vaspera 2.10.1 → 2.12.0

package/dist/scanners/detection/__tests__/detection.test.js

@@ -0,0 +1,265 @@
+/**
+ * Detection Engine Tests
+ */
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm, writeFile, mkdir } from "fs/promises";
+import { join } from "path";
+import { tmpdir } from "os";
+import { runDetection, getBuiltinRules, getBuiltinRuleById, getBuiltinRulesByCategory, listAvailableRules, getDetectionCategories, BUILTIN_RULES, } from "../index.js";
+import { queryAST } from "../engines/ast-query.js";
+import { analyzeDataFlow } from "../engines/data-flow.js";
+import { createRule, loadRuleFromYAML, RuleValidationError } from "../rules/loader.js";
+describe("Detection Engine", () => {
+    let tempDir;
+    beforeEach(async () => {
+        tempDir = await mkdtemp(join(tmpdir(), `detection-test-${Math.random().toString(36).slice(2, 8)}-`));
+    });
+    afterEach(async () => {
+        await rm(tempDir, { recursive: true, force: true });
+    });
+    describe("Built-in Rules", () => {
+        it("has all expected built-in rules", () => {
+            const rules = getBuiltinRules();
+            expect(rules.length).toBeGreaterThan(0);
+            const categories = new Set(rules.map((r) => r.category));
+            expect(categories.has("idor")).toBe(true);
+            expect(categories.has("ssrf")).toBe(true);
+            expect(categories.has("sql-injection")).toBe(true);
+        });
+        it("can retrieve rule by ID", () => {
+            const rule = getBuiltinRuleById("vaspera:idor:user-controlled-id");
+            expect(rule).toBeDefined();
+            expect(rule?.name).toContain("User-Controlled ID");
+        });
+        it("can retrieve rules by category", () => {
+            const idorRules = getBuiltinRulesByCategory("idor");
+            expect(idorRules.length).toBeGreaterThan(0);
+            expect(idorRules.every((r) => r.category === "idor")).toBe(true);
+        });
+        it("lists available rules with metadata", () => {
+            const list = listAvailableRules();
+            expect(list.length).toBe(BUILTIN_RULES.length);
+            expect(list[0]).toHaveProperty("id");
+            expect(list[0]).toHaveProperty("name");
+            expect(list[0]).toHaveProperty("category");
+            expect(list[0]).toHaveProperty("severity");
+        });
+        it("returns detection categories", () => {
+            const categories = getDetectionCategories();
+            expect(categories).toContain("idor");
+            expect(categories).toContain("ssrf");
+            expect(categories).toContain("xss");
+        });
+    });
+    describe("Rule Loader", () => {
+        it("creates a valid rule programmatically", () => {
+            const rule = createRule({
+                id: "test:custom:rule",
+                name: "Custom Test Rule",
+                description: "A test rule",
+                category: "test",
+                severity: "medium",
+                confidence: 75,
+                engines: {
+                    astQuery: { pattern: "test($arg)" },
+                },
+            });
+            expect(rule.id).toBe("test:custom:rule");
+            expect(rule.enabled).toBe(true);
+        });
+        it("loads rule from YAML", async () => {
+            const yamlContent = `
+id: test:yaml:rule
+name: YAML Test Rule
+description: A rule loaded from YAML
+category: test
+severity: high
+confidence: 80
+engines:
+  astQuery:
+    pattern: "dangerousFunction($input)"
+cweIds:
+  - CWE-123
+`;
+            const yamlPath = join(tempDir, "test-rule.yaml");
+            await writeFile(yamlPath, yamlContent, "utf-8");
+            const rule = await loadRuleFromYAML(yamlPath);
+            expect(rule.id).toBe("test:yaml:rule");
+            expect(rule.severity).toBe("high");
+            expect(rule.cweIds).toContain("CWE-123");
+        });
+        it("throws on invalid rule", () => {
+            expect(() => createRule({
+                id: "test:invalid",
+                name: "Invalid",
+                description: "Missing engines",
+                category: "test",
+                severity: "high",
+                confidence: 80,
+                engines: {},
+            })).toThrow(RuleValidationError);
+        });
+    });
+    describe("AST Query Engine", () => {
+        it("matches function calls", async () => {
+            const code = `
+function handler(req: Request) {
+  const user = findById(req.params.id);
+  return user;
+}
+`;
+            const filePath = join(tempDir, "query-test.ts");
+            await writeFile(filePath, code, "utf-8");
+            const matches = await queryAST(filePath, {
+                pattern: "findById($id)",
+            });
+            expect(matches.length).toBeGreaterThan(0);
+            expect(matches[0].text).toContain("findById");
+        });
+        it("captures pattern variables", async () => {
+            const code = `
+fetch(userProvidedUrl);
+axios.get(req.body.callback);
+`;
+            const filePath = join(tempDir, "capture-test.ts");
+            await writeFile(filePath, code, "utf-8");
+            const matches = await queryAST(filePath, {
+                pattern: "fetch($url)",
+            });
+            expect(matches.length).toBeGreaterThan(0);
+        });
+    });
+    describe("Data Flow Engine", () => {
+        it("runs data flow analysis without error", async () => {
+            const code = `
+function handler(req: Request, res: Response) {
+  const userId = req.params.id;
+  const user = db.users.findById(userId);
+  return res.json(user);
+}
+`;
+            const filePath = join(tempDir, "dataflow-test.ts");
+            await writeFile(filePath, code, "utf-8");
+            const paths = await analyzeDataFlow(filePath, {
+                sources: [{ pattern: "req.params.$id" }],
+                sinks: [{ pattern: "findById($source)" }],
+            });
+            expect(Array.isArray(paths)).toBe(true);
+        });
+        it("respects sanitizers", async () => {
+            const code = `
+function handler(req: Request) {
+  const id = req.params.id;
+  const safeId = validateId(id);
+  return db.findById(safeId);
+}
+`;
+            const filePath = join(tempDir, "sanitized-test.ts");
+            await writeFile(filePath, code, "utf-8");
+            const paths = await analyzeDataFlow(filePath, {
+                sources: [{ pattern: "req.params.$id" }],
+                sinks: [{ pattern: "findById($source)" }],
+                sanitizers: [{ pattern: "validateId($input)" }],
+            });
+            expect(paths.filter((p) => !p.sanitized).length).toBe(0);
+        });
+    });
+    describe("Full Detection Run", () => {
+        it("runs detection on project", async () => {
+            const srcDir = join(tempDir, "src");
+            await mkdir(srcDir, { recursive: true });
+            const code = `
+export function getResource(req: Request) {
+  const id = req.params.id;
+  return db.resources.findById(id);
+}
+`;
+            await writeFile(join(srcDir, "handler.ts"), code, "utf-8");
+            const result = await runDetection({
+                projectPath: tempDir,
+                files: [join(srcDir, "handler.ts")],
+            });
+            expect(result.success).toBe(true);
+            expect(result.filesAnalyzed).toBe(1);
+            expect(result.rulesEvaluated).toBeGreaterThan(0);
+        });
+        it("returns empty for no matches", async () => {
+            const code = `
+export function safeFunction() {
+  return "hello world";
+}
+`;
+            const filePath = join(tempDir, "safe.ts");
+            await writeFile(filePath, code, "utf-8");
+            const result = await runDetection({
+                projectPath: tempDir,
+                files: [filePath],
+            });
+            expect(result.success).toBe(true);
+            expect(result.matches.length).toBe(0);
+        });
+        it("handles SSRF detection", async () => {
+            const code = `
+async function fetchWebhook(req: Request) {
+  const url = req.body.webhookUrl;
+  const response = await fetch(url);
+  return response.json();
+}
+`;
+            const filePath = join(tempDir, "ssrf.ts");
+            await writeFile(filePath, code, "utf-8");
+            const ssrfRules = getBuiltinRulesByCategory("ssrf");
+            const result = await runDetection({
+                projectPath: tempDir,
+                files: [filePath],
+                rules: ssrfRules,
+            });
+            expect(result.rulesEvaluated).toBe(ssrfRules.length);
+        });
+        it("handles SQL injection detection", async () => {
+            const code = `
+async function getUsers(req: Request) {
+  const name = req.query.name;
+  const result = await db.query(\`SELECT * FROM users WHERE name = '\${name}'\`);
+  return result;
+}
+`;
+            const filePath = join(tempDir, "sqli.ts");
+            await writeFile(filePath, code, "utf-8");
+            const sqliRules = getBuiltinRulesByCategory("sql-injection");
+            const result = await runDetection({
+                projectPath: tempDir,
+                files: [filePath],
+                rules: sqliRules,
+            });
+            expect(result.rulesEvaluated).toBe(sqliRules.length);
+        });
+    });
+    describe("Detection Match Format", () => {
+        it("includes required fields in matches", async () => {
+            const code = `
+function handler(req: Request) {
+  const url = req.body.url;
+  fetch(url);
+}
+`;
+            const filePath = join(tempDir, "match-format.ts");
+            await writeFile(filePath, code, "utf-8");
+            const result = await runDetection({
+                projectPath: tempDir,
+                files: [filePath],
+            });
+            if (result.matches.length > 0) {
+                const match = result.matches[0];
+                expect(match).toHaveProperty("ruleId");
+                expect(match).toHaveProperty("file");
+                expect(match).toHaveProperty("line");
+                expect(match).toHaveProperty("message");
+                expect(match).toHaveProperty("severity");
+                expect(match).toHaveProperty("confidence");
+                expect(match).toHaveProperty("category");
+            }
+        });
+    });
+});
+//# sourceMappingURL=detection.test.js.map

package/dist/scanners/detection/__tests__/detection.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detection.test.js","sourceRoot":"","sources":["../../../../src/scanners/detection/__tests__/detection.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EACL,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEvF,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,IAAI,OAAe,CAAC;IAEpB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvG,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;YAChC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAExC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACzD,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,IAAI,GAAG,kBAAkB,CAAC,iCAAiC,CAAC,CAAC;YACnE,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,SAAS,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;YACpD,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,IAAI,GAAG,kBAAkB,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,UAAU,GAAG,sBAAsB,EAAE,CAAC;YAC5C,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,IAAI,GAAG,UAAU,CAAC;gBACtB,EAAE,EAAE,kBAAkB;gBACtB,IAAI,EAAE,kBAAkB;gBACxB,WAAW,EAAE,aAAa;gBAC1B,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE;oBACP,QAAQ,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;iBACpC;aACF,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;YACpC,MAAM,WAAW,GAAG;;;;;;;;;;;;CAYzB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACjD,MAAM,SAAS,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;YAEhD,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC9C,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,GAAG,EAAE,CACV,UAAU,CAAC;gBACT,EAAE,EAAE,cAAc;gBAClB,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,iBAAiB;gBAC9B,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,EAAE;aACL,CAAC,CACV,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,IAAI,GAAG;;;;;CAKlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;YAChD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE;gBACvC,OAAO,EAAE,eAAe;aACzB,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,IAAI,GAAG;;;CAGlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;YAClD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE;gBACvC,OAAO,EAAE,aAAa;aACvB,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG;;;;;;CAMlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;YACnD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE;gBAC5C,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;gBACxC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;aAC1C,CAAC,CAAC;YAEH,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qBAAqB,EAAE,KAAK,IAAI,EAAE;YACnC,MAAM,IAAI,GAAG;;;;;;CAMlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE;gBAC5C,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;gBACxC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;gBACzC,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC;aAChD,CAAC,CAAC;YAEH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACzC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEzC,MAAM,IAAI,GAAG;;;;;CAKlB,CAAC;YACI,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAE3D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;gBAChC,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;aACpC,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,MAAM,IAAI,GAAG;;;;CAIlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;gBAChC,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,CAAC,QAAQ,CAAC;aAClB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,IAAI,GAAG;;;;;;CAMlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,SAAS,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;gBAChC,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,CAAC,QAAQ,CAAC;gBACjB,KAAK,EAAE,SAAS;aACjB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,IAAI,GAAG;;;;;;CAMlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,SAAS,GAAG,yBAAyB,CAAC,eAAe,CAAC,CAAC;YAC7D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;gBAChC,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,CAAC,QAAQ,CAAC;gBACjB,KAAK,EAAE,SAAS;aACjB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,IAAI,GAAG;;;;;CAKlB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;YAClD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;gBAChC,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,CAAC,QAAQ,CAAC;aAClB,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAChC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;gBACvC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;gBACxC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;gBACzC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;gBAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/scanners/detection/engines/ast-query.d.ts

@@ -0,0 +1,23 @@
+/**
+ * AST Query Engine
+ *
+ * Pattern-based AST matching using ts-morph for TypeScript/JavaScript.
+ * Supports parameterized patterns with capture groups.
+ *
+ * @module scanners/detection/engines/ast-query
+ */
+import { Node } from "ts-morph";
+import type { ASTQueryConfig, DetectionMatch, DetectionRule } from "../types.js";
+export interface ASTMatch {
+    node: Node;
+    file: string;
+    line: number;
+    column: number;
+    endLine: number;
+    endColumn: number;
+    text: string;
+    captures: Record<string, string>;
+}
+export declare function queryAST(filePath: string, config: ASTQueryConfig): Promise<ASTMatch[]>;
+export declare function runASTQueryEngine(projectPath: string, rules: DetectionRule[], files?: string[]): Promise<DetectionMatch[]>;
+//# sourceMappingURL=ast-query.d.ts.map

package/dist/scanners/detection/engines/ast-query.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ast-query.d.ts","sourceRoot":"","sources":["../../../../src/scanners/detection/engines/ast-query.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAW,IAAI,EAA0B,MAAM,UAAU,CAAC;AAIjE,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAOjF,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAmLD,wBAAsB,QAAQ,CAC5B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,QAAQ,EAAE,CAAC,CA+BrB;AAED,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,aAAa,EAAE,EACtB,KAAK,CAAC,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,cAAc,EAAE,CAAC,CAuC3B"}

package/dist/scanners/detection/engines/ast-query.js

@@ -0,0 +1,232 @@
+/**
+ * AST Query Engine
+ *
+ * Pattern-based AST matching using ts-morph for TypeScript/JavaScript.
+ * Supports parameterized patterns with capture groups.
+ *
+ * @module scanners/detection/engines/ast-query
+ */
+import { Project, Node } from "ts-morph";
+import { readFile } from "fs/promises";
+import { glob } from "glob";
+const project = new Project({
+    useInMemoryFileSystem: false,
+    skipFileDependencyResolution: true,
+});
+function parsePattern(pattern) {
+    const parts = [];
+    let i = 0;
+    while (i < pattern.length) {
+        if (pattern[i] === "$" && i + 1 < pattern.length) {
+            const start = i + 1;
+            let end = start;
+            while (end < pattern.length && /[a-zA-Z0-9_]/.test(pattern[end])) {
+                end++;
+            }
+            if (end > start) {
+                parts.push({ type: "capture", value: pattern.slice(start, end), name: pattern.slice(start, end) });
+                i = end;
+                continue;
+            }
+        }
+        if (pattern.slice(i, i + 3) === "...") {
+            parts.push({ type: "wildcard", value: "..." });
+            i += 3;
+            continue;
+        }
+        let literalEnd = i;
+        while (literalEnd < pattern.length && pattern[literalEnd] !== "$" && pattern.slice(literalEnd, literalEnd + 3) !== "...") {
+            literalEnd++;
+        }
+        if (literalEnd > i) {
+            parts.push({ type: "literal", value: pattern.slice(i, literalEnd) });
+            i = literalEnd;
+        }
+    }
+    return parts;
+}
+function matchPattern(text, parts) {
+    const captures = {};
+    let textIdx = 0;
+    for (let i = 0; i < parts.length; i++) {
+        const part = parts[i];
+        if (part.type === "literal") {
+            const literal = part.value.trim();
+            const remaining = text.slice(textIdx).trim();
+            if (!remaining.startsWith(literal)) {
+                return { matched: false, captures: {} };
+            }
+            textIdx = text.indexOf(literal, textIdx) + literal.length;
+        }
+        else if (part.type === "capture") {
+            const nextPart = parts[i + 1];
+            let endIdx;
+            if (!nextPart) {
+                endIdx = text.length;
+            }
+            else if (nextPart.type === "literal") {
+                const nextLiteral = nextPart.value.trim();
+                endIdx = text.indexOf(nextLiteral, textIdx);
+                if (endIdx === -1) {
+                    return { matched: false, captures: {} };
+                }
+            }
+            else {
+                endIdx = text.length;
+            }
+            const captured = text.slice(textIdx, endIdx).trim();
+            if (part.name) {
+                captures[part.name] = captured;
+            }
+            textIdx = endIdx;
+        }
+        else if (part.type === "wildcard") {
+            const nextPart = parts[i + 1];
+            if (!nextPart) {
+                textIdx = text.length;
+            }
+            else if (nextPart.type === "literal") {
+                const nextLiteral = nextPart.value.trim();
+                const idx = text.indexOf(nextLiteral, textIdx);
+                if (idx === -1) {
+                    return { matched: false, captures: {} };
+                }
+                textIdx = idx;
+            }
+        }
+    }
+    return { matched: true, captures };
+}
+function findCallExpressions(sourceFile, pattern) {
+    const matches = [];
+    const parts = parsePattern(pattern);
+    sourceFile.forEachDescendant((node) => {
+        if (Node.isCallExpression(node)) {
+            const text = node.getText();
+            const result = matchPattern(text, parts);
+            if (result.matched) {
+                matches.push({
+                    node,
+                    file: sourceFile.getFilePath(),
+                    line: node.getStartLineNumber(),
+                    column: node.getStartLinePos() - node.getStartLinePos(true) + 1,
+                    endLine: node.getEndLineNumber(),
+                    endColumn: node.getEnd() - node.getStartLinePos(true) + 1,
+                    text,
+                    captures: result.captures,
+                });
+            }
+        }
+    });
+    return matches;
+}
+function findPropertyAccess(sourceFile, pattern) {
+    const matches = [];
+    const parts = parsePattern(pattern);
+    sourceFile.forEachDescendant((node) => {
+        if (Node.isPropertyAccessExpression(node) || Node.isElementAccessExpression(node)) {
+            const text = node.getText();
+            const result = matchPattern(text, parts);
+            if (result.matched) {
+                matches.push({
+                    node,
+                    file: sourceFile.getFilePath(),
+                    line: node.getStartLineNumber(),
+                    column: node.getStartLinePos() - node.getStartLinePos(true) + 1,
+                    endLine: node.getEndLineNumber(),
+                    endColumn: node.getEnd() - node.getStartLinePos(true) + 1,
+                    text,
+                    captures: result.captures,
+                });
+            }
+        }
+    });
+    return matches;
+}
+function findAssignments(sourceFile, pattern) {
+    const matches = [];
+    const parts = parsePattern(pattern);
+    sourceFile.forEachDescendant((node) => {
+        if (Node.isBinaryExpression(node) && node.getOperatorToken().getText() === "=") {
+            const text = node.getText();
+            const result = matchPattern(text, parts);
+            if (result.matched) {
+                matches.push({
+                    node,
+                    file: sourceFile.getFilePath(),
+                    line: node.getStartLineNumber(),
+                    column: node.getStartLinePos() - node.getStartLinePos(true) + 1,
+                    endLine: node.getEndLineNumber(),
+                    endColumn: node.getEnd() - node.getStartLinePos(true) + 1,
+                    text,
+                    captures: result.captures,
+                });
+            }
+        }
+    });
+    return matches;
+}
+export async function queryAST(filePath, config) {
+    try {
+        const content = await readFile(filePath, "utf-8");
+        const sourceFile = project.createSourceFile(`query_${Date.now()}_${Math.random().toString(36).slice(2)}.ts`, content, { overwrite: true });
+        let matches = [];
+        const pattern = config.pattern;
+        if (pattern.includes("(") && pattern.includes(")")) {
+            matches = findCallExpressions(sourceFile, pattern);
+        }
+        else if (pattern.includes(".") || pattern.includes("[")) {
+            matches = findPropertyAccess(sourceFile, pattern);
+        }
+        else if (pattern.includes("=")) {
+            matches = findAssignments(sourceFile, pattern);
+        }
+        else {
+            matches = [
+                ...findCallExpressions(sourceFile, pattern),
+                ...findPropertyAccess(sourceFile, pattern),
+            ];
+        }
+        sourceFile.delete();
+        return matches.map((m) => ({ ...m, file: filePath }));
+    }
+    catch {
+        return [];
+    }
+}
+export async function runASTQueryEngine(projectPath, rules, files) {
+    const matches = [];
+    const targetFiles = files || (await glob("**/*.{ts,tsx,js,jsx}", {
+        cwd: projectPath,
+        ignore: ["**/node_modules/**", "**/dist/**", "**/build/**", "**/.git/**"],
+        absolute: true,
+    }));
+    for (const rule of rules) {
+        if (!rule.engines.astQuery)
+            continue;
+        const config = rule.engines.astQuery;
+        for (const file of targetFiles) {
+            const astMatches = await queryAST(file, config);
+            for (const match of astMatches) {
+                matches.push({
+                    ruleId: rule.id,
+                    file: match.file,
+                    line: match.line,
+                    column: match.column,
+                    endLine: match.endLine,
+                    endColumn: match.endColumn,
+                    message: rule.description,
+                    severity: rule.severity,
+                    confidence: rule.confidence,
+                    category: rule.category,
+                    evidence: match.text,
+                    cweIds: rule.cweIds,
+                    owaspRefs: rule.owaspRefs,
+                    autofixPatternId: rule.autofixPatternId,
+                });
+            }
+        }
+    }
+    return matches;
+}
+//# sourceMappingURL=ast-query.js.map

package/dist/scanners/detection/engines/ast-query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ast-query.js","sourceRoot":"","sources":["../../../../src/scanners/detection/engines/ast-query.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAA0B,MAAM,UAAU,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAI5B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;IAC1B,qBAAqB,EAAE,KAAK;IAC5B,4BAA4B,EAAE,IAAI;CACnC,CAAC,CAAC;AAmBH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,KAAK,GAAkB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;YACpB,IAAI,GAAG,GAAG,KAAK,CAAC;YAChB,OAAO,GAAG,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACjE,GAAG,EAAE,CAAC;YACR,CAAC;YACD,IAAI,GAAG,GAAG,KAAK,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;gBACnG,CAAC,GAAG,GAAG,CAAC;gBACR,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QAED,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,OAAO,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;YACzH,UAAU,EAAE,CAAC;QACf,CAAC;QACD,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;YACrE,CAAC,GAAG,UAAU,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,KAAoB;IACtD,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;YAC1C,CAAC;YACD,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;QAC5D,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,IAAI,MAAc,CAAC;YAEnB,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACvB,CAAC;iBAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvC,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;oBAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;gBAC1C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACvB,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YACpD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC;YACjC,CAAC;YACD,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;YACxB,CAAC;iBAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvC,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBAC/C,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;gBAC1C,CAAC;gBACD,OAAO,GAAG,GAAG,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAsB,EAAE,OAAe;IAClE,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEpC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEzC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,IAAI,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC9B,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC/D,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE;oBAChC,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBACzD,IAAI;oBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,kBAAkB,CAAC,UAAsB,EAAE,OAAe;IACjE,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEpC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;YAClF,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEzC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,IAAI,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC9B,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC/D,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE;oBAChC,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBACzD,IAAI;oBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe,CAAC,UAAsB,EAAE,OAAe;IAC9D,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEpC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,KAAK,GAAG,EAAE,CAAC;YAC/E,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAEzC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,IAAI,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC9B,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC/D,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE;oBAChC,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBACzD,IAAI;oBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,QAAgB,EAChB,MAAsB;IAEtB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,gBAAgB,CACzC,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAC/D,OAAO,EACP,EAAE,SAAS,EAAE,IAAI,EAAE,CACpB,CAAC;QAEF,IAAI,OAAO,GAAe,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAE/B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,OAAO,GAAG,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1D,OAAO,GAAG,kBAAkB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,GAAG,eAAe,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,OAAO,GAAG;gBACR,GAAG,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC;gBAC3C,GAAG,kBAAkB,CAAC,UAAU,EAAE,OAAO,CAAC;aAC3C,CAAC;QACJ,CAAC;QAED,UAAU,CAAC,MAAM,EAAE,CAAC;QAEpB,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAmB,EACnB,KAAsB,EACtB,KAAgB;IAEhB,MAAM,OAAO,GAAqB,EAAE,CAAC;IAErC,MAAM,WAAW,GAAG,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,sBAAsB,EAAE;QAC/D,GAAG,EAAE,WAAW;QAChB,MAAM,EAAE,CAAC,oBAAoB,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,CAAC;QACzE,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC,CAAC;IAEJ,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ;YAAE,SAAS;QAErC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAEhD,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,OAAO,EAAE,IAAI,CAAC,WAAW;oBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,KAAK,CAAC,IAAI;oBACpB,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;iBACxC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/scanners/detection/engines/data-flow.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Data Flow (Taint Tracking) Engine
+ *
+ * Tracks how untrusted data flows from sources to sinks.
+ * Core of security vulnerability detection.
+ *
+ * @module scanners/detection/engines/data-flow
+ */
+import type { DataFlowConfig, TaintPath, DetectionMatch, DetectionRule } from "../types.js";
+export declare function analyzeDataFlow(filePath: string, config: DataFlowConfig): Promise<TaintPath[]>;
+export declare function runDataFlowEngine(projectPath: string, rules: DetectionRule[], files?: string[]): Promise<DetectionMatch[]>;
+//# sourceMappingURL=data-flow.d.ts.map

package/dist/scanners/detection/engines/data-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-flow.d.ts","sourceRoot":"","sources":["../../../../src/scanners/detection/engines/data-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,aAAa,EAAqC,MAAM,aAAa,CAAC;AA4Q/H,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,SAAS,EAAE,CAAC,CAqBtB;AAED,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,aAAa,EAAE,EACtB,KAAK,CAAC,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,cAAc,EAAE,CAAC,CAsC3B"}