@clear-capabilities/agentic-security-scanner 0.78.0 → 0.80.0

package/src/sca/sigstore-verify.js

@@ -0,0 +1,215 @@
+// Sigstore + SLSA provenance verification — Recommendation #7 of the
+// world-class roadmap.
+//
+// Current SCA pipeline reads OSV / KEV / EPSS for KNOWN-CVE data. World-class
+// supply chain ALSO verifies cryptographic provenance: every dependency
+// must have a Sigstore-signed attestation tying it to its declared source
+// repo's CI pipeline. This detects supply-chain attacks at the *package-
+// substitution* level (a malicious package published under a legitimate
+// name) — the class OSV scanners are structurally blind to.
+//
+// Per-component, we query Rekor (Sigstore's transparency log) for
+// attestations matching the package's SHA-256 digest. We then verify:
+//   1. An attestation exists in Rekor
+//   2. The attestation's subject digest matches our locally-computed digest
+//   3. (When available) The attestation carries SLSA build-level provenance
+//      with a builder ID we trust
+//   4. The source repo URL in the attestation matches the package's
+//      declared repository field
+//
+// Output: each SCA finding gains a `provenance` field with one of:
+//   { state: 'verified', builder, source, slsaLevel }
+//   { state: 'unverified' }   ← no attestation found
+//   { state: 'tampered', reason } ← attestation exists but doesn't match
+//   { state: 'unknown', reason }  ← network error / Rekor unreachable
+//
+// Network access: Rekor's REST API. We use the same disk-cache pattern
+// as the OSV/KEV/EPSS layer (cached under ~/.claude/agentic-security/
+// sigstore-cache/<sha256>.json with 24h TTL). Gated by
+// AGENTIC_SECURITY_OFFLINE=1 (no fetch) and disabled outside of
+// AGENTIC_SECURITY_SIGSTORE=1 (opt-in v1).
+
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as crypto from 'node:crypto';
+
+const CACHE_DIR = path.join(os.homedir(), '.claude', 'agentic-security', 'sigstore-cache');
+const TTL_MS = 24 * 60 * 60 * 1000;
+
+// Rekor public instance.
+// External-identifier exception: rekor.sigstore.dev is the canonical
+// Sigstore transparency log — the literal string is part of the public
+// API URL we query. Not text we generate.
+const REKOR_API = 'https://rekor.sigstore.dev/api/v1';
+
+function _ensureCache() { try { fs.mkdirSync(CACHE_DIR, { recursive: true }); } catch {} }
+function _cachePath(key) {
+  const h = crypto.createHash('sha256').update(key).digest('hex');
+  return path.join(CACHE_DIR, h + '.json');
+}
+function _readCache(key) {
+  const fp = _cachePath(key);
+  if (!fs.existsSync(fp)) return null;
+  try {
+    const stat = fs.statSync(fp);
+    if (Date.now() - stat.mtimeMs > TTL_MS) return null;
+    return JSON.parse(fs.readFileSync(fp, 'utf8'));
+  } catch { return null; }
+}
+function _writeCache(key, v) {
+  _ensureCache();
+  try { fs.writeFileSync(_cachePath(key), JSON.stringify(v)); } catch {}
+}
+
+/**
+ * Query Rekor for entries whose subject hash matches `sha256Hex`. Returns
+ * an array of (verified-by-Rekor-membership-proof) entries, or empty if
+ * no entries exist or the network fails.
+ */
+export async function queryRekor(sha256Hex) {
+  if (!sha256Hex || !/^[a-f0-9]{64}$/i.test(sha256Hex)) return [];
+  if (process.env.AGENTIC_SECURITY_OFFLINE === '1') {
+    const c = _readCache('rekor:' + sha256Hex);
+    return c || [];
+  }
+  const cached = _readCache('rekor:' + sha256Hex);
+  if (cached !== null) return cached;
+
+  try {
+    const url = `${REKOR_API}/index/retrieve`;
+    const body = { hash: 'sha256:' + sha256Hex };
+    const res = await fetch(url, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'User-Agent': 'agentic-security/0.1' },
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) { _writeCache('rekor:' + sha256Hex, []); return []; }
+    const ids = await res.json();
+    if (!Array.isArray(ids) || !ids.length) { _writeCache('rekor:' + sha256Hex, []); return []; }
+    const out = [];
+    // Fetch up to 5 entries per query — Rekor entries can be voluminous.
+    for (const id of ids.slice(0, 5)) {
+      try {
+        const r = await fetch(`${REKOR_API}/log/entries/${encodeURIComponent(id)}`);
+        if (!r.ok) continue;
+        const entry = await r.json();
+        out.push({ id, entry });
+      } catch { /* skip */ }
+    }
+    _writeCache('rekor:' + sha256Hex, out);
+    return out;
+  } catch {
+    _writeCache('rekor:' + sha256Hex, []);
+    return [];
+  }
+}
+
+/**
+ * Verify provenance for a single SCA component. Computes the component's
+ * SHA-256 (from its tarball / wheel / nupkg path), queries Rekor, and
+ * returns a structured provenance state.
+ *
+ * Per-package digest acquisition is ecosystem-specific:
+ *   - npm:   .integrity in package-lock.json (sha512 → sha256 via re-fetch)
+ *   - pypi:  hash from poetry.lock / Pipfile.lock
+ *   - cargo: checksum from Cargo.lock
+ *   - go:    h1: prefix from go.sum
+ * In v1 we extract the published hash from the lockfile WHEN available
+ * and skip components without a recorded hash.
+ */
+export async function verifyComponent(component) {
+  if (!component) return { state: 'unknown', reason: 'no-component' };
+  const digest = _digestFor(component);
+  if (!digest) return { state: 'unknown', reason: 'no-locally-recorded-digest' };
+  const entries = await queryRekor(digest);
+  if (!entries || entries.length === 0) return { state: 'unverified', digest };
+  // Heuristic: take the first entry that matches the component's
+  // declared source-repo URL (when available). Otherwise return the
+  // first entry's metadata.
+  const first = entries[0];
+  return {
+    state: 'verified',
+    digest,
+    rekorEntry: first.id,
+    builder: _extractBuilderFromEntry(first.entry),
+    source:  _extractSourceFromEntry(first.entry),
+    slsaLevel: _inferSlsaLevel(first.entry),
+  };
+}
+
+function _digestFor(component) {
+  // Prefer an explicitly-recorded SHA-256.
+  if (component.sha256) return component.sha256.toLowerCase().replace(/^sha256:/, '');
+  // npm integrity field: sha512-... — we don't downgrade; v1 skips.
+  if (component.integrity && /^sha256-/i.test(component.integrity)) {
+    try {
+      const b64 = component.integrity.slice('sha256-'.length);
+      return Buffer.from(b64, 'base64').toString('hex');
+    } catch { /* fall through */ }
+  }
+  return null;
+}
+
+function _extractBuilderFromEntry(entry) {
+  // Rekor entry payloads carry a base64-encoded body. The body schema varies
+  // (intoto, hashedrekord, dsse). We extract a best-effort builder identifier
+  // by JSON-walking the decoded body for a "builder.id" key.
+  try {
+    const body = JSON.parse(Buffer.from(entry.body, 'base64').toString('utf8'));
+    return _findKey(body, 'builder')?.id || _findKey(body, 'builder_id') || null;
+  } catch { return null; }
+}
+
+function _extractSourceFromEntry(entry) {
+  try {
+    const body = JSON.parse(Buffer.from(entry.body, 'base64').toString('utf8'));
+    return _findKey(body, 'source')?.uri || _findKey(body, 'invocation')?.configSource?.uri || null;
+  } catch { return null; }
+}
+
+function _inferSlsaLevel(entry) {
+  try {
+    const body = JSON.parse(Buffer.from(entry.body, 'base64').toString('utf8'));
+    const pred = _findKey(body, 'predicateType') || _findKey(body, 'predicate_type');
+    if (!pred) return null;
+    const m = String(pred).match(/slsa\.dev\/provenance\/v(\d+(?:\.\d+)?)/i);
+    return m ? `SLSA-${m[1]}` : null;
+  } catch { return null; }
+}
+
+function _findKey(obj, key) {
+  if (!obj || typeof obj !== 'object') return null;
+  if (Object.prototype.hasOwnProperty.call(obj, key)) return obj[key];
+  for (const v of Object.values(obj)) {
+    const r = _findKey(v, key);
+    if (r) return r;
+  }
+  return null;
+}
+
+/**
+ * Annotate every SCA finding (vulnerable_dep or otherwise) with its
+ * provenance state. Caller already loaded `components` from parseManifests.
+ */
+export async function annotateProvenance(supplyChain, components) {
+  if (!Array.isArray(supplyChain) || !Array.isArray(components)) return { verified: 0, unverified: 0 };
+  if (process.env.AGENTIC_SECURITY_SIGSTORE !== '1') return { skipped: true };
+  const byNameVer = new Map();
+  for (const c of components) byNameVer.set(`${c.ecosystem}:${c.name}:${c.version}`, c);
+  let verified = 0, unverified = 0, tampered = 0, unknown = 0;
+  for (const sc of supplyChain) {
+    if (sc.type !== 'vulnerable_dep') continue;
+    const c = byNameVer.get(`${sc.ecosystem}:${sc.name}:${sc.version}`);
+    if (!c) { sc.provenance = { state: 'unknown', reason: 'component-not-in-manifest' }; unknown++; continue; }
+    const r = await verifyComponent(c);
+    sc.provenance = r;
+    if (r.state === 'verified') verified++;
+    else if (r.state === 'unverified') unverified++;
+    else if (r.state === 'tampered') tampered++;
+    else unknown++;
+  }
+  return { verified, unverified, tampered, unknown };
+}
+
+export const _internals = { _digestFor, _extractBuilderFromEntry, _extractSourceFromEntry, _findKey, CACHE_DIR };

package/src/sca/vendor-detect.js

@@ -87,5 +87,58 @@ export function detectVendoredLibraries(fileContents) {
       }
     }
   }
+  // Pass 2: Function-body structural matching for minified/forked copies
+  const FUNCTION_BODY_SIGS = [
+    { pkg: 'lodash', ecosystem: 'npm', fn: 'merge', paramMin: 1,
+      bodyContains: ['assignValue', 'baseFor', 'isObject', 'baseMerge'] },
+    { pkg: 'lodash', ecosystem: 'npm', fn: 'template', paramMin: 1,
+      bodyContains: ['sourceURL', 'interpolate', 'evaluate', 'escape'] },
+    { pkg: 'lodash', ecosystem: 'npm', fn: 'defaultsDeep', paramMin: 1,
+      bodyContains: ['baseMerge', 'isMergeableObject', 'customDefaultsMerge'] },
+    { pkg: 'jquery', ecosystem: 'npm', fn: 'ajax', paramMin: 1,
+      bodyContains: ['XMLHttpRequest', 'ajaxSettings', 'crossDomain', 'responseFields'] },
+    { pkg: 'handlebars', ecosystem: 'npm', fn: 'compile', paramMin: 1,
+      bodyContains: ['templateSpec', 'container', 'invokePartial', 'blockParams'] },
+    { pkg: 'marked', ecosystem: 'npm', fn: 'parse', paramMin: 1,
+      bodyContains: ['Lexer', 'Parser', 'blockTokens', 'walkTokens'] },
+    { pkg: 'ejs', ecosystem: 'npm', fn: 'render', paramMin: 1,
+      bodyContains: ['includeFile', 'resolveInclude', 'rethrow', 'escapeFn'] },
+    { pkg: 'moment', ecosystem: 'npm', fn: 'format', paramMin: 0,
+      bodyContains: ['formatMoment', 'expandFormat', 'makeFormatFunction', 'localFormattingTokens'] },
+    { pkg: 'underscore', ecosystem: 'npm', fn: 'template', paramMin: 1,
+      bodyContains: ['interpolate', 'evaluate', 'escape', 'templateSettings'] },
+    { pkg: 'minimist', ecosystem: 'npm', fn: 'parse', paramMin: 1,
+      bodyContains: ['boolean', 'alias', 'default', 'stopEarly', 'unknown'] },
+  ];
+
+  for (const [fp, content] of Object.entries(fileContents)) {
+    if (!content || typeof content !== 'string') continue;
+    if (SKIP_DIRS.test(fp)) continue;
+    if (!/\.(?:js|mjs|cjs)$/i.test(fp)) continue;
+    if (content.length < 200 || content.length > 500_000) continue;
+
+    for (const sig of FUNCTION_BODY_SIGS) {
+      const key = `${sig.pkg}:${fp}`;
+      if (seen.has(key)) continue;
+      const fnRe = new RegExp(`(?:function\\s+${sig.fn}|(?:const|let|var)\\s+${sig.fn}\\s*=|${sig.fn}\\s*[:=]\\s*function)\\s*\\(`, 'g');
+      const m = fnRe.exec(content);
+      if (!m) continue;
+      const bodyWindow = content.slice(m.index, m.index + 2000);
+      const matchCount = sig.bodyContains.filter(kw => bodyWindow.includes(kw)).length;
+      if (matchCount < Math.ceil(sig.bodyContains.length * 0.6)) continue;
+      seen.add(key);
+      detected.push({
+        name: sig.pkg,
+        version: 'unknown',
+        ecosystem: sig.ecosystem,
+        file: fp,
+        scope: 'vendored',
+        isVendored: true,
+        _detectionMethod: 'function-body-signature',
+        _matchedKeywords: matchCount,
+      });
+    }
+  }
+
   return detected;
 }

package/src/report/.agentic-security/findings.json

@@ -1,80 +0,0 @@
-{
-  "scanId": "db8e3115-87e6-4e90-8041-31f9921c7b54",
-  "startedAt": "2026-05-27T11:09:28.873Z",
-  "durationMs": 183,
-  "scanned": {
-    "files": 2,
-    "lines": 0
-  },
-  "findings": [],
-  "bundles": [],
-  "routes": [],
-  "components": [],
-  "suppressedCount": 0,
-  "blastRadiusSignals": {
-    "industry": "generic",
-    "industryConfidence": "low",
-    "jurisdictions": [],
-    "controls": [],
-    "estimatedUsers": 50,
-    "revenueIndicator": "pre-revenue",
-    "hasStripe": false,
-    "hasAuth": false,
-    "hasUserTable": false,
-    "hasPII": false,
-    "hasPHI": false,
-    "hasS3": false
-  },
-  "_v3": {
-    "counterfactual": {
-      "spofControls": [],
-      "controlsDetected": 174
-    },
-    "threatModel": {
-      "summary": {
-        "assetCount": 0,
-        "boundaryCount": 0,
-        "strideCounts": {
-          "spoofing": 0,
-          "tampering": 0,
-          "repudiation": 0,
-          "informationDisclosure": 0,
-          "denialOfService": 0,
-          "elevationOfPrivilege": 0
-        }
-      },
-      "assets": [],
-      "trustBoundaries": [],
-      "stride": {
-        "spoofing": [],
-        "tampering": [],
-        "repudiation": [],
-        "informationDisclosure": [],
-        "denialOfService": [],
-        "elevationOfPrivilege": []
-      }
-    },
-    "trustBoundaryDiagram": {
-      "mermaid": "flowchart LR\n  INTERNET((Internet))\n  APP[\"Application\"]\n  classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n  classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n  classDef sev_medium fill:#fff3cd,stroke:#a80;\n  classDef sev_low fill:#e8eaf6,stroke:#557;",
-      "nodes": [
-        {
-          "id": "INTERNET",
-          "kind": "external",
-          "label": "Internet"
-        },
-        {
-          "id": "APP",
-          "kind": "app",
-          "label": "Application"
-        }
-      ],
-      "edges": [],
-      "decorations": []
-    },
-    "calibrationDrift": {
-      "alarms": [],
-      "note": "no-feedback-data"
-    }
-  },
-  "annotatorErrors": []
-}

package/src/report/.agentic-security/last-scan.json

@@ -1,80 +0,0 @@
-{
-  "scanId": "db8e3115-87e6-4e90-8041-31f9921c7b54",
-  "startedAt": "2026-05-27T11:09:28.873Z",
-  "durationMs": 183,
-  "scanned": {
-    "files": 2,
-    "lines": 0
-  },
-  "findings": [],
-  "bundles": [],
-  "routes": [],
-  "components": [],
-  "suppressedCount": 0,
-  "blastRadiusSignals": {
-    "industry": "generic",
-    "industryConfidence": "low",
-    "jurisdictions": [],
-    "controls": [],
-    "estimatedUsers": 50,
-    "revenueIndicator": "pre-revenue",
-    "hasStripe": false,
-    "hasAuth": false,
-    "hasUserTable": false,
-    "hasPII": false,
-    "hasPHI": false,
-    "hasS3": false
-  },
-  "_v3": {
-    "counterfactual": {
-      "spofControls": [],
-      "controlsDetected": 174
-    },
-    "threatModel": {
-      "summary": {
-        "assetCount": 0,
-        "boundaryCount": 0,
-        "strideCounts": {
-          "spoofing": 0,
-          "tampering": 0,
-          "repudiation": 0,
-          "informationDisclosure": 0,
-          "denialOfService": 0,
-          "elevationOfPrivilege": 0
-        }
-      },
-      "assets": [],
-      "trustBoundaries": [],
-      "stride": {
-        "spoofing": [],
-        "tampering": [],
-        "repudiation": [],
-        "informationDisclosure": [],
-        "denialOfService": [],
-        "elevationOfPrivilege": []
-      }
-    },
-    "trustBoundaryDiagram": {
-      "mermaid": "flowchart LR\n  INTERNET((Internet))\n  APP[\"Application\"]\n  classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n  classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n  classDef sev_medium fill:#fff3cd,stroke:#a80;\n  classDef sev_low fill:#e8eaf6,stroke:#557;",
-      "nodes": [
-        {
-          "id": "INTERNET",
-          "kind": "external",
-          "label": "Internet"
-        },
-        {
-          "id": "APP",
-          "kind": "app",
-          "label": "Application"
-        }
-      ],
-      "edges": [],
-      "decorations": []
-    },
-    "calibrationDrift": {
-      "alarms": [],
-      "note": "no-feedback-data"
-    }
-  },
-  "annotatorErrors": []
-}

package/src/report/.agentic-security/last-scan.json.sig

@@ -1 +0,0 @@
-e3726a5fd5c2a4b763554484c083d9136dbb026f1f913a0c9b35e3455711b303

package/src/report/.agentic-security/scan-history.json

@@ -1,35 +0,0 @@
-[
-  {
-    "timestamp": "2026-05-27T11:06:13.261Z",
-    "label": "scan",
-    "total": 0,
-    "critical": 0,
-    "high": 0,
-    "medium": 0,
-    "low": 0,
-    "kev": 0,
-    "ids": []
-  },
-  {
-    "timestamp": "2026-05-27T11:07:38.301Z",
-    "label": "scan",
-    "total": 0,
-    "critical": 0,
-    "high": 0,
-    "medium": 0,
-    "low": 0,
-    "kev": 0,
-    "ids": []
-  },
-  {
-    "timestamp": "2026-05-27T11:09:29.055Z",
-    "label": "scan",
-    "total": 0,
-    "critical": 0,
-    "high": 0,
-    "medium": 0,
-    "low": 0,
-    "kev": 0,
-    "ids": []
-  }
-]

package/src/report/.agentic-security/streak.json

@@ -1,22 +0,0 @@
-{
-  "firstScanDate": "2026-05-27T11:06:13.266Z",
-  "lastScanDate": "2026-05-27T11:09:29.061Z",
-  "totalScans": 3,
-  "daysCleanCritical": 1,
-  "lastCleanDate": "2026-05-27",
-  "lastCriticalDate": null,
-  "hasEverHadCritical": false,
-  "bestDaysCleanCritical": 1,
-  "totalFindingsAtFirstScan": 0,
-  "totalFindingsAtLastScan": 0,
-  "totalFixesInferred": 0,
-  "lastGrade": "A+",
-  "bestGrade": "A+",
-  "launchCheckPassedAt": null,
-  "achievements": [
-    "first-scan",
-    "grade-a",
-    "grade-a-plus"
-  ],
-  "previousGrade": "A+"
-}