/** * @fileoverview Secure Code Transformer * @module @nahisaho/musubix-security/remediation/secure-code-transformer * * Transforms insecure code patterns into secure alternatives using * AST-based transformations and secure coding patterns. */ import type { SourceLocation, Vulnerability } from '../types/index.js'; /** * Code transformation */ export interface CodeTransformation { /** Transformation ID */ id: string; /** Transformation name */ name: string; /** Category */ category: TransformationCategory; /** Pattern to match */ pattern: CodePattern; /** Replacement pattern */ replacement: ReplacementPattern; /** Description */ description: string; /** Risk level */ riskLevel: 'safe' | 'caution' | 'review-required'; /** Applicable languages */ languages: string[]; /** Required imports */ imports?: ImportSpec[]; } /** * Transformation category */ export type TransformationCategory = 'input-validation' | 'output-encoding' | 'authentication' | 'authorization' | 'cryptography' | 'data-protection' | 'error-handling' | 'logging' | 'session-management' | 'general'; /** * Code pattern */ export interface CodePattern { /** Pattern type */ type: 'regex' | 'ast' | 'function-call' | 'api-usage'; /** Pattern value */ value: string; /** Flags (for regex) */ flags?: string; /** Context requirements */ context?: PatternContext; } /** * Pattern context */ export interface PatternContext { /** Must be inside function */ insideFunction?: boolean; /** Must be inside class */ insideClass?: boolean; /** Must have specific imports */ hasImports?: string[]; /** File extension */ fileExtension?: string[]; } /** * Replacement pattern */ export interface ReplacementPattern { /** Replacement type */ type: 'template' | 'function' | 'snippet'; /** Template/snippet value */ value: string; /** Capture group mappings */ captures?: Record; /** Wrap existing code */ wrapExisting?: boolean; } /** * Import specification */ export interface ImportSpec { /** Module name */ module: string; /** Named imports */ named?: string[]; /** Default import */ default?: string; /** Is type import */ typeOnly?: boolean; } /** * Transformation result */ export interface TransformationResult { /** Whether transformation succeeded */ success: boolean; /** Original code */ originalCode: string; /** Transformed code */ transformedCode: string; /** Applied transformations */ transformationsApplied: AppliedTransformation[]; /** Warnings */ warnings: string[]; /** Errors */ errors: string[]; /** Required imports */ requiredImports: ImportSpec[]; } /** * Applied transformation */ export interface AppliedTransformation { /** Transformation ID */ transformationId: string; /** Location in code */ location: SourceLocation; /** Original code snippet */ original: string; /** Replacement code */ replacement: string; } /** * Transformer options */ export interface SecureCodeTransformerOptions { /** Custom transformations */ customTransformations?: CodeTransformation[]; /** Enable specific categories */ enabledCategories?: TransformationCategory[]; /** Target language */ language?: string; /** Preserve formatting */ preserveFormatting?: boolean; /** Dry run (preview only) */ dryRun?: boolean; } /** * Transform options */ export interface TransformOptions { /** Only apply specific transformations */ onlyTransformations?: string[]; /** Exclude transformations */ excludeTransformations?: string[]; /** Target specific vulnerabilities */ targetVulnerabilities?: Vulnerability[]; /** Max transformations */ maxTransformations?: number; } /** * Transforms insecure code patterns to secure alternatives * * @example * ```typescript * const transformer = createSecureCodeTransformer(); * const result = transformer.transform(code, { targetVulnerabilities: [...] }); * console.log(result.transformedCode); * ``` */ export declare class SecureCodeTransformer { private transformations; private options; constructor(options?: SecureCodeTransformerOptions); /** * Transform code using security patterns */ transform(code: string, options?: TransformOptions): TransformationResult; /** * Transform code for specific vulnerability */ transformForVulnerability(code: string, vulnerability: Vulnerability): TransformationResult; /** * Get available transformations */ getAvailableTransformations(): CodeTransformation[]; /** * Get transformations by category */ getTransformationsByCategory(category: TransformationCategory): CodeTransformation[]; /** * Add custom transformation */ addTransformation(transformation: CodeTransformation): void; /** * Remove transformation */ removeTransformation(id: string): boolean; /** * Preview transformation without applying */ preview(code: string, transformationId: string): { matches: Array<{ location: SourceLocation; original: string; preview: string; }>; wouldApply: boolean; }; /** * Validate code after transformation */ validateTransformation(_originalCode: string, transformedCode: string): { valid: boolean; issues: string[]; }; private getApplicableTransformations; private applyTransformation; private generateReplacement; private addImports; private mapVulnerabilityToCategory; } /** * Create a secure code transformer */ export declare function createSecureCodeTransformer(options?: SecureCodeTransformerOptions): SecureCodeTransformer; /** * Quick transform code */ export declare function quickTransform(code: string): TransformationResult; /** * Get all built-in transformations */ export declare function getBuiltInTransformations(): CodeTransformation[]; //# sourceMappingURL=secure-code-transformer.d.ts.map