyJ/.test(match[0]))
+                    secretType = 'jwt';
+                else if (/bearer/i.test(match[0]))
+                    secretType = 'bearer-token';
+                results.push({
+                    type: 'hardcoded-token',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0].substring(0, 15) + '...',
+                    issue: `Hardcoded ${secretType} detected`,
+                    suggestedFix: 'Tokens should be retrieved dynamically, not hardcoded',
+                    severity: 'high',
+                    secretType,
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectExposedCredentials(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of EXPOSED_CREDENTIAL_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'exposed-credential',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    issue: 'Credential may be exposed in logs',
+                    suggestedFix: 'Remove sensitive data from log statements',
+                    severity: 'high',
+                });
+            }
+        }
+    }
+    return results;
+}
+export function detectInsecureStorage(content, filePath) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of INSECURE_STORAGE_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                results.push({
+                    type: 'insecure-storage',
+                    file: filePath,
+                    line: i + 1,
+                    column: match.index + 1,
+                    matchedText: match[0],
+                    issue: 'Sensitive data stored in insecure browser storage',
+                    suggestedFix: 'Use httpOnly cookies or secure storage mechanisms',
+                    severity: 'high',
+                });
+            }
+        }
+    }
+    return results;
+}
+export function analyzeSecretManagement(content, filePath) {
+    if (shouldExcludeFile(filePath)) {
+        return {
+            patterns: [],
+            violations: [],
+            usesEnvVariables: false,
+            usesSecretManager: false,
+            usesVault: false,
+            confidence: 1.0,
+        };
+    }
+    const patterns = [
+        ...detectEnvVariables(content, filePath),
+        ...detectSecretManager(content, filePath),
+        ...detectVaultIntegration(content, filePath),
+        ...detectKeyRotation(content, filePath),
+        ...detectCredentialStore(content, filePath),
+        ...detectConfigEncryption(content, filePath),
+    ];
+    const violations = [
+        ...detectHardcodedSecrets(content, filePath),
+        ...detectHardcodedApiKeys(content, filePath),
+        ...detectHardcodedPasswords(content, filePath),
+        ...detectHardcodedTokens(content, filePath),
+        ...detectExposedCredentials(content, filePath),
+        ...detectInsecureStorage(content, filePath),
+    ];
+    const usesEnvVariables = patterns.some((p) => p.type === 'env-variable');
+    const usesSecretManager = patterns.some((p) => p.type === 'secret-manager');
+    const usesVault = patterns.some((p) => p.type === 'vault-integration');
+    let confidence = 0.7;
+    if (usesEnvVariables)
+        confidence += 0.1;
+    if (usesSecretManager || usesVault)
+        confidence += 0.15;
+    if (violations.length === 0)
+        confidence += 0.05;
+    confidence = Math.min(confidence, 0.95);
+    return {
+        patterns,
+        violations,
+        usesEnvVariables,
+        usesSecretManager,
+        usesVault,
+        confidence,
+    };
+}
+// ============================================================================
+// Detector Class
+// ============================================================================
+export class SecretManagementDetector extends RegexDetector {
+    id = 'security/secret-management';
+    name = 'Secret Management Detector';
+    description = 'Detects secret management patterns and identifies hardcoded credentials';
+    category = 'security';
+    subcategory = 'secret-management';
+    supportedLanguages = ['typescript', 'javascript', 'python'];
+    async detect(context) {
+        if (!this.supportsLanguage(context.language)) {
+            return this.createEmptyResult();
+        }
+        const analysis = analyzeSecretManagement(context.content, context.file);
+        if (analysis.patterns.length === 0 && analysis.violations.length === 0) {
+            return this.createEmptyResult();
+        }
+        return this.createResult([], [], analysis.confidence, {
+            custom: {
+                patterns: analysis.patterns,
+                violations: analysis.violations,
+                usesEnvVariables: analysis.usesEnvVariables,
+                usesSecretManager: analysis.usesSecretManager,
+                usesVault: analysis.usesVault,
+            },
+        });
+    }
+    generateQuickFix(_violation) {
+        return null;
+    }
+}
+export function createSecretManagementDetector() {
+    return new SecretManagementDetector();
+}
+//# sourceMappingURL=secret-management.js.map

package/dist/security/secret-management.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-management.js","sourceRoot":"","sources":["../../src/security/secret-management.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAsD1D,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,kCAAkC;IAClC,8CAA8C;IAC9C,uCAAuC;IACvC,yDAAyD;IACzD,6CAA6C;IAC7C,qDAAqD;IACrD,qCAAqC;IACrC,0BAA0B;CAClB,CAAC;AAEX,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,kBAAkB;IAClB,8BAA8B;IAC9B,kBAAkB;IAClB,kBAAkB;IAClB,oBAAoB;IACpB,oCAAoC;IACpC,wBAAwB;IACxB,mBAAmB;IACnB,kBAAkB;IAClB,gBAAgB;CACR,CAAC;AAEX,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,oBAAoB;IACpB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,UAAU;IACV,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,eAAe;CACP,CAAC;AAEX,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,gBAAgB;IAChB,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,wBAAwB;IACxB,sBAAsB;IACtB,gBAAgB;IAChB,cAAc;CACN,CAAC;AAEX,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,mBAAmB;IACnB,kBAAkB;IAClB,iBAAiB;IACjB,8BAA8B;IAC9B,UAAU;IACV,eAAe;IACf,sBAAsB;IACtB,sBAAsB;CACd,CAAC;AAEX,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,iBAAiB;IACjB,iBAAiB;IACjB,kBAAkB;IAClB,gBAAgB;IAChB,QAAQ;IACR,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;CACR,CAAC;AAEX,mDAAmD;AACnD,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,2DAA2D;IAC3D,sCAAsC,EAAE,yBAAyB;IACjE,0CAA0C;IAC1C,wCAAwC;IACxC,yCAAyC;IACzC,0CAA0C;IAC1C,6CAA6C;IAC7C,8CAA8C;CACtC,CAAC;AAEX,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,mCAAmC,EAAE,iBAAiB;IACtD,8BAA8B,EAAE,iBAAiB;IACjD,gCAAgC,EAAE,iBAAiB;IACnD,iCAAiC,EAAE,+BAA+B;IAClE,iCAAiC,EAAE,qBAAqB;IACxD,kEAAkE,EAAE,cAAc;IAClF,sCAAsC,EAAE,kBAAkB;IAC1D,sCAAsC,EAAE,kBAAkB;IAC1D,sDAAsD,EAAE,mBAAmB;CACnE,CAAC;AAEX,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,iFAAiF;IACjF,+EAA+E;IAC/E,4EAA4E;IAC5E,oFAAoF;IACpF,0FAA0F;CAClF,CAAC;AAEX,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,sFAAsF;IACtF,+BAA+B;IAC/B,gEAAgE;IAChE,4EAA4E;CACpE,CAAC;AAEX,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,6EAA6E;IAC7E,+EAA+E;IAC/E,+EAA+E;IAC/E,sEAAsE;CAC9D,CAAC;AAEX,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,2EAA2E;IAC3E,6EAA6E;IAC7E,kEAAkE;IAClE,yCAAyC;CACjC,CAAC;AAEX,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,MAAM,eAAe,GAAG;QACtB,kBAAkB;QAClB,kBAAkB;QAClB,aAAa;QACb,UAAU;QACV,gBAAgB;QAChB,eAAe;QACf,YAAY;QACZ,WAAW;QACX,aAAa;KACd,CAAC;IACF,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,cAAc;oBACpB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;YAC9C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,IAAI,QAAQ,GAAG,SAAS,CAAC;gBACzB,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,GAAG,KAAK,CAAC;qBACtD,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,GAAG,KAAK,CAAC;qBACnD,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,QAAQ,GAAG,OAAO,CAAC;gBAE9D,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,gBAAgB;oBACtB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,QAAQ;oBACR,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,mBAAmB;oBACzB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,QAAQ,EAAE,WAAW;oBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,cAAc;oBACpB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,kBAAkB;oBACxB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,0BAA0B,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,mBAAmB;oBACzB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,gBAAgB;QAChB,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE1D,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,kBAAkB;oBACxB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAC9C,KAAK,EAAE,qCAAqC;oBAC5C,YAAY,EAAE,+CAA+C;oBAC7D,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,SAAS;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE1D,KAAK,MAAM,OAAO,IAAI,0BAA0B,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,IAAI,UAAU,GAAG,SAAS,CAAC;gBAC3B,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,gBAAgB,CAAC;qBACpD,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,gBAAgB,CAAC;qBACzD,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,gBAAgB,CAAC;qBACxD,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,cAAc,CAAC;qBAC5D,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,aAAa,CAAC;qBACrD,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,YAAY,CAAC;qBAChE,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,cAAc,CAAC;gBAE5D,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,mBAAmB;oBACzB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAC9C,KAAK,EAAE,aAAa,UAAU,WAAW;oBACzC,YAAY,EAAE,2DAA2D;oBACzE,QAAQ,EAAE,UAAU;oBACpB,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAC1D,uCAAuC;QACvC,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE3D,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,oBAAoB;oBAC1B,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,YAAY;oBACzB,KAAK,EAAE,6BAA6B;oBACpC,YAAY,EAAE,yCAAyC;oBACvD,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,UAAU;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE1D,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;YAC/C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,IAAI,UAAU,GAAG,OAAO,CAAC;gBACzB,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,KAAK,CAAC;qBAC5C,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,UAAU,GAAG,cAAc,CAAC;gBAE/D,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAC9C,KAAK,EAAE,aAAa,UAAU,WAAW;oBACzC,YAAY,EAAE,uDAAuD;oBACrE,QAAQ,EAAE,MAAM;oBAChB,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,oBAAoB;oBAC1B,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,KAAK,EAAE,mCAAmC;oBAC1C,YAAY,EAAE,2CAA2C;oBACzD,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,QAAgB;IAEhB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,kBAAkB;oBACxB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;oBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;oBACrB,KAAK,EAAE,mDAAmD;oBAC1D,YAAY,EAAE,mDAAmD;oBACjE,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,OAAe,EACf,QAAgB;IAEhB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,EAAE;YACd,gBAAgB,EAAE,KAAK;YACvB,iBAAiB,EAAE,KAAK;YACxB,SAAS,EAAE,KAAK;YAChB,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAwB;QACpC,GAAG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC;QACxC,GAAG,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC;QACzC,GAAG,sBAAsB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC5C,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC;QACvC,GAAG,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC3C,GAAG,sBAAsB,CAAC,OAAO,EAAE,QAAQ,CAAC;KAC7C,CAAC;IAEF,MAAM,UAAU,GAA0B;QACxC,GAAG,sBAAsB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC5C,GAAG,sBAAsB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC5C,GAAG,wBAAwB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC9C,GAAG,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC3C,GAAG,wBAAwB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAC9C,GAAG,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC;KAC5C,CAAC;IAEF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC;IACzE,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC;IAEvE,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,IAAI,gBAAgB;QAAE,UAAU,IAAI,GAAG,CAAC;IACxC,IAAI,iBAAiB,IAAI,SAAS;QAAE,UAAU,IAAI,IAAI,CAAC;IACvD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,UAAU,IAAI,IAAI,CAAC;IAChD,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAExC,OAAO;QACL,QAAQ;QACR,UAAU;QACV,gBAAgB;QAChB,iBAAiB;QACjB,SAAS;QACT,UAAU;KACX,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,MAAM,OAAO,wBAAyB,SAAQ,aAAa;IAChD,EAAE,GAAG,4BAA4B,CAAC;IAClC,IAAI,GAAG,4BAA4B,CAAC;IACpC,WAAW,GAClB,yEAAyE,CAAC;IACnE,QAAQ,GAAoB,UAAU,CAAC;IACvC,WAAW,GAAG,mBAAmB,CAAC;IAClC,kBAAkB,GAAe,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAEjF,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAExE,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvE,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,UAAU,EAAE;YACpD,MAAM,EAAE;gBACN,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;gBAC3C,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;gBAC7C,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B;SACF,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,UAAqB;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,8BAA8B;IAC5C,OAAO,IAAI,wBAAwB,EAAE,CAAC;AACxC,CAAC"}

package/dist/security/sql-injection.d.ts

@@ -0,0 +1,76 @@
+/**
+ * SQL Injection Detector - SQL injection vulnerability detection
+ *
+ * Detects SQL injection prevention patterns including:
+ * - Parameterized queries (prepared statements)
+ * - ORM usage (Prisma, TypeORM, Sequelize)
+ * - Query builder patterns
+ * - String concatenation violations
+ * - Template literal SQL violations
+ *
+ * @requirements 16.2 - SQL injection prevention patterns
+ */
+import type { Violation, QuickFix, PatternCategory, Language } from 'driftdetect-core';
+import { RegexDetector } from '../base/regex-detector.js';
+import type { DetectionContext, DetectionResult } from '../base/base-detector.js';
+export type SQLInjectionPatternType = 'parameterized-query' | 'prepared-statement' | 'orm-query' | 'query-builder' | 'escape-function' | 'tagged-template';
+export type SQLInjectionViolationType = 'string-concatenation' | 'template-literal-injection' | 'dynamic-query' | 'raw-sql-with-input';
+export interface SQLInjectionPatternInfo {
+    type: SQLInjectionPatternType;
+    file: string;
+    line: number;
+    column: number;
+    matchedText: string;
+    queryType?: string | undefined;
+    context?: string | undefined;
+}
+export interface SQLInjectionViolationInfo {
+    type: SQLInjectionViolationType;
+    file: string;
+    line: number;
+    column: number;
+    matchedText: string;
+    issue: string;
+    suggestedFix?: string | undefined;
+    severity: 'high' | 'medium' | 'low';
+}
+export interface SQLInjectionAnalysis {
+    patterns: SQLInjectionPatternInfo[];
+    violations: SQLInjectionViolationInfo[];
+    hasParameterizedQueries: boolean;
+    usesORM: boolean;
+    hasViolations: boolean;
+    confidence: number;
+}
+export declare const PARAMETERIZED_QUERY_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const PREPARED_STATEMENT_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const ORM_QUERY_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const QUERY_BUILDER_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const ESCAPE_FUNCTION_PATTERNS: readonly [RegExp, RegExp, RegExp];
+export declare const TAGGED_TEMPLATE_PATTERNS: readonly [RegExp, RegExp, RegExp];
+export declare const STRING_CONCAT_VIOLATION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+export declare const TEMPLATE_LITERAL_VIOLATION_PATTERNS: readonly [RegExp];
+export declare const RAW_SQL_WITH_INPUT_PATTERNS: readonly [RegExp, RegExp];
+export declare function shouldExcludeFile(filePath: string): boolean;
+export declare function detectParameterizedQueries(content: string, filePath: string): SQLInjectionPatternInfo[];
+export declare function detectPreparedStatements(content: string, filePath: string): SQLInjectionPatternInfo[];
+export declare function detectORMQueries(content: string, filePath: string): SQLInjectionPatternInfo[];
+export declare function detectQueryBuilders(content: string, filePath: string): SQLInjectionPatternInfo[];
+export declare function detectEscapeFunctions(content: string, filePath: string): SQLInjectionPatternInfo[];
+export declare function detectTaggedTemplates(content: string, filePath: string): SQLInjectionPatternInfo[];
+export declare function detectStringConcatViolations(content: string, filePath: string): SQLInjectionViolationInfo[];
+export declare function detectTemplateLiteralViolations(content: string, filePath: string): SQLInjectionViolationInfo[];
+export declare function detectRawSQLViolations(content: string, filePath: string): SQLInjectionViolationInfo[];
+export declare function analyzeSQLInjection(content: string, filePath: string): SQLInjectionAnalysis;
+export declare class SQLInjectionDetector extends RegexDetector {
+    readonly id = "security/sql-injection";
+    readonly name = "SQL Injection Detector";
+    readonly description = "Detects SQL injection prevention patterns and identifies potential vulnerabilities";
+    readonly category: PatternCategory;
+    readonly subcategory = "sql-injection";
+    readonly supportedLanguages: Language[];
+    detect(context: DetectionContext): Promise<DetectionResult>;
+    generateQuickFix(_violation: Violation): QuickFix | null;
+}
+export declare function createSQLInjectionDetector(): SQLInjectionDetector;
+//# sourceMappingURL=sql-injection.d.ts.map

package/dist/security/sql-injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sql-injection.d.ts","sourceRoot":"","sources":["../../src/security/sql-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACvF,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAMlF,MAAM,MAAM,uBAAuB,GAC/B,qBAAqB,GACrB,oBAAoB,GACpB,WAAW,GACX,eAAe,GACf,iBAAiB,GACjB,iBAAiB,CAAC;AAEtB,MAAM,MAAM,yBAAyB,GACjC,sBAAsB,GACtB,4BAA4B,GAC5B,eAAe,GACf,oBAAoB,CAAC;AAEzB,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,uBAAuB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,yBAAyB,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACrC;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,uBAAuB,EAAE,CAAC;IACpC,UAAU,EAAE,yBAAyB,EAAE,CAAC;IACxC,uBAAuB,EAAE,OAAO,CAAC;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,eAAO,MAAM,4BAA4B,2GAe/B,CAAC;AAEX,eAAO,MAAM,2BAA2B,2DAO9B,CAAC;AAEX,eAAO,MAAM,kBAAkB,mIAkBrB,CAAC;AAEX,eAAO,MAAM,sBAAsB,mDAMzB,CAAC;AAEX,eAAO,MAAM,wBAAwB,mCAI3B,CAAC;AAEX,eAAO,MAAM,wBAAwB,mCAI3B,CAAC;AAEX,eAAO,MAAM,gCAAgC,mDAQnC,CAAC;AAEX,eAAO,MAAM,mCAAmC,mBAEtC,CAAC;AAEX,eAAO,MAAM,2BAA2B,2BAG9B,CAAC;AAMX,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAU3D;AAED,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,uBAAuB,EAAE,CAuB3B;AAED,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,uBAAuB,EAAE,CAuB3B;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,uBAAuB,EAAE,CAuB3B;AAED,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,uBAAuB,EAAE,CAuB3B;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,uBAAuB,EAAE,CAuB3B;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,uBAAuB,EAAE,CAuB3B;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,yBAAyB,EAAE,CAyB7B;AAED,wBAAgB,+BAA+B,CAC7C,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,yBAAyB,EAAE,CAyB7B;AAED,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,yBAAyB,EAAE,CAyB7B;AAED,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,oBAAoB,CA6CtB;AAMD,qBAAa,oBAAqB,SAAQ,aAAa;IACrD,QAAQ,CAAC,EAAE,4BAA4B;IACvC,QAAQ,CAAC,IAAI,4BAA4B;IACzC,QAAQ,CAAC,WAAW,wFACmE;IACvF,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAc;IAChD,QAAQ,CAAC,WAAW,mBAAmB;IACvC,QAAQ,CAAC,kBAAkB,EAAE,QAAQ,EAAE,CAA0C;IAE3E,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAsBjE,gBAAgB,CAAC,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,IAAI;CAGzD;AAED,wBAAgB,0BAA0B,IAAI,oBAAoB,CAEjE"}