vaspera 2.9.2 → 2.10.1

package/dist/scanners/fp-feedback.js

@@ -0,0 +1,292 @@
+/**
+ * False Positive Feedback
+ *
+ * Handles user feedback on findings and maintains a feedback database
+ * for improving FP detection over time.
+ *
+ * @module scanners/fp-feedback
+ */
+import { readFile, writeFile, mkdir } from "fs/promises";
+import { join, dirname } from "path";
+import { markFalsePositive, markTruePositive } from "./fp-tracker.js";
+import { logger } from "../logger.js";
+/**
+ * FP reason descriptions for UI
+ */
+export const FP_REASON_DESCRIPTIONS = {
+    "test-code": "Finding is in test code and doesn't affect production",
+    "false-pattern-match": "Pattern matched but context shows it's not a real issue",
+    "sanitized-elsewhere": "Input is sanitized/validated elsewhere in the codebase",
+    "intentional": "This is intentional behavior (documented risk acceptance)",
+    "vendor-code": "Third-party/vendored code that cannot be modified",
+    "generated-code": "Auto-generated code that will be regenerated",
+    "example-code": "Example/demo code not used in production",
+    "configuration": "Scanner configuration issue (rule too broad)",
+    "other": "Other reason (specify in details)",
+};
+/**
+ * Get feedback file path
+ */
+function getFeedbackFilePath(projectPath) {
+    return join(projectPath, ".vaspera", "fp-feedback.json");
+}
+/**
+ * Generate unique feedback ID
+ */
+function generateFeedbackId() {
+    return `fb-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
+}
+/**
+ * Load feedback database
+ */
+export async function loadFeedbackDatabase(projectPath) {
+    const filePath = getFeedbackFilePath(projectPath);
+    try {
+        const content = await readFile(filePath, "utf-8");
+        return JSON.parse(content);
+    }
+    catch {
+        return {
+            version: "1.0.0",
+            projectPath,
+            entries: [],
+            stats: {
+                totalFeedback: 0,
+                tpCount: 0,
+                fpCount: 0,
+                byScanner: {},
+                byReason: {},
+            },
+        };
+    }
+}
+/**
+ * Save feedback database
+ */
+export async function saveFeedbackDatabase(projectPath, db) {
+    const filePath = getFeedbackFilePath(projectPath);
+    await mkdir(dirname(filePath), { recursive: true });
+    await writeFile(filePath, JSON.stringify(db, null, 2), "utf-8");
+    logger.debug("fp_feedback.saved", { filePath, entries: db.entries.length });
+}
+/**
+ * Submit feedback for a finding
+ */
+export async function submitFeedback(projectPath, finding, verdict, options) {
+    const db = await loadFeedbackDatabase(projectPath);
+    // Create feedback entry
+    const entry = {
+        id: generateFeedbackId(),
+        findingId: `${finding.scanner}-${finding.ruleId}-${finding.file}:${finding.line}`,
+        scanner: finding.scanner,
+        ruleId: finding.ruleId,
+        file: finding.file,
+        line: finding.line,
+        severity: finding.severity,
+        verdict,
+        reason: verdict === "fp" ? options?.reason : undefined,
+        details: options?.details,
+        submittedBy: options?.submittedBy,
+        submittedAt: new Date().toISOString(),
+        codeHash: options?.codeHash,
+    };
+    // Add to database
+    db.entries.push(entry);
+    // Update stats
+    db.stats.totalFeedback++;
+    if (verdict === "tp") {
+        db.stats.tpCount++;
+    }
+    else {
+        db.stats.fpCount++;
+        if (options?.reason) {
+            db.stats.byReason[options.reason] = (db.stats.byReason[options.reason] || 0) + 1;
+        }
+    }
+    // Update scanner stats
+    if (!db.stats.byScanner[finding.scanner]) {
+        db.stats.byScanner[finding.scanner] = { tp: 0, fp: 0 };
+    }
+    db.stats.byScanner[finding.scanner][verdict]++;
+    await saveFeedbackDatabase(projectPath, db);
+    // Also update the FP tracker
+    if (verdict === "fp") {
+        await markFalsePositive(projectPath, finding.scanner, finding.ruleId, options?.reason);
+    }
+    else {
+        await markTruePositive(projectPath, finding.scanner, finding.ruleId);
+    }
+    logger.info("fp_feedback.submitted", {
+        id: entry.id,
+        scanner: finding.scanner,
+        ruleId: finding.ruleId,
+        verdict,
+        reason: options?.reason,
+    });
+    return entry;
+}
+/**
+ * Get feedback for a specific finding
+ */
+export async function getFeedbackForFinding(projectPath, scanner, ruleId, file, line) {
+    const db = await loadFeedbackDatabase(projectPath);
+    return db.entries.filter((entry) => {
+        const matchesScanner = entry.scanner === scanner;
+        const matchesRule = entry.ruleId === ruleId;
+        const matchesFile = entry.file === file;
+        const matchesLine = line === undefined || entry.line === line;
+        return matchesScanner && matchesRule && matchesFile && matchesLine;
+    });
+}
+/**
+ * Get all feedback for a rule
+ */
+export async function getFeedbackForRule(projectPath, scanner, ruleId) {
+    const db = await loadFeedbackDatabase(projectPath);
+    return db.entries.filter((entry) => entry.scanner === scanner && entry.ruleId === ruleId);
+}
+/**
+ * Check if a finding has existing feedback
+ */
+export async function hasFeedback(projectPath, scanner, ruleId, file, line) {
+    const feedback = await getFeedbackForFinding(projectPath, scanner, ruleId, file, line);
+    return feedback.length > 0;
+}
+/**
+ * Get suppression suggestions based on feedback
+ */
+export async function getSuppressionSuggestions(projectPath, options) {
+    const minFPRate = options?.minFPRate ?? 0.5;
+    const minSampleSize = options?.minSampleSize ?? 5;
+    const db = await loadFeedbackDatabase(projectPath);
+    // Group feedback by scanner/rule
+    const ruleGroups = new Map();
+    for (const entry of db.entries) {
+        const key = `${entry.scanner}:${entry.ruleId}`;
+        const existing = ruleGroups.get(key) || [];
+        existing.push(entry);
+        ruleGroups.set(key, existing);
+    }
+    const suggestions = [];
+    for (const [key, entries] of ruleGroups) {
+        const [scanner, ruleId] = key.split(":");
+        if (entries.length < minSampleSize) {
+            continue;
+        }
+        const fpCount = entries.filter((e) => e.verdict === "fp").length;
+        const fpRate = fpCount / entries.length;
+        if (fpRate < minFPRate) {
+            continue;
+        }
+        // Get common FP reasons
+        const reasonCounts = new Map();
+        for (const entry of entries) {
+            if (entry.verdict === "fp" && entry.reason) {
+                reasonCounts.set(entry.reason, (reasonCounts.get(entry.reason) || 0) + 1);
+            }
+        }
+        const commonReasons = Array.from(reasonCounts.entries())
+            .sort((a, b) => b[1] - a[1])
+            .slice(0, 3)
+            .map(([reason]) => reason);
+        // Determine suggestion
+        let suggestion;
+        if (fpRate >= 0.8) {
+            suggestion = "disable";
+        }
+        else if (fpRate >= 0.5) {
+            suggestion = "review";
+        }
+        else {
+            suggestion = "keep";
+        }
+        suggestions.push({
+            scanner,
+            ruleId,
+            fpRate,
+            sampleSize: entries.length,
+            suggestion,
+            commonReasons,
+        });
+    }
+    // Sort by FP rate descending
+    return suggestions.sort((a, b) => b.fpRate - a.fpRate);
+}
+/**
+ * Generate feedback summary report
+ */
+export async function generateFeedbackReport(projectPath) {
+    const db = await loadFeedbackDatabase(projectPath);
+    const suppressionSuggestions = await getSuppressionSuggestions(projectPath);
+    const totalFeedback = db.stats.totalFeedback;
+    const overallFPRate = totalFeedback > 0 ? db.stats.fpCount / totalFeedback : 0;
+    // By scanner
+    const byScanner = Object.entries(db.stats.byScanner).map(([scanner, stats]) => ({
+        scanner: scanner,
+        total: stats.tp + stats.fp,
+        tp: stats.tp,
+        fp: stats.fp,
+        fpRate: (stats.tp + stats.fp) > 0 ? stats.fp / (stats.tp + stats.fp) : 0,
+    }));
+    // Top FP reasons
+    const topFPReasons = Object.entries(db.stats.byReason)
+        .sort(([, a], [, b]) => b - a)
+        .slice(0, 5)
+        .map(([reason, count]) => ({
+        reason: reason,
+        count,
+        percentage: db.stats.fpCount > 0 ? (count / db.stats.fpCount) * 100 : 0,
+    }));
+    // Recent feedback (last 10)
+    const recentFeedback = [...db.entries]
+        .sort((a, b) => new Date(b.submittedAt).getTime() - new Date(a.submittedAt).getTime())
+        .slice(0, 10);
+    return {
+        overview: {
+            totalFeedback,
+            tpCount: db.stats.tpCount,
+            fpCount: db.stats.fpCount,
+            overallFPRate,
+        },
+        byScanner,
+        topFPReasons,
+        recentFeedback,
+        suppressionSuggestions,
+    };
+}
+/**
+ * Clear old feedback entries
+ */
+export async function pruneOldFeedback(projectPath, maxAgeDays = 90) {
+    const db = await loadFeedbackDatabase(projectPath);
+    const cutoffDate = new Date();
+    cutoffDate.setDate(cutoffDate.getDate() - maxAgeDays);
+    const originalCount = db.entries.length;
+    db.entries = db.entries.filter((entry) => {
+        return new Date(entry.submittedAt) >= cutoffDate;
+    });
+    const removedCount = originalCount - db.entries.length;
+    if (removedCount > 0) {
+        // Recalculate stats
+        db.stats = {
+            totalFeedback: db.entries.length,
+            tpCount: db.entries.filter((e) => e.verdict === "tp").length,
+            fpCount: db.entries.filter((e) => e.verdict === "fp").length,
+            byScanner: {},
+            byReason: {},
+        };
+        for (const entry of db.entries) {
+            if (!db.stats.byScanner[entry.scanner]) {
+                db.stats.byScanner[entry.scanner] = { tp: 0, fp: 0 };
+            }
+            db.stats.byScanner[entry.scanner][entry.verdict]++;
+            if (entry.verdict === "fp" && entry.reason) {
+                db.stats.byReason[entry.reason] = (db.stats.byReason[entry.reason] || 0) + 1;
+            }
+        }
+        await saveFeedbackDatabase(projectPath, db);
+        logger.info("fp_feedback.pruned", { removed: removedCount, remaining: db.entries.length });
+    }
+    return removedCount;
+}
+//# sourceMappingURL=fp-feedback.js.map

package/dist/scanners/fp-feedback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fp-feedback.js","sourceRoot":"","sources":["../../src/scanners/fp-feedback.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAGrC,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAgBtC;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAA6B;IAC9D,WAAW,EAAE,uDAAuD;IACpE,qBAAqB,EAAE,yDAAyD;IAChF,qBAAqB,EAAE,wDAAwD;IAC/E,aAAa,EAAE,2DAA2D;IAC1E,aAAa,EAAE,mDAAmD;IAClE,gBAAgB,EAAE,8CAA8C;IAChE,cAAc,EAAE,0CAA0C;IAC1D,eAAe,EAAE,8CAA8C;IAC/D,OAAO,EAAE,mCAAmC;CAC7C,CAAC;AA8DF;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,OAAO,IAAI,CAAC,WAAW,EAAE,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB;IACzB,OAAO,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACnF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,WAAmB;IAC5D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,WAAW;YACX,OAAO,EAAE,EAAE;YACX,KAAK,EAAE;gBACL,aAAa,EAAE,CAAC;gBAChB,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,CAAC;gBACV,SAAS,EAAE,EAAE;gBACb,QAAQ,EAAE,EAAE;aACb;SACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAmB,EACnB,EAAoB;IAEpB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAElD,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAEhE,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,OAA6B,EAC7B,OAAoB,EACpB,OAKC;IAED,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAEnD,wBAAwB;IACxB,MAAM,KAAK,GAAkB;QAC3B,EAAE,EAAE,kBAAkB,EAAE;QACxB,SAAS,EAAE,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;QACjF,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO;QACP,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS;QACtD,OAAO,EAAE,OAAO,EAAE,OAAO;QACzB,WAAW,EAAE,OAAO,EAAE,WAAW;QACjC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,QAAQ,EAAE,OAAO,EAAE,QAAQ;KAC5B,CAAC;IAEF,kBAAkB;IAClB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAEvB,eAAe;IACf,EAAE,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;IACzB,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACnB,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;YACpB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;IACzD,CAAC;IACD,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAE/C,MAAM,oBAAoB,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAE5C,6BAA6B;IAC7B,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,MAAM,iBAAiB,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACzF,CAAC;SAAM,CAAC;QACN,MAAM,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;QACnC,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO;QACP,MAAM,EAAE,OAAO,EAAE,MAAM;KACxB,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAAmB,EACnB,OAAoB,EACpB,MAAc,EACd,IAAY,EACZ,IAAa;IAEb,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAEnD,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACjC,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC;QACxC,MAAM,WAAW,GAAG,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC;QAE9D,OAAO,cAAc,IAAI,WAAW,IAAI,WAAW,IAAI,WAAW,CAAC;IACrE,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,WAAmB,EACnB,OAAoB,EACpB,MAAc;IAEd,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAEnD,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CACtB,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAChE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAmB,EACnB,OAAoB,EACpB,MAAc,EACd,IAAY,EACZ,IAAa;IAEb,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACvF,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,OAGC;IASD,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,GAAG,CAAC;IAC5C,MAAM,aAAa,GAAG,OAAO,EAAE,aAAa,IAAI,CAAC,CAAC;IAClD,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAEnD,iCAAiC;IACjC,MAAM,UAAU,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEtD,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,MAAM,WAAW,GAOZ,EAAE,CAAC;IAER,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAA0B,CAAC;QAElE,IAAI,OAAO,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QACjE,MAAM,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;QAExC,IAAI,MAAM,GAAG,SAAS,EAAE,CAAC;YACvB,SAAS;QACX,CAAC;QAED,wBAAwB;QACxB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAoB,CAAC;QACjD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3C,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;aACrD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QAE7B,uBAAuB;QACvB,IAAI,UAAyC,CAAC;QAC9C,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YAClB,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;aAAM,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YACzB,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,MAAM,CAAC;QACtB,CAAC;QAED,WAAW,CAAC,IAAI,CAAC;YACf,OAAO;YACP,MAAM;YACN,MAAM;YACN,UAAU,EAAE,OAAO,CAAC,MAAM;YAC1B,UAAU;YACV,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,WAAmB;IAsB9D,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,sBAAsB,GAAG,MAAM,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAE5E,MAAM,aAAa,GAAG,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC;IAC7C,MAAM,aAAa,GAAG,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAE/E,aAAa;IACb,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9E,OAAO,EAAE,OAAsB;QAC/B,KAAK,EAAE,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE;QAC1B,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KACzE,CAAC,CAAC,CAAC;IAEJ,iBAAiB;IACjB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC;SACnD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;SAC7B,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,MAAkB;QAC1B,KAAK;QACL,UAAU,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;KACxE,CAAC,CAAC,CAAC;IAEN,4BAA4B;IAC5B,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;SACnC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;SACrF,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEhB,OAAO;QACL,QAAQ,EAAE;YACR,aAAa;YACb,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO;YACzB,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO;YACzB,aAAa;SACd;QACD,SAAS;QACT,YAAY;QACZ,cAAc;QACd,sBAAsB;KACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,WAAmB,EACnB,aAAqB,EAAE;IAEvB,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;IAC9B,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC,CAAC;IAEtD,MAAM,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAExC,EAAE,CAAC,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACvC,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,UAAU,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAEvD,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACrB,oBAAoB;QACpB,EAAE,CAAC,KAAK,GAAG;YACT,aAAa,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM;YAChC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,MAAM;YAC5D,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,MAAM;YAC5D,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,EAAE;SACb,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;YAC/B,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;YACvD,CAAC;YACD,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAEnD,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3C,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAED,MAAM,oBAAoB,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAE5C,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/scanners/fp-filter.d.ts

@@ -0,0 +1,94 @@
+/**
+ * False Positive Filter
+ *
+ * Context-aware filtering to reduce false positives from scanners.
+ * Analyzes code context, semantic patterns, and historical data.
+ *
+ * @module scanners/fp-filter
+ */
+import type { DeterministicFinding } from "./types.js";
+/**
+ * Context information for filtering decisions
+ */
+export interface FPFilterContext {
+    /** File-level context */
+    codeContext: {
+        isTestFile: boolean;
+        isGeneratedCode: boolean;
+        isThirdPartyVendored: boolean;
+        isMockFile: boolean;
+        isFixtureFile: boolean;
+        isExampleFile: boolean;
+    };
+    /** Semantic context from code analysis */
+    semanticContext: {
+        hasValidation: boolean;
+        hasEncoding: boolean;
+        isSanitized: boolean;
+        isConstant: boolean;
+        isEnvironmentVariable: boolean;
+    };
+    /** Historical FP data */
+    historicalContext: {
+        previousFPs: string[];
+        ruleAccuracy: number;
+        suppressions: string[];
+    };
+}
+/**
+ * Result of filtering decision
+ */
+export interface FilterResult {
+    /** Whether to filter out this finding */
+    filter: boolean;
+    /** Reason for filtering (if filtered) */
+    reason?: string;
+    /** Confidence in the filtering decision (0-100) */
+    confidence: number;
+    /** Suggested action */
+    suggestion?: "suppress" | "review" | "confirm";
+}
+/**
+ * Analyze file path to determine code context
+ */
+export declare function analyzeFilePath(filePath: string): FPFilterContext["codeContext"];
+/**
+ * Analyze code content for semantic context
+ */
+export declare function analyzeCodeContext(projectPath: string, finding: DeterministicFinding): Promise<FPFilterContext["semanticContext"]>;
+/**
+ * Determine if a finding should be filtered as a false positive
+ */
+export declare function shouldFilter(finding: DeterministicFinding, context: FPFilterContext): FilterResult;
+/**
+ * Filter findings and return filtered results with reasons
+ */
+export declare function filterFindings(projectPath: string, findings: DeterministicFinding[], options?: {
+    historicalData?: Map<string, {
+        fpRate: number;
+        suppressions: string[];
+    }>;
+    minConfidence?: number;
+}): Promise<{
+    filtered: DeterministicFinding[];
+    removed: Array<{
+        finding: DeterministicFinding;
+        reason: string;
+        confidence: number;
+    }>;
+    stats: {
+        total: number;
+        kept: number;
+        filtered: number;
+        byReason: Record<string, number>;
+    };
+}>;
+/**
+ * Get suggested suppressions for a finding
+ */
+export declare function getSuppressSuggestion(finding: DeterministicFinding, context: FPFilterContext): {
+    suppressionComment: string;
+    inlineSuppress: string;
+    fileSuppress: string;
+};
+//# sourceMappingURL=fp-filter.d.ts.map

package/dist/scanners/fp-filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fp-filter.d.ts","sourceRoot":"","sources":["../../src/scanners/fp-filter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,oBAAoB,EAAe,MAAM,YAAY,CAAC;AAGpE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,yBAAyB;IACzB,WAAW,EAAE;QACX,UAAU,EAAE,OAAO,CAAC;QACpB,eAAe,EAAE,OAAO,CAAC;QACzB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,UAAU,EAAE,OAAO,CAAC;QACpB,aAAa,EAAE,OAAO,CAAC;QACvB,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IAEF,0CAA0C;IAC1C,eAAe,EAAE;QACf,aAAa,EAAE,OAAO,CAAC;QACvB,WAAW,EAAE,OAAO,CAAC;QACrB,WAAW,EAAE,OAAO,CAAC;QACrB,UAAU,EAAE,OAAO,CAAC;QACpB,qBAAqB,EAAE,OAAO,CAAC;KAChC,CAAC;IAEF,yBAAyB;IACzB,iBAAiB,EAAE;QACjB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,yCAAyC;IACzC,MAAM,EAAE,OAAO,CAAC;IAEhB,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,mDAAmD;IACnD,UAAU,EAAE,MAAM,CAAC;IAEnB,uBAAuB;IACvB,UAAU,CAAC,EAAE,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;CAChD;AAqGD;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAAC,aAAa,CAAC,CAYhF;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC,CAmF7C;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,eAAe,GACvB,YAAY,CAyGd;AAoBD;;GAEG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,oBAAoB,EAAE,EAChC,OAAO,CAAC,EAAE;IACR,cAAc,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACzE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GACA,OAAO,CAAC;IACT,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IACjC,OAAO,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,oBAAoB,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtF,KAAK,EAAE;QACL,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAClC,CAAC;CACH,CAAC,CAwDD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,oBAAoB,EAC7B,OAAO,EAAE,eAAe,GACvB;IACD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB,CAmCA"}