secure-scan 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +564 -0
- package/dist/ai/aiAnalyzer.d.ts +99 -0
- package/dist/ai/aiAnalyzer.d.ts.map +1 -0
- package/dist/ai/aiAnalyzer.js +669 -0
- package/dist/ai/aiAnalyzer.js.map +1 -0
- package/dist/ai/index.d.ts +5 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +21 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.js +53 -0
- package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
- package/dist/analyzers/base/index.d.ts +5 -0
- package/dist/analyzers/base/index.d.ts.map +1 -0
- package/dist/analyzers/base/index.js +21 -0
- package/dist/analyzers/base/index.js.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
- package/dist/analyzers/c-cpp/index.d.ts +5 -0
- package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/index.js +21 -0
- package/dist/analyzers/c-cpp/index.js.map +1 -0
- package/dist/analyzers/core/engine/index.d.ts +5 -0
- package/dist/analyzers/core/engine/index.d.ts.map +1 -0
- package/dist/analyzers/core/engine/index.js +21 -0
- package/dist/analyzers/core/engine/index.js.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.js +173 -0
- package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
- package/dist/analyzers/core/index.d.ts +8 -0
- package/dist/analyzers/core/index.d.ts.map +1 -0
- package/dist/analyzers/core/index.js +24 -0
- package/dist/analyzers/core/index.js.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.js +199 -0
- package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
- package/dist/analyzers/core/scanner/index.d.ts +5 -0
- package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/index.js +21 -0
- package/dist/analyzers/core/scanner/index.js.map +1 -0
- package/dist/analyzers/core/scoring/index.d.ts +5 -0
- package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/index.js +21 -0
- package/dist/analyzers/core/scoring/index.js.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.js +180 -0
- package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
- package/dist/analyzers/core/securityScanner.d.ts +47 -0
- package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
- package/dist/analyzers/core/securityScanner.js +298 -0
- package/dist/analyzers/core/securityScanner.js.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
- package/dist/analyzers/csharp/index.d.ts +5 -0
- package/dist/analyzers/csharp/index.d.ts.map +1 -0
- package/dist/analyzers/csharp/index.js +21 -0
- package/dist/analyzers/csharp/index.js.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.js +182 -0
- package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
- package/dist/analyzers/iac/index.d.ts +5 -0
- package/dist/analyzers/iac/index.d.ts.map +1 -0
- package/dist/analyzers/iac/index.js +21 -0
- package/dist/analyzers/iac/index.js.map +1 -0
- package/dist/analyzers/index.d.ts +30 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +80 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/java/index.d.ts +5 -0
- package/dist/analyzers/java/index.d.ts.map +1 -0
- package/dist/analyzers/java/index.js +21 -0
- package/dist/analyzers/java/index.js.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.js +224 -0
- package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/astUtils.d.ts +170 -0
- package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
- package/dist/analyzers/javascript/astUtils.js +700 -0
- package/dist/analyzers/javascript/astUtils.js.map +1 -0
- package/dist/analyzers/javascript/index.d.ts +18 -0
- package/dist/analyzers/javascript/index.d.ts.map +1 -0
- package/dist/analyzers/javascript/index.js +50 -0
- package/dist/analyzers/javascript/index.js.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.js +616 -0
- package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
- package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
- package/dist/analyzers/php/index.d.ts +5 -0
- package/dist/analyzers/php/index.d.ts.map +1 -0
- package/dist/analyzers/php/index.js +21 -0
- package/dist/analyzers/php/index.js.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.js +202 -0
- package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
- package/dist/analyzers/python/index.d.ts +5 -0
- package/dist/analyzers/python/index.d.ts.map +1 -0
- package/dist/analyzers/python/index.js +21 -0
- package/dist/analyzers/python/index.js.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.js +226 -0
- package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
- package/dist/cli/index.d.ts +7 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +281 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/core/engine/index.d.ts +5 -0
- package/dist/core/engine/index.d.ts.map +1 -0
- package/dist/core/engine/index.js +21 -0
- package/dist/core/engine/index.js.map +1 -0
- package/dist/core/engine/ruleEngine.d.ts +46 -0
- package/dist/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/core/engine/ruleEngine.js +173 -0
- package/dist/core/engine/ruleEngine.js.map +1 -0
- package/dist/core/index.d.ts +8 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +24 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/scanner/fileScanner.d.ts +31 -0
- package/dist/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/core/scanner/fileScanner.js +199 -0
- package/dist/core/scanner/fileScanner.js.map +1 -0
- package/dist/core/scanner/index.d.ts +5 -0
- package/dist/core/scanner/index.d.ts.map +1 -0
- package/dist/core/scanner/index.js +21 -0
- package/dist/core/scanner/index.js.map +1 -0
- package/dist/core/scoring/index.d.ts +5 -0
- package/dist/core/scoring/index.d.ts.map +1 -0
- package/dist/core/scoring/index.js +21 -0
- package/dist/core/scoring/index.js.map +1 -0
- package/dist/core/scoring/riskScoring.d.ts +49 -0
- package/dist/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/core/scoring/riskScoring.js +180 -0
- package/dist/core/scoring/riskScoring.js.map +1 -0
- package/dist/core/securityScanner.d.ts +47 -0
- package/dist/core/securityScanner.d.ts.map +1 -0
- package/dist/core/securityScanner.js +298 -0
- package/dist/core/securityScanner.js.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
- package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/database/cveDatabase.d.ts +32 -0
- package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
- package/dist/dependencies/database/cveDatabase.js +393 -0
- package/dist/dependencies/database/cveDatabase.js.map +1 -0
- package/dist/dependencies/database/index.d.ts +6 -0
- package/dist/dependencies/database/index.d.ts.map +1 -0
- package/dist/dependencies/database/index.js +22 -0
- package/dist/dependencies/database/index.js.map +1 -0
- package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
- package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
- package/dist/dependencies/database/maliciousPackages.js +279 -0
- package/dist/dependencies/database/maliciousPackages.js.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.js +349 -0
- package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/detectors/index.d.ts +7 -0
- package/dist/dependencies/detectors/index.d.ts.map +1 -0
- package/dist/dependencies/detectors/index.js +28 -0
- package/dist/dependencies/detectors/index.js.map +1 -0
- package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
- package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
- package/dist/dependencies/detectors/securityStandards.js +178 -0
- package/dist/dependencies/detectors/securityStandards.js.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
- package/dist/dependencies/index.d.ts +14 -0
- package/dist/dependencies/index.d.ts.map +1 -0
- package/dist/dependencies/index.js +43 -0
- package/dist/dependencies/index.js.map +1 -0
- package/dist/dependencies/installed/index.d.ts +8 -0
- package/dist/dependencies/installed/index.d.ts.map +1 -0
- package/dist/dependencies/installed/index.js +24 -0
- package/dist/dependencies/installed/index.js.map +1 -0
- package/dist/dependencies/installed/installedScanner.d.ts +91 -0
- package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
- package/dist/dependencies/installed/installedScanner.js +766 -0
- package/dist/dependencies/installed/installedScanner.js.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.js +480 -0
- package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
- package/dist/dependencies/installed/types.d.ts +274 -0
- package/dist/dependencies/installed/types.d.ts.map +1 -0
- package/dist/dependencies/installed/types.js +7 -0
- package/dist/dependencies/installed/types.js.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.js +80 -0
- package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
- package/dist/dependencies/parsers/base/index.d.ts +6 -0
- package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/index.js +27 -0
- package/dist/dependencies/parsers/base/index.js.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
- package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
- package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
- package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/index.js +27 -0
- package/dist/dependencies/parsers/cpp/index.js.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
- package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
- package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/index.js +27 -0
- package/dist/dependencies/parsers/csharp/index.js.map +1 -0
- package/dist/dependencies/parsers/index.d.ts +24 -0
- package/dist/dependencies/parsers/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/index.js +69 -0
- package/dist/dependencies/parsers/index.js.map +1 -0
- package/dist/dependencies/parsers/java/index.d.ts +6 -0
- package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/index.js +27 -0
- package/dist/dependencies/parsers/java/index.js.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.js +168 -0
- package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
- package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
- package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/index.js +27 -0
- package/dist/dependencies/parsers/javascript/index.js.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
- package/dist/dependencies/parsers/php/index.d.ts +6 -0
- package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/index.js +27 -0
- package/dist/dependencies/parsers/php/index.js.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.js +162 -0
- package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
- package/dist/dependencies/parsers/python/index.d.ts +6 -0
- package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/index.js +27 -0
- package/dist/dependencies/parsers/python/index.js.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.js +336 -0
- package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
- package/dist/dependencies/types.d.ts +280 -0
- package/dist/dependencies/types.d.ts.map +1 -0
- package/dist/dependencies/types.js +59 -0
- package/dist/dependencies/types.js.map +1 -0
- package/dist/i18n/index.d.ts +2 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +18 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/translations.d.ts +55 -0
- package/dist/i18n/translations.d.ts.map +1 -0
- package/dist/i18n/translations.js +119 -0
- package/dist/i18n/translations.js.map +1 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +36 -0
- package/dist/index.js.map +1 -0
- package/dist/reports/dependencyReportGenerator.d.ts +20 -0
- package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
- package/dist/reports/dependencyReportGenerator.js +690 -0
- package/dist/reports/dependencyReportGenerator.js.map +1 -0
- package/dist/reports/htmlReportGenerator.d.ts +43 -0
- package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
- package/dist/reports/htmlReportGenerator.js +793 -0
- package/dist/reports/htmlReportGenerator.js.map +1 -0
- package/dist/reports/index.d.ts +7 -0
- package/dist/reports/index.d.ts.map +1 -0
- package/dist/reports/index.js +23 -0
- package/dist/reports/index.js.map +1 -0
- package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
- package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
- package/dist/reports/installedDepsReportGenerator.js +872 -0
- package/dist/reports/installedDepsReportGenerator.js.map +1 -0
- package/dist/rules/index.d.ts +31 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +95 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/malware/categories/backdoors.d.ts +12 -0
- package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
- package/dist/rules/malware/categories/backdoors.js +163 -0
- package/dist/rules/malware/categories/backdoors.js.map +1 -0
- package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
- package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
- package/dist/rules/malware/categories/cryptominers.js +415 -0
- package/dist/rules/malware/categories/cryptominers.js.map +1 -0
- package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
- package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
- package/dist/rules/malware/categories/exfiltration.js +658 -0
- package/dist/rules/malware/categories/exfiltration.js.map +1 -0
- package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
- package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
- package/dist/rules/malware/categories/keyloggers.js +763 -0
- package/dist/rules/malware/categories/keyloggers.js.map +1 -0
- package/dist/rules/malware/categories/loaders.d.ts +20 -0
- package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
- package/dist/rules/malware/categories/loaders.js +702 -0
- package/dist/rules/malware/categories/loaders.js.map +1 -0
- package/dist/rules/malware/categories/network.d.ts +19 -0
- package/dist/rules/malware/categories/network.d.ts.map +1 -0
- package/dist/rules/malware/categories/network.js +622 -0
- package/dist/rules/malware/categories/network.js.map +1 -0
- package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
- package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
- package/dist/rules/malware/categories/obfuscation.js +766 -0
- package/dist/rules/malware/categories/obfuscation.js.map +1 -0
- package/dist/rules/malware/constants/index.d.ts +281 -0
- package/dist/rules/malware/constants/index.d.ts.map +1 -0
- package/dist/rules/malware/constants/index.js +327 -0
- package/dist/rules/malware/constants/index.js.map +1 -0
- package/dist/rules/malware/engine/index.d.ts +178 -0
- package/dist/rules/malware/engine/index.d.ts.map +1 -0
- package/dist/rules/malware/engine/index.js +552 -0
- package/dist/rules/malware/engine/index.js.map +1 -0
- package/dist/rules/malware/index.d.ts +205 -0
- package/dist/rules/malware/index.d.ts.map +1 -0
- package/dist/rules/malware/index.js +837 -0
- package/dist/rules/malware/index.js.map +1 -0
- package/dist/rules/malware/scoring/index.d.ts +84 -0
- package/dist/rules/malware/scoring/index.d.ts.map +1 -0
- package/dist/rules/malware/scoring/index.js +441 -0
- package/dist/rules/malware/scoring/index.js.map +1 -0
- package/dist/rules/malware/types/index.d.ts +616 -0
- package/dist/rules/malware/types/index.d.ts.map +1 -0
- package/dist/rules/malware/types/index.js +155 -0
- package/dist/rules/malware/types/index.js.map +1 -0
- package/dist/rules/malware/utils/index.d.ts +117 -0
- package/dist/rules/malware/utils/index.d.ts.map +1 -0
- package/dist/rules/malware/utils/index.js +514 -0
- package/dist/rules/malware/utils/index.js.map +1 -0
- package/dist/rules/standards.d.ts +26 -0
- package/dist/rules/standards.d.ts.map +1 -0
- package/dist/rules/standards.js +352 -0
- package/dist/rules/standards.js.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.js +544 -0
- package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.js +581 -0
- package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
- package/dist/rules/vulnerabilities/index.d.ts +148 -0
- package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/index.js +252 -0
- package/dist/rules/vulnerabilities/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
- package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
- package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.js +47 -0
- package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.js +724 -0
- package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.js +414 -0
- package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
- package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
- package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/types/index.js +164 -0
- package/dist/rules/vulnerabilities/types/index.js.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.js +615 -0
- package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
- package/dist/types/index.d.ts +359 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +61 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/index.d.ts +82 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +326 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +40 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +139 -0
- package/dist/utils/logger.js.map +1 -0
- package/docs/ARCHITECTURE.md +320 -0
- package/docs/V1.2.1-IA_Performances.md +116 -0
- package/docs/images/WIN_Defender.png +0 -0
- package/package.json +68 -0
- package/secure-scan.config.json +134 -0
- package/secure-scan.sln +29 -0
- package/src/ai/aiAnalyzer.ts +714 -0
- package/src/ai/index.ts +5 -0
- package/src/analyzers/base/baseAnalyzer.ts +66 -0
- package/src/analyzers/base/index.ts +5 -0
- package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
- package/src/analyzers/c-cpp/index.ts +5 -0
- package/src/analyzers/core/engine/index.ts +5 -0
- package/src/analyzers/core/engine/ruleEngine.ts +221 -0
- package/src/analyzers/core/index.ts +8 -0
- package/src/analyzers/core/scanner/fileScanner.ts +204 -0
- package/src/analyzers/core/scanner/index.ts +5 -0
- package/src/analyzers/core/scoring/index.ts +5 -0
- package/src/analyzers/core/scoring/riskScoring.ts +198 -0
- package/src/analyzers/core/securityScanner.ts +321 -0
- package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
- package/src/analyzers/csharp/index.ts +5 -0
- package/src/analyzers/iac/iacAnalyzer.ts +318 -0
- package/src/analyzers/iac/index.ts +5 -0
- package/src/analyzers/index.ts +67 -0
- package/src/analyzers/java/index.ts +5 -0
- package/src/analyzers/java/javaAnalyzer.ts +320 -0
- package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
- package/src/analyzers/javascript/astUtils.ts +789 -0
- package/src/analyzers/javascript/index.ts +50 -0
- package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
- package/src/analyzers/javascript/malwareDetector.ts +697 -0
- package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
- package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
- package/src/analyzers/php/index.ts +5 -0
- package/src/analyzers/php/phpAnalyzer.ts +280 -0
- package/src/analyzers/python/index.ts +5 -0
- package/src/analyzers/python/pythonAnalyzer.ts +319 -0
- package/src/cli/index.ts +276 -0
- package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
- package/src/dependencies/database/cveDatabase.ts +426 -0
- package/src/dependencies/database/index.ts +6 -0
- package/src/dependencies/database/maliciousPackages.ts +286 -0
- package/src/dependencies/dependencyAnalyzer.ts +394 -0
- package/src/dependencies/detectors/index.ts +7 -0
- package/src/dependencies/detectors/securityStandards.ts +200 -0
- package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
- package/src/dependencies/index.ts +27 -0
- package/src/dependencies/installed/index.ts +8 -0
- package/src/dependencies/installed/installedScanner.ts +821 -0
- package/src/dependencies/installed/malwarePatterns.ts +492 -0
- package/src/dependencies/installed/types.ts +287 -0
- package/src/dependencies/parsers/base/baseParser.ts +108 -0
- package/src/dependencies/parsers/base/index.ts +6 -0
- package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
- package/src/dependencies/parsers/cpp/index.ts +6 -0
- package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
- package/src/dependencies/parsers/csharp/index.ts +6 -0
- package/src/dependencies/parsers/index.ts +56 -0
- package/src/dependencies/parsers/java/index.ts +6 -0
- package/src/dependencies/parsers/java/javaParser.ts +203 -0
- package/src/dependencies/parsers/javascript/index.ts +6 -0
- package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
- package/src/dependencies/parsers/php/index.ts +6 -0
- package/src/dependencies/parsers/php/phpParser.ts +208 -0
- package/src/dependencies/parsers/python/index.ts +6 -0
- package/src/dependencies/parsers/python/pythonParser.ts +437 -0
- package/src/dependencies/types.ts +330 -0
- package/src/i18n/index.ts +1 -0
- package/src/i18n/translations.ts +194 -0
- package/src/index.ts +16 -0
- package/src/reports/dependencyReportGenerator.ts +717 -0
- package/src/reports/htmlReportGenerator.ts +781 -0
- package/src/reports/index.ts +7 -0
- package/src/reports/installedDepsReportGenerator.ts +899 -0
- package/src/rules/index.ts +58 -0
- package/src/rules/malware/INFO.md +287 -0
- package/src/rules/malware/categories/backdoors.ts +174 -0
- package/src/rules/malware/categories/cryptominers.ts +434 -0
- package/src/rules/malware/categories/exfiltration.ts +677 -0
- package/src/rules/malware/categories/keyloggers.ts +780 -0
- package/src/rules/malware/categories/loaders.ts +721 -0
- package/src/rules/malware/categories/network.ts +639 -0
- package/src/rules/malware/categories/obfuscation.ts +788 -0
- package/src/rules/malware/constants/index.ts +358 -0
- package/src/rules/malware/engine/index.ts +758 -0
- package/src/rules/malware/index.ts +928 -0
- package/src/rules/malware/scoring/index.ts +549 -0
- package/src/rules/malware/types/index.ts +752 -0
- package/src/rules/malware/utils/index.ts +643 -0
- package/src/rules/standards.ts +372 -0
- package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
- package/src/rules/vulnerabilities/constants/index.ts +625 -0
- package/src/rules/vulnerabilities/engine/index.ts +831 -0
- package/src/rules/vulnerabilities/index.ts +312 -0
- package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
- package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
- package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
- package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
- package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
- package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
- package/src/rules/vulnerabilities/rules/index.ts +17 -0
- package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
- package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
- package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
- package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
- package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
- package/src/rules/vulnerabilities/rules/xss.ts +753 -0
- package/src/rules/vulnerabilities/scoring/index.ts +543 -0
- package/src/rules/vulnerabilities/types/index.ts +1004 -0
- package/src/rules/vulnerabilities/utils/index.ts +709 -0
- package/src/types/index.ts +391 -0
- package/src/utils/index.ts +306 -0
- package/src/utils/logger.ts +150 -0
- package/test-installed-scanner.ts +136 -0
- package/tsconfig.json +30 -0
|
@@ -0,0 +1,837 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @fileoverview Malware Detection Module - Main Entry Point
|
|
4
|
+
* @module rules/malware
|
|
5
|
+
*
|
|
6
|
+
* Enterprise-grade malware detection system with:
|
|
7
|
+
* - Multi-pattern detection (Regex, AST, Heuristic, Semantic)
|
|
8
|
+
* - Dynamic scoring with MITRE ATT&CK integration
|
|
9
|
+
* - 60+ comprehensive rules across 7 categories
|
|
10
|
+
* - Support for 13 programming languages
|
|
11
|
+
* - ReDoS protection and timeout safeguards
|
|
12
|
+
* - Obfuscation detection and entropy analysis
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import { MalwareRuleEngine, createMalwareEngine } from './rules/malware';
|
|
17
|
+
*
|
|
18
|
+
* // Create engine with all rules
|
|
19
|
+
* const engine = createMalwareEngine();
|
|
20
|
+
*
|
|
21
|
+
* // Analyze code
|
|
22
|
+
* const findings = await engine.analyze(code, {
|
|
23
|
+
* filePath: 'suspicious.js',
|
|
24
|
+
* language: 'javascript'
|
|
25
|
+
* });
|
|
26
|
+
*
|
|
27
|
+
* // Check results
|
|
28
|
+
* findings.forEach(finding => {
|
|
29
|
+
* console.log(`${finding.severity}: ${finding.ruleName}`);
|
|
30
|
+
* console.log(`Score: ${finding.score.totalScore}/100`);
|
|
31
|
+
* });
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
35
|
+
if (k2 === undefined) k2 = k;
|
|
36
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
37
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
38
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
39
|
+
}
|
|
40
|
+
Object.defineProperty(o, k2, desc);
|
|
41
|
+
}) : (function(o, m, k, k2) {
|
|
42
|
+
if (k2 === undefined) k2 = k;
|
|
43
|
+
o[k2] = m[k];
|
|
44
|
+
}));
|
|
45
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
46
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
47
|
+
};
|
|
48
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
49
|
+
exports.malwareRules = exports.MALWARE_MODULE_INFO = exports.highConfidenceRules = exports.criticalRules = exports.allMalwareRules = exports.networkRulesV2 = exports.loaderRulesV2 = exports.obfuscationRulesV2 = exports.exfiltrationRulesV2 = exports.keyloggerRulesV2 = exports.cryptominerRulesV2 = exports.backdoorRulesV2 = exports.quickScan = exports.createDefaultEngine = exports.PatternMatcher = exports.MalwareRuleEngine = exports.MalwareScoreCalculator = exports.MITRE_TECHNIQUES = exports.DANGEROUS_FUNCTIONS = exports.CRYPTO_INDICATORS = exports.SUSPICIOUS_HOSTS = exports.OBFUSCATION_INDICATORS = exports.LIMITS = exports.ENTROPY_THRESHOLDS = exports.SCORE_THRESHOLDS = exports.extractSuspiciousStrings = exports.analyzeBase64Content = exports.extractSnippet = exports.safeRegexMatch = exports.detectEnvironmentChecks = exports.detectAntiDebugging = exports.detectObfuscationLevel = exports.normalizeCode = exports.analyzeEntropyByLine = exports.calculateEntropy = void 0;
|
|
50
|
+
exports.createMalwareEngine = createMalwareEngine;
|
|
51
|
+
exports.createCriticalOnlyEngine = createCriticalOnlyEngine;
|
|
52
|
+
exports.createCustomEngine = createCustomEngine;
|
|
53
|
+
exports.scanForMalware = scanForMalware;
|
|
54
|
+
exports.hasMalwareCategory = hasMalwareCategory;
|
|
55
|
+
exports.generateMalwareReport = generateMalwareReport;
|
|
56
|
+
exports.getModuleInfo = getModuleInfo;
|
|
57
|
+
// ============================================================================
|
|
58
|
+
// LEGACY TYPE COMPATIBILITY
|
|
59
|
+
// ============================================================================
|
|
60
|
+
const types_1 = require("../../types");
|
|
61
|
+
const standards_1 = require("../standards");
|
|
62
|
+
// ============================================================================
|
|
63
|
+
// NEW TYPE EXPORTS
|
|
64
|
+
// ============================================================================
|
|
65
|
+
__exportStar(require("./types"), exports);
|
|
66
|
+
// ============================================================================
|
|
67
|
+
// UTILITY EXPORTS
|
|
68
|
+
// ============================================================================
|
|
69
|
+
var utils_1 = require("./utils");
|
|
70
|
+
Object.defineProperty(exports, "calculateEntropy", { enumerable: true, get: function () { return utils_1.calculateEntropy; } });
|
|
71
|
+
Object.defineProperty(exports, "analyzeEntropyByLine", { enumerable: true, get: function () { return utils_1.analyzeEntropyByLine; } });
|
|
72
|
+
Object.defineProperty(exports, "normalizeCode", { enumerable: true, get: function () { return utils_1.normalizeCode; } });
|
|
73
|
+
Object.defineProperty(exports, "detectObfuscationLevel", { enumerable: true, get: function () { return utils_1.detectObfuscationLevel; } });
|
|
74
|
+
Object.defineProperty(exports, "detectAntiDebugging", { enumerable: true, get: function () { return utils_1.detectAntiDebugging; } });
|
|
75
|
+
Object.defineProperty(exports, "detectEnvironmentChecks", { enumerable: true, get: function () { return utils_1.detectEnvironmentChecks; } });
|
|
76
|
+
Object.defineProperty(exports, "safeRegexMatch", { enumerable: true, get: function () { return utils_1.safeRegexMatch; } });
|
|
77
|
+
Object.defineProperty(exports, "extractSnippet", { enumerable: true, get: function () { return utils_1.extractSnippet; } });
|
|
78
|
+
Object.defineProperty(exports, "analyzeBase64Content", { enumerable: true, get: function () { return utils_1.analyzeBase64Content; } });
|
|
79
|
+
Object.defineProperty(exports, "extractSuspiciousStrings", { enumerable: true, get: function () { return utils_1.extractSuspiciousStrings; } });
|
|
80
|
+
// ============================================================================
|
|
81
|
+
// CONSTANTS EXPORTS
|
|
82
|
+
// ============================================================================
|
|
83
|
+
var constants_1 = require("./constants");
|
|
84
|
+
Object.defineProperty(exports, "SCORE_THRESHOLDS", { enumerable: true, get: function () { return constants_1.SCORE_THRESHOLDS; } });
|
|
85
|
+
Object.defineProperty(exports, "ENTROPY_THRESHOLDS", { enumerable: true, get: function () { return constants_1.ENTROPY_THRESHOLDS; } });
|
|
86
|
+
Object.defineProperty(exports, "LIMITS", { enumerable: true, get: function () { return constants_1.LIMITS; } });
|
|
87
|
+
Object.defineProperty(exports, "OBFUSCATION_INDICATORS", { enumerable: true, get: function () { return constants_1.OBFUSCATION_INDICATORS; } });
|
|
88
|
+
Object.defineProperty(exports, "SUSPICIOUS_HOSTS", { enumerable: true, get: function () { return constants_1.SUSPICIOUS_HOSTS; } });
|
|
89
|
+
Object.defineProperty(exports, "CRYPTO_INDICATORS", { enumerable: true, get: function () { return constants_1.CRYPTO_INDICATORS; } });
|
|
90
|
+
Object.defineProperty(exports, "DANGEROUS_FUNCTIONS", { enumerable: true, get: function () { return constants_1.DANGEROUS_FUNCTIONS; } });
|
|
91
|
+
Object.defineProperty(exports, "MITRE_TECHNIQUES", { enumerable: true, get: function () { return constants_1.MITRE_TECHNIQUES; } });
|
|
92
|
+
// ============================================================================
|
|
93
|
+
// SCORING EXPORTS
|
|
94
|
+
// ============================================================================
|
|
95
|
+
var scoring_1 = require("./scoring");
|
|
96
|
+
Object.defineProperty(exports, "MalwareScoreCalculator", { enumerable: true, get: function () { return scoring_1.MalwareScoreCalculator; } });
|
|
97
|
+
// ============================================================================
|
|
98
|
+
// ENGINE EXPORTS
|
|
99
|
+
// ============================================================================
|
|
100
|
+
var engine_1 = require("./engine");
|
|
101
|
+
Object.defineProperty(exports, "MalwareRuleEngine", { enumerable: true, get: function () { return engine_1.MalwareRuleEngine; } });
|
|
102
|
+
Object.defineProperty(exports, "PatternMatcher", { enumerable: true, get: function () { return engine_1.PatternMatcher; } });
|
|
103
|
+
Object.defineProperty(exports, "createDefaultEngine", { enumerable: true, get: function () { return engine_1.createDefaultEngine; } });
|
|
104
|
+
Object.defineProperty(exports, "quickScan", { enumerable: true, get: function () { return engine_1.quickScan; } });
|
|
105
|
+
// ============================================================================
|
|
106
|
+
// RULE CATEGORY EXPORTS
|
|
107
|
+
// ============================================================================
|
|
108
|
+
const backdoors_1 = require("./categories/backdoors");
|
|
109
|
+
Object.defineProperty(exports, "backdoorRulesV2", { enumerable: true, get: function () { return backdoors_1.backdoorRules; } });
|
|
110
|
+
const cryptominers_1 = require("./categories/cryptominers");
|
|
111
|
+
Object.defineProperty(exports, "cryptominerRulesV2", { enumerable: true, get: function () { return cryptominers_1.cryptominerRules; } });
|
|
112
|
+
const keyloggers_1 = require("./categories/keyloggers");
|
|
113
|
+
Object.defineProperty(exports, "keyloggerRulesV2", { enumerable: true, get: function () { return keyloggers_1.keyloggerRules; } });
|
|
114
|
+
const exfiltration_1 = require("./categories/exfiltration");
|
|
115
|
+
Object.defineProperty(exports, "exfiltrationRulesV2", { enumerable: true, get: function () { return exfiltration_1.exfiltrationRules; } });
|
|
116
|
+
const obfuscation_1 = require("./categories/obfuscation");
|
|
117
|
+
Object.defineProperty(exports, "obfuscationRulesV2", { enumerable: true, get: function () { return obfuscation_1.obfuscationRules; } });
|
|
118
|
+
const loaders_1 = require("./categories/loaders");
|
|
119
|
+
Object.defineProperty(exports, "loaderRulesV2", { enumerable: true, get: function () { return loaders_1.loaderRules; } });
|
|
120
|
+
const network_1 = require("./categories/network");
|
|
121
|
+
Object.defineProperty(exports, "networkRulesV2", { enumerable: true, get: function () { return network_1.networkRules; } });
|
|
122
|
+
/**
|
|
123
|
+
* All malware detection rules (60+ rules)
|
|
124
|
+
*/
|
|
125
|
+
exports.allMalwareRules = [
|
|
126
|
+
...backdoors_1.backdoorRules, // 10 rules
|
|
127
|
+
...cryptominers_1.cryptominerRules, // 11 rules
|
|
128
|
+
...keyloggers_1.keyloggerRules, // 12 rules
|
|
129
|
+
...exfiltration_1.exfiltrationRules, // 15 rules
|
|
130
|
+
...obfuscation_1.obfuscationRules, // 14 rules
|
|
131
|
+
...loaders_1.loaderRules, // 9 rules
|
|
132
|
+
...network_1.networkRules // 10 rules
|
|
133
|
+
];
|
|
134
|
+
/**
|
|
135
|
+
* Critical severity rules only
|
|
136
|
+
*/
|
|
137
|
+
exports.criticalRules = exports.allMalwareRules.filter(rule => rule.severity === 'critical');
|
|
138
|
+
/**
|
|
139
|
+
* High confidence rules only
|
|
140
|
+
*/
|
|
141
|
+
exports.highConfidenceRules = exports.allMalwareRules.filter(rule => rule.confidence === 'high');
|
|
142
|
+
// ============================================================================
|
|
143
|
+
// ENGINE FACTORY FUNCTIONS
|
|
144
|
+
// ============================================================================
|
|
145
|
+
const engine_2 = require("./engine");
|
|
146
|
+
/**
|
|
147
|
+
* Create a fully configured malware detection engine with all rules
|
|
148
|
+
*
|
|
149
|
+
* @param options - Optional analysis configuration
|
|
150
|
+
* @returns Configured MalwareRuleEngine instance
|
|
151
|
+
*
|
|
152
|
+
* @example
|
|
153
|
+
* ```typescript
|
|
154
|
+
* const engine = createMalwareEngine({
|
|
155
|
+
* enableHeuristics: true,
|
|
156
|
+
* enableAstAnalysis: true,
|
|
157
|
+
* minConfidence: 0.5
|
|
158
|
+
* });
|
|
159
|
+
* ```
|
|
160
|
+
*/
|
|
161
|
+
function createMalwareEngine(options) {
|
|
162
|
+
return new engine_2.MalwareRuleEngine(exports.allMalwareRules, options);
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
* Create an engine with only critical severity rules
|
|
166
|
+
*
|
|
167
|
+
* @param options - Optional analysis configuration
|
|
168
|
+
* @returns MalwareRuleEngine with critical rules only
|
|
169
|
+
*/
|
|
170
|
+
function createCriticalOnlyEngine(options) {
|
|
171
|
+
return new engine_2.MalwareRuleEngine(exports.criticalRules, options);
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Create an engine with custom rule subset
|
|
175
|
+
*
|
|
176
|
+
* @param rules - Array of rules to include
|
|
177
|
+
* @param options - Optional analysis configuration
|
|
178
|
+
* @returns MalwareRuleEngine with specified rules
|
|
179
|
+
*/
|
|
180
|
+
function createCustomEngine(rules, options) {
|
|
181
|
+
return new engine_2.MalwareRuleEngine(rules, options);
|
|
182
|
+
}
|
|
183
|
+
// ============================================================================
|
|
184
|
+
// CONVENIENCE FUNCTIONS
|
|
185
|
+
// ============================================================================
|
|
186
|
+
const types_2 = require("./types");
|
|
187
|
+
/**
|
|
188
|
+
* Quick malware scan with default settings
|
|
189
|
+
*
|
|
190
|
+
* @param code - Code to analyze
|
|
191
|
+
* @param language - Programming language
|
|
192
|
+
* @returns Scan results with malicious status
|
|
193
|
+
*
|
|
194
|
+
* @example
|
|
195
|
+
* ```typescript
|
|
196
|
+
* const result = await scanForMalware(suspiciousCode, 'javascript');
|
|
197
|
+
* if (result.isMalicious) {
|
|
198
|
+
* console.log(`Malware detected! Score: ${result.score}`);
|
|
199
|
+
* result.findings.forEach(f => console.log(f.ruleName));
|
|
200
|
+
* }
|
|
201
|
+
* ```
|
|
202
|
+
*/
|
|
203
|
+
async function scanForMalware(code, language) {
|
|
204
|
+
const engine = createMalwareEngine();
|
|
205
|
+
const context = {
|
|
206
|
+
filePath: 'scan',
|
|
207
|
+
content: code,
|
|
208
|
+
language: language ?? types_2.SupportedLanguage.JAVASCRIPT
|
|
209
|
+
};
|
|
210
|
+
const findings = await engine.analyze(context);
|
|
211
|
+
const maxScore = findings.length > 0
|
|
212
|
+
? Math.max(...findings.map(f => f.malwareScore.score))
|
|
213
|
+
: 0;
|
|
214
|
+
const criticalCount = findings.filter(f => f.severity === 'critical').length;
|
|
215
|
+
const highCount = findings.filter(f => f.severity === 'high').length;
|
|
216
|
+
let severity;
|
|
217
|
+
if (maxScore >= 85)
|
|
218
|
+
severity = 'critical';
|
|
219
|
+
else if (maxScore >= 65)
|
|
220
|
+
severity = 'high';
|
|
221
|
+
else if (maxScore >= 40)
|
|
222
|
+
severity = 'medium';
|
|
223
|
+
else if (maxScore >= 20)
|
|
224
|
+
severity = 'low';
|
|
225
|
+
else
|
|
226
|
+
severity = 'clean';
|
|
227
|
+
return {
|
|
228
|
+
isMalicious: maxScore >= 40, // Medium threshold
|
|
229
|
+
score: maxScore,
|
|
230
|
+
severity,
|
|
231
|
+
findings,
|
|
232
|
+
summary: {
|
|
233
|
+
totalFindings: findings.length,
|
|
234
|
+
criticalCount,
|
|
235
|
+
highCount
|
|
236
|
+
}
|
|
237
|
+
};
|
|
238
|
+
}
|
|
239
|
+
/**
|
|
240
|
+
* Check if code contains specific malware category
|
|
241
|
+
*
|
|
242
|
+
* @param code - Code to analyze
|
|
243
|
+
* @param category - Malware category to check
|
|
244
|
+
* @param language - Programming language
|
|
245
|
+
* @returns True if category detected
|
|
246
|
+
*
|
|
247
|
+
* @example
|
|
248
|
+
* ```typescript
|
|
249
|
+
* const hasBackdoor = await hasMalwareCategory(code, 'backdoor', 'javascript');
|
|
250
|
+
* ```
|
|
251
|
+
*/
|
|
252
|
+
async function hasMalwareCategory(code, category, language) {
|
|
253
|
+
let rules;
|
|
254
|
+
switch (category) {
|
|
255
|
+
case 'backdoor':
|
|
256
|
+
rules = backdoors_1.backdoorRules;
|
|
257
|
+
break;
|
|
258
|
+
case 'cryptominer':
|
|
259
|
+
rules = cryptominers_1.cryptominerRules;
|
|
260
|
+
break;
|
|
261
|
+
case 'keylogger':
|
|
262
|
+
rules = keyloggers_1.keyloggerRules;
|
|
263
|
+
break;
|
|
264
|
+
case 'exfiltration':
|
|
265
|
+
rules = exfiltration_1.exfiltrationRules;
|
|
266
|
+
break;
|
|
267
|
+
case 'obfuscation':
|
|
268
|
+
rules = obfuscation_1.obfuscationRules;
|
|
269
|
+
break;
|
|
270
|
+
case 'loader':
|
|
271
|
+
rules = loaders_1.loaderRules;
|
|
272
|
+
break;
|
|
273
|
+
case 'network':
|
|
274
|
+
rules = network_1.networkRules;
|
|
275
|
+
break;
|
|
276
|
+
}
|
|
277
|
+
const engine = new engine_2.MalwareRuleEngine(rules);
|
|
278
|
+
const context = {
|
|
279
|
+
filePath: 'scan',
|
|
280
|
+
content: code,
|
|
281
|
+
language: language ?? types_2.SupportedLanguage.JAVASCRIPT
|
|
282
|
+
};
|
|
283
|
+
const findings = await engine.analyze(context);
|
|
284
|
+
return findings.length > 0;
|
|
285
|
+
}
|
|
286
|
+
/**
|
|
287
|
+
* Analyze code and generate detailed report
|
|
288
|
+
*
|
|
289
|
+
* @param code - Code to analyze
|
|
290
|
+
* @param filePath - File path for context
|
|
291
|
+
* @param language - Programming language
|
|
292
|
+
* @returns Detailed analysis report
|
|
293
|
+
*/
|
|
294
|
+
async function generateMalwareReport(code, filePath, language) {
|
|
295
|
+
const engine = createMalwareEngine();
|
|
296
|
+
const context = {
|
|
297
|
+
filePath,
|
|
298
|
+
content: code,
|
|
299
|
+
language: language ?? types_2.SupportedLanguage.JAVASCRIPT
|
|
300
|
+
};
|
|
301
|
+
const findings = await engine.analyze(context);
|
|
302
|
+
const summary = engine.generateSummary(findings);
|
|
303
|
+
// Aggregate MITRE ATT&CK techniques
|
|
304
|
+
const mitreTechniques = new Map();
|
|
305
|
+
for (const finding of findings) {
|
|
306
|
+
if (finding.mitreAttack) {
|
|
307
|
+
for (const mitre of finding.mitreAttack) {
|
|
308
|
+
const key = `${mitre.tacticId}-${mitre.techniqueId}`;
|
|
309
|
+
const existing = mitreTechniques.get(key);
|
|
310
|
+
if (existing) {
|
|
311
|
+
existing.count++;
|
|
312
|
+
}
|
|
313
|
+
else {
|
|
314
|
+
mitreTechniques.set(key, {
|
|
315
|
+
tactic: mitre.tacticName,
|
|
316
|
+
technique: mitre.techniqueName,
|
|
317
|
+
count: 1
|
|
318
|
+
});
|
|
319
|
+
}
|
|
320
|
+
}
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
// Generate recommendations
|
|
324
|
+
const recommendations = [];
|
|
325
|
+
if (summary.criticalCount > 0) {
|
|
326
|
+
recommendations.push('URGENT: Critical malware detected. Isolate and analyze immediately.');
|
|
327
|
+
}
|
|
328
|
+
if (summary.bySeverity['high'] > 0) {
|
|
329
|
+
recommendations.push('High severity threats found. Review and remove malicious code.');
|
|
330
|
+
}
|
|
331
|
+
if (findings.some(f => String(f.threatType).includes('backdoor'))) {
|
|
332
|
+
recommendations.push('Backdoor detected. Check for unauthorized access and reset credentials.');
|
|
333
|
+
}
|
|
334
|
+
if (findings.some(f => String(f.threatType).includes('exfiltration'))) {
|
|
335
|
+
recommendations.push('Data exfiltration detected. Investigate what data may have been stolen.');
|
|
336
|
+
}
|
|
337
|
+
if (findings.some(f => String(f.category) === 'obfuscation')) {
|
|
338
|
+
recommendations.push('Obfuscation detected. Use deobfuscation tools to analyze intent.');
|
|
339
|
+
}
|
|
340
|
+
// Calculate by category
|
|
341
|
+
const byCategory = {};
|
|
342
|
+
for (const finding of findings) {
|
|
343
|
+
byCategory[finding.category] = (byCategory[finding.category] || 0) + 1;
|
|
344
|
+
}
|
|
345
|
+
return {
|
|
346
|
+
filePath,
|
|
347
|
+
language,
|
|
348
|
+
timestamp: new Date(),
|
|
349
|
+
findings,
|
|
350
|
+
summary: {
|
|
351
|
+
...summary,
|
|
352
|
+
byCategory,
|
|
353
|
+
isMalicious: summary.highestScore >= 40
|
|
354
|
+
},
|
|
355
|
+
mitreAttack: Array.from(mitreTechniques.values()),
|
|
356
|
+
recommendations
|
|
357
|
+
};
|
|
358
|
+
}
|
|
359
|
+
// ============================================================================
|
|
360
|
+
// MODULE METADATA
|
|
361
|
+
// ============================================================================
|
|
362
|
+
exports.MALWARE_MODULE_INFO = {
|
|
363
|
+
version: '2.0.0',
|
|
364
|
+
totalRules: exports.allMalwareRules.length,
|
|
365
|
+
categories: [
|
|
366
|
+
'backdoors',
|
|
367
|
+
'cryptominers',
|
|
368
|
+
'keyloggers',
|
|
369
|
+
'exfiltration',
|
|
370
|
+
'obfuscation',
|
|
371
|
+
'loaders',
|
|
372
|
+
'network'
|
|
373
|
+
],
|
|
374
|
+
supportedLanguages: [
|
|
375
|
+
'javascript',
|
|
376
|
+
'typescript',
|
|
377
|
+
'python',
|
|
378
|
+
'php',
|
|
379
|
+
'c',
|
|
380
|
+
'cpp',
|
|
381
|
+
'csharp',
|
|
382
|
+
'java',
|
|
383
|
+
'ruby',
|
|
384
|
+
'go',
|
|
385
|
+
'rust',
|
|
386
|
+
'shell',
|
|
387
|
+
'powershell'
|
|
388
|
+
],
|
|
389
|
+
features: [
|
|
390
|
+
'Multi-pattern detection (Regex, AST, Heuristic, Semantic)',
|
|
391
|
+
'Dynamic malware scoring (0-100)',
|
|
392
|
+
'MITRE ATT&CK framework integration',
|
|
393
|
+
'Obfuscation and entropy analysis',
|
|
394
|
+
'ReDoS protection',
|
|
395
|
+
'Concurrent file analysis',
|
|
396
|
+
'Detailed remediation steps',
|
|
397
|
+
'False positive reduction'
|
|
398
|
+
]
|
|
399
|
+
};
|
|
400
|
+
/**
|
|
401
|
+
* Get module information
|
|
402
|
+
*/
|
|
403
|
+
function getModuleInfo() {
|
|
404
|
+
return exports.MALWARE_MODULE_INFO;
|
|
405
|
+
}
|
|
406
|
+
// ============================================================================
|
|
407
|
+
// LEGACY COMPATIBILITY - ORIGINAL RULES
|
|
408
|
+
// ============================================================================
|
|
409
|
+
/**
|
|
410
|
+
* Backdoor Detection Rules
|
|
411
|
+
*/
|
|
412
|
+
const backdoorRules = [
|
|
413
|
+
{
|
|
414
|
+
id: 'MAL-BACK-001',
|
|
415
|
+
name: 'Potential Backdoor - Reverse Shell',
|
|
416
|
+
description: 'Code pattern consistent with a reverse shell detected. This allows remote attackers to gain shell access to the system.',
|
|
417
|
+
languages: ['javascript', 'typescript', 'python', 'php', 'c', 'cpp', 'csharp'],
|
|
418
|
+
threatType: types_1.ThreatType.REVERSE_SHELL,
|
|
419
|
+
category: types_1.FindingCategory.MALWARE,
|
|
420
|
+
severity: types_1.Severity.CRITICAL,
|
|
421
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.REVERSE_SHELL),
|
|
422
|
+
patterns: [
|
|
423
|
+
{
|
|
424
|
+
type: 'regex',
|
|
425
|
+
pattern: 'socket\\.(?:connect|create_connection)\\s*\\([^)]*\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}',
|
|
426
|
+
flags: 'gi'
|
|
427
|
+
},
|
|
428
|
+
{
|
|
429
|
+
type: 'regex',
|
|
430
|
+
pattern: '\\/bin\\/(?:bash|sh)\\s+-i',
|
|
431
|
+
flags: 'gi'
|
|
432
|
+
},
|
|
433
|
+
{
|
|
434
|
+
type: 'regex',
|
|
435
|
+
pattern: 'nc\\s+-e\\s+\\/bin\\/(?:bash|sh)',
|
|
436
|
+
flags: 'gi'
|
|
437
|
+
},
|
|
438
|
+
{
|
|
439
|
+
type: 'regex',
|
|
440
|
+
pattern: 'subprocess\\.(?:Popen|call).*(?:bash|sh|cmd)',
|
|
441
|
+
flags: 'gi'
|
|
442
|
+
},
|
|
443
|
+
{
|
|
444
|
+
type: 'regex',
|
|
445
|
+
pattern: 'dup2\\s*\\(.*(?:STDIN|STDOUT|STDERR)',
|
|
446
|
+
flags: 'gi'
|
|
447
|
+
},
|
|
448
|
+
{
|
|
449
|
+
type: 'regex',
|
|
450
|
+
pattern: 'CreateProcess.*cmd\\.exe',
|
|
451
|
+
flags: 'gi'
|
|
452
|
+
}
|
|
453
|
+
],
|
|
454
|
+
remediation: 'This code appears to implement a reverse shell backdoor. Remove immediately and investigate how this code was introduced. Audit all recent commits and contributor access.',
|
|
455
|
+
enabled: true,
|
|
456
|
+
tags: ['backdoor', 'reverse-shell', 'malware', 'critical']
|
|
457
|
+
},
|
|
458
|
+
{
|
|
459
|
+
id: 'MAL-BACK-002',
|
|
460
|
+
name: 'Web Shell Pattern',
|
|
461
|
+
description: 'Code pattern consistent with a web shell detected. Web shells provide attackers with remote command execution via web interface.',
|
|
462
|
+
languages: ['php', 'python', 'javascript', 'typescript'],
|
|
463
|
+
threatType: types_1.ThreatType.BACKDOOR,
|
|
464
|
+
category: types_1.FindingCategory.MALWARE,
|
|
465
|
+
severity: types_1.Severity.CRITICAL,
|
|
466
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.BACKDOOR),
|
|
467
|
+
patterns: [
|
|
468
|
+
{
|
|
469
|
+
type: 'regex',
|
|
470
|
+
pattern: '\\$_(?:GET|POST|REQUEST)\\s*\\[[\'"][^\'"]+[\'"]\\s*\\].*(?:exec|system|passthru|shell_exec|eval)',
|
|
471
|
+
flags: 'gi'
|
|
472
|
+
},
|
|
473
|
+
{
|
|
474
|
+
type: 'regex',
|
|
475
|
+
pattern: 'eval\\s*\\(\\s*(?:base64_decode|gzinflate|str_rot13)',
|
|
476
|
+
flags: 'gi'
|
|
477
|
+
},
|
|
478
|
+
{
|
|
479
|
+
type: 'regex',
|
|
480
|
+
pattern: 'assert\\s*\\(\\s*\\$_',
|
|
481
|
+
flags: 'gi'
|
|
482
|
+
},
|
|
483
|
+
{
|
|
484
|
+
type: 'regex',
|
|
485
|
+
pattern: 'preg_replace\\s*\\([^)]*\\/e[\'"]',
|
|
486
|
+
flags: 'gi'
|
|
487
|
+
}
|
|
488
|
+
],
|
|
489
|
+
remediation: 'This appears to be a web shell. Remove immediately. Investigate system for other compromises. Check web server logs for unauthorized access.',
|
|
490
|
+
enabled: true,
|
|
491
|
+
tags: ['webshell', 'backdoor', 'rce', 'critical']
|
|
492
|
+
}
|
|
493
|
+
];
|
|
494
|
+
/**
|
|
495
|
+
* Cryptominer Detection Rules
|
|
496
|
+
*/
|
|
497
|
+
const cryptominerRules = [
|
|
498
|
+
{
|
|
499
|
+
id: 'MAL-CRYPT-001',
|
|
500
|
+
name: 'Cryptocurrency Mining Code',
|
|
501
|
+
description: 'Code patterns associated with cryptocurrency mining detected. This may indicate unauthorized use of computing resources.',
|
|
502
|
+
languages: ['javascript', 'typescript', 'python', 'php'],
|
|
503
|
+
threatType: types_1.ThreatType.CRYPTOMINER,
|
|
504
|
+
category: types_1.FindingCategory.MALWARE,
|
|
505
|
+
severity: types_1.Severity.HIGH,
|
|
506
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.CRYPTOMINER),
|
|
507
|
+
patterns: [
|
|
508
|
+
{
|
|
509
|
+
type: 'regex',
|
|
510
|
+
pattern: 'coinhive|cryptoloot|coin-hive|coinimp|cryptonight',
|
|
511
|
+
flags: 'gi'
|
|
512
|
+
},
|
|
513
|
+
{
|
|
514
|
+
type: 'regex',
|
|
515
|
+
pattern: 'stratum\\+tcp:\\/\\/',
|
|
516
|
+
flags: 'gi'
|
|
517
|
+
},
|
|
518
|
+
{
|
|
519
|
+
type: 'regex',
|
|
520
|
+
pattern: 'xmrig|xmr-stak|minerd|cgminer',
|
|
521
|
+
flags: 'gi'
|
|
522
|
+
},
|
|
523
|
+
{
|
|
524
|
+
type: 'regex',
|
|
525
|
+
pattern: 'CryptoNight|RandomX|Ethash',
|
|
526
|
+
flags: 'g'
|
|
527
|
+
},
|
|
528
|
+
{
|
|
529
|
+
type: 'regex',
|
|
530
|
+
pattern: 'miner\\.(?:start|stop|mine)',
|
|
531
|
+
flags: 'gi'
|
|
532
|
+
},
|
|
533
|
+
{
|
|
534
|
+
type: 'regex',
|
|
535
|
+
pattern: 'hashrate|nonce.*difficulty',
|
|
536
|
+
flags: 'gi'
|
|
537
|
+
}
|
|
538
|
+
],
|
|
539
|
+
remediation: 'Remove cryptocurrency mining code immediately. This is resource theft. Investigate how this code was introduced and review access controls.',
|
|
540
|
+
enabled: true,
|
|
541
|
+
tags: ['cryptominer', 'resource-abuse', 'malware']
|
|
542
|
+
}
|
|
543
|
+
];
|
|
544
|
+
/**
|
|
545
|
+
* Keylogger Detection Rules
|
|
546
|
+
*/
|
|
547
|
+
const keyloggerRules = [
|
|
548
|
+
{
|
|
549
|
+
id: 'MAL-KEY-001',
|
|
550
|
+
name: 'Potential Keylogger',
|
|
551
|
+
description: 'Code pattern consistent with keylogging behavior detected. Keyloggers capture and potentially exfiltrate user keystrokes.',
|
|
552
|
+
languages: ['javascript', 'typescript', 'python', 'csharp', 'c', 'cpp'],
|
|
553
|
+
threatType: types_1.ThreatType.KEYLOGGER,
|
|
554
|
+
category: types_1.FindingCategory.MALWARE,
|
|
555
|
+
severity: types_1.Severity.CRITICAL,
|
|
556
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.KEYLOGGER),
|
|
557
|
+
patterns: [
|
|
558
|
+
{
|
|
559
|
+
type: 'regex',
|
|
560
|
+
pattern: 'addEventListener\\s*\\([\'"]key(?:down|up|press)[\'"]',
|
|
561
|
+
flags: 'gi'
|
|
562
|
+
},
|
|
563
|
+
{
|
|
564
|
+
type: 'regex',
|
|
565
|
+
pattern: 'onkey(?:down|up|press)\\s*=',
|
|
566
|
+
flags: 'gi'
|
|
567
|
+
},
|
|
568
|
+
{
|
|
569
|
+
type: 'regex',
|
|
570
|
+
pattern: 'pynput\\.keyboard\\.Listener',
|
|
571
|
+
flags: 'gi'
|
|
572
|
+
},
|
|
573
|
+
{
|
|
574
|
+
type: 'regex',
|
|
575
|
+
pattern: 'GetAsyncKeyState|SetWindowsHookEx.*WH_KEYBOARD',
|
|
576
|
+
flags: 'gi'
|
|
577
|
+
},
|
|
578
|
+
{
|
|
579
|
+
type: 'regex',
|
|
580
|
+
pattern: 'keyboard\\.on_(?:press|release)',
|
|
581
|
+
flags: 'gi'
|
|
582
|
+
}
|
|
583
|
+
],
|
|
584
|
+
remediation: 'This code captures keyboard input. If not intentional for legitimate purposes (like accessibility), remove immediately and investigate.',
|
|
585
|
+
enabled: true,
|
|
586
|
+
tags: ['keylogger', 'spyware', 'malware', 'critical']
|
|
587
|
+
}
|
|
588
|
+
];
|
|
589
|
+
/**
|
|
590
|
+
* Data Exfiltration Detection Rules
|
|
591
|
+
*/
|
|
592
|
+
const exfiltrationRules = [
|
|
593
|
+
{
|
|
594
|
+
id: 'MAL-EXFIL-001',
|
|
595
|
+
name: 'Suspicious Data Exfiltration',
|
|
596
|
+
description: 'Code pattern suggests collection and transmission of sensitive data to external endpoints.',
|
|
597
|
+
languages: ['javascript', 'typescript', 'python', 'php'],
|
|
598
|
+
threatType: types_1.ThreatType.DATA_EXFILTRATION,
|
|
599
|
+
category: types_1.FindingCategory.MALWARE,
|
|
600
|
+
severity: types_1.Severity.CRITICAL,
|
|
601
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.DATA_EXFILTRATION),
|
|
602
|
+
patterns: [
|
|
603
|
+
{
|
|
604
|
+
type: 'regex',
|
|
605
|
+
pattern: 'document\\.cookie.*(?:fetch|XMLHttpRequest|ajax|axios)',
|
|
606
|
+
flags: 'gis'
|
|
607
|
+
},
|
|
608
|
+
{
|
|
609
|
+
type: 'regex',
|
|
610
|
+
pattern: 'localStorage.*(?:fetch|XMLHttpRequest|ajax)',
|
|
611
|
+
flags: 'gis'
|
|
612
|
+
},
|
|
613
|
+
{
|
|
614
|
+
type: 'regex',
|
|
615
|
+
pattern: '(?:password|credit|ssn|secret).*(?:http|fetch|post)',
|
|
616
|
+
flags: 'gis'
|
|
617
|
+
},
|
|
618
|
+
{
|
|
619
|
+
type: 'regex',
|
|
620
|
+
pattern: 'navigator\\.(?:credentials|clipboard).*fetch',
|
|
621
|
+
flags: 'gis'
|
|
622
|
+
}
|
|
623
|
+
],
|
|
624
|
+
remediation: 'This code appears to collect and transmit sensitive data. Verify this is intentional and authorized. If not, remove immediately and audit data flows.',
|
|
625
|
+
enabled: true,
|
|
626
|
+
tags: ['exfiltration', 'data-theft', 'malware']
|
|
627
|
+
}
|
|
628
|
+
];
|
|
629
|
+
/**
|
|
630
|
+
* Obfuscated Code Detection Rules
|
|
631
|
+
*/
|
|
632
|
+
const obfuscationRules = [
|
|
633
|
+
{
|
|
634
|
+
id: 'MAL-OBF-001',
|
|
635
|
+
name: 'Heavily Obfuscated Code',
|
|
636
|
+
description: 'Code appears to be heavily obfuscated, potentially hiding malicious functionality. Legitimate code rarely requires this level of obfuscation.',
|
|
637
|
+
languages: ['javascript', 'typescript', 'python', 'php'],
|
|
638
|
+
threatType: types_1.ThreatType.OBFUSCATED_CODE,
|
|
639
|
+
category: types_1.FindingCategory.MALWARE,
|
|
640
|
+
severity: types_1.Severity.HIGH,
|
|
641
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.OBFUSCATED_CODE),
|
|
642
|
+
patterns: [
|
|
643
|
+
{
|
|
644
|
+
type: 'regex',
|
|
645
|
+
pattern: '\\\\x[0-9a-f]{2}(?:\\\\x[0-9a-f]{2}){10,}',
|
|
646
|
+
flags: 'gi'
|
|
647
|
+
},
|
|
648
|
+
{
|
|
649
|
+
type: 'regex',
|
|
650
|
+
pattern: '\\\\u[0-9a-f]{4}(?:\\\\u[0-9a-f]{4}){10,}',
|
|
651
|
+
flags: 'gi'
|
|
652
|
+
},
|
|
653
|
+
{
|
|
654
|
+
type: 'regex',
|
|
655
|
+
pattern: 'String\\.fromCharCode\\s*\\([^)]{50,}\\)',
|
|
656
|
+
flags: 'gi'
|
|
657
|
+
},
|
|
658
|
+
{
|
|
659
|
+
type: 'regex',
|
|
660
|
+
pattern: 'atob\\s*\\([\'"][A-Za-z0-9+/=]{100,}[\'"]\\)',
|
|
661
|
+
flags: 'g'
|
|
662
|
+
},
|
|
663
|
+
{
|
|
664
|
+
type: 'regex',
|
|
665
|
+
pattern: 'eval\\s*\\(\\s*(?:atob|Buffer\\.from|unescape)',
|
|
666
|
+
flags: 'gi'
|
|
667
|
+
},
|
|
668
|
+
{
|
|
669
|
+
type: 'regex',
|
|
670
|
+
pattern: '_0x[a-f0-9]{4,}',
|
|
671
|
+
flags: 'gi'
|
|
672
|
+
}
|
|
673
|
+
],
|
|
674
|
+
remediation: 'Heavily obfuscated code should be investigated. Deobfuscate and review the actual functionality. Consider removing if source cannot be verified.',
|
|
675
|
+
enabled: true,
|
|
676
|
+
tags: ['obfuscation', 'suspicious', 'malware']
|
|
677
|
+
}
|
|
678
|
+
];
|
|
679
|
+
/**
|
|
680
|
+
* Embedded Payload Detection Rules
|
|
681
|
+
*/
|
|
682
|
+
const payloadRules = [
|
|
683
|
+
{
|
|
684
|
+
id: 'MAL-PAYLOAD-001',
|
|
685
|
+
name: 'Embedded Binary Payload',
|
|
686
|
+
description: 'Large base64-encoded or hex-encoded data detected that may contain embedded malware or executable payloads.',
|
|
687
|
+
languages: ['javascript', 'typescript', 'python', 'php', 'java', 'csharp'],
|
|
688
|
+
threatType: types_1.ThreatType.EMBEDDED_PAYLOAD,
|
|
689
|
+
category: types_1.FindingCategory.MALWARE,
|
|
690
|
+
severity: types_1.Severity.HIGH,
|
|
691
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.EMBEDDED_PAYLOAD),
|
|
692
|
+
patterns: [
|
|
693
|
+
{
|
|
694
|
+
type: 'regex',
|
|
695
|
+
pattern: '[\'"][A-Za-z0-9+/]{500,}={0,2}[\'"]',
|
|
696
|
+
flags: 'g'
|
|
697
|
+
},
|
|
698
|
+
{
|
|
699
|
+
type: 'regex',
|
|
700
|
+
pattern: '(?:4d5a|7f454c46|cafebabe)[0-9a-f]{100,}',
|
|
701
|
+
flags: 'gi'
|
|
702
|
+
},
|
|
703
|
+
{
|
|
704
|
+
type: 'regex',
|
|
705
|
+
pattern: 'base64\\.b64decode\\s*\\([\'"][A-Za-z0-9+/]{200,}',
|
|
706
|
+
flags: 'g'
|
|
707
|
+
}
|
|
708
|
+
],
|
|
709
|
+
remediation: 'Large embedded binary data should be investigated. Extract and analyze the payload. If legitimate, document its purpose; otherwise, remove.',
|
|
710
|
+
enabled: true,
|
|
711
|
+
tags: ['payload', 'binary', 'embedded', 'malware']
|
|
712
|
+
}
|
|
713
|
+
];
|
|
714
|
+
/**
|
|
715
|
+
* Suspicious Network Activity Rules
|
|
716
|
+
*/
|
|
717
|
+
const networkRules = [
|
|
718
|
+
{
|
|
719
|
+
id: 'MAL-NET-001',
|
|
720
|
+
name: 'Suspicious External Connection',
|
|
721
|
+
description: 'Code makes connections to external IP addresses or suspicious domains. This may indicate C2 communication or data exfiltration.',
|
|
722
|
+
languages: ['javascript', 'typescript', 'python', 'php', 'java', 'csharp'],
|
|
723
|
+
threatType: types_1.ThreatType.SUSPICIOUS_NETWORK,
|
|
724
|
+
category: types_1.FindingCategory.MALWARE,
|
|
725
|
+
severity: types_1.Severity.MEDIUM,
|
|
726
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.SUSPICIOUS_NETWORK),
|
|
727
|
+
patterns: [
|
|
728
|
+
{
|
|
729
|
+
type: 'regex',
|
|
730
|
+
pattern: '(?:fetch|axios|request|http).*(?:pastebin|hastebin|ghostbin)',
|
|
731
|
+
flags: 'gi'
|
|
732
|
+
},
|
|
733
|
+
{
|
|
734
|
+
type: 'regex',
|
|
735
|
+
pattern: '(?:fetch|axios|request).*\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}',
|
|
736
|
+
flags: 'gi'
|
|
737
|
+
},
|
|
738
|
+
{
|
|
739
|
+
type: 'regex',
|
|
740
|
+
pattern: '\\.(?:onion|bit|i2p)[\\/\\s\\\'\\"]',
|
|
741
|
+
flags: 'gi'
|
|
742
|
+
},
|
|
743
|
+
{
|
|
744
|
+
type: 'regex',
|
|
745
|
+
pattern: 'ngrok\\.io|serveo\\.net|localhost\\.run',
|
|
746
|
+
flags: 'gi'
|
|
747
|
+
}
|
|
748
|
+
],
|
|
749
|
+
remediation: 'Review all external network connections. Verify destinations are legitimate and authorized. Block unauthorized external communications.',
|
|
750
|
+
enabled: true,
|
|
751
|
+
tags: ['network', 'c2', 'suspicious', 'malware']
|
|
752
|
+
}
|
|
753
|
+
];
|
|
754
|
+
/**
|
|
755
|
+
* Malicious Loader Detection Rules
|
|
756
|
+
*/
|
|
757
|
+
const loaderRules = [
|
|
758
|
+
{
|
|
759
|
+
id: 'MAL-LOAD-001',
|
|
760
|
+
name: 'Dynamic Code Loading',
|
|
761
|
+
description: 'Code dynamically loads and executes external content. This is a common technique for loading malware payloads.',
|
|
762
|
+
languages: ['javascript', 'typescript', 'python', 'php'],
|
|
763
|
+
threatType: types_1.ThreatType.MALICIOUS_LOADER,
|
|
764
|
+
category: types_1.FindingCategory.MALWARE,
|
|
765
|
+
severity: types_1.Severity.HIGH,
|
|
766
|
+
standards: (0, standards_1.getStandardsForThreat)(types_1.ThreatType.MALICIOUS_LOADER),
|
|
767
|
+
patterns: [
|
|
768
|
+
{
|
|
769
|
+
type: 'regex',
|
|
770
|
+
pattern: 'eval\\s*\\(\\s*(?:fetch|axios|request|http\\.get)',
|
|
771
|
+
flags: 'gis'
|
|
772
|
+
},
|
|
773
|
+
{
|
|
774
|
+
type: 'regex',
|
|
775
|
+
pattern: 'document\\.write\\s*\\([\'"]<script[^>]*src=',
|
|
776
|
+
flags: 'gi'
|
|
777
|
+
},
|
|
778
|
+
{
|
|
779
|
+
type: 'regex',
|
|
780
|
+
pattern: 'exec\\s*\\(\\s*(?:urllib|requests)\\.get',
|
|
781
|
+
flags: 'gis'
|
|
782
|
+
},
|
|
783
|
+
{
|
|
784
|
+
type: 'regex',
|
|
785
|
+
pattern: '\\.createElement\\s*\\([\'"]script[\'"]\\)[\\s\\S]*\\.src\\s*=',
|
|
786
|
+
flags: 'gim'
|
|
787
|
+
}
|
|
788
|
+
],
|
|
789
|
+
remediation: 'Dynamic code loading from external sources is dangerous. Use Content Security Policy. Verify all external code sources and use integrity checks.',
|
|
790
|
+
enabled: true,
|
|
791
|
+
tags: ['loader', 'dynamic', 'remote-code', 'malware']
|
|
792
|
+
}
|
|
793
|
+
];
|
|
794
|
+
/**
|
|
795
|
+
* Export all malware rules (LEGACY COMPATIBILITY)
|
|
796
|
+
* For backward compatibility with existing codebase
|
|
797
|
+
*/
|
|
798
|
+
exports.malwareRules = [
|
|
799
|
+
...backdoorRules,
|
|
800
|
+
...cryptominerRules,
|
|
801
|
+
...keyloggerRules,
|
|
802
|
+
...exfiltrationRules,
|
|
803
|
+
...obfuscationRules,
|
|
804
|
+
...payloadRules,
|
|
805
|
+
...networkRules,
|
|
806
|
+
...loaderRules
|
|
807
|
+
];
|
|
808
|
+
// ============================================================================
|
|
809
|
+
// DEFAULT EXPORT
|
|
810
|
+
// ============================================================================
|
|
811
|
+
exports.default = {
|
|
812
|
+
// New Engine API
|
|
813
|
+
MalwareRuleEngine: engine_2.MalwareRuleEngine,
|
|
814
|
+
createMalwareEngine,
|
|
815
|
+
createCriticalOnlyEngine,
|
|
816
|
+
createCustomEngine,
|
|
817
|
+
// New Rules (v2)
|
|
818
|
+
allMalwareRules: exports.allMalwareRules,
|
|
819
|
+
backdoorRulesV2: backdoors_1.backdoorRules,
|
|
820
|
+
cryptominerRules,
|
|
821
|
+
keyloggerRules,
|
|
822
|
+
exfiltrationRules,
|
|
823
|
+
obfuscationRules,
|
|
824
|
+
loaderRules,
|
|
825
|
+
networkRules,
|
|
826
|
+
// Convenience functions
|
|
827
|
+
scanForMalware,
|
|
828
|
+
hasMalwareCategory,
|
|
829
|
+
generateMalwareReport,
|
|
830
|
+
getModuleInfo,
|
|
831
|
+
// Legacy compatibility
|
|
832
|
+
malwareRules: exports.malwareRules,
|
|
833
|
+
backdoorRules,
|
|
834
|
+
// Metadata
|
|
835
|
+
MALWARE_MODULE_INFO: exports.MALWARE_MODULE_INFO
|
|
836
|
+
};
|
|
837
|
+
//# sourceMappingURL=index.js.map
|