visus-mcp 0.3.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +22 -0
- package/LINKEDIN-STRATEGY.md +367 -0
- package/README.md +491 -16
- package/ROADMAP.md +167 -30
- package/SECURITY-AUDIT-v1.md +277 -0
- package/STATUS.md +801 -42
- package/TROUBLESHOOT-AUTH-20260322-2019.md +291 -0
- package/TROUBLESHOOT-JEST-20260323-1357.md +139 -0
- package/TROUBLESHOOT-LAMBDA-20260322-1945.md +183 -0
- package/VISUS-CLAUDE-CODE-PROMPT.md +1 -1
- package/VISUS-PROJECT-PLAN.md +7 -0
- package/dist/browser/playwright-renderer.d.ts.map +1 -1
- package/dist/browser/playwright-renderer.js +7 -0
- package/dist/browser/playwright-renderer.js.map +1 -1
- package/dist/browser/reader.d.ts +31 -0
- package/dist/browser/reader.d.ts.map +1 -0
- package/dist/browser/reader.js +98 -0
- package/dist/browser/reader.js.map +1 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +37 -5
- package/dist/index.js.map +1 -1
- package/dist/lambda-handler.d.ts +0 -6
- package/dist/lambda-handler.d.ts.map +1 -1
- package/dist/lambda-handler.js +97 -25
- package/dist/lambda-handler.js.map +1 -1
- package/dist/sanitizer/framework-mapper.d.ts +22 -0
- package/dist/sanitizer/framework-mapper.d.ts.map +1 -0
- package/dist/sanitizer/framework-mapper.js +296 -0
- package/dist/sanitizer/framework-mapper.js.map +1 -0
- package/dist/sanitizer/index.d.ts +2 -0
- package/dist/sanitizer/index.d.ts.map +1 -1
- package/dist/sanitizer/index.js +14 -1
- package/dist/sanitizer/index.js.map +1 -1
- package/dist/sanitizer/patterns.js +1 -1
- package/dist/sanitizer/patterns.js.map +1 -1
- package/dist/sanitizer/severity-classifier.d.ts +33 -0
- package/dist/sanitizer/severity-classifier.d.ts.map +1 -0
- package/dist/sanitizer/severity-classifier.js +113 -0
- package/dist/sanitizer/severity-classifier.js.map +1 -0
- package/dist/sanitizer/threat-reporter.d.ts +65 -0
- package/dist/sanitizer/threat-reporter.d.ts.map +1 -0
- package/dist/sanitizer/threat-reporter.js +160 -0
- package/dist/sanitizer/threat-reporter.js.map +1 -0
- package/dist/tools/fetch-structured.d.ts +5 -0
- package/dist/tools/fetch-structured.d.ts.map +1 -1
- package/dist/tools/fetch-structured.js +54 -6
- package/dist/tools/fetch-structured.js.map +1 -1
- package/dist/tools/fetch.d.ts +5 -0
- package/dist/tools/fetch.d.ts.map +1 -1
- package/dist/tools/fetch.js +42 -9
- package/dist/tools/fetch.js.map +1 -1
- package/dist/tools/read.d.ts +51 -0
- package/dist/tools/read.d.ts.map +1 -0
- package/dist/tools/read.js +127 -0
- package/dist/tools/read.js.map +1 -0
- package/dist/tools/search.d.ts +45 -0
- package/dist/tools/search.d.ts.map +1 -0
- package/dist/tools/search.js +220 -0
- package/dist/tools/search.js.map +1 -0
- package/dist/types.d.ts +64 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/utils/format-converter.d.ts +39 -0
- package/dist/utils/format-converter.d.ts.map +1 -0
- package/dist/utils/format-converter.js +191 -0
- package/dist/utils/format-converter.js.map +1 -0
- package/dist/utils/truncate.d.ts +26 -0
- package/dist/utils/truncate.d.ts.map +1 -0
- package/dist/utils/truncate.js +54 -0
- package/dist/utils/truncate.js.map +1 -0
- package/infrastructure/stack.ts +55 -6
- package/jest.config.js +3 -0
- package/package.json +9 -2
- package/src/browser/playwright-renderer.ts +8 -0
- package/src/browser/reader.ts +129 -0
- package/src/index.ts +49 -5
- package/src/lambda-handler.ts +131 -26
- package/src/sanitizer/framework-mapper.ts +347 -0
- package/src/sanitizer/index.ts +18 -1
- package/src/sanitizer/patterns.ts +1 -1
- package/src/sanitizer/severity-classifier.ts +132 -0
- package/src/sanitizer/threat-reporter.ts +261 -0
- package/src/tools/fetch-structured.ts +58 -6
- package/src/tools/fetch.ts +44 -9
- package/src/tools/read.ts +143 -0
- package/src/tools/search.ts +263 -0
- package/src/types.ts +69 -0
- package/src/utils/format-converter.ts +236 -0
- package/src/utils/truncate.ts +64 -0
- package/tests/auth-smoke.test.ts +480 -0
- package/tests/fetch-tool.test.ts +595 -2
- package/tests/reader.test.ts +353 -0
- package/tests/sanitizer.test.ts +52 -0
- package/tests/search.test.ts +456 -0
- package/tests/threat-reporter.test.ts +266 -0
|
@@ -0,0 +1,296 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Compliance Framework Mapper
|
|
3
|
+
*
|
|
4
|
+
* Maps injection pattern categories to compliance framework identifiers:
|
|
5
|
+
* - OWASP LLM Top 10 (2025)
|
|
6
|
+
* - NIST AI 600-1 (Generative AI Profile)
|
|
7
|
+
* - MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Pattern category to framework mapping
|
|
11
|
+
*/
|
|
12
|
+
const FRAMEWORK_MAP = {
|
|
13
|
+
// Direct instruction injection
|
|
14
|
+
direct_instruction_injection: {
|
|
15
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
16
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
17
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
18
|
+
},
|
|
19
|
+
// Role hijacking
|
|
20
|
+
role_hijacking: {
|
|
21
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
22
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
23
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
24
|
+
},
|
|
25
|
+
// System prompt extraction
|
|
26
|
+
system_prompt_extraction: {
|
|
27
|
+
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
28
|
+
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
29
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
30
|
+
},
|
|
31
|
+
// Privilege escalation
|
|
32
|
+
privilege_escalation: {
|
|
33
|
+
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
34
|
+
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
35
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
36
|
+
},
|
|
37
|
+
// Context poisoning
|
|
38
|
+
context_poisoning: {
|
|
39
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
40
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
41
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
42
|
+
},
|
|
43
|
+
// Data exfiltration
|
|
44
|
+
data_exfiltration: {
|
|
45
|
+
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
46
|
+
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
47
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
48
|
+
},
|
|
49
|
+
// Encoding obfuscation
|
|
50
|
+
base64_obfuscation: {
|
|
51
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
52
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
53
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
54
|
+
},
|
|
55
|
+
// Unicode lookalikes
|
|
56
|
+
unicode_lookalikes: {
|
|
57
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
58
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
59
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
60
|
+
},
|
|
61
|
+
// Zero-width characters
|
|
62
|
+
zero_width_characters: {
|
|
63
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
64
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
65
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
66
|
+
},
|
|
67
|
+
// HTML script injection
|
|
68
|
+
html_script_injection: {
|
|
69
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
70
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
71
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
72
|
+
},
|
|
73
|
+
// Data URI injection
|
|
74
|
+
data_uri_injection: {
|
|
75
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
76
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
77
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
78
|
+
},
|
|
79
|
+
// Markdown link injection
|
|
80
|
+
markdown_link_injection: {
|
|
81
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
82
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
83
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
84
|
+
},
|
|
85
|
+
// URL fragment attacks
|
|
86
|
+
url_fragment_hashjack: {
|
|
87
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
88
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
89
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
90
|
+
},
|
|
91
|
+
// Social engineering
|
|
92
|
+
social_engineering_urgency: {
|
|
93
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
94
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
95
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
96
|
+
},
|
|
97
|
+
// Instruction delimiter injection
|
|
98
|
+
instruction_delimiter_injection: {
|
|
99
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
100
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
101
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
102
|
+
},
|
|
103
|
+
// Multi-language obfuscation
|
|
104
|
+
multi_language_obfuscation: {
|
|
105
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
106
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
107
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
108
|
+
},
|
|
109
|
+
// Reverse text obfuscation
|
|
110
|
+
reverse_text_obfuscation: {
|
|
111
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
112
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
113
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
114
|
+
},
|
|
115
|
+
// Leetspeak obfuscation
|
|
116
|
+
leetspeak_obfuscation: {
|
|
117
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
118
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
119
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
120
|
+
},
|
|
121
|
+
// Jailbreak keywords
|
|
122
|
+
jailbreak_keywords: {
|
|
123
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
124
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
125
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
126
|
+
},
|
|
127
|
+
// Token smuggling
|
|
128
|
+
token_smuggling: {
|
|
129
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
130
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
131
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
132
|
+
},
|
|
133
|
+
// System message injection
|
|
134
|
+
system_message_injection: {
|
|
135
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
136
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
137
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
138
|
+
},
|
|
139
|
+
// Conversation reset
|
|
140
|
+
conversation_reset: {
|
|
141
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
142
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
143
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
144
|
+
},
|
|
145
|
+
// Memory manipulation
|
|
146
|
+
memory_manipulation: {
|
|
147
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
148
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
149
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
150
|
+
},
|
|
151
|
+
// Capability probing
|
|
152
|
+
capability_probing: {
|
|
153
|
+
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
154
|
+
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
155
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
156
|
+
},
|
|
157
|
+
// Chain-of-thought manipulation
|
|
158
|
+
chain_of_thought_manipulation: {
|
|
159
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
160
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
161
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
162
|
+
},
|
|
163
|
+
// Hypothetical scenario injection
|
|
164
|
+
hypothetical_scenario_injection: {
|
|
165
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
166
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
167
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
168
|
+
},
|
|
169
|
+
// Ethical override
|
|
170
|
+
ethical_override: {
|
|
171
|
+
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
172
|
+
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
173
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
174
|
+
},
|
|
175
|
+
// Output format manipulation
|
|
176
|
+
output_format_manipulation: {
|
|
177
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
178
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
179
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
180
|
+
},
|
|
181
|
+
// Negative instruction
|
|
182
|
+
negative_instruction: {
|
|
183
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
184
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
185
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
186
|
+
},
|
|
187
|
+
// Credential harvesting
|
|
188
|
+
credential_harvesting: {
|
|
189
|
+
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
190
|
+
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
191
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
192
|
+
},
|
|
193
|
+
// Time-based triggers
|
|
194
|
+
time_based_triggers: {
|
|
195
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
196
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
197
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
198
|
+
},
|
|
199
|
+
// Code execution requests
|
|
200
|
+
code_execution_requests: {
|
|
201
|
+
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
202
|
+
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
203
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
204
|
+
},
|
|
205
|
+
// File system access
|
|
206
|
+
file_system_access: {
|
|
207
|
+
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
208
|
+
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
209
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
210
|
+
},
|
|
211
|
+
// Training data extraction
|
|
212
|
+
training_data_extraction: {
|
|
213
|
+
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
214
|
+
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
215
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
216
|
+
},
|
|
217
|
+
// Simulator mode
|
|
218
|
+
simulator_mode: {
|
|
219
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
220
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
221
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
222
|
+
},
|
|
223
|
+
// Nested encoding
|
|
224
|
+
nested_encoding: {
|
|
225
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
226
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
227
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
228
|
+
},
|
|
229
|
+
// Payload splitting
|
|
230
|
+
payload_splitting: {
|
|
231
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
232
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
233
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
234
|
+
},
|
|
235
|
+
// CSS-based hiding
|
|
236
|
+
css_hiding: {
|
|
237
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
238
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
239
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
240
|
+
},
|
|
241
|
+
// Authority impersonation
|
|
242
|
+
authority_impersonation: {
|
|
243
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
244
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
245
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
246
|
+
},
|
|
247
|
+
// Testing/debugging claims
|
|
248
|
+
testing_debugging_claims: {
|
|
249
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
250
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
251
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
252
|
+
},
|
|
253
|
+
// Callback URL injection
|
|
254
|
+
callback_url_injection: {
|
|
255
|
+
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
256
|
+
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
257
|
+
mitre_atlas: 'AML.T0048 - External Harms'
|
|
258
|
+
},
|
|
259
|
+
// Whitespace steganography
|
|
260
|
+
whitespace_steganography: {
|
|
261
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
262
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
263
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
264
|
+
},
|
|
265
|
+
// Comment injection
|
|
266
|
+
comment_injection: {
|
|
267
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
268
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
269
|
+
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
|
|
270
|
+
}
|
|
271
|
+
};
|
|
272
|
+
/**
|
|
273
|
+
* Default mapping for unknown pattern categories
|
|
274
|
+
*/
|
|
275
|
+
const DEFAULT_MAPPINGS = {
|
|
276
|
+
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
277
|
+
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
278
|
+
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
|
|
279
|
+
};
|
|
280
|
+
/**
|
|
281
|
+
* Get framework mappings for a pattern category
|
|
282
|
+
*/
|
|
283
|
+
export function getFrameworkMappings(patternCategory) {
|
|
284
|
+
return FRAMEWORK_MAP[patternCategory] || DEFAULT_MAPPINGS;
|
|
285
|
+
}
|
|
286
|
+
/**
|
|
287
|
+
* Get all supported frameworks
|
|
288
|
+
*/
|
|
289
|
+
export function getSupportedFrameworks() {
|
|
290
|
+
return [
|
|
291
|
+
'OWASP LLM Top 10 (2025)',
|
|
292
|
+
'NIST AI 600-1 (Generative AI Profile)',
|
|
293
|
+
'MITRE ATLAS (Adversarial Threat Landscape)'
|
|
294
|
+
];
|
|
295
|
+
}
|
|
296
|
+
//# sourceMappingURL=framework-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"framework-mapper.js","sourceRoot":"","sources":["../../src/sanitizer/framework-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH;;GAEG;AACH,MAAM,aAAa,GAAsC;IACvD,+BAA+B;IAC/B,4BAA4B,EAAE;QAC5B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;KACpD;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,uBAAuB;IACvB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,uBAAuB;IACvB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;KACpD;IAED,gCAAgC;IAChC,6BAA6B,EAAE;QAC7B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,mBAAmB;IACnB,gBAAgB,EAAE;QAChB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;KACpD;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;KAC1C;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;KAC1C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,mBAAmB;IACnB,UAAU,EAAE;QACV,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,yBAAyB;IACzB,sBAAsB,EAAE;QACtB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAsB;IAC1C,SAAS,EAAE,+BAA+B;IAC1C,aAAa,EAAE,2BAA2B;IAC1C,WAAW,EAAE,sCAAsC;CACpD,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,eAAuB;IAC1D,OAAO,aAAa,CAAC,eAAe,CAAC,IAAI,gBAAgB,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,yBAAyB;QACzB,uCAAuC;QACvC,4CAA4C;KAC7C,CAAC;AACJ,CAAC"}
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
* CRITICAL: This is the core security mechanism. Every web page MUST pass
|
|
8
8
|
* through this sanitizer before reaching the LLM. This cannot be bypassed.
|
|
9
9
|
*/
|
|
10
|
+
import { type ThreatReport } from './threat-reporter.js';
|
|
10
11
|
export interface SanitizationResult {
|
|
11
12
|
content: string;
|
|
12
13
|
sanitization: {
|
|
@@ -31,6 +32,7 @@ export interface SanitizationResult {
|
|
|
31
32
|
low: number;
|
|
32
33
|
};
|
|
33
34
|
};
|
|
35
|
+
threat_report?: ThreatReport;
|
|
34
36
|
}
|
|
35
37
|
/**
|
|
36
38
|
* Sanitize content through the full pipeline
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAwB,KAAK,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAE/E,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,EAAE,CAAC;QAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,eAAe,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACxE,gBAAgB,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,aAAa,CAAC,EAAE,YAAY,CAAC;CAC9B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,kBAAkB,CAyDhF;AA0BD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAG3D;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}
|
package/dist/sanitizer/index.js
CHANGED
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
*/
|
|
10
10
|
import { detectAndNeutralize, getSeverityScore, hasCriticalThreats } from './injection-detector.js';
|
|
11
11
|
import { redactPII } from './pii-redactor.js';
|
|
12
|
+
import { generateThreatReport } from './threat-reporter.js';
|
|
12
13
|
/**
|
|
13
14
|
* Sanitize content through the full pipeline
|
|
14
15
|
*
|
|
@@ -41,7 +42,14 @@ export function sanitize(content, sourceUrl) {
|
|
|
41
42
|
has_critical_threats: criticalThreats,
|
|
42
43
|
content_modified: contentModified
|
|
43
44
|
});
|
|
44
|
-
|
|
45
|
+
// Step 4: Generate threat report (only if findings exist)
|
|
46
|
+
const threatReport = generateThreatReport({
|
|
47
|
+
patterns_detected: injectionResult.patterns_detected,
|
|
48
|
+
pii_redacted: piiResult.pii_types_redacted.length,
|
|
49
|
+
source_url: sourceUrl || 'unknown',
|
|
50
|
+
detections_by_severity: injectionResult.metadata.detections_by_severity
|
|
51
|
+
});
|
|
52
|
+
const result = {
|
|
45
53
|
content: finalContent,
|
|
46
54
|
sanitization: {
|
|
47
55
|
patterns_detected: injectionResult.patterns_detected,
|
|
@@ -57,6 +65,11 @@ export function sanitize(content, sourceUrl) {
|
|
|
57
65
|
detections_by_severity: injectionResult.metadata.detections_by_severity
|
|
58
66
|
}
|
|
59
67
|
};
|
|
68
|
+
// Include threat_report only if findings exist
|
|
69
|
+
if (threatReport) {
|
|
70
|
+
result.threat_report = threatReport;
|
|
71
|
+
}
|
|
72
|
+
return result;
|
|
60
73
|
}
|
|
61
74
|
/**
|
|
62
75
|
* Log sanitization events to stderr for monitoring
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAqB,MAAM,sBAAsB,CAAC;AAyB/E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,SAAkB;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtC,mDAAmD;IACnD,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAErD,4EAA4E;IAC5E,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhE,0BAA0B;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC;IACvC,MAAM,eAAe,GAAG,eAAe,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC;IAEvF,MAAM,aAAa,GAAG,gBAAgB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,kBAAkB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAE5F,2DAA2D;IAC3D,eAAe,CAAC;QACd,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,cAAc,EAAE,aAAa;QAC7B,oBAAoB,EAAE,eAAe;QACrC,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,0DAA0D;IAC1D,MAAM,YAAY,GAAG,oBAAoB,CAAC;QACxC,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,YAAY,EAAE,SAAS,CAAC,kBAAkB,CAAC,MAAM;QACjD,UAAU,EAAE,SAAS,IAAI,SAAS;QAClC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;KACxE,CAAC,CAAC;IAEH,MAAM,MAAM,GAAuB;QACjC,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE;YACZ,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;YACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;YAChD,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,gBAAgB,EAAE,eAAe;SAClC;QACD,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,YAAY,CAAC,MAAM;YACrC,cAAc,EAAE,aAAa;YAC7B,oBAAoB,EAAE,eAAe;YACrC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;SACxE;KACF,CAAC;IAEF,+CAA+C;IAC/C,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,CAAC,aAAa,GAAG,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAOxB;IACC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,cAAc;QACrB,GAAG,KAAK;KACT,CAAC;IAEF,mDAAmD;IACnD,IAAI,KAAK,CAAC,gBAAgB,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,sDAAsD;IACtD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}
|
|
@@ -272,7 +272,7 @@ export const INJECTION_PATTERNS = [
|
|
|
272
272
|
{
|
|
273
273
|
name: 'code_execution_requests',
|
|
274
274
|
description: 'Requests code execution or contains dangerous code patterns',
|
|
275
|
-
regex: /\b(execute|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
|
|
275
|
+
regex: /\b(execute(?!-api\.)|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
|
|
276
276
|
severity: 'high',
|
|
277
277
|
action: 'redact'
|
|
278
278
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH,MAAM,CAAC,MAAM,kBAAkB,GAAuB;IACpD,gGAAgG;IAChG;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,0NAA0N;QACjO,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,sDAAsD;QACnE,KAAK,EAAE,oKAAoK;QAC3K,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,wHAAwH;QAC/H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,wCAAwC;QACrD,KAAK,EAAE,uJAAuJ;QAC9J,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,4JAA4J;QACnK,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,+MAA+M;QACtN,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,sHAAsH;QAC7H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,mCAAmC;IACnC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,qFAAqF;QAC5F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,0CAA0C;QACvD,KAAK,EAAE,2DAA2D,EAAE,8BAA8B;QAClG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,uFAAuF;QAC9F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oDAAoD;QAC3D,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,0CAA0C;QACjD,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,gIAAgI;QACvI,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,mGAAmG;QAC1G,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oDAAoD;QACjE,KAAK,EAAE,0FAA0F;QACjG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,oCAAoC,EAAE,iDAAiD;QAC9F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gDAAgD;QACvD,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4FAA4F;QACnG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,sBAAsB;QACnC,KAAK,EAAE,kDAAkD;QACzD,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,2DAA2D;QACxE,KAAK,EAAE,sKAAsK;QAC7K,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+BAA+B;QAC5C,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,2SAA2S;QAClT,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,yCAAyC;QACtD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,KAAK,EAAE,gGAAgG;QACvG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,2DAA2D;QAClE,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,+FAA+F;QACtG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,qCAAqC;QAClD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,6DAA6D;QAC1E,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH,MAAM,CAAC,MAAM,kBAAkB,GAAuB;IACpD,gGAAgG;IAChG;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,0NAA0N;QACjO,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,sDAAsD;QACnE,KAAK,EAAE,oKAAoK;QAC3K,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,wHAAwH;QAC/H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,wCAAwC;QACrD,KAAK,EAAE,uJAAuJ;QAC9J,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,4JAA4J;QACnK,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,+MAA+M;QACtN,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,sHAAsH;QAC7H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,mCAAmC;IACnC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,qFAAqF;QAC5F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,0CAA0C;QACvD,KAAK,EAAE,2DAA2D,EAAE,8BAA8B;QAClG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,uFAAuF;QAC9F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oDAAoD;QAC3D,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,0CAA0C;QACjD,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,gIAAgI;QACvI,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,mGAAmG;QAC1G,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oDAAoD;QACjE,KAAK,EAAE,0FAA0F;QACjG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,oCAAoC,EAAE,iDAAiD;QAC9F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gDAAgD;QACvD,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4FAA4F;QACnG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,sBAAsB;QACnC,KAAK,EAAE,kDAAkD;QACzD,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,2DAA2D;QACxE,KAAK,EAAE,sKAAsK;QAC7K,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+BAA+B;QAC5C,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,2SAA2S;QAClT,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,yCAAyC;QACtD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,KAAK,EAAE,gGAAgG;QACvG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,2DAA2D;QAClE,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,+FAA+F;QACtG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,qCAAqC;QAClD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,6DAA6D;QAC1E,KAAK,EAAE,0HAA0H;QACjI,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,6FAA6F;QACpG,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,qBAAqB;IACrB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,4BAA4B;QACzC,KAAK,EAAE,wGAAwG;QAC/G,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,yDAAyD;QACtE,KAAK,EAAE,8IAA8I;QACrJ,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,wBAAwB;IACxB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,8FAA8F;QACrG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,wBAAwB;QACrC,KAAK,EAAE,8DAA8D;QACrE,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,kCAAkC;QAC/C,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,sFAAsF;QAC7F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgD;IACpF,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACjE,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Severity Classification Engine
|
|
3
|
+
*
|
|
4
|
+
* Maps injection pattern categories to standardized severity levels.
|
|
5
|
+
* Used for threat reporting and compliance documentation.
|
|
6
|
+
*/
|
|
7
|
+
export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
|
|
8
|
+
export type OverallSeverity = Severity | 'CLEAN';
|
|
9
|
+
/**
|
|
10
|
+
* Classify severity for a single pattern category
|
|
11
|
+
*/
|
|
12
|
+
export declare function classifySeverity(patternCategory: string): Severity;
|
|
13
|
+
/**
|
|
14
|
+
* Interface for a threat finding
|
|
15
|
+
*/
|
|
16
|
+
export interface Finding {
|
|
17
|
+
pattern_category: string;
|
|
18
|
+
severity: Severity;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Aggregate severity across multiple findings
|
|
22
|
+
* Returns the highest severity level found, or CLEAN if no findings
|
|
23
|
+
*/
|
|
24
|
+
export declare function aggregateSeverity(findings: Finding[]): OverallSeverity;
|
|
25
|
+
/**
|
|
26
|
+
* Count findings by severity level
|
|
27
|
+
*/
|
|
28
|
+
export declare function countBySeverity(findings: Finding[]): Record<Severity, number>;
|
|
29
|
+
/**
|
|
30
|
+
* Get emoji for severity level (for Markdown reports)
|
|
31
|
+
*/
|
|
32
|
+
export declare function getSeverityEmoji(severity: Severity | OverallSeverity): string;
|
|
33
|
+
//# sourceMappingURL=severity-classifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"severity-classifier.d.ts","sourceRoot":"","sources":["../../src/sanitizer/severity-classifier.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAC9D,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,OAAO,CAAC;AA2DjD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,eAAe,EAAE,MAAM,GAAG,QAAQ,CAElE;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,eAAe,CAatE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAa7E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,eAAe,GAAG,MAAM,CAS7E"}
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Severity Classification Engine
|
|
3
|
+
*
|
|
4
|
+
* Maps injection pattern categories to standardized severity levels.
|
|
5
|
+
* Used for threat reporting and compliance documentation.
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Pattern category to severity mapping
|
|
9
|
+
* Aligned with NIST AI 600-1 and OWASP LLM Top 10 risk levels
|
|
10
|
+
*/
|
|
11
|
+
const SEVERITY_MAP = {
|
|
12
|
+
// CRITICAL - Immediate threat, block-level
|
|
13
|
+
direct_instruction_injection: 'CRITICAL',
|
|
14
|
+
role_hijacking: 'CRITICAL',
|
|
15
|
+
system_prompt_extraction: 'CRITICAL',
|
|
16
|
+
privilege_escalation: 'CRITICAL',
|
|
17
|
+
data_exfiltration: 'CRITICAL',
|
|
18
|
+
code_execution_requests: 'CRITICAL',
|
|
19
|
+
memory_manipulation: 'CRITICAL',
|
|
20
|
+
jailbreak_keywords: 'CRITICAL',
|
|
21
|
+
ethical_override: 'CRITICAL',
|
|
22
|
+
credential_harvesting: 'CRITICAL',
|
|
23
|
+
html_script_injection: 'CRITICAL',
|
|
24
|
+
// HIGH - Significant threat
|
|
25
|
+
context_poisoning: 'HIGH',
|
|
26
|
+
base64_obfuscation: 'HIGH',
|
|
27
|
+
zero_width_characters: 'HIGH',
|
|
28
|
+
data_uri_injection: 'HIGH',
|
|
29
|
+
markdown_link_injection: 'HIGH',
|
|
30
|
+
instruction_delimiter_injection: 'HIGH',
|
|
31
|
+
token_smuggling: 'HIGH',
|
|
32
|
+
system_message_injection: 'HIGH',
|
|
33
|
+
file_system_access: 'HIGH',
|
|
34
|
+
training_data_extraction: 'HIGH',
|
|
35
|
+
nested_encoding: 'HIGH',
|
|
36
|
+
authority_impersonation: 'HIGH',
|
|
37
|
+
callback_url_injection: 'HIGH',
|
|
38
|
+
// MEDIUM - Moderate threat
|
|
39
|
+
comment_injection: 'MEDIUM',
|
|
40
|
+
unicode_lookalikes: 'MEDIUM',
|
|
41
|
+
url_fragment_hashjack: 'MEDIUM',
|
|
42
|
+
social_engineering_urgency: 'MEDIUM',
|
|
43
|
+
multi_language_obfuscation: 'MEDIUM',
|
|
44
|
+
reverse_text_obfuscation: 'MEDIUM',
|
|
45
|
+
conversation_reset: 'MEDIUM',
|
|
46
|
+
chain_of_thought_manipulation: 'MEDIUM',
|
|
47
|
+
hypothetical_scenario_injection: 'MEDIUM',
|
|
48
|
+
output_format_manipulation: 'MEDIUM',
|
|
49
|
+
simulator_mode: 'MEDIUM',
|
|
50
|
+
payload_splitting: 'MEDIUM',
|
|
51
|
+
css_hiding: 'MEDIUM',
|
|
52
|
+
testing_debugging_claims: 'MEDIUM',
|
|
53
|
+
// LOW - Low threat, flagged for awareness
|
|
54
|
+
leetspeak_obfuscation: 'LOW',
|
|
55
|
+
capability_probing: 'LOW',
|
|
56
|
+
negative_instruction: 'LOW',
|
|
57
|
+
time_based_triggers: 'LOW',
|
|
58
|
+
whitespace_steganography: 'LOW'
|
|
59
|
+
};
|
|
60
|
+
/**
|
|
61
|
+
* Classify severity for a single pattern category
|
|
62
|
+
*/
|
|
63
|
+
export function classifySeverity(patternCategory) {
|
|
64
|
+
return SEVERITY_MAP[patternCategory] || 'LOW';
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Aggregate severity across multiple findings
|
|
68
|
+
* Returns the highest severity level found, or CLEAN if no findings
|
|
69
|
+
*/
|
|
70
|
+
export function aggregateSeverity(findings) {
|
|
71
|
+
if (findings.length === 0) {
|
|
72
|
+
return 'CLEAN';
|
|
73
|
+
}
|
|
74
|
+
const severities = findings.map(f => f.severity);
|
|
75
|
+
if (severities.includes('CRITICAL'))
|
|
76
|
+
return 'CRITICAL';
|
|
77
|
+
if (severities.includes('HIGH'))
|
|
78
|
+
return 'HIGH';
|
|
79
|
+
if (severities.includes('MEDIUM'))
|
|
80
|
+
return 'MEDIUM';
|
|
81
|
+
if (severities.includes('LOW'))
|
|
82
|
+
return 'LOW';
|
|
83
|
+
return 'CLEAN';
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Count findings by severity level
|
|
87
|
+
*/
|
|
88
|
+
export function countBySeverity(findings) {
|
|
89
|
+
const counts = {
|
|
90
|
+
CRITICAL: 0,
|
|
91
|
+
HIGH: 0,
|
|
92
|
+
MEDIUM: 0,
|
|
93
|
+
LOW: 0
|
|
94
|
+
};
|
|
95
|
+
for (const finding of findings) {
|
|
96
|
+
counts[finding.severity]++;
|
|
97
|
+
}
|
|
98
|
+
return counts;
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Get emoji for severity level (for Markdown reports)
|
|
102
|
+
*/
|
|
103
|
+
export function getSeverityEmoji(severity) {
|
|
104
|
+
switch (severity) {
|
|
105
|
+
case 'CRITICAL': return '🔴';
|
|
106
|
+
case 'HIGH': return '🟠';
|
|
107
|
+
case 'MEDIUM': return '🟡';
|
|
108
|
+
case 'LOW': return '🟢';
|
|
109
|
+
case 'CLEAN': return '✅';
|
|
110
|
+
default: return '⚪';
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
//# sourceMappingURL=severity-classifier.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"severity-classifier.js","sourceRoot":"","sources":["../../src/sanitizer/severity-classifier.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH;;;GAGG;AACH,MAAM,YAAY,GAA6B;IAC7C,2CAA2C;IAC3C,4BAA4B,EAAE,UAAU;IACxC,cAAc,EAAE,UAAU;IAC1B,wBAAwB,EAAE,UAAU;IACpC,oBAAoB,EAAE,UAAU;IAChC,iBAAiB,EAAE,UAAU;IAC7B,uBAAuB,EAAE,UAAU;IACnC,mBAAmB,EAAE,UAAU;IAC/B,kBAAkB,EAAE,UAAU;IAC9B,gBAAgB,EAAE,UAAU;IAC5B,qBAAqB,EAAE,UAAU;IACjC,qBAAqB,EAAE,UAAU;IAEjC,4BAA4B;IAC5B,iBAAiB,EAAE,MAAM;IACzB,kBAAkB,EAAE,MAAM;IAC1B,qBAAqB,EAAE,MAAM;IAC7B,kBAAkB,EAAE,MAAM;IAC1B,uBAAuB,EAAE,MAAM;IAC/B,+BAA+B,EAAE,MAAM;IACvC,eAAe,EAAE,MAAM;IACvB,wBAAwB,EAAE,MAAM;IAChC,kBAAkB,EAAE,MAAM;IAC1B,wBAAwB,EAAE,MAAM;IAChC,eAAe,EAAE,MAAM;IACvB,uBAAuB,EAAE,MAAM;IAC/B,sBAAsB,EAAE,MAAM;IAE9B,2BAA2B;IAC3B,iBAAiB,EAAE,QAAQ;IAC3B,kBAAkB,EAAE,QAAQ;IAC5B,qBAAqB,EAAE,QAAQ;IAC/B,0BAA0B,EAAE,QAAQ;IACpC,0BAA0B,EAAE,QAAQ;IACpC,wBAAwB,EAAE,QAAQ;IAClC,kBAAkB,EAAE,QAAQ;IAC5B,6BAA6B,EAAE,QAAQ;IACvC,+BAA+B,EAAE,QAAQ;IACzC,0BAA0B,EAAE,QAAQ;IACpC,cAAc,EAAE,QAAQ;IACxB,iBAAiB,EAAE,QAAQ;IAC3B,UAAU,EAAE,QAAQ;IACpB,wBAAwB,EAAE,QAAQ;IAElC,0CAA0C;IAC1C,qBAAqB,EAAE,KAAK;IAC5B,kBAAkB,EAAE,KAAK;IACzB,oBAAoB,EAAE,KAAK;IAC3B,mBAAmB,EAAE,KAAK;IAC1B,wBAAwB,EAAE,KAAK;CAChC,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,eAAuB;IACtD,OAAO,YAAY,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC;AAChD,CAAC;AAUD;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAmB;IACnD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAEjD,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IACvD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IACnD,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE7C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAmB;IACjD,MAAM,MAAM,GAA6B;QACvC,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;KACP,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC7B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAoC;IACnE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,IAAI,CAAC;QAC7B,KAAK,MAAM,CAAC,CAAC,OAAO,IAAI,CAAC;QACzB,KAAK,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC;QAC3B,KAAK,KAAK,CAAC,CAAC,OAAO,IAAI,CAAC;QACxB,KAAK,OAAO,CAAC,CAAC,OAAO,GAAG,CAAC;QACzB,OAAO,CAAC,CAAC,OAAO,GAAG,CAAC;IACtB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Threat Reporter
|
|
3
|
+
*
|
|
4
|
+
* Generates structured threat reports when prompt injection or PII is detected.
|
|
5
|
+
* Two output layers:
|
|
6
|
+
* 1. TOON-formatted findings array (token-efficient, machine-readable)
|
|
7
|
+
* 2. Markdown compliance report block (human-readable, renders in Claude Desktop)
|
|
8
|
+
*
|
|
9
|
+
* Aligned with:
|
|
10
|
+
* - OWASP LLM Top 10 (2025)
|
|
11
|
+
* - NIST AI 600-1 (Generative AI Profile)
|
|
12
|
+
* - MITRE ATLAS (Adversarial Threat Landscape)
|
|
13
|
+
*/
|
|
14
|
+
import { type Severity, type OverallSeverity } from './severity-classifier.js';
|
|
15
|
+
/**
|
|
16
|
+
* Threat finding with compliance framework mappings
|
|
17
|
+
*/
|
|
18
|
+
export interface ThreatFinding {
|
|
19
|
+
id: number;
|
|
20
|
+
pattern_id: string;
|
|
21
|
+
category: string;
|
|
22
|
+
severity: Severity;
|
|
23
|
+
confidence: number;
|
|
24
|
+
owasp_llm: string;
|
|
25
|
+
nist_ai_600_1: string;
|
|
26
|
+
mitre_atlas: string;
|
|
27
|
+
remediation: string;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Threat report structure
|
|
31
|
+
*/
|
|
32
|
+
export interface ThreatReport {
|
|
33
|
+
generated: string;
|
|
34
|
+
source_url: string;
|
|
35
|
+
overall_severity: OverallSeverity;
|
|
36
|
+
total_findings: number;
|
|
37
|
+
by_severity: Record<Severity, number>;
|
|
38
|
+
pii_redacted: number;
|
|
39
|
+
sanitization_applied: boolean;
|
|
40
|
+
frameworks: string[];
|
|
41
|
+
findings_toon: string;
|
|
42
|
+
report_markdown: string;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Input to threat reporter
|
|
46
|
+
*/
|
|
47
|
+
export interface ThreatReportInput {
|
|
48
|
+
patterns_detected: string[];
|
|
49
|
+
pii_redacted: number;
|
|
50
|
+
source_url: string;
|
|
51
|
+
timestamp?: string;
|
|
52
|
+
detections_by_severity?: {
|
|
53
|
+
critical: number;
|
|
54
|
+
high: number;
|
|
55
|
+
medium: number;
|
|
56
|
+
low: number;
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Generate threat report (main entry point)
|
|
61
|
+
*
|
|
62
|
+
* Returns null if no findings (injections_removed === 0 AND pii_redacted === 0)
|
|
63
|
+
*/
|
|
64
|
+
export declare function generateThreatReport(input: ThreatReportInput): ThreatReport | null;
|
|
65
|
+
//# sourceMappingURL=threat-reporter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threat-reporter.d.ts","sourceRoot":"","sources":["../../src/sanitizer/threat-reporter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAKL,KAAK,QAAQ,EACb,KAAK,eAAe,EAErB,MAAM,0BAA0B,CAAC;AAGlC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAoID;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,iBAAiB,GAAG,YAAY,GAAG,IAAI,CAqDlF"}
|