vaspera 2.13.0 → 2.15.0

package/dist/scanners/binary-analysis.js

@@ -11,12 +11,10 @@
  * - Rust FFI (Cargo.toml with cdylib)
  * - Go CGO (import "C" in .go files)
  */
-import { exec } from "child_process";
-import { promisify } from "util";
 import * as fs from "fs/promises";
 import * as path from "path";
 import { glob } from "glob";
-const execAsync = promisify(exec);
+import { runCommand, probeBinary } from "../util/subprocess.js";
 // CWE mappings for binary security issues
 const BINARY_CWES = {
     "missing-canary": ["CWE-121"], // Stack-based Buffer Overflow
@@ -31,45 +29,14 @@ const BINARY_CWES = {
  * Check if binary analysis tools are available
  */
 export async function checkBinaryAnalysisAvailable() {
-    const results = {
-        checksec: false,
-        nm: false,
-        objdump: false,
-        file: false,
+    // checksec ships as either a Python CLI or a bash script
+    const checksec = (await probeBinary("checksec")) ?? (await probeBinary("checksec.sh"));
+    return {
+        checksec: checksec !== null,
+        nm: (await probeBinary("nm")) !== null,
+        objdump: (await probeBinary("objdump")) !== null,
+        file: (await probeBinary("file")) !== null,
     };
-    // Check for checksec (Python version or bash script)
-    try {
-        await execAsync("checksec --version 2>/dev/null || checksec.sh --version 2>/dev/null");
-        results.checksec = true;
-    }
-    catch {
-        // checksec not available
-    }
-    // Check for nm
-    try {
-        await execAsync("nm --version");
-        results.nm = true;
-    }
-    catch {
-        // nm not available
-    }
-    // Check for objdump
-    try {
-        await execAsync("objdump --version");
-        results.objdump = true;
-    }
-    catch {
-        // objdump not available
-    }
-    // Check for file command
-    try {
-        await execAsync("file --version");
-        results.file = true;
-    }
-    catch {
-        // file not available
-    }
-    return results;
 }
 /**
  * Detect native modules and binaries in the project
@@ -198,15 +165,22 @@ function parseChecksecOutput(output) {
  * Run checksec on a binary file
  */
 async function runChecksecOnBinary(binaryPath) {
+    // Try JSON output first (newer checksec versions), then fall back to
+    // the plain text format for older versions.
     try {
-        // Try JSON output first (newer checksec versions)
-        const { stdout } = await execAsync(`checksec --file="${binaryPath}" --output=json 2>/dev/null || checksec --file="${binaryPath}" 2>/dev/null`, {
-            timeout: 10000,
-        });
+        const { stdout } = await runCommand("checksec", [`--file=${binaryPath}`, "--output=json"], { timeout: 10000 });
         return parseChecksecOutput(stdout);
     }
     catch {
-        return null;
+        try {
+            const { stdout } = await runCommand("checksec", [`--file=${binaryPath}`], {
+                timeout: 10000,
+            });
+            return parseChecksecOutput(stdout);
+        }
+        catch {
+            return null;
+        }
     }
 }
 /**
@@ -215,15 +189,16 @@ async function runChecksecOnBinary(binaryPath) {
 async function analyzeWithNm(binaryPath) {
     const flags = {};
     try {
-        const { stdout } = await execAsync(`nm -D "${binaryPath}" 2>/dev/null | head -100`, {
+        const { stdout } = await runCommand("nm", ["-D", binaryPath], {
             timeout: 10000,
         });
+        const head = stdout.split("\n").slice(0, 100).join("\n");
         // Check for stack protector symbols (indicates canary)
-        if (stdout.includes("__stack_chk_fail") || stdout.includes("__stack_chk_guard")) {
+        if (head.includes("__stack_chk_fail") || head.includes("__stack_chk_guard")) {
             flags.canary = true;
         }
         // Check for fortify symbols
-        if (stdout.includes("__fortify_fail") || stdout.includes("_chk@")) {
+        if (head.includes("__fortify_fail") || head.includes("_chk@")) {
             flags.fortify = true;
         }
     }

package/dist/scanners/binary-analysis.js.map

@@ -1 +1 @@
-{"version":3,"file":"binary-analysis.js","sourceRoot":"","sources":["../../src/scanners/binary-analysis.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAmBlC,0CAA0C;AAC1C,MAAM,WAAW,GAA6B;IAC5C,gBAAgB,EAAE,CAAC,SAAS,CAAC,EAAE,8BAA8B;IAC7D,YAAY,EAAE,CAAC,SAAS,CAAC,EAAE,mDAAmD;IAC9E,aAAa,EAAE,CAAC,SAAS,CAAC,EAAE,oCAAoC;IAChE,eAAe,EAAE,CAAC,SAAS,CAAC,EAAE,6CAA6C;IAC3E,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,sBAAsB;IACjE,cAAc,EAAE,CAAC,SAAS,CAAC,EAAE,wBAAwB;CACtD,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B;IAMhD,MAAM,OAAO,GAAG;QACd,QAAQ,EAAE,KAAK;QACf,EAAE,EAAE,KAAK;QACT,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,KAAK;KACZ,CAAC;IAEF,qDAAqD;IACrD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,qEAAqE,CAAC,CAAC;QACvF,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,eAAe;IACf,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,cAAc,CAAC,CAAC;QAChC,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,mBAAmB,CAAC,CAAC;QACrC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAClC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IAC3D,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAE/C,gCAAgC;IAChC,MAAM,QAAQ,GAAG;QACf,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAsB,EAAE;QACxD,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,YAAqB,EAAE;QAClD,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,YAAqB,EAAE;QAChD,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,YAAqB,EAAE;QACnD,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAqB,EAAE;KAClD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;gBACvC,GAAG,EAAE,YAAY;gBACjB,MAAM,EAAE,CAAC,0BAA0B,EAAE,2BAA2B,CAAC;gBACjE,KAAK,EAAE,IAAI;aACZ,CAAC,CAAC;YAEH,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC;oBACpC,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;iBAC3B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE;YAC7C,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,CAAC,oBAAoB,EAAE,cAAc,CAAC;SAC/C,CAAC,CAAC;QAEH,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,EAAE,OAAO,CAAC,CAAC;YAC/E,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9F,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC;oBACxC,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;iBAC7C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE;YACpC,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,CAAC,cAAc,EAAE,oBAAoB,CAAC;SAC/C,CAAC,CAAC;QAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;YAC5E,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAC5E,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;oBACrC,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;iBAC5B,CAAC,CAAC;gBACH,MAAM,CAAC,0CAA0C;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,MAAM,KAAK,GAAkB;QAC3B,KAAK,EAAE,MAAM;QACb,EAAE,EAAE,KAAK;QACT,GAAG,EAAE,KAAK;QACV,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;KACf,CAAC;IAEF,6DAA6D;IAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAEzC,QAAQ;IACR,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC;IACvB,CAAC;SAAM,IAAI,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACjD,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;IAC1B,CAAC;IAED,kBAAkB;IAClB,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAChH,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC;IAClB,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACnH,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,eAAe;IACf,IAAI,WAAW,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1H,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,UAAU;IACV,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC3E,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,kDAAkD;IAClD,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACxE,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;IACrB,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IACnD,IAAI,CAAC;QACH,kDAAkD;QAClD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,oBAAoB,UAAU,mDAAmD,UAAU,eAAe,EAAE;YAC7I,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,UAAkB;IAC7C,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,UAAU,UAAU,2BAA2B,EAAE;YAClF,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,uDAAuD;QACvD,IAAI,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAChF,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;QACtB,CAAC;QAED,4BAA4B;QAC5B,IAAI,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAClE,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAChC,MAAoB,EACpB,KAAoB,EACpB,WAAmB;IAEnB,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAE7D,oDAAoD;IACpD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,6BAA6B;YACrC,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,6FAA6F;YACnI,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,gBAAgB,CAAC;YACrC,QAAQ,EAAE,0BAA0B,KAAK,CAAC,MAAM,EAAE;YAClD,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,mBAAmB;YAC3B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,qFAAqF;YAC3H,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,YAAY,CAAC;YACjC,QAAQ,EAAE,sBAAsB,KAAK,CAAC,EAAE,EAAE;YAC1C,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,cAAc;IACd,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,oBAAoB;YAC5B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,qFAAqF;YAC3H,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,aAAa,CAAC;YAClC,QAAQ,EAAE,uBAAuB,KAAK,CAAC,GAAG,EAAE;YAC5C,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,sBAAsB;YAC9B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,0EAA0E;YAChH,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,eAAe,CAAC;YACpC,QAAQ,EAAE,yBAAyB,KAAK,CAAC,KAAK,EAAE;YAChD,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACrC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,sBAAsB;YAC9B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,qFAAqF;YAC3H,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,eAAe,CAAC;YACpC,QAAQ,EAAE,yBAAyB,KAAK,CAAC,KAAK,EAAE;YAChD,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,qBAAqB;YAC7B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,sEAAsE;YAC5G,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,cAAc,CAAC;YACnC,QAAQ,EAAE,yBAAyB,KAAK,CAAC,KAAK,aAAa,KAAK,CAAC,OAAO,EAAE;YAC1E,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAC9B,MAAoB,EACpB,WAAmB;IAEnB,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAExD,kCAAkC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,iCAAiC;gBACzC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,sBAAsB,CAAC;gBACrD,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,8FAA8F;gBACvG,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,6BAA6B;gBACvC,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,8BAA8B;gBACtC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC;gBAC7C,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,6FAA6F;gBACtG,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,uBAAuB;gBAC/B,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC;gBAC3C,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,+EAA+E;gBACxF,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,mBAAmB;gBAC7B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACrF,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,yBAAyB;gBACjC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,iBAAiB,CAAC;gBAChD,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,gFAAgF;gBACzF,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;gBAC9B,QAAQ,EAAE,gCAAgC;gBAC1C,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,OAAe;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAmB,EACnB,OAAkD;IAElD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAEvD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,iBAAiB;gBAC1B,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE;oBACR,OAAO,EAAE,wCAAwC;oBACjD,cAAc,EAAE,CAAC;iBAClB;aACF,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,KAAK,GAAG,MAAM,4BAA4B,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,CAAC;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC;QAEvB,yBAAyB;QACzB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,wCAAwC;YACxC,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;gBAClC,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;gBACjE,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjE,IAAI,KAAK,GAAyB,IAAI,CAAC;gBAEvC,qBAAqB;gBACrB,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACjD,CAAC;gBAED,0BAA0B;gBAC1B,IAAI,CAAC,KAAK,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;oBACtD,KAAK,GAAG;wBACN,KAAK,EAAE,MAAM,EAAE,iCAAiC;wBAChD,EAAE,EAAE,IAAI,EAAE,gCAAgC;wBAC1C,GAAG,EAAE,IAAI,EAAE,gCAAgC;wBAC3C,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,KAAK;wBACpC,OAAO,EAAE,YAAY,CAAC,OAAO,IAAI,KAAK;wBACtC,KAAK,EAAE,KAAK;wBACZ,OAAO,EAAE,KAAK;qBACf,CAAC;gBACJ,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,YAAY,GAAG,yBAAyB,CAAC,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;oBAC3E,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;gBACjC,CAAC;qBAAM,CAAC;oBACN,oDAAoD;oBACpD,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,iBAAiB;wBAC1B,MAAM,EAAE,mBAAmB;wBAC3B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC;wBAC7C,IAAI,EAAE,CAAC;wBACP,MAAM,EAAE,CAAC;wBACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,iFAAiF;wBACvH,QAAQ,EAAE,MAAM;wBAChB,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,iBAAiB;wBAC3B,MAAM,EAAE,EAAE;wBACV,QAAQ,EAAE,oCAAoC;wBAC9C,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;qBACtC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,iBAAiB;oBAC1B,MAAM,EAAE,0BAA0B;oBAClC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC;oBAC7C,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,8BAA8B,MAAM,CAAC,IAAI,mDAAmD;oBACrG,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,iBAAiB;oBAC3B,MAAM,EAAE,EAAE;oBACV,QAAQ,EAAE,uCAAuC;oBACjD,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;iBACtC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,iBAAiB;oBAC1B,MAAM,EAAE,wBAAwB;oBAChC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC;oBAC7C,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,0BAA0B,MAAM,CAAC,IAAI,kDAAkD;oBAChG,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,iBAAiB;oBAC3B,MAAM,EAAE,EAAE;oBACV,QAAQ,EAAE,mBAAmB;oBAC7B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;iBACtC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,iBAAiB;YAC1B,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE;gBACR,cAAc,EAAE,OAAO,CAAC,MAAM;gBAC9B,cAAc,EAAE,KAAK;aACtB;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,iBAAiB;YAC1B,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"binary-analysis.js","sourceRoot":"","sources":["../../src/scanners/binary-analysis.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAoBhE,0CAA0C;AAC1C,MAAM,WAAW,GAA6B;IAC5C,gBAAgB,EAAE,CAAC,SAAS,CAAC,EAAE,8BAA8B;IAC7D,YAAY,EAAE,CAAC,SAAS,CAAC,EAAE,mDAAmD;IAC9E,aAAa,EAAE,CAAC,SAAS,CAAC,EAAE,oCAAoC;IAChE,eAAe,EAAE,CAAC,SAAS,CAAC,EAAE,6CAA6C;IAC3E,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,sBAAsB;IACjE,cAAc,EAAE,CAAC,SAAS,CAAC,EAAE,wBAAwB;CACtD,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B;IAMhD,yDAAyD;IACzD,MAAM,QAAQ,GACZ,CAAC,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;IAExE,OAAO;QACL,QAAQ,EAAE,QAAQ,KAAK,IAAI;QAC3B,EAAE,EAAE,CAAC,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI;QACtC,OAAO,EAAE,CAAC,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI;QAChD,IAAI,EAAE,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI;KAC3C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IAC3D,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAE/C,gCAAgC;IAChC,MAAM,QAAQ,GAAG;QACf,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAsB,EAAE;QACxD,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,YAAqB,EAAE;QAClD,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,YAAqB,EAAE;QAChD,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,YAAqB,EAAE;QACnD,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAqB,EAAE;KAClD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;gBACvC,GAAG,EAAE,YAAY;gBACjB,MAAM,EAAE,CAAC,0BAA0B,EAAE,2BAA2B,CAAC;gBACjE,KAAK,EAAE,IAAI;aACZ,CAAC,CAAC;YAEH,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC;oBACpC,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;iBAC3B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE;YAC7C,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,CAAC,oBAAoB,EAAE,cAAc,CAAC;SAC/C,CAAC,CAAC;QAEH,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,EAAE,OAAO,CAAC,CAAC;YAC/E,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9F,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC;oBACxC,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;iBAC7C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE;YACpC,GAAG,EAAE,YAAY;YACjB,MAAM,EAAE,CAAC,cAAc,EAAE,oBAAoB,CAAC;SAC/C,CAAC,CAAC;QAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;YAC5E,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAC5E,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;oBACrC,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;iBAC5B,CAAC,CAAC;gBACH,MAAM,CAAC,0CAA0C;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,MAAM,KAAK,GAAkB;QAC3B,KAAK,EAAE,MAAM;QACb,EAAE,EAAE,KAAK;QACT,GAAG,EAAE,KAAK;QACV,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;KACf,CAAC;IAEF,6DAA6D;IAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAEzC,QAAQ;IACR,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC;IACvB,CAAC;SAAM,IAAI,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACjD,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;IAC1B,CAAC;IAED,kBAAkB;IAClB,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAChH,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC;IAClB,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACnH,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,eAAe;IACf,IAAI,WAAW,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1H,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,UAAU;IACV,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC3E,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,kDAAkD;IAClD,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACxE,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC;IACrB,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IACnD,qEAAqE;IACrE,4CAA4C;IAC5C,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CACjC,UAAU,EACV,CAAC,UAAU,UAAU,EAAE,EAAE,eAAe,CAAC,EACzC,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACF,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,CAAC,UAAU,UAAU,EAAE,CAAC,EAAE;gBACxE,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YACH,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,UAAkB;IAC7C,MAAM,KAAK,GAA2B,EAAE,CAAC;IAEzC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE;YAC5D,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEzD,uDAAuD;QACvD,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC5E,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;QACtB,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAChC,MAAoB,EACpB,KAAoB,EACpB,WAAmB;IAEnB,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAE7D,oDAAoD;IACpD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,6BAA6B;YACrC,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,6FAA6F;YACnI,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,gBAAgB,CAAC;YACrC,QAAQ,EAAE,0BAA0B,KAAK,CAAC,MAAM,EAAE;YAClD,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,mBAAmB;YAC3B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,qFAAqF;YAC3H,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,YAAY,CAAC;YACjC,QAAQ,EAAE,sBAAsB,KAAK,CAAC,EAAE,EAAE;YAC1C,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,cAAc;IACd,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,oBAAoB;YAC5B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,qFAAqF;YAC3H,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,aAAa,CAAC;YAClC,QAAQ,EAAE,uBAAuB,KAAK,CAAC,GAAG,EAAE;YAC5C,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,sBAAsB;YAC9B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,0EAA0E;YAChH,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,eAAe,CAAC;YACpC,QAAQ,EAAE,yBAAyB,KAAK,CAAC,KAAK,EAAE;YAChD,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACrC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,sBAAsB;YAC9B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,qFAAqF;YAC3H,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,eAAe,CAAC;YACpC,QAAQ,EAAE,yBAAyB,KAAK,CAAC,KAAK,EAAE;YAChD,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,qBAAqB;YAC7B,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,sEAAsE;YAC5G,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,WAAW,CAAC,cAAc,CAAC;YACnC,QAAQ,EAAE,yBAAyB,KAAK,CAAC,KAAK,aAAa,KAAK,CAAC,OAAO,EAAE;YAC1E,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,WAAW,EAAE,KAAK;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAC9B,MAAoB,EACpB,WAAmB;IAEnB,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAExD,kCAAkC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,iCAAiC;gBACzC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,sBAAsB,CAAC;gBACrD,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,8FAA8F;gBACvG,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,6BAA6B;gBACvC,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,8BAA8B;gBACtC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC;gBAC7C,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,6FAA6F;gBACtG,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,uBAAuB;gBAC/B,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC;gBAC3C,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,+EAA+E;gBACxF,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,QAAQ,EAAE,mBAAmB;gBAC7B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACrF,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,iBAAiB;gBAC1B,MAAM,EAAE,yBAAyB;gBACjC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,iBAAiB,CAAC;gBAChD,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,gFAAgF;gBACzF,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;gBAC9B,QAAQ,EAAE,gCAAgC;gBAC1C,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;aACtC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,OAAe;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAmB,EACnB,OAAkD;IAElD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAEvD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,iBAAiB;gBAC1B,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE;oBACR,OAAO,EAAE,wCAAwC;oBACjD,cAAc,EAAE,CAAC;iBAClB;aACF,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,KAAK,GAAG,MAAM,4BAA4B,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,CAAC;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC;QAEvB,yBAAyB;QACzB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,wCAAwC;YACxC,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;gBAClC,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;gBACjE,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjE,IAAI,KAAK,GAAyB,IAAI,CAAC;gBAEvC,qBAAqB;gBACrB,IAAI,WAAW,EAAE,CAAC;oBAChB,KAAK,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACjD,CAAC;gBAED,0BAA0B;gBAC1B,IAAI,CAAC,KAAK,IAAI,KAAK,EAAE,CAAC;oBACpB,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;oBACtD,KAAK,GAAG;wBACN,KAAK,EAAE,MAAM,EAAE,iCAAiC;wBAChD,EAAE,EAAE,IAAI,EAAE,gCAAgC;wBAC1C,GAAG,EAAE,IAAI,EAAE,gCAAgC;wBAC3C,MAAM,EAAE,YAAY,CAAC,MAAM,IAAI,KAAK;wBACpC,OAAO,EAAE,YAAY,CAAC,OAAO,IAAI,KAAK;wBACtC,KAAK,EAAE,KAAK;wBACZ,OAAO,EAAE,KAAK;qBACf,CAAC;gBACJ,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,YAAY,GAAG,yBAAyB,CAAC,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;oBAC3E,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;gBACjC,CAAC;qBAAM,CAAC;oBACN,oDAAoD;oBACpD,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,iBAAiB;wBAC1B,MAAM,EAAE,mBAAmB;wBAC3B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC;wBAC7C,IAAI,EAAE,CAAC;wBACP,MAAM,EAAE,CAAC;wBACT,OAAO,EAAE,kBAAkB,MAAM,CAAC,IAAI,iFAAiF;wBACvH,QAAQ,EAAE,MAAM;wBAChB,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,iBAAiB;wBAC3B,MAAM,EAAE,EAAE;wBACV,QAAQ,EAAE,oCAAoC;wBAC9C,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;qBACtC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,iBAAiB;oBAC1B,MAAM,EAAE,0BAA0B;oBAClC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC;oBAC7C,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,8BAA8B,MAAM,CAAC,IAAI,mDAAmD;oBACrG,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,iBAAiB;oBAC3B,MAAM,EAAE,EAAE;oBACV,QAAQ,EAAE,uCAAuC;oBACjD,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;iBACtC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,iBAAiB;oBAC1B,MAAM,EAAE,wBAAwB;oBAChC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC;oBAC7C,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,0BAA0B,MAAM,CAAC,IAAI,kDAAkD;oBAChG,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,iBAAiB;oBAC3B,MAAM,EAAE,EAAE;oBACV,QAAQ,EAAE,mBAAmB;oBAC7B,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE;iBACtC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,iBAAiB;YAC1B,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE;gBACR,cAAc,EAAE,OAAO,CAAC,MAAM;gBAC9B,cAAc,EAAE,KAAK;aACtB;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,iBAAiB;YAC1B,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/scanners/brakeman.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"brakeman.d.ts","sourceRoot":"","sources":["../../src/scanners/brakeman.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA8E3F;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAiB3E;AAgCD;;GAEG;AACH,wBAAsB,WAAW,CAC/B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACA,OAAO,CAAC,aAAa,CAAC,CA2IxB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAwBvE;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAqBtE"}
+{"version":3,"file":"brakeman.d.ts","sourceRoot":"","sources":["../../src/scanners/brakeman.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA4E3F;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAc3E;AAgCD;;GAEG;AACH,wBAAsB,WAAW,CAC/B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACA,OAAO,CAAC,aAAa,CAAC,CAiIxB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAwBvE;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAsBtE"}

package/dist/scanners/brakeman.js

@@ -5,11 +5,10 @@
  *
  * @module scanners/brakeman
  */
-import { exec } from "child_process";
-import { promisify } from "util";
 import { access } from "fs/promises";
 import { join } from "path";
-const execAsync = promisify(exec);
+import { runCommand, probeBinary } from "../util/subprocess.js";
+import { parseJson } from "../util/json.js";
 /**
  * CWE mappings for common Brakeman warning types
  */
@@ -38,22 +37,19 @@ const WARNING_TO_CWE = {
  * Check if Brakeman is available
  */
 export async function checkBrakemanAvailable() {
-    try {
-        const { stdout } = await execAsync("brakeman --version", { timeout: 5000 });
-        const version = stdout.trim();
+    const version = await probeBinary("brakeman");
+    if (version !== null) {
         return {
             scanner: "brakeman",
             available: true,
             version,
         };
     }
-    catch (error) {
-        return {
-            scanner: "brakeman",
-            available: false,
-            error: error instanceof Error ? error.message : "Brakeman not found",
-        };
-    }
+    return {
+        scanner: "brakeman",
+        available: false,
+        error: "Brakeman not found",
+    };
 }
 /**
  * Convert Brakeman confidence to vaspera severity
@@ -108,37 +104,27 @@ export async function runBrakeman(projectPath, options) {
                 error: "Not a Ruby on Rails project (no Gemfile or config/application.rb found)",
             };
         }
-        // Build command
-        let command = `brakeman "${projectPath}" -f json --no-pager --no-progress`;
+        const args = [projectPath, "-f", "json", "--no-pager", "--no-progress"];
         if (options?.skip && options.skip.length > 0) {
-            command += ` --skip-checks ${options.skip.join(",")}`;
+            args.push("--skip-checks", options.skip.join(","));
         }
         if (options?.only && options.only.length > 0) {
-            command += ` --only-checks ${options.only.join(",")}`;
+            args.push("--only-checks", options.only.join(","));
         }
         if (options?.configFile) {
-            command += ` -c "${options.configFile}"`;
+            args.push("-c", options.configFile);
         }
-        // Run Brakeman
-        const { stdout, stderr } = await execAsync(command, {
+        // Brakeman exits 3 when warnings are found and 4 on scan errors;
+        // runCommand tolerates non-zero exits that still produced stdout.
+        const { stdout } = await runCommand("brakeman", args, {
             timeout: options?.timeout || 300000, // 5 minutes default
             maxBuffer: 10 * 1024 * 1024, // 10MB
-        }).catch((error) => {
-            // Brakeman exits with different codes for warnings
-            // Exit code 0: No warnings
-            // Exit code 3: Warnings found
-            // Exit code 4: Errors during scan
-            if (error.stdout) {
-                return { stdout: error.stdout, stderr: error.stderr || "" };
-            }
-            throw error;
         });
-        // Parse JSON output
         let output;
         try {
-            output = JSON.parse(stdout);
+            output = parseJson(stdout, "brakeman output");
         }
-        catch (parseError) {
+        catch {
             return {
                 scanner: "brakeman",
                 findings: [],
@@ -259,7 +245,7 @@ export async function detectRuby(projectPath) {
         catch {
             // Check for .rb files
             try {
-                const { stdout } = await execAsync(`find "${projectPath}" -maxdepth 3 -name "*.rb" | head -1`, { timeout: 5000 });
+                const { stdout } = await runCommand("find", [projectPath, "-maxdepth", "3", "-name", "*.rb"], { timeout: 5000 });
                 return stdout.trim().length > 0;
             }
             catch {

package/dist/scanners/brakeman.js.map

@@ -1 +1 @@
-{"version":3,"file":"brakeman.js","sourceRoot":"","sources":["../../src/scanners/brakeman.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAmDlC;;GAEG;AACH,MAAM,cAAc,GAA2B;IAC7C,eAAe,EAAE,QAAQ;IACzB,sBAAsB,EAAE,QAAQ;IAChC,4BAA4B,EAAE,SAAS;IACvC,uBAAuB,EAAE,QAAQ;IACjC,mBAAmB,EAAE,QAAQ;IAC7B,gBAAgB,EAAE,QAAQ;IAC1B,UAAU,EAAE,SAAS;IACrB,iBAAiB,EAAE,SAAS;IAC5B,iBAAiB,EAAE,SAAS;IAC5B,mBAAmB,EAAE,SAAS;IAC9B,aAAa,EAAE,QAAQ;IACvB,qBAAqB,EAAE,QAAQ;IAC/B,gBAAgB,EAAE,QAAQ;IAC1B,gBAAgB,EAAE,QAAQ;IAC1B,yBAAyB,EAAE,SAAS;IACpC,wBAAwB,EAAE,SAAS;IACnC,gBAAgB,EAAE,SAAS;IAC3B,eAAe,EAAE,SAAS;IAC1B,WAAW,EAAE,SAAS;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,oBAAoB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAE9B,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB;SACrE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,UAAsC,EAAE,WAAmB;IAC9E,qEAAqE;IACrE,MAAM,aAAa,GAAG;QACpB,eAAe;QACf,uBAAuB;QACvB,mBAAmB;QACnB,gBAAgB;KACjB,CAAC;IAEF,IAAI,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QACjE,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAmB,EACnB,OAKC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,iCAAiC;QACjC,MAAM,YAAY,GAAG,MAAM,sBAAsB,EAAE,CAAC;QACpD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,+DAA+D;aACvE,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yEAAyE;aACjF,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,IAAI,OAAO,GAAG,aAAa,WAAW,oCAAoC,CAAC;QAE3E,IAAI,OAAO,EAAE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,EAAE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,OAAO,IAAI,QAAQ,OAAO,CAAC,UAAU,GAAG,CAAC;QAC3C,CAAC;QAED,eAAe;QACf,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAClD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,oBAAoB;YACzD,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;SACrC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACjB,mDAAmD;YACnD,2BAA2B;YAC3B,8BAA8B;YAC9B,kCAAkC;YAClC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,IAAI,MAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,sCAAsC;aAC9C,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAA2B,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YACvE,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAEnD,OAAO;gBACL,OAAO,EAAE,UAAmB;gBAC5B,MAAM,EAAE,YAAY,OAAO,CAAC,YAAY,EAAE;gBAC1C,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;gBACjD,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;gBACvB,OAAO,EAAE,GAAG,OAAO,CAAC,YAAY,KAAK,OAAO,CAAC,OAAO,EAAE;gBACtD,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC;gBAC/D,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,SAAS;gBACnC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;gBACtD,QAAQ,EAAE;oBACR,WAAW,EAAE,OAAO,CAAC,YAAY;oBACjC,WAAW,EAAE,OAAO,CAAC,YAAY;oBACjC,SAAS,EAAE,OAAO,CAAC,UAAU;oBAC7B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,UAAU;oBACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,SAAS,EAAE,OAAO,CAAC,UAAU;oBAC7B,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,gCAAgC;QAChC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,UAAmB;oBAC5B,MAAM,EAAE,gBAAgB;oBACxB,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,CAAC;oBACP,OAAO,EAAE,mBAAmB,KAAK,CAAC,KAAK,EAAE;oBACzC,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;qBACvC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;YAC7B,YAAY,EAAE,MAAM,CAAC,SAAS;gBAC5B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,qBAAqB;oBACtC,MAAM,CAAC,SAAS,CAAC,gBAAgB;oBACjC,MAAM,CAAC,SAAS,CAAC,mBAAmB;gBACtC,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,WAAmB;IACnD,IAAI,CAAC;QACH,oBAAoB;QACpB,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QAE3C,iCAAiC;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;YAC1D,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC;gBAC5D,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,8BAA8B;gBAC9B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtE,OAAO,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;YACtB,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAChC,SAAS,WAAW,sCAAsC,EAC1D,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CAAC;gBACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"brakeman.js","sourceRoot":"","sources":["../../src/scanners/brakeman.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAoD5C;;GAEG;AACH,MAAM,cAAc,GAA2B;IAC7C,eAAe,EAAE,QAAQ;IACzB,sBAAsB,EAAE,QAAQ;IAChC,4BAA4B,EAAE,SAAS;IACvC,uBAAuB,EAAE,QAAQ;IACjC,mBAAmB,EAAE,QAAQ;IAC7B,gBAAgB,EAAE,QAAQ;IAC1B,UAAU,EAAE,SAAS;IACrB,iBAAiB,EAAE,SAAS;IAC5B,iBAAiB,EAAE,SAAS;IAC5B,mBAAmB,EAAE,SAAS;IAC9B,aAAa,EAAE,QAAQ;IACvB,qBAAqB,EAAE,QAAQ;IAC/B,gBAAgB,EAAE,QAAQ;IAC1B,gBAAgB,EAAE,QAAQ;IAC1B,yBAAyB,EAAE,SAAS;IACpC,wBAAwB,EAAE,SAAS;IACnC,gBAAgB,EAAE,SAAS;IAC3B,eAAe,EAAE,SAAS;IAC1B,WAAW,EAAE,SAAS;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,UAAU;QACnB,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,oBAAoB;KAC5B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,UAAsC,EAAE,WAAmB;IAC9E,qEAAqE;IACrE,MAAM,aAAa,GAAG;QACpB,eAAe;QACf,uBAAuB;QACvB,mBAAmB;QACnB,gBAAgB;KACjB,CAAC;IAEF,IAAI,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QACjE,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAmB,EACnB,OAKC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,iCAAiC;QACjC,MAAM,YAAY,GAAG,MAAM,sBAAsB,EAAE,CAAC;QACpD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,+DAA+D;aACvE,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yEAAyE;aACjF,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;QAExE,IAAI,OAAO,EAAE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,EAAE,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QACtC,CAAC;QAED,iEAAiE;QACjE,kEAAkE;QAClE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE;YACpD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,oBAAoB;YACzD,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;SACrC,CAAC,CAAC;QAEH,IAAI,MAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,SAAS,CAAiB,MAAM,EAAE,iBAAiB,CAAC,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,sCAAsC;aAC9C,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAA2B,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YACvE,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAEnD,OAAO;gBACL,OAAO,EAAE,UAAmB;gBAC5B,MAAM,EAAE,YAAY,OAAO,CAAC,YAAY,EAAE;gBAC1C,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;gBACjD,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;gBACvB,OAAO,EAAE,GAAG,OAAO,CAAC,YAAY,KAAK,OAAO,CAAC,OAAO,EAAE;gBACtD,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC;gBAC/D,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnC,QAAQ,EAAE,OAAO,CAAC,IAAI,IAAI,SAAS;gBACnC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;gBACtD,QAAQ,EAAE;oBACR,WAAW,EAAE,OAAO,CAAC,YAAY;oBACjC,WAAW,EAAE,OAAO,CAAC,YAAY;oBACjC,SAAS,EAAE,OAAO,CAAC,UAAU;oBAC7B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,kBAAkB,EAAE,OAAO,CAAC,UAAU;oBACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,SAAS,EAAE,OAAO,CAAC,UAAU;oBAC7B,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,gCAAgC;QAChC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,UAAmB;oBAC5B,MAAM,EAAE,gBAAgB;oBACxB,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,CAAC;oBACP,OAAO,EAAE,mBAAmB,KAAK,CAAC,KAAK,EAAE;oBACzC,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;qBACvC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;YAC7B,YAAY,EAAE,MAAM,CAAC,SAAS;gBAC5B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,qBAAqB;oBACtC,MAAM,CAAC,SAAS,CAAC,gBAAgB;oBACjC,MAAM,CAAC,SAAS,CAAC,mBAAmB;gBACtC,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,WAAmB;IACnD,IAAI,CAAC;QACH,oBAAoB;QACpB,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QAE3C,iCAAiC;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;YAC1D,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC;gBAC5D,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,8BAA8B;gBAC9B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtE,OAAO,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;YACtB,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CACjC,MAAM,EACN,CAAC,WAAW,EAAE,WAAW,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,EAChD,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CAAC;gBACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/scanners/builtin-rules.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Built-in Semgrep taint rules.
+ *
+ * Semgrep's free community rulesets (p/owasp-top-ten, p/javascript, …)
+ * do NOT include the taint-tracking rules for SQL injection, command
+ * injection, and SSRF — those require `semgrep login` (a registry
+ * account). That left a major detection gap: the product could not catch
+ * three of the most important vulnerability classes offline.
+ *
+ * These embedded taint rules close that gap with zero login/network —
+ * they ship with the package as a string and are written to a temp file
+ * at scan time, then passed to semgrep with `--config`. Verified against
+ * the eval fixtures.
+ *
+ * @module scanners/builtin-rules
+ */
+/** Embedded Semgrep taint rules (YAML). */
+export declare const BUILTIN_SEMGREP_RULES = "rules:\n  - id: vaspera-sql-injection\n    mode: taint\n    severity: ERROR\n    languages: [javascript, typescript]\n    message: >-\n      Untrusted request input flows into a SQL query without\n      parameterization (SQL injection).\n    metadata:\n      category: security\n      cwe: \"CWE-89\"\n      owasp: \"A03:2021\"\n      vaspera: builtin\n    pattern-sources:\n      - pattern: req.query\n      - pattern: req.params\n      - pattern: req.body\n      - pattern: req.headers\n    pattern-sinks:\n      - patterns:\n          - pattern: $X.query($SQL, ...)\n          - focus-metavariable: $SQL\n      - patterns:\n          - pattern: $X.execute($SQL, ...)\n          - focus-metavariable: $SQL\n      - pattern: $X.raw(...)\n  - id: vaspera-command-injection\n    mode: taint\n    severity: ERROR\n    languages: [javascript, typescript]\n    message: >-\n      Untrusted request input flows into a shell command\n      (command injection).\n    metadata:\n      category: security\n      cwe: \"CWE-78\"\n      owasp: \"A03:2021\"\n      vaspera: builtin\n    pattern-sources:\n      - pattern: req.query\n      - pattern: req.params\n      - pattern: req.body\n    # exec/execSync run a shell string (dangerous with interpolation).\n    # Array-form spawn(cmd, [args]) is the SAFE alternative, so it is\n    # intentionally NOT a sink \u2014 flagging it would be a false positive.\n    pattern-sinks:\n      - pattern: exec(...)\n      - pattern: execSync(...)\n      - pattern: $CP.exec(...)\n      - pattern: $CP.execSync(...)\n      - patterns:\n          - pattern: spawn($CMD, ...)\n          - focus-metavariable: $CMD\n      - patterns:\n          - pattern: $CP.spawn($CMD, ...)\n          - focus-metavariable: $CMD\n  - id: vaspera-ssrf\n    mode: taint\n    severity: ERROR\n    languages: [javascript, typescript]\n    message: >-\n      Untrusted request input flows into an outbound request URL\n      (server-side request forgery).\n    metadata:\n      category: security\n      cwe: \"CWE-918\"\n      owasp: \"A10:2021\"\n      vaspera: builtin\n    pattern-sources:\n      - pattern: req.query\n      - pattern: req.params\n      - pattern: req.body\n    # Focus on the URL argument \u2014 taint in a request body/payload\n    # argument is not SSRF, so flagging it would be a false positive.\n    pattern-sinks:\n      - patterns:\n          - pattern: fetch($URL, ...)\n          - focus-metavariable: $URL\n      - patterns:\n          - pattern: axios.get($URL, ...)\n          - focus-metavariable: $URL\n      - patterns:\n          - pattern: axios.post($URL, ...)\n          - focus-metavariable: $URL\n      - patterns:\n          - pattern: axios($URL, ...)\n          - focus-metavariable: $URL\n      - patterns:\n          - pattern: http.get($URL, ...)\n          - focus-metavariable: $URL\n      - patterns:\n          - pattern: https.get($URL, ...)\n          - focus-metavariable: $URL\n      - patterns:\n          - pattern: got($URL, ...)\n          - focus-metavariable: $URL\n  - id: vaspera-insecure-deserialization\n    severity: ERROR\n    languages: [javascript, typescript]\n    message: >-\n      Insecure deserialization (CWE-502): untrusted input is executed as code\n      via eval, the Function constructor, or an unsafe yaml.load. Use JSON.parse\n      or a safe schema (yaml.load(x, { schema: JSON_SCHEMA })).\n    metadata:\n      category: security\n      cwe: \"CWE-502\"\n      owasp: \"A08:2021\"\n      vaspera: builtin\n    # Not taint-tracked: these sinks execute their argument as code regardless\n    # of provenance, so the construct itself is the vulnerability.\n    pattern-either:\n      - pattern: eval(...)\n      - pattern: new Function(...)\n      # Single-arg yaml.load (no safe schema). A 1-arg pattern (no \"...\")\n      # naturally excludes the safe 2-arg form yaml.load(x, { schema }).\n      # Constrain the receiver to yaml-ish names so it doesn't match every\n      # unrelated .load() call.\n      - patterns:\n          - pattern: $YAML.load($X)\n          - metavariable-regex:\n              metavariable: $YAML\n              regex: (?i)(yaml|jsyaml)\n  - id: vaspera-xxe\n    severity: ERROR\n    languages: [javascript, typescript]\n    message: >-\n      XML external entity injection (XXE, CWE-611): an XML parser is constructed\n      without disabling external entity resolution. Disable DTD/entity expansion\n      or use a parser that is safe by default.\n    metadata:\n      category: security\n      cwe: \"CWE-611\"\n      owasp: \"A05:2021\"\n      vaspera: builtin\n    # xmldom's DOMParser resolves external entities by default; fast-xml-parser's\n    # XMLParser is safe by default and is intentionally NOT flagged.\n    pattern-either:\n      - pattern: new DOMParser()\n      - pattern: new DOMParser(...).parseFromString(...)\n";
+/**
+ * Write the built-in rules to a temp file (once per process) and return
+ * the path, for passing to `semgrep --config`.
+ */
+export declare function getBuiltinRulesPath(): Promise<string>;
+//# sourceMappingURL=builtin-rules.d.ts.map

package/dist/scanners/builtin-rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"builtin-rules.d.ts","sourceRoot":"","sources":["../../src/scanners/builtin-rules.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAMH,2CAA2C;AAC3C,eAAO,MAAM,qBAAqB,svJA2IjC,CAAC;AAIF;;;GAGG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC,CAO3D"}

package/dist/scanners/builtin-rules.js

@@ -0,0 +1,175 @@
+/**
+ * Built-in Semgrep taint rules.
+ *
+ * Semgrep's free community rulesets (p/owasp-top-ten, p/javascript, …)
+ * do NOT include the taint-tracking rules for SQL injection, command
+ * injection, and SSRF — those require `semgrep login` (a registry
+ * account). That left a major detection gap: the product could not catch
+ * three of the most important vulnerability classes offline.
+ *
+ * These embedded taint rules close that gap with zero login/network —
+ * they ship with the package as a string and are written to a temp file
+ * at scan time, then passed to semgrep with `--config`. Verified against
+ * the eval fixtures.
+ *
+ * @module scanners/builtin-rules
+ */
+import { writeFile, mkdtemp } from "fs/promises";
+import { tmpdir } from "os";
+import { join } from "path";
+/** Embedded Semgrep taint rules (YAML). */
+export const BUILTIN_SEMGREP_RULES = `rules:
+  - id: vaspera-sql-injection
+    mode: taint
+    severity: ERROR
+    languages: [javascript, typescript]
+    message: >-
+      Untrusted request input flows into a SQL query without
+      parameterization (SQL injection).
+    metadata:
+      category: security
+      cwe: "CWE-89"
+      owasp: "A03:2021"
+      vaspera: builtin
+    pattern-sources:
+      - pattern: req.query
+      - pattern: req.params
+      - pattern: req.body
+      - pattern: req.headers
+    pattern-sinks:
+      - patterns:
+          - pattern: $X.query($SQL, ...)
+          - focus-metavariable: $SQL
+      - patterns:
+          - pattern: $X.execute($SQL, ...)
+          - focus-metavariable: $SQL
+      - pattern: $X.raw(...)
+  - id: vaspera-command-injection
+    mode: taint
+    severity: ERROR
+    languages: [javascript, typescript]
+    message: >-
+      Untrusted request input flows into a shell command
+      (command injection).
+    metadata:
+      category: security
+      cwe: "CWE-78"
+      owasp: "A03:2021"
+      vaspera: builtin
+    pattern-sources:
+      - pattern: req.query
+      - pattern: req.params
+      - pattern: req.body
+    # exec/execSync run a shell string (dangerous with interpolation).
+    # Array-form spawn(cmd, [args]) is the SAFE alternative, so it is
+    # intentionally NOT a sink — flagging it would be a false positive.
+    pattern-sinks:
+      - pattern: exec(...)
+      - pattern: execSync(...)
+      - pattern: $CP.exec(...)
+      - pattern: $CP.execSync(...)
+      - patterns:
+          - pattern: spawn($CMD, ...)
+          - focus-metavariable: $CMD
+      - patterns:
+          - pattern: $CP.spawn($CMD, ...)
+          - focus-metavariable: $CMD
+  - id: vaspera-ssrf
+    mode: taint
+    severity: ERROR
+    languages: [javascript, typescript]
+    message: >-
+      Untrusted request input flows into an outbound request URL
+      (server-side request forgery).
+    metadata:
+      category: security
+      cwe: "CWE-918"
+      owasp: "A10:2021"
+      vaspera: builtin
+    pattern-sources:
+      - pattern: req.query
+      - pattern: req.params
+      - pattern: req.body
+    # Focus on the URL argument — taint in a request body/payload
+    # argument is not SSRF, so flagging it would be a false positive.
+    pattern-sinks:
+      - patterns:
+          - pattern: fetch($URL, ...)
+          - focus-metavariable: $URL
+      - patterns:
+          - pattern: axios.get($URL, ...)
+          - focus-metavariable: $URL
+      - patterns:
+          - pattern: axios.post($URL, ...)
+          - focus-metavariable: $URL
+      - patterns:
+          - pattern: axios($URL, ...)
+          - focus-metavariable: $URL
+      - patterns:
+          - pattern: http.get($URL, ...)
+          - focus-metavariable: $URL
+      - patterns:
+          - pattern: https.get($URL, ...)
+          - focus-metavariable: $URL
+      - patterns:
+          - pattern: got($URL, ...)
+          - focus-metavariable: $URL
+  - id: vaspera-insecure-deserialization
+    severity: ERROR
+    languages: [javascript, typescript]
+    message: >-
+      Insecure deserialization (CWE-502): untrusted input is executed as code
+      via eval, the Function constructor, or an unsafe yaml.load. Use JSON.parse
+      or a safe schema (yaml.load(x, { schema: JSON_SCHEMA })).
+    metadata:
+      category: security
+      cwe: "CWE-502"
+      owasp: "A08:2021"
+      vaspera: builtin
+    # Not taint-tracked: these sinks execute their argument as code regardless
+    # of provenance, so the construct itself is the vulnerability.
+    pattern-either:
+      - pattern: eval(...)
+      - pattern: new Function(...)
+      # Single-arg yaml.load (no safe schema). A 1-arg pattern (no "...")
+      # naturally excludes the safe 2-arg form yaml.load(x, { schema }).
+      # Constrain the receiver to yaml-ish names so it doesn't match every
+      # unrelated .load() call.
+      - patterns:
+          - pattern: $YAML.load($X)
+          - metavariable-regex:
+              metavariable: $YAML
+              regex: (?i)(yaml|jsyaml)
+  - id: vaspera-xxe
+    severity: ERROR
+    languages: [javascript, typescript]
+    message: >-
+      XML external entity injection (XXE, CWE-611): an XML parser is constructed
+      without disabling external entity resolution. Disable DTD/entity expansion
+      or use a parser that is safe by default.
+    metadata:
+      category: security
+      cwe: "CWE-611"
+      owasp: "A05:2021"
+      vaspera: builtin
+    # xmldom's DOMParser resolves external entities by default; fast-xml-parser's
+    # XMLParser is safe by default and is intentionally NOT flagged.
+    pattern-either:
+      - pattern: new DOMParser()
+      - pattern: new DOMParser(...).parseFromString(...)
+`;
+let cachedRulesPath = null;
+/**
+ * Write the built-in rules to a temp file (once per process) and return
+ * the path, for passing to `semgrep --config`.
+ */
+export async function getBuiltinRulesPath() {
+    if (cachedRulesPath)
+        return cachedRulesPath;
+    const dir = await mkdtemp(join(tmpdir(), "vaspera-semgrep-rules-"));
+    const path = join(dir, "vaspera-builtin.yaml");
+    await writeFile(path, BUILTIN_SEMGREP_RULES, "utf-8");
+    cachedRulesPath = path;
+    return path;
+}
+//# sourceMappingURL=builtin-rules.js.map

package/dist/scanners/builtin-rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"builtin-rules.js","sourceRoot":"","sources":["../../src/scanners/builtin-rules.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,2CAA2C;AAC3C,MAAM,CAAC,MAAM,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2IpC,CAAC;AAEF,IAAI,eAAe,GAAkB,IAAI,CAAC;AAE1C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAC5C,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAC;IAC/C,MAAM,SAAS,CAAC,IAAI,EAAE,qBAAqB,EAAE,OAAO,CAAC,CAAC;IACtD,eAAe,GAAG,IAAI,CAAC;IACvB,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/scanners/dast.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dast.d.ts","sourceRoot":"","sources":["../../src/scanners/dast.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,oBAAoB,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAmC3F,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAgBzE;AAiBD,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,wBAAsB,SAAS,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,aAAa,CAAC,CAuHxB;AAED,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,aAAa,CAAC,CAExB;AAED,wBAAsB,gBAAgB,CACpC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAOxB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IACjC,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAED,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,aAAa,GACpB,UAAU,CAgBZ;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAiD3D"}
+{"version":3,"file":"dast.d.ts","sourceRoot":"","sources":["../../src/scanners/dast.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,oBAAoB,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAiC3F,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAczE;AAiBD,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,wBAAsB,SAAS,CAC7B,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,aAAa,CAAC,CAiHxB;AAED,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,aAAa,CAAC,CAExB;AAED,wBAAsB,gBAAgB,CACpC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,aAAa,CAAC,CAOxB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IACjC,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAED,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,aAAa,GACpB,UAAU,CAgBZ;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAiD3D"}