@gendigital/sage 0.4.0

package/resources/threats/obfuscation.yaml

@@ -0,0 +1,86 @@
+# Obfuscation threat patterns for Sage
+# Author: Gen Digital Inc.
+# License: DRL-1.1 (see threats/LICENSE)
+
+# --- Base64 decode piped to shell ---
+- id: "CLT-OBFUS-001"
+  category: tool
+  severity: critical
+  confidence: 0.95
+  action: block
+  pattern: "base64\\s+(-d|--decode)\\s*\\|\\s*(bash|sh|zsh|ksh|dash)"
+  match_on: command
+  title: "Base64 decode piped to shell execution"
+  expires_at: null
+  revoked: false
+
+# --- Hex escape sequences in printf ---
+- id: "CLT-OBFUS-002"
+  category: tool
+  severity: medium
+  confidence: 0.70
+  action: require_approval
+  pattern: "printf\\s+[\"']\\\\x[0-9a-fA-F]{2}(\\\\x[0-9a-fA-F]{2}){3,}"
+  match_on: command
+  title: "Hex escape sequences in printf (potential obfuscation)"
+  expires_at: null
+  revoked: false
+
+# --- Reversed string piped to shell ---
+- id: "CLT-OBFUS-003"
+  category: tool
+  severity: critical
+  confidence: 0.90
+  action: block
+  pattern: "\\|\\s*rev\\s*\\|\\s*(bash|sh|zsh|ksh|dash)"
+  match_on: command
+  title: "Reversed string piped to shell execution"
+  expires_at: null
+  revoked: false
+
+# --- Eval with decode ---
+- id: "CLT-OBFUS-004"
+  category: tool
+  severity: critical
+  confidence: 0.90
+  action: block
+  pattern: "\\beval\\s+.*\\$\\(\\s*base64|python[3]?\\s+-c\\s+[\"'].*exec\\(.*decode"
+  match_on: [command, content]
+  title: "Eval with decode (obfuscated code execution)"
+  expires_at: null
+  revoked: false
+
+# --- Shell metacharacter escaping ---
+- id: "CLT-OBFUS-005"
+  category: tool
+  severity: high
+  confidence: 0.85
+  action: block
+  pattern: "\\|\\s*[\\\\'\"]+(bash|sh|zsh|ksh|dash)[\\\\'\"]*(\\s|$)"
+  match_on: command
+  title: "Shell metacharacter escaping to hide pipe target"
+  expires_at: null
+  revoked: false
+
+# --- Alias/function redefinition ---
+- id: "CLT-OBFUS-006"
+  category: tool
+  severity: high
+  confidence: 0.80
+  action: require_approval
+  pattern: "\\balias\\s+(bash|sh|zsh|curl|wget|nc|netcat|python|ruby|perl|node)="
+  match_on: command
+  title: "Alias redefinition of security-relevant command"
+  expires_at: null
+  revoked: false
+
+- id: "CLT-OBFUS-007"
+  category: tool
+  severity: high
+  confidence: 0.80
+  action: require_approval
+  pattern: "\\b(function\\s+)?(bash|sh|curl|wget|nc|python|ruby|perl|node)\\s*\\(\\s*\\)"
+  match_on: command
+  title: "Function redefinition of security-relevant command"
+  expires_at: null
+  revoked: false

package/resources/threats/persistence.yaml

@@ -0,0 +1,87 @@
+# Persistence mechanism threat patterns for Sage
+# Author: Gen Digital Inc.
+# License: DRL-1.1 (see threats/LICENSE)
+
+# --- Shell RC file modification ---
+- id: "CLT-PERSIST-001"
+  category: tool
+  severity: high
+  confidence: 0.85
+  action: require_approval
+  pattern: "(>>|>)\\s*~?/?(\\$HOME/)?\\.?(bashrc|zshrc|profile|bash_profile|zprofile|zshenv)"
+  match_on: command
+  title: "Write/append to shell RC file (persistence mechanism)"
+  expires_at: null
+  revoked: false
+
+# --- Crontab manipulation ---
+- id: "CLT-PERSIST-002"
+  category: tool
+  severity: high
+  confidence: 0.80
+  action: require_approval
+  pattern: "\\bcrontab\\s+(-[er]|[^-])"
+  match_on: command
+  title: "Crontab manipulation (list, edit, or remove scheduled tasks)"
+  expires_at: null
+  revoked: false
+
+# --- Cron directory writes ---
+- id: "CLT-PERSIST-003"
+  category: tool
+  severity: high
+  confidence: 0.85
+  action: require_approval
+  pattern: "/etc/cron\\.(d|daily|hourly|weekly|monthly)/"
+  match_on: command
+  title: "Write to system cron directory"
+  expires_at: null
+  revoked: false
+
+# --- macOS LaunchAgent/LaunchDaemon ---
+- id: "CLT-PERSIST-004"
+  category: tool
+  severity: high
+  confidence: 0.90
+  action: block
+  pattern: "(LaunchAgents|LaunchDaemons)/.*\\.plist"
+  match_on: command
+  title: "macOS LaunchAgent/LaunchDaemon persistence"
+  expires_at: null
+  revoked: false
+
+# --- systemd service manipulation ---
+- id: "CLT-PERSIST-005"
+  category: tool
+  severity: high
+  confidence: 0.85
+  action: require_approval
+  pattern: "\\bsystemctl\\s+(enable|start)\\b|/etc/systemd/system/"
+  match_on: command
+  title: "systemd service enable/start or unit file write"
+  expires_at: null
+  revoked: false
+
+# --- SSH authorized_keys modification ---
+- id: "CLT-PERSIST-006"
+  category: tool
+  severity: critical
+  confidence: 0.95
+  action: block
+  pattern: ">>\\s*~?/?\\.ssh/authorized_keys"
+  match_on: command
+  title: "Append to SSH authorized_keys (unauthorized access persistence)"
+  expires_at: null
+  revoked: false
+
+# --- Echo/printf append to shell RC files ---
+- id: "CLT-PERSIST-007"
+  category: tool
+  severity: critical
+  confidence: 0.90
+  action: block
+  pattern: "(echo|printf)\\s+.*>>\\s*~?/?(\\$HOME/)?\\.?(bashrc|zshrc|profile|bash_profile)"
+  match_on: command
+  title: "Echo/printf append to shell RC file (code injection persistence)"
+  expires_at: null
+  revoked: false

package/resources/threats/self-defense.yaml

@@ -0,0 +1,55 @@
+# Self-defense patterns — protect Sage and Claude Code configuration
+# Author: Gen Digital Inc.
+# License: DRL-1.1 (see threats/LICENSE)
+# These flag when the AI agent may be manipulated into disabling its own guardrails
+# Using require_approval (not block) to allow legitimate plugin dev and config changes
+
+# Delete .sage directory
+- id: "CLT-SELF-001"
+  category: self_defense
+  severity: critical
+  confidence: 0.90
+  action: require_approval
+  pattern: "(rm|del|rmdir|rd|Remove-Item|unlink)\\s.*\\.sage(\\s|[\\\\/]|$)"
+  case_insensitive: true
+  match_on: command
+  title: "Attempt to delete Sage configuration directory"
+  expires_at: null
+  revoked: false
+
+# Write to Sage config files
+- id: "CLT-SELF-002"
+  category: self_defense
+  severity: high
+  confidence: 0.85
+  action: require_approval
+  pattern: "\\.sage[\\\\/](allowlist|config)\\.json"
+  match_on: file_path
+  title: "Attempt to write to Sage configuration files"
+  expires_at: null
+  revoked: false
+
+# Delete Claude Code hook or plugin config
+- id: "CLT-SELF-003"
+  category: self_defense
+  severity: high
+  confidence: 0.85
+  action: require_approval
+  pattern: "(rm|del|Remove-Item|unlink)\\s.*\\.claude[\\\\/].*(hooks\\.json|installed_plugins)"
+  case_insensitive: true
+  match_on: command
+  title: "Attempt to delete Claude Code hook or plugin configuration"
+  expires_at: null
+  revoked: false
+
+# Disable Sage security features via config
+- id: "CLT-SELF-004"
+  category: self_defense
+  severity: high
+  confidence: 0.85
+  action: require_approval
+  pattern: "heuristics_enabled.*false|url_check.*enabled.*false"
+  match_on: content
+  title: "Attempt to disable Sage security features via config"
+  expires_at: null
+  revoked: false

package/resources/threats/supply_chain.yaml

@@ -0,0 +1,15 @@
+# Supply chain threat patterns for Sage
+# Author: Gen Digital Inc.
+# License: DRL-1.1 (see threats/LICENSE)
+
+# --- Install scripts piped to shell ---
+- id: "CLT-SUPPLY-001"
+  category: supply_chain
+  severity: high
+  confidence: 0.85
+  action: block
+  pattern: "(curl|wget)\\s+.*install.*\\|\\s*(bash|sh|zsh|sudo\\s+bash|sudo\\s+sh)"
+  match_on: command
+  title: "Install script piped to shell (supply chain risk)"
+  expires_at: null
+  revoked: false

package/resources/threats/urls.yaml

@@ -0,0 +1,63 @@
+# URL/domain threat patterns for Sage
+# Author: Gen Digital Inc.
+# License: DRL-1.1 (see threats/LICENSE)
+# Schema: id, category, severity, confidence, action, pattern, match_on, title, expires_at, revoked
+
+# --- Known malware hosting patterns ---
+- id: "CLT-URL-001"
+  category: network_egress
+  severity: critical
+  confidence: 0.85
+  action: block
+  pattern: "raw\\.githubusercontent\\.com/.*/malware"
+  match_on: url
+  title: "Known malware hosting pattern on GitHub raw"
+  expires_at: null
+  revoked: false
+
+# --- Paste sites used for C2 ---
+- id: "CLT-URL-002"
+  category: network_egress
+  severity: high
+  confidence: 0.75
+  action: require_approval
+  pattern: "pastebin\\.com/raw/"
+  match_on: url
+  title: "Pastebin raw content (commonly used for C2 payloads)"
+  expires_at: null
+  revoked: false
+
+- id: "CLT-URL-003"
+  category: network_egress
+  severity: high
+  confidence: 0.75
+  action: require_approval
+  pattern: "paste\\.ee/r/"
+  match_on: url
+  title: "paste.ee raw content (commonly used for C2 payloads)"
+  expires_at: null
+  revoked: false
+
+# --- IP-based URLs (often C2 or staging) ---
+- id: "CLT-URL-004"
+  category: network_egress
+  severity: medium
+  confidence: 0.65
+  action: require_approval
+  pattern: "https?://\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}[:/]"
+  match_on: url
+  title: "Direct IP address URL (potential C2 or staging server)"
+  expires_at: null
+  revoked: false
+
+# --- Executable downloads ---
+- id: "CLT-URL-005"
+  category: network_egress
+  severity: high
+  confidence: 0.80
+  action: require_approval
+  pattern: "/[^/\\s]{1,255}\\.(exe|msi|bat|cmd|ps1|vbs|scr|pif|hta|inf)([?#]|$)"
+  match_on: url
+  title: "URL pointing to executable file download"
+  expires_at: null
+  revoked: false