npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/rules/vulnerabilities/engine/index.ts ADDED Viewed

@@ -0,0 +1,831 @@
+/**
+ * @fileoverview Vulnerability Rule Engine - Core Detection Engine
+ * @module rules/vulnerabilities/engine
+ *
+ * Orchestrates vulnerability detection across all rule categories:
+ * - Multi-pattern matching with timeout protection
+ * - Taint analysis integration
+ * - AST-aware analysis
+ * - Dynamic scoring
+ * - Rule correlation
+ * - Finding aggregation and deduplication
+ */
+import {
+  VulnerabilityRule,
+  VulnerabilityFinding,
+  VulnerabilityPattern,
+  VulnerabilityScore,
+  AnalysisContext,
+  AnalysisOptions,
+  IVulnerabilityRuleEngine,
+  IPatternMatcher,
+  PatternMatch,
+  PatternType,
+  VulnerabilitySeverity,
+  ConfidenceLevel,
+  SourceLocation,
+  SupportedLanguage,
+  RegexPattern,
+  TaintFlow,
+  DataFlowTrace,
+  SecurityStandards
+} from '../types';
+import {
+  safeRegexMatch,
+  safeRegexMatchAsync,
+  extractSnippet,
+  formatSnippetWithLineNumbers,
+  normalizeCode,
+  generateFindingId,
+  isTestFile,
+  isVendorCode,
+  getLineNumber,
+  getColumnNumber,
+  findTaintSources,
+  findTaintSinks,
+  findSanitizers,
+  adjustConfidenceForTaintFlow
+} from '../utils';
+import { VulnerabilityScoreCalculator } from '../scoring';
+import { LIMITS } from '../constants';
+// ============================================================================
+// PATTERN MATCHER IMPLEMENTATION
+// ============================================================================
+/**
+ * Pattern matcher with timeout protection
+ */
+export class PatternMatcher implements IPatternMatcher {
+  private timeoutMs: number;
+  private maxMatches: number;
+  constructor(options?: { timeoutMs?: number; maxMatches?: number }) {
+    this.timeoutMs = options?.timeoutMs ?? LIMITS.REGEX_TIMEOUT;
+    this.maxMatches = options?.maxMatches ?? LIMITS.MAX_MATCHES_PER_PATTERN;
+  }
+  /**
+   * Match patterns against content
+   */
+  match(
+    content: string,
+    patterns: VulnerabilityPattern[],
+    language: SupportedLanguage
+  ): PatternMatch[] {
+    const allMatches: PatternMatch[] = [];
+    for (const pattern of patterns) {
+      // Check language compatibility
+      if (pattern.languages && !pattern.languages.includes(language)) {
+        continue;
+      }
+      const matches = this.matchSinglePattern(pattern, content, language);
+      allMatches.push(...matches);
+      if (allMatches.length >= this.maxMatches) {
+        break;
+      }
+    }
+    return allMatches;
+  }
+  /**
+   * Match with timeout protection
+   */
+  async matchWithTimeout(
+    content: string,
+    patterns: VulnerabilityPattern[],
+    language: SupportedLanguage,
+    timeout: number
+  ): Promise<PatternMatch[]> {
+    return new Promise((resolve) => {
+      const timeoutId = setTimeout(() => {
+        resolve([]);
+      }, timeout);
+      try {
+        const results = this.match(content, patterns, language);
+        clearTimeout(timeoutId);
+        resolve(results);
+      } catch {
+        clearTimeout(timeoutId);
+        resolve([]);
+      }
+    });
+  }
+  /**
+   * Match a single pattern against code
+   */
+  private matchSinglePattern(
+    pattern: VulnerabilityPattern,
+    code: string,
+    language: SupportedLanguage
+  ): PatternMatch[] {
+    try {
+      switch (pattern.type) {
+        case PatternType.REGEX:
+          return safeRegexMatch(code, pattern as RegexPattern);
+        case PatternType.LITERAL:
+          return this.matchLiteralPattern(pattern, code);
+        case PatternType.AST:
+          // AST patterns require external AST parser
+          return [];
+        case PatternType.TAINT:
+          // Taint patterns are handled separately
+          return [];
+        case PatternType.SEMANTIC:
+          // Semantic patterns require deeper analysis
+          return [];
+        case PatternType.CFG:
+          // CFG patterns require control flow analysis
+          return [];
+        default:
+          return [];
+      }
+    } catch (error) {
+      console.error(`Pattern matching error for ${pattern.patternId}:`, error);
+      return [];
+    }
+  }
+  /**
+   * Match literal string pattern
+   */
+  private matchLiteralPattern(
+    pattern: VulnerabilityPattern,
+    code: string
+  ): PatternMatch[] {
+    const matches: PatternMatch[] = [];
+    if (pattern.type !== PatternType.LITERAL) return matches;
+    const literalPattern = pattern as { type: PatternType.LITERAL; value: string; caseSensitive?: boolean };
+    const searchString = literalPattern.value || '';
+    const searchCode = literalPattern.caseSensitive === false ? code.toLowerCase() : code;
+    const searchFor = literalPattern.caseSensitive === false ? searchString.toLowerCase() : searchString;
+    let index = 0;
+    while (index < searchCode.length && matches.length < this.maxMatches) {
+      index = searchCode.indexOf(searchFor, index);
+      if (index === -1) break;
+      const line = getLineNumber(code, index);
+      const column = getColumnNumber(code, index);
+      matches.push({
+        pattern,
+        matchedText: code.substring(index, index + searchString.length),
+        location: {
+          filePath: '',
+          startLine: line,
+          endLine: line,
+          startColumn: column,
+          endColumn: column + searchString.length
+        }
+      });
+      index += searchString.length;
+    }
+    return matches;
+  }
+}
+// ============================================================================
+// SIMPLE TAINT ANALYZER
+// ============================================================================
+/**
+ * Simple taint analyzer for detecting data flows
+ */
+export class SimpleTaintAnalyzer {
+  /**
+   * Analyze taint flows in code
+   */
+  analyze(
+    context: AnalysisContext,
+    rule: VulnerabilityRule
+  ): TaintFlow[] {
+    const flows: TaintFlow[] = [];
+    if (!rule.taintSources || !rule.taintSinks) {
+      return flows;
+    }
+    // Find all sources
+    const sources = findTaintSources(
+      context.content,
+      rule.taintSources,
+      context.language
+    );
+    // Find all sinks
+    const sinks = findTaintSinks(
+      context.content,
+      rule.taintSinks,
+      context.language
+    );
+    // For each source-sink pair, check if there's a potential flow
+    for (const sourceMatch of sources) {
+      for (const sinkMatch of sinks) {
+        // Simple heuristic: if source appears before sink in the same file
+        if (sourceMatch.location.startLine <= sinkMatch.location.startLine) {
+          // Check for sanitizers between source and sink
+          const sanitizers = rule.taintSanitizers
+            ? findSanitizers(
+                context.content,
+                sourceMatch.location,
+                sinkMatch.location,
+                rule.taintSanitizers
+              )
+            : [];
+          const isExploitable = sanitizers.length === 0;
+          flows.push({
+            source: sourceMatch.source,
+            sink: sinkMatch.sink,
+            path: [
+              {
+                name: sourceMatch.matchedText,
+                location: sourceMatch.location,
+                operation: 'source'
+              },
+              {
+                name: sinkMatch.matchedText,
+                location: sinkMatch.location,
+                operation: 'sink'
+              }
+            ],
+            sanitizers,
+            isExploitable,
+            confidence: isExploitable ? ConfidenceLevel.HIGH : ConfidenceLevel.MEDIUM
+          });
+        }
+      }
+    }
+    return flows;
+  }
+  /**
+   * Convert taint flow to data flow trace for reporting
+   */
+  createDataFlowTrace(
+    flow: TaintFlow,
+    code: string
+  ): DataFlowTrace {
+    const sourceSnippet = extractSnippet(code, flow.path[0].location, 1);
+    const sinkSnippet = extractSnippet(code, flow.path[flow.path.length - 1].location, 1);
+    return {
+      source: {
+        name: flow.source.name,
+        location: flow.path[0].location,
+        codeSnippet: sourceSnippet.snippet
+      },
+      propagation: flow.path.slice(1, -1).map(node => ({
+        variable: node.name,
+        location: node.location,
+        operation: node.operation || 'propagate',
+        codeSnippet: extractSnippet(code, node.location, 0).snippet
+      })),
+      sink: {
+        name: flow.sink.name,
+        location: flow.path[flow.path.length - 1].location,
+        codeSnippet: sinkSnippet.snippet
+      },
+      sanitized: flow.sanitizers.length > 0,
+      sanitizationDetails: flow.sanitizers.length > 0 ? {
+        sanitizer: flow.sanitizers[0].name,
+        location: flow.path[0].location, // Approximate
+        effectiveness: flow.sanitizers[0].effectiveness ?? 80
+      } : undefined
+    };
+  }
+}
+// ============================================================================
+// ENGINE OPTIONS
+// ============================================================================
+export interface EngineOptions {
+  enableTaintAnalysis: boolean;
+  enableAstAnalysis: boolean;
+  enableCfgAnalysis: boolean;
+  timeoutMs: number;
+  maxFindings: number;
+  minConfidence: ConfidenceLevel;
+  includeInfo: boolean;
+  excludeTestFiles: boolean;
+  excludeVendorCode: boolean;
+  language?: SupportedLanguage;
+}
+const DEFAULT_OPTIONS: EngineOptions = {
+  enableTaintAnalysis: true,
+  enableAstAnalysis: false,
+  enableCfgAnalysis: false,
+  timeoutMs: LIMITS.RULE_TIMEOUT,
+  maxFindings: LIMITS.MAX_FINDINGS_PER_FILE,
+  minConfidence: ConfidenceLevel.LOW,
+  includeInfo: false,
+  excludeTestFiles: false,
+  excludeVendorCode: true
+};
+// ============================================================================
+// VULNERABILITY RULE ENGINE
+// ============================================================================
+/**
+ * Main vulnerability detection engine
+ */
+export class VulnerabilityRuleEngine implements IVulnerabilityRuleEngine {
+  private rules: Map<string, VulnerabilityRule>;
+  private patternMatcher: PatternMatcher;
+  private taintAnalyzer: SimpleTaintAnalyzer;
+  private scoreCalculator: VulnerabilityScoreCalculator;
+  private engineOptions: EngineOptions;
+  constructor(
+    rules: VulnerabilityRule[],
+    options?: Partial<EngineOptions>
+  ) {
+    this.rules = new Map(rules.map(rule => [rule.id, rule]));
+    this.patternMatcher = new PatternMatcher();
+    this.taintAnalyzer = new SimpleTaintAnalyzer();
+    this.scoreCalculator = new VulnerabilityScoreCalculator();
+    this.engineOptions = { ...DEFAULT_OPTIONS, ...options };
+  }
+  /**
+   * Analyze code against all enabled rules
+   */
+  async analyze(
+    context: AnalysisContext,
+    options?: AnalysisOptions
+  ): Promise<VulnerabilityFinding[]> {
+    const mergedOptions = { ...this.engineOptions, ...options };
+    // Check exclusions
+    if (mergedOptions.excludeTestFiles && isTestFile(context.filePath)) {
+      return [];
+    }
+    if (mergedOptions.excludeVendorCode && isVendorCode(context.filePath)) {
+      return [];
+    }
+    // Normalize code
+    const normalizedCode = normalizeCode(context.content, context.language);
+    const normalizedContext = { ...context, content: normalizedCode };
+    // Get applicable rules
+    const applicableRules = this.getApplicableRules(context.language);
+    const findings: VulnerabilityFinding[] = [];
+    for (const rule of applicableRules) {
+      try {
+        const ruleFindings = await this.analyzeWithRule(
+          normalizedContext,
+          rule,
+          mergedOptions
+        );
+        findings.push(...ruleFindings);
+        if (findings.length >= mergedOptions.maxFindings) {
+          break;
+        }
+      } catch (error) {
+        console.error(`Error analyzing with rule ${rule.id}:`, error);
+      }
+    }
+    // Sort by severity and score
+    findings.sort((a, b) => {
+      const severityOrder = {
+        [VulnerabilitySeverity.CRITICAL]: 0,
+        [VulnerabilitySeverity.HIGH]: 1,
+        [VulnerabilitySeverity.MEDIUM]: 2,
+        [VulnerabilitySeverity.LOW]: 3,
+        [VulnerabilitySeverity.INFO]: 4
+      };
+      const severityDiff = severityOrder[a.severity] - severityOrder[b.severity];
+      if (severityDiff !== 0) return severityDiff;
+      return b.score.score - a.score.score;
+    });
+    // Deduplicate
+    return this.deduplicateFindings(findings);
+  }
+  /**
+   * Analyze code with a specific rule
+   */
+  private async analyzeWithRule(
+    context: AnalysisContext,
+    rule: VulnerabilityRule,
+    options: EngineOptions
+  ): Promise<VulnerabilityFinding[]> {
+    const findings: VulnerabilityFinding[] = [];
+    // Pattern matching
+    const matches = await this.patternMatcher.matchWithTimeout(
+      context.content,
+      rule.patterns,
+      context.language,
+      options.timeoutMs
+    );
+    if (matches.length === 0) {
+      return findings;
+    }
+    // Taint analysis if enabled
+    let taintFlows: TaintFlow[] = [];
+    if (options.enableTaintAnalysis && (rule.taintSources || rule.taintSinks)) {
+      taintFlows = this.taintAnalyzer.analyze(context, rule);
+    }
+    // Group matches by location to avoid duplicate findings
+    const locationGroups = this.groupMatchesByLocation(matches);
+    for (const [locationKey, groupMatches] of locationGroups) {
+      // Find relevant taint flow for this location
+      const relevantFlow = taintFlows.find(flow =>
+        flow.path.some(node =>
+          this.locationsOverlap(node.location, groupMatches[0].location)
+        )
+      );
+      // Calculate score
+      const score = this.scoreCalculator.calculateScore(
+        rule,
+        groupMatches,
+        context,
+        relevantFlow
+      );
+      // Check minimum confidence
+      const confidence = relevantFlow
+        ? adjustConfidenceForTaintFlow(rule.confidence, true)
+        : rule.confidence;
+      if (!this.meetsMinConfidence(confidence, options.minConfidence)) {
+        continue;
+      }
+      // Filter out INFO if not requested
+      if (!options.includeInfo && score.calculatedSeverity === VulnerabilitySeverity.INFO) {
+        continue;
+      }
+      // Create finding
+      const finding = this.createFinding(
+        rule,
+        groupMatches,
+        context,
+        score,
+        relevantFlow
+      );
+      findings.push(finding);
+    }
+    return findings;
+  }
+  /**
+   * Create a vulnerability finding
+   */
+  private createFinding(
+    rule: VulnerabilityRule,
+    matches: PatternMatch[],
+    context: AnalysisContext,
+    score: VulnerabilityScore,
+    taintFlow?: TaintFlow
+  ): VulnerabilityFinding {
+    const primaryMatch = matches[0];
+    const location: SourceLocation = {
+      filePath: context.filePath,
+      startLine: primaryMatch.location.startLine,
+      endLine: primaryMatch.location.endLine,
+      startColumn: primaryMatch.location.startColumn,
+      endColumn: primaryMatch.location.endColumn
+    };
+    const { snippet } = extractSnippet(context.content, location, 3);
+    // Build data flow trace if taint flow exists
+    let dataFlowTrace: DataFlowTrace | undefined;
+    if (taintFlow) {
+      dataFlowTrace = this.taintAnalyzer.createDataFlowTrace(
+        taintFlow,
+        context.content
+      );
+    }
+    // Determine final confidence
+    const confidence = taintFlow
+      ? adjustConfidenceForTaintFlow(rule.confidence, true)
+      : rule.confidence;
+    return {
+      id: generateFindingId(rule.id, context.filePath, location.startLine),
+      ruleId: rule.id,
+      ruleName: rule.name,
+      location,
+      codeSnippet: snippet,
+      highlightedCode: primaryMatch.matchedText,
+      vulnerabilityType: rule.vulnerabilityType,
+      category: rule.category,
+      severity: score.calculatedSeverity,
+      confidence,
+      score,
+      patternMatches: matches,
+      taintFlow,
+      dataFlowTrace,
+      message: this.generateMessage(rule, matches, taintFlow),
+      auditAnalysis: this.generateAuditAnalysis(rule, matches, taintFlow, score),
+      developerExplanation: this.generateDeveloperExplanation(rule, matches),
+      remediation: rule.remediation,
+      standards: rule.standards,
+      detectedAt: new Date().toISOString(),
+      language: context.language,
+      isTestCode: context.isTestFile,
+      isVendorCode: context.isVendorCode
+    };
+  }
+  /**
+   * Generate finding message
+   */
+  private generateMessage(
+    rule: VulnerabilityRule,
+    matches: PatternMatch[],
+    taintFlow?: TaintFlow
+  ): string {
+    let message = `${rule.name}: ${rule.description}`;
+    if (taintFlow && taintFlow.isExploitable) {
+      message += ` Confirmed data flow from '${taintFlow.source.name}' to '${taintFlow.sink.name}'.`;
+    }
+    return message;
+  }
+  /**
+   * Generate detailed audit analysis
+   */
+  private generateAuditAnalysis(
+    rule: VulnerabilityRule,
+    matches: PatternMatch[],
+    taintFlow: TaintFlow | undefined,
+    score: VulnerabilityScore
+  ): string {
+    const parts: string[] = [];
+    parts.push(`## Vulnerability Analysis: ${rule.name}`);
+    parts.push('');
+    parts.push(`**Vulnerability Type:** ${rule.vulnerabilityType}`);
+    parts.push(`**Category:** ${rule.category}`);
+    parts.push(`**Severity:** ${score.calculatedSeverity.toUpperCase()}`);
+    parts.push(`**Risk Score:** ${score.score}/100`);
+    parts.push('');
+    // Standards mapping
+    parts.push('### Security Standards');
+    if (rule.standards.owasp?.length) {
+      parts.push(`**OWASP:** ${rule.standards.owasp.map(o => o.id).join(', ')}`);
+    }
+    if (rule.standards.cwe?.length) {
+      parts.push(`**CWE:** ${rule.standards.cwe.map(c => c.id).join(', ')}`);
+    }
+    parts.push('');
+    // Detection details
+    parts.push('### Detection Details');
+    parts.push(`**Pattern Matches:** ${matches.length}`);
+    if (taintFlow) {
+      parts.push('');
+      parts.push('### Data Flow Analysis');
+      parts.push(`**Source:** ${taintFlow.source.name}`);
+      parts.push(`**Sink:** ${taintFlow.sink.name}`);
+      parts.push(`**Exploitable:** ${taintFlow.isExploitable ? 'Yes' : 'No'}`);
+      if (taintFlow.sanitizers.length > 0) {
+        parts.push(`**Sanitizers Applied:** ${taintFlow.sanitizers.map(s => s.name).join(', ')}`);
+      }
+    }
+    parts.push('');
+    parts.push('### Impact Assessment');
+    if (rule.impact) {
+      parts.push(`**Confidentiality:** ${rule.impact.confidentiality}`);
+      parts.push(`**Integrity:** ${rule.impact.integrity}`);
+      parts.push(`**Availability:** ${rule.impact.availability}`);
+      parts.push(`**Technical Impact:** ${rule.impact.technicalImpact}`);
+      parts.push(`**Business Impact:** ${rule.impact.businessImpact}`);
+    }
+    parts.push('');
+    parts.push('### Score Breakdown');
+    parts.push('```');
+    parts.push(score.explanation);
+    parts.push('```');
+    return parts.join('\n');
+  }
+  /**
+   * Generate developer-friendly explanation
+   */
+  private generateDeveloperExplanation(
+    rule: VulnerabilityRule,
+    matches: PatternMatch[]
+  ): string {
+    const parts: string[] = [];
+    parts.push(`**What's the problem?**`);
+    parts.push(rule.description);
+    parts.push('');
+    parts.push(`**Why is this dangerous?**`);
+    if (rule.impact) {
+      parts.push(rule.impact.technicalImpact);
+    }
+    parts.push('');
+    parts.push(`**How to fix it:**`);
+    parts.push(rule.remediation.summary);
+    if (rule.remediation.steps?.length) {
+      rule.remediation.steps.forEach((step, i) => {
+        parts.push(`${i + 1}. ${step}`);
+      });
+    }
+    if (rule.remediation.secureCodeExample) {
+      parts.push('');
+      parts.push('**Secure code example:**');
+      parts.push('```');
+      parts.push(rule.remediation.secureCodeExample);
+      parts.push('```');
+    }
+    return parts.join('\n');
+  }
+  /**
+   * Get rules applicable to a language
+   */
+  private getApplicableRules(language: SupportedLanguage): VulnerabilityRule[] {
+    return Array.from(this.rules.values()).filter(rule =>
+      rule.enabled && rule.languages.includes(language)
+    );
+  }
+  /**
+   * Get all registered rules
+   */
+  getRules(): VulnerabilityRule[] {
+    return Array.from(this.rules.values());
+  }
+  /**
+   * Get rule by ID
+   */
+  getRule(id: string): VulnerabilityRule | undefined {
+    return this.rules.get(id);
+  }
+  /**
+   * Enable/disable a rule
+   */
+  setRuleEnabled(id: string, enabled: boolean): void {
+    const rule = this.rules.get(id);
+    if (rule) {
+      rule.enabled = enabled;
+    }
+  }
+  /**
+   * Add a custom rule
+   */
+  addRule(rule: VulnerabilityRule): void {
+    this.rules.set(rule.id, rule);
+  }
+  /**
+   * Group matches by location
+   */
+  private groupMatchesByLocation(
+    matches: PatternMatch[]
+  ): Map<string, PatternMatch[]> {
+    const groups = new Map<string, PatternMatch[]>();
+    for (const match of matches) {
+      const key = `${match.location.startLine}:${match.location.startColumn}`;
+      const existing = groups.get(key) || [];
+      existing.push(match);
+      groups.set(key, existing);
+    }
+    return groups;
+  }
+  /**
+   * Check if two locations overlap
+   */
+  private locationsOverlap(a: SourceLocation, b: SourceLocation): boolean {
+    return a.startLine <= b.endLine && b.startLine <= a.endLine;
+  }
+  /**
+   * Check if confidence meets minimum
+   */
+  private meetsMinConfidence(
+    confidence: ConfidenceLevel,
+    minConfidence: ConfidenceLevel
+  ): boolean {
+    const levels = [
+      ConfidenceLevel.TENTATIVE,
+      ConfidenceLevel.LOW,
+      ConfidenceLevel.MEDIUM,
+      ConfidenceLevel.HIGH,
+      ConfidenceLevel.CONFIRMED
+    ];
+    return levels.indexOf(confidence) >= levels.indexOf(minConfidence);
+  }
+  /**
+   * Deduplicate findings
+   */
+  private deduplicateFindings(
+    findings: VulnerabilityFinding[]
+  ): VulnerabilityFinding[] {
+    const seen = new Set<string>();
+    return findings.filter(finding => {
+      const key = `${finding.ruleId}:${finding.location.filePath}:${finding.location.startLine}`;
+      if (seen.has(key)) {
+        return false;
+      }
+      seen.add(key);
+      return true;
+    });
+  }
+}
+// ============================================================================
+// FACTORY FUNCTIONS
+// ============================================================================
+/**
+ * Create default vulnerability engine
+ */
+export function createDefaultEngine(
+  rules: VulnerabilityRule[],
+  options?: Partial<EngineOptions>
+): VulnerabilityRuleEngine {
+  return new VulnerabilityRuleEngine(rules, options);
+}
+/**
+ * Quick scan function for simple usage
+ */
+export async function quickScan(
+  code: string,
+  filePath: string,
+  language: SupportedLanguage,
+  rules: VulnerabilityRule[],
+  options?: Partial<EngineOptions>
+): Promise<VulnerabilityFinding[]> {
+  const engine = createDefaultEngine(rules, options);
+  const context: AnalysisContext = {
+    filePath,
+    content: code,
+    language,
+    isTestFile: isTestFile(filePath),
+    isVendorCode: isVendorCode(filePath)
+  };
+  return engine.analyze(context);
+}