xypriss 2.2.5 → 2.3.0

package/dist/cjs/src/middleware/built-in/security/CommandInjectionDetector.js

@@ -0,0 +1,215 @@
+'use strict';
+
+/**
+ * Command Injection Detection Module
+ *
+ * Detects and prevents OS command injection attacks with
+ * intelligent context-aware false positive reduction
+ */
+class CommandInjectionDetector {
+    constructor(config = {}) {
+        // High-risk command injection patterns
+        this.highRiskPatterns = [
+            // Command chaining
+            /[;&|`]\s*(ls|cat|wget|curl|nc|netcat|bash|sh|cmd|powershell|eval|exec)/gi,
+            // Command substitution
+            /\$\(.*?\)/g,
+            /`.*?`/g,
+            // Pipe to dangerous commands
+            /\|\s*(bash|sh|cmd|powershell|python|perl|ruby|node)/gi,
+            // Redirection with dangerous commands
+            /[<>]\s*(\/etc\/|\/bin\/|C:\\)/gi,
+            // Encoded command injection
+            /%0a|%0d|%09/gi, // newline, carriage return, tab
+            // Dangerous system commands
+            /(rm\s+-rf|del\s+\/|format\s+|mkfs|dd\s+if=)/gi,
+            // Network commands
+            /(wget|curl|nc|netcat|telnet|ssh|ftp)\s+/gi,
+            // Eval/exec patterns
+            /(eval|exec|system|passthru|shell_exec|popen)\s*\(/gi,
+        ];
+        // Medium-risk patterns
+        this.mediumRiskPatterns = [
+            // Shell metacharacters
+            /[;&|`$()]/g,
+            // Redirection operators
+            /[<>]/g,
+            // Common command names (could be legitimate text)
+            /\b(ls|cat|echo|pwd|cd|mkdir|touch|grep|find|chmod|chown)\b/gi,
+        ];
+        this.config = {
+            enabled: config.enabled ?? true,
+            strictMode: config.strictMode ?? false,
+            logAttempts: config.logAttempts ?? true,
+            blockOnDetection: config.blockOnDetection ?? true,
+            falsePositiveThreshold: config.falsePositiveThreshold ?? 0.7,
+            customPatterns: config.customPatterns ?? [],
+            allowedCommands: config.allowedCommands ?? [],
+            contextualAnalysis: config.contextualAnalysis ?? true,
+        };
+    }
+    /**
+     * Detect command injection attempts
+     */
+    detect(input, context) {
+        if (!input || typeof input !== 'string') {
+            return {
+                isMalicious: false,
+                confidence: 0,
+                detectedPatterns: [],
+                riskLevel: 'LOW',
+            };
+        }
+        const result = {
+            isMalicious: false,
+            confidence: 0,
+            detectedPatterns: [],
+            sanitizedInput: input,
+            riskLevel: 'LOW',
+        };
+        // High-risk pattern detection
+        let highRiskScore = 0;
+        this.highRiskPatterns.forEach((pattern, index) => {
+            const matches = input.match(pattern);
+            if (matches) {
+                const patternName = this.getHighRiskPatternName(index);
+                result.detectedPatterns.push(`${patternName}: ${matches.join(', ')}`);
+                highRiskScore += this.getHighRiskWeight(index);
+            }
+        });
+        // Medium-risk pattern detection with context
+        let mediumRiskScore = 0;
+        if (this.config.contextualAnalysis && context) {
+            mediumRiskScore = this.analyzeContext(input, context);
+        }
+        else {
+            this.mediumRiskPatterns.forEach((pattern) => {
+                const matches = input.match(pattern);
+                if (matches) {
+                    mediumRiskScore += 0.1 * matches.length;
+                }
+            });
+        }
+        // Legitimacy checks
+        const legitimacyScore = this.calculateLegitimacyScore(input);
+        // Calculate final confidence
+        result.confidence = Math.max(0, highRiskScore + mediumRiskScore * 0.3 - legitimacyScore);
+        result.confidence = Math.min(result.confidence, 1.0);
+        // Determine risk level
+        if (result.confidence >= 0.9) {
+            result.riskLevel = 'CRITICAL';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= this.config.falsePositiveThreshold) {
+            result.riskLevel = 'HIGH';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= 0.4) {
+            result.riskLevel = 'MEDIUM';
+            result.isMalicious = false;
+        }
+        // Sanitize input
+        if (result.confidence >= 0.4) {
+            result.sanitizedInput = this.sanitizeInput(input);
+        }
+        // Log attempts
+        if (this.config.logAttempts && result.confidence >= 0.7) {
+            this.logAttempt(input, result);
+        }
+        return result;
+    }
+    /**
+     * Sanitize input by removing command injection sequences
+     */
+    sanitizeInput(input) {
+        let sanitized = input;
+        // Remove command chaining characters
+        sanitized = sanitized.replace(/[;&|`]/g, '');
+        // Remove command substitution
+        sanitized = sanitized.replace(/\$\(.*?\)/g, '');
+        // Remove backticks
+        sanitized = sanitized.replace(/`/g, '');
+        // Remove redirection operators
+        sanitized = sanitized.replace(/[<>]/g, '');
+        // Remove encoded newlines/tabs
+        sanitized = sanitized.replace(/%0a|%0d|%09/gi, '');
+        return sanitized.trim();
+    }
+    /**
+     * Analyze context to reduce false positives
+     */
+    analyzeContext(input, context) {
+        let score = 0;
+        // Check if this is a code/technical field where commands might be legitimate
+        const technicalContexts = ['code', 'script', 'command', 'terminal', 'shell'];
+        const isTechnicalContext = technicalContexts.some(ctx => context.fieldName?.toLowerCase().includes(ctx) ||
+            context.fieldType?.toLowerCase().includes(ctx));
+        this.mediumRiskPatterns.forEach((pattern, index) => {
+            const matches = input.match(pattern);
+            if (matches) {
+                let patternScore = 0.1 * matches.length;
+                // Reduce score for technical contexts
+                if (isTechnicalContext && index > 1) {
+                    patternScore *= 0.2; // Reduce by 80% for command names in technical fields
+                }
+                score += patternScore;
+            }
+        });
+        return score;
+    }
+    /**
+     * Calculate legitimacy score
+     */
+    calculateLegitimacyScore(input) {
+        let score = 0;
+        // Natural language indicators
+        const words = input.split(/\s+/);
+        if (words.length > 3 && words.every(w => /^[a-zA-Z]+$/.test(w))) {
+            score += 0.3; // Looks like natural text
+        }
+        // No shell metacharacters
+        if (!/[;&|`$()<>]/.test(input)) {
+            score += 0.2;
+        }
+        // Reasonable length for user input
+        if (input.length > 10 && input.length < 200) {
+            score += 0.1;
+        }
+        return Math.min(score, 0.5);
+    }
+    getHighRiskPatternName(index) {
+        const names = [
+            'Command chaining',
+            'Command substitution ($())',
+            'Backtick substitution',
+            'Pipe to shell',
+            'Redirection to system paths',
+            'Encoded injection',
+            'Dangerous system commands',
+            'Network commands',
+            'Eval/exec functions',
+        ];
+        return names[index] || `High-risk pattern ${index}`;
+    }
+    getHighRiskWeight(index) {
+        const weights = [0.9, 0.9, 0.9, 0.8, 0.7, 0.6, 0.9, 0.7, 0.9];
+        return weights[index] || 0.7;
+    }
+    logAttempt(input, result) {
+        console.warn('[CommandInjection] Attack detected:', {
+            timestamp: new Date().toISOString(),
+            input: input.substring(0, 100),
+            confidence: result.confidence,
+            patterns: result.detectedPatterns,
+        });
+    }
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+}
+
+module.exports = CommandInjectionDetector;
+//# sourceMappingURL=CommandInjectionDetector.js.map

package/dist/cjs/src/middleware/built-in/security/CommandInjectionDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CommandInjectionDetector.js","sources":["../../../../../../src/middleware/built-in/security/CommandInjectionDetector.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;;;AAKG;AASH,MAAM,wBAAwB,CAAA;AA2C1B,IAAA,WAAA,CAAY,SAAiC,EAAE,EAAA;;AAvC9B,QAAA,IAAA,CAAA,gBAAgB,GAAG;;YAEhC,0EAA0E;;YAG1E,YAAY;YACZ,QAAQ;;YAGR,uDAAuD;;YAGvD,iCAAiC;;AAGjC,YAAA,eAAe;;YAGf,+CAA+C;;YAG/C,2CAA2C;;YAG3C,qDAAqD;SACxD,CAAC;;AAGe,QAAA,IAAA,CAAA,kBAAkB,GAAG;;YAElC,YAAY;;YAGZ,OAAO;;YAGP,8DAA8D;SACjE,CAAC;QAGE,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;AAC/B,YAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;AACtC,YAAA,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;AACvC,YAAA,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,IAAI;AACjD,YAAA,sBAAsB,EAAE,MAAM,CAAC,sBAAsB,IAAI,GAAG;AAC5D,YAAA,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;AAC3C,YAAA,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,EAAE;AAC7C,YAAA,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,IAAI;SACxD,CAAC;KACL;AAED;;AAEG;IACH,MAAM,CAAC,KAAgC,EAAE,OAAqB,EAAA;QAC1D,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YACrC,OAAO;AACH,gBAAA,WAAW,EAAE,KAAK;AAClB,gBAAA,UAAU,EAAE,CAAC;AACb,gBAAA,gBAAgB,EAAE,EAAE;AACpB,gBAAA,SAAS,EAAE,KAAK;aACnB,CAAC;SACL;AAED,QAAA,MAAM,MAAM,GAA4B;AACpC,YAAA,WAAW,EAAE,KAAK;AAClB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,gBAAgB,EAAE,EAAE;AACpB,YAAA,cAAc,EAAE,KAAK;AACrB,YAAA,SAAS,EAAE,KAAK;SACnB,CAAC;;QAGF,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;gBACT,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvD,gBAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,WAAW,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAAC,CAAC;AACtE,gBAAA,aAAa,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;aAClD;AACL,SAAC,CAAC,CAAC;;QAGH,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,OAAO,EAAE;YAC3C,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;SACzD;aAAM;YACH,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,KAAI;gBACxC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACrC,IAAI,OAAO,EAAE;AACT,oBAAA,eAAe,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;iBAC3C;AACL,aAAC,CAAC,CAAC;SACN;;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;;AAG7D,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,GAAG,eAAe,GAAG,GAAG,GAAG,eAAe,CAAC,CAAC;AACzF,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;;AAGrD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AAC1B,YAAA,MAAM,CAAC,SAAS,GAAG,UAAU,CAAC;AAC9B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;aAAM,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;AAChE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;AAC1B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;AAAM,aAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACjC,YAAA,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;AAC5B,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;;AAGD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;SACrD;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACrD,YAAA,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;SAClC;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAED;;AAEG;AACK,IAAA,aAAa,CAAC,KAAa,EAAA;QAC/B,IAAI,SAAS,GAAG,KAAK,CAAC;;QAGtB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;;QAG7C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;;QAGhD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;;QAGxC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;;QAG3C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;AAEnD,QAAA,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;KAC3B;AAED;;AAEG;IACK,cAAc,CAAC,KAAa,EAAE,OAAoB,EAAA;QACtD,IAAI,KAAK,GAAG,CAAC,CAAC;;AAGd,QAAA,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAC7E,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,IACjD,OAAO,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;YAC9C,OAAO,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CACjD,CAAC;QAEF,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;AACT,gBAAA,IAAI,YAAY,GAAG,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;;AAGxC,gBAAA,IAAI,kBAAkB,IAAI,KAAK,GAAG,CAAC,EAAE;AACjC,oBAAA,YAAY,IAAI,GAAG,CAAC;iBACvB;gBAED,KAAK,IAAI,YAAY,CAAC;aACzB;AACL,SAAC,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAAa,EAAA;QAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;;QAGd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;AAC7D,YAAA,KAAK,IAAI,GAAG,CAAC;SAChB;;QAGD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YAC5B,KAAK,IAAI,GAAG,CAAC;SAChB;;AAGD,QAAA,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE;YACzC,KAAK,IAAI,GAAG,CAAC;SAChB;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;KAC/B;AAEO,IAAA,sBAAsB,CAAC,KAAa,EAAA;AACxC,QAAA,MAAM,KAAK,GAAG;YACV,kBAAkB;YAClB,4BAA4B;YAC5B,uBAAuB;YACvB,eAAe;YACf,6BAA6B;YAC7B,mBAAmB;YACnB,2BAA2B;YAC3B,kBAAkB;YAClB,qBAAqB;SACxB,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAqB,kBAAA,EAAA,KAAK,EAAE,CAAC;KACvD;AAEO,IAAA,iBAAiB,CAAC,KAAa,EAAA;QACnC,MAAM,OAAO,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAC9D,QAAA,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC;KAChC;IAEO,UAAU,CAAC,KAAa,EAAE,MAA+B,EAAA;AAC7D,QAAA,OAAO,CAAC,IAAI,CAAC,qCAAqC,EAAE;AAChD,YAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;YAC9B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,gBAAgB;AACpC,SAAA,CAAC,CAAC;KACN;AAED,IAAA,YAAY,CAAC,SAA0C,EAAA;AACnD,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;IAED,SAAS,GAAA;AACL,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}

package/dist/cjs/src/middleware/built-in/security/LDAPInjectionDetector.js

@@ -0,0 +1,96 @@
+'use strict';
+
+/**
+ * LDAP Injection Detection Module
+ *
+ * Detects and prevents LDAP injection attacks
+ */
+class LDAPInjectionDetector {
+    constructor(config = {}) {
+        // LDAP injection patterns
+        this.injectionPatterns = [
+            // LDAP filter metacharacters
+            /[*()\\|&]/g,
+            // Null byte
+            /\x00/g,
+            // LDAP filter injection attempts
+            /\)\s*\(\s*\|/gi, // )( | pattern
+            /\)\s*\(\s*&/gi, // )( & pattern
+            // Wildcard abuse
+            /\*{2,}/g,
+            // DN injection
+            /,\s*(cn|ou|dc|o)=/gi,
+        ];
+        this.config = {
+            enabled: config.enabled ?? true,
+            strictMode: config.strictMode ?? false,
+            logAttempts: config.logAttempts ?? true,
+            blockOnDetection: config.blockOnDetection ?? true,
+            falsePositiveThreshold: config.falsePositiveThreshold ?? 0.6,
+            customPatterns: config.customPatterns ?? [],
+        };
+    }
+    detect(input) {
+        if (!input || typeof input !== 'string') {
+            return {
+                isMalicious: false,
+                confidence: 0,
+                detectedPatterns: [],
+                riskLevel: 'LOW',
+            };
+        }
+        const result = {
+            isMalicious: false,
+            confidence: 0,
+            detectedPatterns: [],
+            sanitizedInput: input,
+            riskLevel: 'LOW',
+        };
+        let riskScore = 0;
+        this.injectionPatterns.forEach((pattern, index) => {
+            const matches = input.match(pattern);
+            if (matches) {
+                result.detectedPatterns.push(`LDAP metacharacter: ${matches.join(', ')}`);
+                riskScore += 0.3 * matches.length;
+            }
+        });
+        result.confidence = Math.min(riskScore, 1.0);
+        if (result.confidence >= 0.7) {
+            result.riskLevel = 'HIGH';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= this.config.falsePositiveThreshold) {
+            result.riskLevel = 'MEDIUM';
+            result.isMalicious = this.config.strictMode;
+        }
+        if (result.confidence >= 0.3) {
+            result.sanitizedInput = this.sanitize(input);
+        }
+        if (this.config.logAttempts && result.confidence >= 0.6) {
+            console.warn('[LDAP] Injection attempt detected:', {
+                timestamp: new Date().toISOString(),
+                input: input.substring(0, 100),
+                confidence: result.confidence,
+            });
+        }
+        return result;
+    }
+    sanitize(input) {
+        // Escape LDAP special characters
+        return input
+            .replace(/\\/g, '\\5c')
+            .replace(/\*/g, '\\2a')
+            .replace(/\(/g, '\\28')
+            .replace(/\)/g, '\\29')
+            .replace(/\x00/g, '\\00');
+    }
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+}
+
+module.exports = LDAPInjectionDetector;
+//# sourceMappingURL=LDAPInjectionDetector.js.map

package/dist/cjs/src/middleware/built-in/security/LDAPInjectionDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LDAPInjectionDetector.js","sources":["../../../../../../src/middleware/built-in/security/LDAPInjectionDetector.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;;AAIG;AAIH,MAAM,qBAAqB,CAAA;AAsBvB,IAAA,WAAA,CAAY,SAA+B,EAAE,EAAA;;AAlB5B,QAAA,IAAA,CAAA,iBAAiB,GAAG;;YAEjC,YAAY;;YAGZ,OAAO;;AAGP,YAAA,gBAAgB;AAChB,YAAA,eAAe;;YAGf,SAAS;;YAGT,qBAAqB;SACxB,CAAC;QAGE,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;AAC/B,YAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;AACtC,YAAA,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;AACvC,YAAA,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,IAAI;AACjD,YAAA,sBAAsB,EAAE,MAAM,CAAC,sBAAsB,IAAI,GAAG;AAC5D,YAAA,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;SAC9C,CAAC;KACL;AAED,IAAA,MAAM,CAAC,KAAgC,EAAA;QACnC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YACrC,OAAO;AACH,gBAAA,WAAW,EAAE,KAAK;AAClB,gBAAA,UAAU,EAAE,CAAC;AACb,gBAAA,gBAAgB,EAAE,EAAE;AACpB,gBAAA,SAAS,EAAE,KAAK;aACnB,CAAC;SACL;AAED,QAAA,MAAM,MAAM,GAA4B;AACpC,YAAA,WAAW,EAAE,KAAK;AAClB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,gBAAgB,EAAE,EAAE;AACpB,YAAA,cAAc,EAAE,KAAK;AACrB,YAAA,SAAS,EAAE,KAAK;SACnB,CAAC;QAEF,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;AACT,gBAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAuB,oBAAA,EAAA,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAAC,CAAC;AAC1E,gBAAA,SAAS,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;aACrC;AACL,SAAC,CAAC,CAAC;QAEH,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AAE7C,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AAC1B,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;AAC1B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;aAAM,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;AAChE,YAAA,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;YAC5B,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;SAC/C;AAED,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;SAChD;AAED,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACrD,YAAA,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE;AAC/C,gBAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC9B,UAAU,EAAE,MAAM,CAAC,UAAU;AAChC,aAAA,CAAC,CAAC;SACN;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAEO,IAAA,QAAQ,CAAC,KAAa,EAAA;;AAE1B,QAAA,OAAO,KAAK;AACP,aAAA,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;AACtB,aAAA,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;AACtB,aAAA,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;AACtB,aAAA,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;AACtB,aAAA,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;KACjC;AAED,IAAA,YAAY,CAAC,SAAwC,EAAA;AACjD,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;IAED,SAAS,GAAA;AACL,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}

package/dist/cjs/src/middleware/built-in/security/PathTraversalDetector.js

@@ -0,0 +1,212 @@
+'use strict';
+
+/**
+ * Path Traversal Detection Module
+ *
+ * Detects and prevents directory traversal attacks with intelligent
+ * false positive avoidance for legitimate file paths
+ */
+class PathTraversalDetector {
+    constructor(config = {}) {
+        // High-risk path traversal patterns
+        this.highRiskPatterns = [
+            // Classic traversal with multiple levels
+            /(\.\.[\/\\]){2,}/g,
+            // URL encoded traversal
+            /(%2e%2e[\/\\]|%2e%2e%2f|%2e%2e%5c)/gi,
+            // Double URL encoded
+            /(%252e%252e[\/\\]|%252e%252e%252f)/gi,
+            // Unicode/UTF-8 encoded
+            /(\.\.%c0%af|\.\.%c1%9c)/gi,
+            // Null byte injection
+            /\.\.[\/\\].*%00/g,
+            // Absolute paths (Unix/Windows)
+            /^(\/|\\\\|[a-zA-Z]:\\)/,
+            // System directories
+            /(\/etc\/|\/proc\/|\/sys\/|\/dev\/|C:\\Windows\\|C:\\Program Files\\)/gi,
+            // Traversal with encoded slashes
+            /\.\.(%2f|%5c)/gi,
+        ];
+        // Medium-risk patterns (context-dependent)
+        this.mediumRiskPatterns = [
+            // Single parent directory reference
+            /\.\.[\/\\]/g,
+            // Hidden files (Unix)
+            /\/\.[^\/]+/g,
+            // Backup files
+            /\.(bak|backup|old|tmp|swp)$/gi,
+            // Config files
+            /\.(conf|config|ini|env)$/gi,
+        ];
+        this.config = {
+            enabled: config.enabled ?? true,
+            strictMode: config.strictMode ?? false,
+            logAttempts: config.logAttempts ?? true,
+            blockOnDetection: config.blockOnDetection ?? true,
+            falsePositiveThreshold: config.falsePositiveThreshold ?? 0.6,
+            customPatterns: config.customPatterns ?? [],
+            allowedPaths: config.allowedPaths ?? [],
+            allowedExtensions: config.allowedExtensions ?? ['.jpg', '.png', '.pdf', '.txt'],
+            maxDepth: config.maxDepth ?? 3,
+        };
+    }
+    /**
+     * Detect path traversal attempts
+     */
+    detect(path, context) {
+        if (!path || typeof path !== 'string') {
+            return {
+                isMalicious: false,
+                confidence: 0,
+                detectedPatterns: [],
+                riskLevel: 'LOW',
+            };
+        }
+        const result = {
+            isMalicious: false,
+            confidence: 0,
+            detectedPatterns: [],
+            sanitizedInput: path,
+            riskLevel: 'LOW',
+        };
+        // Check if path is in allowed paths
+        if (this.isAllowedPath(path)) {
+            return result;
+        }
+        // High-risk pattern detection
+        let highRiskScore = 0;
+        this.highRiskPatterns.forEach((pattern, index) => {
+            const matches = path.match(pattern);
+            if (matches) {
+                const patternName = this.getHighRiskPatternName(index);
+                result.detectedPatterns.push(`${patternName}: ${matches.join(', ')}`);
+                highRiskScore += 0.8;
+            }
+        });
+        // Medium-risk pattern detection
+        let mediumRiskScore = 0;
+        this.mediumRiskPatterns.forEach((pattern) => {
+            const matches = path.match(pattern);
+            if (matches) {
+                mediumRiskScore += 0.2 * matches.length;
+            }
+        });
+        // Calculate depth
+        const depth = this.calculatePathDepth(path);
+        if (depth > this.config.maxDepth) {
+            result.detectedPatterns.push(`Excessive depth: ${depth}`);
+            mediumRiskScore += 0.3;
+        }
+        // Legitimacy checks
+        const legitimacyScore = this.calculateLegitimacyScore(path);
+        // Calculate final confidence
+        result.confidence = Math.max(0, highRiskScore + mediumRiskScore * 0.4 - legitimacyScore);
+        result.confidence = Math.min(result.confidence, 1.0);
+        // Determine risk level
+        if (result.confidence >= 0.8) {
+            result.riskLevel = 'CRITICAL';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= this.config.falsePositiveThreshold) {
+            result.riskLevel = 'HIGH';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= 0.3) {
+            result.riskLevel = 'MEDIUM';
+            result.isMalicious = false;
+        }
+        // Sanitize path
+        if (result.confidence >= 0.3) {
+            result.sanitizedInput = this.sanitizePath(path);
+        }
+        // Log attempts
+        if (this.config.logAttempts && result.confidence >= 0.7) {
+            this.logAttempt(path, result);
+        }
+        return result;
+    }
+    /**
+     * Sanitize path by removing traversal sequences
+     */
+    sanitizePath(path) {
+        let sanitized = path;
+        // Remove all traversal sequences
+        sanitized = sanitized.replace(/\.\.[\/\\]/g, '');
+        // Remove URL encoded traversal
+        sanitized = sanitized.replace(/%2e%2e[\/\\%]/gi, '');
+        // Remove null bytes
+        sanitized = sanitized.replace(/%00/g, '');
+        // Normalize slashes
+        sanitized = sanitized.replace(/[\\]/g, '/');
+        // Remove duplicate slashes
+        sanitized = sanitized.replace(/\/+/g, '/');
+        // Remove leading slash if present
+        sanitized = sanitized.replace(/^\//, '');
+        return sanitized;
+    }
+    /**
+     * Check if path is in allowed paths
+     */
+    isAllowedPath(path) {
+        return this.config.allowedPaths.some(allowed => path.startsWith(allowed));
+    }
+    /**
+     * Calculate path depth
+     */
+    calculatePathDepth(path) {
+        const normalized = path.replace(/[\\]/g, '/');
+        const parts = normalized.split('/').filter(p => p && p !== '.');
+        return parts.length;
+    }
+    /**
+     * Calculate legitimacy score
+     */
+    calculateLegitimacyScore(path) {
+        let score = 0;
+        // Check for allowed extensions
+        const hasAllowedExt = this.config.allowedExtensions.some(ext => path.toLowerCase().endsWith(ext));
+        if (hasAllowedExt) {
+            score += 0.3;
+        }
+        // Simple filename pattern (no traversal)
+        if (/^[a-zA-Z0-9_\-\.]+$/.test(path)) {
+            score += 0.3;
+        }
+        // Reasonable path depth
+        const depth = this.calculatePathDepth(path);
+        if (depth <= 2) {
+            score += 0.2;
+        }
+        return Math.min(score, 0.5);
+    }
+    getHighRiskPatternName(index) {
+        const names = [
+            'Multiple traversal sequences',
+            'URL encoded traversal',
+            'Double URL encoded traversal',
+            'Unicode encoded traversal',
+            'Null byte injection',
+            'Absolute path',
+            'System directory access',
+            'Encoded slash traversal',
+        ];
+        return names[index] || `High-risk pattern ${index}`;
+    }
+    logAttempt(path, result) {
+        console.warn('[PathTraversal] Attack detected:', {
+            timestamp: new Date().toISOString(),
+            path: path.substring(0, 100),
+            confidence: result.confidence,
+            patterns: result.detectedPatterns,
+        });
+    }
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+}
+
+module.exports = PathTraversalDetector;
+//# sourceMappingURL=PathTraversalDetector.js.map

package/dist/cjs/src/middleware/built-in/security/PathTraversalDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PathTraversalDetector.js","sources":["../../../../../../src/middleware/built-in/security/PathTraversalDetector.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;;;AAKG;AAUH,MAAM,qBAAqB,CAAA;AA6CvB,IAAA,WAAA,CAAY,SAA8B,EAAE,EAAA;;AAzC3B,QAAA,IAAA,CAAA,gBAAgB,GAAG;;YAEhC,mBAAmB;;YAGnB,sCAAsC;;YAGtC,sCAAsC;;YAGtC,2BAA2B;;YAG3B,kBAAkB;;YAGlB,wBAAwB;;YAGxB,wEAAwE;;YAGxE,iBAAiB;SACpB,CAAC;;AAGe,QAAA,IAAA,CAAA,kBAAkB,GAAG;;YAElC,aAAa;;YAGb,aAAa;;YAGb,+BAA+B;;YAG/B,4BAA4B;SAC/B,CAAC;QAGE,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;AAC/B,YAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;AACtC,YAAA,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;AACvC,YAAA,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,IAAI;AACjD,YAAA,sBAAsB,EAAE,MAAM,CAAC,sBAAsB,IAAI,GAAG;AAC5D,YAAA,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;AAC3C,YAAA,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;AACvC,YAAA,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;AAC/E,YAAA,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;SACjC,CAAC;KACL;AAED;;AAEG;IACH,MAAM,CAAC,IAA+B,EAAE,OAAqB,EAAA;QACzD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YACnC,OAAO;AACH,gBAAA,WAAW,EAAE,KAAK;AAClB,gBAAA,UAAU,EAAE,CAAC;AACb,gBAAA,gBAAgB,EAAE,EAAE;AACpB,gBAAA,SAAS,EAAE,KAAK;aACnB,CAAC;SACL;AAED,QAAA,MAAM,MAAM,GAA4B;AACpC,YAAA,WAAW,EAAE,KAAK;AAClB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,gBAAgB,EAAE,EAAE;AACpB,YAAA,cAAc,EAAE,IAAI;AACpB,YAAA,SAAS,EAAE,KAAK;SACnB,CAAC;;AAGF,QAAA,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE;AAC1B,YAAA,OAAO,MAAM,CAAC;SACjB;;QAGD,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,OAAO,EAAE;gBACT,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvD,gBAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,WAAW,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAAC,CAAC;gBACtE,aAAa,IAAI,GAAG,CAAC;aACxB;AACL,SAAC,CAAC,CAAC;;QAGH,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,KAAI;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,OAAO,EAAE;AACT,gBAAA,eAAe,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;aAC3C;AACL,SAAC,CAAC,CAAC;;QAGH,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC9B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAoB,iBAAA,EAAA,KAAK,CAAE,CAAA,CAAC,CAAC;YAC1D,eAAe,IAAI,GAAG,CAAC;SAC1B;;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;;AAG5D,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,GAAG,eAAe,GAAG,GAAG,GAAG,eAAe,CAAC,CAAC;AACzF,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;;AAGrD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AAC1B,YAAA,MAAM,CAAC,SAAS,GAAG,UAAU,CAAC;AAC9B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;aAAM,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;AAChE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;AAC1B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;AAAM,aAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACjC,YAAA,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;AAC5B,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;;AAGD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;SACnD;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACrD,YAAA,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;SACjC;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAED;;AAEG;AACK,IAAA,YAAY,CAAC,IAAY,EAAA;QAC7B,IAAI,SAAS,GAAG,IAAI,CAAC;;QAGrB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;;QAGjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;;QAGrD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;;QAG1C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;;QAG5C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;;QAG3C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAEzC,QAAA,OAAO,SAAS,CAAC;KACpB;AAED;;AAEG;AACK,IAAA,aAAa,CAAC,IAAY,EAAA;AAC9B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,IACxC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAC3B,CAAC;KACL;AAED;;AAEG;AACK,IAAA,kBAAkB,CAAC,IAAY,EAAA;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;QAChE,OAAO,KAAK,CAAC,MAAM,CAAC;KACvB;AAED;;AAEG;AACK,IAAA,wBAAwB,CAAC,IAAY,EAAA;QACzC,IAAI,KAAK,GAAG,CAAC,CAAC;;QAGd,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,IACxD,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CACnC,CAAC;QACF,IAAI,aAAa,EAAE;YACf,KAAK,IAAI,GAAG,CAAC;SAChB;;AAGD,QAAA,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAClC,KAAK,IAAI,GAAG,CAAC;SAChB;;QAGD,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC5C,QAAA,IAAI,KAAK,IAAI,CAAC,EAAE;YACZ,KAAK,IAAI,GAAG,CAAC;SAChB;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;KAC/B;AAEO,IAAA,sBAAsB,CAAC,KAAa,EAAA;AACxC,QAAA,MAAM,KAAK,GAAG;YACV,8BAA8B;YAC9B,uBAAuB;YACvB,8BAA8B;YAC9B,2BAA2B;YAC3B,qBAAqB;YACrB,eAAe;YACf,yBAAyB;YACzB,yBAAyB;SAC5B,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAqB,kBAAA,EAAA,KAAK,EAAE,CAAC;KACvD;IAEO,UAAU,CAAC,IAAY,EAAE,MAA+B,EAAA;AAC5D,QAAA,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE;AAC7C,YAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;YAC5B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,gBAAgB;AACpC,SAAA,CAAC,CAAC;KACN;AAED,IAAA,YAAY,CAAC,SAAuC,EAAA;AAChD,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;IAED,SAAS,GAAA;AACL,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}