secure-scan 1.2.2

package/dist/analyzers/csharp/csharpAnalyzer.js

@@ -0,0 +1,232 @@
+"use strict";
+/**
+ * C# Analyzer
+ * Specialized analyzer for C# code
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CSharpAnalyzer = void 0;
+const base_1 = require("../base");
+const types_1 = require("../../types");
+const utils_1 = require("../../utils");
+const standards_1 = require("../../rules/standards");
+/**
+ * C# Analyzer Class
+ */
+class CSharpAnalyzer extends base_1.BaseAnalyzer {
+    name = 'C# Analyzer';
+    languages = ['csharp'];
+    version = '1.0.0';
+    /**
+     * Analyze C# file
+     */
+    async analyze(file, rules) {
+        const findings = [];
+        // Filter rules for C#
+        const csRules = rules.filter(r => r.languages.includes('csharp'));
+        // Run rule engine
+        const ruleFindings = await this.ruleEngine.analyzeFile(file, csRules);
+        findings.push(...ruleFindings);
+        // Additional C#-specific analysis
+        const customFindings = await this.customAnalysis(file);
+        findings.push(...customFindings);
+        return findings;
+    }
+    /**
+     * Custom C#-specific analysis
+     */
+    async customAnalysis(file) {
+        const findings = [];
+        const lines = file.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Check for SQL injection
+            if (this.checkSqlInjection(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Potential SQL Injection', 'String concatenation in SQL query. Use parameterized queries.', types_1.Severity.CRITICAL, types_1.ThreatType.SQL_INJECTION));
+            }
+            // Check for command injection
+            if (this.checkCommandInjection(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Command Injection Risk', 'Process.Start with potentially user-controlled arguments.', types_1.Severity.CRITICAL, types_1.ThreatType.COMMAND_INJECTION));
+            }
+            // Check for deserialization
+            if (this.checkDeserialization(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Insecure Deserialization', 'BinaryFormatter and similar can execute arbitrary code.', types_1.Severity.CRITICAL, types_1.ThreatType.INSECURE_DESERIALIZATION));
+            }
+            // Check for XXE
+            if (this.checkXxe(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Potential XXE Vulnerability', 'XML parser may be vulnerable to XXE attacks.', types_1.Severity.HIGH, types_1.ThreatType.DANGEROUS_FUNCTION));
+            }
+            // Check for LDAP injection
+            if (this.checkLdapInjection(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Potential LDAP Injection', 'LDAP query with user-controlled input.', types_1.Severity.HIGH, types_1.ThreatType.LDAP_INJECTION));
+            }
+            // Check for path traversal
+            if (this.checkPathTraversal(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Path Traversal Risk', 'File operation with potentially user-controlled path.', types_1.Severity.HIGH, types_1.ThreatType.PATH_TRAVERSAL));
+            }
+            // Check for weak crypto
+            if (this.checkWeakCrypto(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Weak Cryptographic Algorithm', 'Use of weak or deprecated cryptographic algorithm.', types_1.Severity.MEDIUM, types_1.ThreatType.INSECURE_CRYPTO));
+            }
+            // Check for hardcoded credentials
+            if (this.checkHardcodedCredentials(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Hardcoded Credentials', 'Credentials appear to be hardcoded in source code.', types_1.Severity.HIGH, types_1.ThreatType.HARDCODED_CREDENTIALS));
+            }
+            // Check for unsafe reflection
+            if (this.checkUnsafeReflection(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Unsafe Reflection', 'Type.GetType with user input can load malicious assemblies.', types_1.Severity.HIGH, types_1.ThreatType.DANGEROUS_FUNCTION));
+            }
+        }
+        return findings;
+    }
+    /**
+     * Check for SQL injection
+     */
+    checkSqlInjection(line) {
+        const patterns = [
+            /SqlCommand\s*\([^)]*\+/,
+            /ExecuteReader\s*\(\s*["'][^'"]*\+/,
+            /ExecuteNonQuery\s*\(\s*["'][^'"]*\+/,
+            /["']SELECT[^'"]*["']\s*\+/i,
+            /["']INSERT[^'"]*["']\s*\+/i,
+            /["']UPDATE[^'"]*["']\s*\+/i,
+            /["']DELETE[^'"]*["']\s*\+/i,
+            /FromSqlRaw\s*\([^)]*\+/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for command injection
+     */
+    checkCommandInjection(line) {
+        const patterns = [
+            /Process\.Start\s*\([^)]*\+/,
+            /ProcessStartInfo\s*\{[^}]*Arguments\s*=\s*[^}]*\+/,
+            /new\s+ProcessStartInfo\s*\([^)]*\+/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for insecure deserialization
+     */
+    checkDeserialization(line) {
+        const patterns = [
+            /BinaryFormatter\s*\(\s*\)/,
+            /\.Deserialize\s*\(/,
+            /NetDataContractSerializer/,
+            /SoapFormatter/,
+            /ObjectStateFormatter/,
+            /LosFormatter/,
+            /JavaScriptSerializer\s*\(\s*\).*Deserialize/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for XXE
+     */
+    checkXxe(line) {
+        const patterns = [
+            /XmlDocument\s*\(\s*\)/,
+            /XmlTextReader\s*\(/,
+            /new\s+XmlReaderSettings\s*\(\s*\)/
+        ];
+        if (patterns.some(p => p.test(line))) {
+            // Check if DtdProcessing is properly configured
+            if (!/DtdProcessing\s*=\s*DtdProcessing\.Prohibit/.test(line)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Check for LDAP injection
+     */
+    checkLdapInjection(line) {
+        const patterns = [
+            /DirectorySearcher\s*\([^)]*\+/,
+            /FindAll\s*\(\s*["'][^'"]*\+/,
+            /Filter\s*=\s*["'][^'"]*\+/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for path traversal
+     */
+    checkPathTraversal(line) {
+        const patterns = [
+            /File\.(?:ReadAll|WriteAll|Open|Delete)\s*\([^)]*\+/,
+            /new\s+FileStream\s*\([^)]*\+/,
+            /Path\.Combine\s*\([^)]*Request\./i,
+            /Directory\.(?:GetFiles|Delete|Create)\s*\([^)]*\+/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for weak crypto
+     */
+    checkWeakCrypto(line) {
+        const patterns = [
+            /\bMD5\.Create\s*\(\s*\)/,
+            /\bSHA1\.Create\s*\(\s*\)/,
+            /\bDES\.Create\s*\(\s*\)/,
+            /\bTripleDES\.Create\s*\(\s*\)/,
+            /\bRC2\.Create\s*\(\s*\)/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for hardcoded credentials
+     */
+    checkHardcodedCredentials(line) {
+        const patterns = [
+            /(?:password|pwd|passwd)\s*=\s*["'][^"']{4,}["']/i,
+            /(?:connectionString|connStr).*(?:password|pwd)\s*=/i,
+            /SqlConnection\s*\([^)]*password\s*=/i
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Check for unsafe reflection
+     */
+    checkUnsafeReflection(line) {
+        const patterns = [
+            /Type\.GetType\s*\([^)]*\+/,
+            /Assembly\.Load(?:From|File)?\s*\([^)]*\+/,
+            /Activator\.CreateInstance\s*\([^)]*GetType/
+        ];
+        return patterns.some(p => p.test(line));
+    }
+    /**
+     * Create generic finding
+     */
+    createFinding(file, lineNum, title, description, severity, threatType) {
+        const context = (0, utils_1.extractCodeContext)(file.content, lineNum, 2);
+        return {
+            id: (0, utils_1.generateId)(),
+            title,
+            description,
+            severity,
+            threatType,
+            category: types_1.FindingCategory.VULNERABILITY,
+            location: {
+                file: file.relativePath,
+                startLine: lineNum,
+                endLine: lineNum
+            },
+            snippet: {
+                code: context.code,
+                contextBefore: context.contextBefore,
+                contextAfter: context.contextAfter
+            },
+            standards: (0, standards_1.getStandardsForThreat)(threatType),
+            remediation: 'Review and fix the identified issue.',
+            confidence: 75,
+            analyzer: this.name,
+            timestamp: new Date(),
+            tags: ['csharp', 'dotnet']
+        };
+    }
+}
+exports.CSharpAnalyzer = CSharpAnalyzer;
+exports.default = CSharpAnalyzer;
+//# sourceMappingURL=csharpAnalyzer.js.map

package/dist/analyzers/csharp/csharpAnalyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csharpAnalyzer.js","sourceRoot":"","sources":["../../../src/analyzers/csharp/csharpAnalyzer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,kCAAuC;AACvC,uCAAmH;AACnH,uCAA6D;AAC7D,qDAA8D;AAE9D;;GAEG;AACH,MAAa,cAAe,SAAQ,mBAAY;IAC9C,IAAI,GAAG,aAAa,CAAC;IACrB,SAAS,GAAwB,CAAC,QAAQ,CAAC,CAAC;IAC5C,OAAO,GAAG,OAAO,CAAC;IAElB;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,IAAiB,EAAE,KAAa;QAC5C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,sBAAsB;QACtB,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAElE,kBAAkB;QAClB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QAE/B,kCAAkC;QAClC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;QAEjC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,IAAiB;QAC5C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,0BAA0B;YAC1B,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,yBAAyB,EACzB,+DAA+D,EAC/D,gBAAQ,CAAC,QAAQ,EACjB,kBAAU,CAAC,aAAa,CACzB,CAAC,CAAC;YACL,CAAC;YAED,8BAA8B;YAC9B,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,wBAAwB,EACxB,2DAA2D,EAC3D,gBAAQ,CAAC,QAAQ,EACjB,kBAAU,CAAC,iBAAiB,CAC7B,CAAC,CAAC;YACL,CAAC;YAED,4BAA4B;YAC5B,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,0BAA0B,EAC1B,yDAAyD,EACzD,gBAAQ,CAAC,QAAQ,EACjB,kBAAU,CAAC,wBAAwB,CACpC,CAAC,CAAC;YACL,CAAC;YAED,gBAAgB;YAChB,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,6BAA6B,EAC7B,8CAA8C,EAC9C,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,kBAAkB,CAC9B,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,0BAA0B,EAC1B,wCAAwC,EACxC,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,cAAc,CAC1B,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,qBAAqB,EACrB,uDAAuD,EACvD,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,cAAc,CAC1B,CAAC,CAAC;YACL,CAAC;YAED,wBAAwB;YACxB,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,8BAA8B,EAC9B,oDAAoD,EACpD,gBAAQ,CAAC,MAAM,EACf,kBAAU,CAAC,eAAe,CAC3B,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,IAAI,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,uBAAuB,EACvB,oDAAoD,EACpD,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,qBAAqB,CACjC,CAAC,CAAC;YACL,CAAC;YAED,8BAA8B;YAC9B,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EACJ,OAAO,EACP,mBAAmB,EACnB,6DAA6D,EAC7D,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,kBAAkB,CAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,IAAY;QACpC,MAAM,QAAQ,GAAG;YACf,wBAAwB;YACxB,mCAAmC;YACnC,qCAAqC;YACrC,4BAA4B;YAC5B,4BAA4B;YAC5B,4BAA4B;YAC5B,4BAA4B;YAC5B,wBAAwB;SACzB,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,IAAY;QACxC,MAAM,QAAQ,GAAG;YACf,4BAA4B;YAC5B,mDAAmD;YACnD,oCAAoC;SACrC,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,IAAY;QACvC,MAAM,QAAQ,GAAG;YACf,2BAA2B;YAC3B,oBAAoB;YACpB,2BAA2B;YAC3B,eAAe;YACf,sBAAsB;YACtB,cAAc;YACd,6CAA6C;SAC9C,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,IAAY;QAC3B,MAAM,QAAQ,GAAG;YACf,uBAAuB;YACvB,oBAAoB;YACpB,mCAAmC;SACpC,CAAC;QACF,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACrC,gDAAgD;YAChD,IAAI,CAAC,6CAA6C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,IAAY;QACrC,MAAM,QAAQ,GAAG;YACf,+BAA+B;YAC/B,6BAA6B;YAC7B,2BAA2B;SAC5B,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,IAAY;QACrC,MAAM,QAAQ,GAAG;YACf,oDAAoD;YACpD,8BAA8B;YAC9B,mCAAmC;YACnC,mDAAmD;SACpD,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAY;QAClC,MAAM,QAAQ,GAAG;YACf,yBAAyB;YACzB,0BAA0B;YAC1B,yBAAyB;YACzB,+BAA+B;YAC/B,yBAAyB;SAC1B,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,IAAY;QAC5C,MAAM,QAAQ,GAAG;YACf,kDAAkD;YAClD,qDAAqD;YACrD,sCAAsC;SACvC,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,IAAY;QACxC,MAAM,QAAQ,GAAG;YACf,2BAA2B;YAC3B,0CAA0C;YAC1C,4CAA4C;SAC7C,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,aAAa,CACnB,IAAiB,EACjB,OAAe,EACf,KAAa,EACb,WAAmB,EACnB,QAAkB,EAClB,UAAsB;QAEtB,MAAM,OAAO,GAAG,IAAA,0BAAkB,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAE7D,OAAO;YACL,EAAE,EAAE,IAAA,kBAAU,GAAE;YAChB,KAAK;YACL,WAAW;YACX,QAAQ;YACR,UAAU;YACV,QAAQ,EAAE,uBAAe,CAAC,aAAa;YACvC,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,YAAY;gBACvB,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,OAAO;aACjB;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC;YACD,SAAS,EAAE,IAAA,iCAAqB,EAAC,UAAU,CAAC;YAC5C,WAAW,EAAE,sCAAsC;YACnD,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;SAC3B,CAAC;IACJ,CAAC;CACF;AAxTD,wCAwTC;AAED,kBAAe,cAAc,CAAC"}

package/dist/analyzers/csharp/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * C# Analyzer Exports
+ */
+export * from './csharpAnalyzer';
+//# sourceMappingURL=index.d.ts.map

package/dist/analyzers/csharp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/csharp/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,kBAAkB,CAAC"}

package/dist/analyzers/csharp/index.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * C# Analyzer Exports
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./csharpAnalyzer"), exports);
+//# sourceMappingURL=index.js.map

package/dist/analyzers/csharp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/csharp/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;AAEH,mDAAiC"}

package/dist/analyzers/iac/iacAnalyzer.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Infrastructure as Code (IaC) Analyzer
+ * Analyzes Dockerfile, YAML, Terraform, CI/CD configurations
+ */
+import { BaseAnalyzer } from '../base';
+import { ScannedFile, Finding, Rule, SupportedLanguage } from '../../types';
+/**
+ * IaC Analyzer Class
+ */
+export declare class IaCAnalyzer extends BaseAnalyzer {
+    name: string;
+    languages: SupportedLanguage[];
+    version: string;
+    /**
+     * Analyze IaC file
+     */
+    analyze(file: ScannedFile, rules: Rule[]): Promise<Finding[]>;
+    /**
+     * Analyze Dockerfile
+     */
+    private analyzeDockerfile;
+    /**
+     * Analyze YAML (GitHub Actions, GitLab CI, etc.)
+     */
+    private analyzeYaml;
+    /**
+     * Analyze Terraform
+     */
+    private analyzeTerraform;
+    /**
+     * Create generic finding
+     */
+    private createFinding;
+}
+export default IaCAnalyzer;
+//# sourceMappingURL=iacAnalyzer.d.ts.map

package/dist/analyzers/iac/iacAnalyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iacAnalyzer.d.ts","sourceRoot":"","sources":["../../../src/analyzers/iac/iacAnalyzer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAyC,MAAM,aAAa,CAAC;AAInH;;GAEG;AACH,qBAAa,WAAY,SAAQ,YAAY;IAC3C,IAAI,SAAkB;IACtB,SAAS,EAAE,iBAAiB,EAAE,CAAuC;IACrE,OAAO,SAAW;IAElB;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IAkBnE;;OAEG;YACW,iBAAiB;IAyF/B;;OAEG;YACW,WAAW;IAyEzB;;OAEG;YACW,gBAAgB;IAmE9B;;OAEG;IACH,OAAO,CAAC,aAAa;CAmCtB;AAED,eAAe,WAAW,CAAC"}

package/dist/analyzers/iac/iacAnalyzer.js

@@ -0,0 +1,182 @@
+"use strict";
+/**
+ * Infrastructure as Code (IaC) Analyzer
+ * Analyzes Dockerfile, YAML, Terraform, CI/CD configurations
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IaCAnalyzer = void 0;
+const base_1 = require("../base");
+const types_1 = require("../../types");
+const utils_1 = require("../../utils");
+const standards_1 = require("../../rules/standards");
+/**
+ * IaC Analyzer Class
+ */
+class IaCAnalyzer extends base_1.BaseAnalyzer {
+    name = 'IaC Analyzer';
+    languages = ['dockerfile', 'yaml', 'terraform'];
+    version = '1.0.0';
+    /**
+     * Analyze IaC file
+     */
+    async analyze(file, rules) {
+        const findings = [];
+        // Determine file type and analyze accordingly
+        if (file.language === 'dockerfile' || file.relativePath.toLowerCase().includes('dockerfile')) {
+            const dockerFindings = await this.analyzeDockerfile(file);
+            findings.push(...dockerFindings);
+        }
+        else if (file.language === 'yaml' || file.extension === '.yml' || file.extension === '.yaml') {
+            const yamlFindings = await this.analyzeYaml(file);
+            findings.push(...yamlFindings);
+        }
+        else if (file.language === 'terraform') {
+            const tfFindings = await this.analyzeTerraform(file);
+            findings.push(...tfFindings);
+        }
+        return findings;
+    }
+    /**
+     * Analyze Dockerfile
+     */
+    async analyzeDockerfile(file) {
+        const findings = [];
+        const lines = file.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            const lineNum = i + 1;
+            // Check for running as root
+            if (/^USER\s+root/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Container Running as Root', 'Running containers as root is a security risk.', types_1.Severity.MEDIUM, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for latest tag
+            if (/^FROM\s+\S+:latest/i.test(line) || /^FROM\s+[^:]+\s*$/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Using Latest Tag', 'Using "latest" tag can lead to unpredictable builds.', types_1.Severity.LOW, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for secrets in ENV
+            if (/^ENV\s+.*(?:PASSWORD|SECRET|KEY|TOKEN|API_KEY)\s*=/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Secrets in Environment Variable', 'Secrets should not be baked into images via ENV.', types_1.Severity.HIGH, types_1.ThreatType.HARDCODED_CREDENTIALS));
+            }
+            // Check for ADD instead of COPY
+            if (/^ADD\s+https?:\/\//i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'ADD with Remote URL', 'ADD with URL can introduce security risks. Use curl/wget with verification.', types_1.Severity.MEDIUM, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for sudo usage
+            if (/\bsudo\b/.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Sudo in Dockerfile', 'Using sudo in Dockerfile is unnecessary and may indicate issues.', types_1.Severity.LOW, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for curl/wget piped to shell
+            if (/(?:curl|wget)\s+[^|]*\|\s*(?:bash|sh)/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Curl Pipe to Shell', 'Piping curl/wget to shell is dangerous without verification.', types_1.Severity.HIGH, types_1.ThreatType.MALICIOUS_LOADER));
+            }
+            // Check for privileged mode hints
+            if (/--privileged|--cap-add/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Privileged Container', 'Privileged containers can access host resources.', types_1.Severity.HIGH, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+        }
+        return findings;
+    }
+    /**
+     * Analyze YAML (GitHub Actions, GitLab CI, etc.)
+     */
+    async analyzeYaml(file) {
+        const findings = [];
+        const lines = file.content.split('\n');
+        const isGitHubActions = file.relativePath.includes('.github/workflows');
+        const isGitLabCI = file.relativePath.includes('.gitlab-ci');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Check for secrets in plain text
+            if (/(?:password|secret|api_key|token|key):\s*["']?[^${\s][^"'\s]+/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Hardcoded Secret in YAML', 'Secrets should use environment variables or secret management.', types_1.Severity.HIGH, types_1.ThreatType.HARDCODED_CREDENTIALS));
+            }
+            // GitHub Actions specific checks
+            if (isGitHubActions) {
+                // Check for pull_request_target with checkout
+                if (/pull_request_target/.test(line)) {
+                    findings.push(this.createFinding(file, lineNum, 'pull_request_target Event', 'pull_request_target with actions/checkout can be dangerous.', types_1.Severity.MEDIUM, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+                }
+                // Check for script injection
+                if (/\$\{\{\s*github\.event\..*\.body\s*\}\}/.test(line) ||
+                    /\$\{\{\s*github\.event\..*\.title\s*\}\}/.test(line)) {
+                    findings.push(this.createFinding(file, lineNum, 'Potential Script Injection', 'Using untrusted input in run commands can lead to injection.', types_1.Severity.HIGH, types_1.ThreatType.COMMAND_INJECTION));
+                }
+                // Check for third-party actions without pinning
+                if (/uses:\s*\S+\/\S+@(?:main|master|v\d+)/.test(line)) {
+                    findings.push(this.createFinding(file, lineNum, 'Unpinned GitHub Action', 'Pin actions to commit SHA for supply chain security.', types_1.Severity.LOW, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+                }
+            }
+            // Check for curl/wget to shell
+            if (/(?:curl|wget)\s+[^|]*\|\s*(?:bash|sh)/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Curl Pipe to Shell in CI', 'Dangerous pattern that can execute malicious code.', types_1.Severity.HIGH, types_1.ThreatType.MALICIOUS_LOADER));
+            }
+        }
+        return findings;
+    }
+    /**
+     * Analyze Terraform
+     */
+    async analyzeTerraform(file) {
+        const findings = [];
+        const lines = file.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Check for hardcoded secrets
+            if (/(?:password|secret|api_key|access_key|secret_key)\s*=\s*["'][^"'$]+["']/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Hardcoded Secret in Terraform', 'Use variables or secret management for sensitive values.', types_1.Severity.HIGH, types_1.ThreatType.HARDCODED_CREDENTIALS));
+            }
+            // Check for open security groups
+            if (/cidr_blocks\s*=\s*\[\s*["']0\.0\.0\.0\/0["']\s*\]/.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Open Security Group', 'Security group allows access from any IP address.', types_1.Severity.HIGH, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for unencrypted storage
+            if (/encrypted\s*=\s*false/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Unencrypted Storage', 'Storage resources should be encrypted at rest.', types_1.Severity.MEDIUM, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for public access
+            if (/publicly_accessible\s*=\s*true/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'Publicly Accessible Resource', 'Resources should not be publicly accessible unless required.', types_1.Severity.HIGH, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+            // Check for HTTP instead of HTTPS
+            if (/protocol\s*=\s*["']HTTP["']/i.test(line)) {
+                findings.push(this.createFinding(file, lineNum, 'HTTP Protocol Used', 'Use HTTPS for secure communication.', types_1.Severity.MEDIUM, types_1.ThreatType.SECURITY_MISCONFIGURATION));
+            }
+        }
+        return findings;
+    }
+    /**
+     * Create generic finding
+     */
+    createFinding(file, lineNum, title, description, severity, threatType) {
+        const context = (0, utils_1.extractCodeContext)(file.content, lineNum, 2);
+        return {
+            id: (0, utils_1.generateId)(),
+            title,
+            description,
+            severity,
+            threatType,
+            category: types_1.FindingCategory.VULNERABILITY,
+            location: {
+                file: file.relativePath,
+                startLine: lineNum,
+                endLine: lineNum
+            },
+            snippet: {
+                code: context.code,
+                contextBefore: context.contextBefore,
+                contextAfter: context.contextAfter
+            },
+            standards: (0, standards_1.getStandardsForThreat)(threatType),
+            remediation: 'Review and fix the identified configuration issue.',
+            confidence: 80,
+            analyzer: this.name,
+            timestamp: new Date(),
+            tags: ['iac', 'infrastructure', 'devops']
+        };
+    }
+}
+exports.IaCAnalyzer = IaCAnalyzer;
+exports.default = IaCAnalyzer;
+//# sourceMappingURL=iacAnalyzer.js.map

package/dist/analyzers/iac/iacAnalyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iacAnalyzer.js","sourceRoot":"","sources":["../../../src/analyzers/iac/iacAnalyzer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,kCAAuC;AACvC,uCAAmH;AACnH,uCAA6D;AAC7D,qDAA8D;AAE9D;;GAEG;AACH,MAAa,WAAY,SAAQ,mBAAY;IAC3C,IAAI,GAAG,cAAc,CAAC;IACtB,SAAS,GAAwB,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IACrE,OAAO,GAAG,OAAO,CAAC;IAElB;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,IAAiB,EAAE,KAAa;QAC5C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,8CAA8C;QAC9C,IAAI,IAAI,CAAC,QAAQ,KAAK,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7F,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC1D,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,KAAK,MAAM,IAAI,IAAI,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;YAC/F,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACjC,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACzC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,IAAiB;QAC/C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,4BAA4B;YAC5B,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,2BAA2B,EAC3B,gDAAgD,EAChD,gBAAQ,CAAC,MAAM,EACf,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,uBAAuB;YACvB,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,kBAAkB,EAClB,sDAAsD,EACtD,gBAAQ,CAAC,GAAG,EACZ,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,IAAI,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,iCAAiC,EACjC,kDAAkD,EAClD,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,qBAAqB,CACjC,CAAC,CAAC;YACL,CAAC;YAED,gCAAgC;YAChC,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,qBAAqB,EACrB,6EAA6E,EAC7E,gBAAQ,CAAC,MAAM,EACf,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,uBAAuB;YACvB,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,oBAAoB,EACpB,kEAAkE,EAClE,gBAAQ,CAAC,GAAG,EACZ,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,qCAAqC;YACrC,IAAI,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,oBAAoB,EACpB,8DAA8D,EAC9D,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,gBAAgB,CAC5B,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,sBAAsB,EACtB,kDAAkD,EAClD,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,IAAiB;QACzC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAE5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,kCAAkC;YAClC,IAAI,gEAAgE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChF,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,0BAA0B,EAC1B,gEAAgE,EAChE,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,qBAAqB,CACjC,CAAC,CAAC;YACL,CAAC;YAED,iCAAiC;YACjC,IAAI,eAAe,EAAE,CAAC;gBACpB,8CAA8C;gBAC9C,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,2BAA2B,EAC3B,6DAA6D,EAC7D,gBAAQ,CAAC,MAAM,EACf,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;gBACL,CAAC;gBAED,6BAA6B;gBAC7B,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC;oBACpD,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,4BAA4B,EAC5B,8DAA8D,EAC9D,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,iBAAiB,CAC7B,CAAC,CAAC;gBACL,CAAC;gBAED,gDAAgD;gBAChD,IAAI,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,wBAAwB,EACxB,sDAAsD,EACtD,gBAAQ,CAAC,GAAG,EACZ,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,IAAI,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,0BAA0B,EAC1B,oDAAoD,EACpD,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,gBAAgB,CAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAC,IAAiB;QAC9C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,8BAA8B;YAC9B,IAAI,0EAA0E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1F,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,+BAA+B,EAC/B,0DAA0D,EAC1D,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,qBAAqB,CACjC,CAAC,CAAC;YACL,CAAC;YAED,iCAAiC;YACjC,IAAI,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,qBAAqB,EACrB,mDAAmD,EACnD,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,gCAAgC;YAChC,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,qBAAqB,EACrB,gDAAgD,EAChD,gBAAQ,CAAC,MAAM,EACf,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,0BAA0B;YAC1B,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,8BAA8B,EAC9B,8DAA8D,EAC9D,gBAAQ,CAAC,IAAI,EACb,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,IAAI,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAC9B,IAAI,EAAE,OAAO,EACb,oBAAoB,EACpB,qCAAqC,EACrC,gBAAQ,CAAC,MAAM,EACf,kBAAU,CAAC,yBAAyB,CACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,aAAa,CACnB,IAAiB,EACjB,OAAe,EACf,KAAa,EACb,WAAmB,EACnB,QAAkB,EAClB,UAAsB;QAEtB,MAAM,OAAO,GAAG,IAAA,0BAAkB,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAE7D,OAAO;YACL,EAAE,EAAE,IAAA,kBAAU,GAAE;YAChB,KAAK;YACL,WAAW;YACX,QAAQ;YACR,UAAU;YACV,QAAQ,EAAE,uBAAe,CAAC,aAAa;YACvC,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,YAAY;gBACvB,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,OAAO;aACjB;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC;YACD,SAAS,EAAE,IAAA,iCAAqB,EAAC,UAAU,CAAC;YAC5C,WAAW,EAAE,oDAAoD;YACjE,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,IAAI,EAAE,CAAC,KAAK,EAAE,gBAAgB,EAAE,QAAQ,CAAC;SAC1C,CAAC;IACJ,CAAC;CACF;AA9SD,kCA8SC;AAED,kBAAe,WAAW,CAAC"}

package/dist/analyzers/iac/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * IaC Analyzer Exports
+ */
+export * from './iacAnalyzer';
+//# sourceMappingURL=index.d.ts.map

package/dist/analyzers/iac/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/iac/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,eAAe,CAAC"}

package/dist/analyzers/iac/index.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * IaC Analyzer Exports
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./iacAnalyzer"), exports);
+//# sourceMappingURL=index.js.map

package/dist/analyzers/iac/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/iac/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;AAEH,gDAA8B"}

package/dist/analyzers/index.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Analyzers Module Exports
+ * All language analyzers for the SAST tool
+ */
+export * from './base';
+export * from './javascript';
+export * from './python';
+export * from './php';
+export * from './java';
+export * from './c-cpp';
+export * from './csharp';
+export * from './iac';
+import { Analyzer, SupportedLanguage } from '../types';
+/**
+ * Get all analyzers
+ */
+export declare function getAllAnalyzers(): Analyzer[];
+/**
+ * Get analyzer for a specific language
+ */
+export declare function getAnalyzerForLanguage(language: SupportedLanguage): Analyzer | undefined;
+/**
+ * Initialize all analyzers
+ */
+export declare function initializeAnalyzers(): Promise<void>;
+/**
+ * Cleanup all analyzers
+ */
+export declare function cleanupAnalyzers(): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/analyzers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analyzers/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,QAAQ,CAAC;AACvB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AACtB,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,OAAO,CAAC;AAEtB,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAsBvD;;GAEG;AACH,wBAAgB,eAAe,IAAI,QAAQ,EAAE,CAE5C;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,QAAQ,GAAG,SAAS,CAExF;AAED;;GAEG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAIzD;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAItD"}