vaspera 2.11.0 → 2.12.0

package/dist/autofix/ast/__tests__/typescript.test.js

@@ -0,0 +1,210 @@
+/**
+ * TypeScript AST Transform Tests
+ */
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm, writeFile } from "fs/promises";
+import { join } from "path";
+import { tmpdir } from "os";
+import { transformXSS, transformHardcodedSecrets, transformIDOR, hasASTTransform, listASTTransforms, applyASTTransform, } from "../typescript.js";
+describe("AST Transforms", () => {
+    let tempDir;
+    beforeEach(async () => {
+        tempDir = await mkdtemp(join(tmpdir(), `ast-test-${Math.random().toString(36).slice(2, 8)}-`));
+    });
+    afterEach(async () => {
+        await rm(tempDir, { recursive: true, force: true });
+    });
+    describe("hasASTTransform", () => {
+        it("returns true for supported categories", () => {
+            expect(hasASTTransform("sql-injection")).toBe(true);
+            expect(hasASTTransform("xss")).toBe(true);
+            expect(hasASTTransform("secrets")).toBe(true);
+            expect(hasASTTransform("idor")).toBe(true);
+        });
+        it("returns false for unsupported categories", () => {
+            expect(hasASTTransform("unknown")).toBe(false);
+            expect(hasASTTransform("random")).toBe(false);
+        });
+        it("is case-insensitive", () => {
+            expect(hasASTTransform("SQL-INJECTION")).toBe(true);
+            expect(hasASTTransform("XSS")).toBe(true);
+        });
+    });
+    describe("listASTTransforms", () => {
+        it("returns all available transforms", () => {
+            const transforms = listASTTransforms();
+            expect(transforms).toContain("sql-injection");
+            expect(transforms).toContain("xss");
+            expect(transforms).toContain("hardcoded-secrets");
+            expect(transforms).toContain("secrets");
+            expect(transforms).toContain("idor");
+            expect(transforms).toContain("authorization");
+        });
+    });
+    describe("transformXSS", () => {
+        it("transforms innerHTML to textContent", async () => {
+            const filePath = join(tempDir, "xss.ts");
+            const code = `
+function render(userInput: string) {
+  document.getElementById("target").innerHTML = userInput;
+}
+`;
+            await writeFile(filePath, code, "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-1",
+                    file: "xss.ts",
+                    line: 3,
+                    category: "xss",
+                    description: "innerHTML assignment",
+                },
+            };
+            const result = await transformXSS(context);
+            expect(result.success).toBe(true);
+            expect(result.changesApplied.length).toBeGreaterThan(0);
+            expect(result.transformedCode).toContain("textContent");
+            expect(result.transformedCode).not.toContain("innerHTML");
+        });
+        it("handles insertAdjacentHTML", async () => {
+            const filePath = join(tempDir, "xss2.ts");
+            const code = `
+function insertContent(el: HTMLElement, content: string) {
+  el.insertAdjacentHTML("beforeend", content);
+}
+`;
+            await writeFile(filePath, code, "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-2",
+                    file: "xss2.ts",
+                    line: 3,
+                    category: "xss",
+                    description: "insertAdjacentHTML usage",
+                },
+            };
+            const result = await transformXSS(context);
+            expect(result.success).toBe(true);
+            expect(result.changesApplied.length).toBeGreaterThan(0);
+        });
+    });
+    describe("transformHardcodedSecrets", () => {
+        it("replaces hardcoded API key with env var", async () => {
+            const filePath = join(tempDir, "secrets.ts");
+            const code = `
+const apiKey = "sk_live_1234567890abcdef";
+const config = { apiKey };
+`;
+            await writeFile(filePath, code, "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-3",
+                    file: "secrets.ts",
+                    line: 2,
+                    category: "secrets",
+                    description: "Hardcoded API key",
+                },
+            };
+            const result = await transformHardcodedSecrets(context);
+            expect(result.success).toBe(true);
+            expect(result.changesApplied.length).toBeGreaterThan(0);
+            expect(result.transformedCode).toContain("process.env");
+            expect(result.transformedCode).not.toContain("sk_live_");
+        });
+        it("converts camelCase to SCREAMING_SNAKE_CASE for env vars", async () => {
+            const filePath = join(tempDir, "secrets2.ts");
+            const code = `
+const secretKey = "super_secret_value_123456";
+`;
+            await writeFile(filePath, code, "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-4",
+                    file: "secrets2.ts",
+                    line: 2,
+                    category: "secrets",
+                    description: "Hardcoded secret",
+                },
+            };
+            const result = await transformHardcodedSecrets(context);
+            expect(result.success).toBe(true);
+            expect(result.transformedCode).toContain("SECRET_KEY");
+        });
+    });
+    describe("transformIDOR", () => {
+        it("adds ownership check to database access", async () => {
+            const filePath = join(tempDir, "idor.ts");
+            const code = `
+async function getUser(req: Request) {
+  const user = await db.users.findById(req.params.id);
+  return user;
+}
+`;
+            await writeFile(filePath, code, "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-5",
+                    file: "idor.ts",
+                    line: 3,
+                    category: "idor",
+                    description: "IDOR vulnerability",
+                },
+            };
+            const result = await transformIDOR(context);
+            expect(result.success).toBe(true);
+            expect(result.changesApplied.length).toBeGreaterThan(0);
+            expect(result.transformedCode).toContain("userId");
+            expect(result.transformedCode).toContain("Access denied");
+        });
+    });
+    describe("applyASTTransform", () => {
+        it("applies correct transform based on category", async () => {
+            const filePath = join(tempDir, "generic.ts");
+            const code = `
+document.body.innerHTML = userInput;
+`;
+            await writeFile(filePath, code, "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-6",
+                    file: "generic.ts",
+                    line: 2,
+                    category: "xss",
+                    description: "XSS vulnerability",
+                },
+            };
+            const result = await applyASTTransform("xss", context);
+            expect(result.success).toBe(true);
+        });
+        it("returns error for unknown category", async () => {
+            const filePath = join(tempDir, "unknown.ts");
+            await writeFile(filePath, "const x = 1;", "utf-8");
+            const context = {
+                filePath,
+                projectPath: tempDir,
+                finding: {
+                    id: "test-7",
+                    file: "unknown.ts",
+                    line: 1,
+                    category: "unknown",
+                    description: "Unknown",
+                },
+            };
+            const result = await applyASTTransform("unknown", context);
+            expect(result.success).toBe(false);
+            expect(result.error).toContain("No AST transform available");
+        });
+    });
+});
+//# sourceMappingURL=typescript.test.js.map

package/dist/autofix/ast/__tests__/typescript.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"typescript.test.js","sourceRoot":"","sources":["../../../../src/autofix/ast/__tests__/typescript.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAmB,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAEL,YAAY,EACZ,yBAAyB,EACzB,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAG1B,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,OAAe,CAAC;IAEpB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACjG,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/C,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;YAC7B,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;YACvC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YAC9C,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACpC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;YAClD,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,IAAI,GAAG;;;;CAIlB,CAAC;YACI,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,sBAAsB;iBACpC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YAE3C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG;;;;CAIlB,CAAC;YACI,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,0BAA0B;iBACxC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YAE3C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAC7C,MAAM,IAAI,GAAG;;;CAGlB,CAAC;YACI,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,SAAS;oBACnB,WAAW,EAAE,mBAAmB;iBACjC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,OAAO,CAAC,CAAC;YAExD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;YACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;YAC9C,MAAM,IAAI,GAAG;;CAElB,CAAC;YACI,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,aAAa;oBACnB,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,SAAS;oBACnB,WAAW,EAAE,kBAAkB;iBAChC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,OAAO,CAAC,CAAC;YAExD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG;;;;;CAKlB,CAAC;YACI,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,MAAM;oBAChB,WAAW,EAAE,oBAAoB;iBAClC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAE5C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAC7C,MAAM,IAAI,GAAG;;CAElB,CAAC;YACI,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,mBAAmB;iBACjC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAEvD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAC7C,MAAM,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YAEnD,MAAM,OAAO,GAAwB;gBACnC,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE;oBACP,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC;oBACP,QAAQ,EAAE,SAAS;oBACnB,WAAW,EAAE,SAAS;iBACvB;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAE3D,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/autofix/ast/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * AST Transform Module
+ *
+ * Provides AST-based code transformations for security fixes.
+ * Uses ts-morph for TypeScript/JavaScript manipulation.
+ *
+ * @module autofix/ast
+ */
+export * from "./types.js";
+export { transformSQLInjection, transformXSS, transformHardcodedSecrets, transformIDOR, applyASTTransform, hasASTTransform, listASTTransforms, AST_TRANSFORMS, } from "./typescript.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/autofix/ast/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/autofix/ast/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,yBAAyB,EACzB,aAAa,EACb,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,cAAc,GACf,MAAM,iBAAiB,CAAC"}

package/dist/autofix/ast/index.js

@@ -0,0 +1,11 @@
+/**
+ * AST Transform Module
+ *
+ * Provides AST-based code transformations for security fixes.
+ * Uses ts-morph for TypeScript/JavaScript manipulation.
+ *
+ * @module autofix/ast
+ */
+export * from "./types.js";
+export { transformSQLInjection, transformXSS, transformHardcodedSecrets, transformIDOR, applyASTTransform, hasASTTransform, listASTTransforms, AST_TRANSFORMS, } from "./typescript.js";
+//# sourceMappingURL=index.js.map

package/dist/autofix/ast/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/autofix/ast/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,yBAAyB,EACzB,aAAa,EACb,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,cAAc,GACf,MAAM,iBAAiB,CAAC"}

package/dist/autofix/ast/types.d.ts

@@ -0,0 +1,77 @@
+/**
+ * AST Transform Types
+ *
+ * Types for AST-based code transformations.
+ *
+ * @module autofix/ast/types
+ */
+import type { Severity } from "../../certification/types.js";
+export type SupportedLanguage = "typescript" | "javascript";
+export interface ASTTransformPattern {
+    id: string;
+    name: string;
+    description: string;
+    language: SupportedLanguage | SupportedLanguage[];
+    category: string;
+    severity: Severity;
+    risk: "low" | "medium" | "high";
+    safeToAutoApply: boolean;
+}
+export interface ASTTransformContext {
+    filePath: string;
+    projectPath: string;
+    finding: {
+        id: string;
+        file: string;
+        line: number;
+        category: string;
+        description: string;
+    };
+}
+export interface ASTTransformResult {
+    success: boolean;
+    filePath: string;
+    originalCode: string;
+    transformedCode: string;
+    changesApplied: ASTChange[];
+    error?: string;
+}
+export interface ASTChange {
+    type: "insert" | "replace" | "delete";
+    startLine: number;
+    endLine: number;
+    startColumn?: number;
+    endColumn?: number;
+    originalText: string;
+    newText: string;
+    description: string;
+}
+export interface SQLInjectionFix {
+    type: "parameterized-query" | "prepared-statement" | "orm-method";
+    originalQuery: string;
+    safeQuery: string;
+    parameters: string[];
+}
+export interface XSSFix {
+    type: "sanitize" | "escape" | "safe-method";
+    originalCode: string;
+    safeCode: string;
+    sanitizer?: string;
+}
+export interface SecretsFix {
+    type: "env-variable" | "config-file" | "secret-manager";
+    secretName: string;
+    envVarName: string;
+    originalValue: string;
+}
+export interface IDORFix {
+    type: "ownership-check" | "access-control";
+    resourceType: string;
+    checkCode: string;
+}
+export interface AuthBypassFix {
+    type: "middleware" | "decorator" | "guard";
+    authCode: string;
+    placement: "before" | "wrap";
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/autofix/ast/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/autofix/ast/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAE7D,MAAM,MAAM,iBAAiB,GAAG,YAAY,GAAG,YAAY,CAAC;AAE5D,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,iBAAiB,GAAG,iBAAiB,EAAE,CAAC;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAChC,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,SAAS,EAAE,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,CAAC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,qBAAqB,GAAG,oBAAoB,GAAG,YAAY,CAAC;IAClE,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,aAAa,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,GAAG,aAAa,GAAG,gBAAgB,CAAC;IACxD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,iBAAiB,GAAG,gBAAgB,CAAC;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,YAAY,GAAG,WAAW,GAAG,OAAO,CAAC;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,QAAQ,GAAG,MAAM,CAAC;CAC9B"}

package/dist/autofix/ast/types.js

@@ -0,0 +1,9 @@
+/**
+ * AST Transform Types
+ *
+ * Types for AST-based code transformations.
+ *
+ * @module autofix/ast/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/autofix/ast/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/autofix/ast/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/autofix/ast/typescript.d.ts

@@ -0,0 +1,17 @@
+/**
+ * TypeScript/JavaScript AST Transforms
+ *
+ * Uses ts-morph for AST manipulation to fix security vulnerabilities.
+ *
+ * @module autofix/ast/typescript
+ */
+import type { ASTTransformResult, ASTTransformContext } from "./types.js";
+export declare function transformSQLInjection(context: ASTTransformContext): Promise<ASTTransformResult>;
+export declare function transformXSS(context: ASTTransformContext): Promise<ASTTransformResult>;
+export declare function transformHardcodedSecrets(context: ASTTransformContext): Promise<ASTTransformResult>;
+export declare function transformIDOR(context: ASTTransformContext): Promise<ASTTransformResult>;
+export declare const AST_TRANSFORMS: Record<string, (context: ASTTransformContext) => Promise<ASTTransformResult>>;
+export declare function applyASTTransform(category: string, context: ASTTransformContext): Promise<ASTTransformResult>;
+export declare function hasASTTransform(category: string): boolean;
+export declare function listASTTransforms(): string[];
+//# sourceMappingURL=typescript.d.ts.map

package/dist/autofix/ast/typescript.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typescript.d.ts","sourceRoot":"","sources":["../../../src/autofix/ast/typescript.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAa,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAOrF,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAyF7B;AAwDD,wBAAsB,YAAY,CAChC,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAmH7B;AAED,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CA8G7B;AASD,wBAAsB,aAAa,CACjC,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAwF7B;AAED,eAAO,MAAM,cAAc,EAAE,MAAM,CACjC,MAAM,EACN,CAAC,OAAO,EAAE,mBAAmB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAQ9D,CAAC;AAEF,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAe7B;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEzD;AAED,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAE5C"}