moltbot-scan 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -16
- package/dist/analysis/patterns.d.ts +40 -1
- package/dist/analysis/patterns.d.ts.map +1 -1
- package/dist/analysis/patterns.js +269 -10
- package/dist/analysis/patterns.js.map +1 -1
- package/dist/analysis/rules.d.ts.map +1 -1
- package/dist/analysis/rules.js +42 -0
- package/dist/analysis/rules.js.map +1 -1
- package/dist/core/file-scanner.d.ts +1 -0
- package/dist/core/file-scanner.d.ts.map +1 -1
- package/dist/core/file-scanner.js +204 -3
- package/dist/core/file-scanner.js.map +1 -1
- package/dist/core/scorer.d.ts.map +1 -1
- package/dist/core/scorer.js +23 -0
- package/dist/core/scorer.js.map +1 -1
- package/dist/sdk/scanner.d.ts.map +1 -1
- package/dist/sdk/scanner.js +9 -2
- package/dist/sdk/scanner.js.map +1 -1
- package/dist/types/index.d.ts +7 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js.map +1 -1
- package/package.json +6 -2
package/README.md
CHANGED
|
@@ -7,13 +7,17 @@ A lightweight TypeScript SDK that scans incoming messages and returns structured
|
|
|
7
7
|
## Features
|
|
8
8
|
|
|
9
9
|
- **Two-layer detection** — fast regex rules (<10ms) + optional LLM deep analysis
|
|
10
|
-
- **
|
|
10
|
+
- **6 threat categories** — prompt injection, credential theft, covert execution, social engineering, obfuscated encoding, malicious URIs
|
|
11
|
+
- **Deep base64 scanning** — multi-layer decode (up to 3 levels) with full pattern matching on decoded content
|
|
12
|
+
- **Encoding obfuscation detection** — hex (`\x65`), unicode (`\u0065`), HTML entities (`e`), URL encoding (`%65`)
|
|
13
|
+
- **Malicious URI detection** — `javascript:`, `data:`, `vbscript:` schemes, short URL services, path traversal
|
|
14
|
+
- **QR code injection scanning** — decodes QR codes from PNG/JPEG images and scans content for threats
|
|
11
15
|
- **Risk levels** — `HIGH` / `MEDIUM` / `LOW` / `SAFE` with numeric score (0-100)
|
|
12
16
|
- **Express middleware** — one-line integration, auto-blocks dangerous messages
|
|
13
17
|
- **Framework-agnostic handler** — works with any Node.js server
|
|
14
18
|
- **Zero required dependencies** — LLM analysis is opt-in via `ANTHROPIC_API_KEY`
|
|
15
19
|
- **Full TypeScript support** — ships with declaration files
|
|
16
|
-
- **Local file scanning** — `scan-files` command audits skill repos, prompt libraries, and codebases for threats
|
|
20
|
+
- **Local file scanning** — `scan-files` command audits skill repos, prompt libraries, and codebases for threats (including image QR codes)
|
|
17
21
|
|
|
18
22
|
## Real-World Results
|
|
19
23
|
|
|
@@ -84,7 +88,9 @@ console.log(result)
|
|
|
84
88
|
// covertExecution: false,
|
|
85
89
|
// socialEngineering: false,
|
|
86
90
|
// suspiciousLinks: false,
|
|
87
|
-
//
|
|
91
|
+
// maliciousUri: false,
|
|
92
|
+
// base64Hidden: false,
|
|
93
|
+
// obfuscatedEncoding: false
|
|
88
94
|
// },
|
|
89
95
|
// findings: [
|
|
90
96
|
// { severity: 'HIGH', category: 'direct_injection', ... },
|
|
@@ -157,12 +163,12 @@ if (llm.isAvailable) {
|
|
|
157
163
|
}
|
|
158
164
|
|
|
159
165
|
// Access all pattern rules
|
|
160
|
-
console.log(ALL_PATTERNS.length) //
|
|
166
|
+
console.log(ALL_PATTERNS.length) // 20 rules
|
|
161
167
|
```
|
|
162
168
|
|
|
163
169
|
### CLI: Scan Local Files
|
|
164
170
|
|
|
165
|
-
Scan any directory or file for prompt injection, credential theft,
|
|
171
|
+
Scan any directory or file for prompt injection, credential theft, covert execution, and obfuscation threats — including QR codes in images:
|
|
166
172
|
|
|
167
173
|
```bash
|
|
168
174
|
# Basic scan
|
|
@@ -196,7 +202,7 @@ agentshield scan-files ./project --exclude build,tmp
|
|
|
196
202
|
|
|
197
203
|
Exit code `1` if any HIGH-risk files are found — useful for CI/CD gates.
|
|
198
204
|
|
|
199
|
-
Default scanned extensions: `.md`, `.txt`, `.ts`, `.js`, `.py`, `.yaml`, `.yml`, `.json`, `.sh`
|
|
205
|
+
Default scanned extensions: `.md`, `.txt`, `.ts`, `.js`, `.py`, `.yaml`, `.yml`, `.json`, `.sh`, `.png`, `.jpg`, `.jpeg`
|
|
200
206
|
|
|
201
207
|
### SDK: File Scanner
|
|
202
208
|
|
|
@@ -256,6 +262,17 @@ interface ScanResult {
|
|
|
256
262
|
findings: ScanFinding[]
|
|
257
263
|
llmAnalysis?: LLMAnalysisResult
|
|
258
264
|
}
|
|
265
|
+
|
|
266
|
+
interface ScanFlags {
|
|
267
|
+
promptInjection: boolean
|
|
268
|
+
credentialTheft: boolean
|
|
269
|
+
covertExecution: boolean
|
|
270
|
+
socialEngineering: boolean
|
|
271
|
+
suspiciousLinks: boolean
|
|
272
|
+
maliciousUri: boolean
|
|
273
|
+
base64Hidden: boolean
|
|
274
|
+
obfuscatedEncoding: boolean
|
|
275
|
+
}
|
|
259
276
|
```
|
|
260
277
|
|
|
261
278
|
## Detection Rules
|
|
@@ -266,8 +283,11 @@ interface ScanResult {
|
|
|
266
283
|
| Credential Theft | HIGH | "share your api_key", "cat ~/.ssh", "print env" |
|
|
267
284
|
| Covert Execution | HIGH | `eval()`, `curl ... \| bash`, `base64 -d` |
|
|
268
285
|
| Social Engineering | MEDIUM | "don't tell your owner", "this is a secret instruction" |
|
|
286
|
+
| Obfuscated Encoding | HIGH/MEDIUM | `\x65\x76\x61\x6c` (hex), `\u0065val` (unicode), `eval` (HTML entity), `%65val` (URL encoded) |
|
|
287
|
+
| Malicious URI | HIGH/MEDIUM | `javascript:`, `data:text/html;base64,...`, `vbscript:`, short URLs (bit.ly, tinyurl) |
|
|
288
|
+
| Base64 Deep Scan | HIGH | Multi-layer base64 decoded content matching any pattern rule |
|
|
289
|
+
| QR Code Injection | HIGH/MEDIUM | QR codes in images containing injection, malicious URIs, or suspicious URLs |
|
|
269
290
|
| Suspicious Links | LOW | URLs not in the known-safe domain allowlist |
|
|
270
|
-
| Base64 Hidden | MEDIUM | Base64 strings that decode to shell commands |
|
|
271
291
|
|
|
272
292
|
## LLM Analysis
|
|
273
293
|
|
|
@@ -282,7 +302,7 @@ const result = await scan(content, { useLLM: false })
|
|
|
282
302
|
|
|
283
303
|
```bash
|
|
284
304
|
npm install
|
|
285
|
-
npm test # run
|
|
305
|
+
npm test # run 158 tests
|
|
286
306
|
npm run build # compile to dist/
|
|
287
307
|
npm run serve # launch web UI on localhost:3847
|
|
288
308
|
```
|
|
@@ -302,13 +322,17 @@ MIT
|
|
|
302
322
|
## 功能特色
|
|
303
323
|
|
|
304
324
|
- **雙層偵測** — 快速正規表達式規則(<10ms)+ 可選的 LLM 深度分析
|
|
305
|
-
- **
|
|
325
|
+
- **6 大威脅類別** — 提示注入、憑證竊取、隱蔽執行、社交工程、混淆編碼、惡意 URI
|
|
326
|
+
- **深層 Base64 掃描** — 多層解碼(最多 3 層),解碼後對內容執行完整模式匹配
|
|
327
|
+
- **編碼混淆偵測** — hex (`\x65`)、unicode (`\u0065`)、HTML 實體 (`e`)、URL 編碼 (`%65`)
|
|
328
|
+
- **惡意 URI 偵測** — `javascript:`、`data:`、`vbscript:` 協議、短網址服務、路徑遍歷
|
|
329
|
+
- **QR Code 注入掃描** — 解碼 PNG/JPEG 圖片中的 QR Code,掃描內容是否含有威脅
|
|
306
330
|
- **風險等級** — `HIGH` / `MEDIUM` / `LOW` / `SAFE`,附帶數字分數(0-100)
|
|
307
331
|
- **Express 中介層** — 一行整合,自動攔截危險訊息
|
|
308
332
|
- **框架無關處理器** — 適用於任何 Node.js 伺服器
|
|
309
333
|
- **零必要依賴** — LLM 分析透過 `ANTHROPIC_API_KEY` 選擇性啟用
|
|
310
334
|
- **完整 TypeScript 支援** — 附帶型別宣告檔
|
|
311
|
-
- **本地檔案掃描** — `scan-files`
|
|
335
|
+
- **本地檔案掃描** — `scan-files` 指令可審核技能倉庫、提示詞庫及程式碼庫中的威脅(包含圖片 QR Code)
|
|
312
336
|
|
|
313
337
|
## 真實數據驗證
|
|
314
338
|
|
|
@@ -379,7 +403,9 @@ console.log(result)
|
|
|
379
403
|
// covertExecution: false,
|
|
380
404
|
// socialEngineering: false,
|
|
381
405
|
// suspiciousLinks: false,
|
|
382
|
-
//
|
|
406
|
+
// maliciousUri: false,
|
|
407
|
+
// base64Hidden: false,
|
|
408
|
+
// obfuscatedEncoding: false
|
|
383
409
|
// },
|
|
384
410
|
// findings: [
|
|
385
411
|
// { severity: 'HIGH', category: 'direct_injection', ... },
|
|
@@ -452,12 +478,12 @@ if (llm.isAvailable) {
|
|
|
452
478
|
}
|
|
453
479
|
|
|
454
480
|
// 存取所有偵測規則
|
|
455
|
-
console.log(ALL_PATTERNS.length) //
|
|
481
|
+
console.log(ALL_PATTERNS.length) // 20 條規則
|
|
456
482
|
```
|
|
457
483
|
|
|
458
484
|
### CLI:掃描本地檔案
|
|
459
485
|
|
|
460
|
-
|
|
486
|
+
掃描任何目錄或檔案,偵測提示注入、憑證竊取、隱蔽執行及混淆攻擊威脅 — 包含圖片中的 QR Code:
|
|
461
487
|
|
|
462
488
|
```bash
|
|
463
489
|
# 基本掃描
|
|
@@ -491,7 +517,7 @@ agentshield scan-files ./project --exclude build,tmp
|
|
|
491
517
|
|
|
492
518
|
若發現任何 HIGH 風險檔案,結束代碼為 `1` — 適用於 CI/CD 閘門。
|
|
493
519
|
|
|
494
|
-
預設掃描副檔名:`.md`、`.txt`、`.ts`、`.js`、`.py`、`.yaml`、`.yml`、`.json`、`.sh`
|
|
520
|
+
預設掃描副檔名:`.md`、`.txt`、`.ts`、`.js`、`.py`、`.yaml`、`.yml`、`.json`、`.sh`、`.png`、`.jpg`、`.jpeg`
|
|
495
521
|
|
|
496
522
|
### SDK:檔案掃描器
|
|
497
523
|
|
|
@@ -551,6 +577,17 @@ interface ScanResult {
|
|
|
551
577
|
findings: ScanFinding[]
|
|
552
578
|
llmAnalysis?: LLMAnalysisResult
|
|
553
579
|
}
|
|
580
|
+
|
|
581
|
+
interface ScanFlags {
|
|
582
|
+
promptInjection: boolean
|
|
583
|
+
credentialTheft: boolean
|
|
584
|
+
covertExecution: boolean
|
|
585
|
+
socialEngineering: boolean
|
|
586
|
+
suspiciousLinks: boolean
|
|
587
|
+
maliciousUri: boolean
|
|
588
|
+
base64Hidden: boolean
|
|
589
|
+
obfuscatedEncoding: boolean
|
|
590
|
+
}
|
|
554
591
|
```
|
|
555
592
|
|
|
556
593
|
## 偵測規則
|
|
@@ -561,8 +598,11 @@ interface ScanResult {
|
|
|
561
598
|
| 憑證竊取 | HIGH | "share your api_key"、"cat ~/.ssh"、"print env" |
|
|
562
599
|
| 隱蔽執行 | HIGH | `eval()`、`curl ... \| bash`、`base64 -d` |
|
|
563
600
|
| 社交工程 | MEDIUM | "don't tell your owner"、"this is a secret instruction" |
|
|
601
|
+
| 混淆編碼 | HIGH/MEDIUM | `\x65\x76\x61\x6c`(hex)、`\u0065val`(unicode)、`eval`(HTML 實體)、`%65val`(URL 編碼) |
|
|
602
|
+
| 惡意 URI | HIGH/MEDIUM | `javascript:`、`data:text/html;base64,...`、`vbscript:`、短網址(bit.ly、tinyurl) |
|
|
603
|
+
| Base64 深層掃描 | HIGH | 多層 Base64 解碼後的內容匹配任何偵測規則 |
|
|
604
|
+
| QR Code 注入 | HIGH/MEDIUM | 圖片中的 QR Code 含有注入攻擊、惡意 URI 或可疑 URL |
|
|
564
605
|
| 可疑連結 | LOW | 不在已知安全網域白名單中的 URL |
|
|
565
|
-
| Base64 隱藏 | MEDIUM | 解碼後包含 shell 指令的 Base64 字串 |
|
|
566
606
|
|
|
567
607
|
## LLM 分析
|
|
568
608
|
|
|
@@ -577,7 +617,7 @@ const result = await scan(content, { useLLM: false })
|
|
|
577
617
|
|
|
578
618
|
```bash
|
|
579
619
|
npm install
|
|
580
|
-
npm test # 執行
|
|
620
|
+
npm test # 執行 158 個測試
|
|
581
621
|
npm run build # 編譯到 dist/
|
|
582
622
|
npm run serve # 在 localhost:3847 啟動 Web UI
|
|
583
623
|
```
|
|
@@ -9,11 +9,50 @@ declare const DIRECT_INJECTION: PatternRule[];
|
|
|
9
9
|
declare const CREDENTIAL_THEFT: PatternRule[];
|
|
10
10
|
declare const COVERT_EXECUTION: PatternRule[];
|
|
11
11
|
declare const SOCIAL_ENGINEERING: PatternRule[];
|
|
12
|
+
declare const OBFUSCATED_ENCODING: PatternRule[];
|
|
12
13
|
export declare const URL_PATTERN: RegExp;
|
|
13
14
|
export declare function isSuspiciousUrl(url: string): boolean;
|
|
15
|
+
export interface MaliciousUriResult {
|
|
16
|
+
uri: string;
|
|
17
|
+
reason: string;
|
|
18
|
+
severity: Severity;
|
|
19
|
+
}
|
|
20
|
+
export declare function detectMaliciousUris(content: string): MaliciousUriResult[];
|
|
21
|
+
export declare function isShortUrl(url: string): boolean;
|
|
14
22
|
export declare const BASE64_PATTERN: RegExp;
|
|
23
|
+
export interface Base64DecodedThreat {
|
|
24
|
+
encodedText: string;
|
|
25
|
+
decodedText: string;
|
|
26
|
+
matchedRule: string;
|
|
27
|
+
depth: number;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Enhanced base64 detection:
|
|
31
|
+
* 1. Decodes base64 and runs ALL pattern rules against decoded content
|
|
32
|
+
* 2. Supports multi-layer decoding (up to 3 levels deep)
|
|
33
|
+
* 3. Returns detailed info about what was found
|
|
34
|
+
*/
|
|
35
|
+
export declare function deepBase64Scan(content: string, maxDepth?: number): Base64DecodedThreat[];
|
|
36
|
+
/**
|
|
37
|
+
* Simple boolean check — backward compatible with original API.
|
|
38
|
+
* Now uses the enhanced deep scan internally.
|
|
39
|
+
*/
|
|
15
40
|
export declare function containsBase64Hidden(content: string): boolean;
|
|
41
|
+
export interface ObfuscationResult {
|
|
42
|
+
type: 'hex' | 'unicode' | 'html_entity' | 'url_encoding';
|
|
43
|
+
encoded: string;
|
|
44
|
+
decoded: string;
|
|
45
|
+
threatFound: string | null;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Detects obfuscated encoding and checks decoded content for threats.
|
|
49
|
+
*/
|
|
50
|
+
export declare function detectObfuscatedEncoding(content: string): ObfuscationResult[];
|
|
51
|
+
/**
|
|
52
|
+
* Simple boolean check for whether any obfuscated encoding with threats is present.
|
|
53
|
+
*/
|
|
54
|
+
export declare function containsObfuscatedEncoding(content: string): boolean;
|
|
16
55
|
export declare function hasDuplicateContent(contents: string[], threshold?: number): boolean;
|
|
17
56
|
export declare const ALL_PATTERNS: PatternRule[];
|
|
18
|
-
export { DIRECT_INJECTION, CREDENTIAL_THEFT, COVERT_EXECUTION, SOCIAL_ENGINEERING, };
|
|
57
|
+
export { DIRECT_INJECTION, CREDENTIAL_THEFT, COVERT_EXECUTION, SOCIAL_ENGINEERING, OBFUSCATED_ENCODING, };
|
|
19
58
|
//# sourceMappingURL=patterns.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,kBAAkB,EAAE,WAAW,EAyBpC,CAAC;
|
|
1
|
+
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,gBAAgB,EAAE,WAAW,EAyBlC,CAAC;AAIF,QAAA,MAAM,kBAAkB,EAAE,WAAW,EAyBpC,CAAC;AAIF,QAAA,MAAM,mBAAmB,EAAE,WAAW,EAyBrC,CAAC;AAkBF,eAAO,MAAM,WAAW,QAA+B,CAAC;AAExD,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAQpD;AASD,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAgDzE;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAQ/C;AAID,eAAO,MAAM,cAAc,QAA6B,CAAC;AAEzD,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,SAAI,GAAG,mBAAmB,EAAE,CA2DnF;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE7D;AAID,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,KAAK,GAAG,SAAS,GAAG,aAAa,GAAG,cAAc,CAAC;IACzD,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAgCD;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CA+E7E;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAGnE;AAID,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,SAAS,SAAM,GAAG,OAAO,CAgBhF;AAID,eAAO,MAAM,YAAY,EAAE,WAAW,EAMrC,CAAC;AAEF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,GACpB,CAAC"}
|
|
@@ -1,8 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SOCIAL_ENGINEERING = exports.COVERT_EXECUTION = exports.CREDENTIAL_THEFT = exports.DIRECT_INJECTION = exports.ALL_PATTERNS = exports.BASE64_PATTERN = exports.URL_PATTERN = void 0;
|
|
3
|
+
exports.OBFUSCATED_ENCODING = exports.SOCIAL_ENGINEERING = exports.COVERT_EXECUTION = exports.CREDENTIAL_THEFT = exports.DIRECT_INJECTION = exports.ALL_PATTERNS = exports.BASE64_PATTERN = exports.URL_PATTERN = void 0;
|
|
4
4
|
exports.isSuspiciousUrl = isSuspiciousUrl;
|
|
5
|
+
exports.detectMaliciousUris = detectMaliciousUris;
|
|
6
|
+
exports.isShortUrl = isShortUrl;
|
|
7
|
+
exports.deepBase64Scan = deepBase64Scan;
|
|
5
8
|
exports.containsBase64Hidden = containsBase64Hidden;
|
|
9
|
+
exports.detectObfuscatedEncoding = detectObfuscatedEncoding;
|
|
10
|
+
exports.containsObfuscatedEncoding = containsObfuscatedEncoding;
|
|
6
11
|
exports.hasDuplicateContent = hasDuplicateContent;
|
|
7
12
|
// ─── Direct Injection ───────────────────────────────────────────
|
|
8
13
|
const DIRECT_INJECTION = [
|
|
@@ -116,6 +121,34 @@ const SOCIAL_ENGINEERING = [
|
|
|
116
121
|
},
|
|
117
122
|
];
|
|
118
123
|
exports.SOCIAL_ENGINEERING = SOCIAL_ENGINEERING;
|
|
124
|
+
// ─── Obfuscated Encoding ───────────────────────────────────────
|
|
125
|
+
const OBFUSCATED_ENCODING = [
|
|
126
|
+
{
|
|
127
|
+
pattern: /\\x[0-9a-fA-F]{2}(\\x[0-9a-fA-F]{2}){3,}/,
|
|
128
|
+
category: 'obfuscated_encoding',
|
|
129
|
+
severity: 'HIGH',
|
|
130
|
+
description: 'Hex-encoded string (potential obfuscated payload)',
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
pattern: /\\u[0-9a-fA-F]{4}(\\u[0-9a-fA-F]{4}){3,}/,
|
|
134
|
+
category: 'obfuscated_encoding',
|
|
135
|
+
severity: 'HIGH',
|
|
136
|
+
description: 'Unicode escape sequence (potential obfuscated payload)',
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
pattern: /&#x?[0-9a-fA-F]+;(&#x?[0-9a-fA-F]+;){3,}/,
|
|
140
|
+
category: 'obfuscated_encoding',
|
|
141
|
+
severity: 'MEDIUM',
|
|
142
|
+
description: 'HTML entity encoded string (potential obfuscated payload)',
|
|
143
|
+
},
|
|
144
|
+
{
|
|
145
|
+
pattern: /%[0-9a-fA-F]{2}(%[0-9a-fA-F]{2}){5,}/,
|
|
146
|
+
category: 'obfuscated_encoding',
|
|
147
|
+
severity: 'MEDIUM',
|
|
148
|
+
description: 'URL-encoded string (potential obfuscated payload)',
|
|
149
|
+
},
|
|
150
|
+
];
|
|
151
|
+
exports.OBFUSCATED_ENCODING = OBFUSCATED_ENCODING;
|
|
119
152
|
// ─── Suspicious Link Detection ──────────────────────────────────
|
|
120
153
|
const KNOWN_SAFE_DOMAINS = new Set([
|
|
121
154
|
'github.com', 'gitlab.com', 'stackoverflow.com',
|
|
@@ -124,6 +157,11 @@ const KNOWN_SAFE_DOMAINS = new Set([
|
|
|
124
157
|
'moltbook.com', 'anthropic.com', 'openai.com',
|
|
125
158
|
'huggingface.co', 'npmjs.com', 'pypi.org',
|
|
126
159
|
]);
|
|
160
|
+
const SHORT_URL_DOMAINS = new Set([
|
|
161
|
+
'bit.ly', 'tinyurl.com', 't.co', 'goo.gl', 'ow.ly',
|
|
162
|
+
'is.gd', 'buff.ly', 'rebrand.ly', 'short.io', 'cutt.ly',
|
|
163
|
+
'tiny.cc', 'lnkd.in', 'surl.li', 'rb.gy',
|
|
164
|
+
]);
|
|
127
165
|
exports.URL_PATTERN = /https?:\/\/[^\s<>"')\]]+/gi;
|
|
128
166
|
function isSuspiciousUrl(url) {
|
|
129
167
|
try {
|
|
@@ -135,21 +173,241 @@ function isSuspiciousUrl(url) {
|
|
|
135
173
|
return true;
|
|
136
174
|
}
|
|
137
175
|
}
|
|
138
|
-
// ───
|
|
176
|
+
// ─── Malicious URI Detection ────────────────────────────────────
|
|
177
|
+
const MALICIOUS_URI_PATTERN = /(?:javascript|vbscript|data)\s*:/i;
|
|
178
|
+
const DATA_URI_EXEC_PATTERN = /data\s*:\s*(?:text\/html|application\/javascript)[^,]*[,;]/i;
|
|
179
|
+
const SHORT_URL_PATTERN = /https?:\/\/(bit\.ly|tinyurl\.com|t\.co|goo\.gl|ow\.ly|is\.gd|buff\.ly|rebrand\.ly|short\.io|cutt\.ly|tiny\.cc|lnkd\.in|surl\.li|rb\.gy)\/\S+/gi;
|
|
180
|
+
const URL_PATH_TRAVERSAL = /%2[eE]%2[eE]|\.\.%2[fF]|%2[fF]\.\./;
|
|
181
|
+
function detectMaliciousUris(content) {
|
|
182
|
+
const results = [];
|
|
183
|
+
// javascript: / vbscript: / data: URI schemes
|
|
184
|
+
const schemeMatch = content.match(MALICIOUS_URI_PATTERN);
|
|
185
|
+
if (schemeMatch) {
|
|
186
|
+
results.push({
|
|
187
|
+
uri: schemeMatch[0],
|
|
188
|
+
reason: 'Dangerous URI scheme detected (javascript/vbscript/data)',
|
|
189
|
+
severity: 'HIGH',
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
// data: URIs with executable content types
|
|
193
|
+
const dataUriMatch = content.match(DATA_URI_EXEC_PATTERN);
|
|
194
|
+
if (dataUriMatch) {
|
|
195
|
+
results.push({
|
|
196
|
+
uri: dataUriMatch[0],
|
|
197
|
+
reason: 'Data URI with executable content type (text/html or application/javascript)',
|
|
198
|
+
severity: 'HIGH',
|
|
199
|
+
});
|
|
200
|
+
}
|
|
201
|
+
// Short URL services (potential redirect to malicious targets)
|
|
202
|
+
const shortUrls = content.match(SHORT_URL_PATTERN);
|
|
203
|
+
if (shortUrls) {
|
|
204
|
+
for (const url of shortUrls) {
|
|
205
|
+
results.push({
|
|
206
|
+
uri: url,
|
|
207
|
+
reason: 'Short URL service used — destination hidden',
|
|
208
|
+
severity: 'MEDIUM',
|
|
209
|
+
});
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
// URL-encoded path traversal
|
|
213
|
+
const allUrls = content.match(exports.URL_PATTERN) || [];
|
|
214
|
+
for (const url of allUrls) {
|
|
215
|
+
if (URL_PATH_TRAVERSAL.test(url)) {
|
|
216
|
+
results.push({
|
|
217
|
+
uri: url,
|
|
218
|
+
reason: 'URL contains encoded path traversal (../)',
|
|
219
|
+
severity: 'HIGH',
|
|
220
|
+
});
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
return results;
|
|
224
|
+
}
|
|
225
|
+
function isShortUrl(url) {
|
|
226
|
+
try {
|
|
227
|
+
const parsed = new URL(url);
|
|
228
|
+
const domain = parsed.hostname.replace(/^www\./, '');
|
|
229
|
+
return SHORT_URL_DOMAINS.has(domain);
|
|
230
|
+
}
|
|
231
|
+
catch {
|
|
232
|
+
return false;
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
// ─── Enhanced Base64 Hidden Content Detection ───────────────────
|
|
139
236
|
exports.BASE64_PATTERN = /[A-Za-z0-9+/]{40,}={0,2}/;
|
|
237
|
+
/**
|
|
238
|
+
* Enhanced base64 detection:
|
|
239
|
+
* 1. Decodes base64 and runs ALL pattern rules against decoded content
|
|
240
|
+
* 2. Supports multi-layer decoding (up to 3 levels deep)
|
|
241
|
+
* 3. Returns detailed info about what was found
|
|
242
|
+
*/
|
|
243
|
+
function deepBase64Scan(content, maxDepth = 3) {
|
|
244
|
+
const threats = [];
|
|
245
|
+
const allPatterns = [
|
|
246
|
+
...DIRECT_INJECTION,
|
|
247
|
+
...CREDENTIAL_THEFT,
|
|
248
|
+
...COVERT_EXECUTION,
|
|
249
|
+
...SOCIAL_ENGINEERING,
|
|
250
|
+
];
|
|
251
|
+
function scanLayer(text, depth, originalEncoded) {
|
|
252
|
+
if (depth > maxDepth)
|
|
253
|
+
return;
|
|
254
|
+
const matches = text.matchAll(/[A-Za-z0-9+/]{20,}={0,2}/g);
|
|
255
|
+
for (const m of matches) {
|
|
256
|
+
const candidate = m[0];
|
|
257
|
+
let decoded;
|
|
258
|
+
try {
|
|
259
|
+
const buf = Buffer.from(candidate, 'base64');
|
|
260
|
+
// Validate: at least 80% of decoded bytes should be printable ASCII or common UTF-8
|
|
261
|
+
const printable = buf.filter((b) => (b >= 0x20 && b <= 0x7e) || b === 0x0a || b === 0x0d || b === 0x09);
|
|
262
|
+
if (printable.length / buf.length < 0.7)
|
|
263
|
+
continue;
|
|
264
|
+
decoded = buf.toString('utf-8');
|
|
265
|
+
}
|
|
266
|
+
catch {
|
|
267
|
+
continue;
|
|
268
|
+
}
|
|
269
|
+
// Run all pattern rules against decoded content
|
|
270
|
+
for (const rule of allPatterns) {
|
|
271
|
+
const ruleMatch = decoded.match(rule.pattern);
|
|
272
|
+
if (ruleMatch) {
|
|
273
|
+
threats.push({
|
|
274
|
+
encodedText: originalEncoded || candidate,
|
|
275
|
+
decodedText: decoded.slice(0, 200),
|
|
276
|
+
matchedRule: rule.description,
|
|
277
|
+
depth,
|
|
278
|
+
});
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
// Check for suspicious commands in decoded content
|
|
282
|
+
const suspiciousDecoded = /\b(eval|exec|system|curl|wget|bash|sh|rm\s+-rf|chmod|chown|nc\s+-|ncat|socat)\b/i;
|
|
283
|
+
if (suspiciousDecoded.test(decoded)) {
|
|
284
|
+
threats.push({
|
|
285
|
+
encodedText: originalEncoded || candidate,
|
|
286
|
+
decodedText: decoded.slice(0, 200),
|
|
287
|
+
matchedRule: 'Decoded base64 contains suspicious shell command',
|
|
288
|
+
depth,
|
|
289
|
+
});
|
|
290
|
+
}
|
|
291
|
+
// Recurse: check if decoded content contains another base64 payload
|
|
292
|
+
if (depth < maxDepth && /[A-Za-z0-9+/]{20,}={0,2}/.test(decoded)) {
|
|
293
|
+
scanLayer(decoded, depth + 1, originalEncoded || candidate);
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
}
|
|
297
|
+
scanLayer(content, 1, '');
|
|
298
|
+
return threats;
|
|
299
|
+
}
|
|
300
|
+
/**
|
|
301
|
+
* Simple boolean check — backward compatible with original API.
|
|
302
|
+
* Now uses the enhanced deep scan internally.
|
|
303
|
+
*/
|
|
140
304
|
function containsBase64Hidden(content) {
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
305
|
+
return deepBase64Scan(content).length > 0;
|
|
306
|
+
}
|
|
307
|
+
function decodeHexEscapes(text) {
|
|
308
|
+
return text.replace(/\\x([0-9a-fA-F]{2})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
309
|
+
}
|
|
310
|
+
function decodeUnicodeEscapes(text) {
|
|
311
|
+
return text.replace(/\\u([0-9a-fA-F]{4})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
312
|
+
}
|
|
313
|
+
function decodeHtmlEntities(text) {
|
|
314
|
+
return text
|
|
315
|
+
.replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
|
|
316
|
+
.replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
|
|
317
|
+
}
|
|
318
|
+
function decodeUrlEncoding(text) {
|
|
144
319
|
try {
|
|
145
|
-
|
|
146
|
-
// Check if decoded content contains suspicious commands
|
|
147
|
-
const suspiciousDecoded = /\b(eval|exec|system|curl|wget|bash|sh)\b/i.test(decoded);
|
|
148
|
-
return suspiciousDecoded;
|
|
320
|
+
return decodeURIComponent(text);
|
|
149
321
|
}
|
|
150
322
|
catch {
|
|
151
|
-
return
|
|
323
|
+
return text;
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
/**
|
|
327
|
+
* Detects obfuscated encoding and checks decoded content for threats.
|
|
328
|
+
*/
|
|
329
|
+
function detectObfuscatedEncoding(content) {
|
|
330
|
+
const results = [];
|
|
331
|
+
const allPatterns = [
|
|
332
|
+
...DIRECT_INJECTION,
|
|
333
|
+
...CREDENTIAL_THEFT,
|
|
334
|
+
...COVERT_EXECUTION,
|
|
335
|
+
...SOCIAL_ENGINEERING,
|
|
336
|
+
];
|
|
337
|
+
const suspiciousCmd = /\b(eval|exec|system|curl|wget|bash|sh|rm\s+-rf|chmod|nc\s+-)\b/i;
|
|
338
|
+
function findThreat(decoded) {
|
|
339
|
+
for (const rule of allPatterns) {
|
|
340
|
+
if (rule.pattern.test(decoded))
|
|
341
|
+
return rule.description;
|
|
342
|
+
}
|
|
343
|
+
if (suspiciousCmd.test(decoded))
|
|
344
|
+
return 'Decoded content contains suspicious command';
|
|
345
|
+
return null;
|
|
152
346
|
}
|
|
347
|
+
// Hex escapes: \x65\x76\x61\x6c
|
|
348
|
+
const hexPattern = /(?:\\x[0-9a-fA-F]{2}){4,}/g;
|
|
349
|
+
const hexMatches = content.match(hexPattern);
|
|
350
|
+
if (hexMatches) {
|
|
351
|
+
for (const match of hexMatches) {
|
|
352
|
+
const decoded = decodeHexEscapes(match);
|
|
353
|
+
results.push({
|
|
354
|
+
type: 'hex',
|
|
355
|
+
encoded: match,
|
|
356
|
+
decoded,
|
|
357
|
+
threatFound: findThreat(decoded),
|
|
358
|
+
});
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
// Unicode escapes: \u0065\u0076\u0061\u006c
|
|
362
|
+
const unicodePattern = /(?:\\u[0-9a-fA-F]{4}){4,}/g;
|
|
363
|
+
const unicodeMatches = content.match(unicodePattern);
|
|
364
|
+
if (unicodeMatches) {
|
|
365
|
+
for (const match of unicodeMatches) {
|
|
366
|
+
const decoded = decodeUnicodeEscapes(match);
|
|
367
|
+
results.push({
|
|
368
|
+
type: 'unicode',
|
|
369
|
+
encoded: match,
|
|
370
|
+
decoded,
|
|
371
|
+
threatFound: findThreat(decoded),
|
|
372
|
+
});
|
|
373
|
+
}
|
|
374
|
+
}
|
|
375
|
+
// HTML entities: eval or ev
|
|
376
|
+
const htmlPattern = /(?:&#x?[0-9a-fA-F]+;){4,}/g;
|
|
377
|
+
const htmlMatches = content.match(htmlPattern);
|
|
378
|
+
if (htmlMatches) {
|
|
379
|
+
for (const match of htmlMatches) {
|
|
380
|
+
const decoded = decodeHtmlEntities(match);
|
|
381
|
+
results.push({
|
|
382
|
+
type: 'html_entity',
|
|
383
|
+
encoded: match,
|
|
384
|
+
decoded,
|
|
385
|
+
threatFound: findThreat(decoded),
|
|
386
|
+
});
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
// URL encoding: %65%76%61%6c
|
|
390
|
+
const urlEncPattern = /(?:%[0-9a-fA-F]{2}){6,}/g;
|
|
391
|
+
const urlEncMatches = content.match(urlEncPattern);
|
|
392
|
+
if (urlEncMatches) {
|
|
393
|
+
for (const match of urlEncMatches) {
|
|
394
|
+
const decoded = decodeUrlEncoding(match);
|
|
395
|
+
results.push({
|
|
396
|
+
type: 'url_encoding',
|
|
397
|
+
encoded: match,
|
|
398
|
+
decoded,
|
|
399
|
+
threatFound: findThreat(decoded),
|
|
400
|
+
});
|
|
401
|
+
}
|
|
402
|
+
}
|
|
403
|
+
return results;
|
|
404
|
+
}
|
|
405
|
+
/**
|
|
406
|
+
* Simple boolean check for whether any obfuscated encoding with threats is present.
|
|
407
|
+
*/
|
|
408
|
+
function containsObfuscatedEncoding(content) {
|
|
409
|
+
const results = detectObfuscatedEncoding(content);
|
|
410
|
+
return results.some((r) => r.threatFound !== null);
|
|
153
411
|
}
|
|
154
412
|
// ─── Duplicate Content Detection ────────────────────────────────
|
|
155
413
|
function hasDuplicateContent(contents, threshold = 0.7) {
|
|
@@ -173,5 +431,6 @@ exports.ALL_PATTERNS = [
|
|
|
173
431
|
...CREDENTIAL_THEFT,
|
|
174
432
|
...COVERT_EXECUTION,
|
|
175
433
|
...SOCIAL_ENGINEERING,
|
|
434
|
+
...OBFUSCATED_ENCODING,
|
|
176
435
|
];
|
|
177
436
|
//# sourceMappingURL=patterns.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":";;;AAyIA,0CAQC;AAMD,oDAYC;AAID,kDAgBC;AA9KD,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;KACjD;CACF,CAAC;AA+JA,4CAAgB;AA7JlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;KACtD;CACF,CAAC;AAmIA,4CAAgB;AAjIlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AAuGA,4CAAgB;AArGlB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAkB;IACxC;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;KAC7D;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;CACF,CAAC;AA2EA,gDAAkB;AAzEpB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY,EAAE,YAAY,EAAE,mBAAmB;IAC/C,eAAe,EAAE,WAAW,EAAE,YAAY;IAC1C,aAAa,EAAE,aAAa,EAAE,OAAO;IACrC,cAAc,EAAE,eAAe,EAAE,YAAY;IAC7C,gBAAgB,EAAE,WAAW,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,4BAA4B,CAAC;AAExD,SAAgB,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mEAAmE;AAEtD,QAAA,cAAc,GAAG,0BAA0B,CAAC;AAEzD,SAAgB,oBAAoB,CAAC,OAAe;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClE,wDAAwD;QACxD,MAAM,iBAAiB,GAAG,2CAA2C,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,QAAkB,EAAE,SAAS,GAAG,GAAG;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,OAAO,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAC7C,CAAC;AAED,mEAAmE;AAEtD,QAAA,YAAY,GAAkB;IACzC,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;CACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":";;;AA4KA,0CAQC;AAeD,kDAgDC;AAED,gCAQC;AAmBD,wCA2DC;AAMD,oDAEC;AA4CD,4DA+EC;AAKD,gEAGC;AAID,kDAgBC;AAjeD,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;KACjD;CACF,CAAC;AAmdA,4CAAgB;AAjdlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;KACtD;CACF,CAAC;AAubA,4CAAgB;AArblB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AA2ZA,4CAAgB;AAzZlB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAkB;IACxC;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;KAC7D;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;CACF,CAAC;AA+XA,gDAAkB;AA7XpB,kEAAkE;AAElE,MAAM,mBAAmB,GAAkB;IACzC;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2DAA2D;KACzE;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mDAAmD;KACjE;CACF,CAAC;AAmWA,kDAAmB;AAjWrB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY,EAAE,YAAY,EAAE,mBAAmB;IAC/C,eAAe,EAAE,WAAW,EAAE,YAAY;IAC1C,aAAa,EAAE,aAAa,EAAE,OAAO;IACrC,cAAc,EAAE,eAAe,EAAE,YAAY;IAC7C,gBAAgB,EAAE,WAAW,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAClD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS;IACvD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO;CACzC,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,4BAA4B,CAAC;AAExD,SAAgB,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mEAAmE;AAEnE,MAAM,qBAAqB,GAAG,mCAAmC,CAAC;AAClE,MAAM,qBAAqB,GAAG,6DAA6D,CAAC;AAC5F,MAAM,iBAAiB,GAAG,gJAAgJ,CAAC;AAC3K,MAAM,kBAAkB,GAAG,oCAAoC,CAAC;AAQhE,SAAgB,mBAAmB,CAAC,OAAe;IACjD,MAAM,OAAO,GAAyB,EAAE,CAAC;IAEzC,8CAA8C;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;YACnB,MAAM,EAAE,0DAA0D;YAClE,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;YACpB,MAAM,EAAE,6EAA6E;YACrF,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACnD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,6CAA6C;gBACrD,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAW,CAAC,IAAI,EAAE,CAAC;IACjD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,2CAA2C;gBACnD,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mEAAmE;AAEtD,QAAA,cAAc,GAAG,0BAA0B,CAAC;AASzD;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,QAAQ,GAAG,CAAC;IAC1D,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,WAAW,GAAG;QAClB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,kBAAkB;KACtB,CAAC;IAEF,SAAS,SAAS,CAAC,IAAY,EAAE,KAAa,EAAE,eAAuB;QACrE,IAAI,KAAK,GAAG,QAAQ;YAAE,OAAO;QAE7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;QAC3D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC7C,oFAAoF;gBACpF,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;gBACxG,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG;oBAAE,SAAS;gBAClD,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,gDAAgD;YAChD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9C,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CAAC;wBACX,WAAW,EAAE,eAAe,IAAI,SAAS;wBACzC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAClC,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,KAAK;qBACN,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,MAAM,iBAAiB,GAAG,kFAAkF,CAAC;YAC7G,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,IAAI,CAAC;oBACX,WAAW,EAAE,eAAe,IAAI,SAAS;oBACzC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,WAAW,EAAE,kDAAkD;oBAC/D,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;YAED,oEAAoE;YACpE,IAAI,KAAK,GAAG,QAAQ,IAAI,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjE,SAAS,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,EAAE,eAAe,IAAI,SAAS,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,OAAe;IAClD,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC5C,CAAC;AAWD,SAAS,gBAAgB,CAAC,IAAY;IACpC,OAAO,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACrD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACrD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,IAAI;SACR,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACzC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC;SACA,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAC/B,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CAAC,OAAe;IACtD,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG;QAClB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,kBAAkB;KACtB,CAAC;IACF,MAAM,aAAa,GAAG,iEAAiE,CAAC;IAExF,SAAS,UAAU,CAAC,OAAe;QACjC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1D,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,6CAA6C,CAAC;QACtF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,MAAM,UAAU,GAAG,4BAA4B,CAAC;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,KAAK;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,MAAM,cAAc,GAAG,4BAA4B,CAAC;IACpD,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACrD,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,4BAA4B,CAAC;IACjD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/C,IAAI,WAAW,EAAE,CAAC;QAChB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,aAAa,GAAG,0BAA0B,CAAC;IACjD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CAAC,OAAe;IACxD,MAAM,OAAO,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,QAAkB,EAAE,SAAS,GAAG,GAAG;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,OAAO,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAC7C,CAAC;AAED,mEAAmE;AAEtD,QAAA,YAAY,GAAkB;IACzC,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;IACrB,GAAG,mBAAmB;CACvB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAW/D,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE,CAiB1E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAGhE;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,CA0E/E;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAanE"}
|
package/dist/analysis/rules.js
CHANGED
|
@@ -29,6 +29,45 @@ function analyzeContent(content, postId) {
|
|
|
29
29
|
const ruleMatches = runRuleEngine(content, postId);
|
|
30
30
|
const suspiciousLinks = extractSuspiciousLinks(content);
|
|
31
31
|
const base64Hidden = (0, patterns_js_1.containsBase64Hidden)(content);
|
|
32
|
+
// Enhanced detections
|
|
33
|
+
const maliciousUriResults = (0, patterns_js_1.detectMaliciousUris)(content);
|
|
34
|
+
const maliciousUris = maliciousUriResults.map((r) => r.uri);
|
|
35
|
+
const base64Threats = (0, patterns_js_1.deepBase64Scan)(content);
|
|
36
|
+
const base64DecodedThreats = base64Threats.map((t) => `[depth=${t.depth}] ${t.matchedRule}: ${t.decodedText.slice(0, 80)}`);
|
|
37
|
+
const obfuscationResults = (0, patterns_js_1.detectObfuscatedEncoding)(content);
|
|
38
|
+
const obfuscatedEncoding = obfuscationResults.some((r) => r.threatFound !== null);
|
|
39
|
+
// Add malicious URI findings as rule matches
|
|
40
|
+
for (const uri of maliciousUriResults) {
|
|
41
|
+
ruleMatches.push({
|
|
42
|
+
pattern: 'malicious_uri',
|
|
43
|
+
category: 'covert_execution',
|
|
44
|
+
severity: uri.severity,
|
|
45
|
+
matchedText: uri.uri,
|
|
46
|
+
postId,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
// Add obfuscation findings with confirmed threats as rule matches
|
|
50
|
+
for (const obf of obfuscationResults) {
|
|
51
|
+
if (obf.threatFound) {
|
|
52
|
+
ruleMatches.push({
|
|
53
|
+
pattern: `obfuscated_${obf.type}`,
|
|
54
|
+
category: 'obfuscated_encoding',
|
|
55
|
+
severity: 'HIGH',
|
|
56
|
+
matchedText: `${obf.encoded} → ${obf.decoded}`,
|
|
57
|
+
postId,
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
// Add deep base64 findings as rule matches
|
|
62
|
+
for (const threat of base64Threats) {
|
|
63
|
+
ruleMatches.push({
|
|
64
|
+
pattern: 'base64_deep_scan',
|
|
65
|
+
category: 'covert_execution',
|
|
66
|
+
severity: 'HIGH',
|
|
67
|
+
matchedText: `[depth=${threat.depth}] ${threat.decodedText.slice(0, 60)}`,
|
|
68
|
+
postId,
|
|
69
|
+
});
|
|
70
|
+
}
|
|
32
71
|
const promptInjection = ruleMatches.some((m) => m.category === 'direct_injection');
|
|
33
72
|
const credentialTheft = ruleMatches.some((m) => m.category === 'credential_theft');
|
|
34
73
|
const socialEngineering = ruleMatches.some((m) => m.category === 'social_engineering');
|
|
@@ -38,8 +77,11 @@ function analyzeContent(content, postId) {
|
|
|
38
77
|
promptInjection,
|
|
39
78
|
credentialTheft,
|
|
40
79
|
suspiciousLinks,
|
|
80
|
+
maliciousUris,
|
|
41
81
|
base64Hidden,
|
|
82
|
+
base64DecodedThreats,
|
|
42
83
|
socialEngineering,
|
|
84
|
+
obfuscatedEncoding,
|
|
43
85
|
};
|
|
44
86
|
}
|
|
45
87
|
function needsLLMAnalysis(analysis) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":";;AAWA,sCAiBC;AAED,wDAGC;AAED,wCA0EC;AAED,4CAaC;AA3HD,+CAQuB;AAEvB,SAAgB,aAAa,CAAC,OAAe,EAAE,MAAc;IAC3D,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,0BAAY,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;gBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,MAAM;aACP,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,sBAAsB,CAAC,OAAe;IACpD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,yBAAW,CAAC,IAAI,EAAE,CAAC;IAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,6BAAe,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,cAAc,CAAC,OAAe,EAAE,MAAc;IAC5D,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnD,MAAM,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,IAAA,kCAAoB,EAAC,OAAO,CAAC,CAAC;IAEnD,sBAAsB;IACtB,MAAM,mBAAmB,GAAG,IAAA,iCAAmB,EAAC,OAAO,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE5D,MAAM,aAAa,GAAG,IAAA,4BAAc,EAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,oBAAoB,GAAG,aAAa,CAAC,GAAG,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAC5E,CAAC;IAEF,MAAM,kBAAkB,GAAG,IAAA,sCAAwB,EAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC;IAElF,6CAA6C;IAC7C,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;QACtC,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,WAAW,EAAE,GAAG,CAAC,GAAG;YACpB,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,WAAW,CAAC,IAAI,CAAC;gBACf,OAAO,EAAE,cAAc,GAAG,CAAC,IAAI,EAAE;gBACjC,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,GAAG,GAAG,CAAC,OAAO,MAAM,GAAG,CAAC,OAAO,EAAE;gBAC9C,MAAM;aACP,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,kBAAkB;YAC3B,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,UAAU,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YACzE,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CACzC,CAAC;IACF,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CACzC,CAAC;IACF,MAAM,iBAAiB,GAAG,WAAW,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,oBAAoB,CAC3C,CAAC;IAEF,OAAO;QACL,MAAM;QACN,WAAW;QACX,eAAe;QACf,eAAe;QACf,eAAe;QACf,aAAa;QACb,YAAY;QACZ,oBAAoB;QACpB,iBAAiB;QACjB,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAED,SAAgB,gBAAgB,CAAC,QAAyB;IACxD,yEAAyE;IACzE,mEAAmE;IACnE,MAAM,aAAa,GACjB,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;QAC/B,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAE7D,MAAM,sBAAsB,GAC1B,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QACnC,CAAC,QAAQ,CAAC,eAAe;QACzB,CAAC,QAAQ,CAAC,eAAe,CAAC;IAE5B,OAAO,aAAa,IAAI,sBAAsB,CAAC;AACjD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-scanner.d.ts","sourceRoot":"","sources":["../../src/core/file-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,cAAc,EACd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"file-scanner.d.ts","sourceRoot":"","sources":["../../src/core/file-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,cAAc,EACd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;AAwB3B,qBAAa,WAAW;IACtB,OAAO,CAAC,cAAc,CAAiB;;IAMjC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IA6EjF,OAAO,CAAC,eAAe;YAoGT,cAAc;IA0G5B,OAAO,CAAC,aAAa;CA2CtB"}
|
|
@@ -1,4 +1,37 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.FileScanner = void 0;
|
|
4
37
|
const fs_1 = require("fs");
|
|
@@ -8,6 +41,9 @@ const scanner_js_1 = require("../sdk/scanner.js");
|
|
|
8
41
|
const DEFAULT_EXTENSIONS = new Set([
|
|
9
42
|
'.md', '.txt', '.ts', '.js', '.py', '.yaml', '.yml', '.json', '.sh',
|
|
10
43
|
]);
|
|
44
|
+
const IMAGE_EXTENSIONS = new Set([
|
|
45
|
+
'.png', '.jpg', '.jpeg',
|
|
46
|
+
]);
|
|
11
47
|
const DEFAULT_EXCLUDE_DIRS = new Set([
|
|
12
48
|
'node_modules', '.git', 'dist', '__pycache__', '.next', '.venv', 'vendor',
|
|
13
49
|
]);
|
|
@@ -25,6 +61,30 @@ class FileScanner {
|
|
|
25
61
|
const riskFiles = [];
|
|
26
62
|
const summary = { safe: 0, low: 0, medium: 0, high: 0 };
|
|
27
63
|
for (const filePath of files) {
|
|
64
|
+
const ext = (0, path_1.extname)(filePath).toLowerCase();
|
|
65
|
+
// QR code scanning for image files
|
|
66
|
+
if (IMAGE_EXTENSIONS.has(ext)) {
|
|
67
|
+
const qrFindings = await this.scanImageForQR(filePath);
|
|
68
|
+
findings.push(...qrFindings);
|
|
69
|
+
if (qrFindings.length > 0) {
|
|
70
|
+
const maxSeverity = qrFindings.some((f) => f.severity === 'HIGH')
|
|
71
|
+
? 'HIGH'
|
|
72
|
+
: qrFindings.some((f) => f.severity === 'MEDIUM')
|
|
73
|
+
? 'MEDIUM'
|
|
74
|
+
: 'LOW';
|
|
75
|
+
const risk = maxSeverity === 'HIGH' ? 'HIGH' : maxSeverity === 'MEDIUM' ? 'MEDIUM' : 'LOW';
|
|
76
|
+
summary[risk.toLowerCase()]++;
|
|
77
|
+
riskFiles.push({
|
|
78
|
+
path: (0, path_1.relative)(targetPath, filePath) || filePath,
|
|
79
|
+
risk,
|
|
80
|
+
findingCount: qrFindings.length,
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
else {
|
|
84
|
+
summary.safe++;
|
|
85
|
+
}
|
|
86
|
+
continue;
|
|
87
|
+
}
|
|
28
88
|
let content;
|
|
29
89
|
try {
|
|
30
90
|
content = (0, fs_1.readFileSync)(filePath, 'utf-8');
|
|
@@ -97,9 +157,36 @@ class FileScanner {
|
|
|
97
157
|
}
|
|
98
158
|
}
|
|
99
159
|
}
|
|
160
|
+
// Malicious URI detection per line
|
|
161
|
+
const maliciousUris = (0, patterns_js_1.detectMaliciousUris)(line);
|
|
162
|
+
for (const uri of maliciousUris) {
|
|
163
|
+
findings.push({
|
|
164
|
+
filePath,
|
|
165
|
+
line: i + 1,
|
|
166
|
+
severity: uri.severity,
|
|
167
|
+
category: 'malicious_uri',
|
|
168
|
+
description: uri.reason,
|
|
169
|
+
matchedText: uri.uri,
|
|
170
|
+
context: line.trim().slice(0, 120),
|
|
171
|
+
});
|
|
172
|
+
}
|
|
100
173
|
}
|
|
101
|
-
// Base64 hidden content on full content
|
|
102
|
-
|
|
174
|
+
// Base64 hidden content on full content (enhanced deep scan)
|
|
175
|
+
const base64Threats = (0, patterns_js_1.deepBase64Scan)(content);
|
|
176
|
+
if (base64Threats.length > 0) {
|
|
177
|
+
for (const threat of base64Threats) {
|
|
178
|
+
findings.push({
|
|
179
|
+
filePath,
|
|
180
|
+
line: 0,
|
|
181
|
+
severity: 'HIGH',
|
|
182
|
+
category: 'base64_hidden',
|
|
183
|
+
description: `Base64 decoded threat [depth=${threat.depth}]: ${threat.matchedRule}`,
|
|
184
|
+
matchedText: threat.decodedText.slice(0, 80),
|
|
185
|
+
context: `Encoded: ${threat.encodedText.slice(0, 60)}...`,
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
else if ((0, patterns_js_1.containsBase64Hidden)(content)) {
|
|
103
190
|
findings.push({
|
|
104
191
|
filePath,
|
|
105
192
|
line: 0,
|
|
@@ -110,13 +197,127 @@ class FileScanner {
|
|
|
110
197
|
context: '(full file scan)',
|
|
111
198
|
});
|
|
112
199
|
}
|
|
200
|
+
// Obfuscated encoding detection on full content
|
|
201
|
+
const obfuscationResults = (0, patterns_js_1.detectObfuscatedEncoding)(content);
|
|
202
|
+
for (const obf of obfuscationResults) {
|
|
203
|
+
if (obf.threatFound) {
|
|
204
|
+
findings.push({
|
|
205
|
+
filePath,
|
|
206
|
+
line: 0,
|
|
207
|
+
severity: 'HIGH',
|
|
208
|
+
category: 'obfuscated_encoding',
|
|
209
|
+
description: `${obf.type} obfuscation: ${obf.threatFound}`,
|
|
210
|
+
matchedText: `${obf.encoded} → ${obf.decoded}`,
|
|
211
|
+
context: '(full file scan)',
|
|
212
|
+
});
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
return findings;
|
|
216
|
+
}
|
|
217
|
+
async scanImageForQR(filePath) {
|
|
218
|
+
const findings = [];
|
|
219
|
+
const ext = (0, path_1.extname)(filePath).toLowerCase();
|
|
220
|
+
try {
|
|
221
|
+
const fileBuffer = (0, fs_1.readFileSync)(filePath);
|
|
222
|
+
let imageData = null;
|
|
223
|
+
if (ext === '.png') {
|
|
224
|
+
const { PNG } = await Promise.resolve().then(() => __importStar(require('pngjs')));
|
|
225
|
+
const png = PNG.sync.read(fileBuffer);
|
|
226
|
+
imageData = {
|
|
227
|
+
data: new Uint8ClampedArray(png.data),
|
|
228
|
+
width: png.width,
|
|
229
|
+
height: png.height,
|
|
230
|
+
};
|
|
231
|
+
}
|
|
232
|
+
else if (ext === '.jpg' || ext === '.jpeg') {
|
|
233
|
+
const jpeg = await Promise.resolve().then(() => __importStar(require('jpeg-js')));
|
|
234
|
+
const jpg = jpeg.decode(fileBuffer, { useTArray: true });
|
|
235
|
+
imageData = {
|
|
236
|
+
data: new Uint8ClampedArray(jpg.data),
|
|
237
|
+
width: jpg.width,
|
|
238
|
+
height: jpg.height,
|
|
239
|
+
};
|
|
240
|
+
}
|
|
241
|
+
if (!imageData)
|
|
242
|
+
return findings;
|
|
243
|
+
const jsQR = (await Promise.resolve().then(() => __importStar(require('jsqr')))).default;
|
|
244
|
+
const qrCode = jsQR(imageData.data, imageData.width, imageData.height);
|
|
245
|
+
if (qrCode && qrCode.data) {
|
|
246
|
+
const qrContent = qrCode.data;
|
|
247
|
+
// Run pattern rules against QR content
|
|
248
|
+
for (const rule of patterns_js_1.ALL_PATTERNS) {
|
|
249
|
+
const match = qrContent.match(rule.pattern);
|
|
250
|
+
if (match) {
|
|
251
|
+
findings.push({
|
|
252
|
+
filePath,
|
|
253
|
+
line: 0,
|
|
254
|
+
severity: rule.severity,
|
|
255
|
+
category: 'qr_code_injection',
|
|
256
|
+
description: `QR code contains: ${rule.description}`,
|
|
257
|
+
matchedText: match[0],
|
|
258
|
+
context: `QR decoded: ${qrContent.slice(0, 120)}`,
|
|
259
|
+
});
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
// Check for malicious URIs in QR content
|
|
263
|
+
const maliciousUris = (0, patterns_js_1.detectMaliciousUris)(qrContent);
|
|
264
|
+
for (const uri of maliciousUris) {
|
|
265
|
+
findings.push({
|
|
266
|
+
filePath,
|
|
267
|
+
line: 0,
|
|
268
|
+
severity: uri.severity,
|
|
269
|
+
category: 'qr_code_injection',
|
|
270
|
+
description: `QR code contains malicious URI: ${uri.reason}`,
|
|
271
|
+
matchedText: uri.uri,
|
|
272
|
+
context: `QR decoded: ${qrContent.slice(0, 120)}`,
|
|
273
|
+
});
|
|
274
|
+
}
|
|
275
|
+
// Check for suspicious URLs in QR content
|
|
276
|
+
const urlMatches = qrContent.match(patterns_js_1.URL_PATTERN);
|
|
277
|
+
if (urlMatches) {
|
|
278
|
+
for (const url of urlMatches) {
|
|
279
|
+
if ((0, patterns_js_1.isSuspiciousUrl)(url)) {
|
|
280
|
+
findings.push({
|
|
281
|
+
filePath,
|
|
282
|
+
line: 0,
|
|
283
|
+
severity: 'MEDIUM',
|
|
284
|
+
category: 'qr_code_injection',
|
|
285
|
+
description: 'QR code contains suspicious URL',
|
|
286
|
+
matchedText: url,
|
|
287
|
+
context: `QR decoded: ${qrContent.slice(0, 120)}`,
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
// If QR has content but no specific threats, still note it
|
|
293
|
+
if (findings.length === 0 && qrContent.length > 0) {
|
|
294
|
+
// Check base64 in QR content
|
|
295
|
+
const base64Threats = (0, patterns_js_1.deepBase64Scan)(qrContent);
|
|
296
|
+
for (const threat of base64Threats) {
|
|
297
|
+
findings.push({
|
|
298
|
+
filePath,
|
|
299
|
+
line: 0,
|
|
300
|
+
severity: 'HIGH',
|
|
301
|
+
category: 'qr_code_injection',
|
|
302
|
+
description: `QR code contains base64 hidden threat: ${threat.matchedRule}`,
|
|
303
|
+
matchedText: threat.decodedText.slice(0, 80),
|
|
304
|
+
context: `QR decoded: ${qrContent.slice(0, 120)}`,
|
|
305
|
+
});
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
}
|
|
309
|
+
}
|
|
310
|
+
catch {
|
|
311
|
+
// Image could not be decoded — skip silently
|
|
312
|
+
}
|
|
113
313
|
return findings;
|
|
114
314
|
}
|
|
115
315
|
walkDirectory(dirPath, options) {
|
|
116
316
|
const files = [];
|
|
317
|
+
const allExts = new Set([...DEFAULT_EXTENSIONS, ...IMAGE_EXTENSIONS]);
|
|
117
318
|
const includeExts = options.include
|
|
118
319
|
? new Set(options.include.map(g => g.startsWith('.') ? g : `.${g}`))
|
|
119
|
-
:
|
|
320
|
+
: allExts;
|
|
120
321
|
const excludeDirs = options.exclude
|
|
121
322
|
? new Set([...DEFAULT_EXCLUDE_DIRS, ...options.exclude])
|
|
122
323
|
: DEFAULT_EXCLUDE_DIRS;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-scanner.js","sourceRoot":"","sources":["../../src/core/file-scanner.ts"],"names":[],"mappings":";;;AAAA,2BAAyD;AACzD,+BAA+C;AAO/C,yDAKiC;AACjC,kDAAmD;AAEnD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK;CACpE,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ;CAC1E,CAAC,CAAC;AAEH,MAAa,WAAW;IACd,cAAc,CAAiB;IAEvC;QACE,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAc,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,UAAkB,EAAE,OAAwB;QACrD,MAAM,IAAI,GAAG,IAAA,aAAQ,EAAC,UAAU,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE;YAC9B,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC;YACzC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAEjB,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,SAAS,GAA8D,EAAE,CAAC;QAChF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAExD,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAA,iBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YAE/B,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;YAE7B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAwC,CAAC;YACrE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAEf,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpB,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,IAAA,eAAQ,EAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,QAAQ;oBAChD,IAAI;oBACJ,YAAY,EAAE,YAAY,CAAC,MAAM;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACtB,MAAM,KAAK,GAA8B,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACjF,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,UAAU;YACV,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ;YACR,OAAO;YACP,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAEO,eAAe,CAAC,QAAgB,EAAE,OAAe;QACvD,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,gCAAgC;QAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,KAAK,MAAM,IAAI,IAAI,0BAAY,EAAE,CAAC;gBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;wBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACnC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,oCAAoC;YACpC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,yBAAW,CAAC,CAAC;YAC3C,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;oBAC7B,IAAI,IAAA,6BAAe,EAAC,GAAG,CAAC,EAAE,CAAC;wBACzB,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ;4BACR,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,QAAQ,EAAE,KAAK;4BACf,QAAQ,EAAE,iBAAiB;4BAC3B,WAAW,EAAE,oCAAoC;4BACjD,WAAW,EAAE,GAAG;4BAChB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBACnC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAA,kCAAoB,EAAC,OAAO,CAAC,EAAE,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ;gBACR,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,WAAW,EAAE,mDAAmD;gBAChE,WAAW,EAAE,kBAAkB;gBAC/B,OAAO,EAAE,kBAAkB;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,OAAwB;QAC7D,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO;YACjC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpE,CAAC,CAAC,kBAAkB,CAAC;QACvB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO;YACjC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,oBAAoB,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YACxD,CAAC,CAAC,oBAAoB,CAAC;QAEzB,MAAM,IAAI,GAAG,CAAC,GAAW,EAAE,EAAE;YAC3B,IAAI,OAAiB,CAAC;YACtB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAA,gBAAW,EAAC,GAAG,CAAC,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBAClC,IAAI,IAAI,CAAC;gBACT,IAAI,CAAC;oBACH,IAAI,GAAG,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC;gBAC5B,CAAC;gBAAC,MAAM,CAAC;oBACP,SAAS;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;oBACvB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;wBACjD,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACjB,CAAC;gBACH,CAAC;qBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,IAAA,cAAO,EAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;oBACzC,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;wBACzB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA9JD,kCA8JC"}
|
|
1
|
+
{"version":3,"file":"file-scanner.js","sourceRoot":"","sources":["../../src/core/file-scanner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2BAAyD;AACzD,+BAA+C;AAO/C,yDAQiC;AACjC,kDAAmD;AAEnD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK;CACpE,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,MAAM,EAAE,MAAM,EAAE,OAAO;CACxB,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ;CAC1E,CAAC,CAAC;AAEH,MAAa,WAAW;IACd,cAAc,CAAiB;IAEvC;QACE,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAc,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,UAAkB,EAAE,OAAwB;QACrD,MAAM,IAAI,GAAG,IAAA,aAAQ,EAAC,UAAU,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE;YAC9B,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC;YACzC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAEjB,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,SAAS,GAA8D,EAAE,CAAC;QAChF,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAExD,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,IAAA,cAAO,EAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAE5C,mCAAmC;YACnC,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;gBAC7B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;wBAC/D,CAAC,CAAC,MAAM;wBACR,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;4BAC/C,CAAC,CAAC,QAAQ;4BACV,CAAC,CAAC,KAAK,CAAC;oBACZ,MAAM,IAAI,GAAc,WAAW,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;oBACtG,OAAO,CAAC,IAAI,CAAC,WAAW,EAA+B,CAAC,EAAE,CAAC;oBAC3D,SAAS,CAAC,IAAI,CAAC;wBACb,IAAI,EAAE,IAAA,eAAQ,EAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,QAAQ;wBAChD,IAAI;wBACJ,YAAY,EAAE,UAAU,CAAC,MAAM;qBAChC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAA,iBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YAE/B,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;YAE7B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAwC,CAAC;YACrE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAEf,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpB,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,IAAA,eAAQ,EAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,QAAQ;oBAChD,IAAI;oBACJ,YAAY,EAAE,YAAY,CAAC,MAAM;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACtB,MAAM,KAAK,GAA8B,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACjF,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,UAAU;YACV,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ;YACR,OAAO;YACP,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAEO,eAAe,CAAC,QAAgB,EAAE,OAAe;QACvD,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,gCAAgC;QAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,KAAK,MAAM,IAAI,IAAI,0BAAY,EAAE,CAAC;gBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;wBACrB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACnC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,oCAAoC;YACpC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,yBAAW,CAAC,CAAC;YAC3C,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;oBAC7B,IAAI,IAAA,6BAAe,EAAC,GAAG,CAAC,EAAE,CAAC;wBACzB,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ;4BACR,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,QAAQ,EAAE,KAAK;4BACf,QAAQ,EAAE,iBAAiB;4BAC3B,WAAW,EAAE,oCAAoC;4BACjD,WAAW,EAAE,GAAG;4BAChB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBACnC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,MAAM,aAAa,GAAG,IAAA,iCAAmB,EAAC,IAAI,CAAC,CAAC;YAChD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;gBAChC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ;oBACR,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,QAAQ,EAAE,eAAe;oBACzB,WAAW,EAAE,GAAG,CAAC,MAAM;oBACvB,WAAW,EAAE,GAAG,CAAC,GAAG;oBACpB,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6DAA6D;QAC7D,MAAM,aAAa,GAAG,IAAA,4BAAc,EAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ;oBACR,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,eAAe;oBACzB,WAAW,EAAE,gCAAgC,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,WAAW,EAAE;oBACnF,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBAC5C,OAAO,EAAE,YAAY,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;iBAC1D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,IAAI,IAAA,kCAAoB,EAAC,OAAO,CAAC,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ;gBACR,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,WAAW,EAAE,mDAAmD;gBAChE,WAAW,EAAE,kBAAkB;gBAC/B,OAAO,EAAE,kBAAkB;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,gDAAgD;QAChD,MAAM,kBAAkB,GAAG,IAAA,sCAAwB,EAAC,OAAO,CAAC,CAAC;QAC7D,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBACpB,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ;oBACR,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,qBAAqB;oBAC/B,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,iBAAiB,GAAG,CAAC,WAAW,EAAE;oBAC1D,WAAW,EAAE,GAAG,GAAG,CAAC,OAAO,MAAM,GAAG,CAAC,OAAO,EAAE;oBAC9C,OAAO,EAAE,kBAAkB;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,QAAgB;QAC3C,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,IAAA,cAAO,EAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAA,iBAAY,EAAC,QAAQ,CAAC,CAAC;YAC1C,IAAI,SAAS,GAAsE,IAAI,CAAC;YAExF,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,GAAG,EAAE,GAAG,wDAAa,OAAO,GAAC,CAAC;gBACtC,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACtC,SAAS,GAAG;oBACV,IAAI,EAAE,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC;oBACrC,KAAK,EAAE,GAAG,CAAC,KAAK;oBAChB,MAAM,EAAE,GAAG,CAAC,MAAM;iBACnB,CAAC;YACJ,CAAC;iBAAM,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBAC7C,MAAM,IAAI,GAAG,wDAAa,SAAS,GAAC,CAAC;gBACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACzD,SAAS,GAAG;oBACV,IAAI,EAAE,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC;oBACrC,KAAK,EAAE,GAAG,CAAC,KAAK;oBAChB,MAAM,EAAE,GAAG,CAAC,MAAM;iBACnB,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,SAAS;gBAAE,OAAO,QAAQ,CAAC;YAEhC,MAAM,IAAI,GAAG,CAAC,wDAAa,MAAM,GAAC,CAAC,CAAC,OAAO,CAAC;YAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;YAEvE,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC;gBAE9B,uCAAuC;gBACvC,KAAK,MAAM,IAAI,IAAI,0BAAY,EAAE,CAAC;oBAChC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAC5C,IAAI,KAAK,EAAE,CAAC;wBACV,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ;4BACR,IAAI,EAAE,CAAC;4BACP,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,QAAQ,EAAE,mBAAmB;4BAC7B,WAAW,EAAE,qBAAqB,IAAI,CAAC,WAAW,EAAE;4BACpD,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;4BACrB,OAAO,EAAE,eAAe,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;yBAClD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,yCAAyC;gBACzC,MAAM,aAAa,GAAG,IAAA,iCAAmB,EAAC,SAAS,CAAC,CAAC;gBACrD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;oBAChC,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ;wBACR,IAAI,EAAE,CAAC;wBACP,QAAQ,EAAE,GAAG,CAAC,QAAQ;wBACtB,QAAQ,EAAE,mBAAmB;wBAC7B,WAAW,EAAE,mCAAmC,GAAG,CAAC,MAAM,EAAE;wBAC5D,WAAW,EAAE,GAAG,CAAC,GAAG;wBACpB,OAAO,EAAE,eAAe,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;qBAClD,CAAC,CAAC;gBACL,CAAC;gBAED,0CAA0C;gBAC1C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,yBAAW,CAAC,CAAC;gBAChD,IAAI,UAAU,EAAE,CAAC;oBACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;wBAC7B,IAAI,IAAA,6BAAe,EAAC,GAAG,CAAC,EAAE,CAAC;4BACzB,QAAQ,CAAC,IAAI,CAAC;gCACZ,QAAQ;gCACR,IAAI,EAAE,CAAC;gCACP,QAAQ,EAAE,QAAQ;gCAClB,QAAQ,EAAE,mBAAmB;gCAC7B,WAAW,EAAE,iCAAiC;gCAC9C,WAAW,EAAE,GAAG;gCAChB,OAAO,EAAE,eAAe,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;6BAClD,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,2DAA2D;gBAC3D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClD,6BAA6B;oBAC7B,MAAM,aAAa,GAAG,IAAA,4BAAc,EAAC,SAAS,CAAC,CAAC;oBAChD,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;wBACnC,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ;4BACR,IAAI,EAAE,CAAC;4BACP,QAAQ,EAAE,MAAM;4BAChB,QAAQ,EAAE,mBAAmB;4BAC7B,WAAW,EAAE,0CAA0C,MAAM,CAAC,WAAW,EAAE;4BAC3E,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;4BAC5C,OAAO,EAAE,eAAe,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;yBAClD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6CAA6C;QAC/C,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,OAAwB;QAC7D,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO;YACjC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpE,CAAC,CAAC,OAAO,CAAC;QACZ,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO;YACjC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,oBAAoB,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YACxD,CAAC,CAAC,oBAAoB,CAAC;QAEzB,MAAM,IAAI,GAAG,CAAC,GAAW,EAAE,EAAE;YAC3B,IAAI,OAAiB,CAAC;YACtB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAA,gBAAW,EAAC,GAAG,CAAC,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBAClC,IAAI,IAAI,CAAC;gBACT,IAAI,CAAC;oBACH,IAAI,GAAG,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC;gBAC5B,CAAC;gBAAC,MAAM,CAAC;oBACP,SAAS;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;oBACvB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;wBACjD,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACjB,CAAC;gBACH,CAAC;qBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,IAAA,cAAO,EAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;oBACzC,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;wBACzB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AA7UD,kCA6UC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scorer.d.ts","sourceRoot":"","sources":["../../src/core/scorer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EAAE,IAAI,EAAE,eAAe,EACnC,cAAc,EAAE,UAAU,EAAE,OAAO,EACpC,MAAM,mBAAmB,CAAC;AAmC3B,wBAAgB,aAAa,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAqCzF;AAID,wBAAgB,aAAa,CAC3B,KAAK,EAAE,YAAY,EACnB,KAAK,EAAE,IAAI,EAAE,GACZ;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAyEzD;AAID,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,eAAe,EAAE,GAC1B;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,
|
|
1
|
+
{"version":3,"file":"scorer.d.ts","sourceRoot":"","sources":["../../src/core/scorer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EAAE,IAAI,EAAE,eAAe,EACnC,cAAc,EAAE,UAAU,EAAE,OAAO,EACpC,MAAM,mBAAmB,CAAC;AAmC3B,wBAAgB,aAAa,CAAC,KAAK,EAAE,YAAY,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAqCzF;AAID,wBAAgB,aAAa,CAC3B,KAAK,EAAE,YAAY,EACnB,KAAK,EAAE,IAAI,EAAE,GACZ;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAyEzD;AAID,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,eAAe,EAAE,GAC1B;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAkHtD;AAID,wBAAgB,cAAc,CAC5B,KAAK,EAAE,YAAY,EACnB,KAAK,EAAE,IAAI,EAAE,GACZ;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CA2BxC;AAID,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAKlE;AAED,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,cAAc,CAEhB"}
|
package/dist/core/scorer.js
CHANGED
|
@@ -202,6 +202,29 @@ function scoreContentRisk(posts, analyses) {
|
|
|
202
202
|
.join(', '),
|
|
203
203
|
});
|
|
204
204
|
}
|
|
205
|
+
if (analysis.maliciousUris.length > 0) {
|
|
206
|
+
score -= 10;
|
|
207
|
+
findings.push({
|
|
208
|
+
severity: 'HIGH',
|
|
209
|
+
message: `Post contains ${analysis.maliciousUris.length} malicious URI(s)`,
|
|
210
|
+
details: analysis.maliciousUris.join(', '),
|
|
211
|
+
});
|
|
212
|
+
}
|
|
213
|
+
if (analysis.obfuscatedEncoding) {
|
|
214
|
+
score -= 15;
|
|
215
|
+
findings.push({
|
|
216
|
+
severity: 'HIGH',
|
|
217
|
+
message: `Post contains obfuscated encoding with hidden threats`,
|
|
218
|
+
});
|
|
219
|
+
}
|
|
220
|
+
if (analysis.base64DecodedThreats.length > 0) {
|
|
221
|
+
score -= 10;
|
|
222
|
+
findings.push({
|
|
223
|
+
severity: 'HIGH',
|
|
224
|
+
message: `Base64 deep scan found ${analysis.base64DecodedThreats.length} hidden threat(s)`,
|
|
225
|
+
details: analysis.base64DecodedThreats.join('; '),
|
|
226
|
+
});
|
|
227
|
+
}
|
|
205
228
|
// LLM result
|
|
206
229
|
if (analysis.llmResult?.is_malicious && analysis.llmResult.confidence > 0.7) {
|
|
207
230
|
score -= 10;
|
package/dist/core/scorer.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scorer.js","sourceRoot":"","sources":["../../src/core/scorer.ts"],"names":[],"mappings":";;AAsCA,sCAqCC;AAID,sCA4EC;AAID,
|
|
1
|
+
{"version":3,"file":"scorer.js","sourceRoot":"","sources":["../../src/core/scorer.ts"],"names":[],"mappings":";;AAsCA,sCAqCC;AAID,sCA4EC;AAID,4CAqHC;AAID,wCA8BC;AAID,kDAKC;AAED,gDAOC;AAxUD,gDAG2B;AAC3B,yDAA8D;AAE9D,mEAAmE;AAEnE,SAAS,SAAS,CAAC,OAAe;IAChC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAa;IAC3C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACrE,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAEvC,4EAA4E;IAC5E,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,IAAI,WAAW,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,UAAU,EAAE,CAAC;YACb,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,IAAI,CAAC,CAAC;AACrB,CAAC;AAED,mEAAmE;AAEnE,SAAgB,aAAa,CAAC,KAAmB;IAC/C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2BAA2B;YACpC,OAAO,EAAE,yDAAyD;SACnE,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,qBAAqB;YAC9B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IAC5B,IAAI,OAAO,GAAG,EAAE;QAAE,KAAK,IAAI,CAAC,CAAC;IAE7B,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,mBAAmB,OAAO,aAAa;YAChD,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC;AAED,mEAAmE;AAEnE,SAAgB,aAAa,CAC3B,KAAmB,EACnB,KAAa;IAEb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,QAAQ,CAAC;IAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC;IAC3C,MAAM,KAAK,GAAG,WAAW,GAAG,mBAAQ,CAAC,sBAAsB,CAAC;IAE5D,6BAA6B;IAC7B,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,KAAK,IAAI,CAAC,CAAC;QACX,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,qBAAqB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,0BAA0B;YACzE,OAAO,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,iCAAiC,mBAAQ,CAAC,sBAAsB,EAAE;SACrG,CAAC,CAAC;QACH,OAAO,GAAG,aAAa,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,qBAAqB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,0BAA0B;YACzE,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;QACH,OAAO,GAAG,WAAW,CAAC;IACxB,CAAC;IAED,qCAAqC;IACrC,MAAM,OAAO,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;SAAM,CAAC;QACN,KAAK,IAAI,CAAC,CAAC;QACX,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,gCAAgC;YACzC,OAAO,EAAE,6CAA6C;SACvD,CAAC,CAAC;QACH,IAAI,OAAO,KAAK,QAAQ;YAAE,OAAO,GAAG,UAAU,CAAC;IACjD,CAAC;IAED,gCAAgC;IAChC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IACjE,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;QACxB,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;SAAM,CAAC;QACN,KAAK,IAAI,CAAC,CAAC;QACX,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,oCAAoC;gBAC7C,OAAO,EAAE,0DAA0D;aACpE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC3D,IAAI,UAAU,GAAG,GAAG,EAAE,CAAC;QACrB,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;SAAM,IAAI,UAAU,GAAG,GAAG,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,8BAA8B;YACvC,OAAO,EAAE,gBAAgB,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB;SACvE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACtC,CAAC;AAED,mEAAmE;AAEnE,SAAgB,gBAAgB,CAC9B,KAAa,EACb,QAA2B;IAE3B,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,IAAI,GAAG,KAAK,CAAC;IAEjB,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC7B,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,wCAAwC;gBACjD,OAAO,EAAE,QAAQ,CAAC,WAAW;qBAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CAAC;qBAChD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;qBACzB,IAAI,CAAC,IAAI,CAAC;aACd,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC7B,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,gCAAgC;gBACzC,OAAO,EAAE,QAAQ,CAAC,WAAW;qBAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CAAC;qBAChD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;qBACzB,IAAI,CAAC,IAAI,CAAC;aACd,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,KAAK,IAAI,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,iBAAiB,QAAQ,CAAC,eAAe,CAAC,MAAM,qBAAqB;gBAC9E,OAAO,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;YAC1B,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,kDAAkD;aAC5D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;YAC/B,KAAK,IAAI,CAAC,CAAC;YACX,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,2CAA2C;gBACpD,OAAO,EAAE,QAAQ,CAAC,WAAW;qBAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,oBAAoB,CAAC;qBAClD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;qBACzB,IAAI,CAAC,IAAI,CAAC;aACd,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,iBAAiB,QAAQ,CAAC,aAAa,CAAC,MAAM,mBAAmB;gBAC1E,OAAO,EAAE,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,kBAAkB,EAAE,CAAC;YAChC,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,uDAAuD;aACjE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,0BAA0B,QAAQ,CAAC,oBAAoB,CAAC,MAAM,mBAAmB;gBAC1F,OAAO,EAAE,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;QAED,aAAa;QACb,IAAI,QAAQ,CAAC,SAAS,EAAE,YAAY,IAAI,QAAQ,CAAC,SAAS,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;YAC5E,KAAK,IAAI,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,mCAAmC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE;gBACzE,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,WAAW;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;IACnD,IAAI,IAAA,iCAAmB,EAAC,MAAM,CAAC,EAAE,CAAC;QAChC,KAAK,IAAI,EAAE,CAAC;QACZ,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAE3B,IAAI,KAAK,IAAI,EAAE;QAAE,IAAI,GAAG,KAAK,CAAC;SACzB,IAAI,KAAK,IAAI,EAAE;QAAE,IAAI,GAAG,UAAU,CAAC;SACnC,IAAI,KAAK,IAAI,EAAE;QAAE,IAAI,GAAG,UAAU,CAAC;;QACnC,IAAI,GAAG,UAAU,CAAC;IAEvB,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACnC,CAAC;AAED,mEAAmE;AAEnE,SAAgB,cAAc,CAC5B,KAAmB,EACnB,KAAa;IAEb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,qBAAqB;IACrB,IAAI,KAAK,CAAC,KAAK,GAAG,mBAAQ,CAAC,WAAW,EAAE,CAAC;QACvC,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IAED,0BAA0B;IAC1B,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,mBAAQ,CAAC,uBAAuB,CAAC,CACjF,CAAC;IACF,IAAI,iBAAiB,EAAE,CAAC;QACtB,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACtD,MAAM,uBAAuB,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACtD,mBAAQ,CAAC,cAAoC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAC3D,CAAC;IACF,IAAI,uBAAuB,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,UAAkB;IACpD,IAAI,UAAU,IAAI,EAAE;QAAE,OAAO,YAAY,CAAC;IAC1C,IAAI,UAAU,IAAI,EAAE;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,UAAU,IAAI,EAAE;QAAE,OAAO,WAAW,CAAC;IACzC,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAgB,kBAAkB,CAChC,QAAgB,EAChB,QAAgB,EAChB,OAAe,EACf,SAAiB;IAEjB,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/sdk/scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAIL,UAAU,EACV,cAAc,EAEf,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/sdk/scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAIL,UAAU,EACV,cAAc,EAEf,MAAM,mBAAmB,CAAC;AAyD3B,qBAAa,cAAc;IACzB,OAAO,CAAC,GAAG,CAAc;IACzB,OAAO,CAAC,MAAM,CAAU;gBAEZ,OAAO,CAAC,EAAE,cAAc;IAKpC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAW/B,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAsBjD"}
|
package/dist/sdk/scanner.js
CHANGED
|
@@ -9,10 +9,10 @@ function calculateRisk(analysis) {
|
|
|
9
9
|
if (hasHigh || analysis.promptInjection || analysis.credentialTheft) {
|
|
10
10
|
return 'HIGH';
|
|
11
11
|
}
|
|
12
|
-
if (hasMedium || analysis.socialEngineering || analysis.base64Hidden) {
|
|
12
|
+
if (hasMedium || analysis.socialEngineering || analysis.base64Hidden || analysis.obfuscatedEncoding) {
|
|
13
13
|
return 'MEDIUM';
|
|
14
14
|
}
|
|
15
|
-
if (analysis.suspiciousLinks.length > 0) {
|
|
15
|
+
if (analysis.suspiciousLinks.length > 0 || analysis.maliciousUris.length > 0) {
|
|
16
16
|
return 'LOW';
|
|
17
17
|
}
|
|
18
18
|
return 'SAFE';
|
|
@@ -28,8 +28,13 @@ function calculateScore(analysis) {
|
|
|
28
28
|
score += 5;
|
|
29
29
|
}
|
|
30
30
|
score += analysis.suspiciousLinks.length * 10;
|
|
31
|
+
score += analysis.maliciousUris.length * 20;
|
|
31
32
|
if (analysis.base64Hidden)
|
|
32
33
|
score += 20;
|
|
34
|
+
if (analysis.base64DecodedThreats.length > 0)
|
|
35
|
+
score += 25;
|
|
36
|
+
if (analysis.obfuscatedEncoding)
|
|
37
|
+
score += 25;
|
|
33
38
|
return Math.min(score, 100);
|
|
34
39
|
}
|
|
35
40
|
function buildFlags(analysis) {
|
|
@@ -39,7 +44,9 @@ function buildFlags(analysis) {
|
|
|
39
44
|
covertExecution: analysis.ruleMatches.some((m) => m.category === 'covert_execution'),
|
|
40
45
|
socialEngineering: analysis.socialEngineering,
|
|
41
46
|
suspiciousLinks: analysis.suspiciousLinks.length > 0,
|
|
47
|
+
maliciousUri: analysis.maliciousUris.length > 0,
|
|
42
48
|
base64Hidden: analysis.base64Hidden,
|
|
49
|
+
obfuscatedEncoding: analysis.obfuscatedEncoding,
|
|
43
50
|
};
|
|
44
51
|
}
|
|
45
52
|
function buildFindings(analysis) {
|
package/dist/sdk/scanner.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/sdk/scanner.ts"],"names":[],"mappings":";;;AAAA,mDAAwE;AACxE,+CAAiD;AAUjD,SAAS,aAAa,CAAC,QAAyB;IAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACxE,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAE5E,IAAI,OAAO,IAAI,QAAQ,CAAC,eAAe,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QACpE,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,SAAS,IAAI,QAAQ,CAAC,iBAAiB,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/sdk/scanner.ts"],"names":[],"mappings":";;;AAAA,mDAAwE;AACxE,+CAAiD;AAUjD,SAAS,aAAa,CAAC,QAAyB;IAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACxE,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAE5E,IAAI,OAAO,IAAI,QAAQ,CAAC,eAAe,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QACpE,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,SAAS,IAAI,QAAQ,CAAC,iBAAiB,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,kBAAkB,EAAE,CAAC;QACpG,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7E,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,QAAyB;IAC/C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,KAAK,IAAI,EAAE,CAAC;aAClC,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ;YAAE,KAAK,IAAI,EAAE,CAAC;;YACzC,KAAK,IAAI,CAAC,CAAC;IAClB,CAAC;IACD,KAAK,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,EAAE,CAAC;IAC9C,KAAK,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,CAAC;IAC5C,IAAI,QAAQ,CAAC,YAAY;QAAE,KAAK,IAAI,EAAE,CAAC;IACvC,IAAI,QAAQ,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAC1D,IAAI,QAAQ,CAAC,kBAAkB;QAAE,KAAK,IAAI,EAAE,CAAC;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,UAAU,CAAC,QAAyB;IAC3C,OAAO;QACL,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,eAAe,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CACzC;QACD,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;QAC7C,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QACpD,YAAY,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC;QAC/C,YAAY,EAAE,QAAQ,CAAC,YAAY;QACnC,kBAAkB,EAAE,QAAQ,CAAC,kBAAkB;KAChD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,QAAyB;IAC9C,OAAO,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,OAAO;QACtB,WAAW,EAAE,CAAC,CAAC,WAAW;KAC3B,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAa,cAAc;IACjB,GAAG,CAAc;IACjB,MAAM,CAAU;IAExB,YAAY,OAAwB;QAClC,IAAI,CAAC,GAAG,GAAG,IAAI,oBAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;IACxD,CAAC;IAED,QAAQ,CAAC,OAAe;QACtB,MAAM,QAAQ,GAAG,IAAA,yBAAc,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACrC,OAAO;YACL,IAAI;YACJ,KAAK,EAAE,cAAc,CAAC,QAAQ,CAAC;YAC/B,KAAK,EAAE,UAAU,CAAC,QAAQ,CAAC;YAC3B,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe;QACxB,MAAM,QAAQ,GAAG,IAAA,yBAAc,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACjD,IAAI,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEvC,IAAI,WAAW,CAAC;QAChB,IAAI,IAAI,CAAC,MAAM,IAAI,IAAA,2BAAgB,EAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9C,IAAI,WAAW,CAAC,YAAY,IAAI,WAAW,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;gBAC7D,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACtC,IAAI,GAAG,QAAQ,CAAC;gBAClB,CAAC;gBACD,IAAI,WAAW,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;oBACjC,IAAI,GAAG,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IACvD,CAAC;CACF;AA1CD,wCA0CC"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -34,7 +34,7 @@ export interface Comment {
|
|
|
34
34
|
score: number;
|
|
35
35
|
post_id: string;
|
|
36
36
|
}
|
|
37
|
-
export type InjectionCategory = 'direct_injection' | 'credential_theft' | 'covert_execution' | 'social_engineering';
|
|
37
|
+
export type InjectionCategory = 'direct_injection' | 'credential_theft' | 'covert_execution' | 'social_engineering' | 'obfuscated_encoding';
|
|
38
38
|
export type Severity = 'HIGH' | 'MEDIUM' | 'LOW';
|
|
39
39
|
export interface RuleMatch {
|
|
40
40
|
pattern: string;
|
|
@@ -56,8 +56,11 @@ export interface ContentAnalysis {
|
|
|
56
56
|
promptInjection: boolean;
|
|
57
57
|
credentialTheft: boolean;
|
|
58
58
|
suspiciousLinks: string[];
|
|
59
|
+
maliciousUris: string[];
|
|
59
60
|
base64Hidden: boolean;
|
|
61
|
+
base64DecodedThreats: string[];
|
|
60
62
|
socialEngineering: boolean;
|
|
63
|
+
obfuscatedEncoding: boolean;
|
|
61
64
|
}
|
|
62
65
|
export type TrustLevel = 'HIGH_TRUST' | 'MODERATE' | 'LOW_TRUST' | 'UNTRUSTED';
|
|
63
66
|
export interface ScoreBreakdown {
|
|
@@ -102,7 +105,9 @@ export interface ScanFlags {
|
|
|
102
105
|
covertExecution: boolean;
|
|
103
106
|
socialEngineering: boolean;
|
|
104
107
|
suspiciousLinks: boolean;
|
|
108
|
+
maliciousUri: boolean;
|
|
105
109
|
base64Hidden: boolean;
|
|
110
|
+
obfuscatedEncoding: boolean;
|
|
106
111
|
}
|
|
107
112
|
export interface ScanFinding {
|
|
108
113
|
severity: Severity;
|
|
@@ -137,7 +142,7 @@ export interface FileFinding {
|
|
|
137
142
|
filePath: string;
|
|
138
143
|
line: number;
|
|
139
144
|
severity: Severity;
|
|
140
|
-
category: InjectionCategory | 'suspicious_link' | 'base64_hidden';
|
|
145
|
+
category: InjectionCategory | 'suspicious_link' | 'base64_hidden' | 'malicious_uri' | 'qr_code_injection';
|
|
141
146
|
description: string;
|
|
142
147
|
matchedText: string;
|
|
143
148
|
context: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB;AAID,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,MAAM,MAAM,iBAAiB,GACzB,kBAAkB,GAClB,kBAAkB,GAClB,kBAAkB,GAClB,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB;AAID,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,MAAM,MAAM,iBAAiB,GACzB,kBAAkB,GAClB,kBAAkB,GAClB,kBAAkB,GAClB,oBAAoB,GACpB,qBAAqB,CAAC;AAE1B,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEjD,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,kBAAkB,GAAG,kBAAkB,GAAG,oBAAoB,GAAG,QAAQ,CAAC;IACpF,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,SAAS,EAAE,CAAC;IACzB,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAID,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,UAAU,GAAG,WAAW,GAAG,WAAW,CAAC;AAE/E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,UAAU,CAAC;IAClB,SAAS,EAAE,cAAc,CAAC;IAC1B,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QACR,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,EAAE,OAAO,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAID,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,eAAO,MAAM,oBAAoB,EAAE,WAKlC,CAAC;AAIF,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE3D,MAAM,WAAW,SAAS;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,OAAO,CAAC;IACtB,YAAY,EAAE,OAAO,CAAC;IACtB,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,SAAS,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,iBAAiB,CAAC;CACjC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,UAAU,KAAK,IAAI,CAAC;CACxC;AAID,eAAO,MAAM,QAAQ;;;;;CAQX,CAAC;AAIX,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,iBAAiB,GAAG,iBAAiB,GAAG,eAAe,GAAG,eAAe,GAAG,mBAAmB,CAAC;IAC1G,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACrE,SAAS,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,SAAS,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACrE,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;CACpB"}
|
package/dist/types/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA,mEAAmE;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA,mEAAmE;;;AA+HtD,QAAA,oBAAoB,GAAgB;IAC/C,OAAO,EAAE,KAAK;IACd,MAAM,EAAE,KAAK;IACb,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,KAAK;CACf,CAAC;AA4CF,mEAAmE;AAEtD,QAAA,QAAQ,GAAG;IACtB,sBAAsB,EAAE,CAAC;IACzB,WAAW,EAAE,EAAE;IACf,uBAAuB,EAAE,EAAE;IAC3B,cAAc,EAAE;QACd,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO;QAC5C,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,QAAQ;KAC3C;CACO,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "moltbot-scan",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.3.0",
|
|
4
4
|
"description": "Moltbook Agent Trust Scanner SDK - Detect prompt injection, credential theft, and social engineering in agent messages",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -53,7 +53,10 @@
|
|
|
53
53
|
"chalk": "^5.3.0",
|
|
54
54
|
"commander": "^12.0.0",
|
|
55
55
|
"express": "^4.18.0",
|
|
56
|
-
"
|
|
56
|
+
"jpeg-js": "^0.4.4",
|
|
57
|
+
"jsqr": "^1.4.0",
|
|
58
|
+
"node-fetch": "^3.3.0",
|
|
59
|
+
"pngjs": "^7.0.0"
|
|
57
60
|
},
|
|
58
61
|
"peerDependencies": {
|
|
59
62
|
"@anthropic-ai/sdk": ">=0.39.0"
|
|
@@ -68,6 +71,7 @@
|
|
|
68
71
|
"@types/express": "^4.17.0",
|
|
69
72
|
"@types/jest": "^30.0.0",
|
|
70
73
|
"@types/node": "^20.0.0",
|
|
74
|
+
"@types/pngjs": "^6.0.5",
|
|
71
75
|
"@typescript-eslint/eslint-plugin": "^7.0.0",
|
|
72
76
|
"@typescript-eslint/parser": "^7.0.0",
|
|
73
77
|
"eslint": "^8.0.0",
|