vaspera 2.9.2 → 2.10.0

package/dist/scanners/dast/index.js

@@ -0,0 +1,259 @@
+/**
+ * DAST Scanner Module
+ *
+ * Aggregates OWASP ZAP and Nuclei for dynamic application
+ * security testing.
+ *
+ * @module scanners/dast
+ */
+import { logger } from "../../logger.js";
+import { DEFAULT_DAST_POLICY } from "./types.js";
+import { checkZapAvailable, runZap, getZapInstallInstructions } from "./zap.js";
+import { checkNucleiAvailable, runNuclei, getNucleiInstallInstructions } from "./nuclei.js";
+// Re-export types
+export * from "./types.js";
+// Re-export individual scanners
+export { checkZapAvailable, runZap, getZapInstallInstructions } from "./zap.js";
+export { checkNucleiAvailable, runNuclei, getNucleiInstallInstructions } from "./nuclei.js";
+/**
+ * Check availability of all DAST tools
+ */
+export async function checkDASTAvailability() {
+    const [zapResult, nucleiResult] = await Promise.all([
+        checkZapAvailable(),
+        checkNucleiAvailable(),
+    ]);
+    return [zapResult, nucleiResult];
+}
+/**
+ * Get installation instructions for missing DAST tools
+ */
+export function getDASTInstallInstructions(availability) {
+    const instructions = [];
+    for (const scanner of availability) {
+        if (!scanner.available) {
+            if (scanner.scanner === "zap") {
+                instructions.push(getZapInstallInstructions());
+            }
+            else if (scanner.scanner === "nuclei") {
+                instructions.push(getNucleiInstallInstructions());
+            }
+        }
+    }
+    if (instructions.length === 0) {
+        return "All DAST tools are installed and available.";
+    }
+    return instructions.join("\n---\n");
+}
+/**
+ * Deduplicate findings based on URL and rule pattern
+ */
+function deduplicateFindings(findings) {
+    const seen = new Map();
+    for (const finding of findings) {
+        // Create a unique key based on URL, severity, and rule pattern
+        const normalizedRuleId = finding.ruleId
+            .replace(/^zap-/, "")
+            .replace(/^nuclei-/, "")
+            .toLowerCase();
+        const key = `${finding.url}|${finding.severity}|${normalizedRuleId}`;
+        const existing = seen.get(key);
+        if (!existing || finding.confidence > existing.confidence) {
+            seen.set(key, finding);
+        }
+    }
+    return Array.from(seen.values());
+}
+/**
+ * Run DAST scan with specified scanners
+ */
+export async function runDASTScan(target, options) {
+    const startTime = new Date();
+    const scanners = options.scanners || ["zap", "nuclei"];
+    const policy = { ...DEFAULT_DAST_POLICY, ...options.policy };
+    logger.info("dast.scan_start", {
+        target: target.url,
+        scanners,
+        passiveOnly: policy.passiveOnly,
+    });
+    // Authorization check
+    if (!options.authorized) {
+        throw new Error("DAST scan requires explicit authorization. Set 'authorized: true' to confirm you have permission to scan the target.");
+    }
+    // Run selected scanners
+    const scanResults = [];
+    const runPromises = [];
+    if (scanners.includes("zap")) {
+        runPromises.push(runZap(target, policy));
+    }
+    if (scanners.includes("nuclei")) {
+        runPromises.push(runNuclei(target, policy));
+    }
+    const results = await Promise.all(runPromises);
+    scanResults.push(...results);
+    // Aggregate findings
+    const allFindings = [];
+    for (const result of scanResults) {
+        allFindings.push(...result.findings);
+    }
+    // Deduplicate
+    const uniqueFindings = deduplicateFindings(allFindings);
+    // Calculate stats
+    const bySeverity = {};
+    for (const finding of uniqueFindings) {
+        bySeverity[finding.severity] = (bySeverity[finding.severity] || 0) + 1;
+    }
+    const byScanner = {
+        zap: 0,
+        nuclei: 0,
+    };
+    for (const result of scanResults) {
+        byScanner[result.scanner] = result.findings.length;
+    }
+    const failedScanners = scanResults
+        .filter((r) => !r.success)
+        .map((r) => r.scanner);
+    const totalDuration = scanResults.reduce((sum, r) => sum + r.duration, 0);
+    const aggregated = {
+        timestamp: startTime.toISOString(),
+        target,
+        scanners: scanResults,
+        totalFindings: allFindings.length,
+        uniqueFindings,
+        bySeverity,
+        byScanner,
+        totalDuration,
+        allSucceeded: failedScanners.length === 0,
+        failedScanners,
+    };
+    logger.info("dast.scan_complete", {
+        totalFindings: allFindings.length,
+        uniqueFindings: uniqueFindings.length,
+        totalDuration,
+        allSucceeded: aggregated.allSucceeded,
+    });
+    return aggregated;
+}
+/**
+ * Quick passive scan (no active attacks)
+ */
+export async function runPassiveScan(target, options) {
+    return runDASTScan(target, {
+        ...options,
+        authorized: true,
+        policy: {
+            ...options?.policy,
+            passiveOnly: true,
+        },
+    });
+}
+/**
+ * Format DAST findings for display
+ */
+export function formatDASTFindings(findings) {
+    if (findings.length === 0) {
+        return "No vulnerabilities found.";
+    }
+    const lines = [
+        `## DAST Scan Results\n`,
+        `Found ${findings.length} unique vulnerabilities:\n`,
+    ];
+    // Group by severity
+    const bySeverity = new Map();
+    for (const finding of findings) {
+        const existing = bySeverity.get(finding.severity) || [];
+        existing.push(finding);
+        bySeverity.set(finding.severity, existing);
+    }
+    const severityOrder = ["critical", "high", "medium", "low", "info"];
+    for (const severity of severityOrder) {
+        const group = bySeverity.get(severity);
+        if (!group || group.length === 0)
+            continue;
+        const emoji = {
+            critical: "🔴",
+            high: "🟠",
+            medium: "🟡",
+            low: "🔵",
+            info: "⚪",
+        }[severity] || "⚪";
+        lines.push(`\n### ${emoji} ${severity.toUpperCase()} (${group.length})\n`);
+        for (const finding of group) {
+            lines.push(`- **${finding.name}** (${finding.scanner})`);
+            lines.push(`  - URL: ${finding.url}`);
+            if (finding.cweIds?.length) {
+                lines.push(`  - CWE: ${finding.cweIds.join(", ")}`);
+            }
+            if (finding.solution) {
+                lines.push(`  - Fix: ${finding.solution.slice(0, 200)}${finding.solution.length > 200 ? "..." : ""}`);
+            }
+        }
+    }
+    return lines.join("\n");
+}
+/**
+ * Convert DAST findings to SARIF format
+ */
+export function convertToSARIF(results) {
+    const rules = [];
+    const rulesSeen = new Set();
+    const sarif = {
+        $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+        version: "2.1.0",
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "Vaspera DAST",
+                        informationUri: "https://github.com/vaspera/hardening",
+                        version: "1.0.0",
+                        rules,
+                    },
+                },
+                results: results.uniqueFindings.map((finding) => {
+                    // Add rule if not seen
+                    if (!rulesSeen.has(finding.ruleId)) {
+                        rulesSeen.add(finding.ruleId);
+                        rules.push({
+                            id: finding.ruleId,
+                            name: finding.name,
+                            shortDescription: { text: finding.name },
+                            fullDescription: finding.description ? { text: finding.description } : undefined,
+                            defaultConfiguration: {
+                                level: finding.severity === "critical" || finding.severity === "high" ? "error" :
+                                    finding.severity === "medium" ? "warning" : "note",
+                            },
+                            properties: finding.tags ? { tags: finding.tags } : undefined,
+                        });
+                    }
+                    return {
+                        ruleId: finding.ruleId,
+                        level: finding.severity === "critical" || finding.severity === "high" ? "error" :
+                            finding.severity === "medium" ? "warning" : "note",
+                        message: {
+                            text: finding.description || finding.name,
+                        },
+                        locations: [
+                            {
+                                physicalLocation: {
+                                    artifactLocation: {
+                                        uri: finding.url,
+                                    },
+                                },
+                            },
+                        ],
+                        properties: {
+                            scanner: finding.scanner,
+                            confidence: finding.confidence,
+                            cweIds: finding.cweIds,
+                            cveIds: finding.cveIds,
+                            evidence: finding.evidence,
+                        },
+                    };
+                }),
+            },
+        ],
+    };
+    return sarif;
+}
+//# sourceMappingURL=index.js.map

package/dist/scanners/dast/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/dast/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAWzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAE5F,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,gCAAgC;AAChC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAE5F;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAClD,iBAAiB,EAAE;QACnB,oBAAoB,EAAE;KACvB,CAAC,CAAC;IAEH,OAAO,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,YAAgC;IACzE,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,IAAI,OAAO,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gBAC9B,YAAY,CAAC,IAAI,CAAC,yBAAyB,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,IAAI,OAAO,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACxC,YAAY,CAAC,IAAI,CAAC,4BAA4B,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,6CAA6C,CAAC;IACvD,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAuB;IAClD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE5C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,+DAA+D;QAC/D,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM;aACpC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;aACpB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;aACvB,WAAW,EAAE,CAAC;QAEjB,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QAErE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC1D,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAkB,EAClB,OAAwB;IAExB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,EAAE,GAAG,mBAAmB,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAE7D,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE;QAC7B,MAAM,EAAE,MAAM,CAAC,GAAG;QAClB,QAAQ;QACR,WAAW,EAAE,MAAM,CAAC,WAAW;KAChC,CAAC,CAAC;IAEH,sBAAsB;IACtB,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,sHAAsH,CAAC,CAAC;IAC1I,CAAC;IAED,wBAAwB;IACxB,MAAM,WAAW,GAAqB,EAAE,CAAC;IACzC,MAAM,WAAW,GAA8B,EAAE,CAAC;IAElD,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/C,WAAW,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAE7B,qBAAqB;IACrB,MAAM,WAAW,GAAkB,EAAE,CAAC;IACtC,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,cAAc;IACd,MAAM,cAAc,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAExD,kBAAkB;IAClB,MAAM,UAAU,GAAoC,EAAE,CAAC;IACvD,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,SAAS,GAAgC;QAC7C,GAAG,EAAE,CAAC;QACN,MAAM,EAAE,CAAC;KACV,CAAC;IACF,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IACrD,CAAC;IAED,MAAM,cAAc,GAAG,WAAW;SAC/B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEzB,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAE1E,MAAM,UAAU,GAAyB;QACvC,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;QAClC,MAAM;QACN,QAAQ,EAAE,WAAW;QACrB,aAAa,EAAE,WAAW,CAAC,MAAM;QACjC,cAAc;QACd,UAAU;QACV,SAAS;QACT,aAAa;QACb,YAAY,EAAE,cAAc,CAAC,MAAM,KAAK,CAAC;QACzC,cAAc;KACf,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAChC,aAAa,EAAE,WAAW,CAAC,MAAM;QACjC,cAAc,EAAE,cAAc,CAAC,MAAM;QACrC,aAAa;QACb,YAAY,EAAE,UAAU,CAAC,YAAY;KACtC,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,OAAoE;IAEpE,OAAO,WAAW,CAAC,MAAM,EAAE;QACzB,GAAG,OAAO;QACV,UAAU,EAAE,IAAI;QAChB,MAAM,EAAE;YACN,GAAG,OAAO,EAAE,MAAM;YAClB,WAAW,EAAE,IAAI;SAClB;KACF,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAuB;IACxD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,2BAA2B,CAAC;IACrC,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,wBAAwB;QACxB,SAAS,QAAQ,CAAC,MAAM,4BAA4B;KACrD,CAAC;IAEF,oBAAoB;IACpB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAyB,CAAC;IACpD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAEpE,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE3C,MAAM,KAAK,GAAG;YACZ,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,IAAI;YACV,MAAM,EAAE,IAAI;YACZ,GAAG,EAAE,IAAI;YACT,IAAI,EAAE,GAAG;SACV,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC;QAEnB,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,IAAI,QAAQ,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC;QAE3E,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC;YACzD,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YACtC,IAAI,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxG,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,OAA6B;IAC1D,MAAM,KAAK,GAON,EAAE,CAAC;IAER,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,MAAM,KAAK,GAAG;QACZ,OAAO,EAAE,gGAAgG;QACzG,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,cAAc;wBACpB,cAAc,EAAE,sCAAsC;wBACtD,OAAO,EAAE,OAAO;wBAChB,KAAK;qBACN;iBACF;gBACD,OAAO,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;oBAC9C,uBAAuB;oBACvB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBACnC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;wBAC9B,KAAK,CAAC,IAAI,CAAC;4BACT,EAAE,EAAE,OAAO,CAAC,MAAM;4BAClB,IAAI,EAAE,OAAO,CAAC,IAAI;4BAClB,gBAAgB,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;4BACxC,eAAe,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;4BAChF,oBAAoB,EAAE;gCACpB,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;oCAC1E,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;6BAC1D;4BACD,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;yBAC9D,CAAC,CAAC;oBACL,CAAC;oBAED,OAAO;wBACL,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;4BAC1E,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;wBACzD,OAAO,EAAE;4BACP,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;yBAC1C;wBACD,SAAS,EAAE;4BACT;gCACE,gBAAgB,EAAE;oCAChB,gBAAgB,EAAE;wCAChB,GAAG,EAAE,OAAO,CAAC,GAAG;qCACjB;iCACF;6BACF;yBACF;wBACD,UAAU,EAAE;4BACV,OAAO,EAAE,OAAO,CAAC,OAAO;4BACxB,UAAU,EAAE,OAAO,CAAC,UAAU;4BAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;yBAC3B;qBACF,CAAC;gBACJ,CAAC,CAAC;aACH;SACF;KACF,CAAC;IAEF,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/scanners/dast/nuclei.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Nuclei Scanner Integration
+ *
+ * Integrates with ProjectDiscovery's Nuclei for dynamic
+ * application security testing using template-based scanning.
+ *
+ * @module scanners/dast/nuclei
+ */
+import type { DASTTarget, DASTPolicy, DASTScanResult, DASTFinding, DASTAvailability, NucleiResult } from "./types.js";
+/**
+ * Check if Nuclei is available
+ */
+export declare function checkNucleiAvailable(): Promise<DASTAvailability>;
+/**
+ * Parse Nuclei JSON line output to DASTFinding
+ */
+export declare function parseNucleiResult(result: NucleiResult): DASTFinding;
+/**
+ * Run Nuclei scan
+ */
+export declare function runNuclei(target: DASTTarget, policy?: DASTPolicy): Promise<DASTScanResult>;
+/**
+ * Get Nuclei installation instructions
+ */
+export declare function getNucleiInstallInstructions(): string;
+//# sourceMappingURL=nuclei.d.ts.map

package/dist/scanners/dast/nuclei.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nuclei.d.ts","sourceRoot":"","sources":["../../../src/scanners/dast/nuclei.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EACV,UAAU,EACV,UAAU,EACV,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,YAAY,EACb,MAAM,YAAY,CAAC;AAGpB;;GAEG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAkDtE;AAqGD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,YAAY,GAAG,WAAW,CAmCnE;AA8BD;;GAEG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,UAAU,EAClB,MAAM,GAAE,UAAe,GACtB,OAAO,CAAC,cAAc,CAAC,CAgIzB;AAED;;GAEG;AACH,wBAAgB,4BAA4B,IAAI,MAAM,CAgCrD"}

package/dist/scanners/dast/nuclei.js

@@ -0,0 +1,354 @@
+/**
+ * Nuclei Scanner Integration
+ *
+ * Integrates with ProjectDiscovery's Nuclei for dynamic
+ * application security testing using template-based scanning.
+ *
+ * @module scanners/dast/nuclei
+ */
+import spawn from "cross-spawn";
+import { logger } from "../../logger.js";
+import { NUCLEI_SEVERITY_MAPPING } from "./types.js";
+/**
+ * Check if Nuclei is available
+ */
+export async function checkNucleiAvailable() {
+    return new Promise((resolve) => {
+        const child = spawn("nuclei", ["-version"], { timeout: 10000 });
+        let stdout = "";
+        let stderr = "";
+        child.stdout?.on("data", (data) => {
+            stdout += data.toString();
+        });
+        child.stderr?.on("data", (data) => {
+            stderr += data.toString();
+        });
+        child.on("close", (code) => {
+            if (code === 0) {
+                // Parse version from output (e.g., "Nuclei Engine Version: v3.1.0")
+                const versionMatch = (stdout + stderr).match(/v?\d+\.\d+\.\d+/);
+                const version = versionMatch ? versionMatch[0] : "unknown";
+                resolve({
+                    scanner: "nuclei",
+                    available: true,
+                    version,
+                    path: "nuclei",
+                    features: {
+                        passiveScan: true,
+                        activeScan: true,
+                        apiScan: true,
+                        authentication: true,
+                    },
+                });
+            }
+            else {
+                resolve({
+                    scanner: "nuclei",
+                    available: false,
+                    error: "Nuclei not found. Install via: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest",
+                });
+            }
+        });
+        child.on("error", () => {
+            resolve({
+                scanner: "nuclei",
+                available: false,
+                error: "Nuclei not found. Install via: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest",
+            });
+        });
+    });
+}
+/**
+ * Build Nuclei command arguments
+ */
+function buildNucleiArgs(target, policy) {
+    const args = [
+        "-u", target.url,
+        "-json", // JSON output
+        "-silent", // Minimal output
+        "-no-color", // No ANSI colors
+    ];
+    // Add severity filter based on risk threshold
+    if (policy.riskThreshold) {
+        const severityMap = {
+            high: "critical,high",
+            medium: "critical,high,medium",
+            low: "critical,high,medium,low",
+            informational: "critical,high,medium,low,info",
+        };
+        args.push("-severity", severityMap[policy.riskThreshold] || "critical,high,medium");
+    }
+    // Add specific templates if provided
+    if (policy.templates && policy.templates.length > 0) {
+        for (const template of policy.templates) {
+            args.push("-t", template);
+        }
+    }
+    // Add template tags
+    if (policy.templateTags && policy.templateTags.length > 0) {
+        args.push("-tags", policy.templateTags.join(","));
+    }
+    // Exclude tags
+    if (policy.excludeTags && policy.excludeTags.length > 0) {
+        args.push("-etags", policy.excludeTags.join(","));
+    }
+    // Passive-only mode (no active exploitation)
+    if (policy.passiveOnly) {
+        args.push("-passive");
+    }
+    // Rate limiting
+    if (policy.requestDelay && policy.requestDelay > 0) {
+        // Nuclei uses rate-limit as requests per second
+        const rps = Math.floor(1000 / policy.requestDelay);
+        args.push("-rate-limit", String(Math.max(1, rps)));
+    }
+    // Concurrency
+    if (policy.threads) {
+        args.push("-concurrency", String(policy.threads));
+    }
+    // Add custom headers
+    if (target.headers) {
+        for (const [key, value] of Object.entries(target.headers)) {
+            args.push("-header", `${key}: ${value}`);
+        }
+    }
+    // Add authentication header
+    if (target.authentication) {
+        const auth = target.authentication;
+        switch (auth.type) {
+            case "bearer":
+                if (auth.credentials.token) {
+                    args.push("-header", `Authorization: Bearer ${auth.credentials.token}`);
+                }
+                break;
+            case "basic":
+                if (auth.credentials.username && auth.credentials.password) {
+                    const encoded = Buffer.from(`${auth.credentials.username}:${auth.credentials.password}`).toString("base64");
+                    args.push("-header", `Authorization: Basic ${encoded}`);
+                }
+                break;
+            case "api-key":
+                if (auth.credentials.apiKey && auth.credentials.apiKeyHeader) {
+                    args.push("-header", `${auth.credentials.apiKeyHeader}: ${auth.credentials.apiKey}`);
+                }
+                break;
+            case "cookie":
+                if (auth.credentials.cookie) {
+                    args.push("-header", `Cookie: ${auth.credentials.cookie}`);
+                }
+                break;
+        }
+    }
+    return args;
+}
+/**
+ * Parse Nuclei JSON line output to DASTFinding
+ */
+export function parseNucleiResult(result) {
+    const severity = NUCLEI_SEVERITY_MAPPING[result.info.severity] || "info";
+    // Extract CWE and CVE IDs
+    const cweIds = result.info.classification?.["cwe-id"]?.map((id) => id.startsWith("CWE-") ? id : `CWE-${id}`);
+    const cveIds = result.info.classification?.["cve-id"];
+    // Build references array
+    const references = [];
+    if (result.info.reference) {
+        references.push(...result.info.reference);
+    }
+    if (result["template-url"]) {
+        references.push(result["template-url"]);
+    }
+    return {
+        scanner: "nuclei",
+        ruleId: `nuclei-${result["template-id"]}`,
+        name: result.info.name,
+        description: result.info.description || `${result.info.name} detected`,
+        severity,
+        confidence: getConfidenceFromSeverity(result.info.severity),
+        url: result.matched || result.host,
+        method: extractMethod(result.request),
+        evidence: result["extracted-results"]?.join("\n"),
+        cweIds,
+        cveIds,
+        references,
+        tags: result.info.tags,
+        timestamp: result.timestamp || new Date().toISOString(),
+        rawOutput: result,
+    };
+}
+/**
+ * Extract HTTP method from curl command or request
+ */
+function extractMethod(request) {
+    if (!request)
+        return undefined;
+    const methodMatch = request.match(/^(GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS)\s/);
+    return methodMatch ? methodMatch[1] : undefined;
+}
+/**
+ * Get confidence score based on severity
+ */
+function getConfidenceFromSeverity(severity) {
+    switch (severity.toLowerCase()) {
+        case "critical":
+            return 95;
+        case "high":
+            return 90;
+        case "medium":
+            return 80;
+        case "low":
+            return 70;
+        default:
+            return 60;
+    }
+}
+/**
+ * Run Nuclei scan
+ */
+export async function runNuclei(target, policy = {}) {
+    const startTime = new Date();
+    const mergedPolicy = { ...{ passiveOnly: true, maxDuration: 300, riskThreshold: "medium" }, ...policy };
+    logger.info("nuclei.scan_start", {
+        target: target.url,
+        passiveOnly: mergedPolicy.passiveOnly,
+    });
+    // Check availability
+    const availability = await checkNucleiAvailable();
+    if (!availability.available) {
+        return {
+            scanner: "nuclei",
+            target,
+            findings: [],
+            duration: Date.now() - startTime.getTime(),
+            success: false,
+            error: availability.error || "Nuclei not available",
+            stats: {
+                requestCount: 0,
+                urlsDiscovered: 0,
+                uniqueFindings: 0,
+                bySeverity: {},
+            },
+            startTime: startTime.toISOString(),
+            endTime: new Date().toISOString(),
+            policy: mergedPolicy,
+        };
+    }
+    return new Promise((resolve) => {
+        const args = buildNucleiArgs(target, mergedPolicy);
+        logger.debug("nuclei.command", { args: args.join(" ") });
+        const child = spawn("nuclei", args, {
+            timeout: (mergedPolicy.maxDuration || 300) * 1000,
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout?.on("data", (data) => {
+            stdout += data.toString();
+        });
+        child.stderr?.on("data", (data) => {
+            stderr += data.toString();
+        });
+        child.on("close", (code) => {
+            const endTime = new Date();
+            const findings = [];
+            // Parse JSON lines output
+            const lines = stdout.split("\n").filter(Boolean);
+            for (const line of lines) {
+                try {
+                    const result = JSON.parse(line);
+                    findings.push(parseNucleiResult(result));
+                }
+                catch {
+                    // Skip non-JSON lines
+                    logger.debug("nuclei.parse_skip", { line: line.slice(0, 100) });
+                }
+            }
+            // Calculate stats
+            const bySeverity = {};
+            for (const finding of findings) {
+                bySeverity[finding.severity] = (bySeverity[finding.severity] || 0) + 1;
+            }
+            const success = code === 0 || findings.length > 0;
+            const result = {
+                scanner: "nuclei",
+                target,
+                findings,
+                duration: endTime.getTime() - startTime.getTime(),
+                success,
+                error: !success && stderr ? stderr.slice(0, 500) : undefined,
+                stats: {
+                    requestCount: 0, // Not available from Nuclei output
+                    urlsDiscovered: new Set(findings.map((f) => f.url)).size,
+                    uniqueFindings: findings.length,
+                    bySeverity,
+                },
+                version: availability.version,
+                startTime: startTime.toISOString(),
+                endTime: endTime.toISOString(),
+                policy: mergedPolicy,
+            };
+            logger.info("nuclei.scan_complete", {
+                findings: findings.length,
+                duration: result.duration,
+                success,
+            });
+            resolve(result);
+        });
+        child.on("error", (error) => {
+            const endTime = new Date();
+            resolve({
+                scanner: "nuclei",
+                target,
+                findings: [],
+                duration: endTime.getTime() - startTime.getTime(),
+                success: false,
+                error: String(error),
+                stats: {
+                    requestCount: 0,
+                    urlsDiscovered: 0,
+                    uniqueFindings: 0,
+                    bySeverity: {},
+                },
+                version: availability.version,
+                startTime: startTime.toISOString(),
+                endTime: endTime.toISOString(),
+                policy: mergedPolicy,
+            });
+        });
+    });
+}
+/**
+ * Get Nuclei installation instructions
+ */
+export function getNucleiInstallInstructions() {
+    return `
+# Nuclei Installation
+
+## Go (Recommended)
+\`\`\`bash
+go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
+\`\`\`
+
+## Homebrew (macOS)
+\`\`\`bash
+brew install nuclei
+\`\`\`
+
+## Docker
+\`\`\`bash
+docker pull projectdiscovery/nuclei:latest
+\`\`\`
+
+## Binary Download
+Download from https://github.com/projectdiscovery/nuclei/releases
+
+## Update Templates
+\`\`\`bash
+nuclei -update-templates
+\`\`\`
+
+## Verify Installation
+\`\`\`bash
+nuclei -version
+\`\`\`
+`;
+}
+//# sourceMappingURL=nuclei.js.map

package/dist/scanners/dast/nuclei.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nuclei.js","sourceRoot":"","sources":["../../../src/scanners/dast/nuclei.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,MAAM,aAAa,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AASzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAErD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhE,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,oEAAoE;gBACpE,MAAM,YAAY,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBAChE,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAE3D,OAAO,CAAC;oBACN,OAAO,EAAE,QAAQ;oBACjB,SAAS,EAAE,IAAI;oBACf,OAAO;oBACP,IAAI,EAAE,QAAQ;oBACd,QAAQ,EAAE;wBACR,WAAW,EAAE,IAAI;wBACjB,UAAU,EAAE,IAAI;wBAChB,OAAO,EAAE,IAAI;wBACb,cAAc,EAAE,IAAI;qBACrB;iBACF,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC;oBACN,OAAO,EAAE,QAAQ;oBACjB,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,sGAAsG;iBAC9G,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACrB,OAAO,CAAC;gBACN,OAAO,EAAE,QAAQ;gBACjB,SAAS,EAAE,KAAK;gBAChB,KAAK,EAAE,sGAAsG;aAC9G,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,MAAkB,EAClB,MAAkB;IAElB,MAAM,IAAI,GAAa;QACrB,IAAI,EAAE,MAAM,CAAC,GAAG;QAChB,OAAO,EAAQ,cAAc;QAC7B,SAAS,EAAM,iBAAiB;QAChC,WAAW,EAAI,iBAAiB;KACjC,CAAC;IAEF,8CAA8C;IAC9C,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,WAAW,GAA2B;YAC1C,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,sBAAsB;YAC9B,GAAG,EAAE,0BAA0B;YAC/B,aAAa,EAAE,+BAA+B;SAC/C,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,sBAAsB,CAAC,CAAC;IACtF,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,eAAe;IACf,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,6CAA6C;IAC7C,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,gBAAgB;IAChB,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;QACnD,gDAAgD;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,cAAc;IACd,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,qBAAqB;IACrB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,cAAc,CAAC;QACnC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,QAAQ;gBACX,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;oBAC3B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC1E,CAAC;gBACD,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;oBAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CACzB,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAC5D,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACrB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,wBAAwB,OAAO,EAAE,CAAC,CAAC;gBAC1D,CAAC;gBACD,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,IAAI,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;oBAC7D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,KAAK,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;gBACvF,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;oBAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7D,CAAC;gBACD,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAoB;IACpD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC;IAEzE,0BAA0B;IAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAChE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,CACzC,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,CAAC;IAEtD,yBAAyB;IACzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1B,UAAU,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3B,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO;QACL,OAAO,EAAE,QAAiB;QAC1B,MAAM,EAAE,UAAU,MAAM,CAAC,aAAa,CAAC,EAAE;QACzC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,WAAW;QACtE,QAAQ;QACR,UAAU,EAAE,yBAAyB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC3D,GAAG,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI;QAClC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC;QACrC,QAAQ,EAAE,MAAM,CAAC,mBAAmB,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC;QACjD,MAAM;QACN,MAAM;QACN,UAAU;QACV,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;QACtB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACvD,SAAS,EAAE,MAA4C;KACxD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,OAAgB;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAE/B,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjF,OAAO,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,QAAgB;IACjD,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU;YACb,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,EAAE,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,EAAE,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,EAAE,CAAC;QACZ;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAkB,EAClB,SAAqB,EAAE;IAEvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,YAAY,GAAG,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,aAAa,EAAE,QAAiB,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;IAEjH,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC,GAAG;QAClB,WAAW,EAAE,YAAY,CAAC,WAAW;KACtC,CAAC,CAAC;IAEH,qBAAqB;IACrB,MAAM,YAAY,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAElD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;YAC1C,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,sBAAsB;YACnD,KAAK,EAAE;gBACL,YAAY,EAAE,CAAC;gBACf,cAAc,EAAE,CAAC;gBACjB,cAAc,EAAE,CAAC;gBACjB,UAAU,EAAE,EAAE;aACf;YACD,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;YAClC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAEnD,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEzD,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE;YAClC,OAAO,EAAE,CAAC,YAAY,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,IAAI;SAClD,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAChC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,MAAM,OAAO,GAAG,IAAI,IAAI,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAkB,EAAE,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAEjD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;oBAChD,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC3C,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;oBACtB,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;gBAClE,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,MAAM,UAAU,GAAoC,EAAE,CAAC;YACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACzE,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;YAElD,MAAM,MAAM,GAAmB;gBAC7B,OAAO,EAAE,QAAQ;gBACjB,MAAM;gBACN,QAAQ;gBACR,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;gBACjD,OAAO;gBACP,KAAK,EAAE,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC5D,KAAK,EAAE;oBACL,YAAY,EAAE,CAAC,EAAE,mCAAmC;oBACpD,cAAc,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;oBACxD,cAAc,EAAE,QAAQ,CAAC,MAAM;oBAC/B,UAAU;iBACX;gBACD,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;gBAClC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE;gBAC9B,MAAM,EAAE,YAAY;aACrB,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;gBAClC,QAAQ,EAAE,QAAQ,CAAC,MAAM;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,OAAO;aACR,CAAC,CAAC;YAEH,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC1B,MAAM,OAAO,GAAG,IAAI,IAAI,EAAE,CAAC;YAE3B,OAAO,CAAC;gBACN,OAAO,EAAE,QAAQ;gBACjB,MAAM;gBACN,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE;gBACjD,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;gBACpB,KAAK,EAAE;oBACL,YAAY,EAAE,CAAC;oBACf,cAAc,EAAE,CAAC;oBACjB,cAAc,EAAE,CAAC;oBACjB,UAAU,EAAE,EAAE;iBACf;gBACD,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;gBAClC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE;gBAC9B,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B;IAC1C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8BR,CAAC;AACF,CAAC"}