eslint-plugin-secure-coding 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +196 -0
- package/CHANGELOG.md +105 -0
- package/LICENSE +23 -0
- package/README.md +377 -0
- package/package.json +80 -0
- package/src/index.d.ts +32 -0
- package/src/index.js +345 -0
- package/src/index.js.map +1 -0
- package/src/rules/security/database-injection.d.ts +13 -0
- package/src/rules/security/database-injection.js +407 -0
- package/src/rules/security/database-injection.js.map +1 -0
- package/src/rules/security/detect-child-process.d.ts +11 -0
- package/src/rules/security/detect-child-process.js +460 -0
- package/src/rules/security/detect-child-process.js.map +1 -0
- package/src/rules/security/detect-eval-with-expression.d.ts +9 -0
- package/src/rules/security/detect-eval-with-expression.js +393 -0
- package/src/rules/security/detect-eval-with-expression.js.map +1 -0
- package/src/rules/security/detect-non-literal-fs-filename.d.ts +7 -0
- package/src/rules/security/detect-non-literal-fs-filename.js +322 -0
- package/src/rules/security/detect-non-literal-fs-filename.js.map +1 -0
- package/src/rules/security/detect-non-literal-regexp.d.ts +9 -0
- package/src/rules/security/detect-non-literal-regexp.js +387 -0
- package/src/rules/security/detect-non-literal-regexp.js.map +1 -0
- package/src/rules/security/detect-object-injection.d.ts +11 -0
- package/src/rules/security/detect-object-injection.js +411 -0
- package/src/rules/security/detect-object-injection.js.map +1 -0
- package/src/rules/security/no-buffer-overread.d.ts +14 -0
- package/src/rules/security/no-buffer-overread.js +519 -0
- package/src/rules/security/no-buffer-overread.js.map +1 -0
- package/src/rules/security/no-clickjacking.d.ts +10 -0
- package/src/rules/security/no-clickjacking.js +381 -0
- package/src/rules/security/no-clickjacking.js.map +1 -0
- package/src/rules/security/no-directive-injection.d.ts +12 -0
- package/src/rules/security/no-directive-injection.js +446 -0
- package/src/rules/security/no-directive-injection.js.map +1 -0
- package/src/rules/security/no-document-cookie.d.ts +5 -0
- package/src/rules/security/no-document-cookie.js +90 -0
- package/src/rules/security/no-document-cookie.js.map +1 -0
- package/src/rules/security/no-electron-security-issues.d.ts +10 -0
- package/src/rules/security/no-electron-security-issues.js +421 -0
- package/src/rules/security/no-electron-security-issues.js.map +1 -0
- package/src/rules/security/no-exposed-sensitive-data.d.ts +11 -0
- package/src/rules/security/no-exposed-sensitive-data.js +341 -0
- package/src/rules/security/no-exposed-sensitive-data.js.map +1 -0
- package/src/rules/security/no-format-string-injection.d.ts +17 -0
- package/src/rules/security/no-format-string-injection.js +653 -0
- package/src/rules/security/no-format-string-injection.js.map +1 -0
- package/src/rules/security/no-graphql-injection.d.ts +12 -0
- package/src/rules/security/no-graphql-injection.js +410 -0
- package/src/rules/security/no-graphql-injection.js.map +1 -0
- package/src/rules/security/no-hardcoded-credentials.d.ts +26 -0
- package/src/rules/security/no-hardcoded-credentials.js +377 -0
- package/src/rules/security/no-hardcoded-credentials.js.map +1 -0
- package/src/rules/security/no-improper-sanitization.d.ts +12 -0
- package/src/rules/security/no-improper-sanitization.js +408 -0
- package/src/rules/security/no-improper-sanitization.js.map +1 -0
- package/src/rules/security/no-improper-type-validation.d.ts +10 -0
- package/src/rules/security/no-improper-type-validation.js +420 -0
- package/src/rules/security/no-improper-type-validation.js.map +1 -0
- package/src/rules/security/no-insecure-comparison.d.ts +7 -0
- package/src/rules/security/no-insecure-comparison.js +125 -0
- package/src/rules/security/no-insecure-comparison.js.map +1 -0
- package/src/rules/security/no-insecure-cookie-settings.d.ts +9 -0
- package/src/rules/security/no-insecure-cookie-settings.js +305 -0
- package/src/rules/security/no-insecure-cookie-settings.js.map +1 -0
- package/src/rules/security/no-insecure-jwt.d.ts +10 -0
- package/src/rules/security/no-insecure-jwt.js +338 -0
- package/src/rules/security/no-insecure-jwt.js.map +1 -0
- package/src/rules/security/no-insecure-redirects.d.ts +7 -0
- package/src/rules/security/no-insecure-redirects.js +215 -0
- package/src/rules/security/no-insecure-redirects.js.map +1 -0
- package/src/rules/security/no-insufficient-postmessage-validation.d.ts +14 -0
- package/src/rules/security/no-insufficient-postmessage-validation.js +390 -0
- package/src/rules/security/no-insufficient-postmessage-validation.js.map +1 -0
- package/src/rules/security/no-insufficient-random.d.ts +9 -0
- package/src/rules/security/no-insufficient-random.js +207 -0
- package/src/rules/security/no-insufficient-random.js.map +1 -0
- package/src/rules/security/no-ldap-injection.d.ts +10 -0
- package/src/rules/security/no-ldap-injection.js +449 -0
- package/src/rules/security/no-ldap-injection.js.map +1 -0
- package/src/rules/security/no-missing-authentication.d.ts +13 -0
- package/src/rules/security/no-missing-authentication.js +322 -0
- package/src/rules/security/no-missing-authentication.js.map +1 -0
- package/src/rules/security/no-missing-cors-check.d.ts +9 -0
- package/src/rules/security/no-missing-cors-check.js +449 -0
- package/src/rules/security/no-missing-cors-check.js.map +1 -0
- package/src/rules/security/no-missing-csrf-protection.d.ts +11 -0
- package/src/rules/security/no-missing-csrf-protection.js +183 -0
- package/src/rules/security/no-missing-csrf-protection.js.map +1 -0
- package/src/rules/security/no-missing-security-headers.d.ts +7 -0
- package/src/rules/security/no-missing-security-headers.js +217 -0
- package/src/rules/security/no-missing-security-headers.js.map +1 -0
- package/src/rules/security/no-privilege-escalation.d.ts +13 -0
- package/src/rules/security/no-privilege-escalation.js +321 -0
- package/src/rules/security/no-privilege-escalation.js.map +1 -0
- package/src/rules/security/no-redos-vulnerable-regex.d.ts +7 -0
- package/src/rules/security/no-redos-vulnerable-regex.js +307 -0
- package/src/rules/security/no-redos-vulnerable-regex.js.map +1 -0
- package/src/rules/security/no-sensitive-data-exposure.d.ts +11 -0
- package/src/rules/security/no-sensitive-data-exposure.js +251 -0
- package/src/rules/security/no-sensitive-data-exposure.js.map +1 -0
- package/src/rules/security/no-sql-injection.d.ts +10 -0
- package/src/rules/security/no-sql-injection.js +332 -0
- package/src/rules/security/no-sql-injection.js.map +1 -0
- package/src/rules/security/no-timing-attack.d.ts +10 -0
- package/src/rules/security/no-timing-attack.js +358 -0
- package/src/rules/security/no-timing-attack.js.map +1 -0
- package/src/rules/security/no-toctou-vulnerability.d.ts +7 -0
- package/src/rules/security/no-toctou-vulnerability.js +165 -0
- package/src/rules/security/no-toctou-vulnerability.js.map +1 -0
- package/src/rules/security/no-unchecked-loop-condition.d.ts +12 -0
- package/src/rules/security/no-unchecked-loop-condition.js +635 -0
- package/src/rules/security/no-unchecked-loop-condition.js.map +1 -0
- package/src/rules/security/no-unencrypted-transmission.d.ts +11 -0
- package/src/rules/security/no-unencrypted-transmission.js +237 -0
- package/src/rules/security/no-unencrypted-transmission.js.map +1 -0
- package/src/rules/security/no-unescaped-url-parameter.d.ts +9 -0
- package/src/rules/security/no-unescaped-url-parameter.js +266 -0
- package/src/rules/security/no-unescaped-url-parameter.js.map +1 -0
- package/src/rules/security/no-unlimited-resource-allocation.d.ts +12 -0
- package/src/rules/security/no-unlimited-resource-allocation.js +659 -0
- package/src/rules/security/no-unlimited-resource-allocation.js.map +1 -0
- package/src/rules/security/no-unsafe-deserialization.d.ts +10 -0
- package/src/rules/security/no-unsafe-deserialization.js +501 -0
- package/src/rules/security/no-unsafe-deserialization.js.map +1 -0
- package/src/rules/security/no-unsafe-dynamic-require.d.ts +5 -0
- package/src/rules/security/no-unsafe-dynamic-require.js +107 -0
- package/src/rules/security/no-unsafe-dynamic-require.js.map +1 -0
- package/src/rules/security/no-unsafe-regex-construction.d.ts +9 -0
- package/src/rules/security/no-unsafe-regex-construction.js +292 -0
- package/src/rules/security/no-unsafe-regex-construction.js.map +1 -0
- package/src/rules/security/no-unsanitized-html.d.ts +9 -0
- package/src/rules/security/no-unsanitized-html.js +347 -0
- package/src/rules/security/no-unsanitized-html.js.map +1 -0
- package/src/rules/security/no-unvalidated-user-input.d.ts +9 -0
- package/src/rules/security/no-unvalidated-user-input.js +418 -0
- package/src/rules/security/no-unvalidated-user-input.js.map +1 -0
- package/src/rules/security/no-weak-crypto.d.ts +11 -0
- package/src/rules/security/no-weak-crypto.js +350 -0
- package/src/rules/security/no-weak-crypto.js.map +1 -0
- package/src/rules/security/no-weak-password-recovery.d.ts +12 -0
- package/src/rules/security/no-weak-password-recovery.js +401 -0
- package/src/rules/security/no-weak-password-recovery.js.map +1 -0
- package/src/rules/security/no-xpath-injection.d.ts +10 -0
- package/src/rules/security/no-xpath-injection.js +487 -0
- package/src/rules/security/no-xpath-injection.js.map +1 -0
- package/src/rules/security/no-xxe-injection.d.ts +7 -0
- package/src/rules/security/no-xxe-injection.js +270 -0
- package/src/rules/security/no-xxe-injection.js.map +1 -0
- package/src/rules/security/no-zip-slip.d.ts +9 -0
- package/src/rules/security/no-zip-slip.js +446 -0
- package/src/rules/security/no-zip-slip.js.map +1 -0
- package/src/types/index.d.ts +131 -0
- package/src/types/index.js +18 -0
- package/src/types/index.js.map +1 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-unlimited-resource-allocation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unlimited-resource-allocation.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAkCrB,QAAA,6BAA6B,GAAG,IAAA,0BAAU,EAA0B;IAC/E,IAAI,EAAE,kCAAkC;IACxC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,4DAA4D;SAC1E;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,2BAA2B,EAAE,IAAA,gCAAgB,EAAC;gBAC5C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,+BAA+B;gBAC1C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,gCAAgC;gBACrC,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,sCAAsC;gBAC3C,iBAAiB,EAAE,gCAAgC;aACpD,CAAC;YACF,2BAA2B,EAAE,IAAA,gCAAgB,EAAC;gBAC5C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,+BAA+B;gBAC1C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,8BAA8B;gBACnC,iBAAiB,EAAE,kCAAkC;aACtD,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,8BAA8B;gBACnC,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,+BAA+B;gBAC1C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,oCAAoC;gBACzC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,yDAAyD;gBAC9D,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,mDAAmD;aACvE,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,8BAA8B;gBACzC,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,iDAAiD;gBAC9D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,6CAA6C;aACjE,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,gCAAgC;gBAC7C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,+DAA+D;aACnF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,eAAe,EAAE;wBACf,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,IAAI;wBACb,OAAO,EAAE,OAAO,EAAE,MAAM;qBACzB;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC;qBACxE;oBACD,qBAAqB,EAAE;wBACrB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,CAAC;qBACvE;oBACD,yBAAyB,EAAE;wBACzB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;qBACd;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,8DAA8D;qBAC5E;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,eAAe,EAAE,OAAO,EAAE,MAAM;YAChC,kBAAkB,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC;YAClF,qBAAqB,EAAE,CAAC,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,CAAC;YACpF,yBAAyB,EAAE,IAAI;YAC/B,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,eAAe,GAAG,OAAO,EACzB,kBAAkB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,EACnF,qBAAqB,GAAG,CAAC,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,CAAC,EACrF,yBAAyB,GAAG,IAAI,EAChC,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,UAA+B,EAAW,EAAE;YAC/D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAChD,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,iBAAiB,GAAG,CAAC,IAAsD,EAAW,EAAE;YAC5F,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO,KAAK,CAAC;YACf,CAAC;YAED,mDAAmD;YACnD,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAE7C,+BAA+B;YAC/B,OAAO,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC9B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC9B,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAChC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACrE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,YAAY,GAAG,CAAC,IAAmB,EAAW,EAAE;YACpD,IAAI,OAAO,GAA8B,IAAI,CAAC;YAE9C,OAAO,OAAO,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc;oBAC/B,OAAO,CAAC,IAAI,KAAK,gBAAgB;oBACjC,OAAO,CAAC,IAAI,KAAK,kBAAkB;oBACnC,OAAO,CAAC,IAAI,KAAK,gBAAgB;oBACjC,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACtC,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;YAC5C,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,oBAAoB,GAAG,CAAC,cAAmC,EAAiB,EAAE;YAClF,IAAI,cAAc,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,cAAc,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAClF,OAAO,cAAc,CAAC,KAAK,CAAC;YAC9B,CAAC;YAED,mDAAmD;YACnD,IAAI,cAAc,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC/C,MAAM,IAAI,GAAG,oBAAoB,CAAC,cAAc,CAAC,IAA2B,CAAC,CAAC;gBAC9E,MAAM,KAAK,GAAG,oBAAoB,CAAC,cAAc,CAAC,KAA4B,CAAC,CAAC;gBAEhF,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBACpC,QAAQ,cAAc,CAAC,QAAQ,EAAE,CAAC;wBAChC,KAAK,GAAG;4BACN,OAAO,IAAI,GAAG,KAAK,CAAC;wBACtB,KAAK,GAAG;4BACN,OAAO,IAAI,GAAG,KAAK,CAAC;wBACtB,KAAK,GAAG;4BACN,OAAO,IAAI,GAAG,KAAK,CAAC;wBACtB,KAAK,GAAG;4BACN,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;wBAC3C;4BACE,OAAO,IAAI,CAAC;oBAChB,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF,OAAO;YACL,0BAA0B;YAC1B,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAC3B,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAE9C,iEAAiE;gBACjE,MAAM,aAAa,GACjB,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ;oBAC/B,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;gBAE/E,MAAM,WAAW,GACf,MAAM,CAAC,IAAI,KAAK,eAAe;oBAC/B,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC;gBAElC,IAAI,aAAa,IAAI,WAAW,EAAE,CAAC;oBAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAExB,8DAA8D;wBAC9D,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;4BACzF,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,4BAA4B;gCACvC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBAED,+BAA+B;wBAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;wBAC9F,IAAI,aAAa,IAAI,aAAa,GAAG,eAAe,EAAE,CAAC;4BACrD,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBAED,mFAAmF;wBACnF,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC;wBACtF,MAAM,kBAAkB,GAAG,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;wBACpF,IAAI,yBAAyB,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,kBAAkB,EAAE,CAAC;4BAClG,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,uBAAuB;gCAClC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,UAA6C,CAAC;wBAEpE,oCAAoC;wBACpC,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAmC,EAAW,EAAE;4BACjF,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCAC/D,OAAO,KAAK,CAAC;4BACf,CAAC;4BAED,iDAAiD;4BACjD,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,UAAU;gCAAE,OAAO,IAAI,CAAC;4BAE9C,gBAAgB;4BAChB,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gCACzE,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAC/B,CAAC,SAAwC,EAAkC,EAAE,CAC3E,SAAS,CAAC,IAAI,KAAK,UAAU;oCAC7B,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;oCACnC,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,UAAU,CACpC,CAAC;4BACJ,CAAC;4BAED,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC,CAAC;wBAEH,IAAI,CAAC,cAAc,EAAE,CAAC;4BACpB,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,yBAAyB;gCACpC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBACD,OAAO;gBACT,CAAC;gBAED,0BAA0B;gBAC1B,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI;oBAC3B,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,CAAC,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAE9F,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpB,uEAAuE;wBACvE,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBACxB,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7D,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,yBAAyB;gCACpC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,8CAA8C;gBAC9C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBACxB,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7D,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,oCAAoC;gBACpC,kEAAkE;gBAClE,IAAI,MAAM,CAAC,IAAI,KAAK,eAAe;oBAC/B,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAEnC,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC;oBAC9B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBACxB,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7D,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,oBAAoB;gBAEpB,iDAAiD;gBACjD,8DAA8D;gBAC9D,+CAA+C;gBAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtE,qCAAqC;oBACrC,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,yBAAyB;wBACpC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;gBACL,CAAC;gBAED,iCAAiC;gBACjC,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACxE,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,2BAA2B;wBACtC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;gBACL,CAAC;gBAID,wCAAwC;gBACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;oBACpF,6DAA6D;oBAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBACzB,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;wBAC/C,IAAI,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACvE,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACjE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpB,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAC5B,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;wBACrD,mEAAmE;wBACnE,IAAI,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;4BACzE,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,oBAAoB;gBAEpB,6CAA6C;gBAC7C,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBAE9C,oCAAoC;oBACpC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC5B,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC5B,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC7B,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;wBAC/B,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBAErC,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,4EAA4E;wBAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;wBAC3B,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,sBAAsB;4BAChD,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;4BACvC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;4BAC7C,8DAA8D;4BAC9D,OAAO;wBACT,CAAC;wBAED,iFAAiF;wBACjF,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,0BAA0B;4BACrC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,aAAa,CAAC,IAA4B;gBACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,yCAAyC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAExB,8DAA8D;wBAC9D,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;4BACzF,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,4BAA4B;gCACvC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBAED,+BAA+B;wBAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;wBAC9F,IAAI,aAAa,IAAI,aAAa,GAAG,eAAe,EAAE,CAAC;4BACrD,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBAED,mFAAmF;wBACnF,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC;wBACtF,MAAM,kBAAkB,GAAG,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;wBACpF,IAAI,yBAAyB,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,kBAAkB,EAAE,CAAC;4BAClG,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,uBAAuB;gCAClC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,wCAAwC;gBACxC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBACxB,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7D,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,2BAA2B;gCACtC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBAE9C,oCAAoC;oBACpC,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAC7B,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC5B,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC1B,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;wBAE/B,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,0BAA0B;4BACrC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
|
|
2
|
+
export interface Options extends SecurityRuleOptions {
|
|
3
|
+
/** Dangerous deserialization functions to detect */
|
|
4
|
+
dangerousFunctions?: string[];
|
|
5
|
+
/** Safe deserialization libraries */
|
|
6
|
+
safeLibraries?: string[];
|
|
7
|
+
/** Functions that validate input before deserialization */
|
|
8
|
+
validationFunctions?: string[];
|
|
9
|
+
}
|
|
10
|
+
export declare const noUnsafeDeserialization: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
|
|
@@ -0,0 +1,501 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.noUnsafeDeserialization = void 0;
|
|
4
|
+
const eslint_devkit_1 = require("@interlace/eslint-devkit");
|
|
5
|
+
const eslint_devkit_2 = require("@interlace/eslint-devkit");
|
|
6
|
+
const eslint_devkit_3 = require("@interlace/eslint-devkit");
|
|
7
|
+
exports.noUnsafeDeserialization = (0, eslint_devkit_1.createRule)({
|
|
8
|
+
name: 'no-unsafe-deserialization',
|
|
9
|
+
meta: {
|
|
10
|
+
type: 'problem',
|
|
11
|
+
docs: {
|
|
12
|
+
description: 'Detects unsafe deserialization of untrusted data',
|
|
13
|
+
},
|
|
14
|
+
fixable: 'code',
|
|
15
|
+
hasSuggestions: true,
|
|
16
|
+
messages: {
|
|
17
|
+
unsafeDeserialization: (0, eslint_devkit_2.formatLLMMessage)({
|
|
18
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
19
|
+
issueName: 'Unsafe Deserialization',
|
|
20
|
+
cwe: 'CWE-502',
|
|
21
|
+
description: 'Unsafe deserialization of untrusted data (incl. model/tool output)',
|
|
22
|
+
severity: '{{severity}}',
|
|
23
|
+
fix: '{{safeAlternative}} | validate model/tool output via schema and size limits',
|
|
24
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
25
|
+
}),
|
|
26
|
+
dangerousEvalUsage: (0, eslint_devkit_2.formatLLMMessage)({
|
|
27
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
28
|
+
issueName: 'Dangerous eval() Usage',
|
|
29
|
+
cwe: 'CWE-502',
|
|
30
|
+
description: 'eval() used for deserialization (code execution vulnerability)',
|
|
31
|
+
severity: 'CRITICAL',
|
|
32
|
+
fix: 'Use JSON.parse() or safe deserialization libraries',
|
|
33
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
34
|
+
}),
|
|
35
|
+
unsafeYamlParsing: (0, eslint_devkit_2.formatLLMMessage)({
|
|
36
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
37
|
+
issueName: 'Unsafe YAML Parsing',
|
|
38
|
+
cwe: 'CWE-502',
|
|
39
|
+
description: 'YAML parsing may execute code during deserialization',
|
|
40
|
+
severity: 'HIGH',
|
|
41
|
+
fix: 'Use yaml.safeLoad() or disable code execution',
|
|
42
|
+
documentationLink: 'https://www.npmjs.com/package/js-yaml#loadstr---options-',
|
|
43
|
+
}),
|
|
44
|
+
dangerousFunctionConstructor: (0, eslint_devkit_2.formatLLMMessage)({
|
|
45
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
46
|
+
issueName: 'Dangerous Function Constructor',
|
|
47
|
+
cwe: 'CWE-502',
|
|
48
|
+
description: 'Function constructor used with untrusted data',
|
|
49
|
+
severity: 'CRITICAL',
|
|
50
|
+
fix: 'Avoid Function constructor with user input',
|
|
51
|
+
documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function',
|
|
52
|
+
}),
|
|
53
|
+
untrustedDeserializationInput: (0, eslint_devkit_2.formatLLMMessage)({
|
|
54
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
55
|
+
issueName: 'Untrusted Deserialization Input',
|
|
56
|
+
cwe: 'CWE-502',
|
|
57
|
+
description: 'Deserializing untrusted input (incl. LLM/MCP responses) without validation',
|
|
58
|
+
severity: 'HIGH',
|
|
59
|
+
fix: 'Schema-validate and size-cap before deserialization; reject unknown fields',
|
|
60
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
61
|
+
}),
|
|
62
|
+
useSafeDeserializer: (0, eslint_devkit_2.formatLLMMessage)({
|
|
63
|
+
icon: eslint_devkit_2.MessageIcons.INFO,
|
|
64
|
+
issueName: 'Use Safe Deserializer',
|
|
65
|
+
description: 'Use safe deserialization libraries',
|
|
66
|
+
severity: 'LOW',
|
|
67
|
+
fix: 'Use JSON.parse, safe-json-parse, or validated libraries',
|
|
68
|
+
documentationLink: 'https://www.npmjs.com/package/safe-json-parse',
|
|
69
|
+
}),
|
|
70
|
+
validateBeforeDeserialization: (0, eslint_devkit_2.formatLLMMessage)({
|
|
71
|
+
icon: eslint_devkit_2.MessageIcons.INFO,
|
|
72
|
+
issueName: 'Validate Before Deserialization',
|
|
73
|
+
description: 'Validate input before deserialization',
|
|
74
|
+
severity: 'LOW',
|
|
75
|
+
fix: 'Implement input validation and length limits',
|
|
76
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
77
|
+
}),
|
|
78
|
+
avoidEval: (0, eslint_devkit_2.formatLLMMessage)({
|
|
79
|
+
icon: eslint_devkit_2.MessageIcons.INFO,
|
|
80
|
+
issueName: 'Avoid eval()',
|
|
81
|
+
description: 'Never use eval() for deserialization',
|
|
82
|
+
severity: 'LOW',
|
|
83
|
+
fix: 'Use JSON.parse() for data, vm.Script for code when absolutely necessary',
|
|
84
|
+
documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval',
|
|
85
|
+
}),
|
|
86
|
+
strategySafeLibraries: (0, eslint_devkit_2.formatLLMMessage)({
|
|
87
|
+
icon: eslint_devkit_2.MessageIcons.STRATEGY,
|
|
88
|
+
issueName: 'Safe Libraries Strategy',
|
|
89
|
+
description: 'Use deserialization libraries with built-in safety',
|
|
90
|
+
severity: 'LOW',
|
|
91
|
+
fix: 'Use JSON.parse, js-yaml.safeLoad, or protobuf libraries',
|
|
92
|
+
documentationLink: 'https://www.npmjs.com/package/js-yaml',
|
|
93
|
+
}),
|
|
94
|
+
strategyInputValidation: (0, eslint_devkit_2.formatLLMMessage)({
|
|
95
|
+
icon: eslint_devkit_2.MessageIcons.STRATEGY,
|
|
96
|
+
issueName: 'Input Validation Strategy',
|
|
97
|
+
description: 'Validate input before any deserialization',
|
|
98
|
+
severity: 'LOW',
|
|
99
|
+
fix: 'Implement schema validation and length limits',
|
|
100
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
101
|
+
}),
|
|
102
|
+
strategySandboxing: (0, eslint_devkit_2.formatLLMMessage)({
|
|
103
|
+
icon: eslint_devkit_2.MessageIcons.STRATEGY,
|
|
104
|
+
issueName: 'Sandboxing Strategy',
|
|
105
|
+
description: 'Execute deserialization in sandboxed environment',
|
|
106
|
+
severity: 'LOW',
|
|
107
|
+
fix: 'Use vm module or worker threads for untrusted deserialization',
|
|
108
|
+
documentationLink: 'https://nodejs.org/api/vm.html',
|
|
109
|
+
})
|
|
110
|
+
},
|
|
111
|
+
schema: [
|
|
112
|
+
{
|
|
113
|
+
type: 'object',
|
|
114
|
+
properties: {
|
|
115
|
+
dangerousFunctions: {
|
|
116
|
+
type: 'array',
|
|
117
|
+
items: { type: 'string' },
|
|
118
|
+
default: ['eval', 'Function', 'setTimeout', 'setInterval', 'unserialize', 'deserialize', 'parseUnsafe'],
|
|
119
|
+
},
|
|
120
|
+
safeLibraries: {
|
|
121
|
+
type: 'array',
|
|
122
|
+
items: { type: 'string' },
|
|
123
|
+
default: ['JSON', 'safe-json-parse', 'js-yaml.safeLoad', 'protobuf', 'msgpack'],
|
|
124
|
+
},
|
|
125
|
+
validationFunctions: {
|
|
126
|
+
type: 'array',
|
|
127
|
+
items: { type: 'string' },
|
|
128
|
+
default: ['validateInput', 'sanitizeData', 'checkSchema', 'validateSchema'],
|
|
129
|
+
},
|
|
130
|
+
trustedSanitizers: {
|
|
131
|
+
type: 'array',
|
|
132
|
+
items: { type: 'string' },
|
|
133
|
+
default: [],
|
|
134
|
+
description: 'Additional function names to consider as safe deserializers',
|
|
135
|
+
},
|
|
136
|
+
trustedAnnotations: {
|
|
137
|
+
type: 'array',
|
|
138
|
+
items: { type: 'string' },
|
|
139
|
+
default: [],
|
|
140
|
+
description: 'Additional JSDoc annotations to consider as safe markers',
|
|
141
|
+
},
|
|
142
|
+
strictMode: {
|
|
143
|
+
type: 'boolean',
|
|
144
|
+
default: false,
|
|
145
|
+
description: 'Disable all false positive detection (strict mode)',
|
|
146
|
+
},
|
|
147
|
+
},
|
|
148
|
+
additionalProperties: false,
|
|
149
|
+
},
|
|
150
|
+
],
|
|
151
|
+
},
|
|
152
|
+
defaultOptions: [
|
|
153
|
+
{
|
|
154
|
+
dangerousFunctions: ['eval', 'Function', 'setTimeout', 'setInterval', 'unserialize', 'deserialize', 'parseUnsafe'],
|
|
155
|
+
safeLibraries: ['JSON', 'safe-json-parse', 'js-yaml.safeLoad', 'protobuf', 'msgpack'],
|
|
156
|
+
validationFunctions: ['validateInput', 'sanitizeData', 'checkSchema', 'validateSchema'],
|
|
157
|
+
trustedSanitizers: [],
|
|
158
|
+
trustedAnnotations: [],
|
|
159
|
+
strictMode: false,
|
|
160
|
+
},
|
|
161
|
+
],
|
|
162
|
+
create(context) {
|
|
163
|
+
const options = context.options[0] || {};
|
|
164
|
+
const { dangerousFunctions = ['eval', 'Function', 'setTimeout', 'setInterval', 'unserialize', 'deserialize', 'parseUnsafe'], validationFunctions = ['validateInput', 'sanitizeData', 'checkSchema', 'validateSchema'], trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
|
|
165
|
+
const sourceCode = context.sourceCode || context.sourceCode;
|
|
166
|
+
const filename = context.filename || context.getFilename();
|
|
167
|
+
// Create safety checker for false positive detection
|
|
168
|
+
const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
|
|
169
|
+
trustedSanitizers,
|
|
170
|
+
trustedAnnotations,
|
|
171
|
+
trustedOrmPatterns: [],
|
|
172
|
+
strictMode,
|
|
173
|
+
});
|
|
174
|
+
// Track variables that have been validated/sanitized
|
|
175
|
+
const validatedVariables = new Set();
|
|
176
|
+
// Track variables that contain untrusted data
|
|
177
|
+
const untrustedVariables = new Set();
|
|
178
|
+
/**
|
|
179
|
+
* Check if this is a dangerous deserialization function
|
|
180
|
+
*/
|
|
181
|
+
const isDangerousDeserialization = (node) => {
|
|
182
|
+
const callee = node.callee;
|
|
183
|
+
// Check for dangerous function calls
|
|
184
|
+
if (callee.type === 'Identifier' && dangerousFunctions.includes(callee.name)) {
|
|
185
|
+
return true;
|
|
186
|
+
}
|
|
187
|
+
// Check for member expressions like yaml.load, serialize.unserialize
|
|
188
|
+
if (callee.type === 'MemberExpression') {
|
|
189
|
+
const memberName = callee.property.type === 'Identifier' ? callee.property.name : '';
|
|
190
|
+
const objectName = callee.object.type === 'Identifier' ? callee.object.name : '';
|
|
191
|
+
// Check dangerous methods
|
|
192
|
+
if (dangerousFunctions.includes(memberName)) {
|
|
193
|
+
return true;
|
|
194
|
+
}
|
|
195
|
+
// Check dangerous libraries
|
|
196
|
+
if (['yaml', 'js-yaml', 'node-serialize', 'serialize-javascript'].includes(objectName.toLowerCase()) &&
|
|
197
|
+
['load', 'parse', 'unserialize', 'deserialize'].includes(memberName)) {
|
|
198
|
+
return true;
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
// Check for require() calls with dangerous libraries
|
|
202
|
+
if (callee.type === 'Identifier' && callee.name === 'require') {
|
|
203
|
+
const args = node.arguments;
|
|
204
|
+
if (args.length > 0 && args[0].type === 'Literal' && typeof args[0].value === 'string') {
|
|
205
|
+
const moduleName = args[0].value.toLowerCase();
|
|
206
|
+
if (['node-serialize', 'serialize-javascript', 'yaml', 'js-yaml'].includes(moduleName)) {
|
|
207
|
+
return true;
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
return false;
|
|
212
|
+
};
|
|
213
|
+
/**
|
|
214
|
+
* Check if input comes from untrusted source
|
|
215
|
+
*/
|
|
216
|
+
const isUntrustedInput = (inputNode) => {
|
|
217
|
+
// Check for MemberExpression patterns like req.body, req.query, etc.
|
|
218
|
+
if (inputNode.type === 'MemberExpression') {
|
|
219
|
+
if (inputNode.object.type === 'Identifier' && inputNode.object.name === 'req') {
|
|
220
|
+
return true;
|
|
221
|
+
}
|
|
222
|
+
if (inputNode.object.type === 'MemberExpression' &&
|
|
223
|
+
inputNode.object.object.type === 'Identifier' &&
|
|
224
|
+
inputNode.object.object.name === 'req') {
|
|
225
|
+
return true;
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
if (inputNode.type === 'Identifier') {
|
|
229
|
+
// Check if this variable has been marked as untrusted
|
|
230
|
+
if (untrustedVariables.has(inputNode.name)) {
|
|
231
|
+
return true;
|
|
232
|
+
}
|
|
233
|
+
// Only consider variables untrusted if they actually come from req.* patterns
|
|
234
|
+
// Don't flag generic variable names like 'input', 'data', etc.
|
|
235
|
+
// unless they have been explicitly marked as untrusted
|
|
236
|
+
// Check if it comes from function parameters (these are potentially untrusted)
|
|
237
|
+
let current = inputNode;
|
|
238
|
+
while (current) {
|
|
239
|
+
if (current.type === 'FunctionDeclaration' ||
|
|
240
|
+
current.type === 'FunctionExpression' ||
|
|
241
|
+
current.type === 'ArrowFunctionExpression') {
|
|
242
|
+
const func = current;
|
|
243
|
+
if (func.params.some((param) => {
|
|
244
|
+
if (param.type === 'Identifier') {
|
|
245
|
+
return param.name === inputNode.name;
|
|
246
|
+
}
|
|
247
|
+
return false;
|
|
248
|
+
})) {
|
|
249
|
+
return true; // Function parameters are untrusted
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
current = current.parent;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
return false;
|
|
256
|
+
};
|
|
257
|
+
/**
|
|
258
|
+
* Check if input has been validated
|
|
259
|
+
*/
|
|
260
|
+
const isInputValidated = (inputNode) => {
|
|
261
|
+
let current = inputNode;
|
|
262
|
+
while (current) {
|
|
263
|
+
if (current.type === 'CallExpression' &&
|
|
264
|
+
current.callee.type === 'Identifier' &&
|
|
265
|
+
validationFunctions.includes(current.callee.name)) {
|
|
266
|
+
return true;
|
|
267
|
+
}
|
|
268
|
+
current = current.parent;
|
|
269
|
+
}
|
|
270
|
+
return false;
|
|
271
|
+
};
|
|
272
|
+
/**
|
|
273
|
+
* Check if this is a safe deserialization library
|
|
274
|
+
*/
|
|
275
|
+
const isSafeLibrary = (node) => {
|
|
276
|
+
const callee = node.callee;
|
|
277
|
+
if (callee.type === 'MemberExpression') {
|
|
278
|
+
const objectName = callee.object.type === 'Identifier' ? callee.object.name : '';
|
|
279
|
+
const memberName = callee.property.type === 'Identifier' ? callee.property.name : '';
|
|
280
|
+
// Check for safe patterns
|
|
281
|
+
if (objectName === 'JSON' && memberName === 'parse') {
|
|
282
|
+
return true;
|
|
283
|
+
}
|
|
284
|
+
if (objectName === 'yaml' && memberName === 'safeLoad') {
|
|
285
|
+
return true;
|
|
286
|
+
}
|
|
287
|
+
if (objectName === 'js-yaml' && memberName === 'safeLoad') {
|
|
288
|
+
return true;
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
return false;
|
|
292
|
+
};
|
|
293
|
+
const checkCallExpression = (node) => {
|
|
294
|
+
// 1. Check Function Constructor (NewExpression or CallExpression)
|
|
295
|
+
if ((node.type === 'NewExpression' || node.type === 'CallExpression') &&
|
|
296
|
+
node.callee.type === 'Identifier' &&
|
|
297
|
+
node.callee.name === 'Function') {
|
|
298
|
+
const args = node.arguments;
|
|
299
|
+
const hasUntrustedInput = args.some((arg) => isUntrustedInput(arg));
|
|
300
|
+
if (hasUntrustedInput) {
|
|
301
|
+
if (safetyChecker.isSafe(node, context))
|
|
302
|
+
return;
|
|
303
|
+
context.report({
|
|
304
|
+
node,
|
|
305
|
+
messageId: 'dangerousFunctionConstructor',
|
|
306
|
+
data: {
|
|
307
|
+
filePath: context.getFilename(),
|
|
308
|
+
line: String(node.loc?.start.line ?? 0),
|
|
309
|
+
severity: 'HIGH',
|
|
310
|
+
safeAlternative: 'Avoid dynamic function creation',
|
|
311
|
+
}
|
|
312
|
+
});
|
|
313
|
+
return;
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
// 2. Check CallExpressions (eval, unserialize, yaml, etc.)
|
|
317
|
+
if (isDangerousDeserialization(node)) {
|
|
318
|
+
const args = node.arguments;
|
|
319
|
+
const hasUntrustedInput = args.some((arg) => isUntrustedInput(arg));
|
|
320
|
+
// Check if explicit validation is present
|
|
321
|
+
const isSafe = isSafeLibrary(node);
|
|
322
|
+
const filename = context.getFilename();
|
|
323
|
+
if (!isSafe && hasUntrustedInput) {
|
|
324
|
+
// Basic safety check
|
|
325
|
+
const safe = safetyChecker.isSafe(node, context);
|
|
326
|
+
if (!safe) {
|
|
327
|
+
// Determine message ID
|
|
328
|
+
let messageId = 'unsafeDeserialization';
|
|
329
|
+
// Check specifically for YAML
|
|
330
|
+
const calleeText = sourceCode.getText(node.callee);
|
|
331
|
+
if (calleeText.includes('yaml') || calleeText.includes('YAML')) {
|
|
332
|
+
messageId = 'unsafeYamlParsing';
|
|
333
|
+
}
|
|
334
|
+
// Check for generic dangerous functions
|
|
335
|
+
if (node.callee.name && ['eval', 'setTimeout', 'setInterval'].includes(node.callee.name)) {
|
|
336
|
+
messageId = 'dangerousEvalUsage';
|
|
337
|
+
}
|
|
338
|
+
const reportObj = {
|
|
339
|
+
node,
|
|
340
|
+
messageId,
|
|
341
|
+
data: {
|
|
342
|
+
library: calleeText,
|
|
343
|
+
filePath: filename,
|
|
344
|
+
line: String(node.loc?.start.line ?? 0),
|
|
345
|
+
severity: 'HIGH',
|
|
346
|
+
safeAlternative: 'Use JSON.parse() or validated safe deserialization libraries',
|
|
347
|
+
}
|
|
348
|
+
};
|
|
349
|
+
if (messageId === 'dangerousEvalUsage') {
|
|
350
|
+
reportObj.suggest = [{
|
|
351
|
+
messageId: 'useSafeDeserializer',
|
|
352
|
+
fix: (fixer) => {
|
|
353
|
+
// Suggest JSON.parse
|
|
354
|
+
return fixer.replaceText(node, `JSON.parse(${sourceCode.getText(node.arguments[0])})`);
|
|
355
|
+
},
|
|
356
|
+
// Suggestion output for tests
|
|
357
|
+
output: `JSON.parse(${sourceCode.getText(node.arguments[0])})`
|
|
358
|
+
}];
|
|
359
|
+
}
|
|
360
|
+
context.report(reportObj);
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
}
|
|
364
|
+
// Check for untrusted input in potentially safe functions
|
|
365
|
+
if (isSafeLibrary(node)) {
|
|
366
|
+
const args = node.arguments;
|
|
367
|
+
const hasUntrustedInput = args.some((arg) => {
|
|
368
|
+
// Check if it's validated
|
|
369
|
+
if (arg.type === 'Identifier' && validatedVariables.has(arg.name)) {
|
|
370
|
+
return false;
|
|
371
|
+
}
|
|
372
|
+
return isUntrustedInput(arg) && !isInputValidated(arg);
|
|
373
|
+
});
|
|
374
|
+
if (hasUntrustedInput) {
|
|
375
|
+
// Even JSON.parse can be unsafe if used on complex objects that get eval'd later
|
|
376
|
+
// FALSE POSITIVE REDUCTION
|
|
377
|
+
if (safetyChecker.isSafe(node, context)) {
|
|
378
|
+
return;
|
|
379
|
+
}
|
|
380
|
+
context.report({
|
|
381
|
+
node,
|
|
382
|
+
messageId: 'untrustedDeserializationInput',
|
|
383
|
+
data: {
|
|
384
|
+
filePath: context.getFilename(),
|
|
385
|
+
line: String(node.loc?.start.line ?? 0),
|
|
386
|
+
},
|
|
387
|
+
suggest: [
|
|
388
|
+
{
|
|
389
|
+
messageId: 'validateBeforeDeserialization',
|
|
390
|
+
fix: () => null
|
|
391
|
+
},
|
|
392
|
+
],
|
|
393
|
+
});
|
|
394
|
+
}
|
|
395
|
+
}
|
|
396
|
+
};
|
|
397
|
+
return {
|
|
398
|
+
// Track variable assignments from untrusted sources
|
|
399
|
+
VariableDeclaration(node) {
|
|
400
|
+
for (const declarator of node.declarations) {
|
|
401
|
+
if (declarator.id.type === 'Identifier' && declarator.init) {
|
|
402
|
+
// Check if the initializer comes from an untrusted source
|
|
403
|
+
if (isUntrustedInput(declarator.init)) {
|
|
404
|
+
untrustedVariables.add(declarator.id.name);
|
|
405
|
+
}
|
|
406
|
+
// Check if it's assigned from fs operations or other untrusted sources
|
|
407
|
+
if (declarator.init.type === 'CallExpression') {
|
|
408
|
+
const callee = declarator.init.callee;
|
|
409
|
+
if (callee.type === 'MemberExpression' &&
|
|
410
|
+
callee.object.type === 'Identifier' &&
|
|
411
|
+
callee.object.name === 'fs' &&
|
|
412
|
+
callee.property.type === 'Identifier' &&
|
|
413
|
+
['readFile', 'readFileSync'].includes(callee.property.name)) {
|
|
414
|
+
untrustedVariables.add(declarator.id.name);
|
|
415
|
+
}
|
|
416
|
+
}
|
|
417
|
+
}
|
|
418
|
+
}
|
|
419
|
+
},
|
|
420
|
+
// Track assignment expressions
|
|
421
|
+
AssignmentExpression(node) {
|
|
422
|
+
if (node.left.type === 'Identifier' && isUntrustedInput(node.right)) {
|
|
423
|
+
untrustedVariables.add(node.left.name);
|
|
424
|
+
}
|
|
425
|
+
},
|
|
426
|
+
// Check dangerous function calls
|
|
427
|
+
CallExpression(node) {
|
|
428
|
+
checkCallExpression(node);
|
|
429
|
+
},
|
|
430
|
+
NewExpression(node) {
|
|
431
|
+
checkCallExpression(node);
|
|
432
|
+
},
|
|
433
|
+
// Check for dangerous require/import patterns
|
|
434
|
+
VariableDeclarator(node) {
|
|
435
|
+
if (!node.init) {
|
|
436
|
+
return;
|
|
437
|
+
}
|
|
438
|
+
// Track variables assigned from validation functions
|
|
439
|
+
if (node.id.type === 'Identifier' &&
|
|
440
|
+
node.init.type === 'CallExpression' &&
|
|
441
|
+
node.init.callee.type === 'Identifier' &&
|
|
442
|
+
(validationFunctions.includes(node.init.callee.name) || trustedSanitizers.includes(node.init.callee.name))) {
|
|
443
|
+
validatedVariables.add(node.id.name);
|
|
444
|
+
}
|
|
445
|
+
// Check for require/import of dangerous libraries
|
|
446
|
+
if (node.init.type === 'CallExpression' &&
|
|
447
|
+
node.init.callee.type === 'Identifier' &&
|
|
448
|
+
node.init.callee.name === 'require') {
|
|
449
|
+
const requireArg = node.init.arguments[0];
|
|
450
|
+
if (requireArg?.type === 'Literal' && typeof requireArg.value === 'string') {
|
|
451
|
+
const moduleName = requireArg.value;
|
|
452
|
+
if (['node-serialize', 'serialize-javascript', 'js-yaml', 'yaml'].includes(moduleName)) {
|
|
453
|
+
// Check if this variable is used unsafely later
|
|
454
|
+
if (node.id.type === 'Identifier') {
|
|
455
|
+
const varName = node.id.name;
|
|
456
|
+
// Look ahead to see if this library is used dangerously
|
|
457
|
+
// This is a simplified check - in practice, we'd need more sophisticated analysis
|
|
458
|
+
// Check if this variable is used unsafely later
|
|
459
|
+
if (node.id.type === 'Identifier') {
|
|
460
|
+
const variables = sourceCode.getDeclaredVariables(node);
|
|
461
|
+
for (const variable of variables) {
|
|
462
|
+
for (const reference of variable.references) {
|
|
463
|
+
const refNode = reference.identifier;
|
|
464
|
+
// Check if reference is part of a call to dangerous method
|
|
465
|
+
// e.g. serialize.unserialize()
|
|
466
|
+
if (refNode.parent && refNode.parent.type === 'MemberExpression' &&
|
|
467
|
+
refNode.parent.object === refNode) {
|
|
468
|
+
const memberExpr = refNode.parent;
|
|
469
|
+
const propertyName = memberExpr.property.type === 'Identifier' ? memberExpr.property.name : '';
|
|
470
|
+
if (['unserialize', 'deserialize', 'load', 'parse'].includes(propertyName)) {
|
|
471
|
+
const callExpr = memberExpr.parent;
|
|
472
|
+
if (callExpr && callExpr.type === 'CallExpression' && callExpr.callee === memberExpr) {
|
|
473
|
+
// FALSE POSITIVE REDUCTION
|
|
474
|
+
if (safetyChecker.isSafe(callExpr, context)) {
|
|
475
|
+
continue;
|
|
476
|
+
}
|
|
477
|
+
context.report({
|
|
478
|
+
node: callExpr,
|
|
479
|
+
messageId: 'unsafeDeserialization',
|
|
480
|
+
data: {
|
|
481
|
+
filePath: filename,
|
|
482
|
+
line: String(callExpr.loc?.start.line ?? 0),
|
|
483
|
+
severity: 'CRITICAL',
|
|
484
|
+
safeAlternative: 'Avoid using this library or use safe alternatives',
|
|
485
|
+
},
|
|
486
|
+
});
|
|
487
|
+
}
|
|
488
|
+
}
|
|
489
|
+
}
|
|
490
|
+
}
|
|
491
|
+
}
|
|
492
|
+
}
|
|
493
|
+
}
|
|
494
|
+
}
|
|
495
|
+
}
|
|
496
|
+
}
|
|
497
|
+
}
|
|
498
|
+
};
|
|
499
|
+
},
|
|
500
|
+
});
|
|
501
|
+
//# sourceMappingURL=no-unsafe-deserialization.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-unsafe-deserialization.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unsafe-deserialization.ts"],"names":[],"mappings":";;;AAoBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AA4BrB,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,kDAAkD;SAChE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,oEAAoE;gBACjF,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,6EAA6E;gBAClF,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,gEAAgE;gBAC7E,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,sDAAsD;gBACnE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,4CAA4C;gBACjD,iBAAiB,EAAE,2FAA2F;aAC/G,CAAC;YACF,6BAA6B,EAAE,IAAA,gCAAgB,EAAC;gBAC9C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iCAAiC;gBAC5C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,4EAA4E;gBACzF,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,4EAA4E;gBACjF,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,yDAAyD;gBAC9D,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,6BAA6B,EAAE,IAAA,gCAAgB,EAAC;gBAC9C,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iCAAiC;gBAC5C,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,SAAS,EAAE,IAAA,gCAAgB,EAAC;gBAC1B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,yEAAyE;gBAC9E,iBAAiB,EAAE,uFAAuF;aAC3G,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,oDAAoD;gBACjE,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,yDAAyD;gBAC9D,iBAAiB,EAAE,uCAAuC;aAC3D,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,kDAAkD;gBAC/D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,gCAAgC;aACpD,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,CAAC;qBACxG;oBACD,aAAa,EAAE;wBACb,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,UAAU,EAAE,SAAS,CAAC;qBAChF;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,CAAC;qBAC5E;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,6DAA6D;qBAC3E;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,kBAAkB,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,CAAC;YAClH,aAAa,EAAE,CAAC,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,UAAU,EAAE,SAAS,CAAC;YACrF,mBAAmB,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,CAAC;YACvF,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,CAAC,EACnH,mBAAmB,GAAG,CAAC,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,CAAC,EACxF,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH,qDAAqD;QACrD,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC7C,8CAA8C;QAC9C,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;QAE7C;;WAEG;QACH,MAAM,0BAA0B,GAAG,CAAC,IAAsD,EAAW,EAAE;YACrG,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,qCAAqC;YACrC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7E,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qEAAqE;YACrE,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAEjF,0BAA0B;gBAC1B,IAAI,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;oBAChG,CAAC,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACzE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACvF,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBAC/C,IAAI,CAAC,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBACvF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,gBAAgB,GAAG,CAAC,SAAwB,EAAW,EAAE;YAC7D,qEAAqE;YACrE,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC1C,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBAC9E,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAC5C,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBAC7C,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACpC,sDAAsD;gBACtD,IAAI,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,8EAA8E;gBAC9E,+DAA+D;gBAC/D,uDAAuD;gBAEvD,+EAA+E;gBAC/E,IAAI,OAAO,GAA8B,SAAS,CAAC;gBACnD,OAAO,OAAO,EAAE,CAAC;oBACf,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB;wBACtC,OAAO,CAAC,IAAI,KAAK,oBAAoB;wBACrC,OAAO,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;wBAC/C,MAAM,IAAI,GAAG,OAAwG,CAAC;wBACtH,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAyB,EAAE,EAAE;4BACjD,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCAChC,OAAO,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC;4BACvC,CAAC;4BACD,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC,EAAE,CAAC;4BACH,OAAO,IAAI,CAAC,CAAC,oCAAoC;wBACnD,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;gBAC5C,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,gBAAgB,GAAG,CAAC,SAAwB,EAAW,EAAE;YAC7D,IAAI,OAAO,GAA8B,SAAS,CAAC;YAEnD,OAAO,OAAO,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB;oBACjC,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACpC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;YAC5C,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,aAAa,GAAG,CAAC,IAAsD,EAAW,EAAE;YACxF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjF,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAErF,0BAA0B;gBAC1B,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;oBACpD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;oBACvD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;oBAC1D,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QACF,MAAM,mBAAmB,GAAG,CAAC,IAAsD,EAAE,EAAE;YACrF,kEAAkE;YAClE,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC;gBACjE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAElC,MAAM,IAAI,GAAsC,IAAI,CAAC,SAAS,CAAC;gBAC/D,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAW,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;gBAE7E,IAAI,iBAAiB,EAAE,CAAC;oBACrB,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC;wBAAE,OAAO;oBAEhD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,8BAA8B;wBACzC,IAAI,EAAE;4BACH,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE;4BAC/B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;4BACvC,QAAQ,EAAE,MAAM;4BAChB,eAAe,EAAE,iCAAiC;yBACpD;qBACF,CAAC,CAAC;oBACH,OAAO;gBACV,CAAC;YACL,CAAC;YAED,2DAA2D;YAC3D,IAAI,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,MAAM,IAAI,GAAsC,IAAI,CAAC,SAAS,CAAC;gBAC/D,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAW,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;gBAE7E,0CAA0C;gBAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;gBACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;gBAEvC,IAAI,CAAC,MAAM,IAAI,iBAAiB,EAAE,CAAC;oBAChC,qBAAqB;oBACrB,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAEjD,IAAI,CAAC,IAAI,EAAE,CAAC;wBACT,uBAAuB;wBACvB,IAAI,SAAS,GAAG,uBAAuB,CAAC;wBACxC,8BAA8B;wBAC9B,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBACnD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;4BAC9D,SAAS,GAAG,mBAAmB,CAAC;wBACnC,CAAC;wBAED,wCAAwC;wBACxC,IAAK,IAAI,CAAC,MAAc,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAE,IAAI,CAAC,MAAc,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC1G,SAAS,GAAG,oBAAoB,CAAC;wBACpC,CAAC;wBAED,MAAM,SAAS,GAAQ;4BACrB,IAAI;4BACJ,SAAS;4BACT,IAAI,EAAE;gCACH,OAAO,EAAE,UAAU;gCACnB,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;gCACvC,QAAQ,EAAE,MAAM;gCAChB,eAAe,EAAE,8DAA8D;6BACjF;yBACF,CAAC;wBAEF,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;4BACtC,SAAS,CAAC,OAAO,GAAG,CAAC;oCAClB,SAAS,EAAE,qBAAqB;oCAChC,GAAG,EAAE,CAAC,KAAU,EAAE,EAAE;wCACjB,qBAAqB;wCACrB,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,cAAc,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;oCAC1F,CAAC;oCACD,8BAA8B;oCAC9B,MAAM,EAAE,cAAc,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG;iCAChE,CAAC,CAAC;wBACN,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBAC7B,CAAC;gBACJ,CAAC;YACJ,CAAC;YAGC,0DAA0D;YAC1D,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,MAAM,IAAI,GAAsC,IAAI,CAAC,SAAS,CAAC;gBAC/D,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAW,EAAE;oBACnD,0BAA0B;oBAC1B,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;wBAClE,OAAO,KAAK,CAAC;oBACf,CAAC;oBACD,OAAO,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBACzD,CAAC,CAAC,CAAC;gBAEH,IAAI,iBAAiB,EAAE,CAAC;oBACtB,iFAAiF;oBACjF,2BAA2B;oBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxC,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,+BAA+B;wBAC1C,IAAI,EAAE;4BACJ,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE;4BAC/B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;wBACD,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,+BAA+B;gCAC1C,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;6BAChB;yBACF;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACL,CAAC,CAAC;QAEF,OAAO;YACL,oDAAoD;YACpD,mBAAmB,CAAC,IAAkC;gBACpD,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC3C,IAAI,UAAU,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;wBAC3D,0DAA0D;wBAC1D,IAAI,gBAAgB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;4BACtC,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;wBAC7C,CAAC;wBAED,uEAAuE;wBACvE,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;4BAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;4BACtC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;gCAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gCACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI;gCAC3B,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gCACrC,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gCAChE,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;4BAC7C,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,oBAAoB,CAAC,IAAmC;gBACtD,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,cAAc,CAAC,IAA6B;gBAC1C,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;YACD,aAAa,CAAC,IAA4B;gBACxC,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;YAED,8CAA8C;YAC9C,kBAAkB,CAAC,IAAiC;gBAClD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,OAAO;gBACT,CAAC;gBAED,qDAAqD;gBACrD,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY;oBAC7B,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB;oBACnC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACtC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC/G,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBACvC,CAAC;gBAED,kDAAkD;gBAClD,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB;oBACnC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBAExC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBAC1C,IAAI,UAAU,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBAC3E,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC;wBAEpC,IAAI,CAAC,gBAAgB,EAAE,sBAAsB,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BACvF,gDAAgD;4BAChD,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCAClC,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;gCAE7B,wDAAwD;gCACxD,kFAAkF;gCAClF,gDAAgD;gCAChD,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCAClC,MAAM,SAAS,GAAG,UAAU,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;oCACxD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;wCACjC,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;4CAC5C,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC;4CAErC,2DAA2D;4CAC3D,+BAA+B;4CAC/B,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gDAC5D,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gDACtC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;gDAClC,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gDAE/F,IAAI,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oDAC3E,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC;oDACnC,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;wDAErF,2BAA2B;wDAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;4DAC5C,SAAS;wDACX,CAAC;wDAED,OAAO,CAAC,MAAM,CAAC;4DACb,IAAI,EAAE,QAAQ;4DACd,SAAS,EAAE,uBAAuB;4DAClC,IAAI,EAAE;gEACJ,QAAQ,EAAE,QAAQ;gEAClB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;gEAC3C,QAAQ,EAAE,UAAU;gEACpB,eAAe,EAAE,mDAAmD;6DACrE;yDACF,CAAC,CAAC;oDACL,CAAC;gDACH,CAAC;4CACH,CAAC;wCACH,CAAC;oCACH,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
|