@gianmarcomaz/vantyr 1.0.0

package/src/scanner/inputValidation.js

@@ -0,0 +1,243 @@
+/**
+ * Input Validation Analyzer
+ *
+ * Distinguishes between Type Validation (Zod, Joi, basic schemas) and
+ * Security Validation (path containment, URL allowlists, parameterized queries).
+ * 
+ * Skips Command Injection patterns to avoid double-counting with the CI module.
+ */
+
+const TYPE_VALIDATION_RE = /z\.(?:string|number|boolean|object|array|enum)|Joi\.(?:string|number)|joi|yup|superstruct|valibot|inputSchema|input_schema|"type"\s*:\s*"string"/i;
+
+// Common variable names that represent direct MCP / LLM tool input.
+// Used in "direct-call" sink patterns (bare identifier, no property access).
+// Kept intentionally specific to avoid flagging readFile(config) or fetch(url)
+// where those variables come from application config rather than tool input.
+// Property-access patterns (ending in [\.\[]) keep the broader [a-zA-Z0-9_]+
+// because args.path / input.url etc. are structurally tool-input shaped.
+const MCP_INPUT_NAMES = '(?:args|params|input|validatedArgs|toolInput|userInput|llmInput|req(?:uest)?|body|payload|data|parsed|toolArgs|callArgs|handlerArgs)';
+
+const DANGEROUS_SINKS = [
+    // ── Path traversal ──
+    {
+        // Direct-call: restrict to known MCP input variable names to avoid FP on
+        // readFile(config), readFile(filename), readFile(p), etc.
+        regex: new RegExp(`(?:readFile|readFileSync|writeFile|writeFileSync|createReadStream|createWriteStream|appendFile|appendFileSync)\\s*\\(\\s*${MCP_INPUT_NAMES}\\b`),
+        name: "File operation with tool input",
+        type: "file"
+    },
+    {
+        // Property-access: keep broad identifier — args.path, input.file, etc.
+        regex: /(?:readFile|readFileSync|writeFile|writeFileSync|createReadStream|createWriteStream)\s*\(\s*(?:args|params|input|validatedArgs|[a-zA-Z0-9_]+)\s*[\.\[]/,
+        name: "File operation with tool input property",
+        type: "file"
+    },
+    {
+        // Python open(): restrict to MCP input names — open(filepath) is too common
+        regex: new RegExp(`open\\s*\\(\\s*${MCP_INPUT_NAMES}\\b`),
+        name: "Python open() with tool input",
+        type: "file"
+    },
+    {
+        regex: /fs\.\w+\s*\(\s*`[^`]*\$\{.*(?:args|params|input)/,
+        name: "File path built from template literal with tool input",
+        type: "file"
+    },
+    // ── SSRF ──
+    {
+        // Direct-call: restrict to known MCP input names — fetch(url) is extremely
+        // common in non-tool-handler code and generates many FPs otherwise.
+        regex: new RegExp(`(?:fetch|axios\\.get|axios\\.post|axios|got|request|http\\.get|https\\.get|urllib\\.request)\\s*\\(\\s*${MCP_INPUT_NAMES}\\b`),
+        name: "HTTP request with tool input URL",
+        type: "network"
+    },
+    {
+        // Property-access: keep broad — fetch(args.url), axios(input.endpoint), etc.
+        regex: /(?:fetch|axios|got|request|http\.get|https\.get)\s*\(\s*(?:args|params|input|validatedArgs|[a-zA-Z0-9_]+)\s*[\.\[]/,
+        name: "HTTP request with tool input property",
+        type: "network"
+    },
+    {
+        regex: /(?:fetch|axios|got|request)\s*\(\s*`([^`]+)?\$\{.*(?:args|params|input)/,
+        name: "URL built from template literal with tool input",
+        type: "network"
+    },
+    // ── SQL injection ──
+    {
+        regex: /\.query\s*\(\s*`[^`]*\$\{.*(?:args|params|input)/,
+        name: "SQL query with interpolated tool input",
+        type: "sql"
+    },
+    {
+        regex: /\.query\s*\(\s*['"][^'"]*['"]\s*\+\s*(?:args|params|input)/,
+        name: "SQL query with concatenated tool input",
+        type: "sql"
+    },
+    {
+        regex: /(?:execute|exec|run)\s*\(\s*`[^`]*\$\{.*(?:args|params|input)/,
+        name: "Database execution with interpolated tool input",
+        type: "sql"
+    },
+];
+
+const DISPATCH_PATTERNS = [
+    {
+        regex: /\w+\s*\[\s*(?:args|params|input)\s*\.\s*\w+\s*\]\s*\(/,
+        name: "Dynamic dispatch from user input",
+        severity: "high",
+        remediation: "Do not use user-supplied values to dynamically select and invoke functions. Use an explicit allowlist map instead.",
+    },
+];
+
+const DYNAMIC_ACCESS_REGEX = /args\s*\[\s*\w+\s*\]/;
+const SPREAD_REGEX = /\.\.\.(?:args|params|input)\b/;
+const TEST_FILE_RE = /(?:[\\/](?:__tests__|tests?|spec|__mocks__|mock|fixture)[\\/]|\.(?:test|spec)\.[jt]sx?$)/i;
+const SAFE_VARIABLE_RE = /\b(?:redact|mask|sanitiz|log|debug|print|censor|hide|obfuscat|display|format|stringify|output|response|result|reply)\w*\s*\[/i;
+const CONFIG_SOURCE_RE = /\b(?:config|settings|env|process\.env|os\.environ|serverConfig|appConfig|options|defaults|constants)\b/i;
+const RESPONSE_BUILD_RE = /\b(?:response|result|output|reply|data|body|payload|ret|res)\s*\[/i;
+
+function isDynamicAccessSafe(line, filePath) {
+    if (TEST_FILE_RE.test(filePath)) return true;
+    if (SAFE_VARIABLE_RE.test(line)) return true;
+    if (CONFIG_SOURCE_RE.test(line) && !/exec|spawn|eval|system/i.test(line)) return true;
+    if (RESPONSE_BUILD_RE.test(line)) return true;
+    if (/args\s*\[\s*\d+\s*\]/.test(line) && !/exec|spawn|eval|system/i.test(line)) return true;
+    return false;
+}
+
+function isSpreadSafe(line, filePath) {
+    if (TEST_FILE_RE.test(filePath)) return true;
+    if (!/exec|spawn|eval|system/i.test(line)) {
+        if (/(?:vi|jest)\.fn|mock/i.test(line)) return true;
+        if (/console\.|log\(|print\(/i.test(line)) return true;
+    }
+    return false;
+}
+
+function analyzeInputValidation(files) {
+    const findings = [];
+    let hasInputSchema = false;
+
+    for (const file of files) {
+        const content = file.content;
+        if (!/\.(?:js|ts|jsx|tsx|py|go|rs)$/.test(file.path)) continue;
+
+        if (/inputSchema|input_schema|parameters\s*[:=]\s*\{|InputSchema|mcp\.Property|WithDescription|Required\s*[:=]/.test(content)) {
+            hasInputSchema = true;
+        }
+
+        // Test files are not production code — skip sink scanning entirely.
+        // The inputSchema check above still runs so test fixtures that define
+        // schemas contribute to the global hasInputSchema flag correctly.
+        if (TEST_FILE_RE.test(file.path)) continue;
+
+        const lines = content.split("\n");
+        const hasTypeValidation = TYPE_VALIDATION_RE.test(content);
+
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+
+            /* ── Pass 1 & 2 combined: Find sinks and check context ── */
+            for (const sink of DANGEROUS_SINKS) {
+                const match = line.match(sink.regex);
+                if (match) {
+                    const blockContext = Math.max(0, i - 15);
+                    const contextUpstream = lines.slice(blockContext, i + 1).join("\n");
+                    
+                    if (sink.type === "file") {
+                        const hasResolve = /path\.resolve|os\.path\.realpath/.test(contextUpstream);
+                        const hasStartsWith = /\.startsWith|indexOf|includes/.test(contextUpstream);
+                        const hasJoin = /path\.join|os\.path\.join/.test(contextUpstream);
+                        
+                        // We also need to be careful not to flag static requires
+                        if (/fs\.readFile\s*\(\s*['"]/.test(line)) continue;
+                        
+                        if (hasResolve && hasStartsWith) {
+                            // SAFE
+                        } else if (hasResolve && !hasStartsWith) {
+                            findings.push({ severity: "medium", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: "Path is resolved but not confined.", remediation: "Add .startsWith(allowedBaseDir) to prevent path traversal." });
+                        } else if (hasJoin && !hasStartsWith) {
+                            findings.push({ severity: "medium", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: "path.join doesn't prevent traversal.", remediation: "Use path.resolve() and .startsWith(allowedBaseDir)." });
+                        } else if (hasTypeValidation) {
+                            findings.push({ severity: "medium", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `Tool input passes type check but has no path traversal protection before being passed to file operation.`, remediation: "Add path.resolve() + startsWith(allowedBaseDir) to confine file access to an allowed directory." });
+                        } else {
+                            findings.push({ severity: "high", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `Unsanitized file path from tool input — path traversal risk.`, remediation: "Add path.resolve() + startsWith(allowedBaseDir) to confine file access to an allowed directory." });
+                        }
+                    } else if (sink.type === "network") {
+                        const hasNewURL = /new\s+URL/.test(contextUpstream);
+                        const hasAllowlist = /allowlist|whitelist|includes|indexOf|==|===/.test(contextUpstream);
+                        
+                        if (hasNewURL && hasAllowlist) {
+                            // SAFE
+                        } else if (hasAllowlist && !hasNewURL) {
+                            // Also basically safe if we do string matching
+                            // SAFE
+                        } else if (hasNewURL && !hasAllowlist) {
+                            findings.push({ severity: "medium", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: "URL is parsed but not validated.", remediation: "Validate URL protocol and hostname against an allowlist." });
+                        } else if (match[1] && /^https?:\/\//.test(match[1])) {
+                            // Hardcoded base URL in template string
+                            findings.push({ severity: "low", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: "Base URL is hardcoded, but dynamic path should be validated.", remediation: "Ensure the path segment doesn't allow traversal out of the base URL's API space." });
+                        } else if (hasTypeValidation) {
+                            findings.push({ severity: "medium", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `Tool input passes type check but has no SSRF protection before being passed to network request.`, remediation: "Validate URL protocol (https only) and hostname against an allowlist. Block requests to internal IP ranges." });
+                        } else {
+                            findings.push({ severity: "high", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `Unsanitized URL from tool input — SSRF risk.`, remediation: "Validate URL protocol (https only) and hostname against an allowlist." });
+                        }
+                    } else if (sink.type === "sql") {
+                        if (hasTypeValidation) {
+                            findings.push({ severity: "high", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `Tool input passes type check but is vulnerable to SQL injection.`, remediation: "Use parameterized queries (e.g. $1, ?) instead of string interpolation for database operations." });
+                        } else {
+                            findings.push({ severity: "critical", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `SQL injection risk from tool input.`, remediation: "Use parameterized queries (e.g. $1, ?) instead of string interpolation for database operations." });
+                        }
+                    }
+                    
+                    break; // one sink finding per line
+                }
+            }
+
+            /* ── Dynamic dispatch ── */
+            for (const dp of DISPATCH_PATTERNS) {
+                if (dp.regex.test(line)) {
+                    findings.push({ severity: dp.severity, file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: `${dp.name} — could allow arbitrary function invocation.`, remediation: dp.remediation });
+                }
+            }
+
+            /* ── Dynamic property access — non-sinks ── */
+            if (DYNAMIC_ACCESS_REGEX.test(line)) {
+                if (!isDynamicAccessSafe(line, file.path)) {
+                    const isToolHandler = /server\.tool|\.addTool|@server\.tool|@mcp\.tool|tool_handler|ToolHandler/.test(content);
+                    if (isToolHandler && !hasTypeValidation) {
+                        findings.push({ severity: "medium", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: "Dynamic property access on args in tool handler — validate inputs before use.", remediation: "Validate all tool inputs using a schema validation library like Zod." });
+                    }
+                }
+            }
+
+            /* ── Spread patterns ── */
+            if (SPREAD_REGEX.test(line)) {
+                if (!isSpreadSafe(line, file.path)) {
+                    const isToolHandler = /server\.tool|\.addTool|@server\.tool|@mcp\.tool|tool_handler|ToolHandler/.test(content);
+                    if (isToolHandler && !hasTypeValidation) {
+                        findings.push({ severity: "low", file: file.path, line: i + 1, snippet: line.trim().slice(0, 200), message: "Spreading args in tool handler — verify all spread targets are safe.", remediation: "Validate all tool inputs before spreading." });
+                    }
+                }
+            }
+        }
+    }
+
+    if (!hasInputSchema) {
+        findings.push({
+            severity: "high",
+            file: "project",
+            line: null,
+            snippet: "",
+            message: "No inputSchema definitions found. The server accepts arbitrary input without constraints.",
+            remediation: "Declare an inputSchema for all tools. Use JSON Schema to constrain inputs, specifying types, required fields, and enum values.",
+        });
+    }
+
+    // Filter out potential duplicate findings that are overly broad (like if multiple sinks triggered on same line)
+    // We already have deduplication at the terminal level, but we can do a quick unique filter here too if needed.
+    
+    return findings.map(f => ({ ...f, category: 'IV' }));
+}
+
+export { analyzeInputValidation };

package/src/scanner/networkExposure.js

@@ -0,0 +1,302 @@
+/**
+ * Network Exposure Analyzer
+ *
+ * Two-step analysis:
+ *   1. Detect 0.0.0.0 / :: / INADDR_ANY bindings (same patterns as before)
+ *   2. For each hit, check the SAME file + nearby files for authentication
+ *      middleware, webhook/bot indicators, or signing verification.
+ *
+ * Context-aware:
+ *   - Test files are excluded (not production code)
+ *   - CLI/build tools are excluded
+ *
+ * Severity assignment:
+ *   - 0.0.0.0 with NO auth detected      → critical
+ *   - 0.0.0.0 in a webhook/bot file      → medium
+ *   - 0.0.0.0 WITH auth detected         → low
+ *   - 127.0.0.1 / localhost / ::1         → pass (no finding)
+ */
+
+/* ════════════════════════════════════════════════════
+   Detection Patterns — same as original, DO NOT REMOVE
+   ════════════════════════════════════════════════════ */
+
+const CRITICAL_PATTERNS = [
+    // JavaScript/TypeScript
+    { regex: /\.listen\s*\([^)]*['"]0\.0\.0\.0['"]/, lang: "js" },
+    { regex: /\.listen\s*\([^)]*['"]::['"]/, lang: "js" },
+    { regex: /host\s*[:=]\s*['"]0\.0\.0\.0['"]/, lang: "any" },
+    { regex: /host\s*[:=]\s*['"]::['"]/, lang: "any" },
+    { regex: /host\s*[:=]\s*['"]["']/, lang: "any" }, // empty string = 0.0.0.0
+    // Python
+    { regex: /\.bind\s*\(\s*\(\s*['"]0\.0\.0\.0['"]/, lang: "py" },
+    { regex: /\.bind\s*\(\s*\(\s*['"]::['"]/, lang: "py" },
+    // Go
+    { regex: /net\.Listen\s*\([^)]*['"]0\.0\.0\.0/, lang: "go" },
+    { regex: /INADDR_ANY/, lang: "any" },
+];
+
+const SAFE_PATTERNS = [
+    /['"]127\.0\.0\.1['"]/,
+    /['"]localhost['"]/,
+    /['"]::1['"]/,
+];
+
+const WARNING_PATTERNS = [
+    { regex: /host\s*[:=]\s*(?:process\.env|os\.environ|os\.Getenv)/, message: "Host from environment variable" },
+    { regex: /host\s*[:=]\s*(?:config|settings|options)\./, message: "Host from config (verify default)" },
+];
+
+const URL_PATTERNS = [
+    {
+        regex: /['"`]http:\/\/(?!(?:localhost|127\.0\.0\.1|::1|0\.0\.0\.0))[^'"`${}]+['"`]/i,
+        severity: "high",
+        message: "Unencrypted HTTP communication with external host detected.",
+        remediation: "Use HTTPS for all external API communication to prevent man-in-the-middle attacks.",
+    },
+    {
+        regex: /['"`]ws:\/\/(?!(?:localhost|127\.0\.0\.1|::1|0\.0\.0\.0))[^'"`${}]+['"`]/i,
+        severity: "high",
+        message: "Unencrypted WebSocket (ws://) communication with external host detected.",
+        remediation: "Use secure WebSockets (wss://) for all external ongoing connections.",
+    },
+    {
+        regex: /['"`](?:http|ws):\/\/\$\{/i,
+        severity: "medium",
+        message: "Dynamic unencrypted URL detected (http/ws).",
+        remediation: "Ensure the dynamically constructed URL uses HTTPS/WSS if connecting to external hosts.",
+    },
+];
+
+/* ════════════════════════════════════════════════════
+   Authentication & Webhook Indicator Patterns
+   ════════════════════════════════════════════════════ */
+
+const AUTH_PATTERNS = [
+    // Python decorators & middleware
+    /@requires_auth/i,
+    /@authenticate/i,
+    /verify_signature/i,
+    /verify_slack_signature/i,
+    /signing_secret/i,
+    /hmac\./i,
+    /token_required/i,
+    /api_key_required/i,
+    /BasicAuth|BearerAuth/i,
+    /OAuth/,
+
+    // Python auth libraries
+    /from\s+(?:fastapi\.security|starlette\.authentication|flask_login|flask_httpauth)/,
+    /Depends\s*\(\s*\w*[Aa]uth/,
+
+    // JS/TS auth middleware & libraries
+    /passport\./,
+    /jwt\.verify/i,
+    /express-jwt/,
+    /next-auth/i,
+    /clerk/i,
+    /supabase\.auth/i,
+    /firebase.*auth/i,
+    /req\.headers\s*\[\s*['"]authorization['"]\s*\]/i,
+    /req\.headers\.authorization/i,
+    /apiKey|api_key/i,
+    /bearerToken|bearer_token/i,
+
+    // General auth header checks
+    /['"]Authorization['"]/,
+    /['"]X-API-Key['"]/i,
+    /['"]Bearer\s/i,
+
+    // Middleware with "auth" in the name
+    /middleware.*auth/i,
+    /auth.*middleware/i,
+    /use\s*\(\s*\w*[Aa]uth/,
+];
+
+const WEBHOOK_FILE_INDICATORS = [
+    // Filename patterns
+    /webhook/i,
+    /bot\./i,
+    /callback/i,
+    /_bot\b/i,
+    /slack_bot|slackbot/i,
+    /whatsapp/i,
+    /telegram/i,
+    /discord_bot|discordbot/i,
+];
+
+const WEBHOOK_CONTENT_INDICATORS = [
+    /import\s+.*slack_sdk/,
+    /from\s+slack_sdk/,
+    /require\s*\(\s*['"]@slack\/bolt['"]\)/,
+    /require\s*\(\s*['"]twilio['"]\)/,
+    /from\s+twilio/,
+    /whatsapp/i,
+    /SlackRequestHandler|SlackEventAdapter/i,
+    /verify_slack_request|verify_slack_signature/i,
+    /TwilioClient/i,
+];
+
+/* ════════════════════════════════════════════════════
+   Helpers
+   ════════════════════════════════════════════════════ */
+
+/**
+ * Check if a file (by content) contains authentication patterns.
+ */
+function fileHasAuth(content) {
+    return AUTH_PATTERNS.some((re) => re.test(content));
+}
+
+/**
+ * Check if a file is a webhook/bot receiver (by path OR content).
+ */
+function fileIsWebhook(filePath, content) {
+    const pathMatch = WEBHOOK_FILE_INDICATORS.some((re) => re.test(filePath));
+    const contentMatch = WEBHOOK_CONTENT_INDICATORS.some((re) => re.test(content));
+    return pathMatch || contentMatch;
+}
+
+/**
+ * Build a directory→files lookup for checking "nearby" files in the same dir.
+ */
+function buildDirIndex(files) {
+    const index = {};
+    for (const file of files) {
+        const dir = file.path.replace(/[/\\][^/\\]+$/, "") || ".";
+        if (!index[dir]) index[dir] = [];
+        index[dir].push(file);
+    }
+    return index;
+}
+
+/**
+ * Check if ANY file in the same directory has auth patterns.
+ */
+function dirHasAuth(filePath, dirIndex) {
+    const dir = filePath.replace(/[/\\][^/\\]+$/, "") || ".";
+    const siblings = dirIndex[dir] || [];
+    return siblings.some((f) => fileHasAuth(f.content));
+}
+
+/** Test file paths — not production code */
+const TEST_FILE_RE =
+    /(?:[\\/](?:__tests__|tests?|spec|__mocks__|mock|fixture|e2e|testdata|testutil)[\\/]|[\\/](?:.*_test|.*\.test|.*\.spec)\.[a-z]+$)/i;
+
+/** CLI-tool / build-script / dev-tooling paths */
+const CLI_TOOL_RE =
+    /(?:^|[\\/])(?:cmd|cli|scripts|tools|bin|hack|contrib)[\\/]/i;
+
+/* ════════════════════════════════════════════════════
+   Main Analyzer
+   ════════════════════════════════════════════════════ */
+
+/**
+ * @param {Array<{path: string, content: string}>} files
+ * @returns {{ score: number, status: string, findings: Array }}
+ */
+function analyzeNetworkExposure(files) {
+    const findings = [];
+    const dirIndex = buildDirIndex(files);
+
+    for (const file of files) {
+        const lines = file.content.split("\n");
+        const isTestFile = TEST_FILE_RE.test(file.path);
+        const isCliTool = CLI_TOOL_RE.test(file.path);
+
+        // Skip test files and CLI tools entirely — not production server code
+        if (isTestFile || isCliTool) continue;
+
+        const thisFileHasAuth = fileHasAuth(file.content);
+        const thisFileIsWebhook = fileIsWebhook(file.path, file.content);
+        const nearbyAuth = dirHasAuth(file.path, dirIndex);
+
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const trimmed = line.trim();
+
+            // Skip comments and documentation examples
+            if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("<!--")) continue;
+            // Skip common documentation keywords
+            if (/example|documentation|placeholder/i.test(line)) continue;
+
+            /* ── Step 1: detect 0.0.0.0 binding ── */
+            for (const pattern of CRITICAL_PATTERNS) {
+                if (!pattern.regex.test(line)) continue;
+                // Skip if safe pattern on same line
+                if (SAFE_PATTERNS.some((sp) => sp.test(line))) continue;
+
+                /* ── Step 2: contextual severity ── */
+                if (thisFileIsWebhook) {
+                    findings.push({
+                        severity: "medium",
+                        file: file.path,
+                        line: i + 1,
+                        snippet: line.trim(),
+                        message:
+                            "Webhook receiver binds to all network interfaces. Verify that incoming requests are validated using platform signing secrets (e.g., Slack signing secret, WhatsApp verification token).",
+                        remediation:
+                            "Validate webhook signatures on every incoming request to prevent unauthorized access.",
+                    });
+                } else if (thisFileHasAuth || nearbyAuth) {
+                    findings.push({
+                        severity: "low",
+                        file: file.path,
+                        line: i + 1,
+                        snippet: line.trim(),
+                        message:
+                            "Server binds to all network interfaces. Authentication middleware detected — verify it covers all MCP endpoints.",
+                        remediation:
+                            "Ensure authentication is enforced on all tool execution endpoints, not just some routes.",
+                    });
+                } else {
+                    findings.push({
+                        severity: "critical",
+                        file: file.path,
+                        line: i + 1,
+                        snippet: line.trim(),
+                        message:
+                            "Server binds to all network interfaces with no authentication detected. Anyone who can reach this port can execute MCP operations without authorization.",
+                        remediation:
+                            "Either bind to 127.0.0.1 for local-only access, or add authentication middleware (API key validation, OAuth, or request signing) to protect network-exposed endpoints.",
+                    });
+                }
+            }
+
+            /* ── Warning patterns (env/config host) ── */
+            for (const pattern of WARNING_PATTERNS) {
+                if (pattern.regex.test(line)) {
+                    findings.push({
+                        severity: "medium",
+                        file: file.path,
+                        line: i + 1,
+                        snippet: line.trim(),
+                        message: pattern.message + " — could be safe or unsafe depending on deployment.",
+                        remediation:
+                            "Ensure the default value for the host binding is 127.0.0.1 or localhost. Document the expected deployment configuration.",
+                    });
+                }
+            }
+
+            /* ── Unencrypted external URL patterns ── */
+            for (const pattern of URL_PATTERNS) {
+                if (pattern.regex.test(line)) {
+                    findings.push({
+                        severity: pattern.severity,
+                        file: file.path,
+                        line: i + 1,
+                        snippet: line.trim().slice(0, 150),
+                        message: pattern.message,
+                        remediation: pattern.remediation,
+                    });
+                }
+            }
+
+        }
+    }
+
+    // Return raw findings with category tagged
+    return findings.map(f => ({ ...f, category: 'NE' }));
+}
+
+export { analyzeNetworkExposure };