secure-scan 1.2.2

package/dist/rules/vulnerabilities/rules/sqlInjection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlInjection.js","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/sqlInjection.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,oCAWkB;AAClB,4CAAiE;AAEjE,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E,MAAM,mBAAmB,GAAkB;IACzC,qBAAqB;IACrB,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IACjM,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,+CAA+C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IACpM,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,gDAAgD,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAEvM,sBAAsB;IACtB,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,iCAAiC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC1J,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,iCAAiC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC1J,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,mEAAmE,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAE5L,MAAM;IACN,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,uCAAuC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC9I,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,wCAAwC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IACjJ,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,2CAA2C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAE1J,OAAO;IACP,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,yCAAyC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC3J,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,6CAA6C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAEnK,KAAK;IACL,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,qDAAqD,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;IAClL,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE;CACpK,CAAC;AAEF,MAAM,iBAAiB,GAAgB;IACrC,aAAa;IACb,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,+CAA+C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IAC1N,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IAE7M,SAAS;IACT,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,6DAA6D,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IAC/M,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,mCAAmC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IAExK,MAAM;IACN,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,2EAA2E,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IACtN,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,6CAA6C,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IAE3L,OAAO;IACP,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,6DAA6D,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,IAAI,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IACpN,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,uDAAuD,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,IAAI,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IAE3M,KAAK;IACL,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,iDAAiD,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;IACnM,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,yCAAyC,EAAE,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC,EAAE,iBAAiB,EAAE,yBAAiB,CAAC,aAAa,EAAE;CAC/L,CAAC;AAEF,MAAM,sBAAsB,GAAqB;IAC/C,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,CAAC,yBAAiB,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE;IAChK,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,oCAAoC,EAAE,eAAe,EAAE,CAAC,yBAAiB,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE;IACrK,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,qCAAqC,EAAE,eAAe,EAAE,CAAC,yBAAiB,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE;IAChK,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC,yBAAiB,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE;IACzI,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,4BAA4B,EAAE,eAAe,EAAE,CAAC,yBAAiB,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE;CACvJ,CAAC;AAEF,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAElE,QAAA,iBAAiB,GAAwB;IACpD,6EAA6E;IAC7E,4CAA4C;IAC5C,6EAA6E;IAC7E;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,+CAA+C;QACrD,WAAW,EAAE,gHAAgH;QAC7H,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,aAAa;QAClD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC;QACvE,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,oEAAoE;gBAC7E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,qCAAqC;aACnD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,sDAAsD;gBAC/D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,+CAA+C;aAC7D;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,qEAAqE;gBAC9E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,6CAA6C;aAC3D;SACF;QACD,YAAY,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC3C,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,UAAU,CAAC,CACpD;QACD,UAAU,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACvC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,UAAU,CAAC,CACpD;QACD,eAAe,EAAE,sBAAsB;QACvC,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,iHAAiH;YAClI,cAAc,EAAE,8DAA8D;YAC9E,cAAc,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,kBAAkB,CAAC;YAC7D,UAAU,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,gBAAgB,CAAC;SACrD;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;YACvB,aAAa,EAAE,IAAI;SACpB;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE;;iBAEG;gBACT,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,+CAA+C;aAC7D;YACD;gBACE,IAAI,EAAE;8DACgD;gBACtD,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,8CAA8C;aAC5D;SACF;QACD,cAAc,EAAE;YACd;gBACE,IAAI,EAAE;wDAC0C;gBAChD,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,YAAY,EAAE,KAAK;gBACnB,WAAW,EAAE,6CAA6C;gBAC1D,iBAAiB,EAAE,wDAAwD;aAC5E;SACF;QACD,WAAW,EAAE;YACX,OAAO,EAAE,mFAAmF;YAC5F,KAAK,EAAE;gBACL,yDAAyD;gBACzD,6DAA6D;gBAC7D,gDAAgD;gBAChD,yDAAyD;aAC1D;YACD,iBAAiB,EAAE;;;;4DAImC;YACtD,UAAU,EAAE;gBACV,0FAA0F;gBAC1F,uDAAuD;aACxD;YACD,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,MAAM,CAAC;YAC5B,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;SAC5D;QACD,IAAI,EAAE,CAAC,eAAe,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC;QAC5E,OAAO,EAAE,IAAI;KACd;IAED,6EAA6E;IAC7E,6BAA6B;IAC7B,6EAA6E;IAC7E;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,0CAA0C;QAChD,WAAW,EAAE,+EAA+E;QAC5F,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,aAAa;QAClD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,OAAO,EAAE,uEAAuE;gBAChF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,wCAAwC;aACtD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE,uFAAuF;gBAChG,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,2BAA2B;aACzC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,OAAO,EAAE,+EAA+E;gBACxF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,8BAA8B;aAC5C;SACF;QACD,YAAY,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9F,UAAU,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,MAAM,CAAC,CAAC;QAC1F,eAAe,EAAE,sBAAsB;QACvC,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,uDAAuD;YACxE,cAAc,EAAE,wCAAwC;SACzD;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE;4DAC8C;gBACpD,QAAQ,EAAE,yBAAiB,CAAC,MAAM;gBAClC,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,4BAA4B;aAC1C;SACF;QACD,WAAW,EAAE;YACX,OAAO,EAAE,0DAA0D;YACnE,KAAK,EAAE;gBACL,8CAA8C;gBAC9C,4CAA4C;gBAC5C,6CAA6C;aAC9C;YACD,iBAAiB,EAAE;;;;8DAIqC;YACxD,UAAU,EAAE;gBACV,2EAA2E;aAC5E;YACD,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,MAAM,CAAC;SAC7B;QACD,IAAI,EAAE,CAAC,eAAe,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC;QAChE,OAAO,EAAE,IAAI;KACd;IAED,6EAA6E;IAC7E,0BAA0B;IAC1B,6EAA6E;IAC7E;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,+FAA+F;QAC5G,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,aAAa;QAClD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC;QAClC,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,uGAAuG;gBAChH,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,0CAA0C;aACxD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,sEAAsE;gBAC/E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,qCAAqC;aACnD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,iFAAiF;gBAC1F,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,qCAAqC;aACnD;SACF;QACD,YAAY,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,GAAG,CAAC,CAAC;QAC3F,UAAU,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,GAAG,CAAC,CAAC;QACvF,eAAe,EAAE,sBAAsB;QACvC,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,iEAAiE;YAClF,cAAc,EAAE,gCAAgC;SACjD;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;YACvB,aAAa,EAAE,IAAI;SACpB;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE;+DACiD;gBACvD,QAAQ,EAAE,yBAAiB,CAAC,GAAG;gBAC/B,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,kCAAkC;aAChD;SACF;QACD,WAAW,EAAE;YACX,OAAO,EAAE,wEAAwE;YACjF,KAAK,EAAE;gBACL,uCAAuC;gBACvC,+CAA+C;gBAC/C,6CAA6C;aAC9C;YACD,iBAAiB,EAAE;;;;;;;kBAOP;YACZ,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,MAAM,CAAC;SAC7B;QACD,IAAI,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC;QACpD,OAAO,EAAE,IAAI;KACd;IAED,6EAA6E;IAC7E,2BAA2B;IAC3B,6EAA6E;IAC7E;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,mDAAmD;QACzD,WAAW,EAAE,wFAAwF;QACrG,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,aAAa;QAClD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,IAAI,CAAC;QACnC,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,OAAO,EAAE,kEAAkE;gBAC3E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,2CAA2C;aACzD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,4BAA4B;gBACvC,OAAO,EAAE,wEAAwE;gBACjF,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,gDAAgD;aAC9D;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,OAAO,EAAE,wCAAwC;gBACjD,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,qCAAqC;aACnD;SACF;QACD,YAAY,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,IAAI,CAAC,CAAC;QAC5F,UAAU,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,IAAI,CAAC,CAAC;QACxF,eAAe,EAAE,sBAAsB;QACvC,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,oCAAoC;YACrD,cAAc,EAAE,8BAA8B;SAC/C;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE;;8EAEgE;gBACtE,QAAQ,EAAE,yBAAiB,CAAC,IAAI;gBAChC,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,wCAAwC;aACtD;SACF;QACD,WAAW,EAAE;YACX,OAAO,EAAE,+CAA+C;YACxD,KAAK,EAAE;gBACL,0CAA0C;gBAC1C,yCAAyC;gBACzC,qDAAqD;aACtD;YACD,iBAAiB,EAAE;;;;;;;;kCAQS;YAC5B,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,MAAM,CAAC;SAC7B;QACD,IAAI,EAAE,CAAC,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC;QACnD,OAAO,EAAE,IAAI;KACd;IAED,6EAA6E;IAC7E,yBAAyB;IACzB,6EAA6E;IAC7E;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,kDAAkD;QACxD,WAAW,EAAE,gFAAgF;QAC7F,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,aAAa;QAClD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,6BAAqB,CAAC,QAAQ;QACxC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,OAAO,EAAE,uEAAuE;gBAChF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,2CAA2C;aACzD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,OAAO,EAAE,kEAAkE;gBAC3E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,yCAAyC;aACvD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,2BAA2B;gBACtC,OAAO,EAAE,0EAA0E;gBACnF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,sCAAsC;aACpD;SACF;QACD,YAAY,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,MAAM,CAAC,CAAC;QAC9F,UAAU,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,yBAAiB,CAAC,MAAM,CAAC,CAAC;QAC1F,eAAe,EAAE,sBAAsB;QACvC,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,MAAM;YACpB,eAAe,EAAE,sCAAsC;YACvD,cAAc,EAAE,qCAAqC;SACtD;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE;;4CAE8B;gBACpC,QAAQ,EAAE,yBAAiB,CAAC,MAAM;gBAClC,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,yCAAyC;aACvD;SACF;QACD,WAAW,EAAE;YACX,OAAO,EAAE,uDAAuD;YAChE,KAAK,EAAE;gBACL,4CAA4C;gBAC5C,2DAA2D;gBAC3D,kDAAkD;aACnD;YACD,iBAAiB,EAAE;;;;;;;8DAOqC;YACxD,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,WAAW;SACtB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,MAAM,CAAC;SAC7B;QACD,IAAI,EAAE,CAAC,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC;QAClE,OAAO,EAAE,IAAI;KACd;IAED,6EAA6E;IAC7E,uBAAuB;IACvB,6EAA6E;IAC7E;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6EAA6E;QAC1F,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,eAAe;QACpD,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,MAAM,CAAC;QACjG,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,mEAAmE;gBAC5E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,cAAc;gBACzB,OAAO,EAAE,8BAA8B;gBACvC,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,oCAAoC;aAClD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,+BAA+B;gBACxC,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,oCAAoC;aAClD;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,MAAM;YACjB,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,+CAA+C;YAChE,cAAc,EAAE,2BAA2B;SAC5C;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE;;;IAGV;gBACI,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,YAAY,EAAE,IAAI;gBAClB,WAAW,EAAE,0EAA0E;aACxF;SACF;QACD,WAAW,EAAE;YACX,OAAO,EAAE,4DAA4D;YACrE,KAAK,EAAE;gBACL,8CAA8C;gBAC9C,uCAAuC;gBACvC,uCAAuC;gBACvC,gDAAgD;aACjD;YACD,iBAAiB,EAAE;;;yDAGgC;YACnD,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,MAAM,CAAC;SAC7B;QACD,IAAI,EAAE,CAAC,iBAAiB,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC;QAC1D,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,kBAAe,yBAAiB,CAAC"}

package/dist/rules/vulnerabilities/rules/ssrf.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview SSRF (Server-Side Request Forgery) Detection Rules
+ * @module rules/vulnerabilities/rules/ssrf
+ */
+import { VulnerabilityRule } from '../types';
+export declare const ssrfRules: VulnerabilityRule[];
+export default ssrfRules;
+//# sourceMappingURL=ssrf.d.ts.map

package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.d.ts","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/ssrf.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,EAOlB,MAAM,UAAU,CAAC;AAGlB,eAAO,MAAM,SAAS,EAAE,iBAAiB,EAqYxC,CAAC;AAEF,eAAe,SAAS,CAAC"}

package/dist/rules/vulnerabilities/rules/ssrf.js

@@ -0,0 +1,401 @@
+"use strict";
+/**
+ * @fileoverview SSRF (Server-Side Request Forgery) Detection Rules
+ * @module rules/vulnerabilities/rules/ssrf
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ssrfRules = void 0;
+const types_1 = require("../types");
+const constants_1 = require("../constants");
+exports.ssrfRules = [
+    {
+        id: 'VUL-SSRF-001',
+        name: 'SSRF - Node.js HTTP Request with User URL',
+        description: 'Detects server-side HTTP requests using user-controlled URLs.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.SSRF,
+        category: types_1.VulnerabilityCategory.INJECTION,
+        languages: [types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 85,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-fetch-req',
+                pattern: 'fetch\\s*\\([^)]*(?:req\\.|params\\.|query\\.|\\$\\{)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'fetch with user-controlled URL'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-axios-req',
+                pattern: 'axios\\.(?:get|post|put|delete|request)\\s*\\([^)]*(?:req\\.|\\$\\{)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'axios with user URL'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-http-request',
+                pattern: 'http[s]?\\.(?:get|request)\\s*\\([^)]*(?:req\\.|\\+)',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'http.get with user input'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-node-fetch',
+                pattern: 'require\\s*\\([\'"]node-fetch[\'"]\\)[^)]*\\([^)]*(?:req\\.|\\$\\{)',
+                flags: 'gi',
+                weight: 0.90,
+                description: 'node-fetch with user URL'
+            }
+        ],
+        taintAnalysis: {
+            sources: ['req.query.url', 'req.body.url', 'req.params.url', 'req.body.target'],
+            sinks: ['fetch(', 'axios.get(', 'axios.post(', 'http.get(', 'https.get(', 'request(', 'got('],
+            sanitizers: ['new URL(', 'URL.parse(', 'allowlist.includes(', 'isAllowedHost(']
+        },
+        impact: {
+            confidentiality: 'high',
+            integrity: 'medium',
+            availability: 'medium',
+            technicalImpact: 'Access internal services, cloud metadata, port scanning, bypass firewalls.',
+            businessImpact: 'Cloud credential theft, internal network mapping, data exfiltration.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none',
+            knownExploits: true
+        },
+        remediation: {
+            summary: 'Validate URLs against allowlist of hosts. Block private IP ranges and cloud metadata endpoints.',
+            steps: [
+                'Parse URL and validate hostname against allowlist',
+                'Block private IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x)',
+                'Block cloud metadata endpoints (169.254.169.254)',
+                'Use URL validation library',
+                'Disable HTTP redirects or revalidate on redirect'
+            ],
+            secureCodeExample: `const { URL } = require('url');
+const ipRangeCheck = require('ip-range-check');
+
+const ALLOWED_HOSTS = ['api.example.com', 'cdn.example.com'];
+const BLOCKED_RANGES = ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', '127.0.0.0/8', '169.254.0.0/16'];
+
+async function safeFetch(userUrl) {
+  const parsed = new URL(userUrl);
+  
+  if (!ALLOWED_HOSTS.includes(parsed.hostname)) {
+    throw new Error('Host not allowed');
+  }
+  
+  // Resolve DNS and check IP
+  const addresses = await dns.promises.lookup(parsed.hostname);
+  if (BLOCKED_RANGES.some(range => ipRangeCheck(addresses.address, range))) {
+    throw new Error('Internal IP not allowed');
+  }
+  
+  return fetch(userUrl, { redirect: 'manual' });
+}`,
+            effort: 'medium',
+            priority: 'high'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A10],
+            cwe: [constants_1.CWE_REFERENCES.CWE_918]
+        },
+        tags: ['ssrf', 'nodejs', 'cloud-security', 'network'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SSRF-002',
+        name: 'SSRF - Python requests/urllib with User URL',
+        description: 'Detects Python HTTP requests using user-controlled URLs.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.SSRF,
+        category: types_1.VulnerabilityCategory.INJECTION,
+        languages: [types_1.SupportedLanguage.PYTHON],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 85,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-requests',
+                pattern: 'requests\\.(?:get|post|put|delete|head|patch)\\s*\\([^)]*(?:request\\.|f[\'"]|\\+)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'requests with user URL'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-urllib',
+                pattern: 'urllib\\.request\\.urlopen\\s*\\([^)]*(?:request\\.|\\+)',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'urllib.urlopen with user input'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-httpx',
+                pattern: 'httpx\\.(?:get|post|AsyncClient)\\s*\\([^)]*(?:request\\.|\\+)',
+                flags: 'gi',
+                weight: 0.90,
+                description: 'httpx with user URL'
+            }
+        ],
+        taintAnalysis: {
+            sources: ['request.args', 'request.form', 'request.json'],
+            sinks: ['requests.get(', 'requests.post(', 'urllib.request.urlopen(', 'httpx.get('],
+            sanitizers: ['urlparse(', 'validators.url(', 'is_safe_url(']
+        },
+        impact: {
+            confidentiality: 'high',
+            integrity: 'medium',
+            availability: 'medium',
+            technicalImpact: 'Internal network access, metadata service access.',
+            businessImpact: 'AWS/GCP/Azure credential theft from metadata.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Validate URLs with allowlist. Block internal IPs and metadata endpoints.',
+            steps: [
+                'Parse and validate URL hostname',
+                'Use allowlist of permitted domains',
+                'Block private IP ranges after DNS resolution',
+                'Disable redirects or revalidate'
+            ],
+            secureCodeExample: `from urllib.parse import urlparse
+import ipaddress
+import socket
+
+ALLOWED_HOSTS = {'api.example.com', 'cdn.example.com'}
+BLOCKED_NETWORKS = [
+    ipaddress.ip_network('10.0.0.0/8'),
+    ipaddress.ip_network('172.16.0.0/12'),
+    ipaddress.ip_network('192.168.0.0/16'),
+    ipaddress.ip_network('169.254.0.0/16'),
+]
+
+def safe_request(url: str):
+    parsed = urlparse(url)
+    
+    if parsed.hostname not in ALLOWED_HOSTS:
+        raise ValueError('Host not allowed')
+    
+    # Check resolved IP
+    ip = ipaddress.ip_address(socket.gethostbyname(parsed.hostname))
+    if any(ip in network for network in BLOCKED_NETWORKS):
+        raise ValueError('Internal IP not allowed')
+    
+    return requests.get(url, allow_redirects=False)`,
+            effort: 'medium',
+            priority: 'high'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A10],
+            cwe: [constants_1.CWE_REFERENCES.CWE_918]
+        },
+        tags: ['ssrf', 'python', 'requests', 'cloud-security'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SSRF-003',
+        name: 'SSRF - PHP curl/file_get_contents with User URL',
+        description: 'Detects PHP HTTP requests using user-controlled URLs.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.SSRF,
+        category: types_1.VulnerabilityCategory.INJECTION,
+        languages: [types_1.SupportedLanguage.PHP],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 85,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-php-curl',
+                pattern: 'curl_setopt\\s*\\([^,]*,\\s*CURLOPT_URL\\s*,\\s*\\$_(?:GET|POST|REQUEST)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'curl with user URL'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-php-file-get',
+                pattern: 'file_get_contents\\s*\\([^)]*(?:\\$_(?:GET|POST|REQUEST)|http)',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'file_get_contents with URL'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-php-fopen-url',
+                pattern: 'fopen\\s*\\([^)]*(?:\\$_(?:GET|POST|REQUEST).*(?:http|ftp))',
+                flags: 'gi',
+                weight: 0.90,
+                description: 'fopen with URL wrapper'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'medium',
+            availability: 'medium',
+            technicalImpact: 'Access internal resources, cloud metadata.',
+            businessImpact: 'Internal network exposure, credential theft.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Validate URLs against allowlist. Use parse_url() and validate hostname.',
+            steps: [
+                'Parse URL with parse_url()',
+                'Validate hostname against allowlist',
+                'Block internal IP ranges',
+                'Disable allow_url_fopen if not needed',
+                'Use CURLOPT_FOLLOWLOCATION carefully'
+            ],
+            secureCodeExample: `<?php
+$allowed_hosts = ['api.example.com', 'cdn.example.com'];
+
+function safe_fetch($url) {
+    global $allowed_hosts;
+    
+    $parsed = parse_url($url);
+    if (!$parsed || !isset($parsed['host'])) {
+        throw new Exception('Invalid URL');
+    }
+    
+    if (!in_array($parsed['host'], $allowed_hosts, true)) {
+        throw new Exception('Host not allowed');
+    }
+    
+    // Resolve and check IP
+    $ip = gethostbyname($parsed['host']);
+    if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) {
+        throw new Exception('Internal IP not allowed');
+    }
+    
+    return file_get_contents($url);
+}
+?>`,
+            effort: 'medium',
+            priority: 'high'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A10],
+            cwe: [constants_1.CWE_REFERENCES.CWE_918]
+        },
+        tags: ['ssrf', 'php', 'curl'],
+        enabled: true
+    },
+    {
+        id: 'VUL-SSRF-004',
+        name: 'SSRF - Java HttpClient/URL with User Input',
+        description: 'Detects Java HTTP requests using user-controlled URLs.',
+        version: '1.0.0',
+        vulnerabilityType: types_1.VulnerabilityType.SSRF,
+        category: types_1.VulnerabilityCategory.INJECTION,
+        languages: [types_1.SupportedLanguage.JAVA],
+        severity: types_1.VulnerabilitySeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 85,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-java-url',
+                pattern: 'new\\s+URL\\s*\\([^)]*(?:request\\.getParameter|\\+)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'new URL with user input'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-java-httpclient',
+                pattern: 'HttpClient\\..*\\.send\\s*\\([^)]*(?:request\\.getParameter|\\+)',
+                flags: 'gi',
+                weight: 0.95,
+                description: 'HttpClient with user URL'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ssrf-java-resttemplate',
+                pattern: 'RestTemplate\\s*\\(\\)\\.(?:get|post)ForObject\\s*\\([^)]*(?:\\+|request)',
+                flags: 'gi',
+                weight: 0.90,
+                description: 'RestTemplate with dynamic URL'
+            }
+        ],
+        impact: {
+            confidentiality: 'high',
+            integrity: 'medium',
+            availability: 'medium',
+            technicalImpact: 'Internal service access, cloud metadata access.',
+            businessImpact: 'AWS/Azure/GCP credential theft, internal API access.'
+        },
+        exploitability: {
+            attackVector: 'network',
+            attackComplexity: 'low',
+            privilegesRequired: 'none',
+            userInteraction: 'none'
+        },
+        remediation: {
+            summary: 'Validate URLs against allowlist. Use URL class to parse and validate hostname.',
+            steps: [
+                'Parse URL and extract hostname',
+                'Validate against allowlist',
+                'Resolve DNS and block private IPs',
+                'Use HttpClient with redirect policy'
+            ],
+            secureCodeExample: `import java.net.URL;
+import java.net.InetAddress;
+import java.util.Set;
+
+public class SafeHttpClient {
+    private static final Set<String> ALLOWED_HOSTS = Set.of("api.example.com");
+    
+    public String safeFetch(String urlString) throws Exception {
+        URL url = new URL(urlString);
+        
+        if (!ALLOWED_HOSTS.contains(url.getHost())) {
+            throw new SecurityException("Host not allowed");
+        }
+        
+        InetAddress address = InetAddress.getByName(url.getHost());
+        if (address.isSiteLocalAddress() || address.isLoopbackAddress()) {
+            throw new SecurityException("Internal IP not allowed");
+        }
+        
+        // Proceed with request
+        return HttpClient.newHttpClient()
+            .send(HttpRequest.newBuilder().uri(url.toURI()).build(),
+                  HttpResponse.BodyHandlers.ofString())
+            .body();
+    }
+}`,
+            effort: 'medium',
+            priority: 'high'
+        },
+        standards: {
+            owasp: [constants_1.OWASP_TOP_10_2021.A10],
+            cwe: [constants_1.CWE_REFERENCES.CWE_918]
+        },
+        tags: ['ssrf', 'java', 'httpclient'],
+        enabled: true
+    }
+];
+exports.default = exports.ssrfRules;
+//# sourceMappingURL=ssrf.js.map

package/dist/rules/vulnerabilities/rules/ssrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.js","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/ssrf.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,oCAQkB;AAClB,4CAAiE;AAEpD,QAAA,SAAS,GAAwB;IAC5C;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,+DAA+D;QAC5E,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,IAAI;QACzC,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC;QACvE,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,uDAAuD;gBAChE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,sEAAsE;gBAC/E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,qBAAqB;aACnC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,sDAAsD;gBAC/D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,0BAA0B;aACxC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,qEAAqE;gBAC9E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,0BAA0B;aACxC;SACF;QACD,aAAa,EAAE;YACb,OAAO,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,CAAC;YAC/E,KAAK,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC;YAC7F,UAAU,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,qBAAqB,EAAE,gBAAgB,CAAC;SAChF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,4EAA4E;YAC7F,cAAc,EAAE,sEAAsE;SACvF;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;YACvB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,iGAAiG;YAC1G,KAAK,EAAE;gBACL,mDAAmD;gBACnD,+DAA+D;gBAC/D,kDAAkD;gBAClD,4BAA4B;gBAC5B,kDAAkD;aACnD;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;EAoBvB;YACI,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,CAAC;QACrD,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,6CAA6C;QACnD,WAAW,EAAE,0DAA0D;QACvE,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,IAAI;QACzC,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,eAAe;gBAC1B,OAAO,EAAE,oFAAoF;gBAC7F,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,wBAAwB;aACtC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,aAAa;gBACxB,OAAO,EAAE,0DAA0D;gBACnE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,YAAY;gBACvB,OAAO,EAAE,gEAAgE;gBACzE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,qBAAqB;aACnC;SACF;QACD,aAAa,EAAE;YACb,OAAO,EAAE,CAAC,cAAc,EAAE,cAAc,EAAE,cAAc,CAAC;YACzD,KAAK,EAAE,CAAC,eAAe,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,YAAY,CAAC;YACnF,UAAU,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,cAAc,CAAC;SAC7D;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,mDAAmD;YACpE,cAAc,EAAE,+CAA+C;SAChE;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,0EAA0E;YACnF,KAAK,EAAE;gBACL,iCAAiC;gBACjC,oCAAoC;gBACpC,8CAA8C;gBAC9C,iCAAiC;aAClC;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;;;;oDAuB2B;YAC9C,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,gBAAgB,CAAC;QACtD,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,iDAAiD;QACvD,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,IAAI;QACzC,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,GAAG,CAAC;QAClC,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,eAAe;gBAC1B,OAAO,EAAE,0EAA0E;gBACnF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,oBAAoB;aAClC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,gEAAgE;gBACzE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,4BAA4B;aAC1C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE,6DAA6D;gBACtE,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,wBAAwB;aACtC;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,4CAA4C;YAC7D,cAAc,EAAE,8CAA8C;SAC/D;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,yEAAyE;YAClF,KAAK,EAAE;gBACL,4BAA4B;gBAC5B,qCAAqC;gBACrC,0BAA0B;gBAC1B,uCAAuC;gBACvC,sCAAsC;aACvC;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;;;;GAuBtB;YACG,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC7B,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,4CAA4C;QAClD,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,OAAO;QAChB,iBAAiB,EAAE,yBAAiB,CAAC,IAAI;QACzC,QAAQ,EAAE,6BAAqB,CAAC,SAAS;QACzC,SAAS,EAAE,CAAC,yBAAiB,CAAC,IAAI,CAAC;QACnC,QAAQ,EAAE,6BAAqB,CAAC,IAAI;QACpC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,eAAe;gBAC1B,OAAO,EAAE,sDAAsD;gBAC/D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,yBAAyB;aACvC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,kEAAkE;gBAC3E,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,0BAA0B;aACxC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,OAAO,EAAE,2EAA2E;gBACpF,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,+BAA+B;aAC7C;SACF;QACD,MAAM,EAAE;YACN,eAAe,EAAE,MAAM;YACvB,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,QAAQ;YACtB,eAAe,EAAE,iDAAiD;YAClE,cAAc,EAAE,sDAAsD;SACvE;QACD,cAAc,EAAE;YACd,YAAY,EAAE,SAAS;YACvB,gBAAgB,EAAE,KAAK;YACvB,kBAAkB,EAAE,MAAM;YAC1B,eAAe,EAAE,MAAM;SACxB;QACD,WAAW,EAAE;YACX,OAAO,EAAE,gFAAgF;YACzF,KAAK,EAAE;gBACL,gCAAgC;gBAChC,4BAA4B;gBAC5B,mCAAmC;gBACnC,qCAAqC;aACtC;YACD,iBAAiB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;EAyBvB;YACI,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,MAAM;SACjB;QACD,SAAS,EAAE;YACT,KAAK,EAAE,CAAC,6BAAiB,CAAC,GAAG,CAAC;YAC9B,GAAG,EAAE,CAAC,0BAAc,CAAC,OAAO,CAAC;SAC9B;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC;QACpC,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,kBAAe,iBAAS,CAAC"}

package/dist/rules/vulnerabilities/rules/xss.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @fileoverview Cross-Site Scripting (XSS) Detection Rules
+ * @module rules/vulnerabilities/rules/xss
+ *
+ * Comprehensive XSS detection for DOM-based, Reflected, and Stored XSS.
+ * Covers multiple languages and frameworks.
+ */
+import { VulnerabilityRule } from '../types';
+export declare const xssRules: VulnerabilityRule[];
+export default xssRules;
+//# sourceMappingURL=xss.d.ts.map

package/dist/rules/vulnerabilities/rules/xss.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss.d.ts","sourceRoot":"","sources":["../../../../src/rules/vulnerabilities/rules/xss.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,iBAAiB,EAUlB,MAAM,UAAU,CAAC;AA+DlB,eAAO,MAAM,QAAQ,EAAE,iBAAiB,EAwpBvC,CAAC;AAMF,eAAe,QAAQ,CAAC"}