supasec 1.0.0

package/dist/scanners/rls/analyzer.js

@@ -0,0 +1,519 @@
+"use strict";
+/**
+ * RLS Policy Analyzer
+ * Analyzes Row Level Security policies for vulnerabilities
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeRLS = analyzeRLS;
+const finding_js_1 = require("../../models/finding.js");
+/**
+ * Analyze RLS configuration for security issues
+ */
+async function analyzeRLS(options) {
+    const findings = [];
+    let findingCounter = 1;
+    // Check each table for RLS issues
+    for (const table of options.tables) {
+        const tableFindings = analyzeTable(table, options.policies, findingCounter);
+        findings.push(...tableFindings.findings);
+        findingCounter = tableFindings.nextCounter;
+    }
+    // Check for overly permissive policies
+    const policyFindings = analyzePolicies(options.policies, findingCounter);
+    findings.push(...policyFindings.findings);
+    findingCounter = policyFindings.nextCounter;
+    return {
+        findings,
+        tablesScanned: options.tables.length,
+        policiesScanned: options.policies.length
+    };
+}
+/**
+ * Analyze a single table for RLS issues
+ */
+function analyzeTable(table, allPolicies, startCounter) {
+    const findings = [];
+    let counter = startCounter;
+    // Get policies for this table
+    const tablePolicies = allPolicies.filter(p => p.table === table.name && p.schema === table.schema);
+    // Check if RLS is enabled
+    if (!table.hasRLSEnabled) {
+        findings.push(createNoRLSFinding(table, counter++));
+    }
+    // Check for sensitive columns
+    const sensitiveColumns = detectSensitiveColumns(table.columns);
+    if (sensitiveColumns.length > 0 && !table.hasRLSEnabled) {
+        findings.push(createSensitiveDataFinding(table, sensitiveColumns, counter++));
+    }
+    // Check for missing policies
+    if (table.hasRLSEnabled && tablePolicies.length === 0) {
+        findings.push(createNoPolicyFinding(table, counter++));
+    }
+    // Check for bypass policies
+    for (const policy of tablePolicies) {
+        if (isBypassPolicy(policy)) {
+            findings.push(createBypassPolicyFinding(table, policy, counter++));
+        }
+    }
+    return { findings, nextCounter: counter };
+}
+/**
+ * Analyze policies for security issues
+ */
+function analyzePolicies(policies, startCounter) {
+    const findings = [];
+    let counter = startCounter;
+    for (const policy of policies) {
+        // Check for missing user isolation
+        if (!hasUserIsolation(policy)) {
+            findings.push(createNoIsolationFinding(policy, counter++));
+        }
+        // Check for overly broad roles
+        if (policy.roles.includes('public') || policy.roles.includes('anon')) {
+            findings.push(createPublicRoleFinding(policy, counter++));
+        }
+    }
+    return { findings, nextCounter: counter };
+}
+/**
+ * Detect sensitive columns in a table
+ */
+function detectSensitiveColumns(columns) {
+    const sensitivePatterns = [
+        /email/i,
+        /phone/i,
+        /password/i,
+        /secret/i,
+        /token/i,
+        /ssn/i,
+        /social/i,
+        /credit/i,
+        /card/i,
+        /payment/i,
+        /address/i,
+        /name/i,
+        /birth/i,
+        /dob/i,
+        /passport/i,
+        /license/i
+    ];
+    return columns.filter(col => sensitivePatterns.some(pattern => pattern.test(col.name)));
+}
+/**
+ * Check if a policy is a bypass policy (allows everything)
+ */
+function isBypassPolicy(policy) {
+    const bypassPatterns = [
+        /^\s*true\s*$/i,
+        /^\s*1\s*=\s*1\s*$/i,
+        /^\s*'[^']*'\s*=\s*'[^']*'\s*$/i
+    ];
+    const expression = policy.usingExpression || policy.withCheckExpression || '';
+    return bypassPatterns.some(pattern => pattern.test(expression));
+}
+/**
+ * Check if a policy has user isolation
+ */
+function hasUserIsolation(policy) {
+    const isolationPatterns = [
+        /auth\.uid\(\)/i,
+        /auth\.jwt\(\)/i,
+        /current_user/i,
+        /user_id/i
+    ];
+    const expression = policy.usingExpression || policy.withCheckExpression || '';
+    return isolationPatterns.some(pattern => pattern.test(expression));
+}
+/**
+ * Create finding for missing RLS
+ */
+function createNoRLSFinding(table, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('rls', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'CRITICAL',
+        category: 'rls',
+        subcategory: 'rls_disabled',
+        title: `Table '${table.name}' has RLS disabled`,
+        description: `The table '${table.name}' does not have Row Level Security enabled. All data in this table is accessible to anyone with the anon key.`,
+        location: {
+            table: `${table.schema}.${table.name}`
+        },
+        evidence: {
+            table_name: table.name,
+            schema: table.schema,
+            row_count: table.rowCount,
+            rls_enabled: false
+        },
+        impact: {
+            severity_score: 9.5,
+            description: `Complete exposure of ${table.rowCount} records in table '${table.name}'`,
+            affected_resources: [`${table.schema}.${table.name}`],
+            compliance_violations: ['GDPR-Article-32', 'SOC2-CC6.1']
+        },
+        remediation: {
+            summary: `Enable Row Level Security on table '${table.name}'`,
+            priority: 'IMMEDIATE',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: `Enable RLS on ${table.name}`,
+                    sql: `ALTER TABLE ${table.schema}.${table.name} ENABLE ROW LEVEL SECURITY;`
+                },
+                {
+                    order: 2,
+                    action: 'Create a policy to restrict access',
+                    sql: `CREATE POLICY "Users can only access own data"
+  ON ${table.schema}.${table.name}
+  FOR SELECT
+  USING (auth.uid() = user_id);`
+                }
+            ],
+            sql: `-- Enable RLS on ${table.name}
+ALTER TABLE ${table.schema}.${table.name} ENABLE ROW LEVEL SECURITY;
+
+-- Create basic user isolation policy
+CREATE POLICY "Users can only access own data"
+  ON ${table.schema}.${table.name}
+  FOR SELECT
+  USING (auth.uid() = user_id);
+
+-- Create policy for inserts
+CREATE POLICY "Users can only insert own data"
+  ON ${table.schema}.${table.name}
+  FOR INSERT
+  WITH CHECK (auth.uid() = user_id);
+
+-- Create policy for updates
+CREATE POLICY "Users can only update own data"
+  ON ${table.schema}.${table.name}
+  FOR UPDATE
+  USING (auth.uid() = user_id)
+  WITH CHECK (auth.uid() = user_id);`,
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'Row Level Security Documentation',
+                url: 'https://supabase.com/docs/guides/auth/row-level-security'
+            },
+            {
+                title: 'OWASP A01:2021 - Broken Access Control',
+                url: 'https://owasp.org/Top10/A01_2021-Broken_Access_Control/'
+            }
+        ],
+        false_positive_likelihood: 'VERY_LOW',
+        confidence: 1.0
+    };
+}
+/**
+ * Create finding for sensitive data without RLS
+ */
+function createSensitiveDataFinding(table, sensitiveColumns, counter) {
+    const columnNames = sensitiveColumns.map(c => c.name).join(', ');
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('rls', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'CRITICAL',
+        category: 'rls',
+        subcategory: 'sensitive_data_exposed',
+        title: `Sensitive data in '${table.name}' without RLS protection`,
+        description: `Table '${table.name}' contains sensitive columns (${columnNames}) but does not have Row Level Security enabled.`,
+        location: {
+            table: `${table.schema}.${table.name}`
+        },
+        evidence: {
+            table_name: table.name,
+            sensitive_columns: sensitiveColumns.map(c => c.name),
+            row_count: table.rowCount
+        },
+        impact: {
+            severity_score: 10.0,
+            description: `PII/PCI data exposure - GDPR/CCPA violation risk`,
+            affected_resources: [`${table.schema}.${table.name}`],
+            compliance_violations: ['GDPR-Article-32', 'CCPA-§1798.100', 'PCI-DSS-3.2']
+        },
+        remediation: {
+            summary: `Enable RLS immediately and restrict access to sensitive data`,
+            priority: 'IMMEDIATE',
+            effort: 'MEDIUM',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Enable RLS on the table',
+                    sql: `ALTER TABLE ${table.schema}.${table.name} ENABLE ROW LEVEL SECURITY;`
+                },
+                {
+                    order: 2,
+                    action: 'Create restrictive policies',
+                    sql: `CREATE POLICY "Restrict sensitive data access"
+  ON ${table.schema}.${table.name}
+  FOR SELECT
+  USING (auth.uid() = user_id);`
+                }
+            ],
+            sql: `-- Enable RLS and create policies for ${table.name}
+ALTER TABLE ${table.schema}.${table.name} ENABLE ROW LEVEL SECURITY;
+
+-- Restrict access to user's own data
+CREATE POLICY "Users can only access own data"
+  ON ${table.schema}.${table.name}
+  FOR ALL
+  USING (auth.uid() = user_id)
+  WITH CHECK (auth.uid() = user_id);`,
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'Row Level Security Documentation',
+                url: 'https://supabase.com/docs/guides/auth/row-level-security'
+            },
+            {
+                title: 'GDPR Article 32 - Security of Processing',
+                url: 'https://gdpr-info.eu/art-32-gdpr/'
+            }
+        ],
+        false_positive_likelihood: 'VERY_LOW',
+        confidence: 1.0
+    };
+}
+/**
+ * Create finding for no policies
+ */
+function createNoPolicyFinding(table, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('rls', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'HIGH',
+        category: 'rls',
+        subcategory: 'no_policies',
+        title: `Table '${table.name}' has no RLS policies`,
+        description: `RLS is enabled on '${table.name}' but no policies are defined. No one can access the data.`,
+        location: {
+            table: `${table.schema}.${table.name}`
+        },
+        evidence: {
+            table_name: table.name,
+            rls_enabled: true,
+            policy_count: 0
+        },
+        impact: {
+            severity_score: 6.0,
+            description: 'Application functionality may be broken - no data access possible',
+            affected_resources: [`${table.schema}.${table.name}`]
+        },
+        remediation: {
+            summary: `Create RLS policies for table '${table.name}'`,
+            priority: 'HIGH',
+            effort: 'MEDIUM',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Create SELECT policy',
+                    sql: `CREATE POLICY "Enable read access"
+  ON ${table.schema}.${table.name}
+  FOR SELECT
+  USING (true);`
+                }
+            ],
+            sql: `-- Create basic policies for ${table.name}
+CREATE POLICY "Enable read access for all users"
+  ON ${table.schema}.${table.name}
+  FOR SELECT
+  USING (true);
+
+CREATE POLICY "Enable insert for authenticated users only"
+  ON ${table.schema}.${table.name}
+  FOR INSERT
+  WITH CHECK (auth.role() = 'authenticated');`,
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'Creating RLS Policies',
+                url: 'https://supabase.com/docs/guides/auth/row-level-security#policies'
+            }
+        ],
+        false_positive_likelihood: 'LOW',
+        confidence: 0.95
+    };
+}
+/**
+ * Create finding for bypass policy
+ */
+function createBypassPolicyFinding(table, policy, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('rls', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'CRITICAL',
+        category: 'rls',
+        subcategory: 'bypass_policy',
+        title: `Bypass policy detected on '${table.name}'`,
+        description: `Policy '${policy.name}' uses a permissive expression that allows all access.`,
+        location: {
+            table: `${table.schema}.${table.name}`
+        },
+        evidence: {
+            policy_name: policy.name,
+            expression: policy.usingExpression || policy.withCheckExpression,
+            command: policy.command
+        },
+        impact: {
+            severity_score: 9.0,
+            description: 'Policy allows unrestricted access - effectively disables RLS',
+            affected_resources: [`${table.schema}.${table.name}`],
+            compliance_violations: ['SOC2-CC6.1']
+        },
+        remediation: {
+            summary: `Replace bypass policy with proper user isolation`,
+            priority: 'IMMEDIATE',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Drop the bypass policy',
+                    sql: `DROP POLICY IF EXISTS "${policy.name}" ON ${table.schema}.${table.name};`
+                },
+                {
+                    order: 2,
+                    action: 'Create proper policy with user isolation',
+                    sql: `CREATE POLICY "User isolation"
+  ON ${table.schema}.${table.name}
+  FOR ${policy.command}
+  USING (auth.uid() = user_id);`
+                }
+            ],
+            sql: `-- Replace bypass policy on ${table.name}
+DROP POLICY IF EXISTS "${policy.name}" ON ${table.schema}.${table.name};
+
+-- Create proper user isolation policy
+CREATE POLICY "User data isolation"
+  ON ${table.schema}.${table.name}
+  FOR ${policy.command}
+  USING (auth.uid() = user_id)
+  WITH CHECK (auth.uid() = user_id);`,
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'RLS Policy Expressions',
+                url: 'https://supabase.com/docs/guides/auth/row-level-security#policy-expressions'
+            }
+        ],
+        false_positive_likelihood: 'LOW',
+        confidence: 0.95
+    };
+}
+/**
+ * Create finding for missing user isolation
+ */
+function createNoIsolationFinding(policy, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('rls', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'HIGH',
+        category: 'rls',
+        subcategory: 'no_user_isolation',
+        title: `Policy '${policy.name}' lacks user isolation`,
+        description: `The policy does not verify user identity, potentially allowing users to access other users' data.`,
+        location: {
+            table: `${policy.schema}.${policy.table}`
+        },
+        evidence: {
+            policy_name: policy.name,
+            using_expression: policy.usingExpression,
+            with_check_expression: policy.withCheckExpression
+        },
+        impact: {
+            severity_score: 7.5,
+            description: 'IDOR vulnerability - users may access other users\' data',
+            affected_resources: [`${policy.schema}.${policy.table}`],
+            compliance_violations: ['OWASP-A01-2021']
+        },
+        remediation: {
+            summary: `Add user isolation to policy '${policy.name}'`,
+            priority: 'HIGH',
+            effort: 'MEDIUM',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Review the policy and add user isolation',
+                    sql: `-- Example: Add user isolation
+ALTER POLICY "${policy.name}"
+  ON ${policy.schema}.${policy.table}
+  USING (auth.uid() = user_id);`
+                }
+            ],
+            sql: `-- Update policy to include user isolation
+DROP POLICY IF EXISTS "${policy.name}" ON ${policy.schema}.${policy.table};
+
+CREATE POLICY "${policy.name}_with_isolation"
+  ON ${policy.schema}.${policy.table}
+  FOR ${policy.command}
+  USING (auth.uid() = user_id)
+  WITH CHECK (auth.uid() = user_id);`,
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'User Isolation with RLS',
+                url: 'https://supabase.com/docs/guides/auth/row-level-security#authenticated-users'
+            }
+        ],
+        false_positive_likelihood: 'MEDIUM',
+        confidence: 0.8
+    };
+}
+/**
+ * Create finding for public role
+ */
+function createPublicRoleFinding(policy, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('rls', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'MEDIUM',
+        category: 'rls',
+        subcategory: 'public_role',
+        title: `Policy '${policy.name}' grants access to public/anonymous users`,
+        description: `The policy allows access to public or anonymous users. Ensure this is intentional.`,
+        location: {
+            table: `${policy.schema}.${policy.table}`
+        },
+        evidence: {
+            policy_name: policy.name,
+            roles: policy.roles,
+            command: policy.command
+        },
+        impact: {
+            severity_score: 5.0,
+            description: 'Anonymous users may access data - verify this is intended',
+            affected_resources: [`${policy.schema}.${policy.table}`]
+        },
+        remediation: {
+            summary: `Review if public access is required for '${policy.name}'`,
+            priority: 'MEDIUM',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'If public access is not needed, restrict to authenticated users',
+                    sql: `-- Restrict to authenticated users
+ALTER POLICY "${policy.name}"
+  ON ${policy.schema}.${policy.table}
+  TO authenticated;`
+                }
+            ],
+            auto_fixable: false
+        },
+        references: [
+            {
+                title: 'RLS Policy Roles',
+                url: 'https://supabase.com/docs/guides/auth/row-level-security#policy-roles'
+            }
+        ],
+        false_positive_likelihood: 'MEDIUM',
+        confidence: 0.7
+    };
+}
+//# sourceMappingURL=analyzer.js.map

package/dist/scanners/rls/analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../../../src/scanners/rls/analyzer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AA8CH,gCAqBC;AAjED,wDAAqE;AAyCrE;;GAEG;AACI,KAAK,UAAU,UAAU,CAAC,OAAuB;IACtD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,kCAAkC;IAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnC,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAC5E,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACzC,cAAc,GAAG,aAAa,CAAC,WAAW,CAAC;IAC7C,CAAC;IAED,uCAAuC;IACvC,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACzE,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,cAAc,GAAG,cAAc,CAAC,WAAW,CAAC;IAE5C,OAAO;QACL,QAAQ;QACR,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;QACpC,eAAe,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM;KACzC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CACnB,KAAgB,EAChB,WAAyB,EACzB,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,YAAY,CAAC;IAE3B,8BAA8B;IAC9B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC3C,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CACpD,CAAC;IAEF,0BAA0B;IAC1B,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,8BAA8B;IAC9B,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAChF,CAAC;IAED,6BAA6B;IAC7B,IAAI,KAAK,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,QAAsB,EACtB,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,YAAY,CAAC;IAE3B,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,mCAAmC;QACnC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,+BAA+B;QAC/B,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrE,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAqB;IACnD,MAAM,iBAAiB,GAAG;QACxB,QAAQ;QACR,QAAQ;QACR,WAAW;QACX,SAAS;QACT,QAAQ;QACR,MAAM;QACN,SAAS;QACT,SAAS;QACT,OAAO;QACP,UAAU;QACV,UAAU;QACV,OAAO;QACP,QAAQ;QACR,MAAM;QACN,WAAW;QACX,UAAU;KACX,CAAC;IAEF,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC1B,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAC1D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAkB;IACxC,MAAM,cAAc,GAAG;QACrB,eAAe;QACf,oBAAoB;QACpB,gCAAgC;KACjC,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,mBAAmB,IAAI,EAAE,CAAC;IAC9E,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAkB;IAC1C,MAAM,iBAAiB,GAAG;QACxB,gBAAgB;QAChB,gBAAgB;QAChB,eAAe;QACf,UAAU;KACX,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,mBAAmB,IAAI,EAAE,CAAC;IAC9E,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAgB,EAAE,OAAe;IAC3D,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,cAAc;QAC3B,KAAK,EAAE,UAAU,KAAK,CAAC,IAAI,oBAAoB;QAC/C,WAAW,EAAE,cAAc,KAAK,CAAC,IAAI,+GAA+G;QACpJ,QAAQ,EAAE;YACR,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;SACvC;QACD,QAAQ,EAAE;YACR,UAAU,EAAE,KAAK,CAAC,IAAI;YACtB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS,EAAE,KAAK,CAAC,QAAQ;YACzB,WAAW,EAAE,KAAK;SACnB;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,wBAAwB,KAAK,CAAC,QAAQ,sBAAsB,KAAK,CAAC,IAAI,GAAG;YACtF,kBAAkB,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACrD,qBAAqB,EAAE,CAAC,iBAAiB,EAAE,YAAY,CAAC;SACzD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,uCAAuC,KAAK,CAAC,IAAI,GAAG;YAC7D,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,iBAAiB,KAAK,CAAC,IAAI,EAAE;oBACrC,GAAG,EAAE,eAAe,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,6BAA6B;iBAC5E;gBACD;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,oCAAoC;oBAC5C,GAAG,EAAE;OACR,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;gCAED;iBACvB;aACF;YACD,GAAG,EAAE,oBAAoB,KAAK,CAAC,IAAI;cAC3B,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;;OAIjC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;;;;OAM1B,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;;;;OAM1B,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;qCAGI;YAC/B,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,kCAAkC;gBACzC,GAAG,EAAE,0DAA0D;aAChE;YACD;gBACE,KAAK,EAAE,wCAAwC;gBAC/C,GAAG,EAAE,yDAAyD;aAC/D;SACF;QACD,yBAAyB,EAAE,UAAU;QACrC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,KAAgB,EAChB,gBAA8B,EAC9B,OAAe;IAEf,MAAM,WAAW,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjE,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,wBAAwB;QACrC,KAAK,EAAE,sBAAsB,KAAK,CAAC,IAAI,0BAA0B;QACjE,WAAW,EAAE,UAAU,KAAK,CAAC,IAAI,iCAAiC,WAAW,iDAAiD;QAC9H,QAAQ,EAAE;YACR,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;SACvC;QACD,QAAQ,EAAE;YACR,UAAU,EAAE,KAAK,CAAC,IAAI;YACtB,iBAAiB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACpD,SAAS,EAAE,KAAK,CAAC,QAAQ;SAC1B;QACD,MAAM,EAAE;YACN,cAAc,EAAE,IAAI;YACpB,WAAW,EAAE,kDAAkD;YAC/D,kBAAkB,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACrD,qBAAqB,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,CAAC;SAC5E;QACD,WAAW,EAAE;YACX,OAAO,EAAE,8DAA8D;YACvE,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,yBAAyB;oBACjC,GAAG,EAAE,eAAe,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,6BAA6B;iBAC5E;gBACD;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,6BAA6B;oBACrC,GAAG,EAAE;OACR,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;gCAED;iBACvB;aACF;YACD,GAAG,EAAE,yCAAyC,KAAK,CAAC,IAAI;cAChD,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;;OAIjC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;qCAGI;YAC/B,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,kCAAkC;gBACzC,GAAG,EAAE,0DAA0D;aAChE;YACD;gBACE,KAAK,EAAE,0CAA0C;gBACjD,GAAG,EAAE,mCAAmC;aACzC;SACF;QACD,yBAAyB,EAAE,UAAU;QACrC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,KAAgB,EAAE,OAAe;IAC9D,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,aAAa;QAC1B,KAAK,EAAE,UAAU,KAAK,CAAC,IAAI,uBAAuB;QAClD,WAAW,EAAE,sBAAsB,KAAK,CAAC,IAAI,4DAA4D;QACzG,QAAQ,EAAE;YACR,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;SACvC;QACD,QAAQ,EAAE;YACR,UAAU,EAAE,KAAK,CAAC,IAAI;YACtB,WAAW,EAAE,IAAI;YACjB,YAAY,EAAE,CAAC;SAChB;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,mEAAmE;YAChF,kBAAkB,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;SACtD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,kCAAkC,KAAK,CAAC,IAAI,GAAG;YACxD,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,sBAAsB;oBAC9B,GAAG,EAAE;OACR,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;gBAEjB;iBACP;aACF;YACD,GAAG,EAAE,gCAAgC,KAAK,CAAC,IAAI;;OAE9C,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;;;OAK1B,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;8CAEa;YACxC,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,uBAAuB;gBAC9B,GAAG,EAAE,mEAAmE;aACzE;SACF;QACD,yBAAyB,EAAE,KAAK;QAChC,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,KAAgB,EAAE,MAAkB,EAAE,OAAe;IACtF,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,eAAe;QAC5B,KAAK,EAAE,8BAA8B,KAAK,CAAC,IAAI,GAAG;QAClD,WAAW,EAAE,WAAW,MAAM,CAAC,IAAI,wDAAwD;QAC3F,QAAQ,EAAE;YACR,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;SACvC;QACD,QAAQ,EAAE;YACR,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,UAAU,EAAE,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,mBAAmB;YAChE,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,8DAA8D;YAC3E,kBAAkB,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACrD,qBAAqB,EAAE,CAAC,YAAY,CAAC;SACtC;QACD,WAAW,EAAE;YACX,OAAO,EAAE,kDAAkD;YAC3D,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,wBAAwB;oBAChC,GAAG,EAAE,0BAA0B,MAAM,CAAC,IAAI,QAAQ,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,GAAG;iBAChF;gBACD;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,0CAA0C;oBAClD,GAAG,EAAE;OACR,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;QACzB,MAAM,CAAC,OAAO;gCACU;iBACvB;aACF;YACD,GAAG,EAAE,+BAA+B,KAAK,CAAC,IAAI;yBAC3B,MAAM,CAAC,IAAI,QAAQ,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;;;;OAI/D,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI;QACzB,MAAM,CAAC,OAAO;;qCAEe;YAC/B,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,wBAAwB;gBAC/B,GAAG,EAAE,6EAA6E;aACnF;SACF;QACD,yBAAyB,EAAE,KAAK;QAChC,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAkB,EAAE,OAAe;IACnE,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,mBAAmB;QAChC,KAAK,EAAE,WAAW,MAAM,CAAC,IAAI,wBAAwB;QACrD,WAAW,EAAE,mGAAmG;QAChH,QAAQ,EAAE;YACR,KAAK,EAAE,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,EAAE;SAC1C;QACD,QAAQ,EAAE;YACR,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,gBAAgB,EAAE,MAAM,CAAC,eAAe;YACxC,qBAAqB,EAAE,MAAM,CAAC,mBAAmB;SAClD;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,0DAA0D;YACvE,kBAAkB,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACxD,qBAAqB,EAAE,CAAC,gBAAgB,CAAC;SAC1C;QACD,WAAW,EAAE;YACX,OAAO,EAAE,iCAAiC,MAAM,CAAC,IAAI,GAAG;YACxD,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,0CAA0C;oBAClD,GAAG,EAAE;gBACC,MAAM,CAAC,IAAI;OACpB,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK;gCACJ;iBACvB;aACF;YACD,GAAG,EAAE;yBACc,MAAM,CAAC,IAAI,QAAQ,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK;;iBAExD,MAAM,CAAC,IAAI;OACrB,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK;QAC5B,MAAM,CAAC,OAAO;;qCAEe;YAC/B,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,yBAAyB;gBAChC,GAAG,EAAE,8EAA8E;aACpF;SACF;QACD,yBAAyB,EAAE,QAAQ;QACnC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,MAAkB,EAAE,OAAe;IAClE,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,KAAK,EAAE,OAAO,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,aAAa;QAC1B,KAAK,EAAE,WAAW,MAAM,CAAC,IAAI,2CAA2C;QACxE,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE;YACR,KAAK,EAAE,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,EAAE;SAC1C;QACD,QAAQ,EAAE;YACR,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,2DAA2D;YACxE,kBAAkB,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;SACzD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,4CAA4C,MAAM,CAAC,IAAI,GAAG;YACnE,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,iEAAiE;oBACzE,GAAG,EAAE;gBACC,MAAM,CAAC,IAAI;OACpB,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK;oBAChB;iBACX;aACF;YACD,YAAY,EAAE,KAAK;SACpB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,kBAAkB;gBACzB,GAAG,EAAE,uEAAuE;aAC7E;SACF;QACD,yBAAyB,EAAE,QAAQ;QACnC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC"}

package/dist/scanners/rls/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * RLS Scanner Module
+ * Export all RLS analysis functionality
+ */
+export * from './analyzer.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/rls/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/rls/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,eAAe,CAAC"}

package/dist/scanners/rls/index.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * RLS Scanner Module
+ * Export all RLS analysis functionality
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./analyzer.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/scanners/rls/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/rls/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,gDAA8B"}

package/dist/scanners/secrets/detector.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Secrets Detector
+ * Main scanner module for detecting exposed secrets in frontend bundles
+ */
+import { Finding } from '../../models/finding.js';
+export interface SecretsScanOptions {
+    content: string;
+    sourceUrl: string;
+    sourceType: 'javascript' | 'html' | 'sourcemap' | 'env';
+}
+export interface SecretsScanResult {
+    findings: Finding[];
+    scannedBytes: number;
+    scanDurationMs: number;
+}
+/**
+ * Scan content for exposed secrets
+ */
+export declare function scanForSecrets(options: SecretsScanOptions): Promise<SecretsScanResult>;
+/**
+ * Scan JavaScript bundle for secrets
+ */
+export declare function scanJavaScriptBundle(jsContent: string, url: string): Promise<SecretsScanResult>;
+/**
+ * Scan HTML content for secrets
+ */
+export declare function scanHTML(htmlContent: string, url: string): Promise<SecretsScanResult>;
+/**
+ * Scan source map for secrets
+ */
+export declare function scanSourceMap(sourceMapContent: string, url: string): Promise<SecretsScanResult>;
+//# sourceMappingURL=detector.d.ts.map

package/dist/scanners/secrets/detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../../src/scanners/secrets/detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAyC,MAAM,yBAAyB,CAAC;AAGzF,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,YAAY,GAAG,MAAM,GAAG,WAAW,GAAG,KAAK,CAAC;CACzD;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAsB5F;AA8MD;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAMrG;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAM3F;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAMrG"}