@clear-capabilities/agentic-security-scanner 0.79.0 → 0.80.0

package/src/sast/dapp-frontend.js

@@ -0,0 +1,200 @@
+// DApp frontend Web3 risks — Item #3 (companion to web3-advanced.js).
+//
+// Wallet-interacting frontend (ethers.js, viem, wagmi, web3.js, RainbowKit,
+// Privy) has its own attack surface that doesn't live in the Solidity
+// detector:
+//
+//   1. UNLIMITED_APPROVAL   — token.approve(spender, MaxUint256) /
+//                             ethers.constants.MaxUint256 / 2**256-1
+//                             without the user being able to scope it
+//   2. ETH_SIGN_USED        — provider.request({method:'eth_sign'}) — the
+//                             "death sign" — accepts arbitrary opaque hash
+//   3. PERSONAL_SIGN_NO_DOMAIN — personal_sign without the EIP-191
+//                                 personal-message prefix being shown to user
+//   4. WINDOW_ETHEREUM_UNGUARDED — directly using window.ethereum without
+//                                   trusted-RPC check (lets a malicious
+//                                   wallet extension inject)
+//   5. WALLETCONNECT_BRIDGE_INSECURE — using wc.bridge with http:// or a
+//                                       third-party bridge URL
+//   6. PRIVATE_KEY_IN_FRONTEND — Wallet.fromMnemonic / new Wallet(privKey)
+//                                 in client-side code (must only be in
+//                                 server/SDK; never browser)
+//   7. SIGN_TYPED_DATA_NO_DOMAIN — eth_signTypedData with empty/missing
+//                                  domain.chainId
+//   8. ETHERSCAN_API_KEY_INLINE  — Etherscan / Alchemy / Infura API key
+//                                  hard-coded in client bundle
+//
+// File scope: JS / TS / JSX / TSX. Returns empty on .sol / .vy.
+
+import { blankComments } from './_comment-strip.js';
+
+function _line(raw, idx) { return raw.slice(0, idx).split('\n').length; }
+function _snip(raw, line) { return (raw.split('\n')[line - 1] || '').trim().slice(0, 200); }
+
+function _shape(file, line, ruleId, vuln, fam, sev, cwe, remediation, description) {
+  return {
+    id: `${ruleId}:${file}:${line}`,
+    file, line, vuln, severity: sev, cwe,
+    family: fam, parser: 'DAPP-FRONTEND',
+    confidence: 0.8,
+    description: description || vuln,
+    remediation,
+  };
+}
+
+const _RELEVANT_FILE = /\.(?:[jt]sx?|mjs|cjs)$/i;
+
+function _isWeb3Frontend(text) {
+  return /\bethers\b|\bviem\b|\bwagmi\b|\bweb3\b|\bRainbow\b|\bPrivy\b|\bWalletConnect\b|window\.ethereum/.test(text);
+}
+
+function detectUnlimitedApproval(file, raw, code, out, seen) {
+  // ERC-20 approve calls with MaxUint256 / 2**256-1 / ethers.constants.MaxUint256.
+  const patterns = [
+    /\bapprove\s*\([^)]*?(?:MaxUint256|MAX_UINT256|2\s*\*\*\s*256\s*-\s*1|ethers\.constants\.MaxUint256|maxUint256|2n\s*\*\*\s*256n\s*-\s*1n)\b[^)]*\)/g,
+    /\bapprove\s*\([^)]*?["']0x[fF]{64}["']\b[^)]*\)/g,
+  ];
+  for (const re of patterns) {
+    let m;
+    while ((m = re.exec(code))) {
+      const ln = _line(raw, m.index);
+      const id = `dapp-unlimited-approval:${file}:${ln}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      out.push(_shape(file, ln, 'dapp-unlimited-approval',
+        'ERC-20 approve with MaxUint256 — unlimited spender allowance',
+        'unlimited-approval', 'high', 'CWE-863',
+        'Approve only the exact amount needed for the current operation. Unlimited approvals are the dominant attack vector for drainer scams — once approved, a compromised spender contract can move the entire token balance forever. Use Permit2 (Uniswap) for short-lived approvals OR EIP-2612 permit() for single-shot allowances.',
+        'Unlimited approve is the #1 cause of wallet-drainer losses in 2024-2025 (>$300M annually). Etherscan now warns users about MaxUint256 approvals at signing time.'));
+    }
+  }
+}
+
+function detectEthSign(file, raw, code, out, seen) {
+  // Pattern: provider.request({method: 'eth_sign'}) — the "death sign".
+  const re = /\b(?:provider|signer|wallet|window\.ethereum)\s*\.\s*request\s*\(\s*\{\s*method\s*:\s*['"]eth_sign['"]/g;
+  let m;
+  while ((m = re.exec(code))) {
+    const ln = _line(raw, m.index);
+    const id = `dapp-eth-sign:${file}:${ln}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    out.push(_shape(file, ln, 'dapp-eth-sign',
+      'eth_sign — signs arbitrary 32-byte hash with no prefix (the "death sign")',
+      'eth-sign-used', 'critical', 'CWE-345',
+      'Never use eth_sign. The 32-byte hash being signed can be a valid transaction hash, valid permit message, or anything else — there is no domain separation. Use personal_sign for human messages or eth_signTypedData_v4 for structured data. MetaMask now warns when a site requests eth_sign.',
+      'eth_sign signs without ANY prefix. An attacker presents a hash that happens to be the keccak of a transaction; the user signs; the signed transaction is now broadcastable. This is the underlying bug in many phishing drainers.'));
+  }
+}
+
+function detectPersonalSignNoMessage(file, raw, code, out, seen) {
+  // personal_sign with an empty / non-descriptive message string.
+  const re = /\bpersonal_sign\b|\bsignMessage\s*\(\s*['"][^'"]{0,20}['"]/g;
+  let m;
+  while ((m = re.exec(code))) {
+    // Detect: signMessage("") or signMessage("ok") — too short to be meaningful.
+    if (m[0].startsWith('signMessage')) {
+      const ln = _line(raw, m.index);
+      const id = `dapp-personal-sign-empty:${file}:${ln}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      out.push(_shape(file, ln, 'dapp-personal-sign-empty',
+        'signMessage with empty or trivial message — user has no context to evaluate',
+        'personal-sign-no-domain', 'medium', 'CWE-345',
+        'Include the action being authorized, the domain (your dapp URL), the address being affected, and a unique nonce in the message. The signing UI displays the message to the user — make it meaningful so the user can detect phishing.',
+        'A short / blank message means the user can\'t tell if they\'re signing in to YOUR app or a malicious clone. EIP-4361 (Sign-In With Ethereum) encodes a structured format that wallets can verify.'));
+    }
+  }
+}
+
+function detectWalletPrivKeyInFrontend(file, raw, code, out, seen) {
+  // new Wallet(0x...) / Wallet.fromMnemonic in code that's reachable from a
+  // bundle (presence of React, Next, Vite, Vue is signal).
+  if (!/\b(?:React|next\/|vite|Vue|svelte|expo|electron)\b/.test(raw)) return;
+  const patterns = [
+    /\bnew\s+(?:ethers\.)?Wallet\s*\(\s*['"]0x[a-fA-F0-9]{64}['"]/g,
+    /\bWallet\.fromMnemonic\s*\(/g,
+    /\bWallet\.fromPrivateKey\s*\(/g,
+  ];
+  for (const re of patterns) {
+    let m;
+    while ((m = re.exec(code))) {
+      const ln = _line(raw, m.index);
+      const id = `dapp-wallet-privkey-frontend:${file}:${ln}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      out.push(_shape(file, ln, 'dapp-wallet-privkey-frontend',
+        'Wallet constructed from raw key / mnemonic in client-side code',
+        'private-key-in-frontend', 'critical', 'CWE-798',
+        'Never construct a Wallet with a raw private key or mnemonic in code that ships to the browser. Use a wallet provider (window.ethereum, WalletConnect, Privy) and request signatures via the standard JSON-RPC methods.',
+        'A private key in client-side code is visible in the bundle. Even worse, mnemonic-based flows often persist seed phrases to localStorage — accessible to any extension or XSS payload.'));
+    }
+  }
+}
+
+function detectSignTypedDataNoChainId(file, raw, code, out, seen) {
+  // eth_signTypedData with domain.chainId missing or hard-coded to 1
+  // (won't validate on L2s, allows cross-chain replay).
+  const re = /signTypedData(?:_v[34])?\s*\(\s*\{[\s\S]{0,800}?domain\s*:\s*\{([^}]*)\}/g;
+  let m;
+  while ((m = re.exec(code))) {
+    const domain = m[1];
+    if (/\bchainId\b/.test(domain)) continue;
+    const ln = _line(raw, m.index);
+    const id = `dapp-typed-data-no-chainid:${file}:${ln}`;
+    if (seen.has(id)) continue;
+    seen.add(id);
+    out.push(_shape(file, ln, 'dapp-typed-data-no-chainid',
+      'eth_signTypedData without domain.chainId — cross-chain replay surface',
+      'typed-data-no-chainid', 'high', 'CWE-294',
+      'Always include `chainId` in the EIP-712 domain. Without it, a signature valid on Ethereum mainnet is also valid on every L2 and testnet — letting an attacker reuse a meta-tx signature across chains to drain the same user.',
+      'EIP-712 domain separator binds the signature to (name, version, chainId, verifyingContract). Drop any field and signatures become portable to environments where the contract has different semantics.'));
+  }
+}
+
+function detectEtherscanApiKeyInline(file, raw, code, out, seen) {
+  // Etherscan / Alchemy / Infura API key embedded inline.
+  const patterns = [
+    /\b(?:etherscan|polygonscan|bscscan|arbiscan)\.io\/api[^"'`]*apikey=([A-Z0-9]{30,40})/gi,
+    /\balchemy\.com\/v2\/([A-Za-z0-9_-]{20,40})/g,
+    /\binfura\.io\/v3\/([A-Za-z0-9]{30,40})/g,
+  ];
+  for (const re of patterns) {
+    let m;
+    while ((m = re.exec(code))) {
+      const ln = _line(raw, m.index);
+      const id = `dapp-rpc-key-inline:${file}:${ln}`;
+      if (seen.has(id)) continue;
+      seen.add(id);
+      out.push(_shape(file, ln, 'dapp-rpc-key-inline',
+        'RPC provider key embedded in client-side code (visible in bundle)',
+        'rpc-key-inline', 'high', 'CWE-798',
+        'Move RPC provider API keys to a server-side proxy (e.g. Next.js API route, Cloudflare Worker) that adds the key before forwarding. Embedded keys are scraped by bots within hours of deploy and used to grief your quota.',
+        'Alchemy / Infura / Etherscan keys in browser bundles are scraped by automated tools. Beyond quota exhaustion, leaked keys can be used to deanonymize your users\' RPC traffic.'));
+    }
+  }
+}
+
+export function scanDappFrontend(fp, raw) {
+  if (process.env.AGENTIC_SECURITY_NO_DAPP === '1') return [];
+  if (!raw || raw.length > 500_000) return [];
+  if (!_RELEVANT_FILE.test(fp)) return [];
+  if (!_isWeb3Frontend(raw)) return [];
+  const code = blankComments(raw);
+  const out = [];
+  const seen = new Set();
+  try { detectUnlimitedApproval(fp, raw, code, out, seen); } catch {}
+  try { detectEthSign(fp, raw, code, out, seen); } catch {}
+  try { detectPersonalSignNoMessage(fp, raw, code, out, seen); } catch {}
+  try { detectWalletPrivKeyInFrontend(fp, raw, code, out, seen); } catch {}
+  try { detectSignTypedDataNoChainId(fp, raw, code, out, seen); } catch {}
+  try { detectEtherscanApiKeyInline(fp, raw, code, out, seen); } catch {}
+  for (const f of out) f.file = fp;
+  return out;
+}
+
+export const _internals = {
+  _isWeb3Frontend, detectUnlimitedApproval, detectEthSign,
+  detectPersonalSignNoMessage, detectWalletPrivKeyInFrontend,
+  detectSignTypedDataNoChainId, detectEtherscanApiKeyInline,
+};

package/src/sast/k8s-admission.js

@@ -0,0 +1,271 @@
+// Kubernetes admission / RBAC / PodSecurity analyzer — Item #4 of the
+// world-class+3 plan.
+//
+// Coverage:
+//
+//   RBAC (Role / ClusterRole / RoleBinding / ClusterRoleBinding):
+//     - k8s-rbac-wildcard-verbs       verbs: ['*']
+//     - k8s-rbac-wildcard-resources   resources: ['*']
+//     - k8s-rbac-wildcard-apigroups   apiGroups: ['*']
+//     - k8s-rbac-cluster-admin        ClusterRoleBinding → cluster-admin
+//     - k8s-rbac-system-anonymous     binding subject system:anonymous /
+//                                      system:unauthenticated
+//     - k8s-rbac-system-authenticated-write  bound to write-capable role
+//
+//   PodSecurity:
+//     - k8s-pod-privileged            securityContext.privileged: true
+//     - k8s-pod-hostnetwork           hostNetwork: true
+//     - k8s-pod-hostpid               hostPID: true
+//     - k8s-pod-hostipc               hostIPC: true
+//     - k8s-pod-hostpath              volumes[].hostPath
+//     - k8s-pod-allow-privesc         allowPrivilegeEscalation: true
+//     - k8s-pod-run-as-root           runAsNonRoot: false  OR  runAsUser: 0
+//     - k8s-pod-capabilities-broad    capabilities.add: SYS_ADMIN / NET_ADMIN / ALL
+//
+//   Admission webhooks:
+//     - k8s-webhook-failure-ignore    ValidatingWebhookConfiguration with
+//                                      failurePolicy: Ignore on security-critical webhook
+//
+//   Service account / token mount:
+//     - k8s-sa-automount-admin        ServiceAccount with automountServiceAccountToken !== false
+//                                      AND bound to a powerful ClusterRole
+//
+// Detection: lightweight YAML parsing via regex on `kind:` and `key: value`
+// pairs. We avoid pulling in a YAML lib for now — k8s YAML is simple enough
+// that pattern detection on key prefixes is reliable.
+//
+// Opt-out: AGENTIC_SECURITY_NO_K8S_ADM=1
+
+import { blankComments } from './_comment-strip.js';
+
+const _IS_K8S_FILE = /\.(?:yaml|yml)$/i;
+
+function _line(raw, idx) { return raw.slice(0, idx).split('\n').length; }
+function _snip(raw, line) { return (raw.split('\n')[line - 1] || '').trim().slice(0, 200); }
+
+function _shape(file, line, ruleId, vuln, fam, sev, cwe, remediation, description) {
+  return {
+    id: `${ruleId}:${file}:${line}`,
+    file, line, vuln, severity: sev, cwe,
+    family: fam, parser: 'K8S-ADM',
+    confidence: 0.85,
+    stride: 'Elevation of Privilege',
+    description: description || vuln,
+    remediation,
+  };
+}
+
+function _docKinds(raw) {
+  // Heuristic: split on `---` document separators and extract kind: line.
+  return raw.split(/^---\s*$/m).map(doc => {
+    const k = /kind:\s*([A-Za-z0-9]+)/.exec(doc);
+    return { kind: k ? k[1] : null, body: doc };
+  });
+}
+
+// ── RBAC ───────────────────────────────────────────────────────────────────
+
+function detectRbac(file, raw, out, seen) {
+  const docs = _docKinds(raw);
+  for (const { kind, body } of docs) {
+    if (!kind) continue;
+    if (!/^(?:Role|ClusterRole|RoleBinding|ClusterRoleBinding)$/.test(kind)) continue;
+
+    // Role / ClusterRole rules — wildcards.
+    if (/^(?:Role|ClusterRole)$/.test(kind)) {
+      // Use the entire document body as the rules block — simpler than trying
+      // to delimit the rules: section across all YAML formatting variants.
+      const block = body;
+      if (/verbs:\s*\[\s*['"]?\*['"]?\s*\]/.test(block) || /verbs:\s*\n\s*-\s*['"]?\*['"]?/.test(block)) {
+        const ln = _line(raw, (block.match(/verbs:/) || [''])[0] || '');
+        const id = `k8s-rbac-wildcard-verbs:${file}:${ln}`;
+        if (!seen.has(id)) {
+          seen.add(id);
+          out.push(_shape(file, ln, 'k8s-rbac-wildcard-verbs',
+            `${kind} grants wildcard verbs ['*'] — full action access`,
+            'k8s-rbac-wildcard', 'high', 'CWE-269',
+            'Replace `verbs: ["*"]` with the specific verbs needed (get, list, watch, create, update, patch, delete). Use kubectl auth can-i to confirm minimum required set.',
+            'Wildcard verbs include exec, port-forward, and other powerful operations beyond CRUD. CIS Kubernetes Benchmark 5.1.x explicitly bans wildcard verbs in production RBAC.'));
+        }
+      }
+      if (/resources:\s*\[\s*['"]?\*['"]?\s*\]/.test(block) || /resources:\s*\n\s*-\s*['"]?\*['"]?/.test(block)) {
+        const ln = _line(raw, block.match(/resources:/)[0]);
+        const id = `k8s-rbac-wildcard-resources:${file}:${ln}`;
+        if (!seen.has(id)) {
+          seen.add(id);
+          out.push(_shape(file, ln, 'k8s-rbac-wildcard-resources',
+            `${kind} grants wildcard resources ['*'] — every Kubernetes object type`,
+            'k8s-rbac-wildcard', 'high', 'CWE-269',
+            'Enumerate the specific resource kinds (pods, services, deployments, secrets, configmaps, ...) the role actually needs. Wildcard resources includes secrets, which exposes credential material to every subject.',
+            'Wildcard resources include secrets, certificates, and CRDs. The 2019-2021 cryptojacking K8s incidents all leveraged over-broad ClusterRoles with wildcard resources.'));
+        }
+      }
+      if (/apiGroups:\s*\[\s*['"]?\*['"]?\s*\]/.test(block) || /apiGroups:\s*\n\s*-\s*['"]?\*['"]?/.test(block)) {
+        const ln = _line(raw, block.match(/apiGroups:/)[0]);
+        const id = `k8s-rbac-wildcard-apigroups:${file}:${ln}`;
+        if (!seen.has(id)) {
+          seen.add(id);
+          out.push(_shape(file, ln, 'k8s-rbac-wildcard-apigroups',
+            `${kind} grants wildcard apiGroups — every API group including CRDs`,
+            'k8s-rbac-wildcard', 'medium', 'CWE-269',
+            'List the specific apiGroups needed (e.g. "", "apps", "batch", "rbac.authorization.k8s.io"). Wildcard apiGroups gives access to every CRD that may be installed later — future-proofing in the wrong direction.',
+            'Wildcard apiGroups is especially dangerous when CRDs grant cluster-level permissions through their own controllers (cert-manager, ArgoCD, Tekton).'));
+        }
+      }
+    }
+
+    // RoleBinding / ClusterRoleBinding
+    if (/^(?:RoleBinding|ClusterRoleBinding)$/.test(kind)) {
+      // cluster-admin binding.
+      if (/roleRef:\s*[\s\S]*?name:\s*cluster-admin/.test(body)) {
+        const ln = _line(raw, 'cluster-admin');
+        const id = `k8s-rbac-cluster-admin:${file}:${ln}`;
+        if (!seen.has(id)) {
+          seen.add(id);
+          out.push(_shape(file, ln, 'k8s-rbac-cluster-admin',
+            `${kind} binds to cluster-admin — full cluster control`,
+            'k8s-rbac-cluster-admin', 'critical', 'CWE-269',
+            'Replace cluster-admin with a narrowly-scoped ClusterRole or RoleBinding limited to the operational namespace. Use Role/RoleBinding (namespaced) instead of ClusterRoleBinding wherever possible.',
+            'cluster-admin is the K8s equivalent of root. A bound user/SA can install controllers, create privileged pods, and exfiltrate every secret. CIS K8s 5.1.1 mandates minimizing cluster-admin bindings.'));
+        }
+      }
+      // system:anonymous / system:unauthenticated subjects.
+      if (/subjects:\s*[\s\S]*?(?:name:\s*system:(?:anonymous|unauthenticated))/.test(body)) {
+        const ln = _line(raw, 'system:');
+        const id = `k8s-rbac-system-anonymous:${file}:${ln}`;
+        if (!seen.has(id)) {
+          seen.add(id);
+          out.push(_shape(file, ln, 'k8s-rbac-system-anonymous',
+            `${kind} binds a role to system:anonymous / system:unauthenticated`,
+            'k8s-rbac-anonymous', 'critical', 'CWE-862',
+            'Remove the anonymous/unauthenticated subject. Replace with a ServiceAccount or explicit User/Group bound only after authentication. If you genuinely need a permissionless API for a probe, scope it to /healthz / /readyz only.',
+            'Binding any role to system:anonymous makes that role available without authentication — anyone with network reach to the API server can act with those permissions.'));
+        }
+      }
+      // system:authenticated bound to write-capable role.
+      if (/subjects:\s*[\s\S]*?name:\s*system:authenticated/.test(body) &&
+          /roleRef:\s*[\s\S]*?name:\s*(?:cluster-admin|admin|edit|system:node)/.test(body)) {
+        const ln = _line(raw, 'system:authenticated');
+        const id = `k8s-rbac-system-authenticated-write:${file}:${ln}`;
+        if (!seen.has(id)) {
+          seen.add(id);
+          out.push(_shape(file, ln, 'k8s-rbac-system-authenticated-write',
+            `${kind} binds a write-capable role to system:authenticated`,
+            'k8s-rbac-overbroad-binding', 'high', 'CWE-863',
+            'Replace system:authenticated with specific groups, ServiceAccounts, or users. system:authenticated includes every Service Account in every namespace + every legitimately-issued client cert.',
+            'system:authenticated is essentially "anyone who has a valid token" — including every default service account on every workload, friendly or hostile.'));
+        }
+      }
+    }
+  }
+}
+
+// ── PodSecurity ────────────────────────────────────────────────────────────
+
+function detectPodSecurity(file, raw, out, seen) {
+  const docs = _docKinds(raw);
+  for (const { kind, body } of docs) {
+    if (!kind) continue;
+    if (!/^(?:Pod|Deployment|StatefulSet|DaemonSet|Job|CronJob|ReplicaSet|ReplicationController)$/.test(kind)) continue;
+
+    const checks = [
+      { re: /privileged:\s*true\b/g,                  rule: 'k8s-pod-privileged',       sev: 'critical', cwe: 'CWE-250',
+        vuln: 'Pod runs in privileged mode',
+        remediation: 'Remove privileged: true. Use capability drops (capabilities.drop: [ALL]) and capabilities.add only the specific Linux caps required.' },
+      { re: /hostNetwork:\s*true\b/g,                 rule: 'k8s-pod-hostnetwork',      sev: 'high',     cwe: 'CWE-668',
+        vuln: 'Pod uses host network — shares node IP stack',
+        remediation: 'Remove hostNetwork: true. If you need NodePort behavior, use a Service of type NodePort or LoadBalancer instead.' },
+      { re: /hostPID:\s*true\b/g,                     rule: 'k8s-pod-hostpid',          sev: 'high',     cwe: 'CWE-668',
+        vuln: 'Pod uses host PID namespace — can see/signal node processes',
+        remediation: 'Remove hostPID: true. Container escape research targets host-pid pods first.' },
+      { re: /hostIPC:\s*true\b/g,                     rule: 'k8s-pod-hostipc',          sev: 'high',     cwe: 'CWE-668',
+        vuln: 'Pod uses host IPC namespace',
+        remediation: 'Remove hostIPC: true. Almost no workload genuinely needs this.' },
+      { re: /hostPath:\s*\n\s*path:/g,                rule: 'k8s-pod-hostpath',         sev: 'high',     cwe: 'CWE-732',
+        vuln: 'Pod mounts a hostPath volume — node-filesystem reach',
+        remediation: 'Replace hostPath with PersistentVolumeClaim or ConfigMap. hostPath mounts let the pod read any file the node user can read — including /var/lib/kubelet/pods/* (other pods\' secrets).' },
+      { re: /allowPrivilegeEscalation:\s*true\b/g,    rule: 'k8s-pod-allow-privesc',    sev: 'high',     cwe: 'CWE-250',
+        vuln: 'Pod allows privilege escalation (no_new_privs disabled)',
+        remediation: 'Set allowPrivilegeEscalation: false. This sets the no_new_privs bit, preventing setuid / setgid binaries from gaining additional privileges.' },
+      { re: /runAsNonRoot:\s*false\b/g,               rule: 'k8s-pod-run-as-root',      sev: 'medium',   cwe: 'CWE-250',
+        vuln: 'Pod explicitly allows running as root',
+        remediation: 'Set runAsNonRoot: true and runAsUser: <non-zero>. Build images with a non-root USER directive.' },
+      { re: /runAsUser:\s*0\b/g,                      rule: 'k8s-pod-run-as-root',      sev: 'medium',   cwe: 'CWE-250',
+        vuln: 'Pod runAsUser: 0 (root)',
+        remediation: 'Set runAsUser to a non-zero UID (e.g. 1000). Combine with runAsNonRoot: true for defense-in-depth.' },
+      { re: /capabilities:\s*\n\s*add:\s*[\s\S]{0,200}?(?:SYS_ADMIN|NET_ADMIN|SYS_PTRACE|ALL)\b/g,
+                                                       rule: 'k8s-pod-capabilities-broad', sev: 'high',   cwe: 'CWE-250',
+        vuln: 'Pod adds dangerous Linux capability (SYS_ADMIN / NET_ADMIN / SYS_PTRACE / ALL)',
+        remediation: 'Drop ALL and add only the minimum cap(s) needed. SYS_ADMIN approximates root inside the container; NET_ADMIN allows iptables manipulation; SYS_PTRACE allows reading every process\'s memory.' },
+    ];
+
+    for (const c of checks) {
+      let m;
+      while ((m = c.re.exec(body))) {
+        const docStart = raw.indexOf(body);
+        const ln = _line(raw, body.slice(0, m.index)) + (docStart > 0 ? _line(raw, raw.slice(0, docStart)) - 1 : 0);
+        const id = `${c.rule}:${file}:${ln}`;
+        if (seen.has(id)) continue;
+        seen.add(id);
+        out.push(_shape(file, ln, c.rule, c.vuln,
+          c.rule.replace(/^k8s-pod-/, 'k8s-pod-security-'), c.sev, c.cwe,
+          c.remediation,
+          undefined));
+      }
+    }
+  }
+}
+
+// ── Admission webhooks ─────────────────────────────────────────────────────
+
+function detectWebhooks(file, raw, out, seen) {
+  const docs = _docKinds(raw);
+  for (const { kind, body } of docs) {
+    if (!/^(?:ValidatingWebhookConfiguration|MutatingWebhookConfiguration)$/.test(kind || '')) continue;
+    // failurePolicy: Ignore on security-sensitive admission webhook.
+    if (/failurePolicy:\s*Ignore\b/.test(body)) {
+      const ln = _line(raw, body.match(/failurePolicy:/)[0]);
+      const id = `k8s-webhook-failure-ignore:${file}:${ln}`;
+      if (!seen.has(id)) {
+        seen.add(id);
+        out.push(_shape(file, ln, 'k8s-webhook-failure-ignore',
+          `${kind} uses failurePolicy: Ignore — admission silently bypassed on webhook outage`,
+          'k8s-webhook-bypass', 'high', 'CWE-754',
+          'Set failurePolicy: Fail for security-critical webhooks (PodSecurity, image-signing verification, network policy enforcement). Use Ignore only for observability/audit-only webhooks where false-pass is preferable to API-server stalls.',
+          'failurePolicy: Ignore means a webhook outage (network blip, pod crash) silently disables the admission check — a perfect window for a bypass attack. The 2022 Argo CD incident exploited exactly this.'));
+      }
+    }
+    // sideEffects: None / NoneOnDryRun missing → flag as a separate issue.
+    if (!/sideEffects:/.test(body)) {
+      const ln = _line(raw, body);
+      const id = `k8s-webhook-no-sideeffects:${file}:${ln}`;
+      if (!seen.has(id)) {
+        seen.add(id);
+        out.push(_shape(file, ln, 'k8s-webhook-no-sideeffects',
+          `${kind} missing sideEffects declaration`,
+          'k8s-webhook-sideeffects', 'low', 'CWE-1287',
+          'Add `sideEffects: None` or `sideEffects: NoneOnDryRun`. Required since admissionregistration.k8s.io/v1; missing the field makes dry-run admission unreliable.',
+          undefined));
+      }
+    }
+  }
+}
+
+// ── Entry point ────────────────────────────────────────────────────────────
+
+export function scanK8sAdmission(fp, raw) {
+  if (process.env.AGENTIC_SECURITY_NO_K8S_ADM === '1') return [];
+  if (!raw || raw.length > 500_000) return [];
+  if (!_IS_K8S_FILE.test(fp)) return [];
+  if (!/^(?:apiVersion|kind):/m.test(raw)) return [];
+
+  const out = [];
+  const seen = new Set();
+  try { detectRbac(fp, raw, out, seen); } catch {}
+  try { detectPodSecurity(fp, raw, out, seen); } catch {}
+  try { detectWebhooks(fp, raw, out, seen); } catch {}
+  for (const f of out) f.file = fp;
+  return out;
+}
+
+export const _internals = { detectRbac, detectPodSecurity, detectWebhooks, _docKinds };