@cyclonedx/cdxgen 12.3.0 → 12.3.2

package/bin/repl.js

@@ -143,6 +143,13 @@ function printAuditTable(title, rows) {
   );
 }
 
+function getPropertyValue(propertiesOrObject, propertyName) {
+  const properties = Array.isArray(propertiesOrObject)
+    ? propertiesOrObject
+    : propertiesOrObject?.properties;
+  return properties?.find((property) => property.name === propertyName)?.value;
+}
+
 function isLikelyObom(bom) {
   return Boolean(
     bom?.components?.some((comp) =>
@@ -151,6 +158,69 @@ function isLikelyObom(bom) {
   );
 }
 
+function isLikelyCargoBom(bom) {
+  const formulation = Array.isArray(bom?.formulation)
+    ? bom.formulation
+    : bom?.formulation
+      ? [bom.formulation]
+      : [];
+  return Boolean(
+    bom?.components?.some((component) =>
+      component?.purl?.startsWith("pkg:cargo/"),
+    ) ||
+      formulation.some((entry) =>
+        entry?.components?.some(
+          (component) =>
+            getPropertyValue(component, "cdx:rust:buildTool") === "cargo",
+        ),
+      ),
+  );
+}
+
+function getCargoHotspotComponents(bom) {
+  return (bom?.components || []).filter(
+    (component) =>
+      component?.purl?.startsWith("pkg:cargo/") &&
+      (getPropertyValue(component, "cdx:cargo:yanked") === "true" ||
+        Boolean(getPropertyValue(component, "cdx:cargo:git")) ||
+        Boolean(getPropertyValue(component, "cdx:cargo:path")) ||
+        getPropertyValue(component, "cdx:cargo:dependencyKind") === "build" ||
+        getPropertyValue(component, "cdx:cargo:workspaceDependencyResolved") ===
+          "true" ||
+        Boolean(getPropertyValue(component, "cdx:cargo:target"))),
+  );
+}
+
+function getCargoWorkflowComponents(bom) {
+  return (bom?.components || []).filter(
+    (component) =>
+      getPropertyValue(component, "cdx:github:action:ecosystem") === "cargo" ||
+      getPropertyValue(component, "cdx:github:step:usesCargo") === "true",
+  );
+}
+
+function getCargoFormulationEntries(bom) {
+  const formulation = Array.isArray(bom?.formulation)
+    ? bom.formulation
+    : bom?.formulation
+      ? [bom.formulation]
+      : [];
+  const matchingEntries = [];
+  for (const formulationEntry of formulation) {
+    const cargoComponents = (formulationEntry?.components || []).filter(
+      (component) =>
+        getPropertyValue(component, "cdx:rust:buildTool") === "cargo",
+    );
+    if (cargoComponents.length) {
+      matchingEntries.push({
+        ...formulationEntry,
+        components: cargoComponents,
+      });
+    }
+  }
+  return matchingEntries;
+}
+
 let historyFile;
 const historyConfigDir = join(homedir(), ".config", ".cdxgen");
 if (!process.env.CDXGEN_REPL_HISTORY && !fs.existsSync(historyConfigDir)) {
@@ -182,6 +252,11 @@ export const importSbom = (sbomOrPath) => {
           "💭 OBOM detected. Try .osinfocategories, .obomtips, .processes, or .services_snapshot",
         );
       }
+      if (isLikelyCargoBom(sbom)) {
+        console.log(
+          "💭 Cargo signals detected. Try .cargohotspots or .cargoworkflows.",
+        );
+      }
       if (getAuditAnnotations().length) {
         console.log(
           "💭 Audit annotations detected. Try .auditfindings, .auditactions, or .dispatchedges.",
@@ -280,6 +355,11 @@ cdxgenRepl.defineCommand("create", {
           "💭 Type .auditfindings to review cdx-audit and bom-audit annotations.",
         );
       }
+      if (isLikelyCargoBom(sbom)) {
+        console.log(
+          "💭 Type .cargohotspots or .cargoworkflows for Cargo-specific pivots.",
+        );
+      }
     } else {
       console.log("BOM was not generated successfully");
     }
@@ -758,6 +838,64 @@ cdxgenRepl.defineCommand("formulation", {
     this.displayPrompt();
   },
 });
+cdxgenRepl.defineCommand("cargohotspots", {
+  help: "show Cargo package components with high-signal source, workspace, or build metadata",
+  action() {
+    const interactiveBom = getInteractiveBom();
+    if (!interactiveBom?.components) {
+      console.log("⚠ No BOM is loaded. Use .import command to import an SBOM");
+      this.displayPrompt();
+      return;
+    }
+    const cargoComponents = getCargoHotspotComponents(interactiveBom);
+    if (!cargoComponents.length) {
+      console.log(
+        "No Cargo hotspot components found. Look for Cargo BOMs enriched with manifest, registry, or workspace metadata.",
+      );
+      this.displayPrompt();
+      return;
+    }
+    printTable(
+      { components: cargoComponents, dependencies: [] },
+      undefined,
+      undefined,
+      `Found ${cargoComponents.length} Cargo component(s) with high-signal source, workspace, or build metadata.`,
+    );
+    this.displayPrompt();
+  },
+});
+cdxgenRepl.defineCommand("cargoworkflows", {
+  help: "show Cargo-native build formulation plus Cargo-related workflow actions and run steps",
+  action() {
+    const interactiveBom = getInteractiveBom();
+    if (!interactiveBom) {
+      console.log("⚠ No BOM is loaded. Use .import command to import an SBOM");
+      this.displayPrompt();
+      return;
+    }
+    const cargoWorkflowComponents = getCargoWorkflowComponents(interactiveBom);
+    const cargoFormulation = getCargoFormulationEntries(interactiveBom);
+    if (!cargoWorkflowComponents.length && !cargoFormulation.length) {
+      console.log(
+        "No Cargo workflow or formulation pivots found. Import an SBOM generated with --include-formulation for Cargo projects.",
+      );
+      this.displayPrompt();
+      return;
+    }
+    if (cargoWorkflowComponents.length) {
+      printTable(
+        { components: cargoWorkflowComponents, dependencies: [] },
+        undefined,
+        undefined,
+        `Found ${cargoWorkflowComponents.length} Cargo-related workflow component(s).`,
+      );
+    }
+    if (cargoFormulation.length) {
+      printFormulation({ formulation: cargoFormulation });
+    }
+    this.displayPrompt();
+  },
+});
 cdxgenRepl.defineCommand("auditfindings", {
   help: "summarize cdx-audit and bom-audit annotations from the loaded BOM",
   action() {

package/data/rules/ai-agent-governance.yaml

@@ -0,0 +1,249 @@
+- id: AGT-001
+  name: "AI agent instruction file contains hidden Unicode characters"
+  description: "Hidden Unicode in AI agent instructions or skill files can conceal misleading prompts, hidden tool behavior, or review-evasion content."
+  severity: medium
+  category: ai-agent
+  standards:
+    owasp-ai-top-10:
+      - "LLM05: Supply Chain Vulnerabilities"
+    nist-ai-rmf:
+      - "Govern"
+      - "Manage"
+    nist-ssdf:
+      - "Review and protect build and automation instructions"
+  condition: |
+    formulation.components[
+      $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+      and $prop($, 'cdx:file:hasHiddenUnicode') = 'true'
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI agent file '{{ name }}' contains hidden Unicode characters"
+  mitigation: "Review the file with hidden-character rendering enabled, remove suspicious bidirectional or zero-width characters, and verify instruction blocks before merge."
+  evidence: |
+    {
+      "codePoints": $prop($, 'cdx:file:hiddenUnicodeCodePoints'),
+      "lineNumbers": $prop($, 'cdx:file:hiddenUnicodeLineNumbers'),
+      "inComments": $prop($, 'cdx:file:hiddenUnicodeInComments')
+    }
+
+- id: AGT-002
+  name: "AI agent instructions reference a public MCP endpoint without auth hints"
+  description: "Public MCP endpoints referenced from agent or skill files deserve review when the instruction surface does not indicate any bearer, token, or OAuth controls."
+  severity: high
+  category: ai-agent
+  attack:
+    tactics: [TA0001]
+    techniques: [T1190]
+  standards:
+    owasp-ai-top-10:
+      - "LLM07: Insecure Plugin Design"
+      - "LLM08: Excessive Agency"
+    nist-ai-rmf:
+      - "Map"
+      - "Manage"
+    nist-ssdf:
+      - "Review externally reachable AI and automation interfaces"
+  condition: |
+    formulation.components[
+      $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+      and $prop($, 'cdx:agent:hasPublicMcpEndpoint') = 'true'
+      and $nullSafeProp($, 'cdx:agent:authHints') = ''
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI agent file '{{ name }}' references a public MCP endpoint without any auth hints"
+  mitigation: "Treat public MCP endpoints as untrusted until authentication, authorization, and endpoint provenance are documented explicitly."
+  evidence: |
+    {
+      "hiddenMcpUrls": $prop($, 'cdx:agent:hiddenMcpUrls'),
+      "hiddenMcpHosts": $prop($, 'cdx:agent:hiddenMcpHosts'),
+      "providerNames": $prop($, 'cdx:agent:providerNames')
+    }
+
+- id: AGT-003
+  name: "AI agent instructions reference MCP surfaces not declared elsewhere in the BOM"
+  description: "Agent files that mention MCP servers, packages, or endpoints without corresponding MCP package inventory or source-derived MCP services can hide runtime trust dependencies from reviewers."
+  severity: medium
+  category: ai-agent
+  standards:
+    owasp-ai-top-10:
+      - "LLM05: Supply Chain Vulnerabilities"
+      - "LLM08: Excessive Agency"
+    nist-ai-rmf:
+      - "Map"
+      - "Govern"
+    nist-ssdf:
+      - "Maintain complete third-party and runtime dependency inventory"
+  condition: |
+    formulation.components[
+      $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+      and $prop($, 'cdx:agent:hasMcpReferences') = 'true'
+      and $count($$.components[$prop($, 'cdx:mcp:package') = 'true']) = 0
+      and $count($auditServices($$)[$nullSafeProp($, 'cdx:mcp:inventorySource') = 'source-code-analysis']) = 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI agent file '{{ name }}' references MCP surfaces that are not otherwise declared in the BOM"
+  mitigation: "Inventory the referenced MCP packages, endpoints, and trust boundaries explicitly so reviewers can validate provenance and access controls."
+  evidence: |
+    {
+      "mcpPackageRefs": $prop($, 'cdx:agent:mcpPackageRefs'),
+      "hiddenMcpUrls": $prop($, 'cdx:agent:hiddenMcpUrls'),
+      "hiddenComponentKinds": $prop($, 'cdx:agent:hiddenComponentKinds')
+    }
+
+- id: AGT-004
+  name: "AI agent instructions reference tunneled or reverse-proxied MCP exposure"
+  description: "Localhost tunneling and reverse-proxy references in agent files can turn development-only MCP servers into remotely reachable control surfaces."
+  severity: high
+  category: ai-agent
+  attack:
+    tactics: [TA0001, TA0011]
+    techniques: [T1190, T1071]
+  standards:
+    owasp-ai-top-10:
+      - "LLM07: Insecure Plugin Design"
+      - "LLM08: Excessive Agency"
+    nist-ai-rmf:
+      - "Map"
+      - "Manage"
+    nist-ssdf:
+      - "Review externally reachable development interfaces"
+  condition: |
+    formulation.components[
+      $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+      and $prop($, 'cdx:agent:hasTunnelReference') = 'true'
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI agent file '{{ name }}' references a tunneled or reverse-proxied MCP endpoint"
+  mitigation: "Avoid exposing localhost MCP servers through ad-hoc tunnels; require reviewed ingress, authentication, and environment-specific controls."
+  evidence: |
+    {
+      "hiddenMcpUrls": $prop($, 'cdx:agent:hiddenMcpUrls'),
+      "hiddenMcpHosts": $prop($, 'cdx:agent:hiddenMcpHosts')
+    }
+
+- id: AGT-005
+  name: "AI agent instructions reference non-official MCP packages or wrappers"
+  description: "Non-official MCP wrappers referenced directly from agent instructions deserve extra review before they are trusted in developer tooling or automation flows."
+  severity: medium
+  category: ai-agent
+  standards:
+    owasp-ai-top-10:
+      - "LLM05: Supply Chain Vulnerabilities"
+      - "LLM07: Insecure Plugin Design"
+    nist-ai-rmf:
+      - "Govern"
+      - "Map"
+    nist-ssdf:
+      - "Verify provenance of third-party AI integrations"
+  condition: |
+    formulation.components[
+      $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+      and $prop($, 'cdx:agent:hasNonOfficialMcpReference') = 'true'
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI agent file '{{ name }}' references non-official MCP packages or wrappers"
+  mitigation: "Prefer official MCP SDKs where possible and document provenance, version pinning, and trust assumptions for any wrapper packages."
+  evidence: |
+    {
+      "mcpPackageRefs": $prop($, 'cdx:agent:mcpPackageRefs'),
+      "hiddenComponentKinds": $prop($, 'cdx:agent:hiddenComponentKinds')
+    }
+
+- id: AGT-006
+  name: "AI agent instructions contain inline credential patterns"
+  description: "Agent or skill files that embed bearer tokens, API keys, or similar secrets create immediate review and credential-rotation risk."
+  severity: critical
+  category: ai-agent
+  attack:
+    tactics: [TA0006]
+    techniques: [T1552]
+  standards:
+    owasp-ai-top-10:
+      - "LLM05: Supply Chain Vulnerabilities"
+      - "LLM07: Insecure Plugin Design"
+    nist-ai-rmf:
+      - "Govern"
+      - "Manage"
+    nist-ssdf:
+      - "Protect secrets used by AI automation and developer tooling"
+  condition: |
+    formulation.components[
+      $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+      and $prop($, 'cdx:agent:credentialExposure') = 'true'
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI agent file '{{ name }}' contains inline credential patterns"
+  mitigation: "Remove embedded credentials from agent instructions and move them into reviewed secret-management flows before the file is shared or executed."
+  evidence: |
+    {
+      "credentialRiskIndicators": $prop($, 'cdx:agent:credentialRiskIndicators'),
+      "hiddenMcpUrls": $prop($, 'cdx:agent:hiddenMcpUrls'),
+      "providerNames": $prop($, 'cdx:agent:providerNames')
+    }
+
+- id: AGT-007
+  name: "AI agent or skill file is included in a build or post-build SBOM"
+  description: "Shipped AI instruction and skill files deserve explicit review because they can alter developer tooling, release-time automation, and downstream runtime behavior."
+  severity: medium
+  category: ai-agent
+  standards:
+    owasp-ai-top-10:
+      - "LLM05: Supply Chain Vulnerabilities"
+      - "LLM08: Excessive Agency"
+    nist-ai-rmf:
+      - "Govern"
+      - "Map"
+    nist-ssdf:
+      - "Review build and release instructions before distribution"
+  condition: |
+    components[
+      (
+        $prop($, 'cdx:agent:inventorySource') = 'agent-file'
+        or $prop($, 'cdx:agent:inventorySource') = 'community-config'
+      )
+      and (
+        $prop($, 'cdx:file:kind') = 'skill-file'
+        or $prop($, 'cdx:file:kind') = 'agent-instructions'
+        or $prop($, 'cdx:file:kind') = 'copilot-instructions'
+        or $prop($, 'cdx:file:kind') = 'copilot-setup-workflow'
+        or $prop($, 'cdx:file:kind') = 'ai-agent-file'
+      )
+      and $count($$.metadata.lifecycles[phase = 'build' or phase = 'post-build']) > 0
+    ]
+  location: |
+    {
+      "bomRef": $."bom-ref",
+      "file": $prop($, 'SrcFile')
+    }
+  message: "AI instruction or skill file '{{ name }}' is included in a build/post-build SBOM"
+  mitigation: "If the file must ship, keep the BOM review-friendly with '--bom-audit --bom-audit-categories ai-agent' and consider '--tlp-classification AMBER'. If you want a package-only BOM, rerun with '--exclude-type ai-skill'."
+  evidence: |
+    {
+      "inventorySource": $prop($, 'cdx:agent:inventorySource'),
+      "fileKind": $prop($, 'cdx:file:kind'),
+      "providerNames": $prop($, 'cdx:agent:providerNames')
+    }

package/data/rules/dependency-sources.yaml

@@ -121,3 +121,44 @@
       "registry": $prop($, 'cdx:pypi:registry'),
       "resolvedFrom": $prop($, 'cdx:pypi:resolved_from')
     }
+- id: PKG-007
+  name: "Cargo dependency from mutable git source"
+  description: "Cargo git dependencies without revision or tag pinning can change unexpectedly and reduce build reproducibility"
+  severity: high
+  category: dependency-source
+  condition: |
+    components[
+      $hasProp($, 'cdx:cargo:git')
+      and $prop($, 'cdx:cargo:gitRev') = null
+      and $prop($, 'cdx:cargo:gitTag') = null
+    ]
+  location: |
+    { "bomRef": $."bom-ref", "purl": purl }
+  message: "Cargo dependency '{{ name }}@{{ version }}' tracks git source '{{ $prop($, 'cdx:cargo:git') }}' without an immutable revision pin"
+  mitigation: "Prefer crates.io releases or pin git dependencies with `rev = \"<commit-sha>\"` or a signed, reviewed tag"
+  evidence: |
+    {
+      "git": $prop($, 'cdx:cargo:git'),
+      "branch": $prop($, 'cdx:cargo:gitBranch'),
+      "tag": $prop($, 'cdx:cargo:gitTag'),
+      "dependencyKind": $prop($, 'cdx:cargo:dependencyKind')
+    }
+- id: PKG-008
+  name: "Cargo dependency from local path"
+  description: "Cargo path dependencies are local source references that reduce release reproducibility and may bypass registry review controls"
+  severity: high
+  category: dependency-source
+  condition: |
+    components[
+      $hasProp($, 'cdx:cargo:path')
+    ]
+  location: |
+    { "bomRef": $."bom-ref", "purl": purl }
+  message: "Cargo dependency '{{ name }}@{{ version }}' uses local path source '{{ $prop($, 'cdx:cargo:path') }}'"
+  mitigation: "Use published crate versions for release builds or vendor the dependency explicitly with clear provenance review"
+  evidence: |
+    {
+      "path": $prop($, 'cdx:cargo:path'),
+      "dependencyKind": $prop($, 'cdx:cargo:dependencyKind'),
+      "target": $prop($, 'cdx:cargo:target')
+    }