secure-scan 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +564 -0
- package/dist/ai/aiAnalyzer.d.ts +99 -0
- package/dist/ai/aiAnalyzer.d.ts.map +1 -0
- package/dist/ai/aiAnalyzer.js +669 -0
- package/dist/ai/aiAnalyzer.js.map +1 -0
- package/dist/ai/index.d.ts +5 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +21 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.js +53 -0
- package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
- package/dist/analyzers/base/index.d.ts +5 -0
- package/dist/analyzers/base/index.d.ts.map +1 -0
- package/dist/analyzers/base/index.js +21 -0
- package/dist/analyzers/base/index.js.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
- package/dist/analyzers/c-cpp/index.d.ts +5 -0
- package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/index.js +21 -0
- package/dist/analyzers/c-cpp/index.js.map +1 -0
- package/dist/analyzers/core/engine/index.d.ts +5 -0
- package/dist/analyzers/core/engine/index.d.ts.map +1 -0
- package/dist/analyzers/core/engine/index.js +21 -0
- package/dist/analyzers/core/engine/index.js.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.js +173 -0
- package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
- package/dist/analyzers/core/index.d.ts +8 -0
- package/dist/analyzers/core/index.d.ts.map +1 -0
- package/dist/analyzers/core/index.js +24 -0
- package/dist/analyzers/core/index.js.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.js +199 -0
- package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
- package/dist/analyzers/core/scanner/index.d.ts +5 -0
- package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/index.js +21 -0
- package/dist/analyzers/core/scanner/index.js.map +1 -0
- package/dist/analyzers/core/scoring/index.d.ts +5 -0
- package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/index.js +21 -0
- package/dist/analyzers/core/scoring/index.js.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.js +180 -0
- package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
- package/dist/analyzers/core/securityScanner.d.ts +47 -0
- package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
- package/dist/analyzers/core/securityScanner.js +298 -0
- package/dist/analyzers/core/securityScanner.js.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
- package/dist/analyzers/csharp/index.d.ts +5 -0
- package/dist/analyzers/csharp/index.d.ts.map +1 -0
- package/dist/analyzers/csharp/index.js +21 -0
- package/dist/analyzers/csharp/index.js.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.js +182 -0
- package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
- package/dist/analyzers/iac/index.d.ts +5 -0
- package/dist/analyzers/iac/index.d.ts.map +1 -0
- package/dist/analyzers/iac/index.js +21 -0
- package/dist/analyzers/iac/index.js.map +1 -0
- package/dist/analyzers/index.d.ts +30 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +80 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/java/index.d.ts +5 -0
- package/dist/analyzers/java/index.d.ts.map +1 -0
- package/dist/analyzers/java/index.js +21 -0
- package/dist/analyzers/java/index.js.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.js +224 -0
- package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/astUtils.d.ts +170 -0
- package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
- package/dist/analyzers/javascript/astUtils.js +700 -0
- package/dist/analyzers/javascript/astUtils.js.map +1 -0
- package/dist/analyzers/javascript/index.d.ts +18 -0
- package/dist/analyzers/javascript/index.d.ts.map +1 -0
- package/dist/analyzers/javascript/index.js +50 -0
- package/dist/analyzers/javascript/index.js.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.js +616 -0
- package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
- package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
- package/dist/analyzers/php/index.d.ts +5 -0
- package/dist/analyzers/php/index.d.ts.map +1 -0
- package/dist/analyzers/php/index.js +21 -0
- package/dist/analyzers/php/index.js.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.js +202 -0
- package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
- package/dist/analyzers/python/index.d.ts +5 -0
- package/dist/analyzers/python/index.d.ts.map +1 -0
- package/dist/analyzers/python/index.js +21 -0
- package/dist/analyzers/python/index.js.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.js +226 -0
- package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
- package/dist/cli/index.d.ts +7 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +281 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/core/engine/index.d.ts +5 -0
- package/dist/core/engine/index.d.ts.map +1 -0
- package/dist/core/engine/index.js +21 -0
- package/dist/core/engine/index.js.map +1 -0
- package/dist/core/engine/ruleEngine.d.ts +46 -0
- package/dist/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/core/engine/ruleEngine.js +173 -0
- package/dist/core/engine/ruleEngine.js.map +1 -0
- package/dist/core/index.d.ts +8 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +24 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/scanner/fileScanner.d.ts +31 -0
- package/dist/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/core/scanner/fileScanner.js +199 -0
- package/dist/core/scanner/fileScanner.js.map +1 -0
- package/dist/core/scanner/index.d.ts +5 -0
- package/dist/core/scanner/index.d.ts.map +1 -0
- package/dist/core/scanner/index.js +21 -0
- package/dist/core/scanner/index.js.map +1 -0
- package/dist/core/scoring/index.d.ts +5 -0
- package/dist/core/scoring/index.d.ts.map +1 -0
- package/dist/core/scoring/index.js +21 -0
- package/dist/core/scoring/index.js.map +1 -0
- package/dist/core/scoring/riskScoring.d.ts +49 -0
- package/dist/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/core/scoring/riskScoring.js +180 -0
- package/dist/core/scoring/riskScoring.js.map +1 -0
- package/dist/core/securityScanner.d.ts +47 -0
- package/dist/core/securityScanner.d.ts.map +1 -0
- package/dist/core/securityScanner.js +298 -0
- package/dist/core/securityScanner.js.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
- package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/database/cveDatabase.d.ts +32 -0
- package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
- package/dist/dependencies/database/cveDatabase.js +393 -0
- package/dist/dependencies/database/cveDatabase.js.map +1 -0
- package/dist/dependencies/database/index.d.ts +6 -0
- package/dist/dependencies/database/index.d.ts.map +1 -0
- package/dist/dependencies/database/index.js +22 -0
- package/dist/dependencies/database/index.js.map +1 -0
- package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
- package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
- package/dist/dependencies/database/maliciousPackages.js +279 -0
- package/dist/dependencies/database/maliciousPackages.js.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.js +349 -0
- package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/detectors/index.d.ts +7 -0
- package/dist/dependencies/detectors/index.d.ts.map +1 -0
- package/dist/dependencies/detectors/index.js +28 -0
- package/dist/dependencies/detectors/index.js.map +1 -0
- package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
- package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
- package/dist/dependencies/detectors/securityStandards.js +178 -0
- package/dist/dependencies/detectors/securityStandards.js.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
- package/dist/dependencies/index.d.ts +14 -0
- package/dist/dependencies/index.d.ts.map +1 -0
- package/dist/dependencies/index.js +43 -0
- package/dist/dependencies/index.js.map +1 -0
- package/dist/dependencies/installed/index.d.ts +8 -0
- package/dist/dependencies/installed/index.d.ts.map +1 -0
- package/dist/dependencies/installed/index.js +24 -0
- package/dist/dependencies/installed/index.js.map +1 -0
- package/dist/dependencies/installed/installedScanner.d.ts +91 -0
- package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
- package/dist/dependencies/installed/installedScanner.js +766 -0
- package/dist/dependencies/installed/installedScanner.js.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.js +480 -0
- package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
- package/dist/dependencies/installed/types.d.ts +274 -0
- package/dist/dependencies/installed/types.d.ts.map +1 -0
- package/dist/dependencies/installed/types.js +7 -0
- package/dist/dependencies/installed/types.js.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.js +80 -0
- package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
- package/dist/dependencies/parsers/base/index.d.ts +6 -0
- package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/index.js +27 -0
- package/dist/dependencies/parsers/base/index.js.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
- package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
- package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
- package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/index.js +27 -0
- package/dist/dependencies/parsers/cpp/index.js.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
- package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
- package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/index.js +27 -0
- package/dist/dependencies/parsers/csharp/index.js.map +1 -0
- package/dist/dependencies/parsers/index.d.ts +24 -0
- package/dist/dependencies/parsers/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/index.js +69 -0
- package/dist/dependencies/parsers/index.js.map +1 -0
- package/dist/dependencies/parsers/java/index.d.ts +6 -0
- package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/index.js +27 -0
- package/dist/dependencies/parsers/java/index.js.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.js +168 -0
- package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
- package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
- package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/index.js +27 -0
- package/dist/dependencies/parsers/javascript/index.js.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
- package/dist/dependencies/parsers/php/index.d.ts +6 -0
- package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/index.js +27 -0
- package/dist/dependencies/parsers/php/index.js.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.js +162 -0
- package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
- package/dist/dependencies/parsers/python/index.d.ts +6 -0
- package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/index.js +27 -0
- package/dist/dependencies/parsers/python/index.js.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.js +336 -0
- package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
- package/dist/dependencies/types.d.ts +280 -0
- package/dist/dependencies/types.d.ts.map +1 -0
- package/dist/dependencies/types.js +59 -0
- package/dist/dependencies/types.js.map +1 -0
- package/dist/i18n/index.d.ts +2 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +18 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/translations.d.ts +55 -0
- package/dist/i18n/translations.d.ts.map +1 -0
- package/dist/i18n/translations.js +119 -0
- package/dist/i18n/translations.js.map +1 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +36 -0
- package/dist/index.js.map +1 -0
- package/dist/reports/dependencyReportGenerator.d.ts +20 -0
- package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
- package/dist/reports/dependencyReportGenerator.js +690 -0
- package/dist/reports/dependencyReportGenerator.js.map +1 -0
- package/dist/reports/htmlReportGenerator.d.ts +43 -0
- package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
- package/dist/reports/htmlReportGenerator.js +793 -0
- package/dist/reports/htmlReportGenerator.js.map +1 -0
- package/dist/reports/index.d.ts +7 -0
- package/dist/reports/index.d.ts.map +1 -0
- package/dist/reports/index.js +23 -0
- package/dist/reports/index.js.map +1 -0
- package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
- package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
- package/dist/reports/installedDepsReportGenerator.js +872 -0
- package/dist/reports/installedDepsReportGenerator.js.map +1 -0
- package/dist/rules/index.d.ts +31 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +95 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/malware/categories/backdoors.d.ts +12 -0
- package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
- package/dist/rules/malware/categories/backdoors.js +163 -0
- package/dist/rules/malware/categories/backdoors.js.map +1 -0
- package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
- package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
- package/dist/rules/malware/categories/cryptominers.js +415 -0
- package/dist/rules/malware/categories/cryptominers.js.map +1 -0
- package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
- package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
- package/dist/rules/malware/categories/exfiltration.js +658 -0
- package/dist/rules/malware/categories/exfiltration.js.map +1 -0
- package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
- package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
- package/dist/rules/malware/categories/keyloggers.js +763 -0
- package/dist/rules/malware/categories/keyloggers.js.map +1 -0
- package/dist/rules/malware/categories/loaders.d.ts +20 -0
- package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
- package/dist/rules/malware/categories/loaders.js +702 -0
- package/dist/rules/malware/categories/loaders.js.map +1 -0
- package/dist/rules/malware/categories/network.d.ts +19 -0
- package/dist/rules/malware/categories/network.d.ts.map +1 -0
- package/dist/rules/malware/categories/network.js +622 -0
- package/dist/rules/malware/categories/network.js.map +1 -0
- package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
- package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
- package/dist/rules/malware/categories/obfuscation.js +766 -0
- package/dist/rules/malware/categories/obfuscation.js.map +1 -0
- package/dist/rules/malware/constants/index.d.ts +281 -0
- package/dist/rules/malware/constants/index.d.ts.map +1 -0
- package/dist/rules/malware/constants/index.js +327 -0
- package/dist/rules/malware/constants/index.js.map +1 -0
- package/dist/rules/malware/engine/index.d.ts +178 -0
- package/dist/rules/malware/engine/index.d.ts.map +1 -0
- package/dist/rules/malware/engine/index.js +552 -0
- package/dist/rules/malware/engine/index.js.map +1 -0
- package/dist/rules/malware/index.d.ts +205 -0
- package/dist/rules/malware/index.d.ts.map +1 -0
- package/dist/rules/malware/index.js +837 -0
- package/dist/rules/malware/index.js.map +1 -0
- package/dist/rules/malware/scoring/index.d.ts +84 -0
- package/dist/rules/malware/scoring/index.d.ts.map +1 -0
- package/dist/rules/malware/scoring/index.js +441 -0
- package/dist/rules/malware/scoring/index.js.map +1 -0
- package/dist/rules/malware/types/index.d.ts +616 -0
- package/dist/rules/malware/types/index.d.ts.map +1 -0
- package/dist/rules/malware/types/index.js +155 -0
- package/dist/rules/malware/types/index.js.map +1 -0
- package/dist/rules/malware/utils/index.d.ts +117 -0
- package/dist/rules/malware/utils/index.d.ts.map +1 -0
- package/dist/rules/malware/utils/index.js +514 -0
- package/dist/rules/malware/utils/index.js.map +1 -0
- package/dist/rules/standards.d.ts +26 -0
- package/dist/rules/standards.d.ts.map +1 -0
- package/dist/rules/standards.js +352 -0
- package/dist/rules/standards.js.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.js +544 -0
- package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.js +581 -0
- package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
- package/dist/rules/vulnerabilities/index.d.ts +148 -0
- package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/index.js +252 -0
- package/dist/rules/vulnerabilities/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
- package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
- package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.js +47 -0
- package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.js +724 -0
- package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.js +414 -0
- package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
- package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
- package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/types/index.js +164 -0
- package/dist/rules/vulnerabilities/types/index.js.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.js +615 -0
- package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
- package/dist/types/index.d.ts +359 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +61 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/index.d.ts +82 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +326 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +40 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +139 -0
- package/dist/utils/logger.js.map +1 -0
- package/docs/ARCHITECTURE.md +320 -0
- package/docs/V1.2.1-IA_Performances.md +116 -0
- package/docs/images/WIN_Defender.png +0 -0
- package/package.json +68 -0
- package/secure-scan.config.json +134 -0
- package/secure-scan.sln +29 -0
- package/src/ai/aiAnalyzer.ts +714 -0
- package/src/ai/index.ts +5 -0
- package/src/analyzers/base/baseAnalyzer.ts +66 -0
- package/src/analyzers/base/index.ts +5 -0
- package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
- package/src/analyzers/c-cpp/index.ts +5 -0
- package/src/analyzers/core/engine/index.ts +5 -0
- package/src/analyzers/core/engine/ruleEngine.ts +221 -0
- package/src/analyzers/core/index.ts +8 -0
- package/src/analyzers/core/scanner/fileScanner.ts +204 -0
- package/src/analyzers/core/scanner/index.ts +5 -0
- package/src/analyzers/core/scoring/index.ts +5 -0
- package/src/analyzers/core/scoring/riskScoring.ts +198 -0
- package/src/analyzers/core/securityScanner.ts +321 -0
- package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
- package/src/analyzers/csharp/index.ts +5 -0
- package/src/analyzers/iac/iacAnalyzer.ts +318 -0
- package/src/analyzers/iac/index.ts +5 -0
- package/src/analyzers/index.ts +67 -0
- package/src/analyzers/java/index.ts +5 -0
- package/src/analyzers/java/javaAnalyzer.ts +320 -0
- package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
- package/src/analyzers/javascript/astUtils.ts +789 -0
- package/src/analyzers/javascript/index.ts +50 -0
- package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
- package/src/analyzers/javascript/malwareDetector.ts +697 -0
- package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
- package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
- package/src/analyzers/php/index.ts +5 -0
- package/src/analyzers/php/phpAnalyzer.ts +280 -0
- package/src/analyzers/python/index.ts +5 -0
- package/src/analyzers/python/pythonAnalyzer.ts +319 -0
- package/src/cli/index.ts +276 -0
- package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
- package/src/dependencies/database/cveDatabase.ts +426 -0
- package/src/dependencies/database/index.ts +6 -0
- package/src/dependencies/database/maliciousPackages.ts +286 -0
- package/src/dependencies/dependencyAnalyzer.ts +394 -0
- package/src/dependencies/detectors/index.ts +7 -0
- package/src/dependencies/detectors/securityStandards.ts +200 -0
- package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
- package/src/dependencies/index.ts +27 -0
- package/src/dependencies/installed/index.ts +8 -0
- package/src/dependencies/installed/installedScanner.ts +821 -0
- package/src/dependencies/installed/malwarePatterns.ts +492 -0
- package/src/dependencies/installed/types.ts +287 -0
- package/src/dependencies/parsers/base/baseParser.ts +108 -0
- package/src/dependencies/parsers/base/index.ts +6 -0
- package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
- package/src/dependencies/parsers/cpp/index.ts +6 -0
- package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
- package/src/dependencies/parsers/csharp/index.ts +6 -0
- package/src/dependencies/parsers/index.ts +56 -0
- package/src/dependencies/parsers/java/index.ts +6 -0
- package/src/dependencies/parsers/java/javaParser.ts +203 -0
- package/src/dependencies/parsers/javascript/index.ts +6 -0
- package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
- package/src/dependencies/parsers/php/index.ts +6 -0
- package/src/dependencies/parsers/php/phpParser.ts +208 -0
- package/src/dependencies/parsers/python/index.ts +6 -0
- package/src/dependencies/parsers/python/pythonParser.ts +437 -0
- package/src/dependencies/types.ts +330 -0
- package/src/i18n/index.ts +1 -0
- package/src/i18n/translations.ts +194 -0
- package/src/index.ts +16 -0
- package/src/reports/dependencyReportGenerator.ts +717 -0
- package/src/reports/htmlReportGenerator.ts +781 -0
- package/src/reports/index.ts +7 -0
- package/src/reports/installedDepsReportGenerator.ts +899 -0
- package/src/rules/index.ts +58 -0
- package/src/rules/malware/INFO.md +287 -0
- package/src/rules/malware/categories/backdoors.ts +174 -0
- package/src/rules/malware/categories/cryptominers.ts +434 -0
- package/src/rules/malware/categories/exfiltration.ts +677 -0
- package/src/rules/malware/categories/keyloggers.ts +780 -0
- package/src/rules/malware/categories/loaders.ts +721 -0
- package/src/rules/malware/categories/network.ts +639 -0
- package/src/rules/malware/categories/obfuscation.ts +788 -0
- package/src/rules/malware/constants/index.ts +358 -0
- package/src/rules/malware/engine/index.ts +758 -0
- package/src/rules/malware/index.ts +928 -0
- package/src/rules/malware/scoring/index.ts +549 -0
- package/src/rules/malware/types/index.ts +752 -0
- package/src/rules/malware/utils/index.ts +643 -0
- package/src/rules/standards.ts +372 -0
- package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
- package/src/rules/vulnerabilities/constants/index.ts +625 -0
- package/src/rules/vulnerabilities/engine/index.ts +831 -0
- package/src/rules/vulnerabilities/index.ts +312 -0
- package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
- package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
- package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
- package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
- package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
- package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
- package/src/rules/vulnerabilities/rules/index.ts +17 -0
- package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
- package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
- package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
- package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
- package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
- package/src/rules/vulnerabilities/rules/xss.ts +753 -0
- package/src/rules/vulnerabilities/scoring/index.ts +543 -0
- package/src/rules/vulnerabilities/types/index.ts +1004 -0
- package/src/rules/vulnerabilities/utils/index.ts +709 -0
- package/src/types/index.ts +391 -0
- package/src/utils/index.ts +306 -0
- package/src/utils/logger.ts +150 -0
- package/test-installed-scanner.ts +136 -0
- package/tsconfig.json +30 -0
|
@@ -0,0 +1,752 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Malware Detection Module - Type Definitions
|
|
3
|
+
* @module rules/malware/types
|
|
4
|
+
*
|
|
5
|
+
* Comprehensive type definitions for the malware detection engine.
|
|
6
|
+
* Supports multi-language analysis, AST-aware detection, and enterprise-level reporting.
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
// ============================================================================
|
|
10
|
+
// ENUMERATIONS
|
|
11
|
+
// ============================================================================
|
|
12
|
+
|
|
13
|
+
/**
|
|
14
|
+
* Supported programming languages for malware detection
|
|
15
|
+
*/
|
|
16
|
+
export enum SupportedLanguage {
|
|
17
|
+
JAVASCRIPT = 'javascript',
|
|
18
|
+
TYPESCRIPT = 'typescript',
|
|
19
|
+
PYTHON = 'python',
|
|
20
|
+
PHP = 'php',
|
|
21
|
+
C = 'c',
|
|
22
|
+
CPP = 'cpp',
|
|
23
|
+
CSHARP = 'csharp',
|
|
24
|
+
JAVA = 'java',
|
|
25
|
+
RUBY = 'ruby',
|
|
26
|
+
GO = 'go',
|
|
27
|
+
RUST = 'rust',
|
|
28
|
+
SHELL = 'shell',
|
|
29
|
+
POWERSHELL = 'powershell'
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
/**
|
|
33
|
+
* Malware threat categories based on behavior and intent
|
|
34
|
+
*/
|
|
35
|
+
export enum MalwareThreatType {
|
|
36
|
+
// Backdoors & Remote Access
|
|
37
|
+
REVERSE_SHELL = 'reverse_shell',
|
|
38
|
+
WEB_SHELL = 'web_shell',
|
|
39
|
+
BACKDOOR = 'backdoor',
|
|
40
|
+
RAT = 'remote_access_trojan',
|
|
41
|
+
|
|
42
|
+
// Resource Abuse
|
|
43
|
+
CRYPTOMINER = 'cryptominer',
|
|
44
|
+
RESOURCE_HIJACKER = 'resource_hijacker',
|
|
45
|
+
|
|
46
|
+
// Data Theft
|
|
47
|
+
KEYLOGGER = 'keylogger',
|
|
48
|
+
CREDENTIAL_STEALER = 'credential_stealer',
|
|
49
|
+
TOKEN_STEALER = 'token_stealer',
|
|
50
|
+
DATA_EXFILTRATION = 'data_exfiltration',
|
|
51
|
+
COOKIE_STEALER = 'cookie_stealer',
|
|
52
|
+
|
|
53
|
+
// Loaders & Droppers
|
|
54
|
+
DROPPER = 'dropper',
|
|
55
|
+
LOADER = 'loader',
|
|
56
|
+
DOWNLOADER = 'downloader',
|
|
57
|
+
MULTI_STAGE = 'multi_stage',
|
|
58
|
+
|
|
59
|
+
// Evasion & Obfuscation
|
|
60
|
+
OBFUSCATED_CODE = 'obfuscated_code',
|
|
61
|
+
ANTI_DEBUGGING = 'anti_debugging',
|
|
62
|
+
SANDBOX_EVASION = 'sandbox_evasion',
|
|
63
|
+
|
|
64
|
+
// Network
|
|
65
|
+
BOTNET = 'botnet',
|
|
66
|
+
C2_COMMUNICATION = 'c2_communication',
|
|
67
|
+
DNS_TUNNELING = 'dns_tunneling',
|
|
68
|
+
|
|
69
|
+
// Persistence
|
|
70
|
+
PERSISTENCE = 'persistence',
|
|
71
|
+
FILELESS = 'fileless',
|
|
72
|
+
LIVING_OFF_THE_LAND = 'lotl',
|
|
73
|
+
|
|
74
|
+
// Supply Chain
|
|
75
|
+
SUPPLY_CHAIN = 'supply_chain',
|
|
76
|
+
DEPENDENCY_CONFUSION = 'dependency_confusion',
|
|
77
|
+
TYPOSQUATTING = 'typosquatting',
|
|
78
|
+
|
|
79
|
+
// Other
|
|
80
|
+
EMBEDDED_PAYLOAD = 'embedded_payload',
|
|
81
|
+
SUSPICIOUS_NETWORK = 'suspicious_network',
|
|
82
|
+
TIME_BOMB = 'time_bomb',
|
|
83
|
+
LOGIC_BOMB = 'logic_bomb'
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
/**
|
|
87
|
+
* Severity levels for malware findings
|
|
88
|
+
*/
|
|
89
|
+
export enum MalwareSeverity {
|
|
90
|
+
CRITICAL = 'critical', // Immediate threat, active malware
|
|
91
|
+
HIGH = 'high', // Dangerous patterns, likely malicious
|
|
92
|
+
MEDIUM = 'medium', // Suspicious behavior, needs review
|
|
93
|
+
LOW = 'low', // Minor concern, potential FP
|
|
94
|
+
INFO = 'info' // Informational, context-dependent
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
/**
|
|
98
|
+
* Confidence level of the detection
|
|
99
|
+
*/
|
|
100
|
+
export enum ConfidenceLevel {
|
|
101
|
+
CONFIRMED = 'confirmed', // 95%+ certainty
|
|
102
|
+
HIGH = 'high', // 80-95% certainty
|
|
103
|
+
MEDIUM = 'medium', // 60-80% certainty
|
|
104
|
+
LOW = 'low', // 40-60% certainty
|
|
105
|
+
TENTATIVE = 'tentative' // <40% certainty
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
/**
|
|
109
|
+
* Pattern matching strategies
|
|
110
|
+
*/
|
|
111
|
+
export enum PatternType {
|
|
112
|
+
REGEX = 'regex',
|
|
113
|
+
LITERAL = 'literal',
|
|
114
|
+
AST = 'ast',
|
|
115
|
+
SEMANTIC = 'semantic',
|
|
116
|
+
HEURISTIC = 'heuristic',
|
|
117
|
+
BEHAVIORAL = 'behavioral'
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
/**
|
|
121
|
+
* MITRE ATT&CK Tactics
|
|
122
|
+
*/
|
|
123
|
+
export enum MitreTactic {
|
|
124
|
+
INITIAL_ACCESS = 'TA0001',
|
|
125
|
+
EXECUTION = 'TA0002',
|
|
126
|
+
PERSISTENCE = 'TA0003',
|
|
127
|
+
PRIVILEGE_ESCALATION = 'TA0004',
|
|
128
|
+
DEFENSE_EVASION = 'TA0005',
|
|
129
|
+
CREDENTIAL_ACCESS = 'TA0006',
|
|
130
|
+
DISCOVERY = 'TA0007',
|
|
131
|
+
LATERAL_MOVEMENT = 'TA0008',
|
|
132
|
+
COLLECTION = 'TA0009',
|
|
133
|
+
COMMAND_AND_CONTROL = 'TA0011',
|
|
134
|
+
EXFILTRATION = 'TA0010',
|
|
135
|
+
IMPACT = 'TA0040'
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
// ============================================================================
|
|
139
|
+
// PATTERN INTERFACES
|
|
140
|
+
// ============================================================================
|
|
141
|
+
|
|
142
|
+
/**
|
|
143
|
+
* Base pattern definition
|
|
144
|
+
*/
|
|
145
|
+
export interface MalwarePatternBase {
|
|
146
|
+
/** Pattern type */
|
|
147
|
+
type: PatternType;
|
|
148
|
+
/** Pattern identifier for reference */
|
|
149
|
+
patternId?: string;
|
|
150
|
+
/** Languages this pattern applies to (empty = all) */
|
|
151
|
+
languages?: SupportedLanguage[];
|
|
152
|
+
/** Weight for scoring (0.0 - 1.0) */
|
|
153
|
+
weight?: number;
|
|
154
|
+
/** Description of what this pattern detects */
|
|
155
|
+
description?: string;
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
/**
|
|
159
|
+
* Regex-based pattern
|
|
160
|
+
*/
|
|
161
|
+
export interface RegexPattern extends MalwarePatternBase {
|
|
162
|
+
type: PatternType.REGEX;
|
|
163
|
+
/** The regex pattern string */
|
|
164
|
+
pattern: string;
|
|
165
|
+
/** Regex flags (g, i, m, s, u) */
|
|
166
|
+
flags?: string;
|
|
167
|
+
/** Maximum execution time in ms (ReDoS protection) */
|
|
168
|
+
timeout?: number;
|
|
169
|
+
/** Maximum matches before stopping */
|
|
170
|
+
maxMatches?: number;
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
/**
|
|
174
|
+
* Literal string pattern
|
|
175
|
+
*/
|
|
176
|
+
export interface LiteralPattern extends MalwarePatternBase {
|
|
177
|
+
type: PatternType.LITERAL;
|
|
178
|
+
/** The literal string to match */
|
|
179
|
+
value: string;
|
|
180
|
+
/** Case sensitive matching */
|
|
181
|
+
caseSensitive?: boolean;
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
/**
|
|
185
|
+
* AST-based pattern for structural matching
|
|
186
|
+
*/
|
|
187
|
+
export interface AstPattern extends MalwarePatternBase {
|
|
188
|
+
type: PatternType.AST;
|
|
189
|
+
/** AST node type to match */
|
|
190
|
+
nodeType: string;
|
|
191
|
+
/** Properties to match on the node */
|
|
192
|
+
properties?: Record<string, unknown>;
|
|
193
|
+
/** Child patterns to match */
|
|
194
|
+
children?: AstPattern[];
|
|
195
|
+
/** Parent context requirements */
|
|
196
|
+
parentContext?: string[];
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
/**
|
|
200
|
+
* Semantic pattern for meaning-based matching
|
|
201
|
+
*/
|
|
202
|
+
export interface SemanticPattern extends MalwarePatternBase {
|
|
203
|
+
type: PatternType.SEMANTIC;
|
|
204
|
+
/** Semantic concept to detect */
|
|
205
|
+
concept: string;
|
|
206
|
+
/** Required data flows */
|
|
207
|
+
dataFlows?: string[];
|
|
208
|
+
/** Taint sources */
|
|
209
|
+
taintSources?: string[];
|
|
210
|
+
/** Taint sinks */
|
|
211
|
+
taintSinks?: string[];
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
/**
|
|
215
|
+
* Heuristic pattern for behavior-based detection
|
|
216
|
+
*/
|
|
217
|
+
export interface HeuristicPattern extends MalwarePatternBase {
|
|
218
|
+
type: PatternType.HEURISTIC;
|
|
219
|
+
/** Heuristic function name */
|
|
220
|
+
heuristicName: string;
|
|
221
|
+
/** Threshold for triggering */
|
|
222
|
+
threshold?: number;
|
|
223
|
+
/** Custom parameters */
|
|
224
|
+
params?: Record<string, unknown>;
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
/**
|
|
228
|
+
* Union type for all pattern types
|
|
229
|
+
*/
|
|
230
|
+
export type MalwarePattern =
|
|
231
|
+
| RegexPattern
|
|
232
|
+
| LiteralPattern
|
|
233
|
+
| AstPattern
|
|
234
|
+
| SemanticPattern
|
|
235
|
+
| HeuristicPattern;
|
|
236
|
+
|
|
237
|
+
// ============================================================================
|
|
238
|
+
// MITRE ATT&CK MAPPING
|
|
239
|
+
// ============================================================================
|
|
240
|
+
|
|
241
|
+
/**
|
|
242
|
+
* MITRE ATT&CK technique reference
|
|
243
|
+
*/
|
|
244
|
+
export interface MitreReference {
|
|
245
|
+
/** Tactic ID (e.g., TA0002) */
|
|
246
|
+
tacticId: MitreTactic;
|
|
247
|
+
/** Tactic name */
|
|
248
|
+
tacticName: string;
|
|
249
|
+
/** Technique ID (e.g., T1059) */
|
|
250
|
+
techniqueId: string;
|
|
251
|
+
/** Technique name */
|
|
252
|
+
techniqueName: string;
|
|
253
|
+
/** Sub-technique ID if applicable */
|
|
254
|
+
subTechniqueId?: string;
|
|
255
|
+
/** Sub-technique name */
|
|
256
|
+
subTechniqueName?: string;
|
|
257
|
+
/** URL to MITRE documentation */
|
|
258
|
+
url?: string;
|
|
259
|
+
}
|
|
260
|
+
|
|
261
|
+
/**
|
|
262
|
+
* CVE reference
|
|
263
|
+
*/
|
|
264
|
+
export interface CveReference {
|
|
265
|
+
/** CVE ID (e.g., CVE-2021-44228) */
|
|
266
|
+
cveId: string;
|
|
267
|
+
/** Brief description */
|
|
268
|
+
description: string;
|
|
269
|
+
/** CVSS score if available */
|
|
270
|
+
cvssScore?: number;
|
|
271
|
+
/** URL to CVE details */
|
|
272
|
+
url?: string;
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
// ============================================================================
|
|
276
|
+
// RULE DEFINITION
|
|
277
|
+
// ============================================================================
|
|
278
|
+
|
|
279
|
+
/**
|
|
280
|
+
* Example code for documentation
|
|
281
|
+
*/
|
|
282
|
+
export interface CodeExample {
|
|
283
|
+
/** The example code */
|
|
284
|
+
code: string;
|
|
285
|
+
/** Language of the example */
|
|
286
|
+
language: SupportedLanguage;
|
|
287
|
+
/** Whether this is a malicious example */
|
|
288
|
+
isMalicious: boolean;
|
|
289
|
+
/** Description of the example */
|
|
290
|
+
description: string;
|
|
291
|
+
}
|
|
292
|
+
|
|
293
|
+
/**
|
|
294
|
+
* Impact assessment
|
|
295
|
+
*/
|
|
296
|
+
export interface ImpactAssessment {
|
|
297
|
+
/** Technical impact description */
|
|
298
|
+
technical: string;
|
|
299
|
+
/** Business impact description */
|
|
300
|
+
business: string;
|
|
301
|
+
/** Affected assets */
|
|
302
|
+
affectedAssets?: string[];
|
|
303
|
+
/** Potential data at risk */
|
|
304
|
+
dataAtRisk?: string[];
|
|
305
|
+
}
|
|
306
|
+
|
|
307
|
+
/**
|
|
308
|
+
* Remediation guidance
|
|
309
|
+
*/
|
|
310
|
+
export interface RemediationGuidance {
|
|
311
|
+
/** Short remediation summary */
|
|
312
|
+
summary: string;
|
|
313
|
+
/** Detailed steps */
|
|
314
|
+
steps?: string[];
|
|
315
|
+
/** Code fix example if applicable */
|
|
316
|
+
codeExample?: string;
|
|
317
|
+
/** References for more information */
|
|
318
|
+
references?: string[];
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
/**
|
|
322
|
+
* Rule correlation configuration
|
|
323
|
+
*/
|
|
324
|
+
export interface RuleCorrelation {
|
|
325
|
+
/** Rules that increase severity when both match */
|
|
326
|
+
amplifyWith?: string[];
|
|
327
|
+
/** Rules that must also match for this rule to trigger */
|
|
328
|
+
requiresAlso?: string[];
|
|
329
|
+
/** Rules that suppress this rule when matched */
|
|
330
|
+
suppressedBy?: string[];
|
|
331
|
+
/** Severity boost when correlated rules match */
|
|
332
|
+
severityBoost?: number;
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
/**
|
|
336
|
+
* Comprehensive malware detection rule
|
|
337
|
+
*/
|
|
338
|
+
export interface MalwareRule {
|
|
339
|
+
// === Identification ===
|
|
340
|
+
/** Unique rule identifier (e.g., MAL-BACK-001) */
|
|
341
|
+
id: string;
|
|
342
|
+
/** Human-readable rule name */
|
|
343
|
+
name: string;
|
|
344
|
+
/** Detailed technical description */
|
|
345
|
+
description: string;
|
|
346
|
+
/** Version of the rule */
|
|
347
|
+
version?: string;
|
|
348
|
+
|
|
349
|
+
// === Classification ===
|
|
350
|
+
/** Type of malware this rule detects */
|
|
351
|
+
threatType: MalwareThreatType;
|
|
352
|
+
/** Threat category */
|
|
353
|
+
category: MalwareCategory;
|
|
354
|
+
/** Languages this rule applies to */
|
|
355
|
+
languages: SupportedLanguage[];
|
|
356
|
+
|
|
357
|
+
// === Severity & Confidence ===
|
|
358
|
+
/** Base severity level */
|
|
359
|
+
severity: MalwareSeverity;
|
|
360
|
+
/** Detection confidence */
|
|
361
|
+
confidence: ConfidenceLevel;
|
|
362
|
+
|
|
363
|
+
// === Detection Patterns ===
|
|
364
|
+
/** Primary detection patterns */
|
|
365
|
+
patterns: MalwarePattern[];
|
|
366
|
+
/** Secondary patterns that increase severity */
|
|
367
|
+
amplifyingPatterns?: MalwarePattern[];
|
|
368
|
+
/** Patterns that indicate false positive */
|
|
369
|
+
falsePositivePatterns?: MalwarePattern[];
|
|
370
|
+
|
|
371
|
+
// === Correlation ===
|
|
372
|
+
/** Rule correlation configuration */
|
|
373
|
+
correlation?: RuleCorrelation;
|
|
374
|
+
|
|
375
|
+
// === Scoring ===
|
|
376
|
+
/** Base score contribution (0-100) */
|
|
377
|
+
baseScore?: number;
|
|
378
|
+
/** Scoring factors */
|
|
379
|
+
scoringFactors?: ScoringFactors;
|
|
380
|
+
|
|
381
|
+
// === Documentation ===
|
|
382
|
+
/** Example malicious code */
|
|
383
|
+
maliciousExamples?: CodeExample[];
|
|
384
|
+
/** Known false positive examples */
|
|
385
|
+
falsePositiveExamples?: CodeExample[];
|
|
386
|
+
/** Impact assessment */
|
|
387
|
+
impact?: ImpactAssessment;
|
|
388
|
+
/** Remediation guidance */
|
|
389
|
+
remediation: RemediationGuidance;
|
|
390
|
+
|
|
391
|
+
// === References ===
|
|
392
|
+
/** MITRE ATT&CK mappings */
|
|
393
|
+
mitreAttack?: MitreReference[];
|
|
394
|
+
/** Related CVEs */
|
|
395
|
+
cves?: CveReference[];
|
|
396
|
+
/** Additional reference URLs */
|
|
397
|
+
references?: string[];
|
|
398
|
+
|
|
399
|
+
// === Metadata ===
|
|
400
|
+
/** Tags for categorization */
|
|
401
|
+
tags: string[];
|
|
402
|
+
/** Whether the rule is enabled */
|
|
403
|
+
enabled: boolean;
|
|
404
|
+
/** Author of the rule */
|
|
405
|
+
author?: string;
|
|
406
|
+
/** Creation date */
|
|
407
|
+
createdAt?: string;
|
|
408
|
+
/** Last update date */
|
|
409
|
+
updatedAt?: string;
|
|
410
|
+
}
|
|
411
|
+
|
|
412
|
+
// ============================================================================
|
|
413
|
+
// SCORING SYSTEM
|
|
414
|
+
// ============================================================================
|
|
415
|
+
|
|
416
|
+
/**
|
|
417
|
+
* Scoring factors for dynamic severity calculation
|
|
418
|
+
*/
|
|
419
|
+
export interface ScoringFactors {
|
|
420
|
+
/** Patterns detected count weight */
|
|
421
|
+
patternCountWeight?: number;
|
|
422
|
+
/** Obfuscation level weight */
|
|
423
|
+
obfuscationWeight?: number;
|
|
424
|
+
/** Network access weight */
|
|
425
|
+
networkAccessWeight?: number;
|
|
426
|
+
/** Command execution weight */
|
|
427
|
+
commandExecutionWeight?: number;
|
|
428
|
+
/** Persistence mechanism weight */
|
|
429
|
+
persistenceWeight?: number;
|
|
430
|
+
/** Data access weight */
|
|
431
|
+
dataAccessWeight?: number;
|
|
432
|
+
}
|
|
433
|
+
|
|
434
|
+
/**
|
|
435
|
+
* Malware score breakdown
|
|
436
|
+
*/
|
|
437
|
+
export interface MalwareScoreBreakdown {
|
|
438
|
+
/** Base score from rule */
|
|
439
|
+
baseScore: number;
|
|
440
|
+
/** Score from pattern matches */
|
|
441
|
+
patternScore: number;
|
|
442
|
+
/** Score from obfuscation detection */
|
|
443
|
+
obfuscationScore: number;
|
|
444
|
+
/** Score from network indicators */
|
|
445
|
+
networkScore: number;
|
|
446
|
+
/** Score from execution indicators */
|
|
447
|
+
executionScore: number;
|
|
448
|
+
/** Score from persistence indicators */
|
|
449
|
+
persistenceScore: number;
|
|
450
|
+
/** Score from correlation with other rules */
|
|
451
|
+
correlationScore: number;
|
|
452
|
+
/** Penalty for false positive indicators */
|
|
453
|
+
falsePositivePenalty: number;
|
|
454
|
+
/** Final calculated score */
|
|
455
|
+
totalScore: number;
|
|
456
|
+
}
|
|
457
|
+
|
|
458
|
+
/**
|
|
459
|
+
* Complete malware score result
|
|
460
|
+
*/
|
|
461
|
+
export interface MalwareScore {
|
|
462
|
+
/** Numeric score (0-100) */
|
|
463
|
+
score: number;
|
|
464
|
+
/** Score breakdown */
|
|
465
|
+
breakdown: MalwareScoreBreakdown;
|
|
466
|
+
/** Calculated severity from score */
|
|
467
|
+
calculatedSeverity: MalwareSeverity;
|
|
468
|
+
/** Risk level description */
|
|
469
|
+
riskLevel: 'critical' | 'high' | 'medium' | 'low' | 'minimal';
|
|
470
|
+
/** Explanation of the score */
|
|
471
|
+
explanation: string;
|
|
472
|
+
}
|
|
473
|
+
|
|
474
|
+
// ============================================================================
|
|
475
|
+
// FINDINGS
|
|
476
|
+
// ============================================================================
|
|
477
|
+
|
|
478
|
+
/**
|
|
479
|
+
* Location of a finding in source code
|
|
480
|
+
*/
|
|
481
|
+
export interface SourceLocation {
|
|
482
|
+
/** File path */
|
|
483
|
+
filePath: string;
|
|
484
|
+
/** Starting line number (1-based) */
|
|
485
|
+
startLine: number;
|
|
486
|
+
/** Ending line number (1-based) */
|
|
487
|
+
endLine: number;
|
|
488
|
+
/** Starting column (0-based) */
|
|
489
|
+
startColumn?: number;
|
|
490
|
+
/** Ending column (0-based) */
|
|
491
|
+
endColumn?: number;
|
|
492
|
+
}
|
|
493
|
+
|
|
494
|
+
/**
|
|
495
|
+
* Pattern match details
|
|
496
|
+
*/
|
|
497
|
+
export interface PatternMatch {
|
|
498
|
+
/** Pattern that matched */
|
|
499
|
+
pattern: MalwarePattern;
|
|
500
|
+
/** Matched text */
|
|
501
|
+
matchedText: string;
|
|
502
|
+
/** Location of the match */
|
|
503
|
+
location: SourceLocation;
|
|
504
|
+
/** Capture groups if regex */
|
|
505
|
+
captures?: string[];
|
|
506
|
+
}
|
|
507
|
+
|
|
508
|
+
/**
|
|
509
|
+
* Complete malware finding
|
|
510
|
+
*/
|
|
511
|
+
export interface MalwareFinding {
|
|
512
|
+
// === Identification ===
|
|
513
|
+
/** Unique finding ID */
|
|
514
|
+
id: string;
|
|
515
|
+
/** Rule that triggered this finding */
|
|
516
|
+
ruleId: string;
|
|
517
|
+
/** Rule name */
|
|
518
|
+
ruleName: string;
|
|
519
|
+
|
|
520
|
+
// === Location ===
|
|
521
|
+
/** Source code location */
|
|
522
|
+
location: SourceLocation;
|
|
523
|
+
/** Code snippet */
|
|
524
|
+
codeSnippet: string;
|
|
525
|
+
/** Highlighted portion */
|
|
526
|
+
highlightedCode?: string;
|
|
527
|
+
|
|
528
|
+
// === Classification ===
|
|
529
|
+
/** Threat type */
|
|
530
|
+
threatType: MalwareThreatType;
|
|
531
|
+
/** Category */
|
|
532
|
+
category: MalwareCategory;
|
|
533
|
+
/** Final severity */
|
|
534
|
+
severity: MalwareSeverity;
|
|
535
|
+
/** Confidence level */
|
|
536
|
+
confidence: ConfidenceLevel;
|
|
537
|
+
|
|
538
|
+
// === Scoring ===
|
|
539
|
+
/** Malware score */
|
|
540
|
+
malwareScore: MalwareScore;
|
|
541
|
+
|
|
542
|
+
// === Detection Details ===
|
|
543
|
+
/** Patterns that matched */
|
|
544
|
+
patternMatches: PatternMatch[];
|
|
545
|
+
/** Correlated findings */
|
|
546
|
+
correlatedFindings?: string[];
|
|
547
|
+
|
|
548
|
+
// === Reporting ===
|
|
549
|
+
/** Human-readable message */
|
|
550
|
+
message: string;
|
|
551
|
+
/** Detailed analysis */
|
|
552
|
+
analysis: string;
|
|
553
|
+
/** Remediation guidance */
|
|
554
|
+
remediation: RemediationGuidance;
|
|
555
|
+
|
|
556
|
+
// === References ===
|
|
557
|
+
/** MITRE ATT&CK references */
|
|
558
|
+
mitreAttack?: MitreReference[];
|
|
559
|
+
/** CVE references */
|
|
560
|
+
cves?: CveReference[];
|
|
561
|
+
|
|
562
|
+
// === Metadata ===
|
|
563
|
+
/** Detection timestamp */
|
|
564
|
+
detectedAt: string;
|
|
565
|
+
/** Language of the code */
|
|
566
|
+
language: SupportedLanguage;
|
|
567
|
+
/** Additional context */
|
|
568
|
+
context?: Record<string, unknown>;
|
|
569
|
+
}
|
|
570
|
+
|
|
571
|
+
// ============================================================================
|
|
572
|
+
// ANALYSIS CONTEXT
|
|
573
|
+
// ============================================================================
|
|
574
|
+
|
|
575
|
+
/**
|
|
576
|
+
* Analysis context for rule evaluation
|
|
577
|
+
*/
|
|
578
|
+
export interface AnalysisContext {
|
|
579
|
+
/** File being analyzed */
|
|
580
|
+
filePath: string;
|
|
581
|
+
/** File content */
|
|
582
|
+
content: string;
|
|
583
|
+
/** Detected language */
|
|
584
|
+
language: SupportedLanguage;
|
|
585
|
+
/** AST if available */
|
|
586
|
+
ast?: unknown;
|
|
587
|
+
/** Call graph if available */
|
|
588
|
+
callGraph?: unknown;
|
|
589
|
+
/** Dependencies if available */
|
|
590
|
+
dependencies?: string[];
|
|
591
|
+
/** Is this in node_modules or vendor */
|
|
592
|
+
isVendorCode?: boolean;
|
|
593
|
+
/** Is this a test file */
|
|
594
|
+
isTestFile?: boolean;
|
|
595
|
+
/** Previous findings in this file */
|
|
596
|
+
previousFindings?: MalwareFinding[];
|
|
597
|
+
/** Findings from related files */
|
|
598
|
+
relatedFindings?: MalwareFinding[];
|
|
599
|
+
}
|
|
600
|
+
|
|
601
|
+
/**
|
|
602
|
+
* Analysis options
|
|
603
|
+
*/
|
|
604
|
+
export interface AnalysisOptions {
|
|
605
|
+
/** Maximum findings per file */
|
|
606
|
+
maxFindingsPerFile?: number;
|
|
607
|
+
/** Maximum time per rule in ms */
|
|
608
|
+
ruleTimeout?: number;
|
|
609
|
+
/** Maximum time per file in ms */
|
|
610
|
+
fileTimeout?: number;
|
|
611
|
+
/** Include disabled rules */
|
|
612
|
+
includeDisabled?: boolean;
|
|
613
|
+
/** Minimum severity to report */
|
|
614
|
+
minSeverity?: MalwareSeverity;
|
|
615
|
+
/** Minimum confidence to report */
|
|
616
|
+
minConfidence?: ConfidenceLevel;
|
|
617
|
+
/** Enable AST-based detection */
|
|
618
|
+
enableAst?: boolean;
|
|
619
|
+
/** Enable heuristic detection */
|
|
620
|
+
enableHeuristics?: boolean;
|
|
621
|
+
/** Enable correlation analysis */
|
|
622
|
+
enableCorrelation?: boolean;
|
|
623
|
+
/** Ignore vendor/node_modules */
|
|
624
|
+
ignoreVendor?: boolean;
|
|
625
|
+
/** Ignore test files */
|
|
626
|
+
ignoreTests?: boolean;
|
|
627
|
+
}
|
|
628
|
+
|
|
629
|
+
/**
|
|
630
|
+
* Analysis result summary
|
|
631
|
+
*/
|
|
632
|
+
export interface AnalysisResult {
|
|
633
|
+
/** All findings */
|
|
634
|
+
findings: MalwareFinding[];
|
|
635
|
+
/** Summary statistics */
|
|
636
|
+
summary: {
|
|
637
|
+
totalFindings: number;
|
|
638
|
+
bySeverity: Record<MalwareSeverity, number>;
|
|
639
|
+
byThreatType: Record<string, number>;
|
|
640
|
+
byConfidence: Record<ConfidenceLevel, number>;
|
|
641
|
+
highestScore: number;
|
|
642
|
+
averageScore: number;
|
|
643
|
+
};
|
|
644
|
+
/** Files analyzed */
|
|
645
|
+
filesAnalyzed: string[];
|
|
646
|
+
/** Analysis duration in ms */
|
|
647
|
+
duration: number;
|
|
648
|
+
/** Any errors during analysis */
|
|
649
|
+
errors?: Array<{
|
|
650
|
+
file: string;
|
|
651
|
+
rule?: string;
|
|
652
|
+
error: string;
|
|
653
|
+
}>;
|
|
654
|
+
}
|
|
655
|
+
|
|
656
|
+
// ============================================================================
|
|
657
|
+
// CATEGORIES
|
|
658
|
+
// ============================================================================
|
|
659
|
+
|
|
660
|
+
/**
|
|
661
|
+
* Malware finding categories
|
|
662
|
+
*/
|
|
663
|
+
export enum MalwareCategory {
|
|
664
|
+
BACKDOOR = 'backdoor',
|
|
665
|
+
CRYPTOMINER = 'cryptominer',
|
|
666
|
+
SPYWARE = 'spyware',
|
|
667
|
+
TROJAN = 'trojan',
|
|
668
|
+
WORM = 'worm',
|
|
669
|
+
RANSOMWARE = 'ransomware',
|
|
670
|
+
ADWARE = 'adware',
|
|
671
|
+
ROOTKIT = 'rootkit',
|
|
672
|
+
BOTNET = 'botnet',
|
|
673
|
+
EXPLOIT = 'exploit',
|
|
674
|
+
DROPPER = 'dropper',
|
|
675
|
+
OBFUSCATION = 'obfuscation',
|
|
676
|
+
EVASION = 'evasion',
|
|
677
|
+
SUPPLY_CHAIN = 'supply_chain',
|
|
678
|
+
SUSPICIOUS = 'suspicious'
|
|
679
|
+
}
|
|
680
|
+
|
|
681
|
+
// ============================================================================
|
|
682
|
+
// ENGINE INTERFACES
|
|
683
|
+
// ============================================================================
|
|
684
|
+
|
|
685
|
+
/**
|
|
686
|
+
* Rule engine interface
|
|
687
|
+
*/
|
|
688
|
+
export interface IMalwareRuleEngine {
|
|
689
|
+
/** Analyze a file */
|
|
690
|
+
analyze(context: AnalysisContext, options?: AnalysisOptions): Promise<MalwareFinding[]>;
|
|
691
|
+
/** Get all available rules */
|
|
692
|
+
getRules(): MalwareRule[];
|
|
693
|
+
/** Get rules by category */
|
|
694
|
+
getRulesByCategory(category: MalwareCategory): MalwareRule[];
|
|
695
|
+
/** Get rules by threat type */
|
|
696
|
+
getRulesByThreatType(type: MalwareThreatType): MalwareRule[];
|
|
697
|
+
/** Enable/disable a rule */
|
|
698
|
+
setRuleEnabled(ruleId: string, enabled: boolean): void;
|
|
699
|
+
/** Add a custom rule */
|
|
700
|
+
addRule(rule: MalwareRule): void;
|
|
701
|
+
/** Remove a rule */
|
|
702
|
+
removeRule(ruleId: string): void;
|
|
703
|
+
}
|
|
704
|
+
|
|
705
|
+
/**
|
|
706
|
+
* Pattern matcher interface
|
|
707
|
+
*/
|
|
708
|
+
export interface IPatternMatcher {
|
|
709
|
+
/** Match patterns against content */
|
|
710
|
+
match(
|
|
711
|
+
content: string,
|
|
712
|
+
patterns: MalwarePattern[],
|
|
713
|
+
language: SupportedLanguage
|
|
714
|
+
): PatternMatch[];
|
|
715
|
+
/** Match with timeout protection */
|
|
716
|
+
matchWithTimeout(
|
|
717
|
+
content: string,
|
|
718
|
+
patterns: MalwarePattern[],
|
|
719
|
+
language: SupportedLanguage,
|
|
720
|
+
timeout: number
|
|
721
|
+
): Promise<PatternMatch[]>;
|
|
722
|
+
}
|
|
723
|
+
|
|
724
|
+
/**
|
|
725
|
+
* Score calculator interface
|
|
726
|
+
*/
|
|
727
|
+
export interface IScoreCalculator {
|
|
728
|
+
/** Calculate malware score for a finding */
|
|
729
|
+
calculateScore(
|
|
730
|
+
rule: MalwareRule,
|
|
731
|
+
matches: PatternMatch[],
|
|
732
|
+
context: AnalysisContext
|
|
733
|
+
): MalwareScore;
|
|
734
|
+
/** Calculate combined score for multiple findings */
|
|
735
|
+
calculateCombinedScore(findings: MalwareFinding[]): MalwareScore;
|
|
736
|
+
}
|
|
737
|
+
|
|
738
|
+
/**
|
|
739
|
+
* Heuristic analyzer interface
|
|
740
|
+
*/
|
|
741
|
+
export interface IHeuristicAnalyzer {
|
|
742
|
+
/** Calculate entropy of content */
|
|
743
|
+
calculateEntropy(content: string): number;
|
|
744
|
+
/** Detect obfuscation level */
|
|
745
|
+
detectObfuscationLevel(content: string, language: SupportedLanguage): number;
|
|
746
|
+
/** Normalize code for analysis */
|
|
747
|
+
normalizeCode(content: string, language: SupportedLanguage): string;
|
|
748
|
+
/** Check for anti-debugging patterns */
|
|
749
|
+
hasAntiDebugging(content: string, language: SupportedLanguage): boolean;
|
|
750
|
+
/** Check for environment-dependent activation */
|
|
751
|
+
hasEnvironmentChecks(content: string): boolean;
|
|
752
|
+
}
|