npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/analyzers/core/securityScanner.ts ADDED Viewed

@@ -0,0 +1,321 @@
+/**
+ * Security Scanner Orchestrator
+ * Main scanner that coordinates all analyzers
+ */
+import * as path from 'path';
+import * as fs from 'fs';
+import {
+  ScanConfig,
+  ScanResult,
+  Finding,
+  ScannedFile,
+  ScanStats,
+  Severity,
+  FindingCategory
+} from '../../types';
+import { FileScanner } from './scanner';
+import { RuleEngine } from './engine';
+import { RiskScoringEngine } from './scoring';
+import { getAllRules, getEnabledRules } from '../../rules';
+import { getAllAnalyzers, initializeAnalyzers, cleanupAnalyzers, getAnalyzerForLanguage } from '../';
+import { AIAnalyzer } from '../../ai';
+import { HtmlReportGenerator } from '../../reports';
+import { generateId, isHigherOrEqualSeverity } from '../../utils';
+import { logger, logScanStart, logScanComplete, logFinding } from '../../utils/logger';
+/**
+ * Security Scanner Class
+ * Main orchestrator for the SAST tool
+ */
+export class SecurityScanner {
+  private config: ScanConfig;
+  private fileScanner: FileScanner;
+  private ruleEngine: RuleEngine;
+  private riskScoring: RiskScoringEngine;
+  private aiAnalyzer?: AIAnalyzer;
+  constructor(config: ScanConfig) {
+    this.config = this.normalizeConfig(config);
+    this.fileScanner = new FileScanner(this.config);
+    this.ruleEngine = new RuleEngine();
+    this.riskScoring = new RiskScoringEngine();
+    // Initialize AI analyzer if configured
+    if (this.config.useAI && this.config.aiConfig) {
+      this.aiAnalyzer = new AIAnalyzer(this.config.aiConfig);
+    }
+  }
+  /**
+   * Normalize and validate configuration
+   */
+  private normalizeConfig(config: ScanConfig): ScanConfig {
+    return {
+      ...config,
+      projectPath: path.resolve(config.projectPath),
+      exclude: config.exclude || [],
+      minSeverity: config.minSeverity || Severity.INFO,
+      verbose: config.verbose || false,
+      maxFileSize: config.maxFileSize || 5 * 1024 * 1024,
+      fileTimeout: config.fileTimeout || 30000
+    };
+  }
+  /**
+   * Run the security scan
+   */
+  async scan(): Promise<ScanResult> {
+    const startTime = Date.now();
+    const scanId = generateId();
+    logScanStart(this.config.projectPath);
+    try {
+      // Initialize analyzers
+      await initializeAnalyzers();
+      // Log available analyzers and their versions
+      const allAnalyzers = getAllAnalyzers();
+      logger.info(`🔧 Loaded ${allAnalyzers.length} security analyzers:`);
+      for (const analyzer of allAnalyzers) {
+        logger.info(`   • ${analyzer.name} v${analyzer.version} (${analyzer.languages.join(', ')})`);
+      }
+      if (this.aiAnalyzer) {
+        await this.aiAnalyzer.initialize();
+      }
+      // Load rules
+      const rules = getEnabledRules();
+      this.ruleEngine.loadRules(rules);
+      // Scan files
+      logger.info('📂 Scanning project files...');
+      const files = await this.fileScanner.scan();
+      if (files.length === 0) {
+        logger.warn('⚠️ No files found to analyze');
+        return this.createEmptyResult(scanId, startTime);
+      }
+      // Analyze files
+      logger.info('🔍 Analyzing code for vulnerabilities and malware...');
+      const allFindings: Finding[] = [];
+      for (let i = 0; i < files.length; i++) {
+        const file = files[i];
+        if (this.config.verbose) {
+          logger.debug(`Analyzing: ${file.relativePath}`);
+        }
+        try {
+          const fileFindings = await this.analyzeFile(file);
+          allFindings.push(...fileFindings);
+          // Log critical findings immediately
+          for (const finding of fileFindings) {
+            if (finding.severity === Severity.CRITICAL || finding.severity === Severity.HIGH || finding.category === FindingCategory.MALWARE) {
+              logFinding(finding.severity, finding.title, finding.location.file, finding.location.startLine, finding.category);
+            }
+          }
+        } catch (error) {
+          logger.debug(`Error analyzing ${file.relativePath}: ${error}`);
+        }
+      }
+      // Deduplicate findings
+      const uniqueFindings = this.ruleEngine.deduplicateFindings(allFindings);
+      // Filter by minimum severity
+      const filteredFindings = this.filterBySeverity(uniqueFindings);
+      // Sort by severity
+      const sortedFindings = this.ruleEngine.sortBySeverity(filteredFindings);
+      // Calculate statistics
+      const endTime = Date.now();
+      const stats = this.calculateStats(files, sortedFindings, startTime, endTime);
+      // Calculate risk score
+      const riskScore = this.riskScoring.calculateRiskScore(sortedFindings, files.length);
+      const riskLevel = this.riskScoring.getRiskLevel(riskScore);
+      // Create result
+      const result: ScanResult = {
+        projectPath: this.config.projectPath,
+        projectName: path.basename(this.config.projectPath),
+        scanId,
+        findings: sortedFindings,
+        stats,
+        riskScore,
+        riskLevel,
+        scannedFiles: files,
+        config: this.config
+      };
+      logScanComplete(stats.totalFiles, sortedFindings.length, stats.duration, riskScore);
+      // Generate report if output path specified
+      if (this.config.outputPath) {
+        await this.generateReport(result);
+      }
+      // Cleanup
+      await cleanupAnalyzers();
+      return result;
+    } catch (error) {
+      logger.error(`Scan failed: ${error}`);
+      throw error;
+    }
+  }
+  /**
+   * Analyze a single file
+   */
+  private async analyzeFile(file: ScannedFile): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    // Skip if no language detected
+    if (!file.language) {
+      return findings;
+    }
+    // Get language-specific analyzer
+    const analyzer = getAnalyzerForLanguage(file.language);
+    if (analyzer) {
+      // Log analyzer version being used
+      if (this.config.verbose) {
+        logger.debug(`Using ${analyzer.name} v${analyzer.version} for ${file.relativePath}`);
+      }
+      const rules = getEnabledRules().filter(r =>
+        r.languages.includes(file.language!)
+      );
+      const analyzerFindings = await analyzer.analyze(file, rules);
+      findings.push(...analyzerFindings);
+    }
+    // Run rule engine for generic patterns
+    const ruleFindings = await this.ruleEngine.analyzeFile(file);
+    findings.push(...ruleFindings);
+    // AI analysis if enabled
+    if (this.aiAnalyzer && this.config.useAI) {
+      const aiResult = await this.aiAnalyzer.analyze(file);
+      findings.push(...aiResult.findings);
+    }
+    return findings;
+  }
+  /**
+   * Filter findings by minimum severity
+   */
+  private filterBySeverity(findings: Finding[]): Finding[] {
+    if (!this.config.minSeverity) {
+      return findings;
+    }
+    return findings.filter(f =>
+      isHigherOrEqualSeverity(f.severity, this.config.minSeverity!)
+    );
+  }
+  /**
+   * Calculate scan statistics
+   */
+  private calculateStats(
+    files: ScannedFile[],
+    findings: Finding[],
+    startTime: number,
+    endTime: number
+  ): ScanStats {
+    const totalLines = files.reduce((sum, f) => sum + f.lineCount, 0);
+    const filesByLanguage: Record<string, number> = {};
+    for (const file of files) {
+      const lang = file.language || 'unknown';
+      filesByLanguage[lang] = (filesByLanguage[lang] || 0) + 1;
+    }
+    const findingsBySeverity = this.riskScoring.getSeverityDistribution(findings);
+    const findingsByCategory = this.riskScoring.getCategoryDistribution(findings);
+    return {
+      totalFiles: files.length,
+      totalLines,
+      filesByLanguage,
+      findingsBySeverity,
+      findingsByCategory,
+      duration: endTime - startTime,
+      startTime: new Date(startTime),
+      endTime: new Date(endTime)
+    };
+  }
+  /**
+   * Create empty result when no files found
+   */
+  private createEmptyResult(scanId: string, startTime: number): ScanResult {
+    const endTime = Date.now();
+    return {
+      projectPath: this.config.projectPath,
+      projectName: path.basename(this.config.projectPath),
+      scanId,
+      findings: [],
+      stats: {
+        totalFiles: 0,
+        totalLines: 0,
+        filesByLanguage: {},
+        findingsBySeverity: {
+          [Severity.CRITICAL]: 0,
+          [Severity.HIGH]: 0,
+          [Severity.MEDIUM]: 0,
+          [Severity.LOW]: 0,
+          [Severity.INFO]: 0
+        },
+        findingsByCategory: {
+          [FindingCategory.MALWARE]: 0,
+          [FindingCategory.VULNERABILITY]: 0,
+          [FindingCategory.CODE_SMELL]: 0,
+          [FindingCategory.BEST_PRACTICE]: 0
+        },
+        duration: endTime - startTime,
+        startTime: new Date(startTime),
+        endTime: new Date(endTime)
+      },
+      riskScore: 0,
+      riskLevel: 'safe',
+      scannedFiles: [],
+      config: this.config
+    };
+  }
+  /**
+   * Generate report
+   */
+  private async generateReport(result: ScanResult): Promise<void> {
+    if (!this.config.outputPath) return;
+    const outputPath = path.resolve(this.config.outputPath);
+    const ext = path.extname(outputPath).toLowerCase();
+    if (ext === '.html' || ext === '') {
+      // Pass the language configuration to the report generator
+      const reportLanguage = this.config.language || 'es';
+      const reportGenerator = new HtmlReportGenerator(reportLanguage);
+      const finalPath = ext === '' ? `${outputPath}.html` : outputPath;
+      await reportGenerator.saveReport(result, finalPath);
+    } else if (ext === '.json') {
+      fs.writeFileSync(outputPath, JSON.stringify(result, null, 2), 'utf-8');
+      logger.info(`📁 Reporte JSON guardado en: ${outputPath}`);
+    }
+  }
+}
+export default SecurityScanner;

package/src/analyzers/csharp/csharpAnalyzer.ts ADDED Viewed

@@ -0,0 +1,328 @@
+/**
+ * C# Analyzer
+ * Specialized analyzer for C# code
+ */
+import { BaseAnalyzer } from '../base';
+import { ScannedFile, Finding, Rule, SupportedLanguage, Severity, ThreatType, FindingCategory } from '../../types';
+import { generateId, extractCodeContext } from '../../utils';
+import { getStandardsForThreat } from '../../rules/standards';
+/**
+ * C# Analyzer Class
+ */
+export class CSharpAnalyzer extends BaseAnalyzer {
+  name = 'C# Analyzer';
+  languages: SupportedLanguage[] = ['csharp'];
+  version = '1.0.0';
+  /**
+   * Analyze C# file
+   */
+  async analyze(file: ScannedFile, rules: Rule[]): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    // Filter rules for C#
+    const csRules = rules.filter(r => r.languages.includes('csharp'));
+    // Run rule engine
+    const ruleFindings = await this.ruleEngine.analyzeFile(file, csRules);
+    findings.push(...ruleFindings);
+    // Additional C#-specific analysis
+    const customFindings = await this.customAnalysis(file);
+    findings.push(...customFindings);
+    return findings;
+  }
+  /**
+   * Custom C#-specific analysis
+   */
+  private async customAnalysis(file: ScannedFile): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    const lines = file.content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const lineNum = i + 1;
+      // Check for SQL injection
+      if (this.checkSqlInjection(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Potential SQL Injection',
+          'String concatenation in SQL query. Use parameterized queries.',
+          Severity.CRITICAL,
+          ThreatType.SQL_INJECTION
+        ));
+      }
+      // Check for command injection
+      if (this.checkCommandInjection(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Command Injection Risk',
+          'Process.Start with potentially user-controlled arguments.',
+          Severity.CRITICAL,
+          ThreatType.COMMAND_INJECTION
+        ));
+      }
+      // Check for deserialization
+      if (this.checkDeserialization(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Insecure Deserialization',
+          'BinaryFormatter and similar can execute arbitrary code.',
+          Severity.CRITICAL,
+          ThreatType.INSECURE_DESERIALIZATION
+        ));
+      }
+      // Check for XXE
+      if (this.checkXxe(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Potential XXE Vulnerability',
+          'XML parser may be vulnerable to XXE attacks.',
+          Severity.HIGH,
+          ThreatType.DANGEROUS_FUNCTION
+        ));
+      }
+      // Check for LDAP injection
+      if (this.checkLdapInjection(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Potential LDAP Injection',
+          'LDAP query with user-controlled input.',
+          Severity.HIGH,
+          ThreatType.LDAP_INJECTION
+        ));
+      }
+      // Check for path traversal
+      if (this.checkPathTraversal(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Path Traversal Risk',
+          'File operation with potentially user-controlled path.',
+          Severity.HIGH,
+          ThreatType.PATH_TRAVERSAL
+        ));
+      }
+      // Check for weak crypto
+      if (this.checkWeakCrypto(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Weak Cryptographic Algorithm',
+          'Use of weak or deprecated cryptographic algorithm.',
+          Severity.MEDIUM,
+          ThreatType.INSECURE_CRYPTO
+        ));
+      }
+      // Check for hardcoded credentials
+      if (this.checkHardcodedCredentials(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Hardcoded Credentials',
+          'Credentials appear to be hardcoded in source code.',
+          Severity.HIGH,
+          ThreatType.HARDCODED_CREDENTIALS
+        ));
+      }
+      // Check for unsafe reflection
+      if (this.checkUnsafeReflection(line)) {
+        findings.push(this.createFinding(
+          file,
+          lineNum,
+          'Unsafe Reflection',
+          'Type.GetType with user input can load malicious assemblies.',
+          Severity.HIGH,
+          ThreatType.DANGEROUS_FUNCTION
+        ));
+      }
+    }
+    return findings;
+  }
+  /**
+   * Check for SQL injection
+   */
+  private checkSqlInjection(line: string): boolean {
+    const patterns = [
+      /SqlCommand\s*\([^)]*\+/,
+      /ExecuteReader\s*\(\s*["'][^'"]*\+/,
+      /ExecuteNonQuery\s*\(\s*["'][^'"]*\+/,
+      /["']SELECT[^'"]*["']\s*\+/i,
+      /["']INSERT[^'"]*["']\s*\+/i,
+      /["']UPDATE[^'"]*["']\s*\+/i,
+      /["']DELETE[^'"]*["']\s*\+/i,
+      /FromSqlRaw\s*\([^)]*\+/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for command injection
+   */
+  private checkCommandInjection(line: string): boolean {
+    const patterns = [
+      /Process\.Start\s*\([^)]*\+/,
+      /ProcessStartInfo\s*\{[^}]*Arguments\s*=\s*[^}]*\+/,
+      /new\s+ProcessStartInfo\s*\([^)]*\+/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for insecure deserialization
+   */
+  private checkDeserialization(line: string): boolean {
+    const patterns = [
+      /BinaryFormatter\s*\(\s*\)/,
+      /\.Deserialize\s*\(/,
+      /NetDataContractSerializer/,
+      /SoapFormatter/,
+      /ObjectStateFormatter/,
+      /LosFormatter/,
+      /JavaScriptSerializer\s*\(\s*\).*Deserialize/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for XXE
+   */
+  private checkXxe(line: string): boolean {
+    const patterns = [
+      /XmlDocument\s*\(\s*\)/,
+      /XmlTextReader\s*\(/,
+      /new\s+XmlReaderSettings\s*\(\s*\)/
+    ];
+    if (patterns.some(p => p.test(line))) {
+      // Check if DtdProcessing is properly configured
+      if (!/DtdProcessing\s*=\s*DtdProcessing\.Prohibit/.test(line)) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Check for LDAP injection
+   */
+  private checkLdapInjection(line: string): boolean {
+    const patterns = [
+      /DirectorySearcher\s*\([^)]*\+/,
+      /FindAll\s*\(\s*["'][^'"]*\+/,
+      /Filter\s*=\s*["'][^'"]*\+/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for path traversal
+   */
+  private checkPathTraversal(line: string): boolean {
+    const patterns = [
+      /File\.(?:ReadAll|WriteAll|Open|Delete)\s*\([^)]*\+/,
+      /new\s+FileStream\s*\([^)]*\+/,
+      /Path\.Combine\s*\([^)]*Request\./i,
+      /Directory\.(?:GetFiles|Delete|Create)\s*\([^)]*\+/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for weak crypto
+   */
+  private checkWeakCrypto(line: string): boolean {
+    const patterns = [
+      /\bMD5\.Create\s*\(\s*\)/,
+      /\bSHA1\.Create\s*\(\s*\)/,
+      /\bDES\.Create\s*\(\s*\)/,
+      /\bTripleDES\.Create\s*\(\s*\)/,
+      /\bRC2\.Create\s*\(\s*\)/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for hardcoded credentials
+   */
+  private checkHardcodedCredentials(line: string): boolean {
+    const patterns = [
+      /(?:password|pwd|passwd)\s*=\s*["'][^"']{4,}["']/i,
+      /(?:connectionString|connStr).*(?:password|pwd)\s*=/i,
+      /SqlConnection\s*\([^)]*password\s*=/i
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Check for unsafe reflection
+   */
+  private checkUnsafeReflection(line: string): boolean {
+    const patterns = [
+      /Type\.GetType\s*\([^)]*\+/,
+      /Assembly\.Load(?:From|File)?\s*\([^)]*\+/,
+      /Activator\.CreateInstance\s*\([^)]*GetType/
+    ];
+    return patterns.some(p => p.test(line));
+  }
+  /**
+   * Create generic finding
+   */
+  private createFinding(
+    file: ScannedFile,
+    lineNum: number,
+    title: string,
+    description: string,
+    severity: Severity,
+    threatType: ThreatType
+  ): Finding {
+    const context = extractCodeContext(file.content, lineNum, 2);
+    return {
+      id: generateId(),
+      title,
+      description,
+      severity,
+      threatType,
+      category: FindingCategory.VULNERABILITY,
+      location: {
+        file: file.relativePath,
+        startLine: lineNum,
+        endLine: lineNum
+      },
+      snippet: {
+        code: context.code,
+        contextBefore: context.contextBefore,
+        contextAfter: context.contextAfter
+      },
+      standards: getStandardsForThreat(threatType),
+      remediation: 'Review and fix the identified issue.',
+      confidence: 75,
+      analyzer: this.name,
+      timestamp: new Date(),
+      tags: ['csharp', 'dotnet']
+    };
+  }
+}
+export default CSharpAnalyzer;

package/src/analyzers/csharp/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * C# Analyzer Exports
+ */
+export * from './csharpAnalyzer';