npm - vaspera - Versions diffs - 2.9.2 → 2.10.1 - Mend

vaspera 2.9.2 → 2.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (327) hide show

package/CHANGELOG.md +68 -0
package/README.md +58 -1
package/dist/__tests__/autofix/branch-manager.test.d.ts +2 -0
package/dist/__tests__/autofix/branch-manager.test.d.ts.map +1 -0
package/dist/__tests__/autofix/branch-manager.test.js +60 -0
package/dist/__tests__/autofix/branch-manager.test.js.map +1 -0
package/dist/__tests__/autofix/commit-generator.test.d.ts +2 -0
package/dist/__tests__/autofix/commit-generator.test.d.ts.map +1 -0
package/dist/__tests__/autofix/commit-generator.test.js +147 -0
package/dist/__tests__/autofix/commit-generator.test.js.map +1 -0
package/dist/__tests__/autofix/constitution.test.d.ts +9 -0
package/dist/__tests__/autofix/constitution.test.d.ts.map +1 -0
package/dist/__tests__/autofix/constitution.test.js +421 -0
package/dist/__tests__/autofix/constitution.test.js.map +1 -0
package/dist/__tests__/autofix/pr-generator.test.d.ts +2 -0
package/dist/__tests__/autofix/pr-generator.test.d.ts.map +1 -0
package/dist/__tests__/autofix/pr-generator.test.js +152 -0
package/dist/__tests__/autofix/pr-generator.test.js.map +1 -0
package/dist/__tests__/property-test-helpers.d.ts +87 -0
package/dist/__tests__/property-test-helpers.d.ts.map +1 -0
package/dist/__tests__/property-test-helpers.js +136 -0
package/dist/__tests__/property-test-helpers.js.map +1 -0
package/dist/__tests__/scanners/ai-code/ai-detector.test.d.ts +2 -0
package/dist/__tests__/scanners/ai-code/ai-detector.test.d.ts.map +1 -0
package/dist/__tests__/scanners/ai-code/ai-detector.test.js +188 -0
package/dist/__tests__/scanners/ai-code/ai-detector.test.js.map +1 -0
package/dist/__tests__/scanners/ai-code/confidence-scorer.test.d.ts +2 -0
package/dist/__tests__/scanners/ai-code/confidence-scorer.test.d.ts.map +1 -0
package/dist/__tests__/scanners/ai-code/confidence-scorer.test.js +363 -0
package/dist/__tests__/scanners/ai-code/confidence-scorer.test.js.map +1 -0
package/dist/__tests__/scanners/ai-code/hallucination-checker.test.d.ts +2 -0
package/dist/__tests__/scanners/ai-code/hallucination-checker.test.d.ts.map +1 -0
package/dist/__tests__/scanners/ai-code/hallucination-checker.test.js +226 -0
package/dist/__tests__/scanners/ai-code/hallucination-checker.test.js.map +1 -0
package/dist/__tests__/scanners/ai-code/index.test.d.ts +2 -0
package/dist/__tests__/scanners/ai-code/index.test.d.ts.map +1 -0
package/dist/__tests__/scanners/ai-code/index.test.js +214 -0
package/dist/__tests__/scanners/ai-code/index.test.js.map +1 -0
package/dist/__tests__/scanners/dast/index.test.d.ts +2 -0
package/dist/__tests__/scanners/dast/index.test.d.ts.map +1 -0
package/dist/__tests__/scanners/dast/index.test.js +183 -0
package/dist/__tests__/scanners/dast/index.test.js.map +1 -0
package/dist/__tests__/scanners/dast/nuclei.test.d.ts +2 -0
package/dist/__tests__/scanners/dast/nuclei.test.d.ts.map +1 -0
package/dist/__tests__/scanners/dast/nuclei.test.js +166 -0
package/dist/__tests__/scanners/dast/nuclei.test.js.map +1 -0
package/dist/__tests__/scanners/dast/zap.test.d.ts +2 -0
package/dist/__tests__/scanners/dast/zap.test.d.ts.map +1 -0
package/dist/__tests__/scanners/dast/zap.test.js +158 -0
package/dist/__tests__/scanners/dast/zap.test.js.map +1 -0
package/dist/__tests__/scanners/deploy/health-checker.test.d.ts +2 -0
package/dist/__tests__/scanners/deploy/health-checker.test.d.ts.map +1 -0
package/dist/__tests__/scanners/deploy/health-checker.test.js +67 -0
package/dist/__tests__/scanners/deploy/health-checker.test.js.map +1 -0
package/dist/__tests__/scanners/deploy/index.test.d.ts +2 -0
package/dist/__tests__/scanners/deploy/index.test.d.ts.map +1 -0
package/dist/__tests__/scanners/deploy/index.test.js +84 -0
package/dist/__tests__/scanners/deploy/index.test.js.map +1 -0
package/dist/__tests__/scanners/deploy/provider-detector.test.d.ts +2 -0
package/dist/__tests__/scanners/deploy/provider-detector.test.d.ts.map +1 -0
package/dist/__tests__/scanners/deploy/provider-detector.test.js +88 -0
package/dist/__tests__/scanners/deploy/provider-detector.test.js.map +1 -0
package/dist/__tests__/scanners/deploy/types.test.d.ts +2 -0
package/dist/__tests__/scanners/deploy/types.test.d.ts.map +1 -0
package/dist/__tests__/scanners/deploy/types.test.js +126 -0
package/dist/__tests__/scanners/deploy/types.test.js.map +1 -0
package/dist/__tests__/scanners/fp-feedback.test.d.ts +2 -0
package/dist/__tests__/scanners/fp-feedback.test.d.ts.map +1 -0
package/dist/__tests__/scanners/fp-feedback.test.js +202 -0
package/dist/__tests__/scanners/fp-feedback.test.js.map +1 -0
package/dist/__tests__/scanners/fp-filter.property.test.d.ts +9 -0
package/dist/__tests__/scanners/fp-filter.property.test.d.ts.map +1 -0
package/dist/__tests__/scanners/fp-filter.property.test.js +253 -0
package/dist/__tests__/scanners/fp-filter.property.test.js.map +1 -0
package/dist/__tests__/scanners/fp-filter.test.d.ts +2 -0
package/dist/__tests__/scanners/fp-filter.test.d.ts.map +1 -0
package/dist/__tests__/scanners/fp-filter.test.js +234 -0
package/dist/__tests__/scanners/fp-filter.test.js.map +1 -0
package/dist/__tests__/scanners/fp-tracker.test.d.ts +2 -0
package/dist/__tests__/scanners/fp-tracker.test.d.ts.map +1 -0
package/dist/__tests__/scanners/fp-tracker.test.js +262 -0
package/dist/__tests__/scanners/fp-tracker.test.js.map +1 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.d.ts +10 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.d.ts.map +1 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.js +238 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.js.map +1 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.test.d.ts +2 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.test.d.ts.map +1 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.test.js +55 -0
package/dist/__tests__/scanners/logic/endpoint-analyzer.test.js.map +1 -0
package/dist/__tests__/scanners/logic/index.test.d.ts +2 -0
package/dist/__tests__/scanners/logic/index.test.d.ts.map +1 -0
package/dist/__tests__/scanners/logic/index.test.js +165 -0
package/dist/__tests__/scanners/logic/index.test.js.map +1 -0
package/dist/__tests__/scanners/logic/types.test.d.ts +2 -0
package/dist/__tests__/scanners/logic/types.test.d.ts.map +1 -0
package/dist/__tests__/scanners/logic/types.test.js +85 -0
package/dist/__tests__/scanners/logic/types.test.js.map +1 -0
package/dist/__tests__/scanners/runtime/app-launcher.test.d.ts +2 -0
package/dist/__tests__/scanners/runtime/app-launcher.test.d.ts.map +1 -0
package/dist/__tests__/scanners/runtime/app-launcher.test.js +94 -0
package/dist/__tests__/scanners/runtime/app-launcher.test.js.map +1 -0
package/dist/__tests__/scanners/runtime/golden-path-runner.test.d.ts +2 -0
package/dist/__tests__/scanners/runtime/golden-path-runner.test.d.ts.map +1 -0
package/dist/__tests__/scanners/runtime/golden-path-runner.test.js +195 -0
package/dist/__tests__/scanners/runtime/golden-path-runner.test.js.map +1 -0
package/dist/__tests__/scanners/runtime/index.test.d.ts +2 -0
package/dist/__tests__/scanners/runtime/index.test.d.ts.map +1 -0
package/dist/__tests__/scanners/runtime/index.test.js +120 -0
package/dist/__tests__/scanners/runtime/index.test.js.map +1 -0
package/dist/__tests__/scanners/runtime/types.test.d.ts +2 -0
package/dist/__tests__/scanners/runtime/types.test.d.ts.map +1 -0
package/dist/__tests__/scanners/runtime/types.test.js +126 -0
package/dist/__tests__/scanners/runtime/types.test.js.map +1 -0
package/dist/__tests__/scanners/scale/bottleneck-detector.test.d.ts +2 -0
package/dist/__tests__/scanners/scale/bottleneck-detector.test.d.ts.map +1 -0
package/dist/__tests__/scanners/scale/bottleneck-detector.test.js +187 -0
package/dist/__tests__/scanners/scale/bottleneck-detector.test.js.map +1 -0
package/dist/__tests__/scanners/scale/index.test.d.ts +2 -0
package/dist/__tests__/scanners/scale/index.test.d.ts.map +1 -0
package/dist/__tests__/scanners/scale/index.test.js +87 -0
package/dist/__tests__/scanners/scale/index.test.js.map +1 -0
package/dist/__tests__/scanners/scale/load-profiler.test.d.ts +2 -0
package/dist/__tests__/scanners/scale/load-profiler.test.d.ts.map +1 -0
package/dist/__tests__/scanners/scale/load-profiler.test.js +122 -0
package/dist/__tests__/scanners/scale/load-profiler.test.js.map +1 -0
package/dist/__tests__/scanners/scale/types.test.d.ts +2 -0
package/dist/__tests__/scanners/scale/types.test.d.ts.map +1 -0
package/dist/__tests__/scanners/scale/types.test.js +129 -0
package/dist/__tests__/scanners/scale/types.test.js.map +1 -0
package/dist/action/pr-comment.test.js +4 -0
package/dist/action/pr-comment.test.js.map +1 -1
package/dist/action/sarif-upload.test.js +4 -0
package/dist/action/sarif-upload.test.js.map +1 -1
package/dist/autofix/branch-manager.d.ts +115 -0
package/dist/autofix/branch-manager.d.ts.map +1 -0
package/dist/autofix/branch-manager.js +308 -0
package/dist/autofix/branch-manager.js.map +1 -0
package/dist/autofix/commit-generator.d.ts +55 -0
package/dist/autofix/commit-generator.d.ts.map +1 -0
package/dist/autofix/commit-generator.js +277 -0
package/dist/autofix/commit-generator.js.map +1 -0
package/dist/autofix/constitution.d.ts +77 -0
package/dist/autofix/constitution.d.ts.map +1 -0
package/dist/autofix/constitution.js +261 -0
package/dist/autofix/constitution.js.map +1 -0
package/dist/autofix/constitution.schema.d.ts +441 -0
package/dist/autofix/constitution.schema.d.ts.map +1 -0
package/dist/autofix/constitution.schema.js +144 -0
package/dist/autofix/constitution.schema.js.map +1 -0
package/dist/autofix/index.d.ts +13 -0
package/dist/autofix/index.d.ts.map +1 -0
package/dist/autofix/index.js +15 -0
package/dist/autofix/index.js.map +1 -0
package/dist/autofix/pr-generator.d.ts +57 -0
package/dist/autofix/pr-generator.d.ts.map +1 -0
package/dist/autofix/pr-generator.js +597 -0
package/dist/autofix/pr-generator.js.map +1 -0
package/dist/autofix/types.d.ts +151 -0
package/dist/autofix/types.d.ts.map +1 -0
package/dist/autofix/types.js +22 -0
package/dist/autofix/types.js.map +1 -0
package/dist/eval/fixtures.d.ts +20 -0
package/dist/eval/fixtures.d.ts.map +1 -1
package/dist/eval/fixtures.js +430 -0
package/dist/eval/fixtures.js.map +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +874 -0
package/dist/index.js.map +1 -1
package/dist/install-skills.d.ts +11 -0
package/dist/install-skills.d.ts.map +1 -0
package/dist/install-skills.js +81 -0
package/dist/install-skills.js.map +1 -0
package/dist/scanners/ai-code/ai-detector.d.ts +25 -0
package/dist/scanners/ai-code/ai-detector.d.ts.map +1 -0
package/dist/scanners/ai-code/ai-detector.js +192 -0
package/dist/scanners/ai-code/ai-detector.js.map +1 -0
package/dist/scanners/ai-code/confidence-scorer.d.ts +40 -0
package/dist/scanners/ai-code/confidence-scorer.d.ts.map +1 -0
package/dist/scanners/ai-code/confidence-scorer.js +148 -0
package/dist/scanners/ai-code/confidence-scorer.js.map +1 -0
package/dist/scanners/ai-code/hallucination-checker.d.ts +36 -0
package/dist/scanners/ai-code/hallucination-checker.d.ts.map +1 -0
package/dist/scanners/ai-code/hallucination-checker.js +298 -0
package/dist/scanners/ai-code/hallucination-checker.js.map +1 -0
package/dist/scanners/ai-code/index.d.ts +30 -0
package/dist/scanners/ai-code/index.d.ts.map +1 -0
package/dist/scanners/ai-code/index.js +224 -0
package/dist/scanners/ai-code/index.js.map +1 -0
package/dist/scanners/ai-code/types.d.ts +192 -0
package/dist/scanners/ai-code/types.d.ts.map +1 -0
package/dist/scanners/ai-code/types.js +37 -0
package/dist/scanners/ai-code/types.js.map +1 -0
package/dist/scanners/cache.d.ts.map +1 -1
package/dist/scanners/cache.js +4 -0
package/dist/scanners/cache.js.map +1 -1
package/dist/scanners/dast/index.d.ts +39 -0
package/dist/scanners/dast/index.d.ts.map +1 -0
package/dist/scanners/dast/index.js +259 -0
package/dist/scanners/dast/index.js.map +1 -0
package/dist/scanners/dast/nuclei.d.ts +26 -0
package/dist/scanners/dast/nuclei.d.ts.map +1 -0
package/dist/scanners/dast/nuclei.js +354 -0
package/dist/scanners/dast/nuclei.js.map +1 -0
package/dist/scanners/dast/types.d.ts +306 -0
package/dist/scanners/dast/types.d.ts.map +1 -0
package/dist/scanners/dast/types.js +52 -0
package/dist/scanners/dast/types.js.map +1 -0
package/dist/scanners/dast/zap.d.ts +26 -0
package/dist/scanners/dast/zap.d.ts.map +1 -0
package/dist/scanners/dast/zap.js +453 -0
package/dist/scanners/dast/zap.js.map +1 -0
package/dist/scanners/deploy/health-checker.d.ts +38 -0
package/dist/scanners/deploy/health-checker.d.ts.map +1 -0
package/dist/scanners/deploy/health-checker.js +272 -0
package/dist/scanners/deploy/health-checker.js.map +1 -0
package/dist/scanners/deploy/index.d.ts +44 -0
package/dist/scanners/deploy/index.d.ts.map +1 -0
package/dist/scanners/deploy/index.js +208 -0
package/dist/scanners/deploy/index.js.map +1 -0
package/dist/scanners/deploy/provider-detector.d.ts +25 -0
package/dist/scanners/deploy/provider-detector.d.ts.map +1 -0
package/dist/scanners/deploy/provider-detector.js +177 -0
package/dist/scanners/deploy/provider-detector.js.map +1 -0
package/dist/scanners/deploy/types.d.ts +406 -0
package/dist/scanners/deploy/types.d.ts.map +1 -0
package/dist/scanners/deploy/types.js +58 -0
package/dist/scanners/deploy/types.js.map +1 -0
package/dist/scanners/deploy/vercel-integration.d.ts +52 -0
package/dist/scanners/deploy/vercel-integration.d.ts.map +1 -0
package/dist/scanners/deploy/vercel-integration.js +280 -0
package/dist/scanners/deploy/vercel-integration.js.map +1 -0
package/dist/scanners/fp-feedback.d.ts +140 -0
package/dist/scanners/fp-feedback.d.ts.map +1 -0
package/dist/scanners/fp-feedback.js +292 -0
package/dist/scanners/fp-feedback.js.map +1 -0
package/dist/scanners/fp-filter.d.ts +94 -0
package/dist/scanners/fp-filter.d.ts.map +1 -0
package/dist/scanners/fp-filter.js +397 -0
package/dist/scanners/fp-filter.js.map +1 -0
package/dist/scanners/fp-tracker.d.ts +125 -0
package/dist/scanners/fp-tracker.d.ts.map +1 -0
package/dist/scanners/fp-tracker.js +330 -0
package/dist/scanners/fp-tracker.js.map +1 -0
package/dist/scanners/index.d.ts.map +1 -1
package/dist/scanners/index.js +56 -0
package/dist/scanners/index.js.map +1 -1
package/dist/scanners/index.test.js +6 -6
package/dist/scanners/index.test.js.map +1 -1
package/dist/scanners/logic/auth-flow-analyzer.d.ts +18 -0
package/dist/scanners/logic/auth-flow-analyzer.d.ts.map +1 -0
package/dist/scanners/logic/auth-flow-analyzer.js +384 -0
package/dist/scanners/logic/auth-flow-analyzer.js.map +1 -0
package/dist/scanners/logic/endpoint-analyzer.d.ts +29 -0
package/dist/scanners/logic/endpoint-analyzer.d.ts.map +1 -0
package/dist/scanners/logic/endpoint-analyzer.js +528 -0
package/dist/scanners/logic/endpoint-analyzer.js.map +1 -0
package/dist/scanners/logic/index.d.ts +41 -0
package/dist/scanners/logic/index.d.ts.map +1 -0
package/dist/scanners/logic/index.js +268 -0
package/dist/scanners/logic/index.js.map +1 -0
package/dist/scanners/logic/types.d.ts +254 -0
package/dist/scanners/logic/types.d.ts.map +1 -0
package/dist/scanners/logic/types.js +142 -0
package/dist/scanners/logic/types.js.map +1 -0
package/dist/scanners/runtime/app-launcher.d.ts +33 -0
package/dist/scanners/runtime/app-launcher.d.ts.map +1 -0
package/dist/scanners/runtime/app-launcher.js +419 -0
package/dist/scanners/runtime/app-launcher.js.map +1 -0
package/dist/scanners/runtime/golden-path-runner.d.ts +48 -0
package/dist/scanners/runtime/golden-path-runner.d.ts.map +1 -0
package/dist/scanners/runtime/golden-path-runner.js +373 -0
package/dist/scanners/runtime/golden-path-runner.js.map +1 -0
package/dist/scanners/runtime/index.d.ts +41 -0
package/dist/scanners/runtime/index.d.ts.map +1 -0
package/dist/scanners/runtime/index.js +164 -0
package/dist/scanners/runtime/index.js.map +1 -0
package/dist/scanners/runtime/playwright-executor.d.ts +50 -0
package/dist/scanners/runtime/playwright-executor.d.ts.map +1 -0
package/dist/scanners/runtime/playwright-executor.js +387 -0
package/dist/scanners/runtime/playwright-executor.js.map +1 -0
package/dist/scanners/runtime/types.d.ts +215 -0
package/dist/scanners/runtime/types.d.ts.map +1 -0
package/dist/scanners/runtime/types.js +40 -0
package/dist/scanners/runtime/types.js.map +1 -0
package/dist/scanners/scale/bottleneck-detector.d.ts +17 -0
package/dist/scanners/scale/bottleneck-detector.d.ts.map +1 -0
package/dist/scanners/scale/bottleneck-detector.js +250 -0
package/dist/scanners/scale/bottleneck-detector.js.map +1 -0
package/dist/scanners/scale/capacity-estimator.d.ts +17 -0
package/dist/scanners/scale/capacity-estimator.d.ts.map +1 -0
package/dist/scanners/scale/capacity-estimator.js +197 -0
package/dist/scanners/scale/capacity-estimator.js.map +1 -0
package/dist/scanners/scale/index.d.ts +37 -0
package/dist/scanners/scale/index.d.ts.map +1 -0
package/dist/scanners/scale/index.js +101 -0
package/dist/scanners/scale/index.js.map +1 -0
package/dist/scanners/scale/load-profiler.d.ts +48 -0
package/dist/scanners/scale/load-profiler.d.ts.map +1 -0
package/dist/scanners/scale/load-profiler.js +377 -0
package/dist/scanners/scale/load-profiler.js.map +1 -0
package/dist/scanners/scale/types.d.ts +529 -0
package/dist/scanners/scale/types.d.ts.map +1 -0
package/dist/scanners/scale/types.js +57 -0
package/dist/scanners/scale/types.js.map +1 -0
package/dist/scanners/secrets.d.ts.map +1 -1
package/dist/scanners/secrets.js +13 -2
package/dist/scanners/secrets.js.map +1 -1
package/dist/scanners/types.d.ts +1 -1
package/dist/scanners/types.d.ts.map +1 -1
package/dist/scanners/types.js +4 -0
package/dist/scanners/types.js.map +1 -1
package/package.json +8 -4
package/skills/vaspera-add-tests/SKILL.md +102 -0
package/skills/vaspera-ai-verify/SKILL.md +166 -0
package/skills/vaspera-audit/SKILL.md +67 -0
package/skills/vaspera-certify/SKILL.md +130 -0
package/skills/vaspera-deploy/SKILL.md +152 -0
package/skills/vaspera-fix-critical/SKILL.md +52 -0
package/skills/vaspera-fix-high/SKILL.md +81 -0
package/skills/vaspera-fix-medium/SKILL.md +56 -0
package/skills/vaspera-fix-rls/SKILL.md +85 -0
package/skills/vaspera-harden/SKILL.md +102 -0
package/skills/vaspera-help/SKILL.md +61 -0
package/skills/vaspera-load-test/SKILL.md +167 -0
package/skills/vaspera-verify/SKILL.md +70 -0
package/skills/vaspera-verify-e2e/SKILL.md +117 -0

package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.js ADDED Viewed

@@ -0,0 +1,238 @@
+/**
+ * Property-Based Tests for Endpoint Analyzer
+ *
+ * Tests invariants of extractPathParams and inferResourceType
+ * using fast-check property-based testing.
+ *
+ * @module __tests__/scanners/logic/endpoint-analyzer.property
+ */
+import { describe, it } from "vitest";
+import * as fc from "fast-check";
+import { extractPathParams, inferResourceType, } from "../../../scanners/logic/endpoint-analyzer.js";
+import { arbitraries, expressPath, nextjsPath, flaskPath, springPath, uniqueParamNames, PARAM_DELIMITERS, containsAny, } from "../../property-test-helpers.js";
+describe("extractPathParams - Property Tests", () => {
+    describe("Invariants", () => {
+        it("always returns an array", () => {
+            fc.assert(fc.property(fc.string(), (path) => {
+                const result = extractPathParams(path);
+                return Array.isArray(result);
+            }));
+        });
+        it("never returns params containing delimiter characters", () => {
+            fc.assert(fc.property(fc.string(), (path) => {
+                const result = extractPathParams(path);
+                return result.every((param) => !containsAny(param, PARAM_DELIMITERS));
+            }));
+        });
+        it("is idempotent - same input always produces same output", () => {
+            fc.assert(fc.property(fc.string(), (path) => {
+                const r1 = extractPathParams(path);
+                const r2 = extractPathParams(path);
+                return JSON.stringify(r1) === JSON.stringify(r2);
+            }));
+        });
+        it("returns empty array for paths without parameter syntax", () => {
+            fc.assert(fc.property(fc.array(arbitraries.pathSegment, { minLength: 1, maxLength: 5 }), (segments) => {
+                // Build a path with no parameter syntax
+                const path = "/" + segments.join("/");
+                const result = extractPathParams(path);
+                return result.length === 0;
+            }));
+        });
+    });
+    describe("Express-style :param", () => {
+        it("extracts all colon-prefixed params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = expressPath(paramNames);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts correct number of params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = expressPath(paramNames);
+                const result = extractPathParams(path);
+                return result.length === paramNames.length;
+            }));
+        });
+    });
+    describe("Next.js-style [param]", () => {
+        it("extracts all bracket params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = nextjsPath(paramNames);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts correct number of params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = nextjsPath(paramNames);
+                const result = extractPathParams(path);
+                return result.length === paramNames.length;
+            }));
+        });
+    });
+    describe("Flask-style <param>", () => {
+        it("extracts all angle bracket params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = flaskPath(paramNames, false);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts params ignoring type hints", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = flaskPath(paramNames, true);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+    });
+    describe("Spring-style {param}", () => {
+        it("extracts all curly brace params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = springPath(paramNames);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts correct number of params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = springPath(paramNames);
+                const result = extractPathParams(path);
+                return result.length === paramNames.length;
+            }));
+        });
+    });
+    describe("Cross-framework consistency", () => {
+        it("all framework styles extract same param names", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const expressResult = new Set(extractPathParams(expressPath(paramNames)));
+                const nextjsResult = new Set(extractPathParams(nextjsPath(paramNames)));
+                const flaskResult = new Set(extractPathParams(flaskPath(paramNames)));
+                const springResult = new Set(extractPathParams(springPath(paramNames)));
+                // All should extract the same set of param names
+                const expected = new Set(paramNames);
+                const setsEqual = (a, b) => a.size === b.size && [...a].every((x) => b.has(x));
+                return (setsEqual(expressResult, expected) &&
+                    setsEqual(nextjsResult, expected) &&
+                    setsEqual(flaskResult, expected) &&
+                    setsEqual(springResult, expected));
+            }));
+        });
+    });
+});
+describe("inferResourceType - Property Tests", () => {
+    describe("Singularization properties", () => {
+        it("output is never longer than the resource segment", () => {
+            fc.assert(fc.property(arbitraries.pluralNoun, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                return result.length <= plural.length;
+            }));
+        });
+        it("returns undefined for empty or root paths", () => {
+            fc.assert(fc.property(fc.constantFrom("", "/", "//"), (path) => {
+                const result = inferResourceType(path);
+                return result === undefined;
+            }));
+        });
+        it("result does not end with 's' for regular plurals (with exceptions)", () => {
+            // Words like "users", "orders", "products" should become "user", "order", "product"
+            const regularPlurals = fc.constantFrom("users", "orders", "products", "items", "files", "posts");
+            fc.assert(fc.property(regularPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                // Regular plurals (ending in just 's') should be singularized
+                return !result.endsWith("s") || result.endsWith("ss");
+            }));
+        });
+        it("'-ies' endings become '-y'", () => {
+            const iesPlurals = fc.constantFrom("categories", "companies", "stories", "entries", "policies");
+            fc.assert(fc.property(iesPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                return result.endsWith("y");
+            }));
+        });
+        it("handles '-ses' endings correctly", () => {
+            const sesPlurals = fc.constantFrom("addresses", "statuses", "databases");
+            fc.assert(fc.property(sesPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                // "addresses" -> "address", "statuses" -> "status"
+                return !result.endsWith("es") || result === plural;
+            }));
+        });
+        it("handles '-xes', '-ches', '-shes' endings", () => {
+            const esPlurals = fc.constantFrom("boxes", "matches", "bushes", "taxes");
+            fc.assert(fc.property(esPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                // These should drop "es" but keep the base
+                return result.length < plural.length;
+            }));
+        });
+        it("is idempotent after one application", () => {
+            fc.assert(fc.property(arbitraries.pluralNoun, (plural) => {
+                const path1 = `/api/${plural}`;
+                const result1 = inferResourceType(path1);
+                if (!result1)
+                    return true;
+                // Applying again (pluralizing then singularizing) should be stable
+                const path2 = `/api/${result1}s`;
+                const result2 = inferResourceType(path2);
+                // The second singularization should match the first
+                // (This tests stability, not exact equality since re-pluralizing changes the input)
+                return result2 !== undefined;
+            }));
+        });
+    });
+    describe("API path handling", () => {
+        it("extracts resource from standard API paths", () => {
+            fc.assert(fc.property(arbitraries.apiPrefix, arbitraries.pluralNoun, (prefix, resource) => {
+                const path = `${prefix}/${resource}`;
+                const result = inferResourceType(path);
+                // Should return something for valid paths
+                return result !== undefined || path === "/" || path === "";
+            }));
+        });
+        it("ignores numeric ID segments", () => {
+            fc.assert(fc.property(arbitraries.pluralNoun, fc.nat({ max: 9999 }), (resource, id) => {
+                const path = `/api/${resource}/${id}`;
+                const result = inferResourceType(path);
+                // Should extract the resource, not the ID
+                return result !== undefined && !/^\d+$/.test(result);
+            }));
+        });
+    });
+});
+//# sourceMappingURL=endpoint-analyzer.property.test.js.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"endpoint-analyzer.property.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.property.test.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAU,MAAM,QAAQ,CAAC;AAC9C,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,8CAA8C,CAAC;AACtD,OAAO,EACL,WAAW,EACX,WAAW,EACX,UAAU,EACV,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,GACZ,MAAM,gCAAgC,CAAC;AAExC,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC,CAAC;YACxE,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACnC,MAAM,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACnC,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YACnD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CACT,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,EACjE,CAAC,QAAQ,EAAE,EAAE;gBACX,wCAAwC;gBACxC,MAAM,IAAI,GAAG,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;YAC7B,CAAC,CACF,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;gBACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;gBACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;gBAC1C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACzC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAEzC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC1E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACxE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACtE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAExE,iDAAiD;gBACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;gBACrC,MAAM,SAAS,GAAG,CAAC,CAAc,EAAE,CAAc,EAAE,EAAE,CACnD,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAErD,OAAO,CACL,SAAS,CAAC,aAAa,EAAE,QAAQ,CAAC;oBAClC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC;oBACjC,SAAS,CAAC,WAAW,EAAE,QAAQ,CAAC;oBAChC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC,CAClC,CAAC;YACJ,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBAC7C,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,OAAO,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC;YACxC,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE;gBACnD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,KAAK,SAAS,CAAC;YAC9B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;YAC5E,oFAAoF;YACpF,MAAM,cAAc,GAAG,EAAE,CAAC,YAAY,CACpC,OAAO,EACP,QAAQ,EACR,UAAU,EACV,OAAO,EACP,OAAO,EACP,OAAO,CACR,CAAC;YAEF,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE;gBACrC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,8DAA8D;gBAC9D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAChC,YAAY,EACZ,WAAW,EACX,SAAS,EACT,SAAS,EACT,UAAU,CACX,CAAC;YAEF,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBACjC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YAEzE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBACjC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,mDAAmD;gBACnD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEzE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE;gBAChC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,2CAA2C;gBAC3C,OAAO,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;YACvC,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBAC7C,MAAM,KAAK,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAEzC,IAAI,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAC;gBAE1B,mEAAmE;gBACnE,MAAM,KAAK,GAAG,QAAQ,OAAO,GAAG,CAAC;gBACjC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAEzC,oDAAoD;gBACpD,oFAAoF;gBACpF,OAAO,OAAO,KAAK,SAAS,CAAC;YAC/B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CACT,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,UAAU,EACtB,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBACnB,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,0CAA0C;gBAC1C,OAAO,MAAM,KAAK,SAAS,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;YAC7D,CAAC,CACF,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE;gBAC1E,MAAM,IAAI,GAAG,QAAQ,QAAQ,IAAI,EAAE,EAAE,CAAC;gBACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,0CAA0C;gBAC1C,OAAO,MAAM,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=endpoint-analyzer.test.d.ts.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"endpoint-analyzer.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.js ADDED Viewed

@@ -0,0 +1,55 @@
+import { describe, it, expect } from "vitest";
+import { extractPathParams, inferResourceType, } from "../../../scanners/logic/endpoint-analyzer.js";
+describe("endpoint-analyzer", () => {
+    describe("extractPathParams", () => {
+        it("extracts Express-style colon params", () => {
+            const params = extractPathParams("/api/users/:id/posts/:postId");
+            expect(params).toContain("id");
+            expect(params).toContain("postId");
+        });
+        it("extracts Next.js-style bracket params", () => {
+            const params = extractPathParams("/api/users/[id]/posts/[postId]");
+            expect(params).toContain("id");
+            expect(params).toContain("postId");
+        });
+        it("extracts Flask/Django-style angle bracket params", () => {
+            const params = extractPathParams("/api/users/<id>/posts/<post_id:int>");
+            expect(params).toContain("id");
+            expect(params).toContain("post_id");
+        });
+        it("extracts Spring-style curly brace params", () => {
+            const params = extractPathParams("/api/users/{id}/posts/{postId}");
+            expect(params).toContain("id");
+            expect(params).toContain("postId");
+        });
+        it("returns empty array for paths without params", () => {
+            const params = extractPathParams("/api/users/all");
+            expect(params).toHaveLength(0);
+        });
+        it("handles mixed parameter styles", () => {
+            const params = extractPathParams("/api/:userId/[orderId]");
+            expect(params).toContain("userId");
+            expect(params).toContain("orderId");
+        });
+    });
+    describe("inferResourceType", () => {
+        it("infers resource from API path", () => {
+            expect(inferResourceType("/api/users")).toBe("user");
+            expect(inferResourceType("/api/v1/orders")).toBe("order");
+            expect(inferResourceType("/api/products/123")).toBe("product");
+        });
+        it("handles pluralized resources correctly", () => {
+            expect(inferResourceType("/api/categories")).toBe("category");
+            expect(inferResourceType("/api/companies")).toBe("company");
+            expect(inferResourceType("/api/addresses")).toBe("address");
+        });
+        it("extracts first resource segment from nested paths", () => {
+            // The function extracts the first resource segment after /api/v*
+            expect(inferResourceType("/api/v2/admin/users")).toBe("admin");
+        });
+        it("returns undefined for root paths", () => {
+            expect(inferResourceType("/")).toBeUndefined();
+        });
+    });
+});
+//# sourceMappingURL=endpoint-analyzer.test.js.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"endpoint-analyzer.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,8CAA8C,CAAC;AAEtD,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,gCAAgC,CAAC,CAAC;YACnE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,MAAM,GAAG,iBAAiB,CAAC,qCAAqC,CAAC,CAAC;YACxE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,MAAM,GAAG,iBAAiB,CAAC,gCAAgC,CAAC,CAAC;YACnE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,iBAAiB,CAAC,wBAAwB,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1D,MAAM,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9D,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5D,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,iEAAiE;YACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/logic/index.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=index.test.d.ts.map

package/dist/__tests__/scanners/logic/index.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/index.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/logic/index.test.js ADDED Viewed

@@ -0,0 +1,165 @@
+import { describe, it, expect } from "vitest";
+import { formatLogicResults, getVulnerabilityDescription, } from "../../../scanners/logic/index.js";
+describe("logic index", () => {
+    describe("formatLogicResults", () => {
+        it("formats empty results", () => {
+            const result = {
+                projectPath: "/test",
+                framework: "nextjs",
+                endpoints: [],
+                vulnerabilities: [],
+                findings: [],
+                stats: {
+                    filesAnalyzed: 0,
+                    endpointsFound: 0,
+                    vulnerabilitiesFound: 0,
+                    bySeverity: {},
+                    byVulnType: {},
+                },
+                duration: 1000,
+                success: true,
+            };
+            const output = formatLogicResults(result);
+            expect(output).toContain("Business Logic Security Scan");
+            expect(output).toContain("Framework**: nextjs");
+            expect(output).toContain("No authorization vulnerabilities detected");
+        });
+        it("formats results with vulnerabilities", () => {
+            const vuln = {
+                vulnType: "bola",
+                name: "Broken Object Level Authorization",
+                description: "Endpoint accesses user data without ownership check",
+                severity: "high",
+                confidence: 80,
+                endpoint: "/api/users/:id",
+                method: "GET",
+                file: "src/routes/users.ts",
+                line: 15,
+                authCheck: { present: true, bypassable: false },
+                cweIds: ["CWE-639"],
+                owaspRefs: ["OWASP API1:2023"],
+                remediation: "Add ownership verification",
+            };
+            const result = {
+                projectPath: "/test",
+                framework: "express",
+                endpoints: [],
+                vulnerabilities: [vuln],
+                findings: [],
+                stats: {
+                    filesAnalyzed: 5,
+                    endpointsFound: 10,
+                    vulnerabilitiesFound: 1,
+                    bySeverity: { high: 1 },
+                    byVulnType: { bola: 1 },
+                },
+                duration: 2000,
+                success: true,
+            };
+            const output = formatLogicResults(result);
+            expect(output).toContain("HIGH (1)");
+            expect(output).toContain("Broken Object Level Authorization");
+            expect(output).toContain("/api/users/:id");
+            expect(output).toContain("CWE-639");
+            expect(output).toContain("OWASP API1:2023");
+        });
+        it("handles failed scans", () => {
+            const result = {
+                projectPath: "/test",
+                framework: "auto",
+                endpoints: [],
+                vulnerabilities: [],
+                findings: [],
+                stats: {
+                    filesAnalyzed: 0,
+                    endpointsFound: 0,
+                    vulnerabilitiesFound: 0,
+                    bySeverity: {},
+                    byVulnType: {},
+                },
+                duration: 100,
+                success: false,
+                error: "Failed to read project files",
+            };
+            const output = formatLogicResults(result);
+            expect(output).toContain("Error");
+            expect(output).toContain("Failed to read project files");
+        });
+        it("groups vulnerabilities by severity", () => {
+            const criticalVuln = {
+                vulnType: "missing-auth",
+                name: "Missing Authentication",
+                description: "No auth required",
+                severity: "critical",
+                confidence: 90,
+                endpoint: "/api/admin",
+                method: "DELETE",
+                file: "src/routes/admin.ts",
+                line: 5,
+                authCheck: { present: false, bypassable: false },
+                cweIds: ["CWE-306"],
+                owaspRefs: ["OWASP API2:2023"],
+                remediation: "Add authentication",
+            };
+            const highVuln = {
+                vulnType: "bola",
+                name: "BOLA",
+                description: "BOLA vuln",
+                severity: "high",
+                confidence: 80,
+                endpoint: "/api/orders/:id",
+                method: "GET",
+                file: "src/routes/orders.ts",
+                line: 10,
+                authCheck: { present: true, bypassable: false },
+                cweIds: ["CWE-639"],
+                owaspRefs: ["OWASP API1:2023"],
+                remediation: "Add ownership check",
+            };
+            const result = {
+                projectPath: "/test",
+                framework: "express",
+                endpoints: [],
+                vulnerabilities: [highVuln, criticalVuln], // Order shouldn't matter
+                findings: [],
+                stats: {
+                    filesAnalyzed: 2,
+                    endpointsFound: 2,
+                    vulnerabilitiesFound: 2,
+                    bySeverity: { critical: 1, high: 1 },
+                    byVulnType: { "missing-auth": 1, bola: 1 },
+                },
+                duration: 1000,
+                success: true,
+            };
+            const output = formatLogicResults(result);
+            // Critical should appear before high
+            const criticalIndex = output.indexOf("CRITICAL");
+            const highIndex = output.indexOf("HIGH");
+            expect(criticalIndex).toBeLessThan(highIndex);
+        });
+    });
+    describe("getVulnerabilityDescription", () => {
+        it("returns description for BOLA", () => {
+            const desc = getVulnerabilityDescription("bola");
+            expect(desc.name).toBe("Broken Object Level Authorization");
+            expect(desc.description).toContain("API");
+            expect(desc.cweIds).toContain("CWE-639");
+            expect(desc.owaspRefs).toContain("OWASP API1:2023");
+            expect(desc.severity).toBe("high");
+        });
+        it("returns description for missing-auth", () => {
+            const desc = getVulnerabilityDescription("missing-auth");
+            expect(desc.name).toBe("Missing Authentication");
+            expect(desc.cweIds).toContain("CWE-306");
+            expect(desc.severity).toBe("critical");
+        });
+        it("returns description for mass-assignment", () => {
+            const desc = getVulnerabilityDescription("mass-assignment");
+            expect(desc.name).toBe("Mass Assignment");
+            expect(desc.cweIds).toContain("CWE-915");
+            expect(desc.severity).toBe("medium");
+        });
+    });
+});
+//# sourceMappingURL=index.test.js.map

package/dist/__tests__/scanners/logic/index.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/index.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,2BAA2B,GAG5B,MAAM,kCAAkC,CAAC;AAE1C,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,MAAM,GAAoB;gBAC9B,WAAW,EAAE,OAAO;gBACpB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,EAAE;gBACb,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,EAAE;gBACZ,KAAK,EAAE;oBACL,aAAa,EAAE,CAAC;oBAChB,cAAc,EAAE,CAAC;oBACjB,oBAAoB,EAAE,CAAC;oBACvB,UAAU,EAAE,EAAE;oBACd,UAAU,EAAE,EAAE;iBACf;gBACD,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,IAAI;aACd,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2CAA2C,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,IAAI,GAAuB;gBAC/B,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,mCAAmC;gBACzC,WAAW,EAAE,qDAAqD;gBAClE,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,EAAE;gBACd,QAAQ,EAAE,gBAAgB;gBAC1B,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,qBAAqB;gBAC3B,IAAI,EAAE,EAAE;gBACR,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE;gBAC/C,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,CAAC,iBAAiB,CAAC;gBAC9B,WAAW,EAAE,4BAA4B;aAC1C,CAAC;YAEF,MAAM,MAAM,GAAoB;gBAC9B,WAAW,EAAE,OAAO;gBACpB,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,EAAE;gBACb,eAAe,EAAE,CAAC,IAAI,CAAC;gBACvB,QAAQ,EAAE,EAAE;gBACZ,KAAK,EAAE;oBACL,aAAa,EAAE,CAAC;oBAChB,cAAc,EAAE,EAAE;oBAClB,oBAAoB,EAAE,CAAC;oBACvB,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;oBACvB,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;iBACxB;gBACD,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,IAAI;aACd,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC;YAC9D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,MAAM,GAAoB;gBAC9B,WAAW,EAAE,OAAO;gBACpB,SAAS,EAAE,MAAM;gBACjB,SAAS,EAAE,EAAE;gBACb,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,EAAE;gBACZ,KAAK,EAAE;oBACL,aAAa,EAAE,CAAC;oBAChB,cAAc,EAAE,CAAC;oBACjB,oBAAoB,EAAE,CAAC;oBACvB,UAAU,EAAE,EAAE;oBACd,UAAU,EAAE,EAAE;iBACf;gBACD,QAAQ,EAAE,GAAG;gBACb,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,8BAA8B;aACtC,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,YAAY,GAAuB;gBACvC,QAAQ,EAAE,cAAc;gBACxB,IAAI,EAAE,wBAAwB;gBAC9B,WAAW,EAAE,kBAAkB;gBAC/B,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,EAAE;gBACd,QAAQ,EAAE,YAAY;gBACtB,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,qBAAqB;gBAC3B,IAAI,EAAE,CAAC;gBACP,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;gBAChD,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,CAAC,iBAAiB,CAAC;gBAC9B,WAAW,EAAE,oBAAoB;aAClC,CAAC;YAEF,MAAM,QAAQ,GAAuB;gBACnC,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,WAAW;gBACxB,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,EAAE;gBACd,QAAQ,EAAE,iBAAiB;gBAC3B,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,sBAAsB;gBAC5B,IAAI,EAAE,EAAE;gBACR,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE;gBAC/C,MAAM,EAAE,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,CAAC,iBAAiB,CAAC;gBAC9B,WAAW,EAAE,qBAAqB;aACnC,CAAC;YAEF,MAAM,MAAM,GAAoB;gBAC9B,WAAW,EAAE,OAAO;gBACpB,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,EAAE;gBACb,eAAe,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,yBAAyB;gBACpE,QAAQ,EAAE,EAAE;gBACZ,KAAK,EAAE;oBACL,aAAa,EAAE,CAAC;oBAChB,cAAc,EAAE,CAAC;oBACjB,oBAAoB,EAAE,CAAC;oBACvB,UAAU,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE;oBACpC,UAAU,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE;iBAC3C;gBACD,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,IAAI;aACd,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAE1C,qCAAqC;YACrC,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACzC,MAAM,CAAC,aAAa,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,IAAI,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;YAEjD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YAC5D,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,IAAI,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAC;YAEzD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,IAAI,GAAG,2BAA2B,CAAC,iBAAiB,CAAC,CAAC;YAE5D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/logic/types.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.test.d.ts.map

package/dist/__tests__/scanners/logic/types.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/types.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/logic/types.test.js ADDED Viewed

@@ -0,0 +1,85 @@
+import { describe, it, expect } from "vitest";
+import { LOGIC_VULN_CWE_MAP, LOGIC_VULN_OWASP_MAP, LOGIC_VULN_SEVERITY_MAP, FRAMEWORK_DETECTION_PATTERNS, } from "../../../scanners/logic/types.js";
+describe("logic types", () => {
+    describe("LOGIC_VULN_CWE_MAP", () => {
+        it("maps all vulnerability types to CWE IDs", () => {
+            const vulnTypes = [
+                "bola",
+                "idor",
+                "bfla",
+                "mass-assignment",
+                "race-condition-auth",
+                "privilege-escalation",
+                "missing-auth",
+                "missing-authz",
+                "direct-db-access",
+                "horizontal-priv-esc",
+                "vertical-priv-esc",
+            ];
+            for (const vulnType of vulnTypes) {
+                expect(LOGIC_VULN_CWE_MAP[vulnType]).toBeDefined();
+                expect(LOGIC_VULN_CWE_MAP[vulnType].length).toBeGreaterThan(0);
+                expect(LOGIC_VULN_CWE_MAP[vulnType][0]).toMatch(/^CWE-\d+$/);
+            }
+        });
+        it("contains correct CWE for BOLA", () => {
+            expect(LOGIC_VULN_CWE_MAP["bola"]).toContain("CWE-639");
+        });
+        it("contains correct CWE for missing-auth", () => {
+            expect(LOGIC_VULN_CWE_MAP["missing-auth"]).toContain("CWE-306");
+        });
+    });
+    describe("LOGIC_VULN_OWASP_MAP", () => {
+        it("maps all vulnerability types to OWASP references", () => {
+            const vulnTypes = [
+                "bola",
+                "idor",
+                "bfla",
+                "mass-assignment",
+                "privilege-escalation",
+            ];
+            for (const vulnType of vulnTypes) {
+                expect(LOGIC_VULN_OWASP_MAP[vulnType]).toBeDefined();
+                expect(LOGIC_VULN_OWASP_MAP[vulnType].length).toBeGreaterThan(0);
+                expect(LOGIC_VULN_OWASP_MAP[vulnType][0]).toMatch(/^OWASP/);
+            }
+        });
+        it("maps BOLA to API1:2023", () => {
+            expect(LOGIC_VULN_OWASP_MAP["bola"]).toContain("OWASP API1:2023");
+        });
+    });
+    describe("LOGIC_VULN_SEVERITY_MAP", () => {
+        it("maps privilege escalation to critical", () => {
+            expect(LOGIC_VULN_SEVERITY_MAP["privilege-escalation"]).toBe("critical");
+        });
+        it("maps missing-auth to critical", () => {
+            expect(LOGIC_VULN_SEVERITY_MAP["missing-auth"]).toBe("critical");
+        });
+        it("maps bola to high", () => {
+            expect(LOGIC_VULN_SEVERITY_MAP["bola"]).toBe("high");
+        });
+        it("maps mass-assignment to medium", () => {
+            expect(LOGIC_VULN_SEVERITY_MAP["mass-assignment"]).toBe("medium");
+        });
+    });
+    describe("FRAMEWORK_DETECTION_PATTERNS", () => {
+        it("defines patterns for common frameworks", () => {
+            const frameworks = ["nextjs", "express", "fastify", "nestjs", "django", "flask"];
+            for (const framework of frameworks) {
+                const patterns = FRAMEWORK_DETECTION_PATTERNS[framework];
+                expect(patterns).toBeDefined();
+                expect(patterns.packageNames).toBeDefined();
+            }
+        });
+        it("Next.js patterns include next package", () => {
+            expect(FRAMEWORK_DETECTION_PATTERNS.nextjs.packageNames).toContain("next");
+        });
+        it("Express patterns include express package", () => {
+            expect(FRAMEWORK_DETECTION_PATTERNS.express.packageNames).toContain("express");
+        });
+        it("NestJS patterns include @nestjs/core package", () => {
+            expect(FRAMEWORK_DETECTION_PATTERNS.nestjs.packageNames).toContain("@nestjs/core");
+        });
+    });
+});
+//# sourceMappingURL=types.test.js.map

package/dist/__tests__/scanners/logic/types.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/types.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,uBAAuB,EACvB,4BAA4B,GAE7B,MAAM,kCAAkC,CAAC;AAE1C,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,SAAS,GAAoB;gBACjC,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,iBAAiB;gBACjB,qBAAqB;gBACrB,sBAAsB;gBACtB,cAAc;gBACd,eAAe;gBACf,kBAAkB;gBAClB,qBAAqB;gBACrB,mBAAmB;aACpB,CAAC;YAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACnD,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAC/D,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,SAAS,GAAoB;gBACjC,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,iBAAiB;gBACjB,sBAAsB;aACvB,CAAC;YAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACrD,MAAM,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACjE,MAAM,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,uBAAuB,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEjF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,QAAQ,GAAG,4BAA4B,CAAC,SAAsD,CAAC,CAAC;gBACtG,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC/B,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,4BAA4B,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/runtime/app-launcher.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=app-launcher.test.d.ts.map

package/dist/__tests__/scanners/runtime/app-launcher.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"app-launcher.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/runtime/app-launcher.test.ts"],"names":[],"mappings":""}