xypriss 2.2.5 → 2.3.0

package/dist/esm/src/middleware/built-in/security/PathTraversalDetector.js

@@ -0,0 +1,210 @@
+/**
+ * Path Traversal Detection Module
+ *
+ * Detects and prevents directory traversal attacks with intelligent
+ * false positive avoidance for legitimate file paths
+ */
+class PathTraversalDetector {
+    constructor(config = {}) {
+        // High-risk path traversal patterns
+        this.highRiskPatterns = [
+            // Classic traversal with multiple levels
+            /(\.\.[\/\\]){2,}/g,
+            // URL encoded traversal
+            /(%2e%2e[\/\\]|%2e%2e%2f|%2e%2e%5c)/gi,
+            // Double URL encoded
+            /(%252e%252e[\/\\]|%252e%252e%252f)/gi,
+            // Unicode/UTF-8 encoded
+            /(\.\.%c0%af|\.\.%c1%9c)/gi,
+            // Null byte injection
+            /\.\.[\/\\].*%00/g,
+            // Absolute paths (Unix/Windows)
+            /^(\/|\\\\|[a-zA-Z]:\\)/,
+            // System directories
+            /(\/etc\/|\/proc\/|\/sys\/|\/dev\/|C:\\Windows\\|C:\\Program Files\\)/gi,
+            // Traversal with encoded slashes
+            /\.\.(%2f|%5c)/gi,
+        ];
+        // Medium-risk patterns (context-dependent)
+        this.mediumRiskPatterns = [
+            // Single parent directory reference
+            /\.\.[\/\\]/g,
+            // Hidden files (Unix)
+            /\/\.[^\/]+/g,
+            // Backup files
+            /\.(bak|backup|old|tmp|swp)$/gi,
+            // Config files
+            /\.(conf|config|ini|env)$/gi,
+        ];
+        this.config = {
+            enabled: config.enabled ?? true,
+            strictMode: config.strictMode ?? false,
+            logAttempts: config.logAttempts ?? true,
+            blockOnDetection: config.blockOnDetection ?? true,
+            falsePositiveThreshold: config.falsePositiveThreshold ?? 0.6,
+            customPatterns: config.customPatterns ?? [],
+            allowedPaths: config.allowedPaths ?? [],
+            allowedExtensions: config.allowedExtensions ?? ['.jpg', '.png', '.pdf', '.txt'],
+            maxDepth: config.maxDepth ?? 3,
+        };
+    }
+    /**
+     * Detect path traversal attempts
+     */
+    detect(path, context) {
+        if (!path || typeof path !== 'string') {
+            return {
+                isMalicious: false,
+                confidence: 0,
+                detectedPatterns: [],
+                riskLevel: 'LOW',
+            };
+        }
+        const result = {
+            isMalicious: false,
+            confidence: 0,
+            detectedPatterns: [],
+            sanitizedInput: path,
+            riskLevel: 'LOW',
+        };
+        // Check if path is in allowed paths
+        if (this.isAllowedPath(path)) {
+            return result;
+        }
+        // High-risk pattern detection
+        let highRiskScore = 0;
+        this.highRiskPatterns.forEach((pattern, index) => {
+            const matches = path.match(pattern);
+            if (matches) {
+                const patternName = this.getHighRiskPatternName(index);
+                result.detectedPatterns.push(`${patternName}: ${matches.join(', ')}`);
+                highRiskScore += 0.8;
+            }
+        });
+        // Medium-risk pattern detection
+        let mediumRiskScore = 0;
+        this.mediumRiskPatterns.forEach((pattern) => {
+            const matches = path.match(pattern);
+            if (matches) {
+                mediumRiskScore += 0.2 * matches.length;
+            }
+        });
+        // Calculate depth
+        const depth = this.calculatePathDepth(path);
+        if (depth > this.config.maxDepth) {
+            result.detectedPatterns.push(`Excessive depth: ${depth}`);
+            mediumRiskScore += 0.3;
+        }
+        // Legitimacy checks
+        const legitimacyScore = this.calculateLegitimacyScore(path);
+        // Calculate final confidence
+        result.confidence = Math.max(0, highRiskScore + mediumRiskScore * 0.4 - legitimacyScore);
+        result.confidence = Math.min(result.confidence, 1.0);
+        // Determine risk level
+        if (result.confidence >= 0.8) {
+            result.riskLevel = 'CRITICAL';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= this.config.falsePositiveThreshold) {
+            result.riskLevel = 'HIGH';
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= 0.3) {
+            result.riskLevel = 'MEDIUM';
+            result.isMalicious = false;
+        }
+        // Sanitize path
+        if (result.confidence >= 0.3) {
+            result.sanitizedInput = this.sanitizePath(path);
+        }
+        // Log attempts
+        if (this.config.logAttempts && result.confidence >= 0.7) {
+            this.logAttempt(path, result);
+        }
+        return result;
+    }
+    /**
+     * Sanitize path by removing traversal sequences
+     */
+    sanitizePath(path) {
+        let sanitized = path;
+        // Remove all traversal sequences
+        sanitized = sanitized.replace(/\.\.[\/\\]/g, '');
+        // Remove URL encoded traversal
+        sanitized = sanitized.replace(/%2e%2e[\/\\%]/gi, '');
+        // Remove null bytes
+        sanitized = sanitized.replace(/%00/g, '');
+        // Normalize slashes
+        sanitized = sanitized.replace(/[\\]/g, '/');
+        // Remove duplicate slashes
+        sanitized = sanitized.replace(/\/+/g, '/');
+        // Remove leading slash if present
+        sanitized = sanitized.replace(/^\//, '');
+        return sanitized;
+    }
+    /**
+     * Check if path is in allowed paths
+     */
+    isAllowedPath(path) {
+        return this.config.allowedPaths.some(allowed => path.startsWith(allowed));
+    }
+    /**
+     * Calculate path depth
+     */
+    calculatePathDepth(path) {
+        const normalized = path.replace(/[\\]/g, '/');
+        const parts = normalized.split('/').filter(p => p && p !== '.');
+        return parts.length;
+    }
+    /**
+     * Calculate legitimacy score
+     */
+    calculateLegitimacyScore(path) {
+        let score = 0;
+        // Check for allowed extensions
+        const hasAllowedExt = this.config.allowedExtensions.some(ext => path.toLowerCase().endsWith(ext));
+        if (hasAllowedExt) {
+            score += 0.3;
+        }
+        // Simple filename pattern (no traversal)
+        if (/^[a-zA-Z0-9_\-\.]+$/.test(path)) {
+            score += 0.3;
+        }
+        // Reasonable path depth
+        const depth = this.calculatePathDepth(path);
+        if (depth <= 2) {
+            score += 0.2;
+        }
+        return Math.min(score, 0.5);
+    }
+    getHighRiskPatternName(index) {
+        const names = [
+            'Multiple traversal sequences',
+            'URL encoded traversal',
+            'Double URL encoded traversal',
+            'Unicode encoded traversal',
+            'Null byte injection',
+            'Absolute path',
+            'System directory access',
+            'Encoded slash traversal',
+        ];
+        return names[index] || `High-risk pattern ${index}`;
+    }
+    logAttempt(path, result) {
+        console.warn('[PathTraversal] Attack detected:', {
+            timestamp: new Date().toISOString(),
+            path: path.substring(0, 100),
+            confidence: result.confidence,
+            patterns: result.detectedPatterns,
+        });
+    }
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+}
+
+export { PathTraversalDetector as default };
+//# sourceMappingURL=PathTraversalDetector.js.map

package/dist/esm/src/middleware/built-in/security/PathTraversalDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PathTraversalDetector.js","sources":["../../../../../../src/middleware/built-in/security/PathTraversalDetector.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA;;;;;AAKG;AAUH,MAAM,qBAAqB,CAAA;AA6CvB,IAAA,WAAA,CAAY,SAA8B,EAAE,EAAA;;AAzC3B,QAAA,IAAA,CAAA,gBAAgB,GAAG;;YAEhC,mBAAmB;;YAGnB,sCAAsC;;YAGtC,sCAAsC;;YAGtC,2BAA2B;;YAG3B,kBAAkB;;YAGlB,wBAAwB;;YAGxB,wEAAwE;;YAGxE,iBAAiB;SACpB,CAAC;;AAGe,QAAA,IAAA,CAAA,kBAAkB,GAAG;;YAElC,aAAa;;YAGb,aAAa;;YAGb,+BAA+B;;YAG/B,4BAA4B;SAC/B,CAAC;QAGE,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;AAC/B,YAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;AACtC,YAAA,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;AACvC,YAAA,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,IAAI;AACjD,YAAA,sBAAsB,EAAE,MAAM,CAAC,sBAAsB,IAAI,GAAG;AAC5D,YAAA,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;AAC3C,YAAA,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;AACvC,YAAA,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;AAC/E,YAAA,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;SACjC,CAAC;KACL;AAED;;AAEG;IACH,MAAM,CAAC,IAA+B,EAAE,OAAqB,EAAA;QACzD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YACnC,OAAO;AACH,gBAAA,WAAW,EAAE,KAAK;AAClB,gBAAA,UAAU,EAAE,CAAC;AACb,gBAAA,gBAAgB,EAAE,EAAE;AACpB,gBAAA,SAAS,EAAE,KAAK;aACnB,CAAC;SACL;AAED,QAAA,MAAM,MAAM,GAA4B;AACpC,YAAA,WAAW,EAAE,KAAK;AAClB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,gBAAgB,EAAE,EAAE;AACpB,YAAA,cAAc,EAAE,IAAI;AACpB,YAAA,SAAS,EAAE,KAAK;SACnB,CAAC;;AAGF,QAAA,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE;AAC1B,YAAA,OAAO,MAAM,CAAC;SACjB;;QAGD,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,OAAO,EAAE;gBACT,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvD,gBAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,WAAW,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAAC,CAAC;gBACtE,aAAa,IAAI,GAAG,CAAC;aACxB;AACL,SAAC,CAAC,CAAC;;QAGH,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,KAAI;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,OAAO,EAAE;AACT,gBAAA,eAAe,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;aAC3C;AACL,SAAC,CAAC,CAAC;;QAGH,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC9B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAoB,iBAAA,EAAA,KAAK,CAAE,CAAA,CAAC,CAAC;YAC1D,eAAe,IAAI,GAAG,CAAC;SAC1B;;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;;AAG5D,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,GAAG,eAAe,GAAG,GAAG,GAAG,eAAe,CAAC,CAAC;AACzF,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;;AAGrD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AAC1B,YAAA,MAAM,CAAC,SAAS,GAAG,UAAU,CAAC;AAC9B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;aAAM,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;AAChE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;AAC1B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;AAAM,aAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACjC,YAAA,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;AAC5B,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;;AAGD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;SACnD;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACrD,YAAA,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;SACjC;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAED;;AAEG;AACK,IAAA,YAAY,CAAC,IAAY,EAAA;QAC7B,IAAI,SAAS,GAAG,IAAI,CAAC;;QAGrB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;;QAGjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;;QAGrD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;;QAG1C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;;QAG5C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;;QAG3C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAEzC,QAAA,OAAO,SAAS,CAAC;KACpB;AAED;;AAEG;AACK,IAAA,aAAa,CAAC,IAAY,EAAA;AAC9B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,IACxC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAC3B,CAAC;KACL;AAED;;AAEG;AACK,IAAA,kBAAkB,CAAC,IAAY,EAAA;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;QAChE,OAAO,KAAK,CAAC,MAAM,CAAC;KACvB;AAED;;AAEG;AACK,IAAA,wBAAwB,CAAC,IAAY,EAAA;QACzC,IAAI,KAAK,GAAG,CAAC,CAAC;;QAGd,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,IACxD,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CACnC,CAAC;QACF,IAAI,aAAa,EAAE;YACf,KAAK,IAAI,GAAG,CAAC;SAChB;;AAGD,QAAA,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAClC,KAAK,IAAI,GAAG,CAAC;SAChB;;QAGD,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC5C,QAAA,IAAI,KAAK,IAAI,CAAC,EAAE;YACZ,KAAK,IAAI,GAAG,CAAC;SAChB;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;KAC/B;AAEO,IAAA,sBAAsB,CAAC,KAAa,EAAA;AACxC,QAAA,MAAM,KAAK,GAAG;YACV,8BAA8B;YAC9B,uBAAuB;YACvB,8BAA8B;YAC9B,2BAA2B;YAC3B,qBAAqB;YACrB,eAAe;YACf,yBAAyB;YACzB,yBAAyB;SAC5B,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAqB,kBAAA,EAAA,KAAK,EAAE,CAAC;KACvD;IAEO,UAAU,CAAC,IAAY,EAAE,MAA+B,EAAA;AAC5D,QAAA,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE;AAC7C,YAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;YAC5B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,gBAAgB;AACpC,SAAA,CAAC,CAAC;KACN;AAED,IAAA,YAAY,CAAC,SAAuC,EAAA;AAChD,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;IAED,SAAS,GAAA;AACL,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}

package/dist/esm/src/middleware/built-in/security/SQLInjectionDetector.js

@@ -0,0 +1,333 @@
+class SQLInjectionDetector {
+    constructor(config = {}) {
+        // High-confidence SQL injection patterns (more specific to reduce false positives)
+        this.highRiskPatterns = [
+            // Union attacks with SELECT
+            /(\s|^)(union|UNION)(\s)+(all\s+)?(select|SELECT)/gi,
+            // SQL comments at end of input or before SQL keywords
+            /(--|#|\/\*).*?(select|union|drop|delete|insert|update|create|alter)/gi,
+            /;(\s)*--.*/gi,
+            // Enhanced boolean injections (more comprehensive)
+            /(\s|^)(or|OR)(\s)+('?\d+'?\s*=\s*'?\d+'?|'[^']*'\s*=\s*'[^']*'|true|false)/gi,
+            /(\s|^)(and|AND)(\s)+('?\d+'?\s*=\s*'?\d+'?|'[^']*'\s*=\s*'[^']*'|true|false)/gi,
+            // Quote-based boolean injections
+            /'(\s)+(or|OR|and|AND)(\s)+'/gi,
+            // Comment-obfuscated patterns
+            /\/\*.*?\*\/(or|OR|and|AND)\/\*.*?\*\//gi,
+            // Time-based with specific syntax (enhanced)
+            /(sleep|SLEEP|waitfor|WAITFOR|delay|DELAY)\s*\(.*?\)/gi,
+            /(waitfor|WAITFOR)\s+(delay|DELAY)\s+'/gi,
+            // System stored procedures
+            /(exec|EXEC|execute|EXECUTE)\s+(sp_|xp_)\w+/gi,
+            // Information schema with specific queries
+            /(information_schema|INFORMATION_SCHEMA)\.(tables|columns|schemata)/gi,
+            // Dangerous DDL operations with semicolons
+            /;(\s)*(drop|DROP|delete|DELETE|truncate|TRUNCATE)\s+(table|database)/gi,
+            // Hex encoding of common injection strings
+            /0x(27|22|5C|2D|2D)/gi, // ', ", \, --
+            // Multiple quotes for quote breaking
+            /('{3,}|"{3,})/g,
+            // Stacked queries with dangerous operations
+            /;(\s)*(drop|delete|insert|update|create|alter)(\s)+/gi,
+        ];
+        // Medium risk patterns (require context analysis)
+        this.mediumRiskPatterns = [
+            // Single SQL keywords (common in legitimate text)
+            /\b(select|union|drop|delete|insert|update|create|alter)\b/gi,
+            // Simple OR/AND conditions
+            /\b(or|and)\s+\w+\s*=\s*\w+/gi,
+            // Single quotes or double quotes
+            /'/g,
+            /"/g,
+            // Basic SQL comments
+            /(--|#)/g,
+            // Wildcards
+            /[%_]/g,
+        ];
+        // Characters that are suspicious in certain contexts
+        this.contextSensitiveChars = /[';\"\\%_]/g;
+        this.config = {
+            strictMode: config.strictMode ?? false,
+            allowedChars: config.allowedChars ?? /^[a-zA-Z0-9\s\-@.!?,()]+$/,
+            maxLength: config.maxLength ?? 1000,
+            logAttempts: config.logAttempts ?? true,
+            contextualAnalysis: config.contextualAnalysis ?? true,
+            falsePositiveThreshold: config.falsePositiveThreshold ?? 0.6,
+        };
+    }
+    /**
+     * Main detection method with improved false positive handling
+     */
+    detect(input, context) {
+        if (!input || typeof input !== "string") {
+            return {
+                isMalicious: false,
+                confidence: 0,
+                detectedPatterns: [],
+                riskLevel: "LOW",
+            };
+        }
+        const result = {
+            isMalicious: false,
+            confidence: 0,
+            detectedPatterns: [],
+            sanitizedInput: input,
+            riskLevel: "LOW",
+        };
+        // Check input length (very long inputs are suspicious)
+        if (input.length > this.config.maxLength) {
+            result.confidence += 0.2; // Reduced penalty for length
+            result.detectedPatterns.push("Excessive length");
+        }
+        // High-risk pattern analysis (strong indicators)
+        let highRiskScore = 0;
+        this.highRiskPatterns.forEach((pattern, index) => {
+            const matches = input.match(pattern);
+            if (matches) {
+                const patternName = this.getHighRiskPatternName(index);
+                result.detectedPatterns.push(`${patternName}: ${matches.join(", ")}`);
+                highRiskScore += this.getHighRiskPatternWeight(index);
+            }
+        });
+        // Medium-risk pattern analysis (context-dependent)
+        let mediumRiskScore = 0;
+        if (this.config.contextualAnalysis) {
+            mediumRiskScore = this.analyzeContext(input, context || "");
+        }
+        else {
+            // Basic medium risk analysis without context
+            this.mediumRiskPatterns.forEach((pattern, index) => {
+                const matches = input.match(pattern);
+                if (matches) {
+                    mediumRiskScore += 0.1 * matches.length; // Lower weight for medium risk
+                }
+            });
+        }
+        // Contextual analysis for legitimate use cases
+        const legitimacyScore = this.calculateLegitimacyScore(input);
+        // Calculate confidence with false positive mitigation
+        const rawScore = highRiskScore + mediumRiskScore * 0.3;
+        result.confidence = Math.max(0, rawScore - legitimacyScore);
+        result.confidence = Math.min(result.confidence, 1.0);
+        // Determine risk level and malicious status
+        if (result.confidence >= 0.8) {
+            result.riskLevel = "CRITICAL";
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= this.config.falsePositiveThreshold) {
+            result.riskLevel = "HIGH";
+            result.isMalicious = true;
+        }
+        else if (result.confidence >= 0.3) {
+            result.riskLevel = "MEDIUM";
+            result.isMalicious = false; // Don't block medium risk by default
+        }
+        else {
+            result.riskLevel = "LOW";
+            result.isMalicious = false;
+        }
+        // Log only high confidence attempts
+        if (this.config.logAttempts && result.confidence >= 0.7) {
+            this.logAttempt(input, result);
+        }
+        // Provide sanitized version only for high-risk inputs
+        if (result.confidence >= 0.4) {
+            result.sanitizedInput = this.smartSanitize(input);
+        }
+        return result;
+    }
+    /**
+     * Analyze context to reduce false positives
+     */
+    analyzeContext(input, context) {
+        let score = 0;
+        // Check for legitimate business contexts
+        const businessContexts = [
+            "search",
+            "filter",
+            "name",
+            "description",
+            "comment",
+            "review",
+            "address",
+            "title",
+            "content",
+            "message",
+            "email",
+        ];
+        const isBusinessContext = businessContexts.some((ctx) => context.toLowerCase().includes(ctx));
+        this.mediumRiskPatterns.forEach((pattern, index) => {
+            const matches = input.match(pattern);
+            if (matches) {
+                let patternScore = 0.1 * matches.length;
+                // Reduce score for legitimate contexts
+                if (isBusinessContext) {
+                    patternScore *= 0.3; // Reduce by 70%
+                }
+                // Special handling for common false positives
+                if (index === 0 && isBusinessContext) {
+                    // SQL keywords in business text
+                    patternScore *= 0.1; // Very low weight for SQL keywords in business context
+                }
+                if (index === 2 || index === 3) {
+                    // Single quotes in names, descriptions
+                    if (context.includes("name") ||
+                        context.includes("description")) {
+                        patternScore *= 0.2;
+                    }
+                }
+                score += patternScore;
+            }
+        });
+        return score;
+    }
+    /**
+     * Calculate legitimacy score to offset false positives
+     */
+    calculateLegitimacyScore(input) {
+        let legitimacyScore = 0;
+        // Natural language indicators
+        const naturalWords = input.match(/\b[a-zA-Z]{3,}\b/g);
+        if (naturalWords && naturalWords.length > 2) {
+            legitimacyScore += 0.2; // Looks like natural text
+        }
+        // Check for common legitimate patterns
+        const legitimatePatterns = [
+            /^[A-Z][a-z]+\s[A-Z][a-z]+$/, // First Last name
+            /^[\w\.-]+@[\w\.-]+\.\w+$/, // Email
+            /^\d{1,5}\s\w+(\s\w+)*$/, // Address format
+            /^[A-Za-z0-9\s\-.,!?()]+$/, // Normal text with punctuation
+        ];
+        legitimatePatterns.forEach((pattern) => {
+            if (pattern.test(input)) {
+                legitimacyScore += 0.15;
+            }
+        });
+        // Length-based legitimacy (very short or very specific lengths are more suspicious)
+        if (input.length > 10 && input.length < 200) {
+            legitimacyScore += 0.1;
+        }
+        // Check for balanced quotes (legitimate text often has balanced quotes)
+        const singleQuotes = (input.match(/'/g) || []).length;
+        const doubleQuotes = (input.match(/"/g) || []).length;
+        if (singleQuotes % 2 === 0 && doubleQuotes % 2 === 0) {
+            legitimacyScore += 0.1;
+        }
+        return Math.min(legitimacyScore, 0.5); // Cap legitimacy score
+    }
+    /**
+     * Smart sanitization that preserves legitimate content
+     */
+    smartSanitize(input) {
+        if (!input)
+            return input;
+        let sanitized = input;
+        // Only remove obvious SQL injection patterns, not all SQL keywords
+        sanitized = sanitized.replace(/(--|#).*$/gm, ""); // Remove comment tails
+        sanitized = sanitized.replace(/\/\*.*?\*\//g, ""); // Remove /* */ comments
+        // Only escape quotes if they appear to be part of injection attempts
+        const suspiciousQuotes = /'(\s*(or|and|union|select)\s|;|\s*--)/gi;
+        sanitized = sanitized.replace(suspiciousQuotes, "''$1");
+        // Remove only dangerous control characters
+        sanitized = sanitized.replace(/[\x00\x1a]/g, "");
+        // Only remove semicolons if followed by SQL keywords
+        sanitized = sanitized.replace(/;(\s)*(drop|delete|insert|update|create|alter|union|select)/gi, " $2");
+        return sanitized.trim();
+    }
+    /**
+     * Validate and sanitize input, throwing error if malicious
+     */
+    validateAndSanitize(input, throwOnDetection = false) {
+        const result = this.detect(input);
+        if (result.isMalicious && throwOnDetection) {
+            throw new Error(`SQL injection attempt detected. Confidence: ${(result.confidence * 100).toFixed(1)}%. ` +
+                `Patterns: ${result.detectedPatterns.join(", ")}`);
+        }
+        return result.sanitizedInput || "";
+    }
+    /**
+     * Create parameterized query helper
+     */
+    createParameterizedQuery(query, params) {
+        // Simple parameterization helper
+        let parameterizedQuery = query;
+        const safeParams = [];
+        params.forEach((param, index) => {
+            if (typeof param === "string") {
+                const result = this.detect(param);
+                if (result.isMalicious) {
+                    throw new Error(`Parameter ${index} contains potential SQL injection`);
+                }
+                safeParams.push(result.sanitizedInput);
+            }
+            else {
+                safeParams.push(param);
+            }
+        });
+        return { query: parameterizedQuery, params: safeParams };
+    }
+    getHighRiskPatternName(index) {
+        const names = [
+            "Union-Select attack",
+            "Commented injection",
+            "Comment with semicolon",
+            "Enhanced boolean OR",
+            "Enhanced boolean AND",
+            "Quote-based boolean",
+            "Comment-obfuscated injection",
+            "Time-based delay",
+            "WAITFOR delay attack",
+            "System procedure call",
+            "Information schema query",
+            "DDL with semicolon",
+            "Hex-encoded injection",
+            "Quote sequence attack",
+            "Stacked query attack",
+        ];
+        return names[index] || `High-risk pattern ${index}`;
+    }
+    getHighRiskPatternWeight(index) {
+        // Higher weights for more definitive attack patterns
+        const weights = [
+            0.9, // Union-Select attack
+            0.8, // Commented injection
+            0.7, // Comment with semicolon
+            0.8, // Enhanced boolean OR
+            0.8, // Enhanced boolean AND
+            0.7, // Quote-based boolean
+            0.8, // Comment-obfuscated injection
+            0.9, // Time-based delay
+            0.8, // WAITFOR delay attack
+            0.8, // System procedure call
+            0.7, // Information schema query
+            0.9, // DDL with semicolon
+            0.6, // Hex-encoded injection
+            0.5, // Quote sequence attack
+            0.8, // Stacked query attack
+        ];
+        return weights[index] || 0.7;
+    }
+    logAttempt(input, result) {
+        console.warn(`SQL Injection Attempt Detected:`, {
+            timestamp: new Date().toISOString(),
+            input: input.substring(0, 100) + (input.length > 100 ? "..." : ""),
+            confidence: result.confidence,
+            patterns: result.detectedPatterns,
+        });
+    }
+    /**
+     * Update configuration
+     */
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+}
+
+export { SQLInjectionDetector as default };
+//# sourceMappingURL=SQLInjectionDetector.js.map

package/dist/esm/src/middleware/built-in/security/SQLInjectionDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SQLInjectionDetector.js","sources":["../../../../../../src/middleware/built-in/security/SQLInjectionDetector.ts"],"sourcesContent":[null],"names":[],"mappings":"AAiBA,MAAM,oBAAoB,CAAA;AAmEtB,IAAA,WAAA,CAAY,SAA6B,EAAE,EAAA;;AA/D1B,QAAA,IAAA,CAAA,gBAAgB,GAAG;;YAEhC,oDAAoD;;YAGpD,uEAAuE;YACvE,cAAc;;YAGd,8EAA8E;YAC9E,gFAAgF;;YAGhF,+BAA+B;;YAG/B,yCAAyC;;YAGzC,uDAAuD;YACvD,yCAAyC;;YAGzC,8CAA8C;;YAG9C,sEAAsE;;YAGtE,wEAAwE;;AAGxE,YAAA,sBAAsB;;YAGtB,gBAAgB;;YAGhB,uDAAuD;SAC1D,CAAC;;AAGe,QAAA,IAAA,CAAA,kBAAkB,GAAG;;YAElC,6DAA6D;;YAG7D,8BAA8B;;YAG9B,IAAI;YACJ,IAAI;;YAGJ,SAAS;;YAGT,OAAO;SACV,CAAC;;QAGe,IAAqB,CAAA,qBAAA,GAAG,aAAa,CAAC;QAGnD,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;AACtC,YAAA,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,2BAA2B;AAChE,YAAA,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;AACnC,YAAA,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;AACvC,YAAA,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,IAAI;AACrD,YAAA,sBAAsB,EAAE,MAAM,CAAC,sBAAsB,IAAI,GAAG;SAC/D,CAAC;KACL;AAED;;AAEG;IACH,MAAM,CACF,KAAgC,EAChC,OAAgB,EAAA;QAEhB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YACrC,OAAO;AACH,gBAAA,WAAW,EAAE,KAAK;AAClB,gBAAA,UAAU,EAAE,CAAC;AACb,gBAAA,gBAAgB,EAAE,EAAE;AACpB,gBAAA,SAAS,EAAE,KAAK;aACnB,CAAC;SACL;AAED,QAAA,MAAM,MAAM,GAAoB;AAC5B,YAAA,WAAW,EAAE,KAAK;AAClB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,gBAAgB,EAAE,EAAE;AACpB,YAAA,cAAc,EAAE,KAAK;AACrB,YAAA,SAAS,EAAE,KAAK;SACnB,CAAC;;QAGF,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;AACtC,YAAA,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC;AACzB,YAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;SACpD;;QAGD,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;gBACT,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvD,gBAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CACxB,GAAG,WAAW,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAE,CAC1C,CAAC;AACF,gBAAA,aAAa,IAAI,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;aACzD;AACL,SAAC,CAAC,CAAC;;QAGH,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE;YAChC,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC;SAC/D;aAAM;;YAEH,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;gBAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACrC,IAAI,OAAO,EAAE;oBACT,eAAe,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;iBAC3C;AACL,aAAC,CAAC,CAAC;SACN;;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;;AAG7D,QAAA,MAAM,QAAQ,GAAG,aAAa,GAAG,eAAe,GAAG,GAAG,CAAC;AACvD,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,GAAG,eAAe,CAAC,CAAC;AAC5D,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;;AAGrD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AAC1B,YAAA,MAAM,CAAC,SAAS,GAAG,UAAU,CAAC;AAC9B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;aAAM,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE;AAChE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;AAC1B,YAAA,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;SAC7B;AAAM,aAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACjC,YAAA,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;AAC5B,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;aAAM;AACH,YAAA,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;AACzB,YAAA,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;SAC9B;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;AACrD,YAAA,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;SAClC;;AAGD,QAAA,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;SACrD;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAED;;AAEG;IACK,cAAc,CAAC,KAAa,EAAE,OAAe,EAAA;QACjD,IAAI,KAAK,GAAG,CAAC,CAAC;;AAGd,QAAA,MAAM,gBAAgB,GAAG;YACrB,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,aAAa;YACb,SAAS;YACT,QAAQ;YACR,SAAS;YACT,OAAO;YACP,SAAS;YACT,SAAS;YACT,OAAO;SACV,CAAC;QAEF,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,KAChD,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CACtC,CAAC;QAEF,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,KAAK,KAAI;YAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,EAAE;AACT,gBAAA,IAAI,YAAY,GAAG,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;;gBAGxC,IAAI,iBAAiB,EAAE;AACnB,oBAAA,YAAY,IAAI,GAAG,CAAC;iBACvB;;AAGD,gBAAA,IAAI,KAAK,KAAK,CAAC,IAAI,iBAAiB,EAAE;;AAElC,oBAAA,YAAY,IAAI,GAAG,CAAC;iBACvB;gBAED,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,EAAE;;AAE5B,oBAAA,IACI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;AACxB,wBAAA,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EACjC;wBACE,YAAY,IAAI,GAAG,CAAC;qBACvB;iBACJ;gBAED,KAAK,IAAI,YAAY,CAAC;aACzB;AACL,SAAC,CAAC,CAAC;AAEH,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,wBAAwB,CAAC,KAAa,EAAA;QAC1C,IAAI,eAAe,GAAG,CAAC,CAAC;;QAGxB,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACtD,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AACzC,YAAA,eAAe,IAAI,GAAG,CAAC;SAC1B;;AAGD,QAAA,MAAM,kBAAkB,GAAG;AACvB,YAAA,4BAA4B;AAC5B,YAAA,0BAA0B;AAC1B,YAAA,wBAAwB;AACxB,YAAA,0BAA0B;SAC7B,CAAC;AAEF,QAAA,kBAAkB,CAAC,OAAO,CAAC,CAAC,OAAO,KAAI;AACnC,YAAA,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;gBACrB,eAAe,IAAI,IAAI,CAAC;aAC3B;AACL,SAAC,CAAC,CAAC;;AAGH,QAAA,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE;YACzC,eAAe,IAAI,GAAG,CAAC;SAC1B;;AAGD,QAAA,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC;AACtD,QAAA,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC;AACtD,QAAA,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC,EAAE;YAClD,eAAe,IAAI,GAAG,CAAC;SAC1B;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;KACzC;AAED;;AAEG;AACH,IAAA,aAAa,CAAC,KAAa,EAAA;AACvB,QAAA,IAAI,CAAC,KAAK;AAAE,YAAA,OAAO,KAAK,CAAC;QAEzB,IAAI,SAAS,GAAG,KAAK,CAAC;;QAGtB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;;QAGlD,MAAM,gBAAgB,GAAG,yCAAyC,CAAC;QACnE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;;QAGxD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;;QAGjD,SAAS,GAAG,SAAS,CAAC,OAAO,CACzB,+DAA+D,EAC/D,KAAK,CACR,CAAC;AAEF,QAAA,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;KAC3B;AAED;;AAEG;AACH,IAAA,mBAAmB,CACf,KAAa,EACb,gBAAA,GAA4B,KAAK,EAAA;QAEjC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAElC,QAAA,IAAI,MAAM,CAAC,WAAW,IAAI,gBAAgB,EAAE;AACxC,YAAA,MAAM,IAAI,KAAK,CACX,CAA+C,4CAAA,EAAA,CAC3C,MAAM,CAAC,UAAU,GAAG,GAAG,EACzB,OAAO,CAAC,CAAC,CAAC,CAAK,GAAA,CAAA;gBACb,CAAa,UAAA,EAAA,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,CAAA,CACxD,CAAC;SACL;AAED,QAAA,OAAO,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC;KACtC;AAED;;AAEG;IACH,wBAAwB,CACpB,KAAa,EACb,MAAa,EAAA;;QAGb,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,MAAM,UAAU,GAAU,EAAE,CAAC;QAE7B,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,KAAK,KAAI;AAC5B,YAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;gBAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClC,gBAAA,IAAI,MAAM,CAAC,WAAW,EAAE;AACpB,oBAAA,MAAM,IAAI,KAAK,CACX,aAAa,KAAK,CAAA,iCAAA,CAAmC,CACxD,CAAC;iBACL;AACD,gBAAA,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;aAC1C;iBAAM;AACH,gBAAA,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aAC1B;AACL,SAAC,CAAC,CAAC;QAEH,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;KAC5D;AAEO,IAAA,sBAAsB,CAAC,KAAa,EAAA;AACxC,QAAA,MAAM,KAAK,GAAG;YACV,qBAAqB;YACrB,qBAAqB;YACrB,wBAAwB;YACxB,qBAAqB;YACrB,sBAAsB;YACtB,qBAAqB;YACrB,8BAA8B;YAC9B,kBAAkB;YAClB,sBAAsB;YACtB,uBAAuB;YACvB,0BAA0B;YAC1B,oBAAoB;YACpB,uBAAuB;YACvB,uBAAuB;YACvB,sBAAsB;SACzB,CAAC;QACF,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAqB,kBAAA,EAAA,KAAK,EAAE,CAAC;KACvD;AAEO,IAAA,wBAAwB,CAAC,KAAa,EAAA;;AAE1C,QAAA,MAAM,OAAO,GAAG;AACZ,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;AACH,YAAA,GAAG;SACN,CAAC;AACF,QAAA,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC;KAChC;IAEO,UAAU,CAAC,KAAa,EAAE,MAAuB,EAAA;AACrD,QAAA,OAAO,CAAC,IAAI,CAAC,CAAA,+BAAA,CAAiC,EAAE;AAC5C,YAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,GAAG,KAAK,GAAG,EAAE,CAAC;YAClE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,gBAAgB;AACpC,SAAA,CAAC,CAAC;KACN;AAED;;AAEG;AACH,IAAA,YAAY,CAAC,SAAsC,EAAA;AAC/C,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;AAED;;AAEG;IACH,SAAS,GAAA;AACL,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}