moltbot-scan 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +330 -16
- package/action.yml +130 -0
- package/dist/analysis/patterns.d.ts +40 -1
- package/dist/analysis/patterns.d.ts.map +1 -1
- package/dist/analysis/patterns.js +269 -10
- package/dist/analysis/patterns.js.map +1 -1
- package/dist/analysis/rules.d.ts.map +1 -1
- package/dist/analysis/rules.js +42 -0
- package/dist/analysis/rules.js.map +1 -1
- package/dist/core/file-scanner.d.ts +1 -0
- package/dist/core/file-scanner.d.ts.map +1 -1
- package/dist/core/file-scanner.js +204 -3
- package/dist/core/file-scanner.js.map +1 -1
- package/dist/core/scorer.d.ts.map +1 -1
- package/dist/core/scorer.js +23 -0
- package/dist/core/scorer.js.map +1 -1
- package/dist/mcp/server.d.ts +3 -0
- package/dist/mcp/server.d.ts.map +1 -0
- package/dist/mcp/server.js +115 -0
- package/dist/mcp/server.js.map +1 -0
- package/dist/sdk/scanner.d.ts.map +1 -1
- package/dist/sdk/scanner.js +9 -2
- package/dist/sdk/scanner.js.map +1 -1
- package/dist/types/index.d.ts +7 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js.map +1 -1
- package/package.json +12 -3
|
@@ -1,8 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SOCIAL_ENGINEERING = exports.COVERT_EXECUTION = exports.CREDENTIAL_THEFT = exports.DIRECT_INJECTION = exports.ALL_PATTERNS = exports.BASE64_PATTERN = exports.URL_PATTERN = void 0;
|
|
3
|
+
exports.OBFUSCATED_ENCODING = exports.SOCIAL_ENGINEERING = exports.COVERT_EXECUTION = exports.CREDENTIAL_THEFT = exports.DIRECT_INJECTION = exports.ALL_PATTERNS = exports.BASE64_PATTERN = exports.URL_PATTERN = void 0;
|
|
4
4
|
exports.isSuspiciousUrl = isSuspiciousUrl;
|
|
5
|
+
exports.detectMaliciousUris = detectMaliciousUris;
|
|
6
|
+
exports.isShortUrl = isShortUrl;
|
|
7
|
+
exports.deepBase64Scan = deepBase64Scan;
|
|
5
8
|
exports.containsBase64Hidden = containsBase64Hidden;
|
|
9
|
+
exports.detectObfuscatedEncoding = detectObfuscatedEncoding;
|
|
10
|
+
exports.containsObfuscatedEncoding = containsObfuscatedEncoding;
|
|
6
11
|
exports.hasDuplicateContent = hasDuplicateContent;
|
|
7
12
|
// ─── Direct Injection ───────────────────────────────────────────
|
|
8
13
|
const DIRECT_INJECTION = [
|
|
@@ -116,6 +121,34 @@ const SOCIAL_ENGINEERING = [
|
|
|
116
121
|
},
|
|
117
122
|
];
|
|
118
123
|
exports.SOCIAL_ENGINEERING = SOCIAL_ENGINEERING;
|
|
124
|
+
// ─── Obfuscated Encoding ───────────────────────────────────────
|
|
125
|
+
const OBFUSCATED_ENCODING = [
|
|
126
|
+
{
|
|
127
|
+
pattern: /\\x[0-9a-fA-F]{2}(\\x[0-9a-fA-F]{2}){3,}/,
|
|
128
|
+
category: 'obfuscated_encoding',
|
|
129
|
+
severity: 'HIGH',
|
|
130
|
+
description: 'Hex-encoded string (potential obfuscated payload)',
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
pattern: /\\u[0-9a-fA-F]{4}(\\u[0-9a-fA-F]{4}){3,}/,
|
|
134
|
+
category: 'obfuscated_encoding',
|
|
135
|
+
severity: 'HIGH',
|
|
136
|
+
description: 'Unicode escape sequence (potential obfuscated payload)',
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
pattern: /&#x?[0-9a-fA-F]+;(&#x?[0-9a-fA-F]+;){3,}/,
|
|
140
|
+
category: 'obfuscated_encoding',
|
|
141
|
+
severity: 'MEDIUM',
|
|
142
|
+
description: 'HTML entity encoded string (potential obfuscated payload)',
|
|
143
|
+
},
|
|
144
|
+
{
|
|
145
|
+
pattern: /%[0-9a-fA-F]{2}(%[0-9a-fA-F]{2}){5,}/,
|
|
146
|
+
category: 'obfuscated_encoding',
|
|
147
|
+
severity: 'MEDIUM',
|
|
148
|
+
description: 'URL-encoded string (potential obfuscated payload)',
|
|
149
|
+
},
|
|
150
|
+
];
|
|
151
|
+
exports.OBFUSCATED_ENCODING = OBFUSCATED_ENCODING;
|
|
119
152
|
// ─── Suspicious Link Detection ──────────────────────────────────
|
|
120
153
|
const KNOWN_SAFE_DOMAINS = new Set([
|
|
121
154
|
'github.com', 'gitlab.com', 'stackoverflow.com',
|
|
@@ -124,6 +157,11 @@ const KNOWN_SAFE_DOMAINS = new Set([
|
|
|
124
157
|
'moltbook.com', 'anthropic.com', 'openai.com',
|
|
125
158
|
'huggingface.co', 'npmjs.com', 'pypi.org',
|
|
126
159
|
]);
|
|
160
|
+
const SHORT_URL_DOMAINS = new Set([
|
|
161
|
+
'bit.ly', 'tinyurl.com', 't.co', 'goo.gl', 'ow.ly',
|
|
162
|
+
'is.gd', 'buff.ly', 'rebrand.ly', 'short.io', 'cutt.ly',
|
|
163
|
+
'tiny.cc', 'lnkd.in', 'surl.li', 'rb.gy',
|
|
164
|
+
]);
|
|
127
165
|
exports.URL_PATTERN = /https?:\/\/[^\s<>"')\]]+/gi;
|
|
128
166
|
function isSuspiciousUrl(url) {
|
|
129
167
|
try {
|
|
@@ -135,21 +173,241 @@ function isSuspiciousUrl(url) {
|
|
|
135
173
|
return true;
|
|
136
174
|
}
|
|
137
175
|
}
|
|
138
|
-
// ───
|
|
176
|
+
// ─── Malicious URI Detection ────────────────────────────────────
|
|
177
|
+
const MALICIOUS_URI_PATTERN = /(?:javascript|vbscript|data)\s*:/i;
|
|
178
|
+
const DATA_URI_EXEC_PATTERN = /data\s*:\s*(?:text\/html|application\/javascript)[^,]*[,;]/i;
|
|
179
|
+
const SHORT_URL_PATTERN = /https?:\/\/(bit\.ly|tinyurl\.com|t\.co|goo\.gl|ow\.ly|is\.gd|buff\.ly|rebrand\.ly|short\.io|cutt\.ly|tiny\.cc|lnkd\.in|surl\.li|rb\.gy)\/\S+/gi;
|
|
180
|
+
const URL_PATH_TRAVERSAL = /%2[eE]%2[eE]|\.\.%2[fF]|%2[fF]\.\./;
|
|
181
|
+
function detectMaliciousUris(content) {
|
|
182
|
+
const results = [];
|
|
183
|
+
// javascript: / vbscript: / data: URI schemes
|
|
184
|
+
const schemeMatch = content.match(MALICIOUS_URI_PATTERN);
|
|
185
|
+
if (schemeMatch) {
|
|
186
|
+
results.push({
|
|
187
|
+
uri: schemeMatch[0],
|
|
188
|
+
reason: 'Dangerous URI scheme detected (javascript/vbscript/data)',
|
|
189
|
+
severity: 'HIGH',
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
// data: URIs with executable content types
|
|
193
|
+
const dataUriMatch = content.match(DATA_URI_EXEC_PATTERN);
|
|
194
|
+
if (dataUriMatch) {
|
|
195
|
+
results.push({
|
|
196
|
+
uri: dataUriMatch[0],
|
|
197
|
+
reason: 'Data URI with executable content type (text/html or application/javascript)',
|
|
198
|
+
severity: 'HIGH',
|
|
199
|
+
});
|
|
200
|
+
}
|
|
201
|
+
// Short URL services (potential redirect to malicious targets)
|
|
202
|
+
const shortUrls = content.match(SHORT_URL_PATTERN);
|
|
203
|
+
if (shortUrls) {
|
|
204
|
+
for (const url of shortUrls) {
|
|
205
|
+
results.push({
|
|
206
|
+
uri: url,
|
|
207
|
+
reason: 'Short URL service used — destination hidden',
|
|
208
|
+
severity: 'MEDIUM',
|
|
209
|
+
});
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
// URL-encoded path traversal
|
|
213
|
+
const allUrls = content.match(exports.URL_PATTERN) || [];
|
|
214
|
+
for (const url of allUrls) {
|
|
215
|
+
if (URL_PATH_TRAVERSAL.test(url)) {
|
|
216
|
+
results.push({
|
|
217
|
+
uri: url,
|
|
218
|
+
reason: 'URL contains encoded path traversal (../)',
|
|
219
|
+
severity: 'HIGH',
|
|
220
|
+
});
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
return results;
|
|
224
|
+
}
|
|
225
|
+
function isShortUrl(url) {
|
|
226
|
+
try {
|
|
227
|
+
const parsed = new URL(url);
|
|
228
|
+
const domain = parsed.hostname.replace(/^www\./, '');
|
|
229
|
+
return SHORT_URL_DOMAINS.has(domain);
|
|
230
|
+
}
|
|
231
|
+
catch {
|
|
232
|
+
return false;
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
// ─── Enhanced Base64 Hidden Content Detection ───────────────────
|
|
139
236
|
exports.BASE64_PATTERN = /[A-Za-z0-9+/]{40,}={0,2}/;
|
|
237
|
+
/**
|
|
238
|
+
* Enhanced base64 detection:
|
|
239
|
+
* 1. Decodes base64 and runs ALL pattern rules against decoded content
|
|
240
|
+
* 2. Supports multi-layer decoding (up to 3 levels deep)
|
|
241
|
+
* 3. Returns detailed info about what was found
|
|
242
|
+
*/
|
|
243
|
+
function deepBase64Scan(content, maxDepth = 3) {
|
|
244
|
+
const threats = [];
|
|
245
|
+
const allPatterns = [
|
|
246
|
+
...DIRECT_INJECTION,
|
|
247
|
+
...CREDENTIAL_THEFT,
|
|
248
|
+
...COVERT_EXECUTION,
|
|
249
|
+
...SOCIAL_ENGINEERING,
|
|
250
|
+
];
|
|
251
|
+
function scanLayer(text, depth, originalEncoded) {
|
|
252
|
+
if (depth > maxDepth)
|
|
253
|
+
return;
|
|
254
|
+
const matches = text.matchAll(/[A-Za-z0-9+/]{20,}={0,2}/g);
|
|
255
|
+
for (const m of matches) {
|
|
256
|
+
const candidate = m[0];
|
|
257
|
+
let decoded;
|
|
258
|
+
try {
|
|
259
|
+
const buf = Buffer.from(candidate, 'base64');
|
|
260
|
+
// Validate: at least 80% of decoded bytes should be printable ASCII or common UTF-8
|
|
261
|
+
const printable = buf.filter((b) => (b >= 0x20 && b <= 0x7e) || b === 0x0a || b === 0x0d || b === 0x09);
|
|
262
|
+
if (printable.length / buf.length < 0.7)
|
|
263
|
+
continue;
|
|
264
|
+
decoded = buf.toString('utf-8');
|
|
265
|
+
}
|
|
266
|
+
catch {
|
|
267
|
+
continue;
|
|
268
|
+
}
|
|
269
|
+
// Run all pattern rules against decoded content
|
|
270
|
+
for (const rule of allPatterns) {
|
|
271
|
+
const ruleMatch = decoded.match(rule.pattern);
|
|
272
|
+
if (ruleMatch) {
|
|
273
|
+
threats.push({
|
|
274
|
+
encodedText: originalEncoded || candidate,
|
|
275
|
+
decodedText: decoded.slice(0, 200),
|
|
276
|
+
matchedRule: rule.description,
|
|
277
|
+
depth,
|
|
278
|
+
});
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
// Check for suspicious commands in decoded content
|
|
282
|
+
const suspiciousDecoded = /\b(eval|exec|system|curl|wget|bash|sh|rm\s+-rf|chmod|chown|nc\s+-|ncat|socat)\b/i;
|
|
283
|
+
if (suspiciousDecoded.test(decoded)) {
|
|
284
|
+
threats.push({
|
|
285
|
+
encodedText: originalEncoded || candidate,
|
|
286
|
+
decodedText: decoded.slice(0, 200),
|
|
287
|
+
matchedRule: 'Decoded base64 contains suspicious shell command',
|
|
288
|
+
depth,
|
|
289
|
+
});
|
|
290
|
+
}
|
|
291
|
+
// Recurse: check if decoded content contains another base64 payload
|
|
292
|
+
if (depth < maxDepth && /[A-Za-z0-9+/]{20,}={0,2}/.test(decoded)) {
|
|
293
|
+
scanLayer(decoded, depth + 1, originalEncoded || candidate);
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
}
|
|
297
|
+
scanLayer(content, 1, '');
|
|
298
|
+
return threats;
|
|
299
|
+
}
|
|
300
|
+
/**
|
|
301
|
+
* Simple boolean check — backward compatible with original API.
|
|
302
|
+
* Now uses the enhanced deep scan internally.
|
|
303
|
+
*/
|
|
140
304
|
function containsBase64Hidden(content) {
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
305
|
+
return deepBase64Scan(content).length > 0;
|
|
306
|
+
}
|
|
307
|
+
function decodeHexEscapes(text) {
|
|
308
|
+
return text.replace(/\\x([0-9a-fA-F]{2})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
309
|
+
}
|
|
310
|
+
function decodeUnicodeEscapes(text) {
|
|
311
|
+
return text.replace(/\\u([0-9a-fA-F]{4})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
312
|
+
}
|
|
313
|
+
function decodeHtmlEntities(text) {
|
|
314
|
+
return text
|
|
315
|
+
.replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
|
|
316
|
+
.replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
|
|
317
|
+
}
|
|
318
|
+
function decodeUrlEncoding(text) {
|
|
144
319
|
try {
|
|
145
|
-
|
|
146
|
-
// Check if decoded content contains suspicious commands
|
|
147
|
-
const suspiciousDecoded = /\b(eval|exec|system|curl|wget|bash|sh)\b/i.test(decoded);
|
|
148
|
-
return suspiciousDecoded;
|
|
320
|
+
return decodeURIComponent(text);
|
|
149
321
|
}
|
|
150
322
|
catch {
|
|
151
|
-
return
|
|
323
|
+
return text;
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
/**
|
|
327
|
+
* Detects obfuscated encoding and checks decoded content for threats.
|
|
328
|
+
*/
|
|
329
|
+
function detectObfuscatedEncoding(content) {
|
|
330
|
+
const results = [];
|
|
331
|
+
const allPatterns = [
|
|
332
|
+
...DIRECT_INJECTION,
|
|
333
|
+
...CREDENTIAL_THEFT,
|
|
334
|
+
...COVERT_EXECUTION,
|
|
335
|
+
...SOCIAL_ENGINEERING,
|
|
336
|
+
];
|
|
337
|
+
const suspiciousCmd = /\b(eval|exec|system|curl|wget|bash|sh|rm\s+-rf|chmod|nc\s+-)\b/i;
|
|
338
|
+
function findThreat(decoded) {
|
|
339
|
+
for (const rule of allPatterns) {
|
|
340
|
+
if (rule.pattern.test(decoded))
|
|
341
|
+
return rule.description;
|
|
342
|
+
}
|
|
343
|
+
if (suspiciousCmd.test(decoded))
|
|
344
|
+
return 'Decoded content contains suspicious command';
|
|
345
|
+
return null;
|
|
152
346
|
}
|
|
347
|
+
// Hex escapes: \x65\x76\x61\x6c
|
|
348
|
+
const hexPattern = /(?:\\x[0-9a-fA-F]{2}){4,}/g;
|
|
349
|
+
const hexMatches = content.match(hexPattern);
|
|
350
|
+
if (hexMatches) {
|
|
351
|
+
for (const match of hexMatches) {
|
|
352
|
+
const decoded = decodeHexEscapes(match);
|
|
353
|
+
results.push({
|
|
354
|
+
type: 'hex',
|
|
355
|
+
encoded: match,
|
|
356
|
+
decoded,
|
|
357
|
+
threatFound: findThreat(decoded),
|
|
358
|
+
});
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
// Unicode escapes: \u0065\u0076\u0061\u006c
|
|
362
|
+
const unicodePattern = /(?:\\u[0-9a-fA-F]{4}){4,}/g;
|
|
363
|
+
const unicodeMatches = content.match(unicodePattern);
|
|
364
|
+
if (unicodeMatches) {
|
|
365
|
+
for (const match of unicodeMatches) {
|
|
366
|
+
const decoded = decodeUnicodeEscapes(match);
|
|
367
|
+
results.push({
|
|
368
|
+
type: 'unicode',
|
|
369
|
+
encoded: match,
|
|
370
|
+
decoded,
|
|
371
|
+
threatFound: findThreat(decoded),
|
|
372
|
+
});
|
|
373
|
+
}
|
|
374
|
+
}
|
|
375
|
+
// HTML entities: eval or ev
|
|
376
|
+
const htmlPattern = /(?:&#x?[0-9a-fA-F]+;){4,}/g;
|
|
377
|
+
const htmlMatches = content.match(htmlPattern);
|
|
378
|
+
if (htmlMatches) {
|
|
379
|
+
for (const match of htmlMatches) {
|
|
380
|
+
const decoded = decodeHtmlEntities(match);
|
|
381
|
+
results.push({
|
|
382
|
+
type: 'html_entity',
|
|
383
|
+
encoded: match,
|
|
384
|
+
decoded,
|
|
385
|
+
threatFound: findThreat(decoded),
|
|
386
|
+
});
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
// URL encoding: %65%76%61%6c
|
|
390
|
+
const urlEncPattern = /(?:%[0-9a-fA-F]{2}){6,}/g;
|
|
391
|
+
const urlEncMatches = content.match(urlEncPattern);
|
|
392
|
+
if (urlEncMatches) {
|
|
393
|
+
for (const match of urlEncMatches) {
|
|
394
|
+
const decoded = decodeUrlEncoding(match);
|
|
395
|
+
results.push({
|
|
396
|
+
type: 'url_encoding',
|
|
397
|
+
encoded: match,
|
|
398
|
+
decoded,
|
|
399
|
+
threatFound: findThreat(decoded),
|
|
400
|
+
});
|
|
401
|
+
}
|
|
402
|
+
}
|
|
403
|
+
return results;
|
|
404
|
+
}
|
|
405
|
+
/**
|
|
406
|
+
* Simple boolean check for whether any obfuscated encoding with threats is present.
|
|
407
|
+
*/
|
|
408
|
+
function containsObfuscatedEncoding(content) {
|
|
409
|
+
const results = detectObfuscatedEncoding(content);
|
|
410
|
+
return results.some((r) => r.threatFound !== null);
|
|
153
411
|
}
|
|
154
412
|
// ─── Duplicate Content Detection ────────────────────────────────
|
|
155
413
|
function hasDuplicateContent(contents, threshold = 0.7) {
|
|
@@ -173,5 +431,6 @@ exports.ALL_PATTERNS = [
|
|
|
173
431
|
...CREDENTIAL_THEFT,
|
|
174
432
|
...COVERT_EXECUTION,
|
|
175
433
|
...SOCIAL_ENGINEERING,
|
|
434
|
+
...OBFUSCATED_ENCODING,
|
|
176
435
|
];
|
|
177
436
|
//# sourceMappingURL=patterns.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":";;;AAyIA,0CAQC;AAMD,oDAYC;AAID,kDAgBC;AA9KD,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;KACjD;CACF,CAAC;AA+JA,4CAAgB;AA7JlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;KACtD;CACF,CAAC;AAmIA,4CAAgB;AAjIlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AAuGA,4CAAgB;AArGlB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAkB;IACxC;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;KAC7D;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;CACF,CAAC;AA2EA,gDAAkB;AAzEpB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY,EAAE,YAAY,EAAE,mBAAmB;IAC/C,eAAe,EAAE,WAAW,EAAE,YAAY;IAC1C,aAAa,EAAE,aAAa,EAAE,OAAO;IACrC,cAAc,EAAE,eAAe,EAAE,YAAY;IAC7C,gBAAgB,EAAE,WAAW,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,4BAA4B,CAAC;AAExD,SAAgB,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mEAAmE;AAEtD,QAAA,cAAc,GAAG,0BAA0B,CAAC;AAEzD,SAAgB,oBAAoB,CAAC,OAAe;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClE,wDAAwD;QACxD,MAAM,iBAAiB,GAAG,2CAA2C,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,QAAkB,EAAE,SAAS,GAAG,GAAG;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,OAAO,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAC7C,CAAC;AAED,mEAAmE;AAEtD,QAAA,YAAY,GAAkB;IACzC,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;CACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":";;;AA4KA,0CAQC;AAeD,kDAgDC;AAED,gCAQC;AAmBD,wCA2DC;AAMD,oDAEC;AA4CD,4DA+EC;AAKD,gEAGC;AAID,kDAgBC;AAjeD,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;KACjD;CACF,CAAC;AAmdA,4CAAgB;AAjdlB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;KACtD;CACF,CAAC;AAubA,4CAAgB;AArblB,mEAAmE;AAEnE,MAAM,gBAAgB,GAAkB;IACtC;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AA2ZA,4CAAgB;AAzZlB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAkB;IACxC;QACE,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;KAC7D;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;KAC1D;CACF,CAAC;AA+XA,gDAAkB;AA7XpB,kEAAkE;AAElE,MAAM,mBAAmB,GAAkB;IACzC;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;KACjE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2DAA2D;KACzE;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mDAAmD;KACjE;CACF,CAAC;AAmWA,kDAAmB;AAjWrB,mEAAmE;AAEnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY,EAAE,YAAY,EAAE,mBAAmB;IAC/C,eAAe,EAAE,WAAW,EAAE,YAAY;IAC1C,aAAa,EAAE,aAAa,EAAE,OAAO;IACrC,cAAc,EAAE,eAAe,EAAE,YAAY;IAC7C,gBAAgB,EAAE,WAAW,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAClD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS;IACvD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO;CACzC,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,4BAA4B,CAAC;AAExD,SAAgB,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mEAAmE;AAEnE,MAAM,qBAAqB,GAAG,mCAAmC,CAAC;AAClE,MAAM,qBAAqB,GAAG,6DAA6D,CAAC;AAC5F,MAAM,iBAAiB,GAAG,gJAAgJ,CAAC;AAC3K,MAAM,kBAAkB,GAAG,oCAAoC,CAAC;AAQhE,SAAgB,mBAAmB,CAAC,OAAe;IACjD,MAAM,OAAO,GAAyB,EAAE,CAAC;IAEzC,8CAA8C;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;YACnB,MAAM,EAAE,0DAA0D;YAClE,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;YACpB,MAAM,EAAE,6EAA6E;YACrF,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACnD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,6CAA6C;gBACrD,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAW,CAAC,IAAI,EAAE,CAAC;IACjD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,2CAA2C;gBACnD,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrD,OAAO,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mEAAmE;AAEtD,QAAA,cAAc,GAAG,0BAA0B,CAAC;AASzD;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,QAAQ,GAAG,CAAC;IAC1D,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,WAAW,GAAG;QAClB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,kBAAkB;KACtB,CAAC;IAEF,SAAS,SAAS,CAAC,IAAY,EAAE,KAAa,EAAE,eAAuB;QACrE,IAAI,KAAK,GAAG,QAAQ;YAAE,OAAO;QAE7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;QAC3D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC7C,oFAAoF;gBACpF,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;gBACxG,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG;oBAAE,SAAS;gBAClD,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,gDAAgD;YAChD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9C,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CAAC;wBACX,WAAW,EAAE,eAAe,IAAI,SAAS;wBACzC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAClC,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,KAAK;qBACN,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,MAAM,iBAAiB,GAAG,kFAAkF,CAAC;YAC7G,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,IAAI,CAAC;oBACX,WAAW,EAAE,eAAe,IAAI,SAAS;oBACzC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,WAAW,EAAE,kDAAkD;oBAC/D,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;YAED,oEAAoE;YACpE,IAAI,KAAK,GAAG,QAAQ,IAAI,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjE,SAAS,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,EAAE,eAAe,IAAI,SAAS,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,OAAe;IAClD,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC5C,CAAC;AAWD,SAAS,gBAAgB,CAAC,IAAY;IACpC,OAAO,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACrD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACrD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,IAAI;SACR,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CACzC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC;SACA,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAC/B,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;AACN,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CAAC,OAAe;IACtD,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG;QAClB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,gBAAgB;QACnB,GAAG,kBAAkB;KACtB,CAAC;IACF,MAAM,aAAa,GAAG,iEAAiE,CAAC;IAExF,SAAS,UAAU,CAAC,OAAe;QACjC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1D,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,6CAA6C,CAAC;QACtF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,MAAM,UAAU,GAAG,4BAA4B,CAAC;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,KAAK;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,MAAM,cAAc,GAAG,4BAA4B,CAAC;IACpD,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACrD,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,4BAA4B,CAAC;IACjD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/C,IAAI,WAAW,EAAE,CAAC;QAChB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,aAAa,GAAG,0BAA0B,CAAC;IACjD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACnD,IAAI,aAAa,EAAE,CAAC;QAClB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,UAAU,CAAC,OAAO,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CAAC,OAAe;IACxD,MAAM,OAAO,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,mEAAmE;AAEnE,SAAgB,mBAAmB,CAAC,QAAkB,EAAE,SAAS,GAAG,GAAG;IACrE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,OAAO,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAC7C,CAAC;AAED,mEAAmE;AAEtD,QAAA,YAAY,GAAkB;IACzC,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;IACrB,GAAG,mBAAmB;CACvB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAW/D,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE,CAiB1E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAGhE;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,CA0E/E;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAanE"}
|
package/dist/analysis/rules.js
CHANGED
|
@@ -29,6 +29,45 @@ function analyzeContent(content, postId) {
|
|
|
29
29
|
const ruleMatches = runRuleEngine(content, postId);
|
|
30
30
|
const suspiciousLinks = extractSuspiciousLinks(content);
|
|
31
31
|
const base64Hidden = (0, patterns_js_1.containsBase64Hidden)(content);
|
|
32
|
+
// Enhanced detections
|
|
33
|
+
const maliciousUriResults = (0, patterns_js_1.detectMaliciousUris)(content);
|
|
34
|
+
const maliciousUris = maliciousUriResults.map((r) => r.uri);
|
|
35
|
+
const base64Threats = (0, patterns_js_1.deepBase64Scan)(content);
|
|
36
|
+
const base64DecodedThreats = base64Threats.map((t) => `[depth=${t.depth}] ${t.matchedRule}: ${t.decodedText.slice(0, 80)}`);
|
|
37
|
+
const obfuscationResults = (0, patterns_js_1.detectObfuscatedEncoding)(content);
|
|
38
|
+
const obfuscatedEncoding = obfuscationResults.some((r) => r.threatFound !== null);
|
|
39
|
+
// Add malicious URI findings as rule matches
|
|
40
|
+
for (const uri of maliciousUriResults) {
|
|
41
|
+
ruleMatches.push({
|
|
42
|
+
pattern: 'malicious_uri',
|
|
43
|
+
category: 'covert_execution',
|
|
44
|
+
severity: uri.severity,
|
|
45
|
+
matchedText: uri.uri,
|
|
46
|
+
postId,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
// Add obfuscation findings with confirmed threats as rule matches
|
|
50
|
+
for (const obf of obfuscationResults) {
|
|
51
|
+
if (obf.threatFound) {
|
|
52
|
+
ruleMatches.push({
|
|
53
|
+
pattern: `obfuscated_${obf.type}`,
|
|
54
|
+
category: 'obfuscated_encoding',
|
|
55
|
+
severity: 'HIGH',
|
|
56
|
+
matchedText: `${obf.encoded} → ${obf.decoded}`,
|
|
57
|
+
postId,
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
// Add deep base64 findings as rule matches
|
|
62
|
+
for (const threat of base64Threats) {
|
|
63
|
+
ruleMatches.push({
|
|
64
|
+
pattern: 'base64_deep_scan',
|
|
65
|
+
category: 'covert_execution',
|
|
66
|
+
severity: 'HIGH',
|
|
67
|
+
matchedText: `[depth=${threat.depth}] ${threat.decodedText.slice(0, 60)}`,
|
|
68
|
+
postId,
|
|
69
|
+
});
|
|
70
|
+
}
|
|
32
71
|
const promptInjection = ruleMatches.some((m) => m.category === 'direct_injection');
|
|
33
72
|
const credentialTheft = ruleMatches.some((m) => m.category === 'credential_theft');
|
|
34
73
|
const socialEngineering = ruleMatches.some((m) => m.category === 'social_engineering');
|
|
@@ -38,8 +77,11 @@ function analyzeContent(content, postId) {
|
|
|
38
77
|
promptInjection,
|
|
39
78
|
credentialTheft,
|
|
40
79
|
suspiciousLinks,
|
|
80
|
+
maliciousUris,
|
|
41
81
|
base64Hidden,
|
|
82
|
+
base64DecodedThreats,
|
|
42
83
|
socialEngineering,
|
|
84
|
+
obfuscatedEncoding,
|
|
43
85
|
};
|
|
44
86
|
}
|
|
45
87
|
function needsLLMAnalysis(analysis) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/analysis/rules.ts"],"names":[],"mappings":";;AAWA,sCAiBC;AAED,wDAGC;AAED,wCA0EC;AAED,4CAaC;AA3HD,+CAQuB;AAEvB,SAAgB,aAAa,CAAC,OAAe,EAAE,MAAc;IAC3D,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,0BAAY,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;gBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,MAAM;aACP,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,sBAAsB,CAAC,OAAe;IACpD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,yBAAW,CAAC,IAAI,EAAE,CAAC;IAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,6BAAe,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,cAAc,CAAC,OAAe,EAAE,MAAc;IAC5D,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnD,MAAM,eAAe,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,IAAA,kCAAoB,EAAC,OAAO,CAAC,CAAC;IAEnD,sBAAsB;IACtB,MAAM,mBAAmB,GAAG,IAAA,iCAAmB,EAAC,OAAO,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE5D,MAAM,aAAa,GAAG,IAAA,4BAAc,EAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,oBAAoB,GAAG,aAAa,CAAC,GAAG,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAC5E,CAAC;IAEF,MAAM,kBAAkB,GAAG,IAAA,sCAAwB,EAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC;IAElF,6CAA6C;IAC7C,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;QACtC,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,WAAW,EAAE,GAAG,CAAC,GAAG;YACpB,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,WAAW,CAAC,IAAI,CAAC;gBACf,OAAO,EAAE,cAAc,GAAG,CAAC,IAAI,EAAE;gBACjC,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,GAAG,GAAG,CAAC,OAAO,MAAM,GAAG,CAAC,OAAO,EAAE;gBAC9C,MAAM;aACP,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,kBAAkB;YAC3B,QAAQ,EAAE,kBAAkB;YAC5B,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,UAAU,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YACzE,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CACzC,CAAC;IACF,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,kBAAkB,CACzC,CAAC;IACF,MAAM,iBAAiB,GAAG,WAAW,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,oBAAoB,CAC3C,CAAC;IAEF,OAAO;QACL,MAAM;QACN,WAAW;QACX,eAAe;QACf,eAAe;QACf,eAAe;QACf,aAAa;QACb,YAAY;QACZ,oBAAoB;QACpB,iBAAiB;QACjB,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAED,SAAgB,gBAAgB,CAAC,QAAyB;IACxD,yEAAyE;IACzE,mEAAmE;IACnE,MAAM,aAAa,GACjB,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;QAC/B,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAE7D,MAAM,sBAAsB,GAC1B,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QACnC,CAAC,QAAQ,CAAC,eAAe;QACzB,CAAC,QAAQ,CAAC,eAAe,CAAC;IAE5B,OAAO,aAAa,IAAI,sBAAsB,CAAC;AACjD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-scanner.d.ts","sourceRoot":"","sources":["../../src/core/file-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,cAAc,EACd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"file-scanner.d.ts","sourceRoot":"","sources":["../../src/core/file-scanner.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,cAAc,EACd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;AAwB3B,qBAAa,WAAW;IACtB,OAAO,CAAC,cAAc,CAAiB;;IAMjC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IA6EjF,OAAO,CAAC,eAAe;YAoGT,cAAc;IA0G5B,OAAO,CAAC,aAAa;CA2CtB"}
|