lean-claudient-core 0.1.0

package/dist/reporting/templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../src/reporting/templates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAoBH;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAC7C,CAAC;IACD,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,IAAU;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAChC,OAAO,GAAG,KAAK,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,MAAM,SAAS,GAAG,KAAK,IAAI,CAAC,CAAC;IAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;IAChD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AAClC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc;IAC9C,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QACf,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QACf,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,2BAA2B;IAC3B,MAAM,UAAU,GAAG,0BAA0B,CAAC;IAC9C,MAAM,SAAS,GAAG,kCAAkC,CAAC;IAErD,IAAI,UAAU,CAAC;IACf,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAElD,KAAK,MAAM,SAAS,IAAI,YAAY,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,oCAAoC;YACpC,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;QACD,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,oBAAoB;IAC/C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAAsB;IAChE,OAAO;;;;;;WAME,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,WAAW;;;;;;;;;;;;;;;;;;;;;;iCAsBV,IAAI,CAAC,UAAU;;;;;;;;eAQjC,IAAI,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;+BAyBC,IAAI,CAAC,UAAU;;;;;;;;;eAS/B,IAAI,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAiCf,IAAI,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCAuEI,IAAI,CAAC,KAAK;;UAElC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;;kCAE5C,IAAI,CAAC,WAAW;;;;;;;mCAOf,IAAI,CAAC,IAAI,EAAE,UAAU,IAAI,CAAC;;kCAE3B,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;cACxF,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,IAAI,CAAC,CAAC;;;;mCAIlF,IAAI,CAAC,IAAI,EAAE,cAAc,IAAI,CAAC;;;cAGnD,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,IAAI,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;;;;mCAIvG,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,IAAI,CAAC,CAAC;;kCAEjD,CAAC,IAAI,CAAC,MAAM,EAAE,mBAAmB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;cAC1F,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,mBAAmB,IAAI,CAAC,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,mBAAmB,IAAI,CAAC,CAAC,CAAC;;;;mCAItG,IAAI,CAAC,IAAI,EAAE,aAAa,IAAI,CAAC;;;;;;;;;QAUxD,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;;mCAEA,IAAI,CAAC,IAAI;mCACT,IAAI,CAAC,OAAO,eAAe,IAAI,CAAC,KAAK,gBAAgB,IAAI,CAAC,OAAO;;OAE7F,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,oEACf;;;MAIA,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QACrD,CAAC,CAAC;;;;UAIA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;;;KAGhE;QACG,CAAC,CAAC,EACN;;;4DAGwD,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,KAAK;4DAC1B,IAAI,CAAC,QAAQ,EAAE,aAAa,IAAI,IAAI,IAAI,EAAE,CAAC,cAAc,EAAE;0DAC7D,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,OAAO;;;;;GAKxF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAAsB;IAChE,OAAO;;;;;;WAME,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;iCA0BV,IAAI,CAAC,UAAU;;;;;;;;eAQjC,IAAI,CAAC,UAAU;;;;;;;;;;;eAWf,IAAI,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCAgDI,IAAI,CAAC,KAAK;;UAElC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;YAgBlE,IAAI,CAAC,UAAU;QACb,CAAC,CAAC;;;oBAGI,IAAI,CAAC,UAAU,CAAC,IAAI;oBACpB,IAAI,CAAC,UAAU,CAAC,cAAc;;;;oBAI9B,IAAI,CAAC,UAAU,CAAC,IAAI;oBACpB,IAAI,CAAC,UAAU,CAAC,aAAa;;;;oBAI7B,IAAI,CAAC,UAAU,CAAC,GAAG;oBACnB,IAAI,CAAC,UAAU,CAAC,mBAAmB;;;;oBAInC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;;;WAGvC;QACG,CAAC,CAAC,iDACN;;;;;;;;;;;;;;;;;YAkBE,IAAI,CAAC,eAAe;QAClB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAM,EAAE,EAAE,CAAC;;oBAEzB,MAAM;oBACN,CAAC,CAAC,KAAK;oBACP,CAAC,CAAC,OAAO;oBACT,CAAC,CAAC,UAAU;;WAErB,CAAC;aACO,IAAI,CAAC,EAAE,CAAC;QACb,CAAC,CAAC,iDACN;;;;;;;;;;;;;;;;;;;YAoBE,IAAI,CAAC,QAAQ,EAAE,GAAG,CAChB,IAAI,CAAC,EAAE,CAAC;;kBAEJ,IAAI,CAAC,IAAI;kBACT,IAAI,CAAC,OAAO;kBACZ,IAAI,CAAC,KAAK;kBACV,IAAI,CAAC,OAAO;kBACZ,IAAI,CAAC,OAAO;kBACZ,IAAI,CAAC,WAAW;;SAEzB,CACI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,iDAChB;;;;;;;;;;;;;;;;;YAkBE,IAAI,CAAC,mBAAmB;QACtB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,mBAAmB,CAAC;aACrC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAM,EAAE,EAAE,CAAC;;oBAEvB,IAAI;oBACJ,CAAC,CAAC,KAAK;oBACP,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,aAAa;;WAExB,CAAC;aACO,IAAI,CAAC,EAAE,CAAC;QACb,CAAC,CAAC,iDACN;;;;;;;;;;;;;;;YAgBE,IAAI,CAAC,YAAY,EAAE,GAAG,CACpB,KAAK,CAAC,EAAE,CAAC;;kBAEL,KAAK,CAAC,KAAK;kBACX,KAAK,CAAC,SAAS;;SAExB,CACI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,kDAChB;;;;;MAMJ,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QACrD,CAAC,CAAC;;;;UAIA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,gDAAgD,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;;;KAGzG;QACG,CAAC,CAAC,EACN;;;yCAGqC,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,KAAK;yCAC1B,IAAI,CAAC,QAAQ,EAAE,aAAa,IAAI,IAAI,IAAI,EAAE,CAAC,cAAc,EAAE;uCAC7D,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,OAAO;;;;;GAKrE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkB,EAAE,UAAkB;IACrE,OAAO;;;;yCAIgC,UAAU;gBACnC,UAAU;yCACe,UAAU;;0BAEzB,UAAU;;;;;;;;;;;;GAYjC,CAAC;AACJ,CAAC"}

package/dist/security/owaspScanner.d.ts

@@ -0,0 +1,74 @@
+/**
+ * OWASP Top 10 Security Scanner
+ * Scans code for common security vulnerabilities
+ */
+export interface SecurityFinding {
+    category: string;
+    cweId: string;
+    cvssScore: number;
+    severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
+    title: string;
+    description: string;
+    location?: {
+        file?: string;
+        line?: number;
+        column?: number;
+    };
+    remediation: string;
+    evidence?: string;
+}
+/**
+ * Scan code for SQL injection vulnerabilities
+ */
+export declare function scanSQLInjection(code: string): SecurityFinding[];
+/**
+ * Scan for hardcoded secrets
+ */
+export declare function scanHardcodedSecrets(code: string): SecurityFinding[];
+/**
+ * Scan for dangerous use of eval()
+ */
+export declare function scanDangerousEval(code: string): SecurityFinding[];
+/**
+ * Scan for XSS vulnerabilities
+ */
+export declare function scanXSS(code: string): SecurityFinding[];
+/**
+ * Scan for insecure deserialization
+ */
+export declare function scanInsecureDeserialization(code: string): SecurityFinding[];
+/**
+ * Scan for CORS misconfigurations
+ */
+export declare function scanCORSMisconfiguration(code: string): SecurityFinding[];
+/**
+ * Scan for unvalidated redirects
+ */
+export declare function scanUnvalidatedRedirect(code: string): SecurityFinding[];
+/**
+ * Scan for missing authentication on sensitive endpoints
+ */
+export declare function scanMissingAuth(code: string): SecurityFinding[];
+/**
+ * Main scanner - run all checks
+ */
+export declare function scanCode(code: string): SecurityFinding[];
+/**
+ * Scan file with location information
+ */
+export declare function scanFileForVulnerabilities(filePath: string, content: string): Promise<SecurityFinding[]>;
+/**
+ * Generate security report
+ */
+export declare function generateSecurityReport(findings: SecurityFinding[]): {
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    findings: SecurityFinding[];
+    riskLevel: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'NONE';
+};
+//# sourceMappingURL=owaspScanner.d.ts.map

package/dist/security/owaspScanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"owaspScanner.d.ts","sourceRoot":"","sources":["../../src/security/owaspScanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE;QACT,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAgFD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAsBhE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAqBpE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAsBjE;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAsBvD;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAsB3E;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAsBxE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAsBvE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAqB/D;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,EAAE,CAqBxD;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,EAAE,CAAC,CAS5B;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;IACnE,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,SAAS,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;CAC5D,CAoBA"}

package/dist/security/owaspScanner.js

@@ -0,0 +1,309 @@
+/**
+ * OWASP Top 10 Security Scanner
+ * Scans code for common security vulnerabilities
+ */
+const PATTERNS = {
+    // A01: SQL Injection - unparameterized queries
+    SQL_INJECTION: [
+        /\.query\s*\(\s*["'`]\s*SELECT\s+/gi,
+        /\.execute\s*\(\s*["'`]\s*SELECT\s+/gi,
+        /sql\s*=\s*["'`]\s*SELECT\s+.*\+\s*.*\s*["'`]/gi,
+        /db\.run\s*\(\s*["'`]\s*SELECT\s+/gi,
+    ],
+    // A02: Cryptographic Failures - hardcoded secrets
+    HARDCODED_SECRETS: [
+        /password\s*[=:]\s*["']([^"']+)["']/gi,
+        /secret\s*[=:]\s*["']([^"']+)["']/gi,
+        /token\s*[=:]\s*["']([^"']+)["']/gi,
+    ],
+    // A03: Injection - eval and Function constructor
+    DANGEROUS_EVAL: [
+        /\beval\s*\(/g,
+        /Function\s*\(\s*["'`]/g,
+        /setTimeout\s*\(\s*["'`]/g,
+        /setInterval\s*\(\s*["'`]/g,
+    ],
+    // A03: Injection - template injection
+    TEMPLATE_INJECTION: [
+        /render\s*\(\s*userInput\s*\)/gi,
+        /interpolate\s*\(\s*userInput\s*\)/gi,
+        /template\s*\(\s*["'`]\s*\$\{.*\}\s*["'`]/gi,
+    ],
+    // A04: Insecure Object Deserialization
+    INSECURE_DESERIALIZATION: [
+        /JSON\.parse\s*\(\s*userInput\s*\)/gi,
+        /pickle\.loads\s*\(/gi,
+        /unserialize\s*\(/gi,
+    ],
+    // A05: Security Misconfiguration - CORS
+    INSECURE_CORS: [
+        /Access-Control-Allow-Origin\s*[:=]\s*["']\*["']/gi,
+        /cors\s*\(\s*\{[^}]*origin[^}]*\*[^}]*\}/gi,
+    ],
+    // A06: Vulnerable Components - known patterns
+    VULNERABLE_DEPENDENCIES: [
+        /require\s*\(\s*["']lodash\.template["']\s*\)/gi,
+        /require\s*\(\s*["']express-unless["']\s*\)/gi,
+    ],
+    // A07: Missing Authentication
+    MISSING_AUTH: [
+        /router\.get\s*\(\s*["'](\/admin|\/api).*["']\s*,\s*\(req,\s*res\)\s*=>/gi,
+        /router\.post\s*\(\s*["'](\/admin|\/api).*["']\s*,\s*\(req,\s*res\)\s*=>/gi,
+    ],
+    // A09: Using Components with Known Vulnerabilities
+    OUTDATED_DEPENDENCIES: [
+        /"name":\s*"lodash"[^}]*"version":\s*"[0-3]\.[0-9]+\.[0-9]+"/gi,
+        /"name":\s*"express"[^}]*"version":\s*"[34]\.[0-9]+\.[0-9]+"/gi,
+    ],
+    // A10: SSRF - unvalidated redirects
+    UNVALIDATED_REDIRECT: [
+        /redirect\s*\(\s*userInput\s*\)/gi,
+        /window\.location\s*=\s*userInput/gi,
+        /res\.redirect\s*\(\s*req\.query\.url\s*\)/gi,
+    ],
+    // XSS - user input in HTML
+    XSS_VULNERABILITY: [
+        /innerHTML\s*=\s*userInput/gi,
+        /innerHTML\s*=\s*req\.query\./gi,
+        /innerHTML\s*=\s*req\.body\./gi,
+        /dangerouslySetInnerHTML/g,
+    ],
+};
+/**
+ * Scan code for SQL injection vulnerabilities
+ */
+export function scanSQLInjection(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.SQL_INJECTION) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A01: SQL Injection',
+                cweId: 'CWE-89',
+                cvssScore: 9.8,
+                severity: 'CRITICAL',
+                title: 'Potential SQL Injection Vulnerability',
+                description: 'Unparameterized SQL query detected. This can be exploited to modify or retrieve database contents.',
+                remediation: 'Use parameterized queries or prepared statements with bound parameters.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for hardcoded secrets
+ */
+export function scanHardcodedSecrets(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.HARDCODED_SECRETS) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A02: Cryptographic Failures',
+                cweId: 'CWE-798',
+                cvssScore: 9.8,
+                severity: 'CRITICAL',
+                title: 'Hardcoded Secret Detected',
+                description: 'Credentials or secrets hardcoded in source code. This enables credential theft.',
+                remediation: 'Store credentials in environment variables, secure vaults (AWS Secrets Manager, HashiCorp Vault), or .env files (never committed).',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for dangerous use of eval()
+ */
+export function scanDangerousEval(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.DANGEROUS_EVAL) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A03: Injection',
+                cweId: 'CWE-95',
+                cvssScore: 8.6,
+                severity: 'HIGH',
+                title: 'Use of eval() or similar Dangerous Function',
+                description: 'eval() and similar functions can execute arbitrary code and should be avoided.',
+                remediation: 'Replace eval() with safer alternatives: JSON.parse() for JSON, or template literals with proper escaping.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for XSS vulnerabilities
+ */
+export function scanXSS(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.XSS_VULNERABILITY) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A03: Injection - XSS',
+                cweId: 'CWE-79',
+                cvssScore: 6.1,
+                severity: 'MEDIUM',
+                title: 'Potential Cross-Site Scripting (XSS) Vulnerability',
+                description: 'User input is directly inserted into HTML without sanitization. This allows attackers to inject malicious scripts.',
+                remediation: 'Use context-aware output encoding, Content Security Policy (CSP), and templating engines that auto-escape by default.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for insecure deserialization
+ */
+export function scanInsecureDeserialization(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.INSECURE_DESERIALIZATION) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A08: Software and Data Integrity Failures',
+                cweId: 'CWE-502',
+                cvssScore: 8.1,
+                severity: 'HIGH',
+                title: 'Insecure Deserialization',
+                description: 'Deserializing untrusted data can lead to remote code execution or object injection attacks.',
+                remediation: 'Validate and sanitize all input before deserialization. Consider using safer formats like JSON instead of binary serialization.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for CORS misconfigurations
+ */
+export function scanCORSMisconfiguration(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.INSECURE_CORS) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A01: Broken Access Control',
+                cweId: 'CWE-942',
+                cvssScore: 5.3,
+                severity: 'MEDIUM',
+                title: 'Insecure CORS Configuration',
+                description: 'CORS allows all origins (*). This enables any website to access resources, bypassing same-origin policy.',
+                remediation: 'Explicitly specify allowed origins in CORS configuration. Never use wildcard (*) for sensitive APIs.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for unvalidated redirects
+ */
+export function scanUnvalidatedRedirect(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.UNVALIDATED_REDIRECT) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A01: Broken Access Control',
+                cweId: 'CWE-601',
+                cvssScore: 6.1,
+                severity: 'MEDIUM',
+                title: 'Unvalidated Redirect',
+                description: 'Redirecting to user-supplied URL without validation enables phishing attacks.',
+                remediation: 'Validate redirect URLs against a whitelist. Use relative URLs when possible.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Scan for missing authentication on sensitive endpoints
+ */
+export function scanMissingAuth(code) {
+    const findings = [];
+    for (const pattern of PATTERNS.MISSING_AUTH) {
+        const matches = code.matchAll(pattern);
+        for (const match of matches) {
+            findings.push({
+                category: 'A01: Broken Authentication',
+                cweId: 'CWE-306',
+                cvssScore: 8.1,
+                severity: 'HIGH',
+                title: 'Missing Authentication on Sensitive Endpoint',
+                description: 'Admin or API endpoints without authentication checks are exposed to unauthorized access.',
+                remediation: 'Add authentication and authorization checks to all sensitive endpoints. Use middleware to enforce authentication.',
+                evidence: match[0].substring(0, 60),
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Main scanner - run all checks
+ */
+export function scanCode(code) {
+    if (!code || typeof code !== 'string') {
+        return [];
+    }
+    const findings = [
+        ...scanSQLInjection(code),
+        ...scanHardcodedSecrets(code),
+        ...scanDangerousEval(code),
+        ...scanXSS(code),
+        ...scanInsecureDeserialization(code),
+        ...scanCORSMisconfiguration(code),
+        ...scanUnvalidatedRedirect(code),
+        ...scanMissingAuth(code),
+    ];
+    // Deduplicate and sort by severity
+    const unique = Array.from(new Map(findings.map((f) => [f.evidence, f])).values());
+    const severityOrder = { CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3 };
+    return unique.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+}
+/**
+ * Scan file with location information
+ */
+export async function scanFileForVulnerabilities(filePath, content) {
+    const findings = scanCode(content);
+    return findings.map((f) => ({
+        ...f,
+        location: {
+            file: filePath,
+            ...f.location,
+        },
+    }));
+}
+/**
+ * Generate security report
+ */
+export function generateSecurityReport(findings) {
+    const summary = {
+        total: findings.length,
+        critical: findings.filter((f) => f.severity === 'CRITICAL').length,
+        high: findings.filter((f) => f.severity === 'HIGH').length,
+        medium: findings.filter((f) => f.severity === 'MEDIUM').length,
+        low: findings.filter((f) => f.severity === 'LOW').length,
+    };
+    let riskLevel = 'NONE';
+    if (summary.critical > 0)
+        riskLevel = 'CRITICAL';
+    else if (summary.high > 0)
+        riskLevel = 'HIGH';
+    else if (summary.medium > 0)
+        riskLevel = 'MEDIUM';
+    else if (summary.low > 0)
+        riskLevel = 'LOW';
+    return {
+        summary,
+        findings,
+        riskLevel,
+    };
+}
+//# sourceMappingURL=owaspScanner.js.map

package/dist/security/owaspScanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"owaspScanner.js","sourceRoot":"","sources":["../../src/security/owaspScanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkBH,MAAM,QAAQ,GAAG;IACf,+CAA+C;IAC/C,aAAa,EAAE;QACb,oCAAoC;QACpC,sCAAsC;QACtC,gDAAgD;QAChD,oCAAoC;KACrC;IAED,kDAAkD;IAClD,iBAAiB,EAAE;QACjB,sCAAsC;QACtC,oCAAoC;QACpC,mCAAmC;KACpC;IAED,iDAAiD;IACjD,cAAc,EAAE;QACd,cAAc;QACd,wBAAwB;QACxB,0BAA0B;QAC1B,2BAA2B;KAC5B;IAED,sCAAsC;IACtC,kBAAkB,EAAE;QAClB,gCAAgC;QAChC,qCAAqC;QACrC,4CAA4C;KAC7C;IAED,uCAAuC;IACvC,wBAAwB,EAAE;QACxB,qCAAqC;QACrC,sBAAsB;QACtB,oBAAoB;KACrB;IAED,wCAAwC;IACxC,aAAa,EAAE;QACb,mDAAmD;QACnD,2CAA2C;KAC5C;IAED,8CAA8C;IAC9C,uBAAuB,EAAE;QACvB,gDAAgD;QAChD,8CAA8C;KAC/C;IAED,8BAA8B;IAC9B,YAAY,EAAE;QACZ,0EAA0E;QAC1E,2EAA2E;KAC5E;IAED,mDAAmD;IACnD,qBAAqB,EAAE;QACrB,+DAA+D;QAC/D,+DAA+D;KAChE;IAED,oCAAoC;IACpC,oBAAoB,EAAE;QACpB,kCAAkC;QAClC,oCAAoC;QACpC,6CAA6C;KAC9C;IAED,2BAA2B;IAC3B,iBAAiB,EAAE;QACjB,6BAA6B;QAC7B,gCAAgC;QAChC,+BAA+B;QAC/B,0BAA0B;KAC3B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,oBAAoB;gBAC9B,KAAK,EAAE,QAAQ;gBACf,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,uCAAuC;gBAC9C,WAAW,EACT,oGAAoG;gBACtG,WAAW,EACT,yEAAyE;gBAC3E,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,6BAA6B;gBACvC,KAAK,EAAE,SAAS;gBAChB,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,2BAA2B;gBAClC,WAAW,EAAE,iFAAiF;gBAC9F,WAAW,EACT,oIAAoI;gBACtI,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,gBAAgB;gBAC1B,KAAK,EAAE,QAAQ;gBACf,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,6CAA6C;gBACpD,WAAW,EACT,gFAAgF;gBAClF,WAAW,EACT,2GAA2G;gBAC7G,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,sBAAsB;gBAChC,KAAK,EAAE,QAAQ;gBACf,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,oDAAoD;gBAC3D,WAAW,EACT,oHAAoH;gBACtH,WAAW,EACT,uHAAuH;gBACzH,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAAY;IACtD,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,2CAA2C;gBACrD,KAAK,EAAE,SAAS;gBAChB,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,0BAA0B;gBACjC,WAAW,EACT,6FAA6F;gBAC/F,WAAW,EACT,iIAAiI;gBACnI,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAAY;IACnD,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,4BAA4B;gBACtC,KAAK,EAAE,SAAS;gBAChB,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,6BAA6B;gBACpC,WAAW,EACT,0GAA0G;gBAC5G,WAAW,EACT,sGAAsG;gBACxG,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,4BAA4B;gBACtC,KAAK,EAAE,SAAS;gBAChB,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,sBAAsB;gBAC7B,WAAW,EACT,+EAA+E;gBACjF,WAAW,EACT,8EAA8E;gBAChF,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,4BAA4B;gBACtC,KAAK,EAAE,SAAS;gBAChB,SAAS,EAAE,GAAG;gBACd,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,8CAA8C;gBACrD,WAAW,EAAE,0FAA0F;gBACvG,WAAW,EACT,mHAAmH;gBACrH,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GAAsB;QAClC,GAAG,gBAAgB,CAAC,IAAI,CAAC;QACzB,GAAG,oBAAoB,CAAC,IAAI,CAAC;QAC7B,GAAG,iBAAiB,CAAC,IAAI,CAAC;QAC1B,GAAG,OAAO,CAAC,IAAI,CAAC;QAChB,GAAG,2BAA2B,CAAC,IAAI,CAAC;QACpC,GAAG,wBAAwB,CAAC,IAAI,CAAC;QACjC,GAAG,uBAAuB,CAAC,IAAI,CAAC;QAChC,GAAG,eAAe,CAAC,IAAI,CAAC;KACzB,CAAC;IAEF,mCAAmC;IACnC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAClF,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAElE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,QAAgB,EAChB,OAAe;IAEf,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACnC,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1B,GAAG,CAAC;QACJ,QAAQ,EAAE;YACR,IAAI,EAAE,QAAQ;YACd,GAAG,CAAC,CAAC,QAAQ;SACd;KACF,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAA2B;IAWhE,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC1D,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAC9D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KACzD,CAAC;IAEF,IAAI,SAAS,GAAoD,MAAM,CAAC;IACxE,IAAI,OAAO,CAAC,QAAQ,GAAG,CAAC;QAAE,SAAS,GAAG,UAAU,CAAC;SAC5C,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC;QAAE,SAAS,GAAG,MAAM,CAAC;SACzC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,SAAS,GAAG,QAAQ,CAAC;SAC7C,IAAI,OAAO,CAAC,GAAG,GAAG,CAAC;QAAE,SAAS,GAAG,KAAK,CAAC;IAE5C,OAAO;QACL,OAAO;QACP,QAAQ;QACR,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/security/piiRedaction.d.ts

@@ -0,0 +1,67 @@
+/**
+ * PII Redaction Module
+ * Masks personally identifiable information in logs and metrics
+ */
+/**
+ * Mask email address
+ * user@example.com → user@***.com
+ */
+export declare function redactEmail(email: string): string;
+/**
+ * Mask phone number
+ * 555-123-4567 → ***-***-4567
+ */
+export declare function redactPhone(phone: string): string;
+/**
+ * Mask SSN
+ * 123-45-6789 → ***-**-6789
+ */
+export declare function redactSSN(ssn: string): string;
+/**
+ * Mask credit card
+ * 1234-5678-9012-3456 → **-3456
+ */
+export declare function redactCreditCard(text: string): string;
+/**
+ * Mask IPv4 address
+ * 192.168.1.1 → 192.168.*.*
+ */
+export declare function redactIPv4(text: string): string;
+/**
+ * Hash session ID for logs
+ * Allows correlation without exposing the actual ID
+ */
+export declare function redactSessionId(sessionId: string): string;
+/**
+ * Hash user ID for logs
+ * Allows correlation without exposing the actual ID
+ */
+export declare function redactUserId(userId: string | number): string;
+/**
+ * Mask UUID
+ * a1b2c3d4-e5f6-7890-abcd-ef1234567890 → a1b2****-****-****-****-****34567890
+ */
+export declare function redactUUID(text: string): string;
+/**
+ * Redact all PII from a string
+ */
+export declare function redactText(text: string): string;
+/**
+ * Redact PII from metrics payload
+ */
+export declare function redactMetrics(metrics: any): any;
+/**
+ * Create a safe log entry with PII redacted
+ */
+export declare function createSafeLogEntry(level: string, message: string, context?: any): {
+    level: string;
+    message: string;
+    timestamp: string;
+    context?: any;
+};
+/**
+ * Validate that no PII is present in the given text
+ * Returns true if PII is found, false if clean
+ */
+export declare function containsPII(text: string): boolean;
+//# sourceMappingURL=piiRedaction.d.ts.map

package/dist/security/piiRedaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"piiRedaction.d.ts","sourceRoot":"","sources":["../../src/security/piiRedaction.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAeH;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKjD;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE7C;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAKrD;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAK/C;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAIzD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAK5D;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAI/C;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAY/C;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,GAAG,GAAG,GAAG,CA2D/C;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,GAAG,GACZ;IACD,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,GAAG,CAAC;CACf,CAOA;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAUjD"}

package/dist/security/piiRedaction.js

@@ -0,0 +1,189 @@
+/**
+ * PII Redaction Module
+ * Masks personally identifiable information in logs and metrics
+ */
+import { createHash } from 'crypto';
+const PATTERNS = {
+    EMAIL: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
+    PHONE: /(\d{3})[-.\s]?(\d{3})[-.\s]?(\d{4})/g,
+    SSN: /(\d{3})[-]?(\d{2})[-]?(\d{4})/g,
+    CREDIT_CARD: /\b(?:\d{4}[-\s]?){3}\d{4}\b/g,
+    IPV4: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
+    UUID: /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/gi,
+    SESSION_ID: /(?:sessionId|session_id|sid)['":\s=]*([a-zA-Z0-9-]{20,})/gi,
+    USER_ID: /(?:userId|user_id|uid)['":\s=]*(\d+|[a-f0-9-]{36})/gi,
+};
+/**
+ * Mask email address
+ * user@example.com → user@***.com
+ */
+export function redactEmail(email) {
+    return email.replace(PATTERNS.EMAIL, (match) => {
+        const [local, domain] = match.split('@');
+        return `${local}@***.${domain.split('.').pop()}`;
+    });
+}
+/**
+ * Mask phone number
+ * 555-123-4567 → ***-***-4567
+ */
+export function redactPhone(phone) {
+    return phone.replace(PATTERNS.PHONE, '***-***-$3');
+}
+/**
+ * Mask SSN
+ * 123-45-6789 → ***-**-6789
+ */
+export function redactSSN(ssn) {
+    return ssn.replace(PATTERNS.SSN, '***-**-$3');
+}
+/**
+ * Mask credit card
+ * 1234-5678-9012-3456 → **-3456
+ */
+export function redactCreditCard(text) {
+    return text.replace(PATTERNS.CREDIT_CARD, (match) => {
+        const lastFour = match.replace(/\D/g, '').slice(-4);
+        return `**-${lastFour}`;
+    });
+}
+/**
+ * Mask IPv4 address
+ * 192.168.1.1 → 192.168.*.*
+ */
+export function redactIPv4(text) {
+    return text.replace(PATTERNS.IPV4, (match) => {
+        const parts = match.split('.');
+        return `${parts[0]}.${parts[1]}.*.*`;
+    });
+}
+/**
+ * Hash session ID for logs
+ * Allows correlation without exposing the actual ID
+ */
+export function redactSessionId(sessionId) {
+    if (!sessionId)
+        return 'unknown';
+    const hash = createHash('sha256').update(sessionId).digest('hex');
+    return hash.substring(0, 8);
+}
+/**
+ * Hash user ID for logs
+ * Allows correlation without exposing the actual ID
+ */
+export function redactUserId(userId) {
+    if (!userId)
+        return 'unknown';
+    const str = String(userId);
+    const hash = createHash('sha256').update(str).digest('hex');
+    return hash.substring(0, 8);
+}
+/**
+ * Mask UUID
+ * a1b2c3d4-e5f6-7890-abcd-ef1234567890 → a1b2****-****-****-****-****34567890
+ */
+export function redactUUID(text) {
+    return text.replace(PATTERNS.UUID, (match) => {
+        return `${match.substring(0, 4)}****-****-****-****-****${match.substring(32)}`;
+    });
+}
+/**
+ * Redact all PII from a string
+ */
+export function redactText(text) {
+    if (!text || typeof text !== 'string')
+        return text;
+    let result = text;
+    result = redactEmail(result);
+    result = redactPhone(result);
+    result = redactSSN(result);
+    result = redactCreditCard(result);
+    result = redactIPv4(result);
+    result = redactUUID(result);
+    return result;
+}
+/**
+ * Redact PII from metrics payload
+ */
+export function redactMetrics(metrics) {
+    if (!metrics || typeof metrics !== 'object')
+        return metrics;
+    const redacted = JSON.parse(JSON.stringify(metrics));
+    // Redact known PII fields
+    const piiFields = [
+        'email',
+        'phone',
+        'ssn',
+        'creditCard',
+        'userId',
+        'userName',
+        'sessionId',
+        'ipAddress',
+        'hostname',
+    ];
+    for (const field of piiFields) {
+        if (redacted[field]) {
+            switch (field) {
+                case 'email':
+                    redacted[field] = redactEmail(redacted[field]);
+                    break;
+                case 'phone':
+                    redacted[field] = redactPhone(redacted[field]);
+                    break;
+                case 'ssn':
+                    redacted[field] = redactSSN(redacted[field]);
+                    break;
+                case 'creditCard':
+                    redacted[field] = redactCreditCard(redacted[field]);
+                    break;
+                case 'userId':
+                    redacted[field] = redactUserId(redacted[field]);
+                    break;
+                case 'sessionId':
+                    redacted[field] = redactSessionId(redacted[field]);
+                    break;
+                case 'ipAddress':
+                    redacted[field] = redactIPv4(redacted[field]);
+                    break;
+                case 'hostname':
+                    redacted[field] = `***`;
+                    break;
+            }
+        }
+    }
+    // Recursively redact nested objects
+    for (const key in redacted) {
+        if (typeof redacted[key] === 'string') {
+            redacted[key] = redactText(redacted[key]);
+        }
+        else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
+            redacted[key] = redactMetrics(redacted[key]);
+        }
+    }
+    return redacted;
+}
+/**
+ * Create a safe log entry with PII redacted
+ */
+export function createSafeLogEntry(level, message, context) {
+    return {
+        level,
+        message: redactText(message),
+        timestamp: new Date().toISOString(),
+        context: context ? redactMetrics(context) : undefined,
+    };
+}
+/**
+ * Validate that no PII is present in the given text
+ * Returns true if PII is found, false if clean
+ */
+export function containsPII(text) {
+    if (!text || typeof text !== 'string')
+        return false;
+    return (PATTERNS.EMAIL.test(text) ||
+        PATTERNS.PHONE.test(text) ||
+        PATTERNS.SSN.test(text) ||
+        PATTERNS.CREDIT_CARD.test(text) ||
+        PATTERNS.IPV4.test(text));
+}
+//# sourceMappingURL=piiRedaction.js.map