vaspera 2.10.1 → 2.12.0

package/dist/scanners/detection/engines/data-flow.js

@@ -0,0 +1,269 @@
+/**
+ * Data Flow (Taint Tracking) Engine
+ *
+ * Tracks how untrusted data flows from sources to sinks.
+ * Core of security vulnerability detection.
+ *
+ * @module scanners/detection/engines/data-flow
+ */
+import { Project, Node } from "ts-morph";
+import { readFile } from "fs/promises";
+import { glob } from "glob";
+const project = new Project({
+    useInMemoryFileSystem: false,
+    skipFileDependencyResolution: true,
+});
+function matchesPattern(text, pattern) {
+    const normalizedPattern = pattern
+        .replace(/\$[a-zA-Z_][a-zA-Z0-9_]*/g, ".*")
+        .replace(/\{[^}]+\}/g, "[^.]+")
+        .replace(/\./g, "\\.")
+        .replace(/\(/g, "\\(")
+        .replace(/\)/g, "\\)")
+        .replace(/\*/g, ".*");
+    try {
+        const regex = new RegExp(normalizedPattern);
+        return regex.test(text);
+    }
+    catch {
+        return text.includes(pattern.replace(/[${}]/g, ""));
+    }
+}
+function findSources(sourceFile, sources) {
+    const found = [];
+    sourceFile.forEachDescendant((node) => {
+        const text = node.getText();
+        for (const source of sources) {
+            if (matchesPattern(text, source.pattern)) {
+                found.push({
+                    type: "source",
+                    expression: text,
+                    file: sourceFile.getFilePath(),
+                    line: node.getStartLineNumber(),
+                    column: node.getStartLinePos() - node.getStartLinePos(true) + 1,
+                    pattern: source.pattern,
+                });
+                if (Node.isPropertyAccessExpression(node) || Node.isElementAccessExpression(node)) {
+                    const parent = node.getParent();
+                    if (parent && Node.isVariableDeclaration(parent)) {
+                        found[found.length - 1].variable = parent.getName();
+                    }
+                }
+            }
+        }
+    });
+    return found;
+}
+function findSinks(sourceFile, sinks) {
+    const found = [];
+    sourceFile.forEachDescendant((node) => {
+        if (!Node.isCallExpression(node))
+            return;
+        const text = node.getText();
+        const expression = node.getExpression().getText();
+        for (const sink of sinks) {
+            if (matchesPattern(expression, sink.pattern) || matchesPattern(text, sink.pattern)) {
+                found.push({
+                    type: "sink",
+                    expression: text,
+                    file: sourceFile.getFilePath(),
+                    line: node.getStartLineNumber(),
+                    column: node.getStartLinePos() - node.getStartLinePos(true) + 1,
+                    pattern: sink.pattern,
+                });
+            }
+        }
+    });
+    return found;
+}
+function findSanitizers(sourceFile, sanitizers) {
+    const found = [];
+    sourceFile.forEachDescendant((node) => {
+        if (!Node.isCallExpression(node))
+            return;
+        const text = node.getText();
+        for (const sanitizer of sanitizers) {
+            if (matchesPattern(text, sanitizer.pattern)) {
+                found.push({
+                    type: "sanitizer",
+                    expression: text,
+                    file: sourceFile.getFilePath(),
+                    line: node.getStartLineNumber(),
+                    column: node.getStartLinePos() - node.getStartLinePos(true) + 1,
+                    pattern: sanitizer.pattern,
+                });
+            }
+        }
+    });
+    return found;
+}
+function extractVariablesFromExpression(expr) {
+    const identifiers = [];
+    const identifierRegex = /\b([a-zA-Z_][a-zA-Z0-9_]*)\b/g;
+    let match;
+    while ((match = identifierRegex.exec(expr)) !== null) {
+        const id = match[1];
+        if (!["const", "let", "var", "function", "async", "await", "return", "if", "else", "for", "while", "true", "false", "null", "undefined"].includes(id)) {
+            identifiers.push(id);
+        }
+    }
+    return identifiers;
+}
+function traceTaintFlow(sourceFile, sources, sinks, sanitizers) {
+    const paths = [];
+    const taintedVars = new Set();
+    for (const source of sources) {
+        if (source.variable) {
+            taintedVars.add(source.variable);
+        }
+        const sourceVars = extractVariablesFromExpression(source.expression);
+        for (const v of sourceVars) {
+            if (v.includes("req") || v.includes("params") || v.includes("query") || v.includes("body") || v.includes("input")) {
+                taintedVars.add(v);
+            }
+        }
+    }
+    sourceFile.forEachDescendant((node) => {
+        if (Node.isVariableDeclaration(node)) {
+            const init = node.getInitializer();
+            if (init) {
+                const initText = init.getText();
+                const initVars = extractVariablesFromExpression(initText);
+                for (const v of initVars) {
+                    if (taintedVars.has(v)) {
+                        taintedVars.add(node.getName());
+                        break;
+                    }
+                }
+            }
+        }
+        if (Node.isBinaryExpression(node) && node.getOperatorToken().getText() === "=") {
+            const left = node.getLeft();
+            const right = node.getRight();
+            if (Node.isIdentifier(left)) {
+                const rightVars = extractVariablesFromExpression(right.getText());
+                for (const v of rightVars) {
+                    if (taintedVars.has(v)) {
+                        taintedVars.add(left.getText());
+                        break;
+                    }
+                }
+            }
+        }
+    });
+    const sanitizerLines = new Set(sanitizers.map((s) => s.line));
+    for (const sink of sinks) {
+        const sinkVars = extractVariablesFromExpression(sink.expression);
+        let isTainted = false;
+        for (const v of sinkVars) {
+            if (taintedVars.has(v)) {
+                isTainted = true;
+                break;
+            }
+        }
+        if (!isTainted)
+            continue;
+        let sanitized = false;
+        let sanitizerPattern;
+        for (const sanitizer of sanitizers) {
+            if (sanitizer.line < sink.line) {
+                const sanitizerVars = extractVariablesFromExpression(sanitizer.expression);
+                for (const v of sanitizerVars) {
+                    if (sinkVars.includes(v)) {
+                        sanitized = true;
+                        sanitizerPattern = sanitizer.pattern;
+                        break;
+                    }
+                }
+            }
+        }
+        for (const source of sources) {
+            const sourceVars = source.variable
+                ? [source.variable]
+                : extractVariablesFromExpression(source.expression);
+            let connected = false;
+            for (const sv of sourceVars) {
+                if (taintedVars.has(sv)) {
+                    for (const sinkVar of sinkVars) {
+                        if (taintedVars.has(sinkVar)) {
+                            connected = true;
+                            break;
+                        }
+                    }
+                }
+            }
+            if (!connected)
+                continue;
+            paths.push({
+                source: {
+                    pattern: source.pattern || source.expression,
+                    file: source.file,
+                    line: source.line,
+                    column: source.column,
+                    expression: source.expression,
+                },
+                sink: {
+                    pattern: sink.pattern || sink.expression,
+                    file: sink.file,
+                    line: sink.line,
+                    column: sink.column,
+                    expression: sink.expression,
+                },
+                intermediateNodes: [],
+                sanitized,
+                sanitizer: sanitizerPattern,
+            });
+        }
+    }
+    return paths;
+}
+export async function analyzeDataFlow(filePath, config) {
+    try {
+        const content = await readFile(filePath, "utf-8");
+        const sourceFile = project.createSourceFile(`dataflow_${Date.now()}_${Math.random().toString(36).slice(2)}.ts`, content, { overwrite: true });
+        const sources = findSources(sourceFile, config.sources);
+        const sinks = findSinks(sourceFile, config.sinks);
+        const sanitizers = config.sanitizers ? findSanitizers(sourceFile, config.sanitizers) : [];
+        const paths = traceTaintFlow(sourceFile, sources, sinks, sanitizers);
+        sourceFile.delete();
+        return paths.filter((p) => !p.sanitized);
+    }
+    catch {
+        return [];
+    }
+}
+export async function runDataFlowEngine(projectPath, rules, files) {
+    const matches = [];
+    const targetFiles = files || (await glob("**/*.{ts,tsx,js,jsx}", {
+        cwd: projectPath,
+        ignore: ["**/node_modules/**", "**/dist/**", "**/build/**", "**/.git/**"],
+        absolute: true,
+    }));
+    for (const rule of rules) {
+        if (!rule.engines.dataFlow)
+            continue;
+        const config = rule.engines.dataFlow;
+        for (const file of targetFiles) {
+            const paths = await analyzeDataFlow(file, config);
+            for (const path of paths) {
+                matches.push({
+                    ruleId: rule.id,
+                    file: path.sink.file,
+                    line: path.sink.line,
+                    column: path.sink.column,
+                    message: `${rule.description} - Tainted data flows from ${path.source.expression} to ${path.sink.expression}`,
+                    severity: rule.severity,
+                    confidence: rule.confidence,
+                    category: rule.category,
+                    evidence: path.sink.expression,
+                    taintPath: path,
+                    cweIds: rule.cweIds,
+                    owaspRefs: rule.owaspRefs,
+                    autofixPatternId: rule.autofixPatternId,
+                });
+            }
+        }
+    }
+    return matches;
+}
+//# sourceMappingURL=data-flow.js.map

package/dist/scanners/detection/engines/data-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-flow.js","sourceRoot":"","sources":["../../../../src/scanners/detection/engines/data-flow.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAgF,MAAM,UAAU,CAAC;AACvH,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;IAC1B,qBAAqB,EAAE,KAAK;IAC5B,4BAA4B,EAAE,IAAI;CACnC,CAAC,CAAC;AAqBH,SAAS,cAAc,CAAC,IAAY,EAAE,OAAe;IACnD,MAAM,iBAAiB,GAAG,OAAO;SAC9B,OAAO,CAAC,2BAA2B,EAAE,IAAI,CAAC;SAC1C,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC;SAC9B,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAExB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC5C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,UAAsB,EAAE,OAAsB;IACjE,MAAM,KAAK,GAAmB,EAAE,CAAC;IAEjC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAE5B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzC,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE,IAAI;oBAChB,IAAI,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC9B,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC/D,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB,CAAC,CAAC;gBAEH,IAAI,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClF,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;oBAChC,IAAI,MAAM,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;wBACjD,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,QAAQ,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;oBACtD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,UAAsB,EAAE,KAAkB;IAC3D,MAAM,KAAK,GAAmB,EAAE,CAAC;IAEjC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;YAAE,OAAO;QAEzC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,EAAE,CAAC;QAElD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnF,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,MAAM;oBACZ,UAAU,EAAE,IAAI;oBAChB,IAAI,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC9B,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC/D,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,UAAsB,EAAE,UAAuB;IACrE,MAAM,KAAK,GAAmB,EAAE,CAAC;IAEjC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;YAAE,OAAO;QAEzC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAE5B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,UAAU,EAAE,IAAI;oBAChB,IAAI,EAAE,UAAU,CAAC,WAAW,EAAE;oBAC9B,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC/D,OAAO,EAAE,SAAS,CAAC,OAAO;iBAC3B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,8BAA8B,CAAC,IAAY;IAClD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,MAAM,eAAe,GAAG,+BAA+B,CAAC;IACxD,IAAI,KAAK,CAAC;IAEV,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACtJ,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,cAAc,CACrB,UAAsB,EACtB,OAAuB,EACvB,KAAqB,EACrB,UAA0B;IAE1B,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,UAAU,GAAG,8BAA8B,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACrE,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClH,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAE1D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;wBACvB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;wBAChC,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,KAAK,GAAG,EAAE,CAAC;YAC/E,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAE9B,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,MAAM,SAAS,GAAG,8BAA8B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBAClE,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;oBAC1B,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;wBACvB,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;wBAChC,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,8BAA8B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,SAAS,GAAG,IAAI,CAAC;gBACjB,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzB,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,IAAI,gBAAoC,CAAC;QAEzC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAM,aAAa,GAAG,8BAA8B,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;gBAC3E,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;oBAC9B,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;wBACzB,SAAS,GAAG,IAAI,CAAC;wBACjB,gBAAgB,GAAG,SAAS,CAAC,OAAO,CAAC;wBACrC,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ;gBAChC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACnB,CAAC,CAAC,8BAA8B,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAEtD,IAAI,SAAS,GAAG,KAAK,CAAC;YACtB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;gBAC5B,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBACxB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;wBAC/B,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7B,SAAS,GAAG,IAAI,CAAC;4BACjB,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,CAAC,SAAS;gBAAE,SAAS;YAEzB,KAAK,CAAC,IAAI,CAAC;gBACT,MAAM,EAAE;oBACN,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU;oBAC5C,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B;gBACD,IAAI,EAAE;oBACJ,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,UAAU;oBACxC,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B;gBACD,iBAAiB,EAAE,EAAE;gBACrB,SAAS;gBACT,SAAS,EAAE,gBAAgB;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,MAAsB;IAEtB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,gBAAgB,CACzC,YAAY,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAClE,OAAO,EACP,EAAE,SAAS,EAAE,IAAI,EAAE,CACpB,CAAC;QAEF,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE1F,MAAM,KAAK,GAAG,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;QAErE,UAAU,CAAC,MAAM,EAAE,CAAC;QAEpB,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAmB,EACnB,KAAsB,EACtB,KAAgB;IAEhB,MAAM,OAAO,GAAqB,EAAE,CAAC;IAErC,MAAM,WAAW,GAAG,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,sBAAsB,EAAE;QAC/D,GAAG,EAAE,WAAW;QAChB,MAAM,EAAE,CAAC,oBAAoB,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,CAAC;QACzE,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC,CAAC;IAEJ,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ;YAAE,SAAS;QAErC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAElD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;oBACpB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;oBACpB,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;oBACxB,OAAO,EAAE,GAAG,IAAI,CAAC,WAAW,8BAA8B,IAAI,CAAC,MAAM,CAAC,UAAU,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;oBAC7G,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU;oBAC9B,SAAS,EAAE,IAAI;oBACf,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;iBACxC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/scanners/detection/index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Detection Engine
+ *
+ * Proprietary security detection engine for Vaspera.
+ * Combines AST query, data flow, and control flow analysis
+ * for high-confidence vulnerability detection.
+ *
+ * @module scanners/detection
+ */
+import type { DetectionContext, DetectionResult } from "./types.js";
+import { getBuiltinRules, getBuiltinRulesByCategory, getBuiltinRuleById, BUILTIN_RULES } from "./rules/builtin.js";
+export * from "./types.js";
+export { queryAST, type ASTMatch } from "./engines/ast-query.js";
+export { analyzeDataFlow } from "./engines/data-flow.js";
+export { loadRulesFromDirectory, loadRuleFromYAML, createRule, RuleValidationError } from "./rules/loader.js";
+export { getBuiltinRules, getBuiltinRuleById, getBuiltinRulesByCategory, BUILTIN_RULES };
+export declare function runDetection(context: DetectionContext): Promise<DetectionResult>;
+export declare function runDetectionWithCustomRules(context: DetectionContext, customRulesDir?: string): Promise<DetectionResult>;
+export declare function listAvailableRules(): {
+    id: string;
+    name: string;
+    category: string;
+    severity: string;
+    enabled: boolean;
+}[];
+export declare function getDetectionCategories(): string[];
+export declare function enableRule(ruleId: string): boolean;
+export declare function disableRule(ruleId: string): boolean;
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/detection/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/detection/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAiC,MAAM,YAAY,CAAC;AAGnG,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGnH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,QAAQ,EAAE,KAAK,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9G,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,aAAa,EAAE,CAAC;AAEzF,wBAAsB,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CA0EtF;AAiBD,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,gBAAgB,EACzB,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,eAAe,CAAC,CAa1B;AAED,wBAAgB,kBAAkB,IAAI;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAAE,CAQzH;AAED,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAGjD;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAOlD;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAOnD"}

package/dist/scanners/detection/index.js

@@ -0,0 +1,140 @@
+/**
+ * Detection Engine
+ *
+ * Proprietary security detection engine for Vaspera.
+ * Combines AST query, data flow, and control flow analysis
+ * for high-confidence vulnerability detection.
+ *
+ * @module scanners/detection
+ */
+import { glob } from "glob";
+import { runASTQueryEngine } from "./engines/ast-query.js";
+import { runDataFlowEngine } from "./engines/data-flow.js";
+import { getBuiltinRules, getBuiltinRulesByCategory, getBuiltinRuleById, BUILTIN_RULES } from "./rules/builtin.js";
+import { loadRulesFromDirectory } from "./rules/loader.js";
+export * from "./types.js";
+export { queryAST } from "./engines/ast-query.js";
+export { analyzeDataFlow } from "./engines/data-flow.js";
+export { loadRulesFromDirectory, loadRuleFromYAML, createRule, RuleValidationError } from "./rules/loader.js";
+export { getBuiltinRules, getBuiltinRuleById, getBuiltinRulesByCategory, BUILTIN_RULES };
+export async function runDetection(context) {
+    const startTime = Date.now();
+    const errors = [];
+    let allMatches = [];
+    const rules = context.rules || getBuiltinRules();
+    const enabledRules = rules.filter((r) => r.enabled !== false);
+    if (enabledRules.length === 0) {
+        return {
+            success: true,
+            matches: [],
+            rulesEvaluated: 0,
+            filesAnalyzed: 0,
+            duration: Date.now() - startTime,
+        };
+    }
+    let files;
+    if (context.files && context.files.length > 0) {
+        files = context.files;
+    }
+    else {
+        const includePatterns = context.include || ["**/*.{ts,tsx,js,jsx,py,go,rb}"];
+        const excludePatterns = context.exclude || ["**/node_modules/**", "**/dist/**", "**/build/**", "**/.git/**", "**/vendor/**"];
+        files = await glob(includePatterns, {
+            cwd: context.projectPath,
+            ignore: excludePatterns,
+            absolute: true,
+        });
+    }
+    if (files.length === 0) {
+        return {
+            success: true,
+            matches: [],
+            rulesEvaluated: enabledRules.length,
+            filesAnalyzed: 0,
+            duration: Date.now() - startTime,
+        };
+    }
+    const astQueryRules = enabledRules.filter((r) => r.engines.astQuery);
+    const dataFlowRules = enabledRules.filter((r) => r.engines.dataFlow);
+    try {
+        if (astQueryRules.length > 0) {
+            const astMatches = await runASTQueryEngine(context.projectPath, astQueryRules, files);
+            allMatches.push(...astMatches);
+        }
+    }
+    catch (error) {
+        errors.push(`AST query engine error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    try {
+        if (dataFlowRules.length > 0) {
+            const dataFlowMatches = await runDataFlowEngine(context.projectPath, dataFlowRules, files);
+            allMatches.push(...dataFlowMatches);
+        }
+    }
+    catch (error) {
+        errors.push(`Data flow engine error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+    allMatches = deduplicateMatches(allMatches);
+    return {
+        success: errors.length === 0,
+        matches: allMatches,
+        rulesEvaluated: enabledRules.length,
+        filesAnalyzed: files.length,
+        duration: Date.now() - startTime,
+        errors: errors.length > 0 ? errors : undefined,
+    };
+}
+function deduplicateMatches(matches) {
+    const seen = new Map();
+    for (const match of matches) {
+        const key = `${match.ruleId}:${match.file}:${match.line}:${match.column || 0}`;
+        const existing = seen.get(key);
+        if (!existing || match.confidence > existing.confidence) {
+            seen.set(key, match);
+        }
+    }
+    return Array.from(seen.values());
+}
+export async function runDetectionWithCustomRules(context, customRulesDir) {
+    let rules = getBuiltinRules();
+    if (customRulesDir) {
+        try {
+            const customRules = await loadRulesFromDirectory(customRulesDir);
+            rules = [...rules, ...customRules];
+        }
+        catch (error) {
+            console.warn(`Failed to load custom rules from ${customRulesDir}:`, error);
+        }
+    }
+    return runDetection({ ...context, rules });
+}
+export function listAvailableRules() {
+    return BUILTIN_RULES.map((r) => ({
+        id: r.id,
+        name: r.name,
+        category: r.category,
+        severity: r.severity,
+        enabled: r.enabled ?? true,
+    }));
+}
+export function getDetectionCategories() {
+    const categories = new Set(BUILTIN_RULES.map((r) => r.category));
+    return Array.from(categories).sort();
+}
+export function enableRule(ruleId) {
+    const rule = BUILTIN_RULES.find((r) => r.id === ruleId);
+    if (rule) {
+        rule.enabled = true;
+        return true;
+    }
+    return false;
+}
+export function disableRule(ruleId) {
+    const rule = BUILTIN_RULES.find((r) => r.id === ruleId);
+    if (rule) {
+        rule.enabled = false;
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=index.js.map

package/dist/scanners/detection/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/detection/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnH,OAAO,EAAE,sBAAsB,EAAc,MAAM,mBAAmB,CAAC;AAEvE,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,QAAQ,EAAiB,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9G,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,aAAa,EAAE,CAAC;AAEzF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAyB;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,UAAU,GAAqB,EAAE,CAAC;IAEtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC;IACjD,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;IAE9D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,EAAE;YACX,cAAc,EAAE,CAAC;YACjB,aAAa,EAAE,CAAC;YAChB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,KAAe,CAAC;IAEpB,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7E,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,oBAAoB,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;QAE7H,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE;YAClC,GAAG,EAAE,OAAO,CAAC,WAAW;YACxB,MAAM,EAAE,eAAe;YACvB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,EAAE;YACX,cAAc,EAAE,YAAY,CAAC,MAAM;YACnC,aAAa,EAAE,CAAC;YAChB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACrE,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;YACtF,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,IAAI,CAAC;QACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;YAC3F,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,UAAU,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAE5C,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC5B,OAAO,EAAE,UAAU;QACnB,cAAc,EAAE,YAAY,CAAC,MAAM;QACnC,aAAa,EAAE,KAAK,CAAC,MAAM;QAC3B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KAC/C,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAyB;IACnD,MAAM,IAAI,GAAG,IAAI,GAAG,EAA0B,CAAC;IAE/C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAE/E,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,OAAyB,EACzB,cAAuB;IAEvB,IAAI,KAAK,GAAG,eAAe,EAAE,CAAC;IAE9B,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,sBAAsB,CAAC,cAAc,CAAC,CAAC;YACjE,KAAK,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,WAAW,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,cAAc,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,IAAI;KAC3B,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjE,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAc;IACvC,MAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACxD,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,MAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACxD,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/scanners/detection/rules/builtin.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Built-in Detection Rules
+ *
+ * Proprietary detection rules that differentiate Vaspera from Semgrep wrappers.
+ * These rules use data flow and control flow analysis for high-confidence detection.
+ *
+ * @module scanners/detection/rules/builtin
+ */
+import type { DetectionRule } from "../types.js";
+export declare const BUILTIN_RULES: DetectionRule[];
+export declare function getBuiltinRules(): DetectionRule[];
+export declare function getBuiltinRuleById(id: string): DetectionRule | undefined;
+export declare function getBuiltinRulesByCategory(category: string): DetectionRule[];
+//# sourceMappingURL=builtin.d.ts.map

package/dist/scanners/detection/rules/builtin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"builtin.d.ts","sourceRoot":"","sources":["../../../../src/scanners/detection/rules/builtin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjD,eAAO,MAAM,aAAa,EAAE,aAAa,EA+SxC,CAAC;AAEF,wBAAgB,eAAe,IAAI,aAAa,EAAE,CAEjD;AAED,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAExE;AAED,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CAE3E"}