secure-scan 1.2.2

package/dist/rules/vulnerabilities/rules/fileUpload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fileUpload.js","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/fileUpload.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,oCAQkB;AAClB,4CAAiE;AAEpD,QAAA,eAAe,GAAwB;IAClD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,oDAAoD;QAC1D,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,WAAW;QAChD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC;QACvE,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,OAAO,EAAE,oDAAoD;gBAC7D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,2BAA2B;aACzC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,wCAAwC;gBACjD,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,iCAAiC;aAC/C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,iDAAiD;gBAC1D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,0CAA0C;aACxD;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,+DAA+D;YAChF,cAAc,EAAE,oDAAoD;SACrE;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,KAAK;YACzB,eAAe,EAAE,MAAM;YACvB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,2EAA2E;YACpF,KAAK,EAAE;gBACL,2CAA2C;gBAC3C,oCAAoC;gBACpC,kCAAkC;gBAClC,sCAAsC;gBACtC,wCAAwC;gBACxC,mDAAmD;aACpD;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAmCrB;YACE,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,aAAa,EAAE,KAAK,EAAE,UAAU,CAAC;QACxC,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,WAAW;QAChD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC;QAClC,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,OAAO,EAAE,mDAAmD;gBAC5D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,uCAAuC;aACrD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,yEAAyE;gBAClF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,oBAAoB;aAClC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,OAAO,EAAE,yGAAyG;gBAClH,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,wCAAwC;aACtD;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,+CAA+C;YAChE,cAAc,EAAE,2BAA2B;SAC5C;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,KAAK;YACzB,eAAe,EAAE,MAAM;YACvB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,6FAA6F;YACtG,KAAK,EAAE;gBACL,6CAA6C;gBAC7C,mCAAmC;gBACnC,6BAA6B;gBAC7B,yDAAyD;gBACzD,2BAA2B;aAC5B;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCtB;YACG,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,aAAa,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC;QAC/C,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,yCAAyC;QAC/C,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,WAAW;QAChD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,mEAAmE;gBAC5E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,oCAAoC;aAClD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,2BAA2B;gBACtC,OAAO,EAAE,8CAA8C;gBACvD,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,wCAAwC;aACtD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,wDAAwD;gBACjE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,4CAA4C;aAC1D;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,2DAA2D;YAC5E,cAAc,EAAE,kCAAkC;SACnD;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,KAAK;YACzB,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,2DAA2D;YACpE,KAAK,EAAE;gBACL,sCAAsC;gBACtC,sCAAsC;gBACtC,mCAAmC;gBACnC,2BAA2B;gBAC3B,uBAAuB;aACxB;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAgCM;YACzB,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;QAClD,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,kBAAe,uBAAe,CAAC"}

package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Hardcoded Secrets Detection Rules
+ * @module rules/vulnerabilities/rules/hardcodedSecrets
+ */
+import { VulnerabilityRule } from '../types';
+export declare const hardcodedSecretsRules: VulnerabilityRule[];
+export default hardcodedSecretsRules;
+//# sourceMappingURL=hardcodedSecrets.d.ts.map

package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardcodedSecrets.d.ts","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/hardcodedSecrets.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,EAOlB,MAAM,UAAU,CAAC;AAGlB,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,EAkbpD,CAAC;AAEF,eAAe,qBAAqB,CAAC"}

package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js

@@ -0,0 +1,446 @@
+"use strict";
+/**
+ * @fileoverview Hardcoded Secrets Detection Rules
+ * @module rules/vulnerabilities/rules/hardcodedSecrets
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hardcodedSecretsRules = void 0;
+const types_1 = require("../types");
+const constants_1 = require("../constants");
+exports.hardcodedSecretsRules = [
+    {
+        id: 'VUL-SECRET-001',
+        name: 'Hardcoded API Key',
+        description: 'Detects hardcoded API keys in source code.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.HARDCODED_SECRETS,
+        category: types_1.VulnerabilityCategory.SENSITIVE_DATA_EXPOSURE,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON, types_1.SupportedLanguage.PHP,
+            types_1.SupportedLanguage.JAVA, types_1.SupportedLanguage.CSHARP
+        ],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.MEDIUM,
+        baseScore: 75,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-api-key-assign',
+                pattern: '(?:api[_-]?key|apikey|api[_-]?secret)\\s*[=:]\\s*[\'"][a-zA-Z0-9_\\-]{16,}[\'"]',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'API key assignment'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-aws-key',
+                pattern: 'AKIA[0-9A-Z]{16}',
+                flags: 'g',
+                weight: 1.0,
+                description: 'AWS Access Key ID'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-google-api',
+                pattern: 'AIza[0-9A-Za-z\\-_]{35}',
+                flags: 'g',
+                weight: 1.0,
+                description: 'Google API Key'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-stripe-key',
+                pattern: '(?:sk|pk)_(?:test|live)_[0-9a-zA-Z]{24,}',
+                flags: 'g',
+                weight: 1.0,
+                description: 'Stripe API Key'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-github-token',
+                pattern: 'gh[pousr]_[A-Za-z0-9_]{36,}',
+                flags: 'g',
+                weight: 1.0,
+                description: 'GitHub Token'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'medium',
+            availability: 'low',
+            technicalImpact: 'Unauthorized access to external services.',
+            businessImpact: 'Financial loss, data breach, service abuse.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Store secrets in environment variables or secret management systems.',
+            steps: [
+                'Remove hardcoded keys immediately',
+                'Rotate compromised keys',
+                'Use environment variables',
+                'Implement secret management (Vault, AWS Secrets Manager)',
+                'Add pre-commit hooks to prevent secret commits'
+            ],
+            secureCodeExample: `// Secure: Use environment variables
+const apiKey = process.env.API_KEY;
+
+// Python
+api_key = os.environ.get('API_KEY')
+
+// Java
+String apiKey = System.getenv("API_KEY");`,
+            effort: 'low',
+            priority: 'high'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A02],
+            cwe: [constants_1.CWE_REFERENCES.CWE_798]
+        },
+        tags: ['secrets', 'api-key', 'credentials'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SECRET-002',
+        name: 'Hardcoded Password',
+        description: 'Detects hardcoded passwords in source code.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.HARDCODED_SECRETS,
+        category: types_1.VulnerabilityCategory.SENSITIVE_DATA_EXPOSURE,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON, types_1.SupportedLanguage.PHP,
+            types_1.SupportedLanguage.JAVA, types_1.SupportedLanguage.CSHARP
+        ],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.MEDIUM,
+        baseScore: 80,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-password-assign',
+                pattern: '(?:password|passwd|pwd|secret|credentials?)\\s*[=:]\\s*[\'"][^\'"]{4,}[\'"]',
+                flags: 'gi',
+                weight: 0.85,
+                description: 'Password variable assignment'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-db-connection',
+                pattern: '(?:mysql|postgres|mongodb|redis):\\/\\/[^:]+:[^@]+@',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'Database connection string with credentials'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-connection-password',
+                pattern: '(?:password|pwd)\\s*=\\s*[\'"][^\'"]+[\'"]',
+                flags: 'gi',
+                weight: 0.80,
+                description: 'Password in connection config'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'high',
+            availability: 'medium',
+            technicalImpact: 'Unauthorized access to systems and databases.',
+            businessImpact: 'Data breach, unauthorized access.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Use environment variables or secret management for credentials.',
+            steps: [
+                'Remove hardcoded passwords',
+                'Change all exposed passwords immediately',
+                'Use environment variables or config files outside repo',
+                'Implement secret rotation',
+                'Use connection pooling with credential providers'
+            ],
+            secureCodeExample: `// Node.js - Use environment variables
+const dbConfig = {
+  host: process.env.DB_HOST,
+  user: process.env.DB_USER,
+  password: process.env.DB_PASSWORD
+};
+
+# Python - Use environment variables
+import os
+db_password = os.environ['DB_PASSWORD']`,
+            effort: 'low',
+            priority: 'immediate'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A02],
+            cwe: [constants_1.CWE_REFERENCES.CWE_798, constants_1.CWE_REFERENCES.CWE_259]
+        },
+        tags: ['secrets', 'password', 'credentials', 'database'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SECRET-003',
+        name: 'Hardcoded Private Key / Certificate',
+        description: 'Detects hardcoded private keys or certificates in source code.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.HARDCODED_SECRETS,
+        category: types_1.VulnerabilityCategory.SENSITIVE_DATA_EXPOSURE,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON, types_1.SupportedLanguage.PHP,
+            types_1.SupportedLanguage.JAVA, types_1.SupportedLanguage.CSHARP
+        ],
+        severity: types_1.VulnerabilitySeverity.CRITICAL,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 90,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-private-key-begin',
+                pattern: '-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----',
+                flags: 'g',
+                weight: 1.0,
+                description: 'PEM private key header'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-private-key-var',
+                pattern: '(?:private[_-]?key|privatekey|priv[_-]?key)\\s*[=:]\\s*[\'"`]',
+                flags: 'gi',
+                weight: 0.90,
+                description: 'Private key variable assignment'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-jwt-secret',
+                pattern: '(?:jwt[_-]?secret|jwt[_-]?key|signing[_-]?key)\\s*[=:]\\s*[\'"][a-zA-Z0-9+\\/=]{20,}[\'"]',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'JWT signing secret'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'high',
+            availability: 'medium',
+            technicalImpact: 'Complete compromise of cryptographic security. Token forgery, MITM attacks.',
+            businessImpact: 'Identity theft, data interception, authentication bypass.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Store private keys in secure key management systems. Never commit keys to source control.',
+            steps: [
+                'Remove private keys from source code immediately',
+                'Revoke and rotate compromised keys/certificates',
+                'Use HSM or cloud KMS for key storage',
+                'Load keys from secure file paths or environment',
+                'Add key patterns to .gitignore'
+            ],
+            secureCodeExample: `// Load private key from file (not in repo)
+const fs = require('fs');
+const privateKey = fs.readFileSync(process.env.PRIVATE_KEY_PATH);
+
+// Use cloud KMS
+const { KMSClient, SignCommand } = require('@aws-sdk/client-kms');
+const kms = new KMSClient({});
+await kms.send(new SignCommand({ KeyId: 'alias/my-key', ... }));`,
+            effort: 'medium',
+            priority: 'immediate'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A02],
+            cwe: [constants_1.CWE_REFERENCES.CWE_321, constants_1.CWE_REFERENCES.CWE_798]
+        },
+        tags: ['secrets', 'private-key', 'certificate', 'jwt', 'critical'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SECRET-004',
+        name: 'Hardcoded OAuth/Bearer Token',
+        description: 'Detects hardcoded OAuth tokens or bearer tokens in source code.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.HARDCODED_SECRETS,
+        category: types_1.VulnerabilityCategory.SENSITIVE_DATA_EXPOSURE,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON, types_1.SupportedLanguage.PHP,
+            types_1.SupportedLanguage.JAVA, types_1.SupportedLanguage.CSHARP
+        ],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.MEDIUM,
+        baseScore: 80,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-bearer-token',
+                pattern: 'Bearer\\s+[a-zA-Z0-9\\-_.]{20,}',
+                flags: 'g',
+                weight: 0.95,
+                description: 'Bearer token in code'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-oauth-token',
+                pattern: '(?:oauth[_-]?token|access[_-]?token|refresh[_-]?token)\\s*[=:]\\s*[\'"][a-zA-Z0-9\\-_.]{20,}[\'"]',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'OAuth token assignment'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-slack-token',
+                pattern: 'xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}',
+                flags: 'g',
+                weight: 1.0,
+                description: 'Slack token'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-discord-token',
+                pattern: '[MN][A-Za-z\\d]{23,}\\.[\\w-]{6}\\.[\\w-]{27}',
+                flags: 'g',
+                weight: 1.0,
+                description: 'Discord bot token'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'medium',
+            availability: 'low',
+            technicalImpact: 'Account takeover, unauthorized API access.',
+            businessImpact: 'Data breach, service abuse, reputational damage.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Use OAuth flows with token refresh. Store tokens securely outside source code.',
+            steps: [
+                'Remove tokens from source code',
+                'Revoke compromised tokens',
+                'Implement proper OAuth flow',
+                'Store tokens in secure storage',
+                'Use short-lived tokens with refresh'
+            ],
+            secureCodeExample: `// Store token in environment or secure storage
+const token = process.env.OAUTH_TOKEN;
+
+// Better: Use OAuth client credentials flow
+const { ClientCredentials } = require('simple-oauth2');
+const client = new ClientCredentials(config);
+const token = await client.getToken({ scope: 'api' });`,
+            effort: 'medium',
+            priority: 'high'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A02, constants_1.OWASP_TOP_10_2021.A07],
+            cwe: [constants_1.CWE_REFERENCES.CWE_798]
+        },
+        tags: ['secrets', 'oauth', 'token', 'bearer'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SECRET-005',
+        name: 'Hardcoded Encryption Key',
+        description: 'Detects hardcoded encryption keys and initialization vectors.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.HARDCODED_SECRETS,
+        category: types_1.VulnerabilityCategory.CRYPTOGRAPHIC_FAILURE,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON, types_1.SupportedLanguage.PHP,
+            types_1.SupportedLanguage.JAVA, types_1.SupportedLanguage.CSHARP
+        ],
+        severity: types_1.VulnerabilitySeverity.CRITICAL,
+        confidence: types_1.ConfidenceLevel.MEDIUM,
+        baseScore: 85,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-encryption-key',
+                pattern: '(?:encryption[_-]?key|aes[_-]?key|secret[_-]?key|cipher[_-]?key)\\s*[=:]\\s*[\'"][a-fA-F0-9]{32,}[\'"]',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'Encryption key assignment'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-iv-vector',
+                pattern: '(?:iv|initialization[_-]?vector|init[_-]?vector)\\s*[=:]\\s*[\'"][a-fA-F0-9]{16,}[\'"]',
+                flags: 'gi',
+                weight: 0.85,
+                description: 'Hardcoded IV'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'secret-key-bytes',
+                pattern: 'new\\s+(?:Uint8Array|Buffer)\\s*\\(\\s*\\[(?:\\s*0x[0-9a-fA-F]{1,2}\\s*,?){16,}\\]',
+                flags: 'gi',
+                weight: 0.90,
+                description: 'Hardcoded key bytes'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'high',
+            availability: 'low',
+            technicalImpact: 'All encrypted data can be decrypted. Encryption provides no protection.',
+            businessImpact: 'Complete data exposure, regulatory violations.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Use key derivation functions and store master keys in KMS or HSM.',
+            steps: [
+                'Remove hardcoded encryption keys',
+                'Re-encrypt all data with new keys',
+                'Use KMS or HSM for key management',
+                'Derive keys using PBKDF2, scrypt, or Argon2',
+                'Rotate encryption keys regularly'
+            ],
+            secureCodeExample: `// Use KMS to get encryption key
+const { KMSClient, GenerateDataKeyCommand } = require('@aws-sdk/client-kms');
+const kms = new KMSClient({});
+const { Plaintext } = await kms.send(new GenerateDataKeyCommand({
+  KeyId: 'alias/my-data-key',
+  KeySpec: 'AES_256'
+}));
+
+// Derive key from password
+const crypto = require('crypto');
+const key = crypto.scryptSync(password, salt, 32);`,
+            effort: 'high',
+            priority: 'immediate'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A02],
+            cwe: [constants_1.CWE_REFERENCES.CWE_321, constants_1.CWE_REFERENCES.CWE_798]
+        },
+        tags: ['secrets', 'encryption', 'aes', 'cryptography', 'critical'],
+        enabled: true
+    }
+];
+exports.default = exports.hardcodedSecretsRules;
+//# sourceMappingURL=hardcodedSecrets.js.map

package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardcodedSecrets.js","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/hardcodedSecrets.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,oCAQkB;AAClB,4CAAiE;AAEpD,QAAA,qBAAqB,GAAwB;IACxD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,iBAAiB;QACtD,QAAQ,EAAE,6BAAqB,CAAC,uBAAuB;QACvD,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU;YAC1D,yBAAiB,CAAC,MAAM,EAAE,yBAAiB,CAAC,GAAG;YAC/C,yBAAiB,CAAC,IAAI,EAAE,yBAAiB,CAAC,MAAM;SACjD;QACD,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,iFAAiF;gBAC1F,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,oBAAoB;aAClC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,kBAAkB;gBAC3B,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,mBAAmB;aACjC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,yBAAyB;gBAClC,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gBAAgB;aAC9B;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,0CAA0C;gBACnD,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gBAAgB;aAC9B;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,OAAO,EAAE,6BAA6B;gBACtC,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,cAAc;aAC5B;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,2CAA2C;YAC5D,cAAc,EAAE,6CAA6C;SAC9D;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,sEAAsE;YAC/E,KAAK,EAAE;gBACL,mCAAmC;gBACnC,yBAAyB;gBACzB,2BAA2B;gBAC3B,0DAA0D;gBAC1D,gDAAgD;aACjD;YACD,iBAAiB,EAAE;;;;;;;0CAOiB;YACpC,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,aAAa,CAAC;QAC3C,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,6CAA6C;QAC1D,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,iBAAiB;QACtD,QAAQ,EAAE,6BAAqB,CAAC,uBAAuB;QACvD,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU;YAC1D,yBAAiB,CAAC,MAAM,EAAE,yBAAiB,CAAC,GAAG;YAC/C,yBAAiB,CAAC,IAAI,EAAE,yBAAiB,CAAC,MAAM;SACjD;QACD,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,OAAO,EAAE,6EAA6E;gBACtF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,8BAA8B;aAC5C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,qDAAqD;gBAC9D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,6CAA6C;aAC3D;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,4BAA4B;gBACvC,OAAO,EAAE,4CAA4C;gBACrD,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,+BAA+B;aAC7C;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,+CAA+C;YAChE,cAAc,EAAE,mCAAmC;SACpD;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,iEAAiE;YAC1E,KAAK,EAAE;gBACL,4BAA4B;gBAC5B,0CAA0C;gBAC1C,wDAAwD;gBACxD,2BAA2B;gBAC3B,kDAAkD;aACnD;YACD,iBAAiB,EAAE;;;;;;;;;wCASe;YAClC,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,EAAE,0BAAc,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,CAAC;QACxD,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,gEAAgE;QAC7E,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,iBAAiB;QACtD,QAAQ,EAAE,6BAAqB,CAAC,uBAAuB;QACvD,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU;YAC1D,yBAAiB,CAAC,MAAM,EAAE,yBAAiB,CAAC,GAAG;YAC/C,yBAAiB,CAAC,IAAI,EAAE,yBAAiB,CAAC,MAAM;SACjD;QACD,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,OAAO,EAAE,wDAAwD;gBACjE,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,wBAAwB;aACtC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,OAAO,EAAE,+DAA+D;gBACxE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,iCAAiC;aAC/C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,2FAA2F;gBACpG,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,oBAAoB;aAClC;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,6EAA6E;YAC9F,cAAc,EAAE,2DAA2D;SAC5E;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,2FAA2F;YACpG,KAAK,EAAE;gBACL,kDAAkD;gBAClD,iDAAiD;gBACjD,sCAAsC;gBACtC,iDAAiD;gBACjD,gCAAgC;aACjC;YACD,iBAAiB,EAAE;;;;;;;iEAOwC;YAC3D,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,EAAE,0BAAc,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,CAAC;QAClE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,iEAAiE;QAC9E,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,iBAAiB;QACtD,QAAQ,EAAE,6BAAqB,CAAC,uBAAuB;QACvD,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU;YAC1D,yBAAiB,CAAC,MAAM,EAAE,yBAAiB,CAAC,GAAG;YAC/C,yBAAiB,CAAC,IAAI,EAAE,yBAAiB,CAAC,MAAM;SACjD;QACD,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,OAAO,EAAE,iCAAiC;gBAC1C,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,sBAAsB;aACpC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE,mGAAmG;gBAC5G,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,wBAAwB;aACtC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE,sDAAsD;gBAC/D,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,aAAa;aAC3B;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,+CAA+C;gBACxD,KAAK,EAAE,GAAG;gBACV,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,mBAAmB;aACjC;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,4CAA4C;YAC7D,cAAc,EAAE,kDAAkD;SACnE;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,gFAAgF;YACzF,KAAK,EAAE;gBACL,gCAAgC;gBAChC,2BAA2B;gBAC3B,6BAA6B;gBAC7B,gCAAgC;gBAChC,qCAAqC;aACtC;YACD,iBAAiB,EAAE;;;;;;uDAM8B;YACjD,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,EAAE,6BAAiB,CAAC,GAAG,CAAC;YACrD,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC;QAC7C,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,+DAA+D;QAC5E,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,iBAAiB;QACtD,QAAQ,EAAE,6BAAqB,CAAC,qBAAqB;QACrD,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU;YAC1D,yBAAiB,CAAC,MAAM,EAAE,yBAAiB,CAAC,GAAG;YAC/C,yBAAiB,CAAC,IAAI,EAAE,yBAAiB,CAAC,MAAM;SACjD;QACD,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,wGAAwG;gBACjH,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,2BAA2B;aACzC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,wFAAwF;gBACjG,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,cAAc;aAC5B;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,oFAAoF;gBAC7F,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,qBAAqB;aACnC;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,yEAAyE;YAC1F,cAAc,EAAE,gDAAgD;SACjE;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,mEAAmE;YAC5E,KAAK,EAAE;gBACL,kCAAkC;gBAClC,mCAAmC;gBACnC,mCAAmC;gBACnC,6CAA6C;gBAC7C,kCAAkC;aACnC;YACD,iBAAiB,EAAE;;;;;;;;;;mDAU0B;YAC7C,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,EAAE,0BAAc,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,CAAC;QAClE,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,kBAAe,6BAAqB,CAAC"}

package/dist/rules/vulnerabilities/rules/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @fileoverview Rules Directory - Exports for all vulnerability rules
+ * @module rules/vulnerabilities/rules
+ */
+export { sqlInjectionRules, default as sqlInjection } from './sqlInjection';
+export { xssRules, default as xss } from './xss';
+export { commandInjectionRules, default as commandInjection } from './commandInjection';
+export { pathTraversalRules, default as pathTraversal } from './pathTraversal';
+export { ssrfRules, default as ssrf } from './ssrf';
+export { deserializationRules, default as deserialization } from './deserialization';
+export { hardcodedSecretsRules, default as hardcodedSecrets } from './hardcodedSecrets';
+export { authenticationRules, default as authentication } from './authentication';
+export { securityMisconfigurationRules, default as securityMisconfiguration } from './securityMisconfiguration';
+export { csrfRules, default as csrf } from './csrf';
+export { prototypePollutionRules, default as prototypePollution } from './prototypePollution';
+export { fileUploadRules, default as fileUpload } from './fileUpload';
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/vulnerabilities/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,iBAAiB,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,OAAO,IAAI,GAAG,EAAE,MAAM,OAAO,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxF,OAAO,EAAE,kBAAkB,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACrF,OAAO,EAAE,qBAAqB,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxF,OAAO,EAAE,mBAAmB,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,EAAE,6BAA6B,EAAE,OAAO,IAAI,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AAChH,OAAO,EAAE,SAAS,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC9F,OAAO,EAAE,eAAe,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,cAAc,CAAC"}

package/dist/rules/vulnerabilities/rules/index.js

@@ -0,0 +1,47 @@
+"use strict";
+/**
+ * @fileoverview Rules Directory - Exports for all vulnerability rules
+ * @module rules/vulnerabilities/rules
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fileUpload = exports.fileUploadRules = exports.prototypePollution = exports.prototypePollutionRules = exports.csrf = exports.csrfRules = exports.securityMisconfiguration = exports.securityMisconfigurationRules = exports.authentication = exports.authenticationRules = exports.hardcodedSecrets = exports.hardcodedSecretsRules = exports.deserialization = exports.deserializationRules = exports.ssrf = exports.ssrfRules = exports.pathTraversal = exports.pathTraversalRules = exports.commandInjection = exports.commandInjectionRules = exports.xss = exports.xssRules = exports.sqlInjection = exports.sqlInjectionRules = void 0;
+var sqlInjection_1 = require("./sqlInjection");
+Object.defineProperty(exports, "sqlInjectionRules", { enumerable: true, get: function () { return sqlInjection_1.sqlInjectionRules; } });
+Object.defineProperty(exports, "sqlInjection", { enumerable: true, get: function () { return __importDefault(sqlInjection_1).default; } });
+var xss_1 = require("./xss");
+Object.defineProperty(exports, "xssRules", { enumerable: true, get: function () { return xss_1.xssRules; } });
+Object.defineProperty(exports, "xss", { enumerable: true, get: function () { return __importDefault(xss_1).default; } });
+var commandInjection_1 = require("./commandInjection");
+Object.defineProperty(exports, "commandInjectionRules", { enumerable: true, get: function () { return commandInjection_1.commandInjectionRules; } });
+Object.defineProperty(exports, "commandInjection", { enumerable: true, get: function () { return __importDefault(commandInjection_1).default; } });
+var pathTraversal_1 = require("./pathTraversal");
+Object.defineProperty(exports, "pathTraversalRules", { enumerable: true, get: function () { return pathTraversal_1.pathTraversalRules; } });
+Object.defineProperty(exports, "pathTraversal", { enumerable: true, get: function () { return __importDefault(pathTraversal_1).default; } });
+var ssrf_1 = require("./ssrf");
+Object.defineProperty(exports, "ssrfRules", { enumerable: true, get: function () { return ssrf_1.ssrfRules; } });
+Object.defineProperty(exports, "ssrf", { enumerable: true, get: function () { return __importDefault(ssrf_1).default; } });
+var deserialization_1 = require("./deserialization");
+Object.defineProperty(exports, "deserializationRules", { enumerable: true, get: function () { return deserialization_1.deserializationRules; } });
+Object.defineProperty(exports, "deserialization", { enumerable: true, get: function () { return __importDefault(deserialization_1).default; } });
+var hardcodedSecrets_1 = require("./hardcodedSecrets");
+Object.defineProperty(exports, "hardcodedSecretsRules", { enumerable: true, get: function () { return hardcodedSecrets_1.hardcodedSecretsRules; } });
+Object.defineProperty(exports, "hardcodedSecrets", { enumerable: true, get: function () { return __importDefault(hardcodedSecrets_1).default; } });
+var authentication_1 = require("./authentication");
+Object.defineProperty(exports, "authenticationRules", { enumerable: true, get: function () { return authentication_1.authenticationRules; } });
+Object.defineProperty(exports, "authentication", { enumerable: true, get: function () { return __importDefault(authentication_1).default; } });
+var securityMisconfiguration_1 = require("./securityMisconfiguration");
+Object.defineProperty(exports, "securityMisconfigurationRules", { enumerable: true, get: function () { return securityMisconfiguration_1.securityMisconfigurationRules; } });
+Object.defineProperty(exports, "securityMisconfiguration", { enumerable: true, get: function () { return __importDefault(securityMisconfiguration_1).default; } });
+var csrf_1 = require("./csrf");
+Object.defineProperty(exports, "csrfRules", { enumerable: true, get: function () { return csrf_1.csrfRules; } });
+Object.defineProperty(exports, "csrf", { enumerable: true, get: function () { return __importDefault(csrf_1).default; } });
+var prototypePollution_1 = require("./prototypePollution");
+Object.defineProperty(exports, "prototypePollutionRules", { enumerable: true, get: function () { return prototypePollution_1.prototypePollutionRules; } });
+Object.defineProperty(exports, "prototypePollution", { enumerable: true, get: function () { return __importDefault(prototypePollution_1).default; } });
+var fileUpload_1 = require("./fileUpload");
+Object.defineProperty(exports, "fileUploadRules", { enumerable: true, get: function () { return fileUpload_1.fileUploadRules; } });
+Object.defineProperty(exports, "fileUpload", { enumerable: true, get: function () { return __importDefault(fileUpload_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/rules/vulnerabilities/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAEH,+CAA4E;AAAnE,iHAAA,iBAAiB,OAAA;AAAE,6HAAA,OAAO,OAAgB;AACnD,6BAAiD;AAAxC,+FAAA,QAAQ,OAAA;AAAE,2GAAA,OAAO,OAAO;AACjC,uDAAwF;AAA/E,yHAAA,qBAAqB,OAAA;AAAE,qIAAA,OAAO,OAAoB;AAC3D,iDAA+E;AAAtE,mHAAA,kBAAkB,OAAA;AAAE,+HAAA,OAAO,OAAiB;AACrD,+BAAoD;AAA3C,iGAAA,SAAS,OAAA;AAAE,6GAAA,OAAO,OAAQ;AACnC,qDAAqF;AAA5E,uHAAA,oBAAoB,OAAA;AAAE,mIAAA,OAAO,OAAmB;AACzD,uDAAwF;AAA/E,yHAAA,qBAAqB,OAAA;AAAE,qIAAA,OAAO,OAAoB;AAC3D,mDAAkF;AAAzE,qHAAA,mBAAmB,OAAA;AAAE,iIAAA,OAAO,OAAkB;AACvD,uEAAgH;AAAvG,yIAAA,6BAA6B,OAAA;AAAE,qJAAA,OAAO,OAA4B;AAC3E,+BAAoD;AAA3C,iGAAA,SAAS,OAAA;AAAE,6GAAA,OAAO,OAAQ;AACnC,2DAA8F;AAArF,6HAAA,uBAAuB,OAAA;AAAE,yIAAA,OAAO,OAAsB;AAC/D,2CAAsE;AAA7D,6GAAA,eAAe,OAAA;AAAE,yHAAA,OAAO,OAAc"}

package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Path Traversal Detection Rules
+ * @module rules/vulnerabilities/rules/pathTraversal
+ */
+import { VulnerabilityRule } from '../types';
+export declare const pathTraversalRules: VulnerabilityRule[];
+export default pathTraversalRules;
+//# sourceMappingURL=pathTraversal.d.ts.map

package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathTraversal.d.ts","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/pathTraversal.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,EAOlB,MAAM,UAAU,CAAC;AAGlB,eAAO,MAAM,kBAAkB,EAAE,iBAAiB,EAmVjD,CAAC;AAEF,eAAe,kBAAkB,CAAC"}