@clear-capabilities/agentic-security-scanner 0.74.0

package/src/posture/network-policy-import.js

@@ -0,0 +1,126 @@
+// FR-PROD-4 — Network policy import.
+//
+// Parse k8s NetworkPolicy YAML (multi-document) and AWS Security Group JSON;
+// build a coarse map: workload → ingress sources. If the only ingress for a
+// workload is from internal-only ranges (10.0.0.0/8, 172.16.0.0/12,
+// 192.168.0.0/16, fc00::/7, or named `internal`/`vpc-private`), findings on
+// that workload are demoted to `mitigated-by-network`. Conservative: anything
+// not unambiguously internal-only leaves the finding untouched.
+//
+// Inputs (any combination of):
+//   k8s/*.yaml, k8s/*.yml         — multi-doc kube manifests
+//   infra/k8s/                    — recursive search
+//   .agentic-security/network-policy.json  — normalized digest
+//
+// Normalized digest shape:
+//   {
+//     "workloads": {
+//       "api-server":   { "exposure": "public",   "ingressFrom": ["0.0.0.0/0"] },
+//       "admin-panel":  { "exposure": "internal", "ingressFrom": ["10.0.0.0/8"] },
+//       "worker":       { "exposure": "internal", "ingressFrom": [] }
+//     }
+//   }
+//
+// Mapping workload → finding is heuristic: we look for the workload name in
+// the file path.
+
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+const CANDIDATE_DIGEST = '.agentic-security/network-policy.json';
+const K8S_DIRS = ['k8s', 'infra/k8s', 'deploy/k8s', 'kubernetes', 'manifests'];
+
+const INTERNAL_CIDRS = [
+  /^10\./, /^172\.(?:1[6-9]|2\d|3[01])\./, /^192\.168\./,
+  /^fc/i, /^fd/i,
+];
+
+function isInternal(cidr) {
+  if (!cidr) return false;
+  if (/internal|vpc-private|private/i.test(cidr)) return true;
+  return INTERNAL_CIDRS.some(re => re.test(cidr));
+}
+
+function parseKubeManifests(scanRoot) {
+  const workloads = {};
+  const root = scanRoot || process.cwd();
+  for (const d of K8S_DIRS) {
+    const dp = path.join(root, d);
+    if (!fs.existsSync(dp)) continue;
+    try {
+      const files = fs.readdirSync(dp, { withFileTypes: true });
+      for (const f of files) {
+        if (!f.isFile() || !/\.(ya?ml)$/i.test(f.name)) continue;
+        const text = fs.readFileSync(path.join(dp, f.name), 'utf8');
+        // Multi-doc split by `---` then look for NetworkPolicy entries.
+        const docs = text.split(/^---\s*$/m);
+        for (const doc of docs) {
+          if (!/kind:\s*NetworkPolicy/i.test(doc)) continue;
+          const podSelM = /podSelector:[\s\S]*?matchLabels:[\s\S]*?app:\s*['"]?(\w[\w-]*)['"]?/i.exec(doc);
+          const workload = podSelM ? podSelM[1] : 'unknown';
+          // Default-deny check: presence of `ingress: []` or empty ingress block.
+          const isDeny = /policyTypes:\s*\[Ingress\][\s\S]*?ingress:\s*\[\]/i.test(doc) ||
+                         /policyTypes:[\s\S]*?-\s+Ingress[\s\S]*?ingress:\s*\[\]/i.test(doc);
+          const cidrs = [...doc.matchAll(/ipBlock:[\s\S]*?cidr:\s*['"]?([\d./a-fA-F:]+)['"]?/g)].map(m => m[1]);
+          const externalAllowed = cidrs.filter(c => !isInternal(c));
+          let exposure;
+          if (isDeny && cidrs.length === 0) exposure = 'internal';
+          else if (cidrs.length === 0) exposure = 'unknown';
+          else if (externalAllowed.length === 0) exposure = 'internal';
+          else exposure = 'public';
+          workloads[workload] = {
+            exposure,
+            ingressFrom: cidrs.length ? cidrs : (isDeny ? [] : ['unspecified']),
+          };
+        }
+      }
+    } catch {}
+  }
+  return workloads;
+}
+
+export function loadNetworkPosture(scanRoot) {
+  const root = scanRoot || process.cwd();
+  const digestPath = path.join(root, CANDIDATE_DIGEST);
+  if (fs.existsSync(digestPath)) {
+    try {
+      const data = JSON.parse(fs.readFileSync(digestPath, 'utf8'));
+      if (data && data.workloads) return data;
+    } catch {}
+  }
+  const workloads = parseKubeManifests(scanRoot);
+  if (Object.keys(workloads).length === 0) return null;
+  return { workloads };
+}
+
+function matchWorkload(workloads, filePath) {
+  if (!workloads || !filePath) return null;
+  // Match by the longest workload name that occurs as a path segment.
+  const segs = filePath.split('/');
+  let best = null;
+  for (const name of Object.keys(workloads)) {
+    if (segs.includes(name) || segs.some(s => s.startsWith(name + '-'))) {
+      if (!best || name.length > best.length) best = name;
+    }
+  }
+  return best ? { name: best, info: workloads[best] } : null;
+}
+
+export function annotateNetworkMitigation(findings, scanRoot) {
+  if (!Array.isArray(findings)) return findings;
+  const posture = loadNetworkPosture(scanRoot);
+  if (!posture || !posture.workloads) return findings;
+  for (const f of findings) {
+    if (!f || typeof f !== 'object') continue;
+    const w = matchWorkload(posture.workloads, f.file || '');
+    if (!w) continue;
+    if (w.info.exposure === 'internal') {
+      f.mitigatedByNetwork = true;
+      f.networkPolicyName = w.name;
+      f.networkExposure = 'internal';
+    } else if (w.info.exposure === 'public') {
+      f.networkExposure = 'public';
+    }
+  }
+  return findings;
+}

package/src/posture/path-predicates.js

@@ -0,0 +1,99 @@
+// SentQL path-constraint predicate catalog.
+//
+// When a custom rule declares `path: { must_traverse: [...], must_not_traverse: [...] }`
+// the runtime checks each predicate against the finding's path metadata (route
+// reachability, sanitizer presence, auth-guard presence, etc.) and drops the
+// finding when the constraint is violated.
+//
+// A predicate is a string identifier. The dispatch table below maps each
+// identifier to a function `(finding) → bool` that tests the finding.
+//
+// New predicates can be added without changing the SentQL grammar — author
+// names them in YAML, this file resolves the name.
+
+// Each predicate returns TRUE iff the finding satisfies the predicate.
+const PREDICATES = {
+  // The finding's source is a route handler (HTTP entry point).
+  is_http_route(f) {
+    if (f.routeRooted === true) return true;
+    if (f.source && f.source.category && /HTTP|URL|Form|DOM/i.test(f.source.category)) return true;
+    return false;
+  },
+  // Inverse — finding doesn't come from a route handler.
+  not_http_route(f) { return !PREDICATES.is_http_route(f); },
+
+  // A sanitizer was detected on the path.
+  is_sanitized(f) { return f.isSanitized === true; },
+  not_sanitized(f) { return !PREDICATES.is_sanitized(f); },
+
+  // An auth guard is present on the path.
+  is_auth_guarded(f) { return Array.isArray(f.guards) && f.guards.length > 0; },
+  not_auth_guarded(f) { return !PREDICATES.is_auth_guarded(f); },
+
+  // Reachable from an unauthenticated route (engine annotation).
+  has_unauth_route(f) {
+    if (Array.isArray(f.exploitabilityFactors) && f.exploitabilityFactors.includes('unauth-route-reachable')) return true;
+    return false;
+  },
+
+  // Cross-file taint chain (multi-hop, not single-file).
+  is_cross_file(f) {
+    if (f.isCrossFile === true) return true;
+    const srcFile = f.source && f.source.file;
+    const sinkFile = (f.sink && f.sink.file) || f.file;
+    return !!(srcFile && sinkFile && srcFile !== sinkFile);
+  },
+  not_cross_file(f) { return !PREDICATES.is_cross_file(f); },
+
+  // Reachable at all (call graph said yes).
+  is_reachable(f) { return f.reachable === true; },
+  not_reachable(f) { return f.reachable === false; },
+
+  // Finding has a path / chain of length > 1.
+  has_multi_step_path(f) {
+    if (Array.isArray(f.chain) && f.chain.length > 1) return true;
+    if (Array.isArray(f.pathSteps) && f.pathSteps.length > 1) return true;
+    return false;
+  },
+};
+
+// Drop findings whose path violates the rule's constraints.
+//   - must_traverse: ALL predicates must return true
+//   - must_not_traverse: NONE may return true
+// Returns { kept: Finding[], dropped: SuppressionEntry[] }.
+export function applyPathConstraints(findings) {
+  const kept = [];
+  const dropped = [];
+  for (const f of (findings || [])) {
+    const c = f && f._pathConstraints;
+    if (!c) { kept.push(f); continue; }
+    let drop = null;
+    if (Array.isArray(c.mustTraverse) && c.mustTraverse.length) {
+      for (const name of c.mustTraverse) {
+        const pred = PREDICATES[name];
+        // Unknown predicates fail-open: don't drop the finding just because the
+        // rule named a predicate we don't know about. Log silently.
+        if (!pred) continue;
+        if (!pred(f)) { drop = `must-traverse-failed:${name}`; break; }
+      }
+    }
+    if (!drop && Array.isArray(c.mustNotTraverse) && c.mustNotTraverse.length) {
+      for (const name of c.mustNotTraverse) {
+        const pred = PREDICATES[name];
+        if (!pred) continue;
+        if (pred(f)) { drop = `must-not-traverse-hit:${name}`; break; }
+      }
+    }
+    if (drop) {
+      dropped.push({
+        vuln: f.vuln, file: f.file, line: f.line, snippet: f.snippet || '',
+        reason: 'sentql-path-constraint:' + drop,
+      });
+      continue;
+    }
+    kept.push(f);
+  }
+  return { kept, dropped };
+}
+
+export const _internalPredicateNames = Object.keys(PREDICATES);

package/src/posture/persona-prioritization.js

@@ -0,0 +1,153 @@
+// FR-ADV-2 + FR-LOGIC-10 — Per-persona prioritization.
+//
+// Replace CVSS-style flat severity with a per-attacker-persona severity
+// matrix. The same finding can be `critical` for a script kiddie (drive-by
+// exploit) and `low` for an APT (they already have credentialed shell).
+// Five personas, each with a weighting profile over existing finding fields.
+//
+// Inputs (read from each finding when present):
+//   - severity, family / vuln
+//   - reachable (true/false), routeRooted (true/false)
+//   - exposedInProd / mitigatedInProd / unreachableInProd (FR-PROD-7)
+//   - guards (auth/RBAC), kev, epssPercentile
+//   - crownJewelScore, featureFlagState
+//   - parser, validator_verdict
+//
+// Output: f.personaScores = { [persona]: { score, tier, factors[] } }
+//         f.personaTopTwo = ['opportunistic', 'apt'] for UI compactness.
+
+const PERSONAS = [
+  'script-kiddie',
+  'opportunistic-criminal',
+  'apt-nation-state',
+  'supply-chain-attacker',
+  'malicious-insider',
+];
+
+const FAMILY_PERSONA_BIAS = {
+  'sql-injection':           { 'script-kiddie': +0.20, 'opportunistic-criminal': +0.25 },
+  'command-injection':       { 'script-kiddie': +0.25, 'opportunistic-criminal': +0.30, 'apt-nation-state': +0.20 },
+  'xss':                     { 'script-kiddie': +0.15, 'opportunistic-criminal': +0.20 },
+  'ssrf':                    { 'opportunistic-criminal': +0.20, 'apt-nation-state': +0.30 },
+  'path-traversal':          { 'script-kiddie': +0.20, 'opportunistic-criminal': +0.20 },
+  'idor':                    { 'opportunistic-criminal': +0.25, 'malicious-insider': +0.30 },
+  'missing-authz':           { 'opportunistic-criminal': +0.20, 'malicious-insider': +0.35 },
+  'broken-auth':             { 'script-kiddie': +0.15, 'opportunistic-criminal': +0.30 },
+  'hardcoded-secret':        { 'opportunistic-criminal': +0.25, 'malicious-insider': +0.20, 'supply-chain-attacker': +0.20 },
+  'webhook-no-signature':    { 'opportunistic-criminal': +0.20, 'apt-nation-state': +0.10 },
+  'unsafe-deserialization':  { 'apt-nation-state': +0.35, 'supply-chain-attacker': +0.30 },
+  'prototype-pollution':     { 'apt-nation-state': +0.30, 'supply-chain-attacker': +0.20 },
+  'jndi':                    { 'apt-nation-state': +0.35, 'opportunistic-criminal': +0.20 },
+  'mass-assignment':         { 'opportunistic-criminal': +0.20, 'malicious-insider': +0.25 },
+  'csrf':                    { 'script-kiddie': +0.10, 'opportunistic-criminal': +0.15 },
+  'open-redirect':           { 'script-kiddie': +0.15, 'opportunistic-criminal': +0.15 },
+  'prompt-injection':        { 'script-kiddie': +0.25, 'apt-nation-state': +0.20 },
+  'llm-output-trusted':      { 'apt-nation-state': +0.30, 'malicious-insider': +0.20 },
+  'unbounded-llm':           { 'opportunistic-criminal': +0.20 },
+  'sca-cve':                 { 'opportunistic-criminal': +0.25, 'apt-nation-state': +0.20 },
+  'install-script':          { 'supply-chain-attacker': +0.50 },
+  'typosquat':               { 'supply-chain-attacker': +0.40 },
+  'mass-merge':              { 'supply-chain-attacker': +0.30 },
+};
+
+const SEVERITY_BASE = { critical: 0.85, high: 0.65, medium: 0.40, low: 0.20, info: 0.10 };
+
+function familyKey(f) {
+  if (f.family) return String(f.family).toLowerCase().replace(/[\s_]+/g, '-');
+  const v = (f.vuln || f.title || '').toLowerCase();
+  if (/sql.*injection/.test(v)) return 'sql-injection';
+  if (/command.*injection|os.command|shell.exec/.test(v)) return 'command-injection';
+  if (/cross.site script|xss/.test(v)) return 'xss';
+  if (/ssrf|server.side request/.test(v)) return 'ssrf';
+  if (/path traversal|zip.slip|directory traversal/.test(v)) return 'path-traversal';
+  if (/idor|insecure direct object/.test(v)) return 'idor';
+  if (/missing auth|broken access/.test(v)) return 'missing-authz';
+  if (/broken auth|jwt|session/.test(v)) return 'broken-auth';
+  if (/hardcoded|secret in source|api key/.test(v)) return 'hardcoded-secret';
+  if (/webhook.*sign|signature/.test(v)) return 'webhook-no-signature';
+  if (/deserial/.test(v)) return 'unsafe-deserialization';
+  if (/prototype pollution/.test(v)) return 'prototype-pollution';
+  if (/jndi|log4shell/.test(v)) return 'jndi';
+  if (/mass assignment/.test(v)) return 'mass-assignment';
+  if (/csrf/.test(v)) return 'csrf';
+  if (/open redirect/.test(v)) return 'open-redirect';
+  if (/prompt injection/.test(v)) return 'prompt-injection';
+  if (/llm output/.test(v)) return 'llm-output-trusted';
+  if (/max_tokens|unbounded/.test(v)) return 'unbounded-llm';
+  if (/install.script|postinstall/.test(v)) return 'install-script';
+  if (/typosquat/.test(v)) return 'typosquat';
+  if (/cve-|kev/.test(v)) return 'sca-cve';
+  return null;
+}
+
+function scoreOne(f, persona) {
+  const factors = [];
+  let s = SEVERITY_BASE[f.severity] ?? 0.30;
+  factors.push(`sev:${f.severity || 'unknown'}`);
+
+  const fam = familyKey(f);
+  const bias = fam && FAMILY_PERSONA_BIAS[fam] ? (FAMILY_PERSONA_BIAS[fam][persona] || 0) : 0;
+  if (bias) { s += bias; factors.push(`bias:${fam}+${bias.toFixed(2)}`); }
+
+  // Persona-specific modifiers.
+  if (persona === 'script-kiddie') {
+    if (f.exposedInProd) { s += 0.15; factors.push('exposed-in-prod'); }
+    if (f.mitigatedInProd) { s -= 0.30; factors.push('mitigated-in-prod'); }
+    if (f.guards && f.guards.length) { s -= 0.20; factors.push(`auth-gated:${f.guards.length}`); }
+    if (f.kev) { s += 0.20; factors.push('kev'); }
+  } else if (persona === 'opportunistic-criminal') {
+    if (f.exposedInProd) { s += 0.10; factors.push('exposed-in-prod'); }
+    if (f.mitigatedInProd) { s -= 0.15; factors.push('mitigated-in-prod'); }
+    if (f.crownJewelScore >= 0.4) { s += 0.20; factors.push('crown-jewel-adj'); }
+    if (typeof f.epssPercentile === 'number' && f.epssPercentile >= 0.95) { s += 0.15; factors.push('epss>=p95'); }
+  } else if (persona === 'apt-nation-state') {
+    // APTs care less about easy exploits and more about high-value targets +
+    // persistence; reachability/auth gating matters much less to them.
+    if (f.crownJewelScore >= 0.5) { s += 0.25; factors.push('crown-jewel-target'); }
+    if (fam === 'unsafe-deserialization' || fam === 'jndi' || fam === 'prompt-injection') { s += 0.10; factors.push('apt-favored-family'); }
+    if (f.guards && f.guards.length) { s -= 0.05; factors.push('minor-auth-cost'); }   // they have creds
+  } else if (persona === 'supply-chain-attacker') {
+    if (f.parser === 'SCA' || /sca|cve|kev/i.test(fam || '')) { s += 0.20; factors.push('sca-finding'); }
+    if (fam === 'install-script' || fam === 'typosquat') { s += 0.30; factors.push('classic-supply-chain'); }
+    if (f.provenance === 'ai-likely') { s += 0.10; factors.push('ai-generated'); }
+  } else if (persona === 'malicious-insider') {
+    if (f.exposedInProd || f.guards?.length) { s -= 0.10; factors.push('insider-bypasses-edge'); }
+    if (fam === 'missing-authz' || fam === 'idor' || fam === 'mass-assignment') { s += 0.20; factors.push('authz-bypass-favored'); }
+    if (f.crownJewelScore >= 0.5) { s += 0.15; factors.push('insider-target'); }
+  }
+
+  // Universal feature-flag dampener.
+  if (f.featureFlagState === 'gated-off') { s = Math.min(s, 0.15); factors.push('flag-gated-off'); }
+  else if (f.featureFlagState === 'partial-rollout') { s -= 0.10; factors.push('partial-rollout'); }
+
+  s = Math.max(0, Math.min(1, s));
+  return { score: Number(s.toFixed(2)), factors };
+}
+
+function tierOf(s) {
+  if (s >= 0.80) return 'critical';
+  if (s >= 0.60) return 'high';
+  if (s >= 0.35) return 'medium';
+  if (s >= 0.15) return 'low';
+  return 'info';
+}
+
+export function annotatePersonaScores(findings) {
+  if (!Array.isArray(findings)) return findings;
+  for (const f of findings) {
+    if (!f || typeof f !== 'object') continue;
+    const scores = {};
+    for (const p of PERSONAS) {
+      const { score, factors } = scoreOne(f, p);
+      scores[p] = { score, tier: tierOf(score), factors };
+    }
+    f.personaScores = scores;
+    const ranked = Object.entries(scores).sort((a, b) => b[1].score - a[1].score);
+    f.personaTopTwo = ranked.slice(0, 2).map(([p]) => p);
+    f.personaMaxScore = ranked[0][1].score;
+    f.personaMaxName = ranked[0][0];
+  }
+  return findings;
+}
+
+export { PERSONAS };

package/src/posture/poc-cwe-map.js

@@ -0,0 +1,51 @@
+// CWE ↔ family lookup tables for the PoC generator (P1.1).
+//
+// Kept separate from poc-generator.js so the templates can be ergonomic
+// (small, focused) and the mapping table can grow independently as we add
+// CWE coverage. Both files exported as a single contract.
+
+export const CWE_TO_FAMILY = Object.freeze({
+  'CWE-89':  'sql-injection',
+  'CWE-78':  'command-injection',
+  'CWE-79':  'xss',
+  'CWE-22':  'path-traversal',
+  'CWE-918': 'ssrf',
+  'CWE-94':  'code-injection',
+  'CWE-352': 'csrf',
+  'CWE-601': 'open-redirect',
+  'CWE-611': 'xxe',
+  'CWE-502': 'insecure-deserialization',
+});
+
+export const FAMILY_TO_PRIMARY_CWE = Object.freeze(
+  Object.fromEntries(Object.entries(CWE_TO_FAMILY).map(([k, v]) => [v, k]))
+);
+
+// Families for which v1 explicitly does NOT generate a PoC. The verifier
+// marks these `unverified-by-design`. Documented here so the choice is
+// auditable rather than buried in template absence. Read via the
+// `isExplicitlyNoPoc()` helper; not exported directly.
+const NO_POC_FAMILIES = Object.freeze(new Set([
+  'timing-oracle',         // requires statistical analysis, not a single request
+  'data-exposure',         // visual-inspection-shaped; no single demonstrable request
+  'log-injection',         // sink is the log file; out-of-band verification needed
+  'audit-logging',         // absence-of-a-thing; harder to PoC
+  'header-hardening',      // configuration finding, not flow-based
+  'hardcoded-secret',      // proof = grep, not a request
+  'vulnerable-dep',        // proof = OSV lookup, not a runtime PoC
+  'jwt-no-exp',            // requires waiting; not single-shot
+  'orm-no-pagination',     // resource exhaustion shape; sandbox-unsafe to PoC
+  'weak-rng',              // statistical; not a single request
+  'weak-crypto',           // statistical; not a single request
+]));
+
+export function isPocSupported(familyOrCwe) {
+  if (!familyOrCwe) return false;
+  if (CWE_TO_FAMILY[familyOrCwe]) return true;
+  if (FAMILY_TO_PRIMARY_CWE[familyOrCwe]) return true;
+  return false;
+}
+
+export function isExplicitlyNoPoc(family) {
+  return NO_POC_FAMILIES.has(family);
+}