vaspera 2.9.2 → 2.10.1

package/dist/scanners/logic/index.js

@@ -0,0 +1,268 @@
+/**
+ * Business Logic Scanner Module
+ *
+ * Detects BOLA, IDOR, BFLA, and other authorization vulnerabilities
+ * through static analysis of API endpoints.
+ *
+ * @module scanners/logic
+ */
+import { logger } from "../../logger.js";
+import { LOGIC_VULN_CWE_MAP, LOGIC_VULN_OWASP_MAP, LOGIC_VULN_SEVERITY_MAP, } from "./types.js";
+import { extractEndpoints, detectFramework, } from "./endpoint-analyzer.js";
+import { analyzeEndpoints, } from "./auth-flow-analyzer.js";
+// Re-export types
+export * from "./types.js";
+// Re-export analyzer functions
+export { extractEndpoints, detectFramework, extractPathParams, inferResourceType, } from "./endpoint-analyzer.js";
+export { analyzeAuthorizationFlow, analyzeEndpoints, } from "./auth-flow-analyzer.js";
+/**
+ * Convert logic vulnerability to finding format
+ */
+function vulnerabilityToFinding(vuln) {
+    return {
+        scanner: "logic",
+        ruleId: `logic-${vuln.vulnType}`,
+        file: vuln.file,
+        line: vuln.line,
+        message: vuln.description,
+        severity: vuln.severity,
+        confidence: vuln.confidence,
+        category: vuln.vulnType,
+        vulnType: vuln.vulnType,
+        affectedEndpoint: vuln.endpoint,
+        httpMethod: vuln.method,
+        authCheck: vuln.authCheck,
+        resourceAccess: vuln.resourceAccess,
+        cweIds: vuln.cweIds,
+        owaspRefs: vuln.owaspRefs,
+        remediation: vuln.remediation,
+    };
+}
+/**
+ * Run logic vulnerability scan
+ */
+export async function runLogicScan(projectPath, options = {}) {
+    const startTime = Date.now();
+    logger.info("logic_scan.start", {
+        projectPath,
+        framework: options.framework || "auto",
+        focusAreas: options.focusAreas,
+    });
+    try {
+        // Detect framework if not specified
+        const framework = options.framework || (await detectFramework(projectPath));
+        // Extract endpoints
+        const endpoints = await extractEndpoints(projectPath, {
+            framework,
+            include: options.include,
+            exclude: options.exclude,
+        });
+        // Limit files if specified
+        const limitedEndpoints = options.maxFiles
+            ? endpoints.slice(0, options.maxFiles)
+            : endpoints;
+        // Analyze authorization flows
+        const analyses = await analyzeEndpoints(limitedEndpoints, projectPath);
+        // Collect all vulnerabilities
+        let allVulnerabilities = [];
+        for (const analysis of analyses) {
+            allVulnerabilities.push(...analysis.vulnerabilities);
+        }
+        // Filter by focus areas if specified
+        if (options.focusAreas && options.focusAreas.length > 0) {
+            allVulnerabilities = allVulnerabilities.filter((v) => options.focusAreas.includes(v.vulnType));
+        }
+        // Convert to findings
+        const findings = allVulnerabilities.map(vulnerabilityToFinding);
+        // Calculate stats
+        const bySeverity = {};
+        const byVulnType = {};
+        for (const vuln of allVulnerabilities) {
+            bySeverity[vuln.severity] = (bySeverity[vuln.severity] || 0) + 1;
+            byVulnType[vuln.vulnType] = (byVulnType[vuln.vulnType] || 0) + 1;
+        }
+        const duration = Date.now() - startTime;
+        logger.info("logic_scan.complete", {
+            endpoints: endpoints.length,
+            vulnerabilities: allVulnerabilities.length,
+            duration,
+        });
+        return {
+            projectPath,
+            framework,
+            endpoints: limitedEndpoints,
+            vulnerabilities: allVulnerabilities,
+            findings,
+            stats: {
+                filesAnalyzed: new Set(endpoints.map((e) => e.file)).size,
+                endpointsFound: endpoints.length,
+                vulnerabilitiesFound: allVulnerabilities.length,
+                bySeverity,
+                byVulnType,
+            },
+            duration,
+            success: true,
+        };
+    }
+    catch (error) {
+        const duration = Date.now() - startTime;
+        logger.error("logic_scan.failed", { error: String(error) });
+        return {
+            projectPath,
+            framework: options.framework || "auto",
+            endpoints: [],
+            vulnerabilities: [],
+            findings: [],
+            stats: {
+                filesAnalyzed: 0,
+                endpointsFound: 0,
+                vulnerabilitiesFound: 0,
+                bySeverity: {},
+                byVulnType: {},
+            },
+            duration,
+            success: false,
+            error: String(error),
+        };
+    }
+}
+/**
+ * Format logic scan results for display
+ */
+export function formatLogicResults(result) {
+    const lines = [
+        "# Business Logic Security Scan",
+        "",
+        `**Framework**: ${result.framework}`,
+        `**Endpoints Analyzed**: ${result.stats.endpointsFound}`,
+        `**Vulnerabilities Found**: ${result.stats.vulnerabilitiesFound}`,
+        `**Duration**: ${Math.round(result.duration / 1000)}s`,
+        "",
+    ];
+    if (!result.success) {
+        lines.push(`**Error**: ${result.error}`);
+        return lines.join("\n");
+    }
+    if (result.vulnerabilities.length === 0) {
+        lines.push("✅ No authorization vulnerabilities detected.");
+        return lines.join("\n");
+    }
+    // Group by severity
+    const severityOrder = ["critical", "high", "medium", "low", "info"];
+    const grouped = new Map();
+    for (const vuln of result.vulnerabilities) {
+        const existing = grouped.get(vuln.severity) || [];
+        existing.push(vuln);
+        grouped.set(vuln.severity, existing);
+    }
+    for (const severity of severityOrder) {
+        const vulns = grouped.get(severity);
+        if (!vulns || vulns.length === 0)
+            continue;
+        const emoji = {
+            critical: "🔴",
+            high: "🟠",
+            medium: "🟡",
+            low: "🔵",
+            info: "⚪",
+        }[severity];
+        lines.push(`## ${emoji} ${severity.toUpperCase()} (${vulns.length})`, "");
+        for (const vuln of vulns) {
+            lines.push(`### ${vuln.name}`);
+            lines.push(`- **Endpoint**: \`${Array.isArray(vuln.method) ? vuln.method.join("/") : vuln.method} ${vuln.endpoint}\``);
+            lines.push(`- **File**: ${vuln.file}:${vuln.line}`);
+            lines.push(`- **Description**: ${vuln.description}`);
+            if (vuln.cweIds.length > 0) {
+                lines.push(`- **CWE**: ${vuln.cweIds.join(", ")}`);
+            }
+            if (vuln.owaspRefs.length > 0) {
+                lines.push(`- **OWASP**: ${vuln.owaspRefs.join(", ")}`);
+            }
+            lines.push(`- **Remediation**: ${vuln.remediation}`);
+            lines.push("");
+        }
+    }
+    // Summary by type
+    if (Object.keys(result.stats.byVulnType).length > 0) {
+        lines.push("## Summary by Vulnerability Type", "");
+        lines.push("| Type | Count |");
+        lines.push("|------|-------|");
+        for (const [type, count] of Object.entries(result.stats.byVulnType)) {
+            if (count && count > 0) {
+                lines.push(`| ${type} | ${count} |`);
+            }
+        }
+    }
+    return lines.join("\n");
+}
+/**
+ * Get vulnerability description
+ */
+export function getVulnerabilityDescription(vulnType) {
+    const descriptions = {
+        "bola": "Broken Object Level Authorization occurs when an API does not properly validate that a user has permission to access a specific object.",
+        "idor": "Insecure Direct Object Reference allows attackers to access objects directly by manipulating input parameters containing object IDs.",
+        "bfla": "Broken Function Level Authorization occurs when users can access administrative or privileged functions without proper permission checks.",
+        "mass-assignment": "Mass Assignment allows attackers to modify object properties they shouldn't have access to by manipulating request parameters.",
+        "race-condition-auth": "Race Condition in Authorization occurs when concurrent requests can bypass authorization checks.",
+        "privilege-escalation": "Privilege Escalation allows users to gain elevated access rights beyond what was intended.",
+        "missing-auth": "Missing Authentication occurs when sensitive endpoints do not require user authentication.",
+        "missing-authz": "Missing Authorization occurs when authenticated users can perform actions without proper permission checks.",
+        "direct-db-access": "Direct Database Access without Authorization allows unvalidated access to data through unprotected database queries.",
+        "horizontal-priv-esc": "Horizontal Privilege Escalation allows users to access resources belonging to other users at the same privilege level.",
+        "vertical-priv-esc": "Vertical Privilege Escalation allows users to elevate their privileges to a higher access level.",
+    };
+    const names = {
+        "bola": "Broken Object Level Authorization",
+        "idor": "Insecure Direct Object Reference",
+        "bfla": "Broken Function Level Authorization",
+        "mass-assignment": "Mass Assignment",
+        "race-condition-auth": "Race Condition in Authorization",
+        "privilege-escalation": "Privilege Escalation",
+        "missing-auth": "Missing Authentication",
+        "missing-authz": "Missing Authorization",
+        "direct-db-access": "Direct Database Access",
+        "horizontal-priv-esc": "Horizontal Privilege Escalation",
+        "vertical-priv-esc": "Vertical Privilege Escalation",
+    };
+    return {
+        name: names[vulnType],
+        description: descriptions[vulnType],
+        cweIds: LOGIC_VULN_CWE_MAP[vulnType],
+        owaspRefs: LOGIC_VULN_OWASP_MAP[vulnType],
+        severity: LOGIC_VULN_SEVERITY_MAP[vulnType],
+    };
+}
+/**
+ * Quick check for common authorization issues
+ */
+export async function quickAuthCheck(projectPath) {
+    const endpoints = await extractEndpoints(projectPath);
+    const analyses = await analyzeEndpoints(endpoints, projectPath);
+    let hasAuthMiddleware = false;
+    let hasOwnershipChecks = false;
+    let hasRoleChecks = false;
+    const potentialIssues = [];
+    for (const analysis of analyses) {
+        if (analysis.requiresAuth)
+            hasAuthMiddleware = true;
+        for (const check of analysis.authzChecks) {
+            if (check.type === "ownership")
+                hasOwnershipChecks = true;
+            if (check.type === "role" || check.type === "admin")
+                hasRoleChecks = true;
+        }
+        for (const vuln of analysis.vulnerabilities) {
+            if (!potentialIssues.includes(vuln.vulnType)) {
+                potentialIssues.push(vuln.vulnType);
+            }
+        }
+    }
+    return {
+        hasAuthMiddleware,
+        hasOwnershipChecks,
+        hasRoleChecks,
+        potentialIssues,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/scanners/logic/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/logic/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAWzC,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,gBAAgB,EAChB,eAAe,GAGhB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAEL,gBAAgB,GACjB,MAAM,yBAAyB,CAAC;AAEjC,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,+BAA+B;AAC/B,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,yBAAyB,CAAC;AAEjC;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAwB;IACtD,OAAO;QACL,OAAO,EAAE,OAAgB;QACzB,MAAM,EAAE,SAAS,IAAI,CAAC,QAAQ,EAAE;QAChC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,WAAW;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,gBAAgB,EAAE,IAAI,CAAC,QAAQ;QAC/B,UAAU,EAAE,IAAI,CAAC,MAAM;QACvB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,WAAmB,EACnB,UAA4B,EAAE;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE;QAC9B,WAAW;QACX,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,MAAM;QACtC,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,oCAAoC;QACpC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC;QAE5E,oBAAoB;QACpB,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,WAAW,EAAE;YACpD,SAAS;YACT,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CAAC;QAEH,2BAA2B;QAC3B,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ;YACvC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC;YACtC,CAAC,CAAC,SAAS,CAAC;QAEd,8BAA8B;QAC9B,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;QAEvE,8BAA8B;QAC9B,IAAI,kBAAkB,GAAyB,EAAE,CAAC;QAClD,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAChC,kBAAkB,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,CAAC;QACvD,CAAC;QAED,qCAAqC;QACrC,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxD,kBAAkB,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACnD,OAAO,CAAC,UAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CACzC,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QAEhE,kBAAkB;QAClB,MAAM,UAAU,GAAsC,EAAE,CAAC;QACzD,MAAM,UAAU,GAA2C,EAAE,CAAC;QAE9D,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACjE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE;YACjC,SAAS,EAAE,SAAS,CAAC,MAAM;YAC3B,eAAe,EAAE,kBAAkB,CAAC,MAAM;YAC1C,QAAQ;SACT,CAAC,CAAC;QAEH,OAAO;YACL,WAAW;YACX,SAAS;YACT,SAAS,EAAE,gBAAgB;YAC3B,eAAe,EAAE,kBAAkB;YACnC,QAAQ;YACR,KAAK,EAAE;gBACL,aAAa,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;gBACzD,cAAc,EAAE,SAAS,CAAC,MAAM;gBAChC,oBAAoB,EAAE,kBAAkB,CAAC,MAAM;gBAC/C,UAAU;gBACV,UAAU;aACX;YACD,QAAQ;YACR,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAE5D,OAAO;YACL,WAAW;YACX,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,MAAM;YACtC,SAAS,EAAE,EAAE;YACb,eAAe,EAAE,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,KAAK,EAAE;gBACL,aAAa,EAAE,CAAC;gBAChB,cAAc,EAAE,CAAC;gBACjB,oBAAoB,EAAE,CAAC;gBACvB,UAAU,EAAE,EAAE;gBACd,UAAU,EAAE,EAAE;aACf;YACD,QAAQ;YACR,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;SACrB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAuB;IACxD,MAAM,KAAK,GAAa;QACtB,gCAAgC;QAChC,EAAE;QACF,kBAAkB,MAAM,CAAC,SAAS,EAAE;QACpC,2BAA2B,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;QACxD,8BAA8B,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;QACjE,iBAAiB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG;QACtD,EAAE;KACH,CAAC;IAEF,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC3D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,oBAAoB;IACpB,MAAM,aAAa,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAChF,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkC,CAAC;IAE1D,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE3C,MAAM,KAAK,GAAG;YACZ,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,IAAI;YACV,MAAM,EAAE,IAAI;YACZ,GAAG,EAAE,IAAI;YACT,IAAI,EAAE,GAAG;SACV,CAAC,QAAQ,CAAC,CAAC;QAEZ,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,IAAI,QAAQ,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,CAAC;QAE1E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,qBAAqB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;YACvH,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACpD,KAAK,CAAC,IAAI,CAAC,sBAAsB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAErD,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrD,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC1D,CAAC;YAED,KAAK,CAAC,IAAI,CAAC,sBAAsB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE/B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YACpE,IAAI,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,MAAM,KAAK,IAAI,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAuB;IAOjE,MAAM,YAAY,GAAkC;QAClD,MAAM,EAAE,yIAAyI;QACjJ,MAAM,EAAE,sIAAsI;QAC9I,MAAM,EAAE,2IAA2I;QACnJ,iBAAiB,EAAE,gIAAgI;QACnJ,qBAAqB,EAAE,kGAAkG;QACzH,sBAAsB,EAAE,4FAA4F;QACpH,cAAc,EAAE,4FAA4F;QAC5G,eAAe,EAAE,6GAA6G;QAC9H,kBAAkB,EAAE,sHAAsH;QAC1I,qBAAqB,EAAE,wHAAwH;QAC/I,mBAAmB,EAAE,kGAAkG;KACxH,CAAC;IAEF,MAAM,KAAK,GAAkC;QAC3C,MAAM,EAAE,mCAAmC;QAC3C,MAAM,EAAE,kCAAkC;QAC1C,MAAM,EAAE,qCAAqC;QAC7C,iBAAiB,EAAE,iBAAiB;QACpC,qBAAqB,EAAE,iCAAiC;QACxD,sBAAsB,EAAE,sBAAsB;QAC9C,cAAc,EAAE,wBAAwB;QACxC,eAAe,EAAE,uBAAuB;QACxC,kBAAkB,EAAE,wBAAwB;QAC5C,qBAAqB,EAAE,iCAAiC;QACxD,mBAAmB,EAAE,+BAA+B;KACrD,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC;QACrB,WAAW,EAAE,YAAY,CAAC,QAAQ,CAAC;QACnC,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CAAC;QACpC,SAAS,EAAE,oBAAoB,CAAC,QAAQ,CAAC;QACzC,QAAQ,EAAE,uBAAuB,CAAC,QAAQ,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB;IAOnB,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAEhE,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,QAAQ,CAAC,YAAY;YAAE,iBAAiB,GAAG,IAAI,CAAC;QAEpD,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YACzC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW;gBAAE,kBAAkB,GAAG,IAAI,CAAC;YAC1D,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO;gBAAE,aAAa,GAAG,IAAI,CAAC;QAC5E,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC5C,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,iBAAiB;QACjB,kBAAkB;QAClB,aAAa;QACb,eAAe;KAChB,CAAC;AACJ,CAAC"}

package/dist/scanners/logic/types.d.ts

@@ -0,0 +1,254 @@
+/**
+ * Business Logic Vulnerability Types
+ *
+ * Types for detecting BOLA, IDOR, BFLA, and other
+ * authorization/business logic vulnerabilities.
+ *
+ * @module scanners/logic/types
+ */
+import type { Severity } from "../../certification/types.js";
+import type { DeterministicFinding } from "../types.js";
+/**
+ * Business logic vulnerability types
+ */
+export type LogicVulnType = "bola" | "idor" | "bfla" | "mass-assignment" | "race-condition-auth" | "privilege-escalation" | "missing-auth" | "missing-authz" | "direct-db-access" | "horizontal-priv-esc" | "vertical-priv-esc";
+/**
+ * HTTP methods for API endpoints
+ */
+export type HttpMethod = "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "HEAD" | "OPTIONS";
+/**
+ * Web framework types
+ */
+export type WebFramework = "nextjs" | "express" | "fastify" | "koa" | "hapi" | "nestjs" | "django" | "flask" | "fastapi" | "rails" | "spring" | "laravel" | "gin" | "echo" | "fiber" | "auto";
+/**
+ * Detected API endpoint
+ */
+export interface APIEndpoint {
+    /** File where the endpoint is defined */
+    file: string;
+    /** Line number */
+    line: number;
+    /** HTTP method */
+    method: HttpMethod | HttpMethod[];
+    /** Route path (e.g., /api/users/:id) */
+    path: string;
+    /** Function/handler name */
+    handler?: string;
+    /** Framework that defines this endpoint */
+    framework: WebFramework;
+    /** Parameters extracted from path */
+    pathParams: string[];
+    /** Whether authentication middleware is applied */
+    hasAuth: boolean;
+    /** Authorization checks detected */
+    authzChecks: AuthorizationCheck[];
+    /** Resource type being accessed (e.g., "user", "order") */
+    resourceType?: string;
+    /** Whether endpoint accesses database */
+    hasDbAccess: boolean;
+    /** Database queries in this endpoint */
+    dbQueries: DatabaseQuery[];
+}
+/**
+ * Authorization check detected in code
+ */
+export interface AuthorizationCheck {
+    /** Type of check */
+    type: "ownership" | "role" | "permission" | "admin" | "custom";
+    /** Where the check is performed */
+    location: {
+        file: string;
+        line: number;
+    };
+    /** Code snippet of the check */
+    snippet: string;
+    /** Whether check appears to be bypassable */
+    potentiallyBypassable: boolean;
+    /** Reason for bypass concern */
+    bypassReason?: string;
+}
+/**
+ * Database query detected in endpoint
+ */
+export interface DatabaseQuery {
+    /** Query type */
+    type: "select" | "insert" | "update" | "delete" | "raw";
+    /** Table/collection being accessed */
+    table?: string;
+    /** Whether query includes ownership filter */
+    hasOwnershipFilter: boolean;
+    /** Location in code */
+    location: {
+        file: string;
+        line: number;
+    };
+    /** Code snippet */
+    snippet: string;
+}
+/**
+ * Resource access pattern
+ */
+export interface ResourceAccess {
+    /** Resource type (e.g., "user", "order", "file") */
+    resource: string;
+    /** Operation being performed */
+    operation: "read" | "create" | "update" | "delete";
+    /** Whether ownership is verified */
+    ownershipCheck: boolean;
+    /** How the resource ID is obtained */
+    idSource: "path" | "query" | "body" | "header" | "session";
+    /** File location */
+    file: string;
+    /** Line number */
+    line: number;
+}
+/**
+ * Authorization flow analysis result
+ */
+export interface AuthorizationAnalysis {
+    /** Endpoint being analyzed */
+    endpoint: APIEndpoint;
+    /** Whether authentication is required */
+    requiresAuth: boolean;
+    /** Authentication method detected */
+    authMethod?: "jwt" | "session" | "api-key" | "oauth" | "basic" | "custom";
+    /** Authorization checks found */
+    authzChecks: AuthorizationCheck[];
+    /** Resources accessed */
+    resourceAccesses: ResourceAccess[];
+    /** Potential vulnerabilities */
+    vulnerabilities: LogicVulnerability[];
+    /** Confidence score (0-100) */
+    confidence: number;
+}
+/**
+ * A business logic vulnerability finding
+ */
+export interface LogicVulnerability {
+    /** Vulnerability type */
+    vulnType: LogicVulnType;
+    /** Human-readable name */
+    name: string;
+    /** Description */
+    description: string;
+    /** Severity */
+    severity: Severity;
+    /** Confidence (0-100) */
+    confidence: number;
+    /** Affected endpoint */
+    endpoint: string;
+    /** HTTP method */
+    method: HttpMethod | HttpMethod[];
+    /** File location */
+    file: string;
+    /** Line number */
+    line: number;
+    /** Code snippet showing the issue */
+    snippet?: string;
+    /** Authentication check status */
+    authCheck: {
+        present: boolean;
+        location?: string;
+        bypassable: boolean;
+        bypassReason?: string;
+    };
+    /** Resource access details */
+    resourceAccess?: ResourceAccess;
+    /** CWE IDs */
+    cweIds: string[];
+    /** OWASP references */
+    owaspRefs: string[];
+    /** Suggested remediation */
+    remediation: string;
+}
+/**
+ * Logic finding extends DeterministicFinding with logic-specific fields
+ */
+export interface LogicFinding extends DeterministicFinding {
+    /** Vulnerability type */
+    vulnType: LogicVulnType;
+    /** Affected endpoint path */
+    affectedEndpoint: string;
+    /** HTTP method */
+    httpMethod?: HttpMethod | HttpMethod[];
+    /** Auth check details */
+    authCheck?: {
+        present: boolean;
+        location?: string;
+        bypassable: boolean;
+        bypassReason?: string;
+    };
+    /** Resource access details */
+    resourceAccess?: ResourceAccess;
+    /** OWASP references */
+    owaspRefs?: string[];
+    /** Suggested remediation */
+    remediation?: string;
+}
+/**
+ * Scan options for logic analysis
+ */
+export interface LogicScanOptions {
+    /** Framework to use (auto-detect if not specified) */
+    framework?: WebFramework;
+    /** Specific vulnerability types to focus on */
+    focusAreas?: LogicVulnType[];
+    /** Include LLM-powered semantic analysis */
+    includeLLMAnalysis?: boolean;
+    /** Maximum files to analyze */
+    maxFiles?: number;
+    /** File patterns to include */
+    include?: string[];
+    /** File patterns to exclude */
+    exclude?: string[];
+}
+/**
+ * Result from logic vulnerability scan
+ */
+export interface LogicScanResult {
+    /** Project path */
+    projectPath: string;
+    /** Framework detected */
+    framework: WebFramework;
+    /** All endpoints found */
+    endpoints: APIEndpoint[];
+    /** Logic vulnerabilities found */
+    vulnerabilities: LogicVulnerability[];
+    /** Findings in standard format */
+    findings: LogicFinding[];
+    /** Scan statistics */
+    stats: {
+        filesAnalyzed: number;
+        endpointsFound: number;
+        vulnerabilitiesFound: number;
+        bySeverity: Partial<Record<Severity, number>>;
+        byVulnType: Partial<Record<LogicVulnType, number>>;
+    };
+    /** Scan duration */
+    duration: number;
+    /** Whether scan completed successfully */
+    success: boolean;
+    /** Error message if failed */
+    error?: string;
+}
+/**
+ * CWE mappings for logic vulnerabilities
+ */
+export declare const LOGIC_VULN_CWE_MAP: Record<LogicVulnType, string[]>;
+/**
+ * OWASP references for logic vulnerabilities
+ */
+export declare const LOGIC_VULN_OWASP_MAP: Record<LogicVulnType, string[]>;
+/**
+ * Default severity for each vulnerability type
+ */
+export declare const LOGIC_VULN_SEVERITY_MAP: Record<LogicVulnType, Severity>;
+/**
+ * Patterns for detecting framework types
+ */
+export declare const FRAMEWORK_DETECTION_PATTERNS: Record<WebFramework, {
+    packageNames: string[];
+    filePatterns: RegExp[];
+    codePatterns: RegExp[];
+}>;
+//# sourceMappingURL=types.d.ts.map

package/dist/scanners/logic/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/scanners/logic/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,KAAK,EAAE,oBAAoB,EAAe,MAAM,aAAa,CAAC;AAErE;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,MAAM,GACN,MAAM,GACN,MAAM,GACN,iBAAiB,GACjB,qBAAqB,GACrB,sBAAsB,GACtB,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,qBAAqB,GACrB,mBAAmB,CAAC;AAExB;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;AAE1F;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,QAAQ,GACR,SAAS,GACT,SAAS,GACT,KAAK,GACL,MAAM,GACN,QAAQ,GACR,QAAQ,GACR,OAAO,GACP,SAAS,GACT,OAAO,GACP,QAAQ,GACR,SAAS,GACT,KAAK,GACL,MAAM,GACN,OAAO,GACP,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,MAAM,EAAE,UAAU,GAAG,UAAU,EAAE,CAAC;IAElC,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IAEb,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,2CAA2C;IAC3C,SAAS,EAAE,YAAY,CAAC;IAExB,qCAAqC;IACrC,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,mDAAmD;IACnD,OAAO,EAAE,OAAO,CAAC;IAEjB,oCAAoC;IACpC,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAElC,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,yCAAyC;IACzC,WAAW,EAAE,OAAO,CAAC;IAErB,wCAAwC;IACxC,SAAS,EAAE,aAAa,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oBAAoB;IACpB,IAAI,EAAE,WAAW,GAAG,MAAM,GAAG,YAAY,GAAG,OAAO,GAAG,QAAQ,CAAC;IAE/D,mCAAmC;IACnC,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAEF,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAEhB,6CAA6C;IAC7C,qBAAqB,EAAE,OAAO,CAAC;IAE/B,gCAAgC;IAChC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB;IACjB,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,KAAK,CAAC;IAExD,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,8CAA8C;IAC9C,kBAAkB,EAAE,OAAO,CAAC;IAE5B,uBAAuB;IACvB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAEF,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,oDAAoD;IACpD,QAAQ,EAAE,MAAM,CAAC;IAEjB,gCAAgC;IAChC,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAEnD,oCAAoC;IACpC,cAAc,EAAE,OAAO,CAAC;IAExB,sCAAsC;IACtC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;IAE3D,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,8BAA8B;IAC9B,QAAQ,EAAE,WAAW,CAAC;IAEtB,yCAAyC;IACzC,YAAY,EAAE,OAAO,CAAC;IAEtB,qCAAqC;IACrC,UAAU,CAAC,EAAE,KAAK,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;IAE1E,iCAAiC;IACjC,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAElC,yBAAyB;IACzB,gBAAgB,EAAE,cAAc,EAAE,CAAC;IAEnC,gCAAgC;IAChC,eAAe,EAAE,kBAAkB,EAAE,CAAC;IAEtC,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,yBAAyB;IACzB,QAAQ,EAAE,aAAa,CAAC;IAExB,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;IAEpB,eAAe;IACf,QAAQ,EAAE,QAAQ,CAAC;IAEnB,yBAAyB;IACzB,UAAU,EAAE,MAAM,CAAC;IAEnB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IAEjB,kBAAkB;IAClB,MAAM,EAAE,UAAU,GAAG,UAAU,EAAE,CAAC;IAElC,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IAEb,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,kCAAkC;IAClC,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,OAAO,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF,8BAA8B;IAC9B,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC,cAAc;IACd,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB,uBAAuB;IACvB,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAa,SAAQ,oBAAoB;IACxD,yBAAyB;IACzB,QAAQ,EAAE,aAAa,CAAC;IAExB,6BAA6B;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IAEzB,kBAAkB;IAClB,UAAU,CAAC,EAAE,UAAU,GAAG,UAAU,EAAE,CAAC;IAEvC,yBAAyB;IACzB,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,OAAO,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF,8BAA8B;IAC9B,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC,uBAAuB;IACvB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IAErB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sDAAsD;IACtD,SAAS,CAAC,EAAE,YAAY,CAAC;IAEzB,+CAA+C;IAC/C,UAAU,CAAC,EAAE,aAAa,EAAE,CAAC;IAE7B,4CAA4C;IAC5C,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IAEpB,yBAAyB;IACzB,SAAS,EAAE,YAAY,CAAC;IAExB,0BAA0B;IAC1B,SAAS,EAAE,WAAW,EAAE,CAAC;IAEzB,kCAAkC;IAClC,eAAe,EAAE,kBAAkB,EAAE,CAAC;IAEtC,kCAAkC;IAClC,QAAQ,EAAE,YAAY,EAAE,CAAC;IAEzB,sBAAsB;IACtB,KAAK,EAAE;QACL,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC9C,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;KACpD,CAAC;IAEF,oBAAoB;IACpB,QAAQ,EAAE,MAAM,CAAC;IAEjB,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IAEjB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,CAY9D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,CAYhE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,aAAa,EAAE,QAAQ,CAYnE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,4BAA4B,EAAE,MAAM,CAAC,YAAY,EAAE;IAC9D,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB,CAiFA,CAAC"}