postquant 0.1.2 → 0.2.0

package/dist/scanner/code/patterns/go.js

@@ -0,0 +1,226 @@
+export const goPatterns = [
+    {
+        id: 'go-rsa-keygen',
+        language: 'go',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/"crypto\/rsa"/],
+        callPatterns: [/rsa\.GenerateKey\s*\(/],
+        keySizeExtractor: /GenerateKey\s*\([^,]*,\s*(\d+)\s*\)/,
+        description: "RSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for encryption or ML-DSA (FIPS 204) for signatures',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-rsa-sign',
+        language: 'go',
+        category: 'digital-signature',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /rsa\.SignPKCS1v15\s*\(/,
+            /rsa\.SignPSS\s*\(/,
+        ],
+        description: "RSA digital signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-rsa-encrypt',
+        language: 'go',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /rsa\.EncryptOAEP\s*\(/,
+            /rsa\.EncryptPKCS1v15\s*\(/,
+            /rsa\.DecryptOAEP\s*\(/,
+            /rsa\.DecryptPKCS1v15\s*\(/,
+        ],
+        description: "RSA encryption is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-ecdsa-keygen',
+        language: 'go',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/"crypto\/ecdsa"/],
+        callPatterns: [/ecdsa\.GenerateKey\s*\(/],
+        contextPatterns: [/elliptic\.P(?:224|256|384|521)\s*\(\)/],
+        description: "ECDSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-ecdsa-sign',
+        language: 'go',
+        category: 'digital-signature',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /ecdsa\.Sign\s*\(/,
+            /ecdsa\.SignASN1\s*\(/,
+            /ecdsa\.Verify\s*\(/,
+            /ecdsa\.VerifyASN1\s*\(/,
+        ],
+        description: "ECDSA signing/verification is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-ed25519',
+        language: 'go',
+        category: 'digital-signature',
+        algorithm: 'Ed25519',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /"crypto\/ed25519"/,
+            /"golang\.org\/x\/crypto\/ed25519"/,
+        ],
+        callPatterns: [
+            /ed25519\.GenerateKey\s*\(/,
+            /ed25519\.Sign\s*\(/,
+        ],
+        description: "Ed25519 signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-dsa-keygen',
+        language: 'go',
+        category: 'digital-signature',
+        algorithm: 'DSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/"crypto\/dsa"/],
+        callPatterns: [
+            /dsa\.GenerateKey\s*\(/,
+            /dsa\.GenerateParameters\s*\(/,
+        ],
+        description: "DSA is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-curve25519',
+        language: 'go',
+        category: 'key-exchange',
+        algorithm: 'X25519',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/"golang\.org\/x\/crypto\/curve25519"/],
+        callPatterns: [
+            /curve25519\.X25519\s*\(/,
+            /curve25519\.ScalarMult\s*\(/,
+        ],
+        description: "Curve25519 key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-nacl-box',
+        language: 'go',
+        category: 'key-exchange',
+        algorithm: 'NaCl-Box',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /"golang\.org\/x\/crypto\/nacl\/box"/,
+            /"golang\.org\/x\/crypto\/nacl\/sign"/,
+        ],
+        callPatterns: [
+            /box\.GenerateKey\s*\(/,
+            /box\.Seal\s*\(/,
+            /box\.Open\s*\(/,
+            /sign\.GenerateKey\s*\(/,
+        ],
+        description: "NaCl box/sign uses Curve25519/Ed25519, vulnerable to quantum attacks",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key exchange and ML-DSA (FIPS 204) for signatures',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'go-md5',
+        language: 'go',
+        category: 'weak-hash',
+        algorithm: 'MD5',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/"crypto\/md5"/],
+        callPatterns: [
+            /md5\.New\s*\(/,
+            /md5\.Sum\s*\(/,
+        ],
+        description: 'MD5 is cryptographically broken and unsuitable for any security use',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'go-sha1',
+        language: 'go',
+        category: 'weak-hash',
+        algorithm: 'SHA-1',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/"crypto\/sha1"/],
+        callPatterns: [
+            /sha1\.New\s*\(/,
+            /sha1\.Sum\s*\(/,
+        ],
+        description: 'SHA-1 is cryptographically broken with practical collision attacks',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'go-sha256',
+        language: 'go',
+        category: 'safe-hash',
+        algorithm: 'SHA-256',
+        risk: 'safe',
+        confidence: 'high',
+        importPatterns: [
+            /"crypto\/sha256"/,
+            /"crypto\/sha512"/,
+        ],
+        callPatterns: [
+            /sha256\.New\s*\(/,
+            /sha256\.Sum256\s*\(/,
+            /sha512\.New\s*\(/,
+            /sha512\.Sum512\s*\(/,
+            /sha512\.New384\s*\(/,
+        ],
+        description: 'SHA-256/384/512 are quantum-resistant hash functions',
+        migration: 'No migration needed — already quantum-safe',
+    },
+    {
+        id: 'go-aes',
+        language: 'go',
+        category: 'weak-symmetric',
+        algorithm: 'AES',
+        risk: 'moderate',
+        confidence: 'medium',
+        importPatterns: [/"crypto\/aes"/],
+        callPatterns: [/aes\.NewCipher\s*\(/],
+        description: "AES with 128-bit keys provides reduced security against quantum attacks (Grover's algorithm)",
+        migration: 'Use AES-256 (32-byte key) for quantum-resistant symmetric encryption',
+    },
+];
+//# sourceMappingURL=go.js.map

package/dist/scanner/code/patterns/go.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"go.js","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/go.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,UAAU,GAAoB;IACzC;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,eAAe,CAAC;QACjC,YAAY,EAAE,CAAC,uBAAuB,CAAC;QACvC,gBAAgB,EAAE,qCAAqC;QACvD,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,iFAAiF;QAC5F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,wBAAwB;YACxB,mBAAmB;SACpB;QACD,WAAW,EAAE,+EAA+E;QAC5F,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,uBAAuB;YACvB,2BAA2B;YAC3B,uBAAuB;YACvB,2BAA2B;SAC5B;QACD,WAAW,EAAE,sEAAsE;QACnF,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,iBAAiB,CAAC;QACnC,YAAY,EAAE,CAAC,yBAAyB,CAAC;QACzC,eAAe,EAAE,CAAC,uCAAuC,CAAC;QAC1D,WAAW,EAAE,4EAA4E;QACzF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,kBAAkB;YAClB,sBAAsB;YACtB,oBAAoB;YACpB,wBAAwB;SACzB;QACD,WAAW,EAAE,kFAAkF;QAC/F,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,mBAAmB;YACnB,mCAAmC;SACpC;QACD,YAAY,EAAE;YACZ,2BAA2B;YAC3B,oBAAoB;SACrB;QACD,WAAW,EAAE,2EAA2E;QACxF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,eAAe,CAAC;QACjC,YAAY,EAAE;YACZ,uBAAuB;YACvB,8BAA8B;SAC/B;QACD,WAAW,EAAE,2DAA2D;QACxE,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,QAAQ;QACnB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,sCAAsC,CAAC;QACxD,YAAY,EAAE;YACZ,yBAAyB;YACzB,6BAA6B;SAC9B;QACD,WAAW,EAAE,+EAA+E;QAC5F,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,UAAU;QACrB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,qCAAqC;YACrC,sCAAsC;SACvC;QACD,YAAY,EAAE;YACZ,uBAAuB;YACvB,gBAAgB;YAChB,gBAAgB;YAChB,wBAAwB;SACzB;QACD,WAAW,EAAE,sEAAsE;QACnF,SAAS,EAAE,oFAAoF;QAC/F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,eAAe,CAAC;QACjC,YAAY,EAAE;YACZ,eAAe;YACf,eAAe;SAChB;QACD,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,gBAAgB,CAAC;QAClC,YAAY,EAAE;YACZ,gBAAgB;YAChB,gBAAgB;SACjB;QACD,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,kBAAkB;YAClB,kBAAkB;SACnB;QACD,YAAY,EAAE;YACZ,kBAAkB;YAClB,qBAAqB;YACrB,kBAAkB;YAClB,qBAAqB;YACrB,qBAAqB;SACtB;QACD,WAAW,EAAE,sDAAsD;QACnE,SAAS,EAAE,4CAA4C;KACxD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,QAAQ;QACpB,cAAc,EAAE,CAAC,eAAe,CAAC;QACjC,YAAY,EAAE,CAAC,qBAAqB,CAAC;QACrC,WAAW,EAAE,8FAA8F;QAC3G,SAAS,EAAE,sEAAsE;KAClF;CACF,CAAC"}

package/dist/scanner/code/patterns/index.d.ts

@@ -0,0 +1,11 @@
+import type { CryptoPattern, Language } from '../../../types/index.js';
+import { pythonPatterns } from './python.js';
+import { javascriptPatterns } from './javascript.js';
+import { goPatterns } from './go.js';
+import { javaPatterns } from './java.js';
+/** Get all patterns for a specific language. */
+export declare function getPatterns(language: Language): CryptoPattern[];
+/** Get all patterns across all languages. */
+export declare function getAllPatterns(): CryptoPattern[];
+export { pythonPatterns, javascriptPatterns, goPatterns, javaPatterns };
+//# sourceMappingURL=index.d.ts.map

package/dist/scanner/code/patterns/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AASzC,gDAAgD;AAChD,wBAAgB,WAAW,CAAC,QAAQ,EAAE,QAAQ,GAAG,aAAa,EAAE,CAE/D;AAED,6CAA6C;AAC7C,wBAAgB,cAAc,IAAI,aAAa,EAAE,CAEhD;AAED,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC"}

package/dist/scanner/code/patterns/index.js

@@ -0,0 +1,20 @@
+import { pythonPatterns } from './python.js';
+import { javascriptPatterns } from './javascript.js';
+import { goPatterns } from './go.js';
+import { javaPatterns } from './java.js';
+const patternsByLanguage = {
+    python: pythonPatterns,
+    javascript: javascriptPatterns,
+    go: goPatterns,
+    java: javaPatterns,
+};
+/** Get all patterns for a specific language. */
+export function getPatterns(language) {
+    return patternsByLanguage[language] ?? [];
+}
+/** Get all patterns across all languages. */
+export function getAllPatterns() {
+    return Object.values(patternsByLanguage).flat();
+}
+export { pythonPatterns, javascriptPatterns, goPatterns, javaPatterns };
+//# sourceMappingURL=index.js.map

package/dist/scanner/code/patterns/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,MAAM,kBAAkB,GAAsC;IAC5D,MAAM,EAAE,cAAc;IACtB,UAAU,EAAE,kBAAkB;IAC9B,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,YAAY;CACnB,CAAC;AAEF,gDAAgD;AAChD,MAAM,UAAU,WAAW,CAAC,QAAkB;IAC5C,OAAO,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,cAAc;IAC5B,OAAO,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC;AAClD,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC"}

package/dist/scanner/code/patterns/java.d.ts

@@ -0,0 +1,3 @@
+import type { CryptoPattern } from '../../../types/index.js';
+export declare const javaPatterns: CryptoPattern[];
+//# sourceMappingURL=java.d.ts.map

package/dist/scanner/code/patterns/java.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"java.d.ts","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/java.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAa,MAAM,yBAAyB,CAAC;AAExE,eAAO,MAAM,YAAY,EAAE,aAAa,EA6OvC,CAAC"}

package/dist/scanner/code/patterns/java.js

@@ -0,0 +1,239 @@
+export const javaPatterns = [
+    {
+        id: 'java-rsa-keygen',
+        language: 'java',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/import\s+java\.security\.KeyPairGenerator\s*;/],
+        callPatterns: [
+            /KeyPairGenerator\.getInstance\s*\(\s*"RSA"\s*\)/,
+        ],
+        keySizeExtractor: /\.initialize\s*\(\s*(\d+)\s*\)/,
+        description: "RSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for encryption or ML-DSA (FIPS 204) for signatures',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-ec-keygen',
+        language: 'java',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /KeyPairGenerator\.getInstance\s*\(\s*"EC"\s*\)/,
+        ],
+        contextPatterns: [/ECGenParameterSpec|secp256r1|secp384r1|P-256|P-384/],
+        description: "EC key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+        nistRef: 'FIPS 203/204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-dsa-keygen',
+        language: 'java',
+        category: 'digital-signature',
+        algorithm: 'DSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /KeyPairGenerator\.getInstance\s*\(\s*"DSA"\s*\)/,
+        ],
+        description: "DSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-dh-keygen',
+        language: 'java',
+        category: 'key-exchange',
+        algorithm: 'DH',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /KeyPairGenerator\.getInstance\s*\(\s*"DH"\s*\)/,
+            /KeyPairGenerator\.getInstance\s*\(\s*"DiffieHellman"\s*\)/,
+        ],
+        description: "Diffie-Hellman key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-eddsa-keygen',
+        language: 'java',
+        category: 'digital-signature',
+        algorithm: 'EdDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /KeyPairGenerator\.getInstance\s*\(\s*"EdDSA"\s*\)/,
+            /KeyPairGenerator\.getInstance\s*\(\s*"Ed25519"\s*\)/,
+            /KeyPairGenerator\.getInstance\s*\(\s*"Ed448"\s*\)/,
+        ],
+        description: "EdDSA signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-rsa-sign',
+        language: 'java',
+        category: 'digital-signature',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/import\s+java\.security\.Signature\s*;/],
+        callPatterns: [
+            /Signature\.getInstance\s*\(\s*"SHA\d+withRSA"\s*\)/,
+            /Signature\.getInstance\s*\(\s*"RSASSA-PSS"\s*\)/,
+        ],
+        description: "RSA digital signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-ecdsa-sign',
+        language: 'java',
+        category: 'digital-signature',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /Signature\.getInstance\s*\(\s*"SHA\d+withECDSA"\s*\)/,
+        ],
+        description: "ECDSA signatures are vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for digital signatures',
+        nistRef: 'FIPS 204',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-key-agreement',
+        language: 'java',
+        category: 'key-exchange',
+        algorithm: 'ECDH/DH',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/import\s+javax\.crypto\.KeyAgreement\s*;/],
+        callPatterns: [
+            /KeyAgreement\.getInstance\s*\(\s*"ECDH"\s*\)/,
+            /KeyAgreement\.getInstance\s*\(\s*"DH"\s*\)/,
+            /KeyAgreement\.getInstance\s*\(\s*"DiffieHellman"\s*\)/,
+            /KeyAgreement\.getInstance\s*\(\s*"X25519"\s*\)/,
+            /KeyAgreement\.getInstance\s*\(\s*"X448"\s*\)/,
+            /KeyAgreement\.getInstance\s*\(\s*"XDH"\s*\)/,
+        ],
+        description: "Key agreement protocols (ECDH/DH/X25519) are vulnerable to quantum attacks",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-rsa-cipher',
+        language: 'java',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [/import\s+javax\.crypto\.Cipher\s*;/],
+        callPatterns: [
+            /Cipher\.getInstance\s*\(\s*"RSA\//,
+        ],
+        description: "RSA encryption is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key encapsulation',
+        nistRef: 'FIPS 203',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-3des',
+        language: 'java',
+        category: 'broken-cipher',
+        algorithm: '3DES',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /Cipher\.getInstance\s*\(\s*"DESede\//,
+            /Cipher\.getInstance\s*\(\s*"DES\//,
+        ],
+        description: '3DES/DES is deprecated with inadequate security margins',
+        migration: 'Migrate to AES-256-GCM for symmetric encryption',
+        cweId: 'CWE-327',
+    },
+    {
+        id: 'java-md5',
+        language: 'java',
+        category: 'weak-hash',
+        algorithm: 'MD5',
+        risk: 'critical',
+        confidence: 'high',
+        importPatterns: [
+            /import\s+java\.security\.MessageDigest\s*;/,
+            /import\s+javax\.crypto\.Mac\s*;/,
+        ],
+        callPatterns: [
+            /MessageDigest\.getInstance\s*\(\s*"MD5"\s*\)/,
+            /Mac\.getInstance\s*\(\s*"HmacMD5"\s*\)/,
+        ],
+        description: 'MD5 is cryptographically broken and unsuitable for any security use',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'java-sha1',
+        language: 'java',
+        category: 'weak-hash',
+        algorithm: 'SHA-1',
+        risk: 'critical',
+        confidence: 'high',
+        callPatterns: [
+            /MessageDigest\.getInstance\s*\(\s*"SHA-1"\s*\)/,
+            /Mac\.getInstance\s*\(\s*"HmacSHA1"\s*\)/,
+        ],
+        description: 'SHA-1 is cryptographically broken with practical collision attacks',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+        cweId: 'CWE-328',
+    },
+    {
+        id: 'java-sha256',
+        language: 'java',
+        category: 'safe-hash',
+        algorithm: 'SHA-256',
+        risk: 'safe',
+        confidence: 'high',
+        callPatterns: [
+            /MessageDigest\.getInstance\s*\(\s*"SHA-256"\s*\)/,
+            /MessageDigest\.getInstance\s*\(\s*"SHA-384"\s*\)/,
+            /MessageDigest\.getInstance\s*\(\s*"SHA-512"\s*\)/,
+            /MessageDigest\.getInstance\s*\(\s*"SHA3-256"\s*\)/,
+            /MessageDigest\.getInstance\s*\(\s*"SHA3-384"\s*\)/,
+            /MessageDigest\.getInstance\s*\(\s*"SHA3-512"\s*\)/,
+            /Mac\.getInstance\s*\(\s*"HmacSHA256"\s*\)/,
+            /Mac\.getInstance\s*\(\s*"HmacSHA384"\s*\)/,
+            /Mac\.getInstance\s*\(\s*"HmacSHA512"\s*\)/,
+        ],
+        description: 'SHA-256/384/512/SHA-3 are quantum-resistant hash functions',
+        migration: 'No migration needed — already quantum-safe',
+    },
+    {
+        id: 'java-aes-keygen',
+        language: 'java',
+        category: 'weak-symmetric',
+        algorithm: 'AES',
+        risk: 'moderate',
+        confidence: 'medium',
+        importPatterns: [/import\s+javax\.crypto\.KeyGenerator\s*;/],
+        callPatterns: [
+            /KeyGenerator\.getInstance\s*\(\s*"AES"\s*\)/,
+        ],
+        keySizeExtractor: /\.init\s*\(\s*(\d+)\s*\)/,
+        keySizeRisk: (size) => (size >= 256 ? 'safe' : 'moderate'),
+        description: "AES-128 provides reduced security against quantum attacks (Grover's algorithm)",
+        migration: 'Use AES-256 for quantum-resistant symmetric encryption',
+    },
+];
+//# sourceMappingURL=java.js.map

package/dist/scanner/code/patterns/java.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"java.js","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/java.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,YAAY,GAAoB;IAC3C;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,+CAA+C,CAAC;QACjE,YAAY,EAAE;YACZ,iDAAiD;SAClD;QACD,gBAAgB,EAAE,gCAAgC;QAClD,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,iFAAiF;QAC5F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,gDAAgD;SACjD;QACD,eAAe,EAAE,CAAC,oDAAoD,CAAC;QACvE,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,mFAAmF;QAC9F,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,iDAAiD;SAClD;QACD,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,gDAAgD;YAChD,2DAA2D;SAC5D;QACD,WAAW,EAAE,mFAAmF;QAChG,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,mDAAmD;YACnD,qDAAqD;YACrD,mDAAmD;SACpD;QACD,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,wCAAwC,CAAC;QAC1D,YAAY,EAAE;YACZ,oDAAoD;YACpD,iDAAiD;SAClD;QACD,WAAW,EAAE,+EAA+E;QAC5F,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,sDAAsD;SACvD;QACD,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,qDAAqD;QAChE,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,0CAA0C,CAAC;QAC5D,YAAY,EAAE;YACZ,8CAA8C;YAC9C,4CAA4C;YAC5C,uDAAuD;YACvD,gDAAgD;YAChD,8CAA8C;YAC9C,6CAA6C;SAC9C;QACD,WAAW,EAAE,4EAA4E;QACzF,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,CAAC,oCAAoC,CAAC;QACtD,YAAY,EAAE;YACZ,mCAAmC;SACpC;QACD,WAAW,EAAE,sEAAsE;QACnF,SAAS,EAAE,oDAAoD;QAC/D,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,eAAe;QACzB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,sCAAsC;YACtC,mCAAmC;SACpC;QACD,WAAW,EAAE,yDAAyD;QACtE,SAAS,EAAE,iDAAiD;QAC5D,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE;YACd,4CAA4C;YAC5C,iCAAiC;SAClC;QACD,YAAY,EAAE;YACZ,8CAA8C;YAC9C,wCAAwC;SACzC;QACD,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,gDAAgD;YAChD,yCAAyC;SAC1C;QACD,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,yCAAyC;QACpD,KAAK,EAAE,SAAS;KACjB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE;YACZ,kDAAkD;YAClD,kDAAkD;YAClD,kDAAkD;YAClD,mDAAmD;YACnD,mDAAmD;YACnD,mDAAmD;YACnD,2CAA2C;YAC3C,2CAA2C;YAC3C,2CAA2C;SAC5C;QACD,WAAW,EAAE,4DAA4D;QACzE,SAAS,EAAE,4CAA4C;KACxD;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,QAAQ;QACpB,cAAc,EAAE,CAAC,0CAA0C,CAAC;QAC5D,YAAY,EAAE;YACZ,6CAA6C;SAC9C;QACD,gBAAgB,EAAE,0BAA0B;QAC5C,WAAW,EAAE,CAAC,IAAY,EAAa,EAAE,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAC7E,WAAW,EAAE,gFAAgF;QAC7F,SAAS,EAAE,wDAAwD;KACpE;CACF,CAAC"}

package/dist/scanner/code/patterns/javascript.d.ts

@@ -0,0 +1,3 @@
+import type { CryptoPattern } from '../../../types/index.js';
+export declare const javascriptPatterns: CryptoPattern[];
+//# sourceMappingURL=javascript.d.ts.map

package/dist/scanner/code/patterns/javascript.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"javascript.d.ts","sourceRoot":"","sources":["../../../../src/scanner/code/patterns/javascript.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAa,MAAM,yBAAyB,CAAC;AAExE,eAAO,MAAM,kBAAkB,EAAE,aAAa,EAiP7C,CAAC"}