postquant 0.1.1 → 0.2.0

package/dist/scanner/code/patterns/javascript.js

@@ -0,0 +1,243 @@
+export const javascriptPatterns = [
+    {
+        id: 'js-rsa-keygen',
+        language: 'javascript',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /import\s+\{[^}]*generateKeyPair(?:Sync)?\s*[^}]*\}\s+from\s+['"](?:node:)?crypto['"]/,
+            /(?:const|let|var)\s+\{[^}]*generateKeyPair(?:Sync)?\s*[^}]*\}\s*=\s*require\s*\(\s*['"]crypto['"]\s*\)/,
+        ],
+        callPatterns: [
+            /generateKeyPairSync\s*\(\s*['"]rsa['"]/,
+            /generateKeyPairSync\s*\(\s*['"]rsa-pss['"]/,
+            /generateKeyPair\s*\(\s*['"]rsa['"]/,
+        ],
+        keySizeExtractor: /modulusLength\s*:\s*(\d+)/,
+        description: "RSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for encryption or ML-DSA (FIPS 204) for signatures',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-ec-keygen',
+        language: 'javascript',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /generateKeyPairSync\s*\(\s*['"]ec['"]/,
+            /generateKeyPair\s*\(\s*['"]ec['"]/,
+        ],
+        contextPatterns: [/namedCurve\s*:\s*['"](?:P-256|P-384|P-521|secp256k1)['"]/],
+        description: "EC key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-ed25519-keygen',
+        language: 'javascript',
+        category: 'digital-signature',
+        algorithm: 'Ed25519',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /generateKeyPairSync\s*\(\s*['"]ed25519['"]\s*\)/,
+            /generateKeyPairSync\s*\(\s*['"]ed448['"]\s*\)/,
+            /generateKeyPairSync\s*\(\s*['"]x25519['"]\s*\)/,
+            /generateKeyPairSync\s*\(\s*['"]x448['"]\s*\)/,
+        ],
+        description: "Ed25519/X25519 key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-dsa-keygen',
+        language: 'javascript',
+        category: 'digital-signature',
+        algorithm: 'DSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /generateKeyPairSync\s*\(\s*['"]dsa['"]/,
+            /generateKeyPair\s*\(\s*['"]dsa['"]/,
+        ],
+        description: "DSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-dh-exchange',
+        language: 'javascript',
+        category: 'key-exchange',
+        algorithm: 'DH',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /import\s+\{[^}]*createDiffieHellman[^}]*\}\s+from\s+['"](?:node:)?crypto['"]/,
+            /(?:const|let|var)\s+\{[^}]*createDiffieHellman[^}]*\}\s*=\s*require\s*\(\s*['"]crypto['"]\s*\)/,
+        ],
+        callPatterns: [/createDiffieHellman\s*\(/],
+        description: "Diffie-Hellman key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-ecdh-exchange',
+        language: 'javascript',
+        category: 'key-exchange',
+        algorithm: 'ECDH',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [/createECDH\s*\(/],
+        description: "ECDH key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-md5-hash',
+        language: 'javascript',
+        category: 'weak-hash',
+        algorithm: 'MD5',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /createHash\s*\(\s*['"]md5['"]\s*\)/,
+            /crypto\.subtle\.digest\s*\(\s*['"]MD5['"]/,
+        ],
+        description: 'MD5 is cryptographically broken and unsuitable for any security use',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'js-sha1-hash',
+        language: 'javascript',
+        category: 'weak-hash',
+        algorithm: 'SHA-1',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /createHash\s*\(\s*['"]sha1['"]\s*\)/,
+            /crypto\.subtle\.digest\s*\(\s*['"]SHA-1['"]/,
+        ],
+        description: 'SHA-1 is cryptographically broken with practical collision attacks',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'js-sha256-hash',
+        language: 'javascript',
+        category: 'safe-hash',
+        algorithm: 'SHA-256',
+        risk: 'safe',
+        confidence: 'high',
+        callPatterns: [
+            /createHash\s*\(\s*['"]sha256['"]\s*\)/,
+            /createHash\s*\(\s*['"]sha384['"]\s*\)/,
+            /createHash\s*\(\s*['"]sha512['"]\s*\)/,
+            /crypto\.subtle\.digest\s*\(\s*['"]SHA-256['"]/,
+            /crypto\.subtle\.digest\s*\(\s*['"]SHA-384['"]/,
+            /crypto\.subtle\.digest\s*\(\s*['"]SHA-512['"]/,
+        ],
+        description: 'SHA-256/384/512 are quantum-resistant hash functions',
+        migration: 'No migration needed — already quantum-safe',
+    },
+    {
+        id: 'js-aes',
+        language: 'javascript',
+        category: 'weak-symmetric',
+        algorithm: 'AES',
+        risk: 'moderate',
+        confidence: 'medium',
+        callPatterns: [
+            /createCipheriv\s*\(\s*['"]aes-\d+-/,
+            /createDecipheriv\s*\(\s*['"]aes-\d+-/,
+        ],
+        keySizeExtractor: /aes-(\d+)/,
+        keySizeRisk: (size) => (size >= 256 ? 'safe' : 'moderate'),
+        description: "AES-128 provides reduced security against quantum attacks (Grover's algorithm)",
+        migration: 'Use AES-256 for quantum-resistant symmetric encryption',
+    },
+    {
+        id: 'js-3des',
+        language: 'javascript',
+        category: 'broken-cipher',
+        algorithm: '3DES',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /createCipheriv\s*\(\s*['"]des-ede3-/,
+            /createDecipheriv\s*\(\s*['"]des-ede3-/,
+        ],
+        description: '3DES is deprecated with inadequate security margins',
+        migration: 'Migrate to AES-256-GCM for symmetric encryption',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-webcrypto-rsa',
+        language: 'javascript',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /subtle\.generateKey\s*\(\s*\{[^}]*name\s*:\s*['"]RSA-OAEP['"]/,
+            /subtle\.generateKey\s*\(\s*\{[^}]*name\s*:\s*['"]RSA-PSS['"]/,
+            /subtle\.generateKey\s*\(\s*\{[^}]*name\s*:\s*['"]RSASSA-PKCS1-v1_5['"]/,
+            /subtle\.importKey\s*\([^)]*['"]RSA-OAEP['"]/,
+        ],
+        description: "WebCrypto RSA operations are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) or ML-DSA (FIPS 204) when WebCrypto supports PQC',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-webcrypto-ec',
+        language: 'javascript',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /subtle\.generateKey\s*\(\s*\{[^}]*name\s*:\s*['"]ECDSA['"]/,
+            /subtle\.generateKey\s*\(\s*\{[^}]*name\s*:\s*['"]ECDH['"]/,
+            /subtle\.sign\s*\(\s*\{[^}]*name\s*:\s*['"]ECDSA['"]/,
+        ],
+        description: "WebCrypto EC operations are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'js-jwt-sign',
+        language: 'javascript',
+        category: 'digital-signature',
+        algorithm: 'RSA/ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /import\s+.*from\s+['"]jsonwebtoken['"]/,
+            /import\s+\{[^}]*SignJWT[^}]*\}\s+from\s+['"]jose['"]/,
+            /require\s*\(\s*['"]jsonwebtoken['"]\s*\)/,
+        ],
+        callPatterns: [
+            /jwt\.sign\s*\([^)]*algorithm\s*:\s*['"](?:RS|ES|PS)\d{3}['"]/,
+            /jwt\.sign\s*\([^)]*algorithm\s*:\s*['"]EdDSA['"]/,
+            /SignJWT\s*\([^)]*\).*setProtectedHeader\s*\(\s*\{[^}]*alg\s*:\s*['"](?:RS|ES|PS)\d{3}['"]/,
+            /SignJWT\s*\([^)]*\).*setProtectedHeader\s*\(\s*\{[^}]*alg\s*:\s*['"]EdDSA['"]/,
+            /generateKeyPair\s*\(\s*['"](?:RS|ES)\d{3}['"]\s*\)/,
+        ],
+        description: 'JWT signing with RSA/ECDSA/EdDSA uses quantum-vulnerable algorithms',
+        migration: 'Use HMAC-based JWT (HS256) for symmetric signing, or await PQC JWT standards',
+        cweId: 'CWE-327',
+    },
+];
+//# sourceMappingURL=javascript.js.map

package/dist/scanner/code/patterns/javascript.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/javascript.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,kBAAkB,GAAoB;IACjD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,sFAAsF;YACtF,wGAAwG;SACzG;QACD,YAAY,EAAE;YACZ,wCAAwC;YACxC,4CAA4C;YAC5C,oCAAoC;SACrC;QACD,gBAAgB,EAAE,2BAA2B;QAC7C,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,iFAAiF;QAC5F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,cAAc;QAClB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,uCAAuC;YACvC,mCAAmC;SACpC;QACD,eAAe,EAAE,CAAC,0DAA0D,CAAC;QAC7E,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,mFAAmF;QAC9F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,iDAAiD;YACjD,+CAA+C;YAC/C,gDAAgD;YAChD,8CAA8C;SAC/C;QACD,WAAW,EAAE,qFAAqF;QAClG,SAAS,EAAE,mFAAmF;QAC9F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,wCAAwC;YACxC,oCAAoC;SACrC;QACD,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,8EAA8E;YAC9E,gGAAgG;SACjG;QACD,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,WAAW,EAAE,mFAAmF;QAChG,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,CAAC,iBAAiB,CAAC;QACjC,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,oCAAoC;YACpC,2CAA2C;SAC5C;QACD,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,cAAc;QAClB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,qCAAqC;YACrC,6CAA6C;SAC9C;QACD,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,uCAAuC;YACvC,uCAAuC;YACvC,uCAAuC;YACvC,+CAA+C;YAC/C,+CAA+C;YAC/C,+CAA+C;SAChD;QACD,WAAW,EAAE,sDAAsD;QACnE,SAAS,EAAE,4CAA4C;KACxD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,QAAQ;QACpB,YAAY,EAAE;YACZ,oCAAoC;YACpC,sCAAsC;SACvC;QACD,gBAAgB,EAAE,WAAW;QAC7B,WAAW,EAAE,CAAC,IAAY,EAAa,EAAE,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAC7E,WAAW,EAAE,gFAAgF;QAC7F,SAAS,EAAE,wDAAwD;KACpE;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,eAAe;QACzB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,qCAAqC;YACrC,uCAAuC;SACxC;QACD,WAAW,EAAE,qDAAqD;QAClE,SAAS,EAAE,iDAAiD;QAC5D,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,+DAA+D;YAC/D,8DAA8D;YAC9D,wEAAwE;YACxE,6CAA6C;SAC9C;QACD,WAAW,EAAE,iFAAiF;QAC9F,SAAS,EAAE,+EAA+E;QAC1F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,4DAA4D;YAC5D,2DAA2D;YAC3D,qDAAqD;SACtD;QACD,WAAW,EAAE,gFAAgF;QAC7F,SAAS,EAAE,mFAAmF;QAC9F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,wCAAwC;YACxC,sDAAsD;YACtD,0CAA0C;SAC3C;QACD,YAAY,EAAE;YACZ,8DAA8D;YAC9D,kDAAkD;YAClD,2FAA2F;YAC3F,+EAA+E;YAC/E,oDAAoD;SACrD;QACD,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,8EAA8E;QACzF,KAAK,EAAE,SAAS;KACjB;CACF,CAAC"}

package/dist/scanner/code/patterns/python.d.ts

@@ -0,0 +1,3 @@
+import type { CryptoPattern } from '../../../types/index.js';
+export declare const pythonPatterns: CryptoPattern[];
+//# sourceMappingURL=python.d.ts.map

package/dist/scanner/code/patterns/python.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/python.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAa,MAAM,yBAAyB,CAAC;AAExE,eAAO,MAAM,cAAc,EAAE,aAAa,EA6PzC,CAAC"}

package/dist/scanner/code/patterns/python.js

@@ -0,0 +1,255 @@
+export const pythonPatterns = [
+    {
+        id: 'python-rsa-keygen',
+        language: 'python',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\s+import\s+rsa/,
+            /from\s+Crypto\.PublicKey\s+import\s+RSA/,
+        ],
+        callPatterns: [
+            /rsa\.generate_private_key\s*\(/,
+            /RSA\.generate\s*\(/,
+        ],
+        keySizeExtractor: /key_size\s*=\s*(\d+)|RSA\.generate\s*\(\s*(\d+)/,
+        description: "RSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for encryption or ML-DSA (FIPS 204) for signatures',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-rsa-sign',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\s+import\s+padding/,
+            /from\s+Crypto\.Signature\s+import/,
+        ],
+        callPatterns: [
+            /\.sign\s*\(.*padding\.(PSS|PKCS1v15)\s*\(/,
+            /pkcs1_15\.new\s*\(/,
+            /pss\.new\s*\(/,
+        ],
+        description: "RSA digital signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-ec-keygen',
+        language: 'python',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\s+import\s+ec/,
+            /from\s+Crypto\.PublicKey\s+import\s+ECC/,
+        ],
+        callPatterns: [
+            /ec\.generate_private_key\s*\(/,
+            /ECC\.generate\s*\(/,
+        ],
+        contextPatterns: [/SECP256R1|SECP384R1|SECP521R1|P-256|P-384|P-521/],
+        description: "Elliptic curve key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-ecdsa-sign',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /\.sign\s*\(.*ec\.ECDSA\s*\(/,
+            /DSS\.new\s*\(/,
+        ],
+        description: "ECDSA digital signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-ecdh-exchange',
+        language: 'python',
+        category: 'key-exchange',
+        algorithm: 'ECDH',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [/\.exchange\s*\(\s*ec\.ECDH\s*\(\)/],
+        description: "ECDH key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-x25519',
+        language: 'python',
+        category: 'key-exchange',
+        algorithm: 'X25519',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\.x25519\s+import/,
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\.x448\s+import/,
+        ],
+        callPatterns: [
+            /X25519PrivateKey\.generate\s*\(/,
+            /X448PrivateKey\.generate\s*\(/,
+        ],
+        description: "X25519/X448 key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-ed25519',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'Ed25519',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\.ed25519\s+import/,
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\.ed448\s+import/,
+        ],
+        callPatterns: [
+            /Ed25519PrivateKey\.generate\s*\(/,
+            /Ed448PrivateKey\.generate\s*\(/,
+        ],
+        description: "Ed25519/Ed448 signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-dsa-keygen',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'DSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\s+import\s+dsa/,
+            /from\s+Crypto\.PublicKey\s+import\s+DSA/,
+        ],
+        callPatterns: [
+            /dsa\.generate_private_key\s*\(/,
+            /DSA\.generate\s*\(/,
+        ],
+        description: "DSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-dh-keygen',
+        language: 'python',
+        category: 'key-exchange',
+        algorithm: 'DH',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.asymmetric\s+import\s+dh/,
+        ],
+        callPatterns: [/dh\.generate_parameters\s*\(/],
+        description: "Diffie-Hellman key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'python-md5',
+        language: 'python',
+        category: 'weak-hash',
+        algorithm: 'MD5',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /import\s+hashlib/,
+            /from\s+Crypto\.Hash\s+import\s+MD5/,
+        ],
+        callPatterns: [
+            /hashlib\.md5\s*\(/,
+            /hashlib\.new\s*\(\s*['"]md5['"]/,
+            /hashes\.MD5\s*\(/,
+            /MD5\.new\s*\(/,
+        ],
+        description: 'MD5 is cryptographically broken and unsuitable for any security use',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'python-sha1',
+        language: 'python',
+        category: 'weak-hash',
+        algorithm: 'SHA-1',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /import\s+hashlib/,
+            /from\s+Crypto\.Hash\s+import\s+SHA1/,
+        ],
+        callPatterns: [
+            /hashlib\.sha1\s*\(/,
+            /hashlib\.new\s*\(\s*['"]sha1['"]/,
+            /hashes\.SHA1\s*\(/,
+            /SHA1\.new\s*\(/,
+        ],
+        description: 'SHA-1 is cryptographically broken with practical collision attacks',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'python-sha256',
+        language: 'python',
+        category: 'safe-hash',
+        algorithm: 'SHA-256',
+        risk: 'safe',
+        confidence: 'high',
+        callPatterns: [
+            /hashlib\.sha256\s*\(/,
+            /hashlib\.sha384\s*\(/,
+            /hashlib\.sha512\s*\(/,
+            /hashlib\.sha3_256\s*\(/,
+            /hashlib\.sha3_384\s*\(/,
+            /hashlib\.sha3_512\s*\(/,
+            /hashes\.SHA256\s*\(/,
+            /hashes\.SHA384\s*\(/,
+            /hashes\.SHA512\s*\(/,
+            /hashes\.SHA3_256\s*\(/,
+        ],
+        description: 'SHA-256/384/512/SHA-3 are quantum-resistant hash functions',
+        migration: 'No migration needed — already quantum-safe',
+    },
+    {
+        id: 'python-aes',
+        language: 'python',
+        category: 'weak-symmetric',
+        algorithm: 'AES',
+        risk: 'moderate',
+        confidence: 'medium',
+        importPatterns: [
+            /from\s+cryptography\.hazmat\.primitives\.ciphers\s+import/,
+            /from\s+Crypto\.Cipher\s+import\s+AES/,
+        ],
+        callPatterns: [
+            /algorithms\.AES\s*\(/,
+            /AES\.new\s*\(/,
+        ],
+        keySizeExtractor: /AES(\d+)|key_size\s*=\s*(\d+)/,
+        keySizeRisk: (size) => (size >= 256 ? 'safe' : 'moderate'),
+        description: "AES-128 provides reduced security against quantum attacks (Grover's algorithm)",
+        migration: 'Use AES-256 for quantum-resistant symmetric encryption',
+    },
+];
+//# sourceMappingURL=python.js.map

package/dist/scanner/code/patterns/python.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"python.js","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/python.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,oEAAoE;YACpE,yCAAyC;SAC1C;QACD,YAAY,EAAE;YACZ,gCAAgC;YAChC,oBAAoB;SACrB;QACD,gBAAgB,EAAE,iDAAiD;QACnE,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,iFAAiF;QAC5F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,wEAAwE;YACxE,mCAAmC;SACpC;QACD,YAAY,EAAE;YACZ,2CAA2C;YAC3C,oBAAoB;YACpB,eAAe;SAChB;QACD,WAAW,EAAE,+EAA+E;QAC5F,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,mEAAmE;YACnE,yCAAyC;SAC1C;QACD,YAAY,EAAE;YACZ,+BAA+B;YAC/B,oBAAoB;SACrB;QACD,eAAe,EAAE,CAAC,iDAAiD,CAAC;QACpE,WAAW,EAAE,qFAAqF;QAClG,SAAS,EAAE,mFAAmF;QAC9F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,6BAA6B;YAC7B,eAAe;SAChB;QACD,WAAW,EAAE,iFAAiF;QAC9F,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,CAAC,mCAAmC,CAAC;QACnD,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,QAAQ;QACnB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,sEAAsE;YACtE,oEAAoE;SACrE;QACD,YAAY,EAAE;YACZ,iCAAiC;YACjC,+BAA+B;SAChC;QACD,WAAW,EAAE,gFAAgF;QAC7F,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,uEAAuE;YACvE,qEAAqE;SACtE;QACD,YAAY,EAAE;YACZ,kCAAkC;YAClC,gCAAgC;SACjC;QACD,WAAW,EAAE,iFAAiF;QAC9F,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,oEAAoE;YACpE,yCAAyC;SAC1C;QACD,YAAY,EAAE;YACZ,gCAAgC;YAChC,oBAAoB;SACrB;QACD,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,mEAAmE;SACpE;QACD,YAAY,EAAE,CAAC,8BAA8B,CAAC;QAC9C,WAAW,EAAE,mFAAmF;QAChG,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,kBAAkB;YAClB,oCAAoC;SACrC;QACD,YAAY,EAAE;YACZ,mBAAmB;YACnB,iCAAiC;YACjC,kBAAkB;YAClB,eAAe;SAChB;QACD,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,kBAAkB;YAClB,qCAAqC;SACtC;QACD,YAAY,EAAE;YACZ,oBAAoB;YACpB,kCAAkC;YAClC,mBAAmB;YACnB,gBAAgB;SACjB;QACD,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,sBAAsB;YACtB,sBAAsB;YACtB,sBAAsB;YACtB,wBAAwB;YACxB,wBAAwB;YACxB,wBAAwB;YACxB,qBAAqB;YACrB,qBAAqB;YACrB,qBAAqB;YACrB,uBAAuB;SACxB;QACD,WAAW,EAAE,4DAA4D;QACzE,SAAS,EAAE,4CAA4C;KACxD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,QAAQ;QACpB,cAAc,EAAE;YACd,2DAA2D;YAC3D,sCAAsC;SACvC;QACD,YAAY,EAAE;YACZ,sBAAsB;YACtB,eAAe;SAChB;QACD,gBAAgB,EAAE,+BAA+B;QACjD,WAAW,EAAE,CAAC,IAAY,EAAa,EAAE,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAC7E,WAAW,EAAE,gFAAgF;QAC7F,SAAS,EAAE,wDAAwD;KACpE;CACF,CAAC"}

package/dist/scanner/grader.d.ts

@@ -1,4 +1,4 @@
-import type { ClassifiedResult, GradedResult, Grade } from '../types/index.js';
+import type { ClassifiedResult, GradedResult, BaseGrade } from '../types/index.js';
 export declare function grade(classified: ClassifiedResult): GradedResult;
-export declare function shouldFailForGrade(actual: Grade, threshold: Grade): boolean;
+export declare function shouldFailForGrade(actual: BaseGrade, threshold: BaseGrade): boolean;
 //# sourceMappingURL=grader.d.ts.map

package/dist/scanner/grader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"grader.d.ts","sourceRoot":"","sources":["../../src/scanner/grader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,YAAY,EACZ,KAAK,EACN,MAAM,mBAAmB,CAAC;AAM3B,wBAAgB,KAAK,CAAC,UAAU,EAAE,gBAAgB,GAAG,YAAY,CA4ChE;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,GAAG,OAAO,CAI3E"}
+{"version":3,"file":"grader.d.ts","sourceRoot":"","sources":["../../src/scanner/grader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,YAAY,EAEZ,SAAS,EAEV,MAAM,mBAAmB,CAAC;AAM3B,wBAAgB,KAAK,CAAC,UAAU,EAAE,gBAAgB,GAAG,YAAY,CA0DhE;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAInF"}

package/dist/scanner/grader.js

@@ -1,5 +1,5 @@
 const PQC_KEYWORDS = ['KYBER', 'MLKEM', 'ML-KEM', 'ML-DSA', 'SLH-DSA', 'HQC'];
-const GRADE_ORDER = ['A+', 'A', 'B', 'C', 'D', 'F'];
+const BASE_GRADE_ORDER = ['A+', 'A', 'B', 'C', 'D', 'F'];
 export function grade(classified) {
     const { findings } = classified;
     const critical = findings.filter((f) => f.risk === 'critical');
@@ -7,30 +7,43 @@ export function grade(classified) {
     const safe = findings.filter((f) => f.risk === 'safe');
     const protocolFinding = findings.find((f) => f.component === 'protocol');
     const hashFinding = findings.find((f) => f.component === 'hash');
-    let computedGrade;
+    let baseGrade;
     if (protocolFinding?.risk === 'critical' || hashFinding?.risk === 'critical') {
-        computedGrade = 'F';
+        baseGrade = 'F';
     }
     else if (critical.length >= 3) {
-        computedGrade = 'D';
+        baseGrade = 'D';
     }
     else if (critical.length >= 1) {
-        computedGrade = 'C';
+        baseGrade = 'C';
     }
     else if (moderate.length >= 1) {
-        computedGrade = 'B';
+        baseGrade = 'B';
     }
     else {
         const hasPqc = findings.some((f) => PQC_KEYWORDS.some((kw) => f.algorithm.toUpperCase().includes(kw)));
-        computedGrade = hasPqc ? 'A+' : 'A';
+        baseGrade = hasPqc ? 'A+' : 'A';
     }
+    // Compute modifier: A+, A, and F get no modifier
+    let modifier = '';
+    if (baseGrade !== 'A+' && baseGrade !== 'A' && baseGrade !== 'F') {
+        if (moderate.length === 0) {
+            modifier = '+';
+        }
+        else if (moderate.length >= 2) {
+            modifier = '-';
+        }
+    }
+    const displayGrade = (baseGrade + modifier);
     const migrationNotes = findings
         .filter((f) => f.migration)
         .map((f) => f.migration);
     return {
         host: classified.host,
         port: classified.port,
-        grade: computedGrade,
+        grade: displayGrade,
+        baseGrade,
+        modifier,
         findings,
         migrationNotes,
         summary: {
@@ -42,8 +55,8 @@ export function grade(classified) {
     };
 }
 export function shouldFailForGrade(actual, threshold) {
-    const actualIndex = GRADE_ORDER.indexOf(actual);
-    const thresholdIndex = GRADE_ORDER.indexOf(threshold);
+    const actualIndex = BASE_GRADE_ORDER.indexOf(actual);
+    const thresholdIndex = BASE_GRADE_ORDER.indexOf(threshold);
     return actualIndex >= thresholdIndex;
 }
 //# sourceMappingURL=grader.js.map

package/dist/scanner/grader.js.map

@@ -1 +1 @@
-{"version":3,"file":"grader.js","sourceRoot":"","sources":["../../src/scanner/grader.ts"],"names":[],"mappings":"AAMA,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;AAE9E,MAAM,WAAW,GAAY,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAE7D,MAAM,UAAU,KAAK,CAAC,UAA4B;IAChD,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEhC,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAEvD,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC;IAEjE,IAAI,aAAoB,CAAC;IAEzB,IAAI,eAAe,EAAE,IAAI,KAAK,UAAU,IAAI,WAAW,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7E,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,aAAa,GAAG,GAAG,CAAC;IACtB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACjC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAClE,CAAC;QACF,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ;SAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAU,CAAC,CAAC;IAE5B,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,KAAK,EAAE,aAAa;QACpB,QAAQ;QACR,cAAc;QACd,OAAO,EAAE;YACP,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,KAAK,EAAE,QAAQ,CAAC,MAAM;SACvB;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAa,EAAE,SAAgB;IAChE,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtD,OAAO,WAAW,IAAI,cAAc,CAAC;AACvC,CAAC"}
+{"version":3,"file":"grader.js","sourceRoot":"","sources":["../../src/scanner/grader.ts"],"names":[],"mappings":"AAQA,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;AAE9E,MAAM,gBAAgB,GAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAEtE,MAAM,UAAU,KAAK,CAAC,UAA4B;IAChD,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEhC,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAEvD,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC;IAEjE,IAAI,SAAoB,CAAC;IAEzB,IAAI,eAAe,EAAE,IAAI,KAAK,UAAU,IAAI,WAAW,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7E,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChC,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACjC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAClE,CAAC;QACF,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;IAClC,CAAC;IAED,iDAAiD;IACjD,IAAI,QAAQ,GAAkB,EAAE,CAAC;IACjC,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,GAAG,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;QACjE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,QAAQ,GAAG,GAAG,CAAC;QACjB,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAChC,QAAQ,GAAG,GAAG,CAAC;QACjB,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,CAAC,SAAS,GAAG,QAAQ,CAAU,CAAC;IAErD,MAAM,cAAc,GAAG,QAAQ;SAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAU,CAAC,CAAC;IAE5B,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,KAAK,EAAE,YAAY;QACnB,SAAS;QACT,QAAQ;QACR,QAAQ;QACR,cAAc;QACd,OAAO,EAAE;YACP,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,KAAK,EAAE,QAAQ,CAAC,MAAM;SACvB;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAiB,EAAE,SAAoB;IACxE,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,WAAW,IAAI,cAAc,CAAC;AACvC,CAAC"}