@clear-capabilities/agentic-security-scanner 0.76.1 → 0.78.0

package/src/sast/db-taint.js

@@ -213,3 +213,57 @@ export function scanDbTaint(fp, raw) {
   }
   return findings;
 }
+
+// ── Cross-file stored injection ────────────────────────────────────────────
+//
+// Extends the same-file detector to work across all files in the project.
+// Collects ORM writes and render-of-reads across all files, then matches
+// by field name to find stored XSS / stored injection paths.
+
+export function scanDbTaintCrossFile(fileContents) {
+  if (!fileContents || typeof fileContents !== 'object') return [];
+  const allWrites = [];
+  const allReads = [];
+  for (const [fp, raw] of Object.entries(fileContents)) {
+    if (!raw || typeof raw !== 'string' || raw.length > 500_000) continue;
+    const lang = _lang(fp);
+    if (!lang) continue;
+    const code = blankComments(raw, lang === 'py' ? 'py' : undefined);
+    const writes = _findTaintedWrites(code, lang);
+    for (const w of writes) allWrites.push({ ...w, file: fp });
+    const reads = _findRendersOfReads(code, lang);
+    for (const r of reads) allReads.push({ ...r, file: fp });
+  }
+  const findings = [];
+  const seen = new Set();
+  for (const w of allWrites) {
+    for (const r of allReads) {
+      if (w.file === r.file) continue;
+      if (w.field !== r.field) continue;
+      const id = `db-taint-xfile:${w.file}:${w.line}->${r.file}:${r.line}:${w.field}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      findings.push({
+        id,
+        file: r.file, line: r.line,
+        vuln: `Stored XSS via DB round-trip — cross-file (${w.model || '?'}.${w.field})`,
+        severity: 'high',
+        cwe: 'CWE-79',
+        family: 'stored-xss',
+        stride: 'Tampering',
+        remediation:
+          `User content written to ${w.model || '?'}.${w.field} at ${w.file}:${w.line} is later read at ${r.file}:${r.line} and rendered. ` +
+          'Sanitize at write time (HTML-escape), escape at render time, and use CSP to block inline scripts.',
+        parser: 'DB-TAINT-XFILE',
+        confidence: 0.60,
+        source: { file: w.file, line: w.line, label: `${w.model || '?'}.${w.field} write` },
+        sink: { file: r.file, line: r.line, label: `${w.field} render` },
+        trace: [
+          { file: w.file, line: w.line, kind: 'db-write', sourceLabel: `${w.model || '?'}.${w.field} ← user input` },
+          { file: r.file, line: r.line, kind: 'db-read',  sourceLabel: `${w.field} → render sink` },
+        ],
+      });
+    }
+  }
+  return findings;
+}

package/src/sast/graphql.js

@@ -0,0 +1,127 @@
+// GraphQL security detector.
+//
+// Coverage:
+//   1. Query injection — string-concat/template building GraphQL queries from user input
+//   2. Depth/complexity DoS — ApolloServer/express-graphql without depth limiting
+//   3. Introspection in production — introspection enabled or not explicitly disabled
+//   4. Batching DoS — missing batch-size limits
+//   5. Field suggestions — error messages leaking field names
+
+function _line(raw, idx) {
+  return raw.slice(0, idx).split('\n').length;
+}
+
+export function scanGraphQL(fp, raw) {
+  if (!fp || !raw || typeof raw !== 'string') return [];
+  if (raw.length > 500_000) return [];
+  if (!/\.(?:js|jsx|ts|tsx|mjs|cjs|py|go|rb)$/i.test(fp)) return [];
+
+  const findings = [];
+
+  // 1. Query injection: string concat/template into GraphQL query strings
+  const queryConcat = /(?:query|mutation)\s*[:=]\s*(?:`[^`]*\$\{[^}]*\}|["'][^"']*["']\s*\+\s*\w)/g;
+  for (const m of raw.matchAll(queryConcat)) {
+    const ln = _line(raw, m.index);
+    const after = raw.slice(m.index, m.index + 300);
+    if (/\b(?:gql|graphql|\.query|\.mutate)\b/i.test(after) || /\b(?:query|mutation)\s*\{/.test(after)) {
+      findings.push({
+        id: `graphql-injection:${fp}:${ln}`,
+        file: fp, line: ln,
+        vuln: 'GraphQL Query Injection — user input concatenated into query string',
+        severity: 'high',
+        family: 'graphql-injection',
+        cwe: 'CWE-943',
+        parser: 'GRAPHQL',
+        confidence: 0.75,
+        description: 'GraphQL query is built via string concatenation or template interpolation with variables that may contain user input. An attacker can inject additional fields, aliases, or mutations.',
+        remediation: 'Use parameterized GraphQL queries with variables: `query GetUser($id: ID!) { user(id: $id) { name } }` and pass variables separately.',
+      });
+    }
+  }
+
+  // 2. Depth/complexity DoS: ApolloServer/createYoga/express-graphql without depth limit
+  if (/\b(?:ApolloServer|createYoga|graphqlHTTP|makeExecutableSchema)\b/.test(raw)) {
+    if (!/\b(?:depthLimit|graphql-depth-limit|graphql-validation-complexity|costAnalysis|maxDepth|queryDepthLimit)\b/.test(raw)) {
+      const m = raw.match(/\b(ApolloServer|createYoga|graphqlHTTP)\b/);
+      if (m) {
+        findings.push({
+          id: `graphql-depth-dos:${fp}:${_line(raw, m.index)}`,
+          file: fp, line: _line(raw, m.index),
+          vuln: 'GraphQL Depth/Complexity DoS — no depth limiting configured',
+          severity: 'medium',
+          family: 'graphql-dos',
+          cwe: 'CWE-400',
+          parser: 'GRAPHQL',
+          confidence: 0.70,
+          description: 'GraphQL server is configured without query depth or complexity limits. An attacker can send deeply nested queries that exhaust server resources.',
+          remediation: 'Add graphql-depth-limit or graphql-query-complexity to validationRules: new ApolloServer({ validationRules: [depthLimit(10)] }).',
+        });
+      }
+    }
+  }
+
+  // 3. Introspection in production
+  if (/\bintrospection\s*:\s*true\b/.test(raw)) {
+    const m = raw.match(/\bintrospection\s*:\s*true\b/);
+    if (m) {
+      findings.push({
+        id: `graphql-introspection:${fp}:${_line(raw, m.index)}`,
+        file: fp, line: _line(raw, m.index),
+        vuln: 'GraphQL Introspection Enabled — schema exposed to clients',
+        severity: 'medium',
+        family: 'graphql-introspection',
+        cwe: 'CWE-200',
+        parser: 'GRAPHQL',
+        confidence: 0.80,
+        description: 'Introspection is explicitly enabled. Attackers can query __schema to discover all types, fields, and mutations — accelerating further attacks.',
+        remediation: 'Disable introspection in production: new ApolloServer({ introspection: process.env.NODE_ENV !== "production" }).',
+      });
+    }
+  }
+
+  // 4. Batching DoS: missing batch limits
+  if (/\b(?:ApolloServer|ApolloGateway)\b/.test(raw)) {
+    if (!/\b(?:allowBatchedHttpRequests\s*:\s*false|maxBatchSize|batching\s*:\s*false)\b/.test(raw)) {
+      const m = raw.match(/\b(ApolloServer|ApolloGateway)\b/);
+      if (m) {
+        const after = raw.slice(m.index, m.index + 500);
+        if (/allowBatchedHttpRequests\s*:\s*true/.test(after) && !/maxBatchSize/.test(after)) {
+          findings.push({
+            id: `graphql-batch-dos:${fp}:${_line(raw, m.index)}`,
+            file: fp, line: _line(raw, m.index),
+            vuln: 'GraphQL Batch DoS — batching enabled without size limit',
+            severity: 'medium',
+            family: 'graphql-dos',
+            cwe: 'CWE-400',
+            parser: 'GRAPHQL',
+            confidence: 0.65,
+            description: 'Batched HTTP requests are enabled without a maxBatchSize limit. Attackers can send thousands of operations in a single HTTP request.',
+            remediation: 'Set allowBatchedHttpRequests: false, or add maxBatchSize: 10 to limit batch size.',
+          });
+        }
+      }
+    }
+  }
+
+  // 5. Field suggestions leaking schema info
+  if (/\b(?:includeStacktraceInErrorResponses|formatError|debug\s*:\s*true)\b/.test(raw)) {
+    if (/\b(?:ApolloServer|graphqlHTTP)\b/.test(raw)) {
+      for (const m of raw.matchAll(/\bdebug\s*:\s*true\b/g)) {
+        findings.push({
+          id: `graphql-debug:${fp}:${_line(raw, m.index)}`,
+          file: fp, line: _line(raw, m.index),
+          vuln: 'GraphQL Debug Mode — error details exposed to clients',
+          severity: 'low',
+          family: 'graphql-introspection',
+          cwe: 'CWE-209',
+          parser: 'GRAPHQL',
+          confidence: 0.70,
+          description: 'Debug mode exposes stack traces and field suggestion in error responses, leaking internal schema structure.',
+          remediation: 'Set debug: false or includeStacktraceInErrorResponses: false in production.',
+        });
+      }
+    }
+  }
+
+  return findings;
+}

package/src/sast/llm-stored-prompt.js

@@ -101,3 +101,60 @@ export function scanStoredPromptInjection(fp, raw) {
   }
   return findings;
 }
+
+const ORM_READ_RE = /\b(?:findOne|findUnique|findFirst|findById|findByPk|get_object_or_404|objects\.get|objects\.filter|\.query\s*\()\b/;
+
+export function scanStoredPromptInjectionCrossFile(fileContents) {
+  if (!fileContents || typeof fileContents !== 'object') return [];
+  const llmSinks = [];
+  const ormReads = [];
+  for (const [fp, raw] of Object.entries(fileContents)) {
+    if (!raw || typeof raw !== 'string' || raw.length > 500_000) continue;
+    const lang = _lang(fp);
+    if (!lang) continue;
+    for (const [plang, pat, label] of LLM_CALL_PATTERNS) {
+      if (plang !== lang) continue;
+      const re = new RegExp(pat.source, pat.flags);
+      let m;
+      while ((m = re.exec(raw))) {
+        const varName = (m[1] || '').split('.')[0];
+        if (varName) llmSinks.push({ file: fp, line: _lineOf(raw, m.index), varName, label });
+      }
+    }
+    if (ORM_READ_RE.test(raw)) {
+      const lines = raw.split('\n');
+      for (let i = 0; i < lines.length; i++) {
+        if (ORM_READ_RE.test(lines[i])) {
+          const assignMatch = lines[i].match(/(\w+)\s*=\s*/);
+          if (assignMatch) ormReads.push({ file: fp, line: i + 1, varName: assignMatch[1] });
+        }
+      }
+    }
+  }
+  const findings = [];
+  const seen = new Set();
+  for (const sink of llmSinks) {
+    for (const read of ormReads) {
+      if (sink.file === read.file) continue;
+      if (sink.varName !== read.varName) continue;
+      const id = `llm-stored-prompt-xfile:${read.file}:${read.line}->${sink.file}:${sink.line}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      findings.push({
+        id,
+        file: sink.file, line: sink.line,
+        vuln: `LLM Stored-Prompt Injection — cross-file ORM→LLM (${sink.label})`,
+        severity: 'high',
+        cwe: 'CWE-1336',
+        family: 'llm-prompt-injection',
+        parser: 'LLM-STORED-PROMPT-XFILE',
+        confidence: 0.55,
+        description: `Variable "${sink.varName}" loaded from ORM at ${read.file}:${read.line} is used as LLM system prompt at ${sink.file}:${sink.line}. An attacker who can modify the DB record can inject instructions.`,
+        remediation: 'Validate stored prompts against a schema or signing key. Wrap DB-loaded text in delimiters and a role-isolation frame.',
+        source: { file: read.file, line: read.line, label: `ORM read → ${read.varName}` },
+        sink: { file: sink.file, line: sink.line, label: `LLM ${sink.label}` },
+      });
+    }
+  }
+  return findings;
+}

package/src/sast/mutation-xss.js

@@ -83,5 +83,48 @@ export function scanMutationXSS(fp, raw) {
     });
   }
 
+  // Email template XSS: user data rendered into HTML email body
+  const emailSinkRe = /\b(?:sendMail|transporter\.sendMail|sg\.send|ses\.sendEmail|mailgun\.messages\.create|send_email|mail\.send)\s*\(/g;
+  for (const em of code.matchAll(emailSinkRe)) {
+    const after = code.slice(em.index, em.index + 500);
+    if (!/\bhtml\s*:/i.test(after)) continue;
+    const taintHint = /(?:req\.|request\.|params|body|query|user\.\w+|data\.\w+)/.test(after);
+    const templateHint = /(?:ejs\.render|pug\.render|mustache\.render|handlebars\.compile|marked\.parse|render_template|Jinja2|\.render\s*\()/.test(after);
+    if (!taintHint && !templateHint) continue;
+    const line = lineOf(raw, em.index);
+    push({
+      id: `email-template-xss:${fp}:${line}`,
+      file: fp, line,
+      vuln: 'Email Template XSS — user data rendered into HTML email body',
+      severity: 'high',
+      cwe: 'CWE-79',
+      family: 'email-template-xss',
+      stride: 'Tampering',
+      snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+      remediation: 'HTML-escape user-supplied data before inserting into email templates. Use the template engine\'s auto-escape mode. Consider rendering text-only emails for user-generated content.',
+      parser: 'EMAIL-XSS',
+      confidence: 0.65,
+    });
+  }
+
+  // Markdown → HTML → innerHTML chain
+  const markdownHtmlRe = /\bmarked\.parse\s*\([^)]*(?:req\.|request\.|params|body|query|user)/g;
+  for (const mm of code.matchAll(markdownHtmlRe)) {
+    const line = lineOf(raw, mm.index);
+    push({
+      id: `markdown-xss:${fp}:${line}`,
+      file: fp, line,
+      vuln: 'Markdown→HTML XSS — user-supplied Markdown rendered to HTML without sanitization',
+      severity: 'high',
+      cwe: 'CWE-79',
+      family: 'xss',
+      stride: 'Tampering',
+      snippet: (raw.split('\n')[line - 1] || '').trim().slice(0, 200),
+      remediation: 'Pipe marked output through DOMPurify: `const html = DOMPurify.sanitize(marked.parse(userInput))`. Or use marked with `sanitize: true` option.',
+      parser: 'MARKDOWN-XSS',
+      confidence: 0.70,
+    });
+  }
+
   return findings;
 }

package/src/sast/nosql-injection.js

@@ -18,6 +18,9 @@ const DYNAMO_EXPR_CONCAT_RE = /(?:FilterExpression|ConditionExpression|KeyCondit
 
 const PY_MONGO_FIND_REQ = /\.\s*(?:find|find_one|update_one|update_many|delete_one|delete_many)\s*\(\s*request\s*\.\s*(?:json|data|args|form)/g;
 
+const MONGO_AGGREGATE_RE = /\.\s*aggregate\s*\(\s*\[[\s\S]{0,300}?\{\s*\$(?:match|expr|where|function|redact|lookup)\s*:[\s\S]{0,200}?(?:req|request|params|query|body|input)\b/g;
+const MONGO_MAPREDUCE_RE = /\.\s*mapReduce\s*\([\s\S]{0,300}?(?:req|request|params|query|body|input)\b/g;
+
 function lineOf(raw, idx) { return raw.substring(0, idx).split('\n').length; }
 
 export function scanNoSQLInjection(fp, raw) {
@@ -33,6 +36,8 @@ export function scanNoSQLInjection(fp, raw) {
       [MONGO_WHERE_RE, 'mongo-where', 'NoSQL Injection: MongoDB $where with user-controlled string', 0.90],
       [MONGO_FIND_REQ_OBJ_RE, 'mongo-find', 'NoSQL Injection: MongoDB query with raw request object (operator injection)', 0.80],
       [DYNAMO_EXPR_CONCAT_RE, 'dynamo-expr', 'NoSQL Injection: DynamoDB Expression built via string concatenation', 0.85],
+      [MONGO_AGGREGATE_RE, 'mongo-aggregate', 'NoSQL Injection: MongoDB aggregate pipeline with user-controlled stage', 0.80],
+      [MONGO_MAPREDUCE_RE, 'mongo-mapreduce', 'NoSQL Injection: MongoDB mapReduce with user-controlled function', 0.85],
     ]) {
       const r = new RegExp(re.source, re.flags);
       while ((m = r.exec(code))) {

package/src/sast/null-byte-injection.js

@@ -0,0 +1,76 @@
+// Null-byte and path normalization injection detector.
+//
+// Detects patterns where file extension checks can be bypassed via
+// null-byte truncation (%00, \0) or missing path normalization before
+// filesystem operations.
+
+function _line(raw, idx) { return raw.slice(0, idx).split('\n').length; }
+
+const EXT_CHECK_RE = /\.(?:endsWith|match|test|includes)\s*\(\s*['"]\.(?:jpg|jpeg|png|gif|pdf|doc|docx|csv|txt|zip|svg|webp|mp4)/gi;
+const SPLITEXT_RE = /(?:path\.extname|os\.path\.splitext|filepath\.Ext|pathinfo)\s*\(/g;
+
+const FS_SINK_RE = /(?:fs\.readFile|fs\.readFileSync|fs\.createReadStream|fs\.writeFile|fs\.writeFileSync|open\s*\(|os\.open|sendFile|send_file|send_from_directory|filepath\.Join|os\.path\.join|path\.join)\s*\(/g;
+
+const NORMALIZATION_RE = /(?:path\.normalize|path\.resolve|os\.path\.abspath|os\.path\.realpath|filepath\.Clean|filepath\.Abs|realpath|basename)\s*\(/;
+const NULL_STRIP_RE = /(?:replace\s*\(\s*\/\\0\/|replace\s*\(\s*['"]\\0['"]|\.replace\s*\(\s*\/\\x00\/|\.replace\s*\(\s*['"]%00['"])/;
+
+export function scanNullByteInjection(fp, raw) {
+  if (!fp || !raw || typeof raw !== 'string') return [];
+  if (raw.length > 500_000) return [];
+  if (!/\.(?:js|jsx|ts|tsx|mjs|cjs|py|go|rb|php|phtml)$/i.test(fp)) return [];
+
+  const findings = [];
+  const seen = new Set();
+
+  // Pattern: extension check without null-byte stripping before FS operation
+  for (const extMatch of raw.matchAll(EXT_CHECK_RE)) {
+    const checkLine = _line(raw, extMatch.index);
+    // Look ahead for FS operation within 15 lines
+    const after = raw.slice(extMatch.index, extMatch.index + 1000);
+    if (!FS_SINK_RE.test(after)) continue;
+    // Check if normalization or null-byte stripping exists between check and sink
+    const between = after.slice(0, after.search(FS_SINK_RE));
+    if (NORMALIZATION_RE.test(between) || NULL_STRIP_RE.test(between)) continue;
+    const id = `null-byte:${fp}:${checkLine}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    findings.push({
+      id,
+      file: fp, line: checkLine,
+      vuln: 'Null-Byte Injection Risk — extension check without path normalization before FS operation',
+      severity: 'medium',
+      family: 'path-normalization',
+      cwe: 'CWE-158',
+      parser: 'NULL-BYTE',
+      confidence: 0.60,
+      description: 'A file extension check is performed, then the path is passed to a filesystem operation without normalization or null-byte stripping. An attacker can bypass the extension check with a null byte: "malicious.php%00.jpg" passes the .jpg check but the filesystem may truncate at the null byte.',
+      remediation: 'Always normalize paths before extension checks: path.resolve(uploadsDir, path.basename(filename)). Strip null bytes: filename.replace(/\\0/g, ""). Validate the resolved path is within the expected directory.',
+    });
+  }
+
+  // Pattern: splitext/extname without null-byte stripping
+  for (const splitMatch of raw.matchAll(SPLITEXT_RE)) {
+    const line = _line(raw, splitMatch.index);
+    const context = raw.slice(Math.max(0, splitMatch.index - 200), splitMatch.index + 200);
+    if (NULL_STRIP_RE.test(context) || NORMALIZATION_RE.test(context)) continue;
+    // Only fire if user input is nearby
+    if (!/(?:req\.|request\.|params|query|body|upload|file|filename|user_input|\$_FILES|\$_GET)/i.test(context)) continue;
+    const id = `path-norm:${fp}:${line}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    findings.push({
+      id,
+      file: fp, line,
+      vuln: 'Path Normalization Gap — extension extraction without null-byte/traversal sanitization',
+      severity: 'medium',
+      family: 'path-normalization',
+      cwe: 'CWE-176',
+      parser: 'NULL-BYTE',
+      confidence: 0.55,
+      description: 'Path extension is extracted from user-supplied input without prior normalization. Unicode normalization attacks or null-byte truncation can bypass the extension check.',
+      remediation: 'Normalize the path first: const safeName = path.basename(userInput).replace(/\\0/g, ""); then check the extension.',
+    });
+  }
+
+  return findings;
+}