ghostpatch 1.0.0

package/dist/detectors/crypto.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from '../core/severity';
+export declare function detect(content: string, filePath: string, language: string): Finding[];
+//# sourceMappingURL=crypto.d.ts.map

package/dist/detectors/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/detectors/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,kBAAkB,CAAC;AAkFrD,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAkCrF"}

package/dist/detectors/crypto.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detect = detect;
+const severity_1 = require("../core/severity");
+const fingerprint_1 = require("../utils/fingerprint");
+const PATTERNS = [
+    {
+        id: 'CRYPTO-MD5', name: 'Weak Hash (MD5)', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-328', pattern: /(?:md5|MD5)\s*[\(.<]/,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'php', 'ruby', 'csharp', 'c', 'cpp'],
+        description: 'MD5 is cryptographically broken.', remediation: 'Use SHA-256+ for integrity, bcrypt/argon2 for passwords.',
+    },
+    {
+        id: 'CRYPTO-SHA1', name: 'Weak Hash (SHA-1)', severity: severity_1.Severity.MEDIUM, confidence: 'high',
+        cwe: 'CWE-328', pattern: /(?:sha-?1|SHA-?1)\s*[\(.<'"]/,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'php', 'ruby', 'csharp'],
+        description: 'SHA-1 is deprecated for security use.', remediation: 'Use SHA-256 or stronger.',
+    },
+    {
+        id: 'CRYPTO-WEAK-CIPHER', name: 'Weak Cipher Algorithm', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-327', pattern: /(?:createCipher(?:iv)?\s*\(\s*['"](?:des|rc4|rc2|blowfish)|DES(?:ede)?|RC4|Blowfish)\b/i,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'csharp'],
+        description: 'Weak or broken cipher algorithm.', remediation: 'Use AES-256-GCM or ChaCha20-Poly1305.',
+    },
+    {
+        id: 'CRYPTO-ECB', name: 'ECB Mode', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-327', pattern: /(?:aes.*ecb|ECB|\.ECB|mode.*ecb|ecb.*mode)/i,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'csharp'],
+        description: 'ECB mode does not provide semantic security.', remediation: 'Use GCM or CBC with HMAC.',
+    },
+    {
+        id: 'CRYPTO-MATH-RANDOM', name: 'Insecure Random (Math.random)', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-330', pattern: /Math\.random\s*\(\)/,
+        antiPattern: /(?:test|mock|sample|example|demo|shuffle|color|animation|ui|css|game|placeholder)/i,
+        languages: ['javascript', 'typescript'],
+        description: 'Math.random() is not cryptographically secure.', remediation: 'Use crypto.randomBytes() or crypto.getRandomValues().',
+    },
+    {
+        id: 'CRYPTO-HARDCODED-KEY', name: 'Hardcoded Encryption Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-321', pattern: /(?:(?:encryption|encrypt|cipher|aes|secret)[-_]?key)\s*[:=]\s*['"][^'"]{8,}['"]/i,
+        antiPattern: /(?:process\.env|os\.environ|config\.|env\[|example|placeholder|your_)/i,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'php', 'ruby', 'csharp'],
+        description: 'Hardcoded encryption key in source code.', remediation: 'Use environment variables or key management service.',
+    },
+    {
+        id: 'CRYPTO-HARDCODED-IV', name: 'Hardcoded IV/Nonce', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-329', pattern: /(?:iv|nonce|IV|NONCE)\s*[:=]\s*(?:['"][^'"]{8,}['"]|Buffer\.from\s*\(\s*['"])/,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go'],
+        description: 'Hardcoded initialization vector.', remediation: 'Generate unique random IV per encryption operation.',
+    },
+    {
+        id: 'CRYPTO-TLS-DISABLED', name: 'TLS Verification Disabled', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-295', pattern: /(?:rejectUnauthorized\s*:\s*false|verify\s*=\s*False|InsecureSkipVerify\s*:\s*true|SSL_VERIFY_NONE|check_hostname\s*=\s*False)/,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'ruby'],
+        description: 'TLS certificate verification disabled.', remediation: 'Always verify TLS certificates in production.',
+    },
+    {
+        id: 'CRYPTO-WEAK-PASS-HASH', name: 'Plain Hash for Password', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-916', pattern: /(?:createHash\s*\(\s*['"](?:md5|sha1|sha256)['"]|hashlib\.(?:md5|sha1|sha256))\s*[(.]/,
+        antiPattern: /(?:hmac|pbkdf2|checksum|file.*hash|integrity|verify)/i,
+        languages: ['javascript', 'typescript', 'python'],
+        description: 'Plain hash used for password storage.', remediation: 'Use bcrypt, scrypt, or argon2 for password hashing.',
+    },
+    {
+        id: 'CRYPTO-SMALL-KEY', name: 'Insufficient Key Length', severity: severity_1.Severity.MEDIUM, confidence: 'medium',
+        cwe: 'CWE-326', pattern: /(?:generateKeyPair|RSA|keySize|modulusLength)\s*[:(]\s*(?:512|768|1024)\b/,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'csharp'],
+        description: 'RSA key length below 2048 bits.', remediation: 'Use at least 2048-bit RSA keys.',
+    },
+    {
+        id: 'CRYPTO-HTTP', name: 'Unencrypted HTTP', severity: severity_1.Severity.MEDIUM, confidence: 'medium',
+        cwe: 'CWE-319', pattern: /['"]http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0|::1|example\.com)[^'"]+['"]/,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go', 'php', 'ruby', 'csharp'],
+        description: 'Unencrypted HTTP URL for non-local endpoint.', remediation: 'Use HTTPS for all external communications.',
+    },
+    {
+        id: 'CRYPTO-TIMING', name: 'Timing Attack Vulnerable Comparison', severity: severity_1.Severity.MEDIUM, confidence: 'low',
+        cwe: 'CWE-208', pattern: /(?:===?\s*(?:password|token|secret|apiKey|hash)|(?:password|token|secret|apiKey|hash)\s*===?)/i,
+        antiPattern: /(?:timingSafe|constantTime|hmac\.compare|secrets\.compare_digest)/i,
+        languages: ['javascript', 'typescript', 'python', 'java', 'go'],
+        description: 'String comparison for secrets vulnerable to timing attacks.', remediation: 'Use crypto.timingSafeEqual() for secret comparison.',
+    },
+];
+function detect(content, filePath, language) {
+    const findings = [];
+    const lines = content.split('\n');
+    for (const pat of PATTERNS) {
+        if (!pat.languages.includes(language))
+            continue;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (pat.pattern.test(line)) {
+                if (pat.antiPattern) {
+                    const cs = Math.max(0, i - 3);
+                    const ce = Math.min(lines.length, i + 4);
+                    const ctx = lines.slice(cs, ce).join('\n');
+                    if (pat.antiPattern.test(ctx))
+                        continue;
+                }
+                findings.push({
+                    id: `${pat.id}-${filePath}:${i + 1}`,
+                    ruleId: pat.id,
+                    title: pat.name,
+                    description: pat.description,
+                    severity: pat.severity,
+                    confidence: pat.confidence,
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippet(lines, i),
+                    cwe: pat.cwe, owasp: 'A02',
+                    remediation: pat.remediation,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)(pat.id, filePath, line.trim()),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function getSnippet(lines, index, context = 2) {
+    const start = Math.max(0, index - context);
+    const end = Math.min(lines.length, index + context + 1);
+    return lines.slice(start, end)
+        .map((l, i) => {
+        const lineNum = start + i + 1;
+        const marker = (start + i === index) ? '>' : ' ';
+        return `${marker} ${lineNum} | ${l}`;
+    }).join('\n');
+}
+//# sourceMappingURL=crypto.js.map

package/dist/detectors/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/detectors/crypto.ts"],"names":[],"mappings":";;AAkFA,wBAkCC;AApHD,+CAAqD;AACrD,sDAA2D;AAE3D,MAAM,QAAQ,GAAG;IACf;QACE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAC/F,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,sBAAsB;QAC/C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC;QACpG,WAAW,EAAE,kCAAkC,EAAE,WAAW,EAAE,0DAA0D;KACzH;IACD;QACE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,MAAe;QACpG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,8BAA8B;QACvD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC;QACxF,WAAW,EAAE,uCAAuC,EAAE,WAAW,EAAE,0BAA0B;KAC9F;IACD;QACE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAC7G,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,yFAAyF;QAClH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACzE,WAAW,EAAE,kCAAkC,EAAE,WAAW,EAAE,uCAAuC;KACtG;IACD;QACE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QACxF,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,6CAA6C;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACzE,WAAW,EAAE,8CAA8C,EAAE,WAAW,EAAE,2BAA2B;KACtG;IACD;QACE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,+BAA+B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QACrH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,qBAAqB;QAC9C,WAAW,EAAE,oFAAoF;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,WAAW,EAAE,gDAAgD,EAAE,WAAW,EAAE,uDAAuD;KACpI;IACD;QACE,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACtH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,kFAAkF;QAC3G,WAAW,EAAE,wEAAwE;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC;QACxF,WAAW,EAAE,0CAA0C,EAAE,WAAW,EAAE,sDAAsD;KAC7H;IACD;QACE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QAC7G,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,+EAA+E;QACxG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC;QAC/D,WAAW,EAAE,kCAAkC,EAAE,WAAW,EAAE,qDAAqD;KACpH;IACD;QACE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,2BAA2B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACtH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,gIAAgI;QACzJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC;QACvE,WAAW,EAAE,wCAAwC,EAAE,WAAW,EAAE,+CAA+C;KACpH;IACD;QACE,EAAE,EAAE,uBAAuB,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAClH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,uFAAuF;QAChH,WAAW,EAAE,uDAAuD;QACpE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,WAAW,EAAE,uCAAuC,EAAE,WAAW,EAAE,qDAAqD;KACzH;IACD;QACE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,QAAiB;QACjH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,2EAA2E;QACpG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACzE,WAAW,EAAE,iCAAiC,EAAE,WAAW,EAAE,iCAAiC;KAC/F;IACD;QACE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,QAAiB;QACrG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,+EAA+E;QACxG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC;QACxF,WAAW,EAAE,8CAA8C,EAAE,WAAW,EAAE,4CAA4C;KACvH;IACD;QACE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,qCAAqC,EAAE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAc;QACvH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,gGAAgG;QACzH,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC;QAC/D,WAAW,EAAE,6DAA6D,EAAE,WAAW,EAAE,qDAAqD;KAC/I;CACF,CAAC;AAEF,SAAgB,MAAM,CAAC,OAAe,EAAE,QAAgB,EAAE,QAAgB;IACxE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEhD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;oBACpB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBACzC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3C,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;wBAAE,SAAS;gBAC1C,CAAC;gBAED,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,EAAE,GAAG,CAAC,EAAE;oBACd,KAAK,EAAE,GAAG,CAAC,IAAI;oBACf,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;oBACjC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK;oBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,WAAW,EAAE,IAAA,iCAAmB,EAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,KAAa,EAAE,OAAO,GAAG,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC;SAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACZ,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,OAAO,GAAG,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClB,CAAC"}

package/dist/detectors/dependency.d.ts

@@ -0,0 +1,4 @@
+import { Finding } from '../core/severity';
+export declare function detect(content: string, filePath: string, _language: string): Finding[];
+export declare function runNpmAudit(projectDir: string): Finding[];
+//# sourceMappingURL=dependency.d.ts.map

package/dist/detectors/dependency.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../src/detectors/dependency.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,kBAAkB,CAAC;AAMrD,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,EAAE,CAiBtF;AA+JD,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,EAAE,CAwCzD"}

package/dist/detectors/dependency.js

@@ -0,0 +1,267 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detect = detect;
+exports.runNpmAudit = runNpmAudit;
+const severity_1 = require("../core/severity");
+const fingerprint_1 = require("../utils/fingerprint");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const child_process_1 = require("child_process");
+function detect(content, filePath, _language) {
+    const findings = [];
+    const basename = path.basename(filePath);
+    if (basename === 'package.json') {
+        findings.push(...checkPackageJson(content, filePath));
+    }
+    else if (basename === 'requirements.txt' || basename === 'Pipfile') {
+        findings.push(...checkPythonDeps(content, filePath));
+    }
+    else if (basename === 'pom.xml') {
+        findings.push(...checkMavenDeps(content, filePath));
+    }
+    else if (basename === 'go.mod') {
+        findings.push(...checkGoDeps(content, filePath));
+    }
+    else if (basename === 'Gemfile') {
+        findings.push(...checkRubyDeps(content, filePath));
+    }
+    return findings;
+}
+function checkPackageJson(content, filePath) {
+    const findings = [];
+    try {
+        const pkg = JSON.parse(content);
+        const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+        // Check for wildcard or latest versions
+        const lines = content.split('\n');
+        for (const [name, version] of Object.entries(allDeps)) {
+            const ver = version;
+            if (ver === '*' || ver === 'latest' || ver === '') {
+                const lineNum = findLine(lines, name);
+                findings.push({
+                    id: `DEP-WILDCARD-${filePath}:${lineNum}`,
+                    ruleId: 'DEP-WILDCARD',
+                    title: `Wildcard Dependency: ${name}`,
+                    description: `Package "${name}" uses wildcard version "${ver}". This can introduce breaking changes or vulnerabilities.`,
+                    severity: severity_1.Severity.MEDIUM,
+                    confidence: 'high',
+                    filePath, line: lineNum,
+                    codeSnippet: getSnippetFromLines(lines, lineNum - 1),
+                    cwe: 'CWE-1104', owasp: 'A06',
+                    remediation: 'Pin to a specific version range (e.g., ^1.2.3).',
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('DEP-WILDCARD', filePath, name),
+                });
+            }
+        }
+        // Check for known vulnerable packages
+        const knownVulnerable = {
+            'lodash': { maxSafe: '4.17.21', cve: 'CVE-2021-23337', desc: 'Prototype pollution in lodash' },
+            'minimist': { maxSafe: '1.2.6', cve: 'CVE-2021-44906', desc: 'Prototype pollution in minimist' },
+            'node-fetch': { maxSafe: '2.6.7', cve: 'CVE-2022-0235', desc: 'Exposure of sensitive information' },
+            'express': { maxSafe: '4.18.2', cve: 'CVE-2024-29041', desc: 'Open redirect in express' },
+            'axios': { maxSafe: '1.6.0', cve: 'CVE-2023-45857', desc: 'CSRF in axios' },
+            'jsonwebtoken': { maxSafe: '9.0.0', cve: 'CVE-2022-23529', desc: 'Insecure default algorithm' },
+        };
+        for (const [name, info] of Object.entries(knownVulnerable)) {
+            if (allDeps[name]) {
+                const lineNum = findLine(lines, name);
+                findings.push({
+                    id: `DEP-VULN-${name}-${filePath}:${lineNum}`,
+                    ruleId: 'DEP-KNOWN-VULN',
+                    title: `Potentially Vulnerable: ${name}`,
+                    description: `${info.desc} (${info.cve}). Check if version is below ${info.maxSafe}.`,
+                    severity: severity_1.Severity.MEDIUM,
+                    confidence: 'low',
+                    filePath, line: lineNum,
+                    codeSnippet: getSnippetFromLines(lines, lineNum - 1),
+                    cwe: 'CWE-1035', owasp: 'A06',
+                    remediation: `Update ${name} to version ${info.maxSafe} or later.`,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('DEP-KNOWN-VULN', filePath, name),
+                });
+            }
+        }
+    }
+    catch {
+        // Invalid JSON — skip
+    }
+    return findings;
+}
+function checkPythonDeps(content, filePath) {
+    const findings = [];
+    const lines = content.split('\n');
+    const knownVuln = {
+        'django': 'CVE-2023-46695',
+        'flask': 'CVE-2023-30861',
+        'requests': 'CVE-2023-32681',
+        'pillow': 'CVE-2023-44271',
+        'pyyaml': 'CVE-2020-14343',
+        'jinja2': 'CVE-2024-22195',
+    };
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i].trim();
+        if (!line || line.startsWith('#'))
+            continue;
+        const match = line.match(/^([a-zA-Z0-9_-]+)/);
+        if (match) {
+            const pkg = match[1].toLowerCase();
+            if (knownVuln[pkg]) {
+                findings.push({
+                    id: `DEP-PY-${pkg}-${filePath}:${i + 1}`,
+                    ruleId: 'DEP-PYTHON-VULN',
+                    title: `Check Python Package: ${pkg}`,
+                    description: `Package ${pkg} has known vulnerability ${knownVuln[pkg]}. Verify version.`,
+                    severity: severity_1.Severity.MEDIUM, confidence: 'low',
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippetFromLines(lines, i),
+                    cwe: 'CWE-1035', owasp: 'A06',
+                    remediation: `Update ${pkg} to the latest patched version.`,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('DEP-PYTHON-VULN', filePath, pkg),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function checkMavenDeps(content, filePath) {
+    const findings = [];
+    const lines = content.split('\n');
+    const knownVuln = ['log4j', 'commons-collections', 'struts', 'spring-core'];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pkg of knownVuln) {
+            if (line.includes(pkg)) {
+                findings.push({
+                    id: `DEP-MAVEN-${pkg}-${filePath}:${i + 1}`,
+                    ruleId: 'DEP-MAVEN-VULN',
+                    title: `Check Maven Dependency: ${pkg}`,
+                    description: `Package ${pkg} has a history of critical vulnerabilities. Verify version.`,
+                    severity: severity_1.Severity.MEDIUM, confidence: 'low',
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippetFromLines(lines, i),
+                    cwe: 'CWE-1035', owasp: 'A06',
+                    remediation: `Update ${pkg} to the latest patched version.`,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('DEP-MAVEN-VULN', filePath, pkg),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function checkGoDeps(content, filePath) {
+    return []; // Go module checking would require network access
+}
+function checkRubyDeps(content, filePath) {
+    const findings = [];
+    const lines = content.split('\n');
+    const knownVuln = ['rails', 'rack', 'actionpack', 'activesupport'];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pkg of knownVuln) {
+            if (line.includes(`'${pkg}'`) || line.includes(`"${pkg}"`)) {
+                findings.push({
+                    id: `DEP-RUBY-${pkg}-${filePath}:${i + 1}`,
+                    ruleId: 'DEP-RUBY-VULN',
+                    title: `Check Ruby Gem: ${pkg}`,
+                    description: `Gem ${pkg} has known vulnerabilities. Verify version.`,
+                    severity: severity_1.Severity.MEDIUM, confidence: 'low',
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippetFromLines(lines, i),
+                    cwe: 'CWE-1035', owasp: 'A06',
+                    remediation: `Update ${pkg} to the latest patched version.`,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('DEP-RUBY-VULN', filePath, pkg),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function runNpmAudit(projectDir) {
+    const findings = [];
+    try {
+        const lockPath = path.join(projectDir, 'package-lock.json');
+        if (!fs.existsSync(lockPath))
+            return findings;
+        const result = (0, child_process_1.execSync)('npm audit --json 2>/dev/null', {
+            cwd: projectDir,
+            timeout: 30000,
+            encoding: 'utf-8',
+        });
+        const audit = JSON.parse(result);
+        if (audit.vulnerabilities) {
+            for (const [name, info] of Object.entries(audit.vulnerabilities)) {
+                const severity = info.severity === 'critical' ? severity_1.Severity.CRITICAL
+                    : info.severity === 'high' ? severity_1.Severity.HIGH
+                        : info.severity === 'moderate' ? severity_1.Severity.MEDIUM
+                            : severity_1.Severity.LOW;
+                findings.push({
+                    id: `NPM-AUDIT-${name}`,
+                    ruleId: 'DEP-NPM-AUDIT',
+                    title: `Vulnerable Package: ${name}`,
+                    description: `${info.via?.[0]?.title || 'Known vulnerability'} in ${name}@${info.range || 'unknown'}`,
+                    severity, confidence: 'high',
+                    filePath: path.join(projectDir, 'package.json'),
+                    line: 1,
+                    codeSnippet: `${name}: ${info.range || 'unknown version'}`,
+                    cwe: info.via?.[0]?.cwe?.[0] || 'CWE-1035',
+                    owasp: 'A06',
+                    remediation: info.fixAvailable ? `Run: npm audit fix` : `Update ${name} manually.`,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('DEP-NPM-AUDIT', name, info.range || ''),
+                });
+            }
+        }
+    }
+    catch {
+        // npm audit failed or not available
+    }
+    return findings;
+}
+function findLine(lines, searchTerm) {
+    for (let i = 0; i < lines.length; i++) {
+        if (lines[i].includes(searchTerm))
+            return i + 1;
+    }
+    return 1;
+}
+function getSnippetFromLines(lines, index, context = 2) {
+    const start = Math.max(0, index - context);
+    const end = Math.min(lines.length, index + context + 1);
+    return lines.slice(start, end).map((l, i) => {
+        const lineNum = start + i + 1;
+        const marker = (start + i === index) ? '>' : ' ';
+        return `${marker} ${lineNum} | ${l}`;
+    }).join('\n');
+}
+//# sourceMappingURL=dependency.js.map

package/dist/detectors/dependency.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../src/detectors/dependency.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,wBAiBC;AA+JD,kCAwCC;AA9ND,+CAAqD;AACrD,sDAA2D;AAC3D,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAyC;AAEzC,SAAgB,MAAM,CAAC,OAAe,EAAE,QAAgB,EAAE,SAAiB;IACzE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEzC,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACxD,CAAC;SAAM,IAAI,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACrE,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACtD,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnD,CAAC;SAAM,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IACzD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;QAEhE,wCAAwC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,MAAM,GAAG,GAAG,OAAiB,CAAC;YAC9B,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;gBAClD,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBACtC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,gBAAgB,QAAQ,IAAI,OAAO,EAAE;oBACzC,MAAM,EAAE,cAAc;oBACtB,KAAK,EAAE,wBAAwB,IAAI,EAAE;oBACrC,WAAW,EAAE,YAAY,IAAI,4BAA4B,GAAG,4DAA4D;oBACxH,QAAQ,EAAE,mBAAQ,CAAC,MAAM;oBACzB,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,IAAI,EAAE,OAAO;oBACvB,WAAW,EAAE,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,CAAC,CAAC;oBACpD,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK;oBAC7B,WAAW,EAAE,iDAAiD;oBAC9D,WAAW,EAAE,IAAA,iCAAmB,EAAC,cAAc,EAAE,QAAQ,EAAE,IAAI,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,eAAe,GAAmE;YACtF,QAAQ,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,+BAA+B,EAAE;YAC9F,UAAU,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,iCAAiC,EAAE;YAChG,YAAY,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,mCAAmC,EAAE;YACnG,SAAS,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,0BAA0B,EAAE;YACzF,OAAO,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE;YAC3E,cAAc,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,4BAA4B,EAAE;SAChG,CAAC;QAEF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBACtC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,YAAY,IAAI,IAAI,QAAQ,IAAI,OAAO,EAAE;oBAC7C,MAAM,EAAE,gBAAgB;oBACxB,KAAK,EAAE,2BAA2B,IAAI,EAAE;oBACxC,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,GAAG,gCAAgC,IAAI,CAAC,OAAO,GAAG;oBACrF,QAAQ,EAAE,mBAAQ,CAAC,MAAM;oBACzB,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,IAAI,EAAE,OAAO;oBACvB,WAAW,EAAE,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,CAAC,CAAC;oBACpD,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK;oBAC7B,WAAW,EAAE,UAAU,IAAI,eAAe,IAAI,CAAC,OAAO,YAAY;oBAClE,WAAW,EAAE,IAAA,iCAAmB,EAAC,gBAAgB,EAAE,QAAQ,EAAE,IAAI,CAAC;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAA2B;QACxC,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,gBAAgB;QACzB,UAAU,EAAE,gBAAgB;QAC5B,QAAQ,EAAE,gBAAgB;QAC1B,QAAQ,EAAE,gBAAgB;QAC1B,QAAQ,EAAE,gBAAgB;KAC3B,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACnC,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,GAAG,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBACxC,MAAM,EAAE,iBAAiB;oBACzB,KAAK,EAAE,yBAAyB,GAAG,EAAE;oBACrC,WAAW,EAAE,WAAW,GAAG,4BAA4B,SAAS,CAAC,GAAG,CAAC,mBAAmB;oBACxF,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK;oBAC5C,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC;oBAC1C,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK;oBAC7B,WAAW,EAAE,UAAU,GAAG,iCAAiC;oBAC3D,WAAW,EAAE,IAAA,iCAAmB,EAAC,iBAAiB,EAAE,QAAQ,EAAE,GAAG,CAAC;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;IAE5E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,aAAa,GAAG,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBAC3C,MAAM,EAAE,gBAAgB;oBACxB,KAAK,EAAE,2BAA2B,GAAG,EAAE;oBACvC,WAAW,EAAE,WAAW,GAAG,6DAA6D;oBACxF,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK;oBAC5C,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC;oBAC1C,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK;oBAC7B,WAAW,EAAE,UAAU,GAAG,iCAAiC;oBAC3D,WAAW,EAAE,IAAA,iCAAmB,EAAC,gBAAgB,EAAE,QAAQ,EAAE,GAAG,CAAC;iBAClE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,QAAgB;IACpD,OAAO,EAAE,CAAC,CAAC,kDAAkD;AAC/D,CAAC;AAED,SAAS,aAAa,CAAC,OAAe,EAAE,QAAgB;IACtD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;IAEnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC3D,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,YAAY,GAAG,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBAC1C,MAAM,EAAE,eAAe;oBACvB,KAAK,EAAE,mBAAmB,GAAG,EAAE;oBAC/B,WAAW,EAAE,OAAO,GAAG,6CAA6C;oBACpE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK;oBAC5C,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC;oBAC1C,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK;oBAC7B,WAAW,EAAE,UAAU,GAAG,iCAAiC;oBAC3D,WAAW,EAAE,IAAA,iCAAmB,EAAC,eAAe,EAAE,QAAQ,EAAE,GAAG,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,WAAW,CAAC,UAAkB;IAC5C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;QAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,QAAQ,CAAC;QAE9C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,8BAA8B,EAAE;YACtD,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAoB,EAAE,CAAC;gBACpF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,mBAAQ,CAAC,QAAQ;oBAC/D,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,mBAAQ,CAAC,IAAI;wBAC1C,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,mBAAQ,CAAC,MAAM;4BAChD,CAAC,CAAC,mBAAQ,CAAC,GAAG,CAAC;gBAEjB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,aAAa,IAAI,EAAE;oBACvB,MAAM,EAAE,eAAe;oBACvB,KAAK,EAAE,uBAAuB,IAAI,EAAE;oBACpC,WAAW,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,qBAAqB,OAAO,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,SAAS,EAAE;oBACrG,QAAQ,EAAE,UAAU,EAAE,MAAM;oBAC5B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;oBAC/C,IAAI,EAAE,CAAC;oBACP,WAAW,EAAE,GAAG,IAAI,KAAK,IAAI,CAAC,KAAK,IAAI,iBAAiB,EAAE;oBAC1D,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,UAAU;oBAC1C,KAAK,EAAE,KAAK;oBACZ,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,UAAU,IAAI,YAAY;oBAClF,WAAW,EAAE,IAAA,iCAAmB,EAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;iBAC1E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAe,EAAE,UAAkB;IACnD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAe,EAAE,KAAa,EAAE,OAAO,GAAG,CAAC;IACtE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,OAAO,GAAG,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/detectors/deserialize.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from '../core/severity';
+export declare function detect(content: string, filePath: string, language: string): Finding[];
+//# sourceMappingURL=deserialize.d.ts.map

package/dist/detectors/deserialize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deserialize.d.ts","sourceRoot":"","sources":["../../src/detectors/deserialize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,kBAAkB,CAAC;AAkErD,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA6BrF"}

package/dist/detectors/deserialize.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detect = detect;
+const severity_1 = require("../core/severity");
+const fingerprint_1 = require("../utils/fingerprint");
+const PATTERNS = [
+    {
+        id: 'DESER-JS', name: 'Insecure Deserialization (JS)', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-502', languages: ['javascript', 'typescript'],
+        pattern: /(?:serialize|node-serialize|funcster|cryo)\s*\.\s*(?:unserialize|parse|deserialize)\s*\(/i,
+        description: 'Node.js deserialization of untrusted data can lead to RCE.',
+        remediation: 'Avoid native serialization. Use JSON for data exchange.',
+    },
+    {
+        id: 'DESER-YAML-JS', name: 'Unsafe YAML Loading (JS)', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-502', languages: ['javascript', 'typescript'],
+        pattern: /js-yaml\.load\s*\(/,
+        antiPattern: /(?:safeLoad|schema.*SAFE|JSON_SCHEMA|FAILSAFE)/i,
+        description: 'js-yaml.load() without safe schema can execute code.',
+        remediation: 'Use yaml.load(data, { schema: SAFE_SCHEMA }) or yaml.safeLoad().',
+    },
+    {
+        id: 'DESER-PICKLE', name: 'Insecure Deserialization (Python pickle)', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-502', languages: ['python'],
+        pattern: /(?:pickle\.loads?|cPickle\.loads?|shelve\.open|dill\.loads?)\s*\(/,
+        description: 'Python pickle deserialization enables arbitrary code execution.',
+        remediation: 'Avoid pickle for untrusted data. Use JSON or protocol buffers.',
+    },
+    {
+        id: 'DESER-YAML-PY', name: 'Unsafe YAML Loading (Python)', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-502', languages: ['python'],
+        pattern: /yaml\.(?:load|unsafe_load)\s*\(/,
+        antiPattern: /(?:safe_load|SafeLoader|Loader\s*=\s*(?:yaml\.)?SafeLoader)/,
+        description: 'yaml.load() without SafeLoader enables code execution.',
+        remediation: 'Use yaml.safe_load() or yaml.load(data, Loader=SafeLoader).',
+    },
+    {
+        id: 'DESER-JAVA', name: 'Insecure Deserialization (Java)', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-502', languages: ['java', 'kotlin'],
+        pattern: /(?:ObjectInputStream|readObject\s*\(|XMLDecoder|XStream|Kryo\.readObject|Hessian)\s*[\.(]/,
+        antiPattern: /(?:ObjectInputFilter|whitelist|allowlist|resolveClass)/i,
+        description: 'Java native deserialization enables RCE.',
+        remediation: 'Use allowlist-based ObjectInputFilter or avoid native serialization.',
+    },
+    {
+        id: 'DESER-PHP', name: 'Insecure Deserialization (PHP)', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-502', languages: ['php'],
+        pattern: /(?:unserialize|phpunserialize)\s*\(\s*\$/,
+        description: 'PHP unserialize() with user input enables object injection.',
+        remediation: 'Use json_decode() instead. If using unserialize, set allowed_classes.',
+    },
+    {
+        id: 'DESER-RUBY', name: 'Insecure Deserialization (Ruby)', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-502', languages: ['ruby'],
+        pattern: /(?:Marshal\.load|YAML\.load|Psych\.load)\s*\(/,
+        antiPattern: /(?:safe_load|permitted_classes)/i,
+        description: 'Ruby deserialization of untrusted data.',
+        remediation: 'Use YAML.safe_load or JSON.parse instead.',
+    },
+    {
+        id: 'DESER-DOTNET', name: 'Insecure Deserialization (.NET)', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-502', languages: ['csharp'],
+        pattern: /(?:BinaryFormatter|SoapFormatter|NetDataContractSerializer|ObjectStateFormatter|LosFormatter)\.Deserialize\s*\(/,
+        description: '.NET deserialization with unsafe formatters.',
+        remediation: 'Use System.Text.Json or Newtonsoft.Json instead.',
+    },
+];
+function detect(content, filePath, language) {
+    const findings = [];
+    const lines = content.split('\n');
+    for (const pat of PATTERNS) {
+        if (!pat.languages.includes(language))
+            continue;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (pat.pattern.test(line)) {
+                if (pat.antiPattern) {
+                    const cs = Math.max(0, i - 3);
+                    const ce = Math.min(lines.length, i + 4);
+                    if (pat.antiPattern.test(lines.slice(cs, ce).join('\n')))
+                        continue;
+                }
+                findings.push({
+                    id: `${pat.id}-${filePath}:${i + 1}`,
+                    ruleId: pat.id, title: pat.name, description: pat.description,
+                    severity: pat.severity, confidence: pat.confidence,
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippet(lines, i),
+                    cwe: pat.cwe, owasp: 'A08',
+                    remediation: pat.remediation,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)(pat.id, filePath, line.trim()),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function getSnippet(lines, index, context = 2) {
+    const start = Math.max(0, index - context);
+    const end = Math.min(lines.length, index + context + 1);
+    return lines.slice(start, end).map((l, i) => {
+        const lineNum = start + i + 1;
+        const marker = (start + i === index) ? '>' : ' ';
+        return `${marker} ${lineNum} | ${l}`;
+    }).join('\n');
+}
+//# sourceMappingURL=deserialize.js.map

package/dist/detectors/deserialize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deserialize.js","sourceRoot":"","sources":["../../src/detectors/deserialize.ts"],"names":[],"mappings":";;AAkEA,wBA6BC;AA/FD,+CAAqD;AACrD,sDAA2D;AAE3D,MAAM,QAAQ,GAAG;IACf;QACE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,+BAA+B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QAC/G,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvD,OAAO,EAAE,2FAA2F;QACpG,WAAW,EAAE,4DAA4D;QACzE,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAC3G,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvD,OAAO,EAAE,oBAAoB;QAC7B,WAAW,EAAE,iDAAiD;QAC9D,WAAW,EAAE,sDAAsD;QACnE,WAAW,EAAE,kEAAkE;KAChF;IACD;QACE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,0CAA0C,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QAC9H,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrC,OAAO,EAAE,mEAAmE;QAC5E,WAAW,EAAE,iEAAiE;QAC9E,WAAW,EAAE,gEAAgE;KAC9E;IACD;QACE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAC/G,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrC,OAAO,EAAE,iCAAiC;QAC1C,WAAW,EAAE,6DAA6D;QAC1E,WAAW,EAAE,wDAAwD;QACrE,WAAW,EAAE,6DAA6D;KAC3E;IACD;QACE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACnH,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;QAC7C,OAAO,EAAE,2FAA2F;QACpG,WAAW,EAAE,yDAAyD;QACtE,WAAW,EAAE,0CAA0C;QACvD,WAAW,EAAE,sEAAsE;KACpF;IACD;QACE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,gCAAgC,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACjH,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,KAAK,CAAC;QAClC,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,6DAA6D;QAC1E,WAAW,EAAE,uEAAuE;KACrF;IACD;QACE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACnH,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,MAAM,CAAC;QACnC,OAAO,EAAE,+CAA+C;QACxD,WAAW,EAAE,kCAAkC;QAC/C,WAAW,EAAE,yCAAyC;QACtD,WAAW,EAAE,2CAA2C;KACzD;IACD;QACE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACrH,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrC,OAAO,EAAE,iHAAiH;QAC1H,WAAW,EAAE,8CAA8C;QAC3D,WAAW,EAAE,kDAAkD;KAChE;CACF,CAAC;AAEF,SAAgB,MAAM,CAAC,OAAe,EAAE,QAAgB,EAAE,QAAgB;IACxE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEhD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;oBACpB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBACzC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAAE,SAAS;gBACrE,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC7D,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU;oBAClD,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;oBACjC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK;oBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,WAAW,EAAE,IAAA,iCAAmB,EAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,KAAa,EAAE,OAAO,GAAG,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,OAAO,GAAG,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/detectors/injection.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from '../core/severity';
+export declare function detect(content: string, filePath: string, language: string): Finding[];
+//# sourceMappingURL=injection.d.ts.map

package/dist/detectors/injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection.d.ts","sourceRoot":"","sources":["../../src/detectors/injection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,kBAAkB,CAAC;AAuHrD,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAwCrF"}