secure-scan 1.2.2

package/dist/analyzers/javascript/malwareDetector.js

@@ -0,0 +1,616 @@
+"use strict";
+/**
+ * Malware Detection Module for JavaScript/TypeScript
+ * Detects various types of malicious code patterns
+ *
+ * Inspired by YARA rules and malware analysis techniques
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MalwareDetector = exports.MalwareType = void 0;
+const types_1 = require("../../types");
+const utils_1 = require("../../utils");
+/**
+ * Types of malware
+ */
+var MalwareType;
+(function (MalwareType) {
+    // Data Theft
+    MalwareType["STEALER"] = "stealer";
+    MalwareType["KEYLOGGER"] = "keylogger";
+    MalwareType["CREDENTIAL_HARVESTER"] = "credential_harvester";
+    // Cryptocurrency
+    MalwareType["CRYPTOMINER"] = "cryptominer";
+    MalwareType["CRYPTO_WALLET_STEALER"] = "crypto_wallet_stealer";
+    // Remote Access
+    MalwareType["BACKDOOR"] = "backdoor";
+    MalwareType["REVERSE_SHELL"] = "reverse_shell";
+    MalwareType["C2_COMMUNICATION"] = "c2_communication";
+    // Loaders
+    MalwareType["DROPPER"] = "dropper";
+    MalwareType["LOADER"] = "loader";
+    // Obfuscation
+    MalwareType["OBFUSCATED_PAYLOAD"] = "obfuscated_payload";
+    MalwareType["ENCODED_PAYLOAD"] = "encoded_payload";
+    // Supply Chain
+    MalwareType["TYPOSQUAT"] = "typosquat";
+    MalwareType["DEPENDENCY_CONFUSION"] = "dependency_confusion";
+    MalwareType["POSTINSTALL_MALWARE"] = "postinstall_malware";
+    // Evasion
+    MalwareType["ANTI_DEBUGGING"] = "anti_debugging";
+    MalwareType["VM_DETECTION"] = "vm_detection";
+    MalwareType["SANDBOX_EVASION"] = "sandbox_evasion";
+    // Persistence
+    MalwareType["PERSISTENCE"] = "persistence";
+    // Generic
+    MalwareType["SUSPICIOUS_BEHAVIOR"] = "suspicious_behavior";
+})(MalwareType || (exports.MalwareType = MalwareType = {}));
+/**
+ * Malware detection patterns organized by category
+ */
+const MALWARE_PATTERNS = [
+    // ============ DATA STEALERS ============
+    {
+        name: 'Cookie Stealer',
+        type: MalwareType.STEALER,
+        pattern: /document\.cookie[\s\S]{0,100}(?:fetch|XMLHttpRequest|sendBeacon|axios|http)/gi,
+        description: 'Code that reads cookies and sends them to a remote server',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 85,
+        mitre: ['T1539', 'T1041'],
+        remediation: 'Remove the malicious code. Investigate how it was introduced.'
+    },
+    {
+        name: 'LocalStorage Exfiltration',
+        type: MalwareType.STEALER,
+        pattern: /localStorage(?:\.getItem|\[)[\s\S]{0,200}(?:fetch|XMLHttpRequest|sendBeacon|axios)/gi,
+        description: 'Reads localStorage data and sends it externally',
+        severity: types_1.Severity.HIGH,
+        confidence: 80,
+        mitre: ['T1005', 'T1041'],
+        remediation: 'Remove the exfiltration code and audit stored data.'
+    },
+    {
+        name: 'Credentials Harvester',
+        type: MalwareType.CREDENTIAL_HARVESTER,
+        pattern: /(?:password|passwd|pwd|credentials?|auth|token|secret|api[_-]?key)[\s\S]{0,50}(?:\.value|\.val\(\)|\.text)[\s\S]{0,100}(?:fetch|XMLHttp|send|post)/gi,
+        description: 'Harvests credential input fields and sends them',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 75,
+        mitre: ['T1056', 'T1041'],
+        remediation: 'Remove harvesting code and rotate all affected credentials.'
+    },
+    {
+        name: 'Environment Variable Stealer',
+        type: MalwareType.STEALER,
+        pattern: /process\.env[\s\S]{0,200}(?:fetch|http\.request|axios|child_process)/gi,
+        description: 'Reads environment variables and exfiltrates them',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 80,
+        mitre: ['T1552.001', 'T1041'],
+        remediation: 'Remove the code and rotate all environment secrets.'
+    },
+    {
+        name: 'SSH Key Stealer',
+        type: MalwareType.STEALER,
+        pattern: /(?:\.ssh|id_rsa|id_ed25519|known_hosts|authorized_keys)[\s\S]{0,100}(?:readFile|fs\.|createReadStream)/gi,
+        description: 'Attempts to read SSH keys',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 85,
+        mitre: ['T1552.004'],
+        remediation: 'Remove code and regenerate SSH keys.'
+    },
+    // ============ CRYPTOMINERS ============
+    {
+        name: 'Cryptominer - WebAssembly',
+        type: MalwareType.CRYPTOMINER,
+        pattern: /WebAssembly\.(?:instantiate|compile)[\s\S]{0,300}(?:hash|mine|worker|crypto)/gi,
+        description: 'WebAssembly-based cryptocurrency miner',
+        severity: types_1.Severity.HIGH,
+        confidence: 75,
+        mitre: ['T1496'],
+        remediation: 'Remove the cryptomining code entirely.'
+    },
+    {
+        name: 'Cryptominer - CoinHive Style',
+        type: MalwareType.CRYPTOMINER,
+        pattern: /(?:coinhive|coin-hive|cryptonight|monero|xmr|hashrate|CryptoNight)/gi,
+        description: 'Browser-based cryptocurrency miner reference',
+        severity: types_1.Severity.HIGH,
+        confidence: 90,
+        mitre: ['T1496'],
+        remediation: 'Remove all cryptomining references.'
+    },
+    {
+        name: 'Cryptominer - Worker Pool',
+        type: MalwareType.CRYPTOMINER,
+        pattern: /(?:stratum|mining[_-]?pool|worker\.postMessage[\s\S]{0,50}hash)/gi,
+        description: 'Mining pool communication pattern',
+        severity: types_1.Severity.HIGH,
+        confidence: 80,
+        mitre: ['T1496'],
+        remediation: 'Remove the mining worker code.'
+    },
+    {
+        name: 'Crypto Wallet Stealer',
+        type: MalwareType.CRYPTO_WALLET_STEALER,
+        pattern: /(?:wallet|ethereum|bitcoin|metamask|web3|privateKey)[\s\S]{0,100}(?:localStorage|send|post|fetch)/gi,
+        description: 'Attempts to steal cryptocurrency wallet data',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 75,
+        mitre: ['T1005', 'T1041'],
+        remediation: 'Remove code, notify affected users, rotate wallet keys.'
+    },
+    // ============ BACKDOORS & REMOTE ACCESS ============
+    {
+        name: 'Reverse Shell',
+        type: MalwareType.REVERSE_SHELL,
+        pattern: /(?:net\.Socket|dgram)[\s\S]{0,200}(?:spawn|exec)[\s\S]{0,100}(?:\/bin\/(?:sh|bash)|cmd\.exe|powershell)/gi,
+        description: 'Network socket connected to shell execution',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 95,
+        mitre: ['T1059', 'T1095'],
+        remediation: 'Remove immediately and audit all system access.'
+    },
+    {
+        name: 'Backdoor - Remote Code Execution',
+        type: MalwareType.BACKDOOR,
+        pattern: /(?:fetch|axios|http\.get)[\s\S]{0,100}(?:eval|Function|exec|spawn)[\s\S]{0,50}(?:body|response|data)/gi,
+        description: 'Fetches code from remote server and executes it',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 90,
+        mitre: ['T1105', 'T1059'],
+        remediation: 'Remove the backdoor and investigate compromise.'
+    },
+    {
+        name: 'C2 Beacon',
+        type: MalwareType.C2_COMMUNICATION,
+        pattern: /setInterval[\s\S]{0,100}(?:fetch|axios|XMLHttpRequest)[\s\S]{0,100}(?:exec|eval|Function)/gi,
+        description: 'Periodic command and control communication',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 80,
+        mitre: ['T1071', 'T1059'],
+        remediation: 'Remove C2 code and investigate network traffic.'
+    },
+    {
+        name: 'DNS Exfiltration',
+        type: MalwareType.C2_COMMUNICATION,
+        pattern: /(?:dns|resolve)[\s\S]{0,50}(?:encode|base64|hex)[\s\S]{0,50}(?:lookup|resolve4)/gi,
+        description: 'Data exfiltration via DNS queries',
+        severity: types_1.Severity.HIGH,
+        confidence: 75,
+        mitre: ['T1048.003'],
+        remediation: 'Remove the DNS exfiltration code.'
+    },
+    // ============ DROPPERS & LOADERS ============
+    {
+        name: 'Remote Script Loader',
+        type: MalwareType.LOADER,
+        pattern: /(?:document\.createElement\s*\(\s*['"`]script['"`]\s*\))[\s\S]{0,200}(?:src\s*=|appendChild)/gi,
+        description: 'Dynamically loads remote scripts',
+        severity: types_1.Severity.HIGH,
+        confidence: 70,
+        mitre: ['T1105'],
+        remediation: 'Verify script sources or remove dynamic loading.'
+    },
+    {
+        name: 'Payload Dropper',
+        type: MalwareType.DROPPER,
+        pattern: /(?:fs\.writeFile|writeFileSync)[\s\S]{0,100}(?:atob|Buffer\.from|base64|0x[0-9a-f]+)/gi,
+        description: 'Writes decoded payload to filesystem',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 85,
+        mitre: ['T1105', 'T1204'],
+        remediation: 'Remove dropper and scan for dropped files.'
+    },
+    {
+        name: 'curl/wget Pipe Execution',
+        type: MalwareType.DROPPER,
+        pattern: /(?:curl|wget)\s+[^\s]+\s*\|\s*(?:sh|bash|node|python)/gi,
+        description: 'Downloads and executes remote script',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 95,
+        mitre: ['T1059', 'T1105'],
+        remediation: 'Remove the dangerous command execution.'
+    },
+    // ============ OBFUSCATED & ENCODED PAYLOADS ============
+    {
+        name: 'Base64 Decode + Eval',
+        type: MalwareType.OBFUSCATED_PAYLOAD,
+        pattern: /(?:atob|Buffer\.from\s*\([^)]+,\s*['"`]base64['"`]\))[\s\S]{0,50}(?:eval|Function|exec)/gi,
+        description: 'Decodes Base64 and executes the result',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 90,
+        mitre: ['T1140', 'T1059'],
+        remediation: 'Decode and analyze the payload, then remove.'
+    },
+    {
+        name: 'Hex Decode + Eval',
+        type: MalwareType.OBFUSCATED_PAYLOAD,
+        pattern: /Buffer\.from\s*\([^)]+,\s*['"`]hex['"`]\)[\s\S]{0,50}(?:eval|Function|exec|toString)/gi,
+        description: 'Decodes hex-encoded payload and executes',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 85,
+        mitre: ['T1140', 'T1059'],
+        remediation: 'Decode and analyze, then remove the code.'
+    },
+    {
+        name: 'String.fromCharCode Obfuscation',
+        type: MalwareType.OBFUSCATED_PAYLOAD,
+        pattern: /String\.fromCharCode\s*\(\s*(?:\d+\s*,?\s*){10,}\)/gi,
+        description: 'Uses character codes to hide strings',
+        severity: types_1.Severity.HIGH,
+        confidence: 75,
+        mitre: ['T1140'],
+        remediation: 'Decode the character codes to analyze.'
+    },
+    {
+        name: 'Unicode Escape Obfuscation',
+        type: MalwareType.OBFUSCATED_PAYLOAD,
+        pattern: /(?:\\u[0-9a-f]{4}){10,}/gi,
+        description: 'Heavy use of unicode escapes for obfuscation',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 65,
+        mitre: ['T1140'],
+        remediation: 'Decode and review the actual content.'
+    },
+    {
+        name: 'Hex Escape Obfuscation',
+        type: MalwareType.OBFUSCATED_PAYLOAD,
+        pattern: /(?:\\x[0-9a-f]{2}){15,}/gi,
+        description: 'Heavy use of hex escapes for obfuscation',
+        severity: types_1.Severity.HIGH,
+        confidence: 70,
+        mitre: ['T1140'],
+        remediation: 'Decode and analyze the hidden content.'
+    },
+    // ============ ANTI-DEBUGGING / EVASION ============
+    {
+        name: 'DevTools Detection',
+        type: MalwareType.ANTI_DEBUGGING,
+        pattern: /(?:devtools|firebug)[\s\S]{0,50}(?:open|detect|isOpen)/gi,
+        description: 'Detects if browser DevTools is open',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 80,
+        mitre: ['T1622'],
+        remediation: 'Remove anti-debugging checks.'
+    },
+    {
+        name: 'Console Timing Detection',
+        type: MalwareType.ANTI_DEBUGGING,
+        pattern: /console\.(?:log|table|dir)[\s\S]{0,100}(?:Date\.now|performance\.now)[\s\S]{0,50}(?:>\s*\d+|threshold)/gi,
+        description: 'Uses console timing to detect debuggers',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 70,
+        mitre: ['T1622'],
+        remediation: 'Remove timing-based detection.'
+    },
+    {
+        name: 'Debugger Trap',
+        type: MalwareType.ANTI_DEBUGGING,
+        pattern: /(?:setInterval|setTimeout)[\s\S]{0,50}(?:function\s*\(\)\s*{\s*debugger|['"`]debugger['"`])/gi,
+        description: 'Repeatedly triggers debugger statement',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 85,
+        mitre: ['T1622'],
+        remediation: 'Remove the debugger trap code.'
+    },
+    {
+        name: 'VM/Sandbox Detection',
+        type: MalwareType.SANDBOX_EVASION,
+        pattern: /(?:navigator\.(?:webdriver|hardwareConcurrency|deviceMemory)|screen\.(?:width|height)[\s\S]{0,50}(?:800|1024))[\s\S]{0,100}(?:if|===|!==)/gi,
+        description: 'Checks for VM/sandbox environment',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 70,
+        mitre: ['T1497'],
+        remediation: 'Remove environment detection code.'
+    },
+    // ============ PERSISTENCE ============
+    {
+        name: 'Cron Job Creation',
+        type: MalwareType.PERSISTENCE,
+        pattern: /(?:cron|crontab|\/etc\/cron)[\s\S]{0,100}(?:write|exec|spawn|append)/gi,
+        description: 'Attempts to create scheduled tasks',
+        severity: types_1.Severity.HIGH,
+        confidence: 80,
+        mitre: ['T1053'],
+        remediation: 'Remove persistence mechanism and check crontab.'
+    },
+    {
+        name: 'Startup Script Modification',
+        type: MalwareType.PERSISTENCE,
+        pattern: /(?:\.bashrc|\.profile|\.bash_profile|init\.d|systemd)[\s\S]{0,100}(?:writeFile|appendFile|exec)/gi,
+        description: 'Modifies startup scripts for persistence',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 85,
+        mitre: ['T1546'],
+        remediation: 'Remove persistence and check startup files.'
+    },
+    // ============ SUPPLY CHAIN SPECIFIC ============
+    {
+        name: 'Package Install Hook Abuse',
+        type: MalwareType.POSTINSTALL_MALWARE,
+        pattern: /["'](?:preinstall|postinstall|preuninstall)["']\s*:\s*["'](?:[^"']*(?:curl|wget|node\s+-e|eval|exec)[^"']*)/gi,
+        description: 'Suspicious npm lifecycle script',
+        severity: types_1.Severity.CRITICAL,
+        confidence: 90,
+        mitre: ['T1195.002'],
+        remediation: 'Remove malicious lifecycle scripts.'
+    },
+    {
+        name: 'Suspicious Package Name Pattern',
+        type: MalwareType.TYPOSQUAT,
+        pattern: /require\s*\(\s*['"`](?:l[o0]dash|und[e3]rscore|ex[p9]ress|m[o0]ment|ax[i1]os|react-d[o0]m|vue-r[o0]uter)['"`]\s*\)/gi,
+        description: 'Potential typosquatting package import',
+        severity: types_1.Severity.HIGH,
+        confidence: 70,
+        mitre: ['T1195.002'],
+        remediation: 'Verify package names are spelled correctly.'
+    },
+    // ============ SUSPICIOUS NETWORK BEHAVIOR ============
+    {
+        name: 'Suspicious Webhook',
+        type: MalwareType.SUSPICIOUS_BEHAVIOR,
+        pattern: /(?:discord\.com\/api\/webhooks|hooks\.slack\.com|api\.telegram\.org\/bot)/gi,
+        description: 'Sends data to messaging webhook',
+        severity: types_1.Severity.HIGH,
+        confidence: 75,
+        mitre: ['T1567'],
+        remediation: 'Verify webhook usage is legitimate.'
+    },
+    {
+        name: 'Data Upload to Pastebin',
+        type: MalwareType.SUSPICIOUS_BEHAVIOR,
+        pattern: /(?:pastebin\.com|ghostbin|hastebin|paste\.ee)[\s\S]{0,100}(?:post|send|upload)/gi,
+        description: 'Uploads data to paste service',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 70,
+        mitre: ['T1567.002'],
+        remediation: 'Verify the data being uploaded.'
+    },
+    {
+        name: 'IP Logger',
+        type: MalwareType.SUSPICIOUS_BEHAVIOR,
+        pattern: /(?:iplogger|grabify|ipify|ip-api|whatismyip)[\s\S]{0,50}(?:fetch|get|request)/gi,
+        description: 'Resolves and potentially logs IP address',
+        severity: types_1.Severity.MEDIUM,
+        confidence: 65,
+        mitre: ['T1016'],
+        remediation: 'Verify IP lookup is necessary and legitimate.'
+    }
+];
+/**
+ * Long encoded string patterns to detect
+ */
+const ENCODED_STRING_THRESHOLD = 200;
+/**
+ * Malware Detector Class
+ */
+class MalwareDetector {
+    matches = [];
+    lines = [];
+    /**
+     * Scan code for malware patterns
+     */
+    scan(content, filePath) {
+        this.matches = [];
+        this.lines = content.split('\n');
+        // Run pattern matching
+        this.runPatternMatching(content);
+        // Check for suspicious encoded strings
+        this.checkEncodedStrings(content);
+        // Check for high entropy sections (possible encrypted/encoded payloads)
+        this.checkHighEntropyContent(content);
+        // Check for suspicious network URLs
+        this.checkSuspiciousUrls(content);
+        // Deduplicate matches
+        return this.deduplicateMatches();
+    }
+    /**
+     * Run all malware pattern checks
+     */
+    runPatternMatching(content) {
+        for (const pattern of MALWARE_PATTERNS) {
+            // Reset regex state
+            pattern.pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.pattern.exec(content)) !== null) {
+                const lineNumber = this.getLineNumber(content, match.index);
+                this.matches.push({
+                    type: pattern.type,
+                    name: pattern.name,
+                    description: pattern.description,
+                    severity: pattern.severity,
+                    line: lineNumber,
+                    code: this.getCodeSnippet(lineNumber),
+                    confidence: pattern.confidence,
+                    indicators: pattern.indicators ? pattern.indicators(match) : [match[0].substring(0, 100)],
+                    mitreAttack: pattern.mitre,
+                    remediation: pattern.remediation
+                });
+            }
+        }
+    }
+    /**
+     * Check for suspicious encoded strings
+     */
+    checkEncodedStrings(content) {
+        // Find long base64-like strings
+        const base64Pattern = /['"`]([A-Za-z0-9+/=]{100,})['"`]/g;
+        let match;
+        while ((match = base64Pattern.exec(content)) !== null) {
+            const encoded = match[1];
+            if ((0, utils_1.isBase64Like)(encoded)) {
+                const lineNumber = this.getLineNumber(content, match.index);
+                // Try to decode and check for suspicious content
+                let decodedContent = '';
+                try {
+                    decodedContent = Buffer.from(encoded, 'base64').toString('utf8');
+                }
+                catch {
+                    // Not valid base64
+                }
+                const isSuspicious = decodedContent.includes('eval') ||
+                    decodedContent.includes('exec') ||
+                    decodedContent.includes('Function') ||
+                    decodedContent.includes('http') ||
+                    decodedContent.includes('require');
+                if (isSuspicious) {
+                    this.matches.push({
+                        type: MalwareType.ENCODED_PAYLOAD,
+                        name: 'Suspicious Base64 Encoded Content',
+                        description: 'Long Base64 string that decodes to potentially malicious content',
+                        severity: types_1.Severity.HIGH,
+                        line: lineNumber,
+                        code: this.getCodeSnippet(lineNumber),
+                        confidence: 80,
+                        indicators: [`Base64 length: ${encoded.length}`, `Contains suspicious keywords when decoded`],
+                        mitreAttack: ['T1140'],
+                        remediation: 'Decode and analyze the Base64 content.'
+                    });
+                }
+            }
+        }
+        // Find long hex strings
+        const hexPattern = /['"`]((?:0x)?[0-9a-fA-F]{100,})['"`]/g;
+        while ((match = hexPattern.exec(content)) !== null) {
+            const hex = match[1];
+            if ((0, utils_1.isHexEncoded)(hex.replace(/^0x/, ''))) {
+                const lineNumber = this.getLineNumber(content, match.index);
+                this.matches.push({
+                    type: MalwareType.ENCODED_PAYLOAD,
+                    name: 'Suspicious Hex Encoded Content',
+                    description: 'Long hex-encoded string detected',
+                    severity: types_1.Severity.MEDIUM,
+                    line: lineNumber,
+                    code: this.getCodeSnippet(lineNumber),
+                    confidence: 65,
+                    indicators: [`Hex string length: ${hex.length}`],
+                    mitreAttack: ['T1140'],
+                    remediation: 'Decode and analyze the hex content.'
+                });
+            }
+        }
+    }
+    /**
+     * Check for high entropy content (encrypted/compressed data)
+     */
+    checkHighEntropyContent(content) {
+        // Split into chunks and check entropy
+        const chunkSize = 500;
+        for (let i = 0; i < this.lines.length; i++) {
+            const line = this.lines[i];
+            if (line.length > 200) {
+                const entropy = (0, utils_1.calculateEntropy)(line);
+                if (entropy > 5.8) {
+                    this.matches.push({
+                        type: MalwareType.OBFUSCATED_PAYLOAD,
+                        name: 'High Entropy Code Line',
+                        description: `Line with unusually high entropy (${entropy.toFixed(2)}) suggesting obfuscated or encrypted content`,
+                        severity: types_1.Severity.MEDIUM,
+                        line: i + 1,
+                        code: line.substring(0, 100) + '...',
+                        confidence: 60,
+                        indicators: [`Entropy: ${entropy.toFixed(2)}`],
+                        mitreAttack: ['T1027'],
+                        remediation: 'Analyze the obfuscated content.'
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Check for suspicious URLs
+     */
+    checkSuspiciousUrls(content) {
+        const suspiciousPatterns = [
+            // Dynamic DNS providers (often used by malware)
+            { pattern: /(?:no-ip\.com|duckdns\.org|dynu\.com|freedns\.afraid\.org)/gi, name: 'Dynamic DNS Service' },
+            // URL shorteners (can hide malicious destinations)
+            { pattern: /(?:bit\.ly|tinyurl\.com|t\.co|goo\.gl|is\.gd|v\.gd)\/\w+/gi, name: 'URL Shortener' },
+            // Raw IP addresses in URLs
+            { pattern: /https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/gi, name: 'Raw IP URL' },
+            // File sharing services
+            { pattern: /(?:mega\.nz|mediafire\.com|zippyshare\.com|uploadfiles)/gi, name: 'File Sharing Service' }
+        ];
+        for (const { pattern, name } of suspiciousPatterns) {
+            pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const lineNumber = this.getLineNumber(content, match.index);
+                this.matches.push({
+                    type: MalwareType.SUSPICIOUS_BEHAVIOR,
+                    name: `Suspicious URL: ${name}`,
+                    description: `Code references ${name} which may be used to hide malicious activity`,
+                    severity: types_1.Severity.MEDIUM,
+                    line: lineNumber,
+                    code: this.getCodeSnippet(lineNumber),
+                    confidence: 55,
+                    indicators: [match[0]],
+                    mitreAttack: ['T1102'],
+                    remediation: 'Verify the URL is legitimate and necessary.'
+                });
+            }
+        }
+    }
+    /**
+     * Get line number from string index
+     */
+    getLineNumber(content, index) {
+        const beforeMatch = content.substring(0, index);
+        return beforeMatch.split('\n').length;
+    }
+    /**
+     * Get code snippet for a line
+     */
+    getCodeSnippet(lineNumber) {
+        const lineIndex = lineNumber - 1;
+        if (lineIndex >= 0 && lineIndex < this.lines.length) {
+            return this.lines[lineIndex].trim().substring(0, 150);
+        }
+        return '';
+    }
+    /**
+     * Remove duplicate matches
+     */
+    deduplicateMatches() {
+        const seen = new Set();
+        return this.matches.filter(match => {
+            const key = `${match.type}:${match.line}:${match.name}`;
+            if (seen.has(key))
+                return false;
+            seen.add(key);
+            return true;
+        });
+    }
+    /**
+     * Get threat type for malware type
+     */
+    static getThreatType(type) {
+        const mapping = {
+            [MalwareType.STEALER]: types_1.ThreatType.DATA_EXFILTRATION,
+            [MalwareType.KEYLOGGER]: types_1.ThreatType.KEYLOGGER,
+            [MalwareType.CREDENTIAL_HARVESTER]: types_1.ThreatType.DATA_EXFILTRATION,
+            [MalwareType.CRYPTOMINER]: types_1.ThreatType.CRYPTOMINER,
+            [MalwareType.CRYPTO_WALLET_STEALER]: types_1.ThreatType.DATA_EXFILTRATION,
+            [MalwareType.BACKDOOR]: types_1.ThreatType.BACKDOOR,
+            [MalwareType.REVERSE_SHELL]: types_1.ThreatType.REVERSE_SHELL,
+            [MalwareType.C2_COMMUNICATION]: types_1.ThreatType.SUSPICIOUS_NETWORK,
+            [MalwareType.DROPPER]: types_1.ThreatType.MALICIOUS_LOADER,
+            [MalwareType.LOADER]: types_1.ThreatType.MALICIOUS_LOADER,
+            [MalwareType.OBFUSCATED_PAYLOAD]: types_1.ThreatType.OBFUSCATED_CODE,
+            [MalwareType.ENCODED_PAYLOAD]: types_1.ThreatType.EMBEDDED_PAYLOAD,
+            [MalwareType.TYPOSQUAT]: types_1.ThreatType.MALICIOUS_LOADER,
+            [MalwareType.DEPENDENCY_CONFUSION]: types_1.ThreatType.MALICIOUS_LOADER,
+            [MalwareType.POSTINSTALL_MALWARE]: types_1.ThreatType.MALICIOUS_LOADER,
+            [MalwareType.ANTI_DEBUGGING]: types_1.ThreatType.OBFUSCATED_CODE,
+            [MalwareType.VM_DETECTION]: types_1.ThreatType.OBFUSCATED_CODE,
+            [MalwareType.SANDBOX_EVASION]: types_1.ThreatType.OBFUSCATED_CODE,
+            [MalwareType.PERSISTENCE]: types_1.ThreatType.BACKDOOR,
+            [MalwareType.SUSPICIOUS_BEHAVIOR]: types_1.ThreatType.SUSPICIOUS_NETWORK
+        };
+        return mapping[type] || types_1.ThreatType.MALICIOUS_LOADER;
+    }
+}
+exports.MalwareDetector = MalwareDetector;
+exports.default = MalwareDetector;
+//# sourceMappingURL=malwareDetector.js.map

package/dist/analyzers/javascript/malwareDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"malwareDetector.js","sourceRoot":"","sources":["../../../src/analyzers/javascript/malwareDetector.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,uCAAsF;AAEtF,uCAA2E;AA4B3E;;GAEG;AACH,IAAY,WA8BX;AA9BD,WAAY,WAAW;IACrB,aAAa;IACb,kCAAmB,CAAA;IACnB,sCAAuB,CAAA;IACvB,4DAA6C,CAAA;IAC7C,iBAAiB;IACjB,0CAA2B,CAAA;IAC3B,8DAA+C,CAAA;IAC/C,gBAAgB;IAChB,oCAAqB,CAAA;IACrB,8CAA+B,CAAA;IAC/B,oDAAqC,CAAA;IACrC,UAAU;IACV,kCAAmB,CAAA;IACnB,gCAAiB,CAAA;IACjB,cAAc;IACd,wDAAyC,CAAA;IACzC,kDAAmC,CAAA;IACnC,eAAe;IACf,sCAAuB,CAAA;IACvB,4DAA6C,CAAA;IAC7C,0DAA2C,CAAA;IAC3C,UAAU;IACV,gDAAiC,CAAA;IACjC,4CAA6B,CAAA;IAC7B,kDAAmC,CAAA;IACnC,cAAc;IACd,0CAA2B,CAAA;IAC3B,UAAU;IACV,0DAA2C,CAAA;AAC7C,CAAC,EA9BW,WAAW,2BAAX,WAAW,QA8BtB;AA0BD;;GAEG;AACH,MAAM,gBAAgB,GAAqB;IACzC,0CAA0C;IAC1C;QACE,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,WAAW,CAAC,OAAO;QACzB,OAAO,EAAE,+EAA+E;QACxF,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,+DAA+D;KAC7E;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,IAAI,EAAE,WAAW,CAAC,OAAO;QACzB,OAAO,EAAE,sFAAsF;QAC/F,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,qDAAqD;KACnE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,WAAW,CAAC,oBAAoB;QACtC,OAAO,EAAE,sJAAsJ;QAC/J,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,6DAA6D;KAC3E;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,IAAI,EAAE,WAAW,CAAC,OAAO;QACzB,OAAO,EAAE,wEAAwE;QACjF,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;QAC7B,WAAW,EAAE,qDAAqD;KACnE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,WAAW,CAAC,OAAO;QACzB,OAAO,EAAE,0GAA0G;QACnH,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,WAAW,EAAE,sCAAsC;KACpD;IAED,yCAAyC;IACzC;QACE,IAAI,EAAE,2BAA2B;QACjC,IAAI,EAAE,WAAW,CAAC,WAAW;QAC7B,OAAO,EAAE,gFAAgF;QACzF,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,IAAI,EAAE,WAAW,CAAC,WAAW;QAC7B,OAAO,EAAE,sEAAsE;QAC/E,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,IAAI,EAAE,WAAW,CAAC,WAAW;QAC7B,OAAO,EAAE,mEAAmE;QAC5E,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,gCAAgC;KAC9C;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,WAAW,CAAC,qBAAqB;QACvC,OAAO,EAAE,qGAAqG;QAC9G,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,yDAAyD;KACvE;IAED,sDAAsD;IACtD;QACE,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,WAAW,CAAC,aAAa;QAC/B,OAAO,EAAE,2GAA2G;QACpH,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,IAAI,EAAE,WAAW,CAAC,QAAQ;QAC1B,OAAO,EAAE,wGAAwG;QACjH,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB;QAClC,OAAO,EAAE,6FAA6F;QACtG,WAAW,EAAE,4CAA4C;QACzD,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,WAAW,CAAC,gBAAgB;QAClC,OAAO,EAAE,mFAAmF;QAC5F,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,WAAW,EAAE,mCAAmC;KACjD;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,sBAAsB;QAC5B,IAAI,EAAE,WAAW,CAAC,MAAM;QACxB,OAAO,EAAE,gGAAgG;QACzG,WAAW,EAAE,kCAAkC;QAC/C,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,kDAAkD;KAChE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,WAAW,CAAC,OAAO;QACzB,OAAO,EAAE,wFAAwF;QACjG,WAAW,EAAE,sCAAsC;QACnD,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,WAAW,CAAC,OAAO;QACzB,OAAO,EAAE,yDAAyD;QAClE,WAAW,EAAE,sCAAsC;QACnD,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,yCAAyC;KACvD;IAED,0DAA0D;IAC1D;QACE,IAAI,EAAE,sBAAsB;QAC5B,IAAI,EAAE,WAAW,CAAC,kBAAkB;QACpC,OAAO,EAAE,2FAA2F;QACpG,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,8CAA8C;KAC5D;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,WAAW,CAAC,kBAAkB;QACpC,OAAO,EAAE,wFAAwF;QACjG,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzB,WAAW,EAAE,2CAA2C;KACzD;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,IAAI,EAAE,WAAW,CAAC,kBAAkB;QACpC,OAAO,EAAE,sDAAsD;QAC/D,WAAW,EAAE,sCAAsC;QACnD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,IAAI,EAAE,WAAW,CAAC,kBAAkB;QACpC,OAAO,EAAE,2BAA2B;QACpC,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,uCAAuC;KACrD;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,WAAW,CAAC,kBAAkB;QACpC,OAAO,EAAE,2BAA2B;QACpC,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,wCAAwC;KACtD;IAED,qDAAqD;IACrD;QACE,IAAI,EAAE,oBAAoB;QAC1B,IAAI,EAAE,WAAW,CAAC,cAAc;QAChC,OAAO,EAAE,0DAA0D;QACnE,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,WAAW,CAAC,cAAc;QAChC,OAAO,EAAE,0GAA0G;QACnH,WAAW,EAAE,yCAAyC;QACtD,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,gCAAgC;KAC9C;IACD;QACE,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,WAAW,CAAC,cAAc;QAChC,OAAO,EAAE,+FAA+F;QACxG,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,gCAAgC;KAC9C;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,IAAI,EAAE,WAAW,CAAC,eAAe;QACjC,OAAO,EAAE,6IAA6I;QACtJ,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,oCAAoC;KAClD;IAED,wCAAwC;IACxC;QACE,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,WAAW,CAAC,WAAW;QAC7B,OAAO,EAAE,wEAAwE;QACjF,WAAW,EAAE,oCAAoC;QACjD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,IAAI,EAAE,WAAW,CAAC,WAAW;QAC7B,OAAO,EAAE,mGAAmG;QAC5G,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,6CAA6C;KAC3D;IAED,kDAAkD;IAClD;QACE,IAAI,EAAE,4BAA4B;QAClC,IAAI,EAAE,WAAW,CAAC,mBAAmB;QACrC,OAAO,EAAE,+GAA+G;QACxH,WAAW,EAAE,iCAAiC;QAC9C,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,IAAI,EAAE,WAAW,CAAC,SAAS;QAC3B,OAAO,EAAE,sHAAsH;QAC/H,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,WAAW,EAAE,6CAA6C;KAC3D;IAED,wDAAwD;IACxD;QACE,IAAI,EAAE,oBAAoB;QAC1B,IAAI,EAAE,WAAW,CAAC,mBAAmB;QACrC,OAAO,EAAE,6EAA6E;QACtF,WAAW,EAAE,iCAAiC;QAC9C,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,IAAI,EAAE,WAAW,CAAC,mBAAmB;QACrC,OAAO,EAAE,kFAAkF;QAC3F,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,WAAW,CAAC;QACpB,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW,CAAC,mBAAmB;QACrC,OAAO,EAAE,iFAAiF;QAC1F,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,CAAC,OAAO,CAAC;QAChB,WAAW,EAAE,+CAA+C;KAC7D;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAErC;;GAEG;AACH,MAAa,eAAe;IAClB,OAAO,GAAmB,EAAE,CAAC;IAC7B,KAAK,GAAa,EAAE,CAAC;IAE7B;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,QAAgB;QACpC,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,uBAAuB;QACvB,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEjC,uCAAuC;QACvC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAElC,wEAAwE;QACxE,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAEtC,oCAAoC;QACpC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAElC,sBAAsB;QACtB,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,OAAe;QACxC,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,oBAAoB;YACpB,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAE9B,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACxD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAE5D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;oBACrC,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBACzF,WAAW,EAAE,OAAO,CAAC,KAAK;oBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,OAAe;QACzC,gCAAgC;QAChC,MAAM,aAAa,GAAG,mCAAmC,CAAC;QAC1D,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,IAAI,IAAA,oBAAY,EAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAE5D,iDAAiD;gBACjD,IAAI,cAAc,GAAG,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnE,CAAC;gBAAC,MAAM,CAAC;oBACP,mBAAmB;gBACrB,CAAC;gBAED,MAAM,YAAY,GAAG,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAChC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC/B,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC;oBACnC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC/B,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBAEvD,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;wBAChB,IAAI,EAAE,WAAW,CAAC,eAAe;wBACjC,IAAI,EAAE,mCAAmC;wBACzC,WAAW,EAAE,kEAAkE;wBAC/E,QAAQ,EAAE,gBAAQ,CAAC,IAAI;wBACvB,IAAI,EAAE,UAAU;wBAChB,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;wBACrC,UAAU,EAAE,EAAE;wBACd,UAAU,EAAE,CAAC,kBAAkB,OAAO,CAAC,MAAM,EAAE,EAAE,2CAA2C,CAAC;wBAC7F,WAAW,EAAE,CAAC,OAAO,CAAC;wBACtB,WAAW,EAAE,wCAAwC;qBACtD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,MAAM,UAAU,GAAG,uCAAuC,CAAC;QAC3D,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,IAAA,oBAAY,EAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;gBACzC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAE5D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,WAAW,CAAC,eAAe;oBACjC,IAAI,EAAE,gCAAgC;oBACtC,WAAW,EAAE,kCAAkC;oBAC/C,QAAQ,EAAE,gBAAQ,CAAC,MAAM;oBACzB,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;oBACrC,UAAU,EAAE,EAAE;oBACd,UAAU,EAAE,CAAC,sBAAsB,GAAG,CAAC,MAAM,EAAE,CAAC;oBAChD,WAAW,EAAE,CAAC,OAAO,CAAC;oBACtB,WAAW,EAAE,qCAAqC;iBACnD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,OAAe;QAC7C,sCAAsC;QACtC,MAAM,SAAS,GAAG,GAAG,CAAC;QACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAA,wBAAgB,EAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;oBAClB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;wBAChB,IAAI,EAAE,WAAW,CAAC,kBAAkB;wBACpC,IAAI,EAAE,wBAAwB;wBAC9B,WAAW,EAAE,qCAAqC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,8CAA8C;wBAClH,QAAQ,EAAE,gBAAQ,CAAC,MAAM;wBACzB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;wBACpC,UAAU,EAAE,EAAE;wBACd,UAAU,EAAE,CAAC,YAAY,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC9C,WAAW,EAAE,CAAC,OAAO,CAAC;wBACtB,WAAW,EAAE,iCAAiC;qBAC/C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,OAAe;QACzC,MAAM,kBAAkB,GAAG;YACzB,gDAAgD;YAChD,EAAE,OAAO,EAAE,8DAA8D,EAAE,IAAI,EAAE,qBAAqB,EAAE;YACxG,mDAAmD;YACnD,EAAE,OAAO,EAAE,4DAA4D,EAAE,IAAI,EAAE,eAAe,EAAE;YAChG,2BAA2B;YAC3B,EAAE,OAAO,EAAE,iDAAiD,EAAE,IAAI,EAAE,YAAY,EAAE;YAClF,wBAAwB;YACxB,EAAE,OAAO,EAAE,2DAA2D,EAAE,IAAI,EAAE,sBAAsB,EAAE;SACvG,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACnD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAE5D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,WAAW,CAAC,mBAAmB;oBACrC,IAAI,EAAE,mBAAmB,IAAI,EAAE;oBAC/B,WAAW,EAAE,mBAAmB,IAAI,+CAA+C;oBACnF,QAAQ,EAAE,gBAAQ,CAAC,MAAM;oBACzB,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;oBACrC,UAAU,EAAE,EAAE;oBACd,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACtB,WAAW,EAAE,CAAC,OAAO,CAAC;oBACtB,WAAW,EAAE,6CAA6C;iBAC3D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe,EAAE,KAAa;QAClD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,UAAkB;QACvC,MAAM,SAAS,GAAG,UAAU,GAAG,CAAC,CAAC;QACjC,IAAI,SAAS,IAAI,CAAC,IAAI,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;YACjC,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACxD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,IAAiB;QACpC,MAAM,OAAO,GAAoC;YAC/C,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAU,CAAC,iBAAiB;YACnD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,kBAAU,CAAC,SAAS;YAC7C,CAAC,WAAW,CAAC,oBAAoB,CAAC,EAAE,kBAAU,CAAC,iBAAiB;YAChE,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,kBAAU,CAAC,WAAW;YACjD,CAAC,WAAW,CAAC,qBAAqB,CAAC,EAAE,kBAAU,CAAC,iBAAiB;YACjE,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,kBAAU,CAAC,QAAQ;YAC3C,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,kBAAU,CAAC,aAAa;YACrD,CAAC,WAAW,CAAC,gBAAgB,CAAC,EAAE,kBAAU,CAAC,kBAAkB;YAC7D,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAU,CAAC,gBAAgB;YAClD,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,kBAAU,CAAC,gBAAgB;YACjD,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,kBAAU,CAAC,eAAe;YAC5D,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAU,CAAC,gBAAgB;YAC1D,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,kBAAU,CAAC,gBAAgB;YACpD,CAAC,WAAW,CAAC,oBAAoB,CAAC,EAAE,kBAAU,CAAC,gBAAgB;YAC/D,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,kBAAU,CAAC,gBAAgB;YAC9D,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,kBAAU,CAAC,eAAe;YACxD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,kBAAU,CAAC,eAAe;YACtD,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAU,CAAC,eAAe;YACzD,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,kBAAU,CAAC,QAAQ;YAC9C,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,kBAAU,CAAC,kBAAkB;SACjE,CAAC;QACF,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,kBAAU,CAAC,gBAAgB,CAAC;IACtD,CAAC;CACF;AAvPD,0CAuPC;AAED,kBAAe,eAAe,CAAC"}