typosquatting 0.1.0

data/lib/typosquatting/algorithms/replacement.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  module Algorithms
+    class Replacement < Base
+      KEYBOARD_ADJACENT = {
+        "q" => %w[w a s],
+        "w" => %w[q e a s d],
+        "e" => %w[w r s d f],
+        "r" => %w[e t d f g],
+        "t" => %w[r y f g h],
+        "y" => %w[t u g h j],
+        "u" => %w[y i h j k],
+        "i" => %w[u o j k l],
+        "o" => %w[i p k l],
+        "p" => %w[o l],
+        "a" => %w[q w s z],
+        "s" => %w[q w e a d z x],
+        "d" => %w[w e r s f x c],
+        "f" => %w[e r t d g c v],
+        "g" => %w[r t y f h v b],
+        "h" => %w[t y u g j b n],
+        "j" => %w[y u i h k n m],
+        "k" => %w[u i o j l m],
+        "l" => %w[i o p k],
+        "z" => %w[a s x],
+        "x" => %w[s d z c],
+        "c" => %w[d f x v],
+        "v" => %w[f g c b],
+        "b" => %w[g h v n],
+        "n" => %w[h j b m],
+        "m" => %w[j k n],
+        "1" => %w[2 q],
+        "2" => %w[1 3 q w],
+        "3" => %w[2 4 w e],
+        "4" => %w[3 5 e r],
+        "5" => %w[4 6 r t],
+        "6" => %w[5 7 t y],
+        "7" => %w[6 8 y u],
+        "8" => %w[7 9 u i],
+        "9" => %w[8 0 i o],
+        "0" => %w[9 o p]
+      }.freeze
+
+      def generate(package_name)
+        variants = []
+        package_name.each_char.with_index do |char, i|
+          adjacent = KEYBOARD_ADJACENT[char.downcase] || []
+          adjacent.each do |replacement|
+            replacement = replacement.upcase if char == char.upcase && char =~ /[a-z]/i
+            variant = package_name[0...i] + replacement + package_name[(i + 1)..]
+            variants << variant
+          end
+        end
+        variants.uniq
+      end
+    end
+  end
+end

data/lib/typosquatting/algorithms/transposition.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  module Algorithms
+    class Transposition < Base
+      def generate(package_name)
+        variants = []
+        (package_name.length - 1).times do |i|
+          chars = package_name.chars
+          chars[i], chars[i + 1] = chars[i + 1], chars[i]
+          variants << chars.join
+        end
+        variants.uniq
+      end
+    end
+  end
+end

data/lib/typosquatting/algorithms/vowel_swap.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  module Algorithms
+    class VowelSwap < Base
+      VOWELS = %w[a e i o u y].freeze
+
+      def generate(package_name)
+        variants = []
+
+        package_name.each_char.with_index do |char, i|
+          next unless VOWELS.include?(char.downcase)
+
+          VOWELS.each do |vowel|
+            next if vowel == char.downcase
+
+            replacement = char == char.upcase ? vowel.upcase : vowel
+            variant = package_name[0...i] + replacement + package_name[(i + 1)..]
+            variants << variant
+          end
+        end
+
+        variants.uniq
+      end
+    end
+  end
+end

data/lib/typosquatting/algorithms/word_order.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  module Algorithms
+    class WordOrder < Base
+      DELIMITERS = %w[- _ .].freeze
+
+      def generate(package_name)
+        variants = []
+
+        DELIMITERS.each do |delim|
+          parts = package_name.split(delim)
+          next if parts.length < 2
+
+          (0...parts.length).to_a.permutation.each do |perm|
+            reordered = perm.map { |i| parts[i] }.join(delim)
+            variants << reordered unless reordered == package_name
+          end
+        end
+
+        variants.uniq
+      end
+    end
+  end
+end

data/lib/typosquatting/cli.rb

@@ -0,0 +1,380 @@
+# frozen_string_literal: true
+
+require "optparse"
+require "json"
+
+module Typosquatting
+  class CLI
+    def self.run(args = ARGV)
+      new.run(args)
+    end
+
+    def run(args)
+      command = args.shift
+      case command
+      when "generate"
+        generate(args)
+      when "check"
+        check(args)
+      when "confusion"
+        confusion(args)
+      when "sbom"
+        sbom(args)
+      when "ecosystems"
+        ecosystems
+      when "algorithms"
+        algorithms
+      when "version", "-v", "--version"
+        version
+      when "help", "-h", "--help", nil
+        help
+      else
+        $stderr.puts "Unknown command: #{command}"
+        help
+        exit 1
+      end
+    end
+
+    def generate(args)
+      options = { format: "text", verbose: false }
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: typosquatting generate PACKAGE -e ECOSYSTEM [options]"
+        opts.on("-e", "--ecosystem ECOSYSTEM", "Package ecosystem (required)") { |v| options[:ecosystem] = v }
+        opts.on("-f", "--format FORMAT", "Output format (text, json, csv)") { |v| options[:format] = v }
+        opts.on("-v", "--verbose", "Show algorithm for each variant") { options[:verbose] = true }
+        opts.on("-a", "--algorithms LIST", "Comma-separated list of algorithms to use") { |v| options[:algorithms] = v }
+      end
+      parser.parse!(args)
+
+      package = args.shift
+      unless package && options[:ecosystem]
+        $stderr.puts "Error: Package name and ecosystem required"
+        $stderr.puts parser
+        exit 1
+      end
+
+      ecosystem = Ecosystems::Base.get(options[:ecosystem])
+      algorithms = select_algorithms(options[:algorithms])
+      generator = Generator.new(ecosystem: ecosystem, algorithms: algorithms)
+      variants = generator.generate(package)
+
+      output_variants(variants, options)
+    end
+
+    def check(args)
+      options = { format: "text", verbose: false, existing_only: false, dry_run: false }
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: typosquatting check PACKAGE -e ECOSYSTEM [options]"
+        opts.on("-e", "--ecosystem ECOSYSTEM", "Package ecosystem (required)") { |v| options[:ecosystem] = v }
+        opts.on("-f", "--format FORMAT", "Output format (text, json, csv)") { |v| options[:format] = v }
+        opts.on("-v", "--verbose", "Show algorithm and registry details") { options[:verbose] = true }
+        opts.on("-a", "--algorithms LIST", "Comma-separated list of algorithms to use") { |v| options[:algorithms] = v }
+        opts.on("--existing-only", "Only show packages that exist") { options[:existing_only] = true }
+        opts.on("--dry-run", "Show variants without making API calls") { options[:dry_run] = true }
+      end
+      parser.parse!(args)
+
+      package = args.shift
+      unless package && options[:ecosystem]
+        $stderr.puts "Error: Package name and ecosystem required"
+        $stderr.puts parser
+        exit 1
+      end
+
+      ecosystem = Ecosystems::Base.get(options[:ecosystem])
+      algorithms = select_algorithms(options[:algorithms])
+      generator = Generator.new(ecosystem: ecosystem, algorithms: algorithms)
+      variants = generator.generate(package)
+
+      if options[:dry_run]
+        puts "Would check #{variants.length} variants:"
+        variants.each { |v| puts "  #{v.name}" }
+        return
+      end
+
+      lookup = Lookup.new(ecosystem: ecosystem)
+      results = check_variants(variants, lookup)
+      results = results.select { |r| r[:result].exists? } if options[:existing_only]
+
+      output_check_results(results, options)
+    end
+
+    def confusion(args)
+      options = { format: "text" }
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: typosquatting confusion PACKAGE -e ECOSYSTEM [options]"
+        opts.on("-e", "--ecosystem ECOSYSTEM", "Package ecosystem (required)") { |v| options[:ecosystem] = v }
+        opts.on("-f", "--format FORMAT", "Output format (text, json)") { |v| options[:format] = v }
+        opts.on("--file FILE", "Read package names from file") { |v| options[:file] = v }
+      end
+      parser.parse!(args)
+
+      unless options[:ecosystem]
+        $stderr.puts "Error: Ecosystem required"
+        $stderr.puts parser
+        exit 1
+      end
+
+      packages = if options[:file]
+                   File.readlines(options[:file]).map(&:strip).reject(&:empty?)
+                 else
+                   package = args.shift
+                   unless package
+                     $stderr.puts "Error: Package name or --file required"
+                     exit 1
+                   end
+                   [package]
+                 end
+
+      confusion_checker = Confusion.new(ecosystem: options[:ecosystem])
+      results = packages.map do |pkg|
+        $stderr.puts "Checking #{pkg}..." if packages.length > 1
+        confusion_checker.check(pkg)
+      end
+
+      output_confusion_results(results, options)
+    end
+
+    def sbom(args)
+      options = { format: "text", dry_run: false }
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: typosquatting sbom FILE [options]"
+        opts.on("-f", "--format FORMAT", "Output format (text, json)") { |v| options[:format] = v }
+        opts.on("--dry-run", "Show packages without making API calls") { options[:dry_run] = true }
+      end
+      parser.parse!(args)
+
+      file = args.shift
+      unless file
+        $stderr.puts "Error: SBOM file required"
+        $stderr.puts parser
+        exit 1
+      end
+
+      unless File.exist?(file)
+        $stderr.puts "Error: File not found: #{file}"
+        exit 1
+      end
+
+      checker = SBOMChecker.new(file)
+
+      if options[:dry_run]
+        puts "Packages in SBOM:"
+        checker.sbom.packages.each do |pkg|
+          purl = checker.extract_purl(pkg)
+          puts "  #{pkg[:name]} (#{purl || "no purl"})"
+        end
+        puts ""
+        puts "#{checker.sbom.packages.length} packages found"
+        return
+      end
+
+      results = checker.check
+
+      output_sbom_results(results, options)
+    end
+
+    def ecosystems
+      puts "Supported ecosystems:"
+      puts ""
+      puts "  pypi      - Python Package Index"
+      puts "  npm       - Node Package Manager"
+      puts "  gem       - RubyGems"
+      puts "  cargo     - Rust packages"
+      puts "  golang    - Go modules"
+      puts "  maven     - Java/JVM packages"
+      puts "  nuget     - .NET packages"
+      puts "  composer  - PHP packages"
+      puts "  hex       - Erlang/Elixir packages"
+      puts "  pub       - Dart packages"
+    end
+
+    def algorithms
+      puts "Typosquatting algorithms:"
+      puts ""
+      Algorithms::Base.all.each do |algo|
+        puts "  #{algo.name}"
+      end
+    end
+
+    def version
+      puts "typosquatting #{VERSION}"
+    end
+
+    def help
+      puts "typosquatting - Detect potential typosquatting packages"
+      puts ""
+      puts "Usage: typosquatting COMMAND [options]"
+      puts ""
+      puts "Commands:"
+      puts "  generate PACKAGE -e ECOSYSTEM    Generate typosquat variants"
+      puts "  check PACKAGE -e ECOSYSTEM       Check which variants exist"
+      puts "  confusion PACKAGE -e ECOSYSTEM   Check for dependency confusion"
+      puts "  sbom FILE                        Check SBOM for potential typosquats"
+      puts "  ecosystems                       List supported ecosystems"
+      puts "  algorithms                       List typosquatting algorithms"
+      puts "  version                          Show version"
+      puts "  help                             Show this help"
+      puts ""
+      puts "Examples:"
+      puts "  typosquatting generate requests -e pypi"
+      puts "  typosquatting check requests -e pypi --existing-only"
+      puts "  typosquatting confusion my-package -e maven"
+      puts "  typosquatting sbom bom.json"
+    end
+
+    def output_variants(variants, options)
+      case options[:format]
+      when "json"
+        data = variants.map { |v| options[:verbose] ? v.to_h : v.name }
+        puts JSON.pretty_generate(data)
+      when "csv"
+        if options[:verbose]
+          puts "name,algorithm"
+          variants.each { |v| puts "#{v.name},#{v.algorithm}" }
+        else
+          variants.each { |v| puts v.name }
+        end
+      else
+        if options[:verbose]
+          variants.each { |v| puts "#{v.name} (#{v.algorithm})" }
+        else
+          variants.each { |v| puts v.name }
+        end
+      end
+
+      $stderr.puts ""
+      $stderr.puts "Generated #{variants.length} variants"
+    end
+
+    def output_check_results(results, options)
+      case options[:format]
+      when "json"
+        data = results.map do |r|
+          {
+            name: r[:variant].name,
+            algorithm: r[:variant].algorithm,
+            exists: r[:result].exists?,
+            registries: r[:result].registries
+          }
+        end
+        puts JSON.pretty_generate(data)
+      when "csv"
+        puts "name,algorithm,exists,registries"
+        results.each do |r|
+          puts "#{r[:variant].name},#{r[:variant].algorithm},#{r[:result].exists?},\"#{r[:result].registries.join("; ")}\""
+        end
+      else
+        results.each do |r|
+          status = r[:result].exists? ? "EXISTS" : "available"
+          if options[:verbose]
+            puts "#{r[:variant].name} (#{r[:variant].algorithm}) - #{status}"
+            puts "  registries: #{r[:result].registries.join(", ")}" if r[:result].exists?
+          else
+            puts "#{r[:variant].name} - #{status}"
+          end
+        end
+
+        puts ""
+        existing = results.count { |r| r[:result].exists? }
+        puts "Checked #{results.length} variants, #{existing} exist"
+      end
+    end
+
+    def output_confusion_results(results, options)
+      case options[:format]
+      when "json"
+        data = results.map(&:to_h)
+        puts JSON.pretty_generate(data)
+      else
+        results.each do |result|
+          puts ""
+          puts "Package: #{result.name}"
+          puts "PURL: #{result.purl}"
+
+          if result.registry_status.empty?
+            puts "  No registries found for this ecosystem"
+          else
+            result.registry_status.each do |registry, exists|
+              status = exists ? "EXISTS" : "available"
+              puts "  #{registry}: #{status}"
+            end
+          end
+
+          if result.confusion_risk?
+            puts ""
+            puts "WARNING: Dependency confusion risk detected!"
+            puts "Package exists on: #{result.present_registries.join(", ")}"
+            puts "Package missing from: #{result.absent_registries.join(", ")}"
+          elsif result.exists_anywhere
+            puts ""
+            puts "Package exists on all registries"
+          else
+            puts ""
+            puts "Package does not exist on any registry"
+          end
+        end
+      end
+    end
+
+    def check_variants(variants, lookup)
+      $stderr.puts "Checking #{variants.length} variants..." if $stderr.tty?
+
+      names = variants.map(&:name)
+      api_results = lookup.check_many(names, concurrency: 10)
+
+      variants.zip(api_results).map do |variant, result|
+        { variant: variant, result: result }
+      end
+    end
+
+    def select_algorithms(algorithm_list)
+      return nil unless algorithm_list
+
+      names = algorithm_list.split(",").map(&:strip)
+      all_algorithms = Algorithms::Base.all
+      selected = []
+
+      names.each do |name|
+        algo = all_algorithms.find { |a| a.name == name }
+        if algo
+          selected << algo
+        else
+          $stderr.puts "Warning: Unknown algorithm '#{name}', skipping"
+        end
+      end
+
+      selected.empty? ? nil : selected
+    end
+
+    def output_sbom_results(results, options)
+      case options[:format]
+      when "json"
+        data = results.map(&:to_h)
+        puts JSON.pretty_generate(data)
+      else
+        if results.empty?
+          puts "No potential typosquats found in SBOM"
+          return
+        end
+
+        puts "Potential typosquats found:"
+        puts ""
+
+        results.each do |result|
+          puts "#{result.name} (#{result.ecosystem})"
+          puts "  Version: #{result.version}" if result.version
+          puts "  PURL: #{result.purl}"
+          puts "  Similar to existing packages:"
+          result.suspicions.each do |s|
+            puts "    - #{s.name} (#{s.algorithm})"
+            puts "      registries: #{s.registries.join(", ")}" unless s.registries.empty?
+          end
+          puts ""
+        end
+
+        puts "Found #{results.length} suspicious package(s)"
+      end
+    end
+  end
+end

data/lib/typosquatting/confusion.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  class Confusion
+    attr_reader :ecosystem, :lookup
+
+    def initialize(ecosystem:)
+      @ecosystem = ecosystem.is_a?(String) ? Ecosystems::Base.get(ecosystem) : ecosystem
+      @lookup = Lookup.new(ecosystem: @ecosystem)
+    end
+
+    def check(package_name)
+      result = lookup.check(package_name)
+      all_registries = lookup.registries
+
+      registry_status = {}
+      all_registries.each do |registry|
+        registry_status[registry.name] = result.registries.include?(registry.name)
+      end
+
+      ConfusionResult.new(
+        name: package_name,
+        purl: result.purl,
+        registry_status: registry_status,
+        exists_anywhere: result.exists?,
+        packages: result.packages
+      )
+    end
+
+    def check_many(package_names)
+      package_names.map { |name| check(name) }
+    end
+
+    ConfusionResult = Struct.new(:name, :purl, :registry_status, :exists_anywhere, :packages, keyword_init: true) do
+      def confusion_risk?
+        return false unless exists_anywhere
+        return false if registry_status.empty?
+
+        present_count = registry_status.values.count(true)
+        absent_count = registry_status.values.count(false)
+
+        present_count > 0 && absent_count > 0
+      end
+
+      def present_registries
+        registry_status.select { |_, v| v }.keys
+      end
+
+      def absent_registries
+        registry_status.reject { |_, v| v }.keys
+      end
+
+      def registries
+        registry_status
+      end
+
+      def to_h
+        {
+          name: name,
+          purl: purl,
+          exists_anywhere: exists_anywhere,
+          confusion_risk: confusion_risk?,
+          registries: registry_status,
+          present_registries: present_registries,
+          absent_registries: absent_registries
+        }
+      end
+    end
+  end
+end

data/lib/typosquatting/ecosystems/base.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  module Ecosystems
+    class Base
+      attr_reader :name, :purl_type
+
+      def initialize
+        @name = self.class.name.split("::").last.downcase
+        @purl_type = @name
+      end
+
+      def valid_name?(name)
+        return false if name.nil? || name.empty?
+
+        !!(name =~ name_pattern)
+      end
+
+      def normalise(name)
+        name
+      end
+
+      def name_pattern
+        raise NotImplementedError, "Subclasses must implement #name_pattern"
+      end
+
+      def allowed_characters
+        raise NotImplementedError, "Subclasses must implement #allowed_characters"
+      end
+
+      def allowed_delimiters
+        []
+      end
+
+      def case_sensitive?
+        true
+      end
+
+      def supports_namespaces?
+        false
+      end
+
+      def parse_namespace(name)
+        [nil, name]
+      end
+
+      def self.get(ecosystem)
+        registry[ecosystem.to_s.downcase] || raise(ArgumentError, "Unknown ecosystem: #{ecosystem}")
+      end
+
+      def self.all
+        registry.values
+      end
+
+      def self.register(ecosystem)
+        registry[ecosystem.purl_type] = ecosystem
+        registry[ecosystem.name] = ecosystem if ecosystem.name != ecosystem.purl_type
+      end
+
+      def self.registry
+        @registry ||= {}
+      end
+    end
+  end
+end

data/lib/typosquatting/ecosystems/cargo.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Typosquatting
+  module Ecosystems
+    class Cargo < Base
+      def initialize
+        super
+        @purl_type = "cargo"
+      end
+
+      def name_pattern
+        /\A[a-zA-Z][a-zA-Z0-9_-]*\z/
+      end
+
+      def allowed_characters
+        /[a-zA-Z0-9_-]/
+      end
+
+      def allowed_delimiters
+        %w[- _]
+      end
+
+      def case_sensitive?
+        false
+      end
+
+      def normalise(name)
+        name.downcase.tr("_", "-")
+      end
+
+      def equivalent?(name1, name2)
+        normalise(name1) == normalise(name2)
+      end
+
+      def valid_name?(name)
+        return false if name.nil? || name.empty?
+        return false if name.length > 64
+
+        !!(name =~ name_pattern)
+      end
+    end
+
+    Base.register(Cargo.new)
+  end
+end