npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/analyzers/javascript/taintAnalyzer.ts ADDED Viewed

@@ -0,0 +1,630 @@
+/**
+ * Taint Analysis Module for JavaScript/TypeScript
+ * Tracks data flow from untrusted sources to dangerous sinks
+ *
+ * Inspired by CodeQL's taint tracking methodology
+ */
+import { SourceLocation, Severity, ThreatType, FindingCategory, SecurityStandard } from '../../types';
+import { getStandardsForThreat } from '../../rules/standards';
+/**
+ * Represents a taint source - where untrusted data enters
+ */
+export interface TaintSource {
+  /** Source type identifier */
+  type: string;
+  /** Pattern to match the source */
+  pattern: RegExp;
+  /** Description of the source */
+  description: string;
+  /** Variable capture group index in regex */
+  captureGroup?: number;
+  /** Context hints for better detection */
+  contextHints?: string[];
+}
+/**
+ * Represents a taint sink - dangerous operations
+ */
+export interface TaintSink {
+  /** Sink type identifier */
+  type: string;
+  /** Pattern to match the sink */
+  pattern: RegExp;
+  /** Threat type this sink can cause */
+  threatType: ThreatType;
+  /** Severity level */
+  severity: Severity;
+  /** Description of the vulnerability */
+  description: string;
+  /** CWE/OWASP references */
+  standards?: SecurityStandard[];
+  /** Remediation advice */
+  remediation: string;
+}
+/**
+ * Represents a taint flow from source to sink
+ */
+export interface TaintFlow {
+  /** The source of tainted data */
+  source: {
+    type: string;
+    variable: string;
+    line: number;
+    code: string;
+  };
+  /** The sink where tainted data is used */
+  sink: {
+    type: string;
+    line: number;
+    code: string;
+    threatType: ThreatType;
+    severity: Severity;
+  };
+  /** Intermediate steps (if any) */
+  propagation: {
+    variable: string;
+    line: number;
+    code: string;
+  }[];
+  /** Confidence score 0-100 */
+  confidence: number;
+}
+/**
+ * Taint sources - entry points for untrusted data
+ */
+export const TAINT_SOURCES: TaintSource[] = [
+  // Express/Node.js request data
+  {
+    type: 'request_body',
+    pattern: /\breq(?:uest)?\.body(?:\[['"`](\w+)['"`]\]|\.(\w+))?/g,
+    description: 'User input from request body',
+    contextHints: ['express', 'http', 'request']
+  },
+  {
+    type: 'request_query',
+    pattern: /\breq(?:uest)?\.query(?:\[['"`](\w+)['"`]\]|\.(\w+))?/g,
+    description: 'User input from query string',
+    contextHints: ['express', 'http', 'request']
+  },
+  {
+    type: 'request_params',
+    pattern: /\breq(?:uest)?\.params(?:\[['"`](\w+)['"`]\]|\.(\w+))?/g,
+    description: 'User input from URL parameters',
+    contextHints: ['express', 'http', 'request']
+  },
+  {
+    type: 'request_headers',
+    pattern: /\breq(?:uest)?\.headers(?:\[['"`](\w+)['"`]\]|\.(\w+))?/g,
+    description: 'User-controlled HTTP headers',
+    contextHints: ['express', 'http', 'request']
+  },
+  {
+    type: 'request_cookies',
+    pattern: /\breq(?:uest)?\.cookies(?:\[['"`](\w+)['"`]\]|\.(\w+))?/g,
+    description: 'User-controlled cookies',
+    contextHints: ['express', 'cookie']
+  },
+  // Browser APIs
+  {
+    type: 'url_location',
+    pattern: /\b(?:window\.)?location\.(?:href|search|hash|pathname)/g,
+    description: 'Browser URL location (user-controllable)',
+    contextHints: ['browser', 'window', 'document']
+  },
+  {
+    type: 'document_url',
+    pattern: /\bdocument\.(?:URL|documentURI|referrer)/g,
+    description: 'Document URL properties',
+    contextHints: ['browser', 'document']
+  },
+  {
+    type: 'url_search_params',
+    pattern: /new\s+URLSearchParams\s*\([^)]*\)\.get\s*\(/g,
+    description: 'URL search parameters',
+    contextHints: ['browser', 'URL']
+  },
+  {
+    type: 'local_storage',
+    pattern: /\b(?:localStorage|sessionStorage)\.getItem\s*\(['"`](\w+)['"`]\)/g,
+    description: 'Browser storage (potentially attacker-controlled)',
+    contextHints: ['browser', 'storage']
+  },
+  {
+    type: 'post_message',
+    pattern: /\bevent\.data\b|\bmessage\.data\b/g,
+    description: 'PostMessage data (cross-origin)',
+    contextHints: ['postMessage', 'addEventListener', 'message']
+  },
+  // Environment variables
+  {
+    type: 'env_variable',
+    pattern: /\bprocess\.env(?:\[['"`](\w+)['"`]\]|\.(\w+))/g,
+    description: 'Environment variable (may contain sensitive data)',
+    contextHints: ['node', 'process', 'env']
+  },
+  // Form data
+  {
+    type: 'form_data',
+    pattern: /\b(?:formData|form)\.get\s*\(['"`](\w+)['"`]\)/g,
+    description: 'Form input data',
+    contextHints: ['form', 'FormData']
+  },
+  // File uploads
+  {
+    type: 'file_upload',
+    pattern: /\breq(?:uest)?\.files?(?:\[['"`](\w+)['"`]\]|\.(\w+))?/g,
+    description: 'Uploaded file data',
+    contextHints: ['multer', 'upload', 'file']
+  }
+];
+/**
+ * Taint sinks - dangerous operations
+ */
+export const TAINT_SINKS: TaintSink[] = [
+  // Code Execution (RCE)
+  {
+    type: 'eval',
+    pattern: /\beval\s*\(/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'Direct code execution via eval()',
+    remediation: 'Never use eval() with user input. Use safer alternatives like JSON.parse() for data.'
+  },
+  {
+    type: 'function_constructor',
+    pattern: /\bnew\s+Function\s*\(/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'Dynamic function creation (equivalent to eval)',
+    remediation: 'Avoid new Function() with dynamic input. Use predefined functions instead.'
+  },
+  {
+    type: 'setTimeout_string',
+    pattern: /\bsetTimeout\s*\(\s*['"`]/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.HIGH,
+    description: 'setTimeout with string argument (eval-like)',
+    remediation: 'Pass a function reference to setTimeout instead of a string.'
+  },
+  {
+    type: 'setInterval_string',
+    pattern: /\bsetInterval\s*\(\s*['"`]/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.HIGH,
+    description: 'setInterval with string argument (eval-like)',
+    remediation: 'Pass a function reference to setInterval instead of a string.'
+  },
+  // Command Injection (OS)
+  {
+    type: 'child_process_exec',
+    pattern: /\b(?:child_process\.)?exec\s*\(/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'OS command execution via exec()',
+    remediation: 'Use execFile() with argument arrays instead of exec(). Validate and sanitize all inputs.'
+  },
+  {
+    type: 'child_process_spawn_shell',
+    pattern: /\bspawn\s*\([^)]+,\s*\{[^}]*shell\s*:\s*true/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'spawn() with shell option (vulnerable to injection)',
+    remediation: 'Avoid shell: true in spawn(). Pass arguments as an array.'
+  },
+  {
+    type: 'exec_sync',
+    pattern: /\b(?:execSync|spawnSync)\s*\(/g,
+    threatType: ThreatType.COMMAND_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'Synchronous command execution',
+    remediation: 'Use execFileSync() with argument arrays. Never pass user input directly.'
+  },
+  // XSS Sinks
+  {
+    type: 'innerHTML',
+    pattern: /\.innerHTML\s*=/g,
+    threatType: ThreatType.XSS,
+    severity: Severity.HIGH,
+    description: 'DOM XSS via innerHTML assignment',
+    remediation: 'Use textContent for text, or sanitize HTML with DOMPurify before innerHTML.'
+  },
+  {
+    type: 'outerHTML',
+    pattern: /\.outerHTML\s*=/g,
+    threatType: ThreatType.XSS,
+    severity: Severity.HIGH,
+    description: 'DOM XSS via outerHTML assignment',
+    remediation: 'Use textContent for text, or sanitize HTML with DOMPurify.'
+  },
+  {
+    type: 'document_write',
+    pattern: /\bdocument\.(?:write|writeln)\s*\(/g,
+    threatType: ThreatType.XSS,
+    severity: Severity.HIGH,
+    description: 'DOM XSS via document.write()',
+    remediation: 'Avoid document.write(). Use DOM methods like createElement() and textContent.'
+  },
+  {
+    type: 'insertAdjacentHTML',
+    pattern: /\.insertAdjacentHTML\s*\(/g,
+    threatType: ThreatType.XSS,
+    severity: Severity.HIGH,
+    description: 'DOM XSS via insertAdjacentHTML()',
+    remediation: 'Sanitize HTML content with DOMPurify before insertion.'
+  },
+  {
+    type: 'jquery_html',
+    pattern: /\$\([^)]+\)\.html\s*\(/g,
+    threatType: ThreatType.XSS,
+    severity: Severity.HIGH,
+    description: 'DOM XSS via jQuery .html()',
+    remediation: 'Use .text() for plain text, or sanitize with DOMPurify before .html().'
+  },
+  {
+    type: 'jquery_append',
+    pattern: /\$\([^)]+\)\.(?:append|prepend|after|before)\s*\(/g,
+    threatType: ThreatType.XSS,
+    severity: Severity.MEDIUM,
+    description: 'Potential DOM XSS via jQuery DOM manipulation',
+    remediation: 'Ensure HTML content is sanitized before DOM insertion.'
+  },
+  // SSRF Sinks
+  {
+    type: 'fetch',
+    pattern: /\bfetch\s*\(/g,
+    threatType: ThreatType.SECURITY_MISCONFIGURATION,
+    severity: Severity.HIGH,
+    description: 'Potential SSRF via fetch() with user-controlled URL',
+    remediation: 'Validate and whitelist URLs before making requests. Block internal IP ranges.'
+  },
+  {
+    type: 'axios_request',
+    pattern: /\baxios(?:\.(?:get|post|put|delete|patch|request))?\s*\(/g,
+    threatType: ThreatType.SECURITY_MISCONFIGURATION,
+    severity: Severity.HIGH,
+    description: 'Potential SSRF via axios with user-controlled URL',
+    remediation: 'Validate and whitelist URLs before making requests.'
+  },
+  {
+    type: 'http_request',
+    pattern: /\b(?:http|https)\.(?:get|request)\s*\(/g,
+    threatType: ThreatType.SECURITY_MISCONFIGURATION,
+    severity: Severity.HIGH,
+    description: 'Potential SSRF via Node.js HTTP module',
+    remediation: 'Validate and whitelist URLs. Block requests to internal networks.'
+  },
+  // SQL Injection
+  {
+    type: 'sql_query',
+    pattern: /\.query\s*\(\s*['"`](?:SELECT|INSERT|UPDATE|DELETE)/gi,
+    threatType: ThreatType.SQL_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'Potential SQL injection via raw query',
+    remediation: 'Use parameterized queries or prepared statements. Never concatenate user input.'
+  },
+  {
+    type: 'sql_raw',
+    pattern: /\.raw\s*\(\s*['"`]|\.unsafeRaw\s*\(/g,
+    threatType: ThreatType.SQL_INJECTION,
+    severity: Severity.CRITICAL,
+    description: 'Raw SQL query execution',
+    remediation: 'Avoid raw SQL. Use ORM methods or parameterized queries.'
+  },
+  // Path Traversal
+  {
+    type: 'fs_read',
+    pattern: /\b(?:fs\.)?(?:readFile|readFileSync|createReadStream)\s*\(/g,
+    threatType: ThreatType.PATH_TRAVERSAL,
+    severity: Severity.HIGH,
+    description: 'File read with potentially user-controlled path',
+    remediation: 'Validate file paths. Use path.resolve() and check against base directory.'
+  },
+  {
+    type: 'fs_write',
+    pattern: /\b(?:fs\.)?(?:writeFile|writeFileSync|createWriteStream|appendFile)\s*\(/g,
+    threatType: ThreatType.PATH_TRAVERSAL,
+    severity: Severity.HIGH,
+    description: 'File write with potentially user-controlled path',
+    remediation: 'Validate file paths. Never use user input directly in file operations.'
+  },
+  // Deserialization
+  {
+    type: 'json_parse',
+    pattern: /\bJSON\.parse\s*\(/g,
+    threatType: ThreatType.INSECURE_DESERIALIZATION,
+    severity: Severity.MEDIUM,
+    description: 'JSON parsing (safe by itself, but check usage)',
+    remediation: 'Validate JSON structure after parsing. Be careful with prototype pollution.'
+  },
+  {
+    type: 'unserialize',
+    pattern: /\b(?:unserialize|deserialize)\s*\(/g,
+    threatType: ThreatType.INSECURE_DESERIALIZATION,
+    severity: Severity.HIGH,
+    description: 'Object deserialization (potential RCE)',
+    remediation: 'Avoid deserializing untrusted data. Use safe serialization formats.'
+  },
+  // Header Injection
+  {
+    type: 'set_header',
+    pattern: /\.setHeader\s*\(/g,
+    threatType: ThreatType.SECURITY_MISCONFIGURATION,
+    severity: Severity.MEDIUM,
+    description: 'HTTP header injection if value is user-controlled',
+    remediation: 'Validate header values. Remove newlines and control characters.'
+  },
+  // Redirect
+  {
+    type: 'redirect',
+    pattern: /\.redirect\s*\(/g,
+    threatType: ThreatType.SECURITY_MISCONFIGURATION,
+    severity: Severity.MEDIUM,
+    description: 'Open redirect if URL is user-controlled',
+    remediation: 'Validate redirect URLs. Only allow relative paths or whitelisted domains.'
+  }
+];
+/**
+ * Represents a tracked tainted variable
+ */
+interface TaintedVariable {
+  name: string;
+  sourceType: string;
+  sourceLine: number;
+  sourceCode: string;
+  assignments: { line: number; code: string }[];
+}
+/**
+ * Taint Analyzer Class
+ * Performs intra-procedural taint analysis for JavaScript/TypeScript
+ */
+export class TaintAnalyzer {
+  private taintedVariables: Map<string, TaintedVariable> = new Map();
+  private lines: string[] = [];
+  private filePath: string = '';
+  /**
+   * Analyze code for taint flows
+   */
+  analyze(content: string, filePath: string): TaintFlow[] {
+    this.lines = content.split('\n');
+    this.filePath = filePath;
+    this.taintedVariables.clear();
+    const flows: TaintFlow[] = [];
+    // Phase 1: Identify taint sources
+    this.identifySources();
+    // Phase 2: Track taint propagation
+    this.trackPropagation();
+    // Phase 3: Check sinks
+    flows.push(...this.checkSinks());
+    return flows;
+  }
+  /**
+   * Phase 1: Identify all taint sources in the code
+   */
+  private identifySources(): void {
+    for (let i = 0; i < this.lines.length; i++) {
+      const line = this.lines[i];
+      const lineNum = i + 1;
+      // Check each source pattern
+      for (const source of TAINT_SOURCES) {
+        // Reset regex lastIndex
+        source.pattern.lastIndex = 0;
+        // Check for variable assignment from source
+        const assignmentPatterns = [
+          // const/let/var x = source
+          new RegExp(`(?:const|let|var)\\s+(\\w+)\\s*=\\s*${source.pattern.source}`, 'g'),
+          // x = source (reassignment)
+          new RegExp(`(\\w+)\\s*=\\s*${source.pattern.source}`, 'g'),
+          // destructuring: const { x } = req.body
+          new RegExp(`(?:const|let|var)\\s*\\{([^}]+)\\}\\s*=\\s*${source.pattern.source.replace(/\(\?:[^)]+\)?\?/g, '')}`, 'g')
+        ];
+        for (const pattern of assignmentPatterns) {
+          pattern.lastIndex = 0;
+          let match;
+          while ((match = pattern.exec(line)) !== null) {
+            const varNames = match[1].split(',').map(v => v.trim().split(':')[0].trim());
+            for (const varName of varNames) {
+              if (varName && /^\w+$/.test(varName)) {
+                this.taintedVariables.set(varName, {
+                  name: varName,
+                  sourceType: source.type,
+                  sourceLine: lineNum,
+                  sourceCode: line.trim(),
+                  assignments: []
+                });
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+  /**
+   * Phase 2: Track taint propagation through assignments
+   */
+  private trackPropagation(): void {
+    for (let i = 0; i < this.lines.length; i++) {
+      const line = this.lines[i];
+      const lineNum = i + 1;
+      // Check for propagation: y = taintedVar or y = something(taintedVar)
+      for (const [taintedVar, taintInfo] of this.taintedVariables) {
+        // Skip the original source line
+        if (lineNum === taintInfo.sourceLine) continue;
+        // Check if tainted variable is used in an assignment
+        const propagationPattern = new RegExp(
+          `(?:const|let|var)?\\s*(\\w+)\\s*=\\s*(?:[^;]*\\b${taintedVar}\\b[^;]*)`,
+          'g'
+        );
+        let match;
+        while ((match = propagationPattern.exec(line)) !== null) {
+          const newVar = match[1];
+          if (newVar && newVar !== taintedVar && /^\w+$/.test(newVar)) {
+            // Propagate taint to new variable
+            if (!this.taintedVariables.has(newVar)) {
+              this.taintedVariables.set(newVar, {
+                name: newVar,
+                sourceType: taintInfo.sourceType,
+                sourceLine: taintInfo.sourceLine,
+                sourceCode: taintInfo.sourceCode,
+                assignments: [{ line: lineNum, code: line.trim() }]
+              });
+            } else {
+              // Add to existing tainted variable's propagation
+              const existing = this.taintedVariables.get(newVar)!;
+              existing.assignments.push({ line: lineNum, code: line.trim() });
+            }
+          }
+        }
+      }
+    }
+  }
+  /**
+   * Phase 3: Check if tainted data reaches sinks
+   */
+  private checkSinks(): TaintFlow[] {
+    const flows: TaintFlow[] = [];
+    for (let i = 0; i < this.lines.length; i++) {
+      const line = this.lines[i];
+      const lineNum = i + 1;
+      // Check each sink pattern
+      for (const sink of TAINT_SINKS) {
+        sink.pattern.lastIndex = 0;
+        if (sink.pattern.test(line)) {
+          // Check if any tainted variable is used in this line
+          for (const [varName, taintInfo] of this.taintedVariables) {
+            const varPattern = new RegExp(`\\b${varName}\\b`);
+            if (varPattern.test(line)) {
+              // Found taint flow!
+              flows.push({
+                source: {
+                  type: taintInfo.sourceType,
+                  variable: taintInfo.name,
+                  line: taintInfo.sourceLine,
+                  code: taintInfo.sourceCode
+                },
+                sink: {
+                  type: sink.type,
+                  line: lineNum,
+                  code: line.trim(),
+                  threatType: sink.threatType,
+                  severity: sink.severity
+                },
+                propagation: taintInfo.assignments.map(a => ({ ...a, variable: taintInfo.name })),
+                confidence: this.calculateConfidence(taintInfo, sink, lineNum)
+              });
+            }
+          }
+          // Also check for direct source-to-sink (no intermediate variable)
+          for (const source of TAINT_SOURCES) {
+            source.pattern.lastIndex = 0;
+            if (source.pattern.test(line)) {
+              flows.push({
+                source: {
+                  type: source.type,
+                  variable: 'direct',
+                  line: lineNum,
+                  code: line.trim()
+                },
+                sink: {
+                  type: sink.type,
+                  line: lineNum,
+                  code: line.trim(),
+                  threatType: sink.threatType,
+                  severity: sink.severity
+                },
+                propagation: [],
+                confidence: 95 // High confidence for direct flows
+              });
+            }
+          }
+        }
+      }
+    }
+    // Deduplicate flows
+    return this.deduplicateFlows(flows);
+  }
+  /**
+   * Calculate confidence score for a taint flow
+   */
+  private calculateConfidence(
+    taintInfo: TaintedVariable,
+    sink: TaintSink,
+    sinkLine: number
+  ): number {
+    let confidence = 70; // Base confidence
+    // Higher confidence for shorter flows
+    const distance = Math.abs(sinkLine - taintInfo.sourceLine);
+    if (distance < 5) confidence += 15;
+    else if (distance < 20) confidence += 10;
+    else if (distance > 100) confidence -= 10;
+    // Higher confidence for fewer propagation steps
+    if (taintInfo.assignments.length === 0) confidence += 10;
+    else if (taintInfo.assignments.length > 5) confidence -= 15;
+    // Adjust based on sink severity
+    if (sink.severity === Severity.CRITICAL) confidence += 5;
+    // Cap confidence
+    return Math.max(50, Math.min(100, confidence));
+  }
+  /**
+   * Remove duplicate flows
+   */
+  private deduplicateFlows(flows: TaintFlow[]): TaintFlow[] {
+    const seen = new Set<string>();
+    return flows.filter(flow => {
+      const key = `${flow.source.type}:${flow.source.line}:${flow.sink.type}:${flow.sink.line}`;
+      if (seen.has(key)) return false;
+      seen.add(key);
+      return true;
+    });
+  }
+  /**
+   * Get human-readable description for a source type
+   */
+  static getSourceDescription(sourceType: string): string {
+    const source = TAINT_SOURCES.find(s => s.type === sourceType);
+    return source?.description || 'User-controlled input';
+  }
+  /**
+   * Get sink information
+   */
+  static getSinkInfo(sinkType: string): TaintSink | undefined {
+    return TAINT_SINKS.find(s => s.type === sinkType);
+  }
+}
+export default TaintAnalyzer;

package/src/analyzers/php/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * PHP Analyzer Exports
+ */
+export * from './phpAnalyzer';