@clear-capabilities/agentic-security-scanner 0.74.0

package/src/sast/webhook.js

@@ -0,0 +1,101 @@
+// Webhook signature verification audit.
+//
+// Every major webhook provider (Stripe, GitHub, Clerk, Svix, Resend, Twilio)
+// requires callers to verify the request signature before processing the
+// payload. Skipping verification means anyone who discovers your webhook URL
+// can trigger real business logic (fake payments, fake user events, fake
+// deploys) with zero authentication.
+//
+// F1 safety: rules fire only when ALL of:
+//   1. The file path or a route string contains "webhook" or provider name
+//   2. The file reads req.body or payload from request
+//   3. NO recognised verification call is present in the file
+//
+// Benchmark apps (NodeGoat, Juice Shop) predate webhook patterns; this rule
+// produces no findings on them.
+
+const _SCAN_EXT_RE = /\.(?:js|jsx|ts|tsx|mjs|cjs)$/i;
+const _NONPROD_RE = /(?:^|\/)(?:tests?|__tests__|spec|fixtures?|examples?|node_modules)\//i;
+
+// File-path signals: the file is a webhook handler
+const WEBHOOK_FILE_RE = /(?:^|\/)(?:webhook|webhooks|wh|hook|hooks)[\w.-]*\.[cm]?[jt]sx?$/i;
+// Route string signals within file content
+const WEBHOOK_ROUTE_RE = /(?:router|app|server)\s*\.\s*(?:post|all)\s*\(\s*['"`][^'"`]*webhook[^'"`]*['"`]/i;
+// Next.js route file in a webhook directory/segment
+const NEXT_WEBHOOK_RE = /(?:^|\/)(?:app|pages)\/(?:api\/)?[^/]*webhook[^/]*\/(?:route|index)\.[cm]?[jt]sx?$/i;
+
+// Provider-specific verification calls
+const STRIPE_VERIFY_RE = /(?:stripe|Stripe)\s*\.\s*webhooks?\s*\.\s*constructEvent/;
+const GITHUB_VERIFY_RE = /(?:X-Hub-Signature|x-hub-signature|createHmac|timingSafeEqual)[^;]{0,200}(?:sha256|sha1)/i;
+const SVIX_VERIFY_RE = /(?:new\s+Webhook|wh\.verify|Svix|svix)/;
+const CLERK_VERIFY_RE = /(?:verifyWebhook|clerkClient\.verifyToken|Webhook\s*\()/;
+const RESEND_VERIFY_RE = /(?:Resend\.verifyWebhookSignature|resend\.webhooks\.verify)/i;
+const TWILIO_VERIFY_RE = /(?:twilio\.validateRequest|validateExpressRequest|validateWebhook)/i;
+const GENERIC_SIG_VERIFY_RE = /(?:signature|sig)\s*[!=]{2,3}|timingSafeEqual|hmac\.digest|verifySignature|validateSignature|webhookSecret|WEBHOOK_SECRET/i;
+
+// Request body consumed (confirms it's a handler, not a type def)
+const BODY_READ_RE = /(?:req|request)\s*\.\s*(?:body|rawBody|text\(\)|json\(\))|await\s+(?:req|request)\.(?:text|json)\s*\(/;
+
+function _isVerified(content) {
+  return STRIPE_VERIFY_RE.test(content) ||
+    GITHUB_VERIFY_RE.test(content) ||
+    SVIX_VERIFY_RE.test(content) ||
+    CLERK_VERIFY_RE.test(content) ||
+    RESEND_VERIFY_RE.test(content) ||
+    TWILIO_VERIFY_RE.test(content) ||
+    GENERIC_SIG_VERIFY_RE.test(content);
+}
+
+function scanWebhook(file, content) {
+  if (!_SCAN_EXT_RE.test(file)) return [];
+  if (_NONPROD_RE.test(file)) return [];
+
+  // Gate 1: is this actually a webhook handler file?
+  const isWebhookFile = WEBHOOK_FILE_RE.test(file) || NEXT_WEBHOOK_RE.test(file);
+  const hasWebhookRoute = WEBHOOK_ROUTE_RE.test(content);
+  if (!isWebhookFile && !hasWebhookRoute) return [];
+
+  // Gate 2: does it read the request body (confirms it's a handler, not a util)?
+  if (!BODY_READ_RE.test(content)) return [];
+
+  // Gate 3: no verification present → finding
+  if (_isVerified(content)) return [];
+
+  // Detect which provider(s) are referenced to give a precise title
+  const providers = [];
+  if (/stripe/i.test(content)) providers.push('Stripe');
+  if (/github/i.test(content)) providers.push('GitHub');
+  if (/svix/i.test(content)) providers.push('Svix');
+  if (/clerk/i.test(content)) providers.push('Clerk');
+  if (/resend/i.test(content)) providers.push('Resend');
+  if (/twilio/i.test(content)) providers.push('Twilio');
+  const providerStr = providers.length ? providers.join('/') + ' ' : '';
+
+  // Find the line of the first body read or route definition
+  const lines = content.split('\n');
+  const triggerLine = lines.findIndex(l => BODY_READ_RE.test(l) || WEBHOOK_ROUTE_RE.test(l));
+  const lineNum = triggerLine >= 0 ? triggerLine + 1 : 1;
+
+  const providerRemediations = {
+    'Stripe': 'const event = stripe.webhooks.constructEvent(rawBody, req.headers[\'stripe-signature\'], process.env.STRIPE_WEBHOOK_SECRET);',
+    'GitHub': 'Use crypto.timingSafeEqual to compare HMAC-SHA256 of the raw body against the X-Hub-Signature-256 header.',
+    'Svix': 'const wh = new Webhook(process.env.WEBHOOK_SECRET); wh.verify(payload, headers);',
+    'Clerk': 'const evt = await clerkClient.verifyWebhook(req);',
+  };
+  const fixSnippet = providers.length
+    ? providerRemediations[providers[0]] || 'Verify the provider-specific HMAC signature before processing the payload.'
+    : 'Verify the HMAC signature from the webhook provider before processing any payload data.';
+
+  return [{
+    id: `webhook:MISSING_SIGNATURE_VERIFY:${file}:${lineNum}`,
+    title: `${providerStr}Webhook handler missing signature verification`,
+    severity: 'high',
+    file, line: lineNum,
+    vuln: 'Webhook — Missing Signature Verification',
+    description: `This webhook handler reads the request body without verifying the ${providerStr}signature header. Anyone who discovers the endpoint URL can POST arbitrary payloads and trigger real business logic — fake Stripe payments marked as successful, fake GitHub events triggering deploys, fake user creation events.`,
+    remediation: fixSnippet + '\n\nIMPORTANT: you must pass the raw (un-parsed) request body to the signature verifier, not the parsed JSON object.',
+    cwe: 'CWE-345',
+  }];
+}
+
+export { scanWebhook };

package/src/sast/xpath-injection.js

@@ -0,0 +1,51 @@
+import { blankComments } from './_comment-strip.js';
+// XPath injection.
+//
+// Same shape as LDAP injection — string concatenation into a query language
+// that has its own operators. We catch concatenation patterns into:
+//   - javax.xml.xpath / org.jaxen / org.dom4j  (Java)
+//   - lxml.etree / xml.etree                   (Python)
+//   - xpath npm pkg                            (Node)
+
+const PATTERNS = {
+  java: /\.\s*(?:compile|evaluate)\s*\(\s*"[^"]*"\s*\+\s*\w+/g,
+  py:   /\.\s*(?:xpath|find|findall)\s*\(\s*["'][^"']*["']\s*[%+]\s*\w+|\.\s*xpath\s*\(\s*f["']/g,
+  js:   /\b(?:xpath|select)\s*\(\s*[`"][^`"]*[`"]\s*\+\s*\w+|\bxpath\.select\s*\(\s*`[^`]*\$\{/g,
+};
+
+function lineOf(raw, idx) { return raw.substring(0, idx).split('\n').length; }
+
+export function scanXPathInjection(fp, raw) {
+  if (!raw || raw.length > 500_000) return [];
+  let lang;
+  if (/\.(?:js|jsx|ts|tsx|mjs|cjs)$/i.test(fp)) lang = 'js';
+  else if (/\.java$/i.test(fp)) lang = 'java';
+  else if (/\.py$/i.test(fp)) lang = 'py';
+  else return [];
+
+  const code = blankComments(raw, lang === 'py' ? 'py' : undefined);
+  if (!/\bxpath|XPath|\.xpath\(/i.test(code)) return [];
+  const re = new RegExp(PATTERNS[lang].source, PATTERNS[lang].flags);
+  const findings = [];
+  const seen = new Set();
+  let m;
+  while ((m = re.exec(code))) {
+    const line = lineOf(raw, m.index);
+    const id = `xpath-injection:${fp}:${line}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    findings.push({
+      id,
+      file: fp, line,
+      vuln: 'XPath Injection: query built via string concatenation',
+      severity: 'high',
+      cwe: 'CWE-643',
+      stride: 'Tampering',
+      snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+      remediation: 'Use a parameterized XPath API. Java: `XPathExpression.evaluate(doc, XPathConstants.NODESET)` with `xpath.setXPathVariableResolver(...)`. Python lxml: `tree.xpath("//user[name=$n]", n=name)`. JavaScript: pass values as variables to an evaluator that supports binding, never via concatenation.',
+      parser: 'XPATH-INJECTION',
+      confidence: 0.85,
+    });
+  }
+  return findings;
+}

package/src/sast/xxe.js

@@ -0,0 +1,140 @@
+// XML External Entity (XXE) detection for Java and Python.
+// Node.js xml2js/libxmljs/sax is already covered in engine.js SINK_PATTERNS.
+//
+// Java vulnerable APIs:
+//   - DocumentBuilderFactory.newInstance()      (CWE-611)
+//   - SAXParserFactory.newInstance()
+//   - XMLInputFactory.newInstance()              (StAX)
+//   - SAXBuilder()                                (JDOM)
+//   - SchemaFactory.newInstance()
+//   - TransformerFactory.newInstance()
+//   - XMLReaderFactory.createXMLReader()
+//
+// Java-safe configurations (any one suppresses the finding for the file):
+//   - setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)
+//   - setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true)
+//   - setExpandEntityReferences(false)
+//   - setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false)
+//   - setXIncludeAware(false) + setExpandEntityReferences(false)
+//
+// Python vulnerable APIs:
+//   - lxml.etree.parse / fromstring                (CVE class — XXE possible)
+//   - xml.etree.ElementTree.parse / fromstring     (older Python; modern is safer
+//                                                   but defusedxml is the canonical fix)
+//   - xml.sax.parse / parseString / make_parser
+//   - xml.dom.minidom.parse / parseString
+//   - xml.dom.pulldom.parse / parseString
+//
+// Python-safe configurations:
+//   - `from defusedxml` import anywhere in the file
+//   - `import defusedxml`
+//   - For lxml: parser with `resolve_entities=False, no_network=True`
+
+const JAVA_VULN_PATTERNS = [
+  { name: 'DocumentBuilderFactory', re: /\bDocumentBuilderFactory\s*\.\s*newInstance\s*\(\s*\)/g },
+  { name: 'SAXParserFactory',       re: /\bSAXParserFactory\s*\.\s*newInstance\s*\(\s*\)/g },
+  { name: 'XMLInputFactory',        re: /\bXMLInputFactory\s*\.\s*newInstance\s*\(\s*\)/g },
+  { name: 'SAXBuilder',             re: /\bnew\s+SAXBuilder\s*\(\s*\)/g },
+  { name: 'SchemaFactory',          re: /\bSchemaFactory\s*\.\s*newInstance\s*\(/g },
+  { name: 'TransformerFactory',     re: /\bTransformerFactory\s*\.\s*newInstance\s*\(\s*\)/g },
+  { name: 'XMLReaderFactory',       re: /\bXMLReaderFactory\s*\.\s*createXMLReader\s*\(/g },
+];
+
+const JAVA_SAFE_RES = [
+  /setFeature\s*\(\s*["']http:\/\/apache\.org\/xml\/features\/disallow-doctype-decl["']\s*,\s*true\s*\)/,
+  /setFeature\s*\(\s*XMLConstants\.FEATURE_SECURE_PROCESSING\s*,\s*true\s*\)/,
+  /setExpandEntityReferences\s*\(\s*false\s*\)/,
+  /XMLInputFactory\.IS_SUPPORTING_EXTERNAL_ENTITIES\s*,\s*false/,
+  /setFeature\s*\(\s*["']http:\/\/xml\.org\/sax\/features\/external-general-entities["']\s*,\s*false\s*\)/,
+  /setFeature\s*\(\s*["']http:\/\/xml\.org\/sax\/features\/external-parameter-entities["']\s*,\s*false\s*\)/,
+];
+
+const PYTHON_VULN_PATTERNS = [
+  { name: 'lxml.etree.parse',    re: /\blxml\.etree\.(?:parse|fromstring|XMLParser)\s*\(/g },
+  { name: 'lxml.etree (aliased)', re: /\b(?:from\s+lxml\s+import\s+etree\b[\s\S]{0,200}?\b)?etree\s*\.\s*(?:parse|fromstring|XMLParser)\s*\(/g },
+  { name: 'xml.etree.ElementTree', re: /\b(?:xml\.etree\.ElementTree|ET)\s*\.\s*(?:parse|fromstring|XMLParser)\s*\(/g },
+  { name: 'xml.sax',             re: /\bxml\.sax\s*\.\s*(?:parse|parseString|make_parser)\s*\(/g },
+  { name: 'xml.dom.minidom',     re: /\bxml\.dom\.minidom\s*\.\s*(?:parse|parseString)\s*\(/g },
+  { name: 'xml.dom.pulldom',     re: /\bxml\.dom\.pulldom\s*\.\s*(?:parse|parseString)\s*\(/g },
+  { name: 'minidom (aliased)',   re: /\bminidom\s*\.\s*(?:parse|parseString)\s*\(/g },
+];
+
+const PYTHON_DEFUSED_RE = /(?:^|\n)\s*(?:from\s+defusedxml\b|import\s+defusedxml\b)/;
+// lxml-specific: XMLParser(resolve_entities=False, no_network=True) is the
+// upstream-recommended safe shape.
+const PYTHON_LXML_SAFE_RE = /XMLParser\s*\([^)]*\bresolve_entities\s*=\s*False\b[^)]*\)/;
+
+import { blankComments } from './_comment-strip.js';
+
+function _stripLineComment(s, lang) {
+  if (lang === 'java') return blankComments(s);
+  if (lang === 'py') return blankComments(s, 'py');
+  return s;
+}
+
+function _lineOf(raw, idx) {
+  return raw.substring(0, idx).split('\n').length;
+}
+
+export function scanXXE(fp, raw) {
+  if (!raw || raw.length > 500_000) return [];
+  const findings = [];
+
+  if (/\.java$/i.test(fp)) {
+    const code = _stripLineComment(raw, 'java');
+    // If ANY known-safe configuration appears in the file, suppress all Java XXE
+    // findings in that file. This is intentionally generous — false negatives
+    // here are preferable to flagging code that's already hardened.
+    const fileSafe = JAVA_SAFE_RES.some(r => r.test(code));
+    if (fileSafe) return [];
+    for (const p of JAVA_VULN_PATTERNS) {
+      const re = new RegExp(p.re.source, p.re.flags);
+      let m;
+      while ((m = re.exec(code))) {
+        const line = _lineOf(raw, m.index);
+        findings.push({
+          id: `xxe:${fp}:${line}:${p.name}`,
+          file: fp, line,
+          vuln: `XXE: ${p.name} created without external-entity protections`,
+          severity: 'high',
+          cwe: 'CWE-611',
+          stride: 'Information Disclosure',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: `Disable external entities before using the parser. For ${p.name} call setFeature("http://apache.org/xml/features/disallow-doctype-decl", true) and setExpandEntityReferences(false), or use XMLConstants.FEATURE_SECURE_PROCESSING. Prefer DTDs to be rejected at parse time.`,
+          confidence: 0.85,
+          parser: 'XXE',
+        });
+      }
+    }
+    return findings;
+  }
+
+  if (/\.py$/i.test(fp)) {
+    const code = _stripLineComment(raw, 'py');
+    if (PYTHON_DEFUSED_RE.test(code)) return [];
+    for (const p of PYTHON_VULN_PATTERNS) {
+      const re = new RegExp(p.re.source, p.re.flags);
+      let m;
+      while ((m = re.exec(code))) {
+        // lxml-only safe shape: caller passed an XMLParser with resolve_entities=False
+        if (/lxml/i.test(p.name) && PYTHON_LXML_SAFE_RE.test(code)) continue;
+        const line = _lineOf(raw, m.index);
+        findings.push({
+          id: `xxe:${fp}:${line}:${p.name}`,
+          file: fp, line,
+          vuln: `XXE: ${p.name} parses XML without external-entity protections`,
+          severity: 'high',
+          cwe: 'CWE-611',
+          stride: 'Information Disclosure',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: 'Use defusedxml instead: `from defusedxml import ElementTree as ET` (drop-in replacement). For lxml, pass an XMLParser with resolve_entities=False, no_network=True.',
+          confidence: 0.85,
+          parser: 'XXE',
+        });
+      }
+    }
+    return findings;
+  }
+
+  return [];
+}

package/src/sast/zip-slip.js

@@ -0,0 +1,200 @@
+// Zip slip / archive path traversal detection. CWE-22 via archive extraction.
+//
+// Java vulnerable patterns:
+//   - ZipEntry.getName() concatenated into a File / Files.write path
+//   - new File(outDir, entry.getName())  without subsequent canonical-prefix check
+//
+// Python vulnerable patterns:
+//   - tarfile.open(...).extractall()      pre-3.12 default behaviour (CVE-2007-4559)
+//   - tarfile member.name joined to output path
+//   - zipfile.extract(...) / extractall() without path normalization
+//
+// Node.js vulnerable patterns:
+//   - unzipper / yauzl entry.path written to disk without sanitization
+//   - tar package: tar.extract({cwd, ...}) with cwd inside writable area
+//
+// Safe shapes (suppress the finding for the file):
+//   Java:    canonicalPath check, .normalize() then startsWith(outDir.toPath())
+//   Python:  shutil._extract_member with explicit filter; tarfile filter='data'
+//   Node:    sanitize-filename, path.resolve + startsWith check
+
+const JAVA_ZIP_ENTRY_NAME_RE = /\b(?:ZipEntry|TarArchiveEntry|ArchiveEntry|entry)\s*\.\s*getName\s*\(\s*\)/g;
+const JAVA_NEW_FILE_WITH_ENTRY_RE = /\bnew\s+File\s*\([^)]*\b(?:entry|zipEntry|tarEntry|archiveEntry)\s*\.\s*getName\s*\(\s*\)/g;
+const JAVA_SAFE_CANONICAL_RE = /\b(?:getCanonicalPath|toRealPath|toAbsolutePath|normalize)\s*\(/;
+const JAVA_SAFE_STARTSWITH_RE = /\.\s*startsWith\s*\(\s*[a-zA-Z_$][\w$.]*(?:\.\s*(?:getCanonicalPath|toPath|toAbsolutePath))?\s*\(?/;
+
+const PY_TARFILE_EXTRACTALL_RE = /\btarfile\.[\w_]+\([^)]*\)\s*\.\s*extractall\s*\(/g;
+const PY_TARFILE_EXTRACTALL_SHORT_RE = /\b(?:tf|tar|archive|t)\s*\.\s*extractall\s*\(/g;
+const PY_TARFILE_FILTER_RE = /\bextractall\s*\([^)]*\bfilter\s*=\s*(?:["']data["']|tarfile\.data_filter)/;
+const PY_TARFILE_IMPORT_RE = /\bimport\s+tarfile\b|\bfrom\s+tarfile\b/;
+const PY_TARFILE_NAME_JOIN_RE = /\b(?:os\.path\.join|Path|os\.path\.normpath)\s*\([^)]*\b(?:member|m|entry|info)\s*\.\s*name\b/g;
+const PY_ZIPFILE_EXTRACT_RE = /\b(?:zipfile\.[\w_]+\([^)]*\)|zf|zip_file|archive)\s*\.\s*extract(?:all)?\s*\(/g;
+const PY_ZIPFILE_IMPORT_RE = /\bimport\s+zipfile\b|\bfrom\s+zipfile\b/;
+
+const NODE_UNZIPPER_ENTRY_RE = /\bentry\s*\.\s*path\b[\s\S]{0,80}?\b(?:fs\.|path\.|createWriteStream|writeFile|pipe\s*\(\s*fs\.)/g;
+const NODE_TAR_EXTRACT_RE = /\b(?:tar)\s*\.\s*(?:extract|x)\s*\(\s*\{[^}]*\bcwd\b/g;
+
+import { blankComments } from './_comment-strip.js';
+
+function _lineOf(raw, idx) { return raw.substring(0, idx).split('\n').length; }
+
+export function scanZipSlip(fp, raw) {
+  if (!raw || raw.length > 500_000) return [];
+  const findings = [];
+  const seen = new Set();
+  const push = (f) => { if (!seen.has(f.id)) { seen.add(f.id); findings.push(f); } };
+
+  if (/\.(?:java|kt|kts|scala|groovy)$/i.test(fp)) {
+    const code = blankComments(raw);
+    // File-wide suppression: canonical path + startsWith pair present
+    const hasCanonical = JAVA_SAFE_CANONICAL_RE.test(code) && JAVA_SAFE_STARTSWITH_RE.test(code);
+    if (!hasCanonical) {
+      const re = new RegExp(JAVA_NEW_FILE_WITH_ENTRY_RE.source, JAVA_NEW_FILE_WITH_ENTRY_RE.flags);
+      let m;
+      while ((m = re.exec(code))) {
+        const line = _lineOf(raw, m.index);
+        push({
+          id: `zip-slip:${fp}:${line}:java`,
+          file: fp, line,
+          vuln: 'Zip Slip: ZipEntry.getName() joined into output path without normalization',
+          severity: 'high',
+          cwe: 'CWE-22',
+          stride: 'Tampering',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: 'A zip entry name like `../../etc/passwd` lets an attacker write outside the extraction directory. Before any FileOutputStream / Files.write, canonicalize the joined path with `outFile.getCanonicalPath()` and verify `canonicalPath.startsWith(outDir.getCanonicalPath() + File.separator)`. Reject the entry on mismatch.',
+          confidence: 0.85,
+          parser: 'ZIP-SLIP',
+        });
+      }
+    }
+  }
+
+  if (/\.py$/i.test(fp)) {
+    const code = blankComments(raw, 'py');
+    const importsTarfile = PY_TARFILE_IMPORT_RE.test(code);
+    const importsZipfile = PY_ZIPFILE_IMPORT_RE.test(code);
+    // Per-call safe-shape check: extract the call's argument list and look for
+    // filter="data" / filter=tarfile.data_filter in the same call. File-level
+    // suppression was too aggressive — a safe function later in the file would
+    // hide an unsafe one earlier.
+    const _isFilteredExtract = (afterIdx) => {
+      let depth = 0;
+      let inS = null;
+      for (let i = afterIdx; i < code.length && i < afterIdx + 500; i++) {
+        const c = code[i];
+        if (inS) {
+          if (c === '\\') { i++; continue; }
+          if (c === inS) inS = null;
+          continue;
+        }
+        if (c === "'" || c === '"') { inS = c; continue; }
+        if (c === '(') depth++;
+        else if (c === ')') { depth--; if (depth === 0) {
+          const args = code.substring(afterIdx, i);
+          return /\bfilter\s*=\s*(?:["']data["']|tarfile\.data_filter)/.test(args);
+        } }
+      }
+      return false;
+    };
+    if (importsTarfile) {
+      const reA = new RegExp(PY_TARFILE_EXTRACTALL_RE.source, PY_TARFILE_EXTRACTALL_RE.flags);
+      let m;
+      while ((m = reA.exec(code))) {
+        const openParen = m.index + m[0].length - 1; // position of '('
+        if (_isFilteredExtract(openParen)) continue;
+        const line = _lineOf(raw, m.index);
+        push({
+          id: `zip-slip:${fp}:${line}:py-tarfile`,
+          file: fp, line,
+          vuln: 'Zip Slip: tarfile.extractall() without filter="data" (CVE-2007-4559)',
+          severity: 'high',
+          cwe: 'CWE-22',
+          stride: 'Tampering',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: 'Python 3.12+: pass `filter="data"` to extractall (or set TarFile.extraction_filter). For older Python: validate every member.name before extraction — reject paths containing `..`, absolute paths, or device files. The official guidance is in PEP 706.',
+          confidence: 0.9,
+          parser: 'ZIP-SLIP',
+        });
+      }
+      const reB = new RegExp(PY_TARFILE_EXTRACTALL_SHORT_RE.source, PY_TARFILE_EXTRACTALL_SHORT_RE.flags);
+      while ((m = reB.exec(code))) {
+        const openParen = m.index + m[0].length - 1;
+        if (_isFilteredExtract(openParen)) continue;
+        const line = _lineOf(raw, m.index);
+        push({
+          id: `zip-slip:${fp}:${line}:py-tarfile-bare`,
+          file: fp, line,
+          vuln: 'Zip Slip: tar.extractall() without filter="data" (CVE-2007-4559)',
+          severity: 'high',
+          cwe: 'CWE-22',
+          stride: 'Tampering',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: 'Python 3.12+: pass `filter="data"` to extractall. For older Python: validate every member.name (reject `..`, absolute paths, device files).',
+          confidence: 0.85,
+          parser: 'ZIP-SLIP',
+        });
+      }
+    }
+    if (importsTarfile) {
+      const reC = new RegExp(PY_TARFILE_NAME_JOIN_RE.source, PY_TARFILE_NAME_JOIN_RE.flags);
+      let m;
+      while ((m = reC.exec(code))) {
+        const line = _lineOf(raw, m.index);
+        push({
+          id: `zip-slip:${fp}:${line}:py-tarfile-join`,
+          file: fp, line,
+          vuln: 'Zip Slip: tar member.name joined into output path without validation',
+          severity: 'high',
+          cwe: 'CWE-22',
+          stride: 'Tampering',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: 'Reject `member.name` if it contains `..`, starts with `/`, or is a device/symlink. Or migrate to extractall(filter="data").',
+          confidence: 0.85,
+          parser: 'ZIP-SLIP',
+        });
+      }
+    }
+    if (importsZipfile) {
+      const re = new RegExp(PY_ZIPFILE_EXTRACT_RE.source, PY_ZIPFILE_EXTRACT_RE.flags);
+      let m;
+      while ((m = re.exec(code))) {
+        const line = _lineOf(raw, m.index);
+        push({
+          id: `zip-slip:${fp}:${line}:py-zipfile`,
+          file: fp, line,
+          vuln: 'Zip Slip: zipfile.extract / extractall without path validation',
+          severity: 'medium',
+          cwe: 'CWE-22',
+          stride: 'Tampering',
+          snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+          remediation: 'Python\'s ZipFile.extract sanitizes some absolute paths but still resolves `..` segments in many CPython versions. Validate every name explicitly, or restrict the writable directory and verify the final path stays inside it.',
+          confidence: 0.7,
+          parser: 'ZIP-SLIP',
+        });
+      }
+    }
+  }
+
+  if (/\.(?:js|jsx|ts|tsx|mjs|cjs)$/i.test(fp)) {
+    const code = blankComments(raw);
+    const re = new RegExp(NODE_UNZIPPER_ENTRY_RE.source, NODE_UNZIPPER_ENTRY_RE.flags);
+    let m;
+    while ((m = re.exec(code))) {
+      const line = _lineOf(raw, m.index);
+      push({
+        id: `zip-slip:${fp}:${line}:node-entry`,
+        file: fp, line,
+        vuln: 'Zip Slip: archive entry.path written to filesystem without sanitization',
+        severity: 'high',
+        cwe: 'CWE-22',
+        stride: 'Tampering',
+        snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+        remediation: 'Validate entry.path with `path.resolve(outDir, entry.path)` then assert `resolved.startsWith(outDir + path.sep)`. Reject entries where this is false.',
+        confidence: 0.7,
+        parser: 'ZIP-SLIP',
+      });
+    }
+  }
+
+  return findings;
+}

package/src/sca/base-images.json

@@ -0,0 +1,45 @@
+{
+  "_doc": "Known-vulnerable / EOL base images. Used by container.js to flag Dockerfile FROM lines using EOL distros.",
+  "_format": "image-name -> { tag-pattern: { sev, eol, message } }",
+
+  "alpine": {
+    "3.10":   { "sev": "high",   "eol": "2021-05-01", "message": "Alpine 3.10 reached end of life on 2021-05-01. No security patches since." },
+    "3.11":   { "sev": "high",   "eol": "2021-11-01", "message": "Alpine 3.11 reached EOL on 2021-11-01." },
+    "3.12":   { "sev": "high",   "eol": "2022-05-01", "message": "Alpine 3.12 reached EOL on 2022-05-01." },
+    "3.13":   { "sev": "high",   "eol": "2022-11-01", "message": "Alpine 3.13 reached EOL on 2022-11-01." },
+    "3.14":   { "sev": "high",   "eol": "2023-05-01", "message": "Alpine 3.14 reached EOL on 2023-05-01." },
+    "3.15":   { "sev": "medium", "eol": "2023-11-01", "message": "Alpine 3.15 reached EOL on 2023-11-01." },
+    "3.16":   { "sev": "medium", "eol": "2024-05-23", "message": "Alpine 3.16 reached EOL on 2024-05-23." },
+    "latest": { "sev": "low",    "eol": null,         "message": "alpine:latest is a floating tag — pin to a specific minor version (e.g. alpine:3.21) for reproducible builds." }
+  },
+  "debian": {
+    "9":        { "sev": "critical", "eol": "2022-06-30", "message": "Debian 9 (Stretch) reached EOL on 2022-06-30. No security updates." },
+    "stretch":  { "sev": "critical", "eol": "2022-06-30", "message": "Debian Stretch reached EOL on 2022-06-30. No security updates." },
+    "10":       { "sev": "high",     "eol": "2024-06-30", "message": "Debian 10 (Buster) reached EOL on 2024-06-30. No security updates." },
+    "buster":   { "sev": "high",     "eol": "2024-06-30", "message": "Debian Buster reached EOL on 2024-06-30. No security updates." },
+    "11":       { "sev": "low",      "eol": "2026-06-30", "message": "Debian 11 (Bullseye) reaches EOL on 2026-06-30. Plan migration to Bookworm." },
+    "bullseye": { "sev": "low",      "eol": "2026-06-30", "message": "Debian Bullseye reaches EOL on 2026-06-30." },
+    "latest":   { "sev": "low",      "eol": null,         "message": "debian:latest is a floating tag — pin to a release codename (e.g. debian:bookworm-slim)." }
+  },
+  "ubuntu": {
+    "16.04":  { "sev": "critical", "eol": "2021-04-30", "message": "Ubuntu 16.04 LTS reached EOL on 2021-04-30. No security updates." },
+    "18.04":  { "sev": "critical", "eol": "2023-05-31", "message": "Ubuntu 18.04 LTS reached EOL on 2023-05-31." },
+    "20.04":  { "sev": "low",      "eol": "2025-04-30", "message": "Ubuntu 20.04 LTS reaches standard support EOL on 2025-04-30." },
+    "latest": { "sev": "low",      "eol": null,         "message": "ubuntu:latest is a floating tag — pin to an LTS (e.g. ubuntu:22.04 or ubuntu:24.04)." }
+  },
+  "node": {
+    "12":     { "sev": "critical", "eol": "2022-04-30", "message": "Node.js 12 reached EOL on 2022-04-30. No security patches." },
+    "14":     { "sev": "critical", "eol": "2023-04-30", "message": "Node.js 14 reached EOL on 2023-04-30." },
+    "16":     { "sev": "high",     "eol": "2023-09-11", "message": "Node.js 16 reached EOL on 2023-09-11." },
+    "18":     { "sev": "low",      "eol": "2025-04-30", "message": "Node.js 18 enters EOL on 2025-04-30." },
+    "latest": { "sev": "low",      "eol": null,         "message": "node:latest is a floating tag — pin to an LTS (e.g. node:22-alpine)." }
+  },
+  "python": {
+    "2":      { "sev": "critical", "eol": "2020-01-01", "message": "Python 2 reached EOL on 2020-01-01. Migrate to Python 3." },
+    "2.7":    { "sev": "critical", "eol": "2020-01-01", "message": "Python 2.7 reached EOL on 2020-01-01." },
+    "3.6":    { "sev": "critical", "eol": "2021-12-23", "message": "Python 3.6 reached EOL on 2021-12-23." },
+    "3.7":    { "sev": "critical", "eol": "2023-06-27", "message": "Python 3.7 reached EOL on 2023-06-27." },
+    "3.8":    { "sev": "high",     "eol": "2024-10-07", "message": "Python 3.8 reached EOL on 2024-10-07." },
+    "latest": { "sev": "low",      "eol": null,         "message": "python:latest is a floating tag — pin to a specific minor (e.g. python:3.12-slim)." }
+  }
+}

package/src/sca/container.js

@@ -0,0 +1,107 @@
+// 0.9.0 Feat-14: Container base image EOL detection — maps FROM lines to known-vulnerable distro versions.
+//
+// Two passes:
+//   1. Parse `FROM <image>:<tag>` lines and check the tag against a vendored
+//      base-images map (alpine/debian/ubuntu/node/python). Emit a finding for
+//      EOL or floating tags.
+//   2. Parse `RUN apt-get install` / `apk add` package lists and synthesize
+//      lightweight components[] entries that the SCA OSV pipeline can query.
+//
+// All-local: no Docker registry pulls, no shell-out to docker. Just regex.
+
+import { createRequire } from 'node:module';
+const _require = createRequire(import.meta.url);
+const _BASE_IMAGES = (() => {
+  try {
+    const raw = _require('./base-images.json');
+    const out = {};
+    for (const [k, v] of Object.entries(raw)) {
+      if (k.startsWith('_')) continue;
+      out[k] = v;
+    }
+    return out;
+  } catch (_) {
+    return null;
+  }
+})();
+
+const _DOCKERFILE_RE = /(?:^|\/)(?:[Dd]ockerfile|[^/]+\.dockerfile)$/i;
+
+// FROM <image>[:<tag>] [AS <stage>]
+const _FROM_RE = /^\s*FROM\s+(?:--platform=\S+\s+)?([\w./-]+?)(?::([\w.\-]+))?(?:@sha256:[a-f0-9]{64})?(?:\s+AS\s+\S+)?\s*$/im;
+
+// FROM <image>:<tag> covering all FROM lines in the file
+const _ALL_FROM_RE = /^\s*FROM\s+(?:--platform=\S+\s+)?([\w./-]+?)(?::([\w.\-]+))?(?:@sha256:[a-f0-9]{64})?(?:\s+AS\s+\S+)?\s*$/img;
+
+// `apt-get install -y pkg pkg pkg` / `apk add pkg pkg`
+const _APT_INSTALL_RE = /\bapt(?:-get)?\s+install\b[^\n]*?(?:--?[\w-]+\s+)*((?:[a-z0-9][\w.+-]*(?:=[\w.+:-]+)?\s*)+)/gi;
+const _APK_ADD_RE     = /\bapk\s+(?:--no-cache\s+)?(?:--update\s+)?add\b[^\n]*?(?:--?[\w-]+\s+)*((?:[a-z0-9][\w.+-]*(?:=[\w.+:-]+)?\s*)+)/gi;
+
+function _scoreTag(image, tag) {
+  if (!_BASE_IMAGES) return null;
+  const m = _BASE_IMAGES[image];
+  if (!m) return null;
+  // Direct tag match
+  if (m[tag]) return { ...m[tag], image, tag };
+  // Major-only match: tag '20.04-slim' falls back to '20.04'
+  for (const k of Object.keys(m)) {
+    if (tag && tag.startsWith(k + '.')) return { ...m[k], image, tag };
+    if (tag && tag.startsWith(k + '-')) return { ...m[k], image, tag };
+    if (tag === k) return { ...m[k], image, tag };
+  }
+  // Tag missing entirely (e.g. "FROM alpine") → treat as 'latest'
+  if (!tag && m.latest) return { ...m.latest, image, tag: 'latest' };
+  return null;
+}
+
+export function scanContainer(fp, raw) {
+  if (!_DOCKERFILE_RE.test(fp.replace(/\\/g, '/'))) return [];
+  if (!raw || raw.length > 200_000) return [];
+  const findings = [];
+  const lines = raw.split('\n');
+  let m;
+
+  // Pass 1: FROM lines
+  _ALL_FROM_RE.lastIndex = 0;
+  while ((m = _ALL_FROM_RE.exec(raw))) {
+    const image = m[1].split('/').pop(); // strip registry / namespace prefixes
+    const tag = m[2] || '';
+    const line = raw.substring(0, m.index).split('\n').length;
+    const score = _scoreTag(image, tag);
+    if (!score) continue;
+    findings.push({
+      id: `container-base:${fp}:${line}:${image}:${tag || 'latest'}`,
+      kind: 'container', severity: score.sev,
+      vuln: `Container base image: ${image}:${tag || 'latest'} ${score.eol ? '(EOL)' : '(floating tag)'}`,
+      cwe: score.eol ? 'CWE-1104' : 'CWE-1357',
+      stride: 'Tampering',
+      file: fp, line, snippet: (lines[line - 1] || '').trim(),
+      fix: score.message,
+    });
+  }
+
+  // Pass 2: apt/apk packages — surface as components hint for the SCA pipeline.
+  // We do NOT query OSV here (the engine's SCA pass owns that). Just collect names.
+  const packages = [];
+  _APT_INSTALL_RE.lastIndex = 0;
+  while ((m = _APT_INSTALL_RE.exec(raw))) {
+    for (const tok of m[1].split(/\s+/)) {
+      const t = tok.trim();
+      if (!t || t.startsWith('-')) continue;
+      const [name, ver] = t.split('=', 2);
+      if (/^[a-z0-9][\w.+-]*$/.test(name)) packages.push({ ecosystem: 'debian', name, version: ver || '' });
+    }
+  }
+  _APK_ADD_RE.lastIndex = 0;
+  while ((m = _APK_ADD_RE.exec(raw))) {
+    for (const tok of m[1].split(/\s+/)) {
+      const t = tok.trim();
+      if (!t || t.startsWith('-')) continue;
+      const [name, ver] = t.split('=', 2);
+      if (/^[a-z0-9][\w.+-]*$/.test(name)) packages.push({ ecosystem: 'alpine', name, version: ver || '' });
+    }
+  }
+  // Stash packages on the first finding so the engine can consume them downstream
+  if (packages.length && findings.length) findings[0]._containerPackages = packages;
+  return findings;
+}