verification-layer 0.20.0 → 0.22.0

package/dist/scanners/errors/index.js

@@ -0,0 +1,78 @@
+/**
+ * Error Handling Security Scanner
+ * Detects unsafe error responses and PHI in error logs
+ */
+import * as fs from 'fs/promises';
+import { ALL_ERROR_PATTERNS } from './patterns.js';
+export const errorsScanner = {
+    name: 'Error Handling Security Scanner',
+    category: 'audit-logging',
+    async scan(files, options) {
+        const findings = [];
+        // Filter to code files
+        const codeFiles = files.filter((f) => /\.(ts|tsx|js|jsx)$/.test(f));
+        for (const file of codeFiles) {
+            try {
+                const content = await fs.readFile(file, 'utf-8');
+                const lines = content.split('\n');
+                // Check if this is a test file (check filename)
+                const isTestFile = /\.(?:test|spec)\.[jt]sx?$/.test(file);
+                for (let i = 0; i < lines.length; i++) {
+                    const line = lines[i];
+                    const lineNumber = i + 1;
+                    // Skip empty lines
+                    if (/^\s*$/.test(line))
+                        continue;
+                    // Scan each pattern
+                    for (const pattern of ALL_ERROR_PATTERNS) {
+                        // Check if line matches any pattern
+                        const matched = pattern.patterns.some((regex) => regex.test(line));
+                        if (!matched)
+                            continue;
+                        // For ERROR-002, skip test files
+                        if (pattern.id === 'ERROR-002' && isTestFile)
+                            continue;
+                        // Get surrounding context (5 lines before and after)
+                        const contextStart = Math.max(0, i - 5);
+                        const contextEnd = Math.min(lines.length, i + 6);
+                        const context = lines.slice(contextStart, contextEnd).join('\n');
+                        // Check negative patterns (safe usage indicators)
+                        // For ERROR-001, only check development env in context, rest in current line
+                        // For ERROR-002, check redaction/masking in context, test file in filename
+                        const isSafe = pattern.negativePatterns?.some((regex) => {
+                            const patternStr = regex.source;
+                            // Check development environment and redaction/masking in context
+                            if (/NODE_ENV|isDevelopment|redact|mask|sanitize|obfuscate/i.test(patternStr)) {
+                                return regex.test(context);
+                            }
+                            // All other patterns check current line only
+                            return regex.test(line);
+                        });
+                        if (isSafe)
+                            continue;
+                        // Create finding
+                        const finding = {
+                            id: pattern.id,
+                            category: pattern.category,
+                            severity: pattern.severity,
+                            title: pattern.name,
+                            description: `${pattern.description}\n\nCode: ${line.trim()}`,
+                            file: file,
+                            line: lineNumber,
+                            recommendation: pattern.recommendation,
+                            hipaaReference: pattern.hipaaReference,
+                            confidence: 'high',
+                        };
+                        findings.push(finding);
+                    }
+                }
+            }
+            catch (error) {
+                // Skip files that can't be read
+            }
+        }
+        return findings;
+    },
+};
+export default errorsScanner;
+//# sourceMappingURL=index.js.map

package/dist/scanners/errors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/errors/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,CAAC,MAAM,aAAa,GAAY;IACpC,IAAI,EAAE,iCAAiC;IACvC,QAAQ,EAAE,eAAe;IAEzB,KAAK,CAAC,IAAI,CAAC,KAAe,EAAE,OAAoB;QAC9C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,uBAAuB;QACvB,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACnC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,CAC7B,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAElC,gDAAgD;gBAChD,MAAM,UAAU,GAAG,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAE1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;oBACtB,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;oBAEzB,mBAAmB;oBACnB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;wBAAE,SAAS;oBAEjC,oBAAoB;oBACpB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;wBACzC,oCAAoC;wBACpC,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;wBAEnE,IAAI,CAAC,OAAO;4BAAE,SAAS;wBAEvB,iCAAiC;wBACjC,IAAI,OAAO,CAAC,EAAE,KAAK,WAAW,IAAI,UAAU;4BAAE,SAAS;wBAEvD,qDAAqD;wBACrD,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;wBACxC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;wBACjD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAEjE,kDAAkD;wBAClD,6EAA6E;wBAC7E,2EAA2E;wBAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;4BACtD,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;4BAChC,iEAAiE;4BACjE,IACE,wDAAwD,CAAC,IAAI,CAC3D,UAAU,CACX,EACD,CAAC;gCACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;4BAC7B,CAAC;4BACD,6CAA6C;4BAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAC1B,CAAC,CAAC,CAAC;wBAEH,IAAI,MAAM;4BAAE,SAAS;wBAErB,iBAAiB;wBACjB,MAAM,OAAO,GAAY;4BACvB,EAAE,EAAE,OAAO,CAAC,EAAE;4BACd,QAAQ,EAAE,OAAO,CAAC,QAAe;4BACjC,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,KAAK,EAAE,OAAO,CAAC,IAAI;4BACnB,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,aAAa,IAAI,CAAC,IAAI,EAAE,EAAE;4BAC7D,IAAI,EAAE,IAAI;4BACV,IAAI,EAAE,UAAU;4BAChB,cAAc,EAAE,OAAO,CAAC,cAAc;4BACtC,cAAc,EAAE,OAAO,CAAC,cAAc;4BACtC,UAAU,EAAE,MAAM;yBACnB,CAAC;wBAEF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gCAAgC;YAClC,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,eAAe,aAAa,CAAC"}

package/dist/scanners/errors/index.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Error Handling Security Scanner Tests
+ */
+export {};
+//# sourceMappingURL=index.test.d.ts.map

package/dist/scanners/errors/index.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../../../src/scanners/errors/index.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/scanners/errors/index.test.js

@@ -0,0 +1,330 @@
+/**
+ * Error Handling Security Scanner Tests
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { errorsScanner } from './index.js';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as os from 'os';
+describe('Error Handling Security Scanner', () => {
+    let tempDir = '';
+    let testFiles = [];
+    beforeEach(async () => {
+        tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'errors-test-'));
+    });
+    afterEach(async () => {
+        // Cleanup
+        for (const file of testFiles) {
+            try {
+                await fs.unlink(file);
+            }
+            catch {
+                // Ignore
+            }
+        }
+        try {
+            await fs.rm(tempDir, { recursive: true, force: true });
+        }
+        catch {
+            // Ignore
+        }
+        testFiles = [];
+    });
+    async function createTestFile(filename, content) {
+        const filePath = path.join(tempDir, filename);
+        await fs.writeFile(filePath, content, 'utf-8');
+        testFiles.push(filePath);
+        return filePath;
+    }
+    const scanOptions = {
+        path: tempDir,
+    };
+    describe('ERROR-001: Unsanitized Error Details Sent to User', () => {
+        it('should detect error.stack in res.send', async () => {
+            const file = await createTestFile('error-stack.ts', `
+// VIOLATION ERROR-001: Sending error.stack to user
+app.get('/api/data', (req, res) => {
+  try {
+    processData();
+  } catch (error) {
+    res.send(error.stack);
+  }
+});
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.length).toBeGreaterThan(0);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+        });
+        it('should detect error.stack in res.json', async () => {
+            const file = await createTestFile('error-json.ts', `
+// VIOLATION ERROR-001: JSON with error.stack
+export async function handler(req, res) {
+  try {
+    await fetchData();
+  } catch (err) {
+    res.json({ error: err.stack });
+  }
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+        });
+        it('should detect error.message in res.send', async () => {
+            const file = await createTestFile('error-message.ts', `
+// VIOLATION ERROR-001: Sending error.message
+catch (error) {
+  res.send(error.message);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+        });
+        it('should detect error object sent directly', async () => {
+            const file = await createTestFile('error-direct.ts', `
+// VIOLATION ERROR-001: Sending full error object
+catch (err) {
+  return res.json(err);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+        });
+        it('should detect error in catch block response', async () => {
+            const file = await createTestFile('catch-error.ts', `
+// VIOLATION ERROR-001: Catch block sends error
+try {
+  doSomething();
+} catch (error) { res.send(error); }
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+        });
+        it('should detect next(error) pattern', async () => {
+            const file = await createTestFile('next-error.ts', `
+// VIOLATION ERROR-001: Passing error to next
+catch (error) {
+  next(error);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+        });
+        it('should NOT flag sanitized errors', async () => {
+            const file = await createTestFile('sanitized.ts', `
+// SECURE: Sanitized error message
+catch (error) {
+  const sanitizedError = sanitizeError(error);
+  res.send(sanitizedError);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error001 = findings.filter((f) => f.id === 'ERROR-001');
+            expect(error001.length).toBe(0);
+        });
+        it('should NOT flag generic error messages', async () => {
+            const file = await createTestFile('generic.ts', `
+// SECURE: Generic error message
+catch (error) {
+  res.status(500).json({ error: "An error occurred" });
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error001 = findings.filter((f) => f.id === 'ERROR-001');
+            expect(error001.length).toBe(0);
+        });
+        it('should NOT flag console logging (not sent to user)', async () => {
+            const file = await createTestFile('console.ts', `
+// SECURE: Logging error.stack (not sending to user)
+catch (error) {
+  console.error(error.stack);
+  res.status(500).json({ error: "Internal server error" });
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error001 = findings.filter((f) => f.id === 'ERROR-001');
+            expect(error001.length).toBe(0);
+        });
+        it('should NOT flag development environment checks', async () => {
+            const file = await createTestFile('dev-env.ts', `
+// SECURE: Development mode only
+catch (error) {
+  if (process.env.NODE_ENV === 'development') {
+    res.send(error.stack);
+  }
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error001 = findings.filter((f) => f.id === 'ERROR-001');
+            expect(error001.length).toBe(0);
+        });
+    });
+    describe('ERROR-002: PHI in Error Logs or Thrown Errors', () => {
+        it('should detect patient data in console.log', async () => {
+            const file = await createTestFile('console-patient.ts', `
+// VIOLATION ERROR-002: PHI in console.log
+function processPatient(patient) {
+  console.log('Processing patient:', patient);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect SSN in console.error', async () => {
+            const file = await createTestFile('console-ssn.ts', `
+// VIOLATION ERROR-002: SSN in error log
+if (!validSSN(ssn)) {
+  console.error('Invalid SSN:', ssn);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect DOB in logger.warn', async () => {
+            const file = await createTestFile('logger-dob.ts', `
+// VIOLATION ERROR-002: DOB in logger
+logger.warn('Missing DOB for patient:', { dob: patient.dob });
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect MRN in throw Error', async () => {
+            const file = await createTestFile('throw-mrn.ts', `
+// VIOLATION ERROR-002: MRN in thrown error
+if (!patient) {
+  throw new Error('Patient not found with MRN: ' + mrn);
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect diagnosis in logger.error', async () => {
+            const file = await createTestFile('logger-diagnosis.ts', `
+// VIOLATION ERROR-002: Diagnosis in error log
+logger.error('Failed to save diagnosis:', diagnosis);
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect medication in console.warn', async () => {
+            const file = await createTestFile('console-medication.ts', `
+// VIOLATION ERROR-002: Medication in warning
+console.warn('Discontinued medication:', medication);
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect health_record in logger', async () => {
+            const file = await createTestFile('logger-health.ts', `
+// VIOLATION ERROR-002: Health record in log
+logger.info('Updating health_record:', health_record);
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should detect patientData in console', async () => {
+            const file = await createTestFile('patient-data.ts', `
+// VIOLATION ERROR-002: Patient data object
+console.debug('Patient data:', patientData);
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+        });
+        it('should NOT flag redacted PHI', async () => {
+            const file = await createTestFile('redacted.ts', `
+// SECURE: Redacted patient data
+logger.error('Error processing patient:', {
+  patientId: redact(patient.id)
+});
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error002 = findings.filter((f) => f.id === 'ERROR-002');
+            expect(error002.length).toBe(0);
+        });
+        it('should NOT flag masked data', async () => {
+            const file = await createTestFile('masked.ts', `
+// SECURE: Masked SSN
+console.log('SSN:', maskSsn(patient.ssn));
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error002 = findings.filter((f) => f.id === 'ERROR-002');
+            expect(error002.length).toBe(0);
+        });
+        it('should NOT flag generic patient messages', async () => {
+            const file = await createTestFile('generic-message.ts', `
+// SECURE: Generic message without PHI
+if (!patient) {
+  throw new Error("Patient not found");
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error002 = findings.filter((f) => f.id === 'ERROR-002');
+            expect(error002.length).toBe(0);
+        });
+        it('should NOT flag patient ID only', async () => {
+            const file = await createTestFile('patient-id.ts', `
+// SECURE: Patient ID is allowed (not full PHI)
+logger.error('Error for patient_id:', patient_id);
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error002 = findings.filter((f) => f.id === 'ERROR-002');
+            expect(error002.length).toBe(0);
+        });
+        it('should NOT flag test files', async () => {
+            const file = await createTestFile('patient.test.ts', `
+// SECURE: Test file
+describe('patient tests', () => {
+  it('should process patient', () => {
+    console.log(patient);
+  });
+});
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            const error002 = findings.filter((f) => f.id === 'ERROR-002');
+            expect(error002.length).toBe(0);
+        });
+    });
+    describe('Combined violations', () => {
+        it('should detect multiple ERROR-001 and ERROR-002 violations in same file', async () => {
+            const file = await createTestFile('combined.ts', `
+// Multiple violations
+export async function handler(req, res) {
+  try {
+    const patient = await getPatient(req.params.id);
+    console.log('Processing patient:', patient); // ERROR-002
+    processHealthRecord(patient);
+  } catch (error) {
+    logger.error('Patient error:', patient); // ERROR-002
+    res.send(error.stack); // ERROR-001
+  }
+}
+`);
+            const findings = await errorsScanner.scan([file], scanOptions);
+            expect(findings.some((f) => f.id === 'ERROR-001')).toBe(true);
+            expect(findings.some((f) => f.id === 'ERROR-002')).toBe(true);
+            expect(findings.length).toBeGreaterThanOrEqual(2);
+        });
+    });
+    it('should provide correct HIPAA references', async () => {
+        const file = await createTestFile('hipaa-refs.ts', `
+res.send(error.stack); // ERROR-001
+console.log(patient); // ERROR-002
+`);
+        const findings = await errorsScanner.scan([file], scanOptions);
+        const error001 = findings.find((f) => f.id === 'ERROR-001');
+        const error002 = findings.find((f) => f.id === 'ERROR-002');
+        expect(error001?.hipaaReference).toContain('164.312(b)');
+        expect(error002?.hipaaReference).toContain('164.312(c)');
+    });
+    it('should have correct severity levels', async () => {
+        const file = await createTestFile('severity.ts', `
+res.json(error); // ERROR-001 (high)
+console.log(patient.ssn); // ERROR-002 (critical)
+`);
+        const findings = await errorsScanner.scan([file], scanOptions);
+        const error001 = findings.find((f) => f.id === 'ERROR-001');
+        const error002 = findings.find((f) => f.id === 'ERROR-002');
+        expect(error001?.severity).toBe('high');
+        expect(error002?.severity).toBe('critical');
+    });
+});
+//# sourceMappingURL=index.test.js.map

package/dist/scanners/errors/index.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.js","sourceRoot":"","sources":["../../../src/scanners/errors/index.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AAEzB,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,IAAI,OAAO,GAAW,EAAE,CAAC;IACzB,IAAI,SAAS,GAAa,EAAE,CAAC;IAE7B,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,UAAU;QACV,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,SAAS,GAAG,EAAE,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,KAAK,UAAU,cAAc,CAC3B,QAAgB,EAChB,OAAe;QAEf,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,WAAW,GAAgB;QAC/B,IAAI,EAAE,OAAO;KACd,CAAC;IAEF,QAAQ,CAAC,mDAAmD,EAAE,GAAG,EAAE;QACjE,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,gBAAgB,EAChB;;;;;;;;;CASP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,eAAe,EACf;;;;;;;;;CASP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,kBAAkB,EAClB;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,iBAAiB,EACjB;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,gBAAgB,EAChB;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;YACjD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,eAAe,EACf;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,cAAc,EACd;;;;;;CAMP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,YAAY,EACZ;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,YAAY,EACZ;;;;;;CAMP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,YAAY,EACZ;;;;;;;CAOP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,+CAA+C,EAAE,GAAG,EAAE;QAC7D,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,oBAAoB,EACpB;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,gBAAgB,EAChB;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,eAAe,EACf;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,cAAc,EACd;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,qBAAqB,EACrB;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,uBAAuB,EACvB;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,kBAAkB,EAClB;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,iBAAiB,EACjB;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,aAAa,EACb;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,WAAW,EACX;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,oBAAoB,EACpB;;;;;CAKP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,eAAe,EACf;;;CAGP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,iBAAiB,EACjB;;;;;;;CAOP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;YACtF,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,aAAa,EACb;;;;;;;;;;;;CAYP,CACM,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,eAAe,EACf;;;CAGL,CACI,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;QAE5D,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzD,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,aAAa,EACb;;;CAGL,CACI,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;QAE5D,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/scanners/errors/patterns.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Error Handling Security Detection Patterns
+ * Detects unsafe error responses and PHI in error logs
+ */
+export interface ErrorPattern {
+    id: string;
+    name: string;
+    description: string;
+    severity: 'critical' | 'high' | 'medium';
+    hipaaReference: string;
+    patterns: RegExp[];
+    negativePatterns?: RegExp[];
+    recommendation: string;
+    category: string;
+}
+/**
+ * ERROR-001: Unsanitized Error Details Sent to User
+ * Detects error.stack or error.message sent directly in responses
+ */
+export declare const UNSANITIZED_ERROR_RESPONSE: ErrorPattern;
+/**
+ * ERROR-002: PHI in Error Logs/Throws
+ * Detects PHI data in console.log, logger, or throw Error
+ */
+export declare const PHI_IN_ERROR_LOGS: ErrorPattern;
+export declare const ALL_ERROR_PATTERNS: ErrorPattern[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/scanners/errors/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../src/scanners/errors/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,YAkDxC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,YAiD/B,CAAC;AAEF,eAAO,MAAM,kBAAkB,EAAE,YAAY,EAG5C,CAAC"}

package/dist/scanners/errors/patterns.js

@@ -0,0 +1,97 @@
+/**
+ * Error Handling Security Detection Patterns
+ * Detects unsafe error responses and PHI in error logs
+ */
+/**
+ * ERROR-001: Unsanitized Error Details Sent to User
+ * Detects error.stack or error.message sent directly in responses
+ */
+export const UNSANITIZED_ERROR_RESPONSE = {
+    id: 'ERROR-001',
+    name: 'Unsanitized Error Details Sent to User',
+    description: 'Response sends error.stack or error.message directly to user without sanitization, potentially exposing sensitive system information',
+    severity: 'high',
+    hipaaReference: '45 CFR §164.312(b) - Audit Controls',
+    patterns: [
+        // res.send/json with error.stack
+        /res\.(?:send|json)\s*\([^)]*err(?:or)?\.stack/i,
+        // res.send/json with error.message
+        /res\.(?:send|json)\s*\([^)]*err(?:or)?\.message/i,
+        // res.send/json with error object directly (just the variable)
+        /res\.(?:send|json)\s*\(\s*err(?:or)?\s*\)/i,
+        // return error object directly
+        /return.*?res\.(?:send|json)\s*\(\s*err(?:or)?\s*\)/i,
+        // Response with error details
+        /response\.(?:send|json)\s*\([^)]*err(?:or)?\.(?:stack|message)/i,
+        // Next.js/Express error handlers
+        /next\s*\(\s*err(?:or)?\s*\)/i,
+        // throw error with stack
+        /throw.*?err(?:or)?\.stack/i,
+    ],
+    negativePatterns: [
+        // Sanitized error messages
+        /sanitize/i,
+        /safe.*?error/i,
+        /filterError/i,
+        // Generic user-friendly messages
+        /['"](?:An error occurred|Internal server error|Something went wrong)/i,
+        // Logging (not sending to user)
+        /console\./i,
+        /logger\./i,
+        /log\(/i,
+        // Development environment checks
+        /process\.env\.NODE_ENV\s*===?\s*['"]development['"]/i,
+        /isDevelopment/i,
+    ],
+    recommendation: 'Never send error.stack or error.message directly to users. Use generic error messages for production. Example: res.status(500).json({ error: "An error occurred" }). Log detailed errors server-side only.',
+    category: 'audit-logging',
+};
+/**
+ * ERROR-002: PHI in Error Logs/Throws
+ * Detects PHI data in console.log, logger, or throw Error
+ */
+export const PHI_IN_ERROR_LOGS = {
+    id: 'ERROR-002',
+    name: 'PHI Data in Error Logs or Thrown Errors',
+    description: 'Protected Health Information (patient, ssn, dob, mrn, diagnosis, medication, healthRecord) exposed in console logs, logger, or thrown errors',
+    severity: 'critical',
+    hipaaReference: '45 CFR §164.312(c) - Integrity Controls',
+    patterns: [
+        // console.* with PHI
+        /console\.(?:log|error|warn|info|debug)\s*\([^)]*(?:patient|ssn|dob|mrn|diagnosis|medication|health[-_]?record)/i,
+        // logger.* with PHI
+        /logger\.(?:error|warn|info|debug|log)\s*\([^)]*(?:patient|ssn|dob|mrn|diagnosis|medication|health[-_]?record)/i,
+        // throw Error with PHI
+        /throw\s+(?:new\s+)?Error\s*\([^)]*(?:patient|ssn|dob|mrn|diagnosis|medication|health[-_]?record)/i,
+        // log.* with PHI (Winston, Bunyan, etc.)
+        /log\.(?:error|warn|info|debug)\s*\([^)]*(?:patient|ssn|dob|mrn|diagnosis|medication|health[-_]?record)/i,
+        // console with patient data object
+        /console\.[a-z]+\s*\([^)]*patient(?:Data|Info|Record|Object)/i,
+        // logger with health record
+        /logger\.[a-z]+\s*\([^)]*health[-_]?record/i,
+    ],
+    negativePatterns: [
+        // Redacted or masked PHI
+        /redact/i,
+        /mask/i,
+        /sanitize/i,
+        /obfuscate/i,
+        // Generic messages without actual data
+        /['"]Patient not found['"]/i,
+        /['"]Invalid patient ID['"]/i,
+        /['"]Health record/i,
+        // Patient ID only (not full PHI)
+        /patient[-_]?id\b/i,
+        // Test files
+        /\.test\./i,
+        /\.spec\./i,
+        /describe\(/i,
+    ],
+    recommendation: 'Never log PHI in error messages. Redact sensitive data before logging. Example: logger.error("Error processing patient", { patientId: redact(patient.id) }). Use patient IDs only, never full PHI.',
+    category: 'phi-exposure',
+};
+export const ALL_ERROR_PATTERNS = [
+    UNSANITIZED_ERROR_RESPONSE,
+    PHI_IN_ERROR_LOGS,
+];
+//# sourceMappingURL=patterns.js.map

package/dist/scanners/errors/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/scanners/errors/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAiB;IACtD,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,wCAAwC;IAC9C,WAAW,EACT,sIAAsI;IACxI,QAAQ,EAAE,MAAM;IAChB,cAAc,EAAE,qCAAqC;IACrD,QAAQ,EAAE;QACR,iCAAiC;QACjC,gDAAgD;QAEhD,mCAAmC;QACnC,kDAAkD;QAElD,+DAA+D;QAC/D,4CAA4C;QAE5C,+BAA+B;QAC/B,qDAAqD;QAErD,8BAA8B;QAC9B,iEAAiE;QAEjE,iCAAiC;QACjC,8BAA8B;QAE9B,yBAAyB;QACzB,4BAA4B;KAC7B;IACD,gBAAgB,EAAE;QAChB,2BAA2B;QAC3B,WAAW;QACX,eAAe;QACf,cAAc;QAEd,iCAAiC;QACjC,uEAAuE;QAEvE,gCAAgC;QAChC,YAAY;QACZ,WAAW;QACX,QAAQ;QAER,iCAAiC;QACjC,sDAAsD;QACtD,gBAAgB;KACjB;IACD,cAAc,EACZ,4MAA4M;IAC9M,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAiB;IAC7C,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,yCAAyC;IAC/C,WAAW,EACT,8IAA8I;IAChJ,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,yCAAyC;IACzD,QAAQ,EAAE;QACR,qBAAqB;QACrB,iHAAiH;QAEjH,oBAAoB;QACpB,gHAAgH;QAEhH,uBAAuB;QACvB,mGAAmG;QAEnG,yCAAyC;QACzC,yGAAyG;QAEzG,mCAAmC;QACnC,8DAA8D;QAE9D,4BAA4B;QAC5B,4CAA4C;KAC7C;IACD,gBAAgB,EAAE;QAChB,yBAAyB;QACzB,SAAS;QACT,OAAO;QACP,WAAW;QACX,YAAY;QAEZ,uCAAuC;QACvC,4BAA4B;QAC5B,6BAA6B;QAC7B,oBAAoB;QAEpB,iCAAiC;QACjC,mBAAmB;QAEnB,aAAa;QACb,WAAW;QACX,WAAW;QACX,aAAa;KACd;IACD,cAAc,EACZ,oMAAoM;IACtM,QAAQ,EAAE,cAAc;CACzB,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAmB;IAChD,0BAA0B;IAC1B,iBAAiB;CAClB,CAAC"}

package/dist/scanners/hipaa2026/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * HIPAA 2026 Security Rule Scanner
+ * Implements detection for 15 technical requirements (all now "required")
+ * Expected enforcement: May 2026
+ */
+import type { Scanner } from '../../types.js';
+export declare const hipaa2026Scanner: Scanner;
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/hipaa2026/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/hipaa2026/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAwB,MAAM,gBAAgB,CAAC;AAoRpE,eAAO,MAAM,gBAAgB,EAAE,OAyI9B,CAAC"}