secure-scan 1.2.2

package/dist/rules/malware/index.d.ts

@@ -0,0 +1,205 @@
+/**
+ * @fileoverview Malware Detection Module - Main Entry Point
+ * @module rules/malware
+ *
+ * Enterprise-grade malware detection system with:
+ * - Multi-pattern detection (Regex, AST, Heuristic, Semantic)
+ * - Dynamic scoring with MITRE ATT&CK integration
+ * - 60+ comprehensive rules across 7 categories
+ * - Support for 13 programming languages
+ * - ReDoS protection and timeout safeguards
+ * - Obfuscation detection and entropy analysis
+ *
+ * @example
+ * ```typescript
+ * import { MalwareRuleEngine, createMalwareEngine } from './rules/malware';
+ *
+ * // Create engine with all rules
+ * const engine = createMalwareEngine();
+ *
+ * // Analyze code
+ * const findings = await engine.analyze(code, {
+ *   filePath: 'suspicious.js',
+ *   language: 'javascript'
+ * });
+ *
+ * // Check results
+ * findings.forEach(finding => {
+ *   console.log(`${finding.severity}: ${finding.ruleName}`);
+ *   console.log(`Score: ${finding.score.totalScore}/100`);
+ * });
+ * ```
+ */
+import { Rule } from '../../types';
+export * from './types';
+export { calculateEntropy, analyzeEntropyByLine, normalizeCode, detectObfuscationLevel, detectAntiDebugging, detectEnvironmentChecks, safeRegexMatch, extractSnippet, analyzeBase64Content, extractSuspiciousStrings } from './utils';
+export { SCORE_THRESHOLDS, ENTROPY_THRESHOLDS, LIMITS, OBFUSCATION_INDICATORS, SUSPICIOUS_HOSTS, CRYPTO_INDICATORS, DANGEROUS_FUNCTIONS, MITRE_TECHNIQUES } from './constants';
+export { MalwareScoreCalculator } from './scoring';
+export { MalwareRuleEngine, PatternMatcher, createDefaultEngine, quickScan, EngineOptions } from './engine';
+import { backdoorRules as newBackdoorRules } from './categories/backdoors';
+import { cryptominerRules as newCryptominerRules } from './categories/cryptominers';
+import { keyloggerRules as newKeyloggerRules } from './categories/keyloggers';
+import { exfiltrationRules as newExfiltrationRules } from './categories/exfiltration';
+import { obfuscationRules as newObfuscationRules } from './categories/obfuscation';
+import { loaderRules as newLoaderRules } from './categories/loaders';
+import { networkRules as newNetworkRules } from './categories/network';
+export { newBackdoorRules as backdoorRulesV2, newCryptominerRules as cryptominerRulesV2, newKeyloggerRules as keyloggerRulesV2, newExfiltrationRules as exfiltrationRulesV2, newObfuscationRules as obfuscationRulesV2, newLoaderRules as loaderRulesV2, newNetworkRules as networkRulesV2 };
+import { MalwareRule } from './types';
+/**
+ * All malware detection rules (60+ rules)
+ */
+export declare const allMalwareRules: MalwareRule[];
+/**
+ * Critical severity rules only
+ */
+export declare const criticalRules: MalwareRule[];
+/**
+ * High confidence rules only
+ */
+export declare const highConfidenceRules: MalwareRule[];
+import { MalwareRuleEngine, EngineOptions } from './engine';
+/**
+ * Create a fully configured malware detection engine with all rules
+ *
+ * @param options - Optional analysis configuration
+ * @returns Configured MalwareRuleEngine instance
+ *
+ * @example
+ * ```typescript
+ * const engine = createMalwareEngine({
+ *   enableHeuristics: true,
+ *   enableAstAnalysis: true,
+ *   minConfidence: 0.5
+ * });
+ * ```
+ */
+export declare function createMalwareEngine(options?: Partial<EngineOptions>): MalwareRuleEngine;
+/**
+ * Create an engine with only critical severity rules
+ *
+ * @param options - Optional analysis configuration
+ * @returns MalwareRuleEngine with critical rules only
+ */
+export declare function createCriticalOnlyEngine(options?: Partial<EngineOptions>): MalwareRuleEngine;
+/**
+ * Create an engine with custom rule subset
+ *
+ * @param rules - Array of rules to include
+ * @param options - Optional analysis configuration
+ * @returns MalwareRuleEngine with specified rules
+ */
+export declare function createCustomEngine(rules: MalwareRule[], options?: Partial<EngineOptions>): MalwareRuleEngine;
+import { MalwareFinding } from './types';
+/**
+ * Quick malware scan with default settings
+ *
+ * @param code - Code to analyze
+ * @param language - Programming language
+ * @returns Scan results with malicious status
+ *
+ * @example
+ * ```typescript
+ * const result = await scanForMalware(suspiciousCode, 'javascript');
+ * if (result.isMalicious) {
+ *   console.log(`Malware detected! Score: ${result.score}`);
+ *   result.findings.forEach(f => console.log(f.ruleName));
+ * }
+ * ```
+ */
+export declare function scanForMalware(code: string, language?: string): Promise<{
+    isMalicious: boolean;
+    score: number;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'clean';
+    findings: MalwareFinding[];
+    summary: {
+        totalFindings: number;
+        criticalCount: number;
+        highCount: number;
+    };
+}>;
+/**
+ * Check if code contains specific malware category
+ *
+ * @param code - Code to analyze
+ * @param category - Malware category to check
+ * @param language - Programming language
+ * @returns True if category detected
+ *
+ * @example
+ * ```typescript
+ * const hasBackdoor = await hasMalwareCategory(code, 'backdoor', 'javascript');
+ * ```
+ */
+export declare function hasMalwareCategory(code: string, category: 'backdoor' | 'cryptominer' | 'keylogger' | 'exfiltration' | 'obfuscation' | 'loader' | 'network', language?: string): Promise<boolean>;
+/**
+ * Analyze code and generate detailed report
+ *
+ * @param code - Code to analyze
+ * @param filePath - File path for context
+ * @param language - Programming language
+ * @returns Detailed analysis report
+ */
+export declare function generateMalwareReport(code: string, filePath: string, language?: string): Promise<{
+    filePath: string;
+    language?: string;
+    timestamp: Date;
+    findings: MalwareFinding[];
+    summary: {
+        totalFindings: number;
+        bySeverity: Record<string, number>;
+        byCategory: Record<string, number>;
+        highestScore: number;
+        isMalicious: boolean;
+    };
+    mitreAttack: Array<{
+        tactic: string;
+        technique: string;
+        count: number;
+    }>;
+    recommendations: string[];
+}>;
+export declare const MALWARE_MODULE_INFO: {
+    version: string;
+    totalRules: number;
+    categories: string[];
+    supportedLanguages: string[];
+    features: string[];
+};
+/**
+ * Get module information
+ */
+export declare function getModuleInfo(): typeof MALWARE_MODULE_INFO;
+/**
+ * Export all malware rules (LEGACY COMPATIBILITY)
+ * For backward compatibility with existing codebase
+ */
+export declare const malwareRules: Rule[];
+declare const _default: {
+    MalwareRuleEngine: typeof MalwareRuleEngine;
+    createMalwareEngine: typeof createMalwareEngine;
+    createCriticalOnlyEngine: typeof createCriticalOnlyEngine;
+    createCustomEngine: typeof createCustomEngine;
+    allMalwareRules: MalwareRule[];
+    backdoorRulesV2: MalwareRule[];
+    cryptominerRules: Rule[];
+    keyloggerRules: Rule[];
+    exfiltrationRules: Rule[];
+    obfuscationRules: Rule[];
+    loaderRules: Rule[];
+    networkRules: Rule[];
+    scanForMalware: typeof scanForMalware;
+    hasMalwareCategory: typeof hasMalwareCategory;
+    generateMalwareReport: typeof generateMalwareReport;
+    getModuleInfo: typeof getModuleInfo;
+    malwareRules: Rule[];
+    backdoorRules: Rule[];
+    MALWARE_MODULE_INFO: {
+        version: string;
+        totalRules: number;
+        categories: string[];
+        supportedLanguages: string[];
+        features: string[];
+    };
+};
+export default _default;
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/malware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/malware/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAMH,OAAO,EAAE,IAAI,EAAyC,MAAM,aAAa,CAAC;AAO1E,cAAc,SAAS,CAAC;AAMxB,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,aAAa,EACb,sBAAsB,EACtB,mBAAmB,EACnB,uBAAuB,EACvB,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,wBAAwB,EACzB,MAAM,SAAS,CAAC;AAMjB,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,MAAM,EACN,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EACjB,MAAM,aAAa,CAAC;AAMrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AAMnD,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,mBAAmB,EACnB,SAAS,EACT,aAAa,EACd,MAAM,UAAU,CAAC;AAMlB,OAAO,EAAE,aAAa,IAAI,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,IAAI,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACpF,OAAO,EAAE,cAAc,IAAI,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,IAAI,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACtF,OAAO,EAAE,gBAAgB,IAAI,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AACnF,OAAO,EAAE,WAAW,IAAI,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EAAE,YAAY,IAAI,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvE,OAAO,EACL,gBAAgB,IAAI,eAAe,EACnC,mBAAmB,IAAI,kBAAkB,EACzC,iBAAiB,IAAI,gBAAgB,EACrC,oBAAoB,IAAI,mBAAmB,EAC3C,mBAAmB,IAAI,kBAAkB,EACzC,cAAc,IAAI,aAAa,EAC/B,eAAe,IAAI,cAAc,EAClC,CAAC;AAMF,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,WAAW,EAQxC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,WAAW,EAEtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,WAAW,EAE5C,CAAC;AAMF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG5D;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,iBAAiB,CAEnB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,iBAAiB,CAEnB;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,iBAAiB,CAEnB;AAMD,OAAO,EAAE,cAAc,EAAsC,MAAM,SAAS,CAAC;AAE7E;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;IACT,WAAW,EAAE,OAAO,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,OAAO,CAAC;IAC3D,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC,CAkCD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,UAAU,GAAG,aAAa,GAAG,WAAW,GAAG,cAAc,GAAG,aAAa,GAAG,QAAQ,GAAG,SAAS,EAC1G,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAoClB;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;IACT,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,WAAW,EAAE,KAAK,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,CAAC;IACH,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC,CAoED;AAMD,eAAO,MAAM,mBAAmB;;;;;;CAqC/B,CAAC;AAEF;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,mBAAmB,CAE1D;AA+YD;;;GAGG;AACH,eAAO,MAAM,YAAY,EAAE,IAAI,EAS9B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMF,wBA6BE"}