@kirrosh/zond 0.26.0 → 0.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (261) hide show
  1. package/CHANGELOG.md +59 -0
  2. package/README.md +22 -21
  3. package/bin/zond.mjs +23 -0
  4. package/package.json +13 -16
  5. package/scripts/npm/postinstall.mjs +76 -0
  6. package/src/CLAUDE.md +0 -112
  7. package/src/bun-types.d.ts +0 -5
  8. package/src/cli/argv.ts +0 -122
  9. package/src/cli/commands/add-api.ts +0 -146
  10. package/src/cli/commands/api/annotate/idempotency.ts +0 -59
  11. package/src/cli/commands/api/annotate/index.ts +0 -880
  12. package/src/cli/commands/api/annotate/lifecycle.ts +0 -74
  13. package/src/cli/commands/api/annotate/overlay.ts +0 -206
  14. package/src/cli/commands/api/annotate/pagination.ts +0 -64
  15. package/src/cli/commands/api/annotate/prompts.ts +0 -220
  16. package/src/cli/commands/api/annotate/readback.ts +0 -58
  17. package/src/cli/commands/api/annotate/resources.ts +0 -91
  18. package/src/cli/commands/api/annotate/seed-bodies.ts +0 -61
  19. package/src/cli/commands/audit.ts +0 -786
  20. package/src/cli/commands/catalog.ts +0 -97
  21. package/src/cli/commands/check.ts +0 -361
  22. package/src/cli/commands/checks.ts +0 -1072
  23. package/src/cli/commands/ci-init.ts +0 -223
  24. package/src/cli/commands/clean.ts +0 -212
  25. package/src/cli/commands/cleanup.ts +0 -236
  26. package/src/cli/commands/completions.ts +0 -192
  27. package/src/cli/commands/coverage.ts +0 -872
  28. package/src/cli/commands/db.ts +0 -611
  29. package/src/cli/commands/describe.ts +0 -120
  30. package/src/cli/commands/discover.ts +0 -1356
  31. package/src/cli/commands/doctor.ts +0 -661
  32. package/src/cli/commands/fixtures.ts +0 -402
  33. package/src/cli/commands/generate.ts +0 -577
  34. package/src/cli/commands/init/agents-md.ts +0 -61
  35. package/src/cli/commands/init/bootstrap.ts +0 -111
  36. package/src/cli/commands/init/index.ts +0 -244
  37. package/src/cli/commands/init/skills.ts +0 -141
  38. package/src/cli/commands/init/templates/agents.md +0 -86
  39. package/src/cli/commands/init/templates/markdown.d.ts +0 -4
  40. package/src/cli/commands/init/templates/skills/warm-up-target.md +0 -122
  41. package/src/cli/commands/init/templates/skills/zond-checks.md +0 -621
  42. package/src/cli/commands/init/templates/skills/zond-seed.md +0 -114
  43. package/src/cli/commands/init/templates/skills/zond-triage.md +0 -272
  44. package/src/cli/commands/init/templates/skills/zond.md +0 -861
  45. package/src/cli/commands/init/templates/zond-config.yml +0 -14
  46. package/src/cli/commands/prepare-fixtures.ts +0 -97
  47. package/src/cli/commands/probe/_seed-bodies.ts +0 -52
  48. package/src/cli/commands/probe/mass-assignment.ts +0 -594
  49. package/src/cli/commands/probe/security.ts +0 -537
  50. package/src/cli/commands/probe/static.ts +0 -255
  51. package/src/cli/commands/probe/webhooks.ts +0 -163
  52. package/src/cli/commands/probe.ts +0 -535
  53. package/src/cli/commands/reference.ts +0 -87
  54. package/src/cli/commands/refresh-api.ts +0 -227
  55. package/src/cli/commands/remove-api.ts +0 -150
  56. package/src/cli/commands/report-bundle.ts +0 -310
  57. package/src/cli/commands/report.ts +0 -241
  58. package/src/cli/commands/request.ts +0 -548
  59. package/src/cli/commands/run.ts +0 -1142
  60. package/src/cli/commands/schema-from-runs.ts +0 -128
  61. package/src/cli/commands/secrets.ts +0 -133
  62. package/src/cli/commands/session.ts +0 -244
  63. package/src/cli/commands/use.ts +0 -74
  64. package/src/cli/index.ts +0 -55
  65. package/src/cli/json-envelope.ts +0 -108
  66. package/src/cli/json-schemas.ts +0 -314
  67. package/src/cli/output.ts +0 -40
  68. package/src/cli/program.ts +0 -219
  69. package/src/cli/resolve.ts +0 -105
  70. package/src/cli/runtime.ts +0 -7
  71. package/src/cli/safe-live.ts +0 -24
  72. package/src/cli/status-filter.ts +0 -114
  73. package/src/cli/util/api-context.ts +0 -85
  74. package/src/cli/version.ts +0 -8
  75. package/src/core/audit/persist.ts +0 -183
  76. package/src/core/checks/budget.ts +0 -59
  77. package/src/core/checks/checks/_crud-helpers.ts +0 -133
  78. package/src/core/checks/checks/_negative_mutator.ts +0 -133
  79. package/src/core/checks/checks/_readback-helpers.ts +0 -133
  80. package/src/core/checks/checks/content_type_conformance.ts +0 -39
  81. package/src/core/checks/checks/cross_call_references.ts +0 -147
  82. package/src/core/checks/checks/cursor_boundary_fuzzing.ts +0 -219
  83. package/src/core/checks/checks/ensure_resource_availability.ts +0 -62
  84. package/src/core/checks/checks/idempotency_replay.ts +0 -242
  85. package/src/core/checks/checks/ignored_auth.ts +0 -254
  86. package/src/core/checks/checks/index.ts +0 -68
  87. package/src/core/checks/checks/lifecycle_transitions.ts +0 -416
  88. package/src/core/checks/checks/missing_required_header.ts +0 -40
  89. package/src/core/checks/checks/negative_data_rejection.ts +0 -148
  90. package/src/core/checks/checks/not_a_server_error.ts +0 -35
  91. package/src/core/checks/checks/open_cors_on_sensitive.ts +0 -160
  92. package/src/core/checks/checks/pagination_invariants.ts +0 -419
  93. package/src/core/checks/checks/positive_data_acceptance.ts +0 -33
  94. package/src/core/checks/checks/rate_limit_headers_absent.ts +0 -77
  95. package/src/core/checks/checks/response_headers_conformance.ts +0 -74
  96. package/src/core/checks/checks/response_schema_conformance.ts +0 -30
  97. package/src/core/checks/checks/status_code_conformance.ts +0 -132
  98. package/src/core/checks/checks/unsupported_method.ts +0 -63
  99. package/src/core/checks/checks/use_after_free.ts +0 -78
  100. package/src/core/checks/index.ts +0 -30
  101. package/src/core/checks/mode.ts +0 -82
  102. package/src/core/checks/recommended-action.ts +0 -68
  103. package/src/core/checks/registry.ts +0 -78
  104. package/src/core/checks/runner.ts +0 -1461
  105. package/src/core/checks/sarif.ts +0 -230
  106. package/src/core/checks/spec-findings.ts +0 -308
  107. package/src/core/checks/stateful.ts +0 -121
  108. package/src/core/checks/types.ts +0 -305
  109. package/src/core/checks/zond-extensions.ts +0 -73
  110. package/src/core/classifier/recommended-action.ts +0 -251
  111. package/src/core/context/current.ts +0 -51
  112. package/src/core/context/session.ts +0 -78
  113. package/src/core/coverage/loader.ts +0 -216
  114. package/src/core/coverage/reasons.ts +0 -300
  115. package/src/core/diagnostics/db-analysis.ts +0 -666
  116. package/src/core/diagnostics/failure-class.ts +0 -140
  117. package/src/core/diagnostics/failure-hints.ts +0 -112
  118. package/src/core/diagnostics/spec-pointer.ts +0 -99
  119. package/src/core/diagnostics/suggested-fixes.ts +0 -155
  120. package/src/core/exporter/case-study/index.ts +0 -270
  121. package/src/core/exporter/curl.ts +0 -40
  122. package/src/core/exporter/exporter.ts +0 -48
  123. package/src/core/exporter/html-report/escape.ts +0 -24
  124. package/src/core/exporter/html-report/index.ts +0 -479
  125. package/src/core/exporter/html-report/script.ts +0 -100
  126. package/src/core/exporter/html-report/styles.ts +0 -408
  127. package/src/core/generator/catalog-builder.ts +0 -179
  128. package/src/core/generator/chunker.ts +0 -78
  129. package/src/core/generator/coverage-phase.ts +0 -0
  130. package/src/core/generator/coverage-scanner.ts +0 -87
  131. package/src/core/generator/data-factory.ts +0 -759
  132. package/src/core/generator/describe.ts +0 -302
  133. package/src/core/generator/endpoint-warnings.ts +0 -52
  134. package/src/core/generator/fixtures-builder.ts +0 -332
  135. package/src/core/generator/index.ts +0 -14
  136. package/src/core/generator/openapi-reader.ts +0 -297
  137. package/src/core/generator/path-param-disambig.ts +0 -140
  138. package/src/core/generator/resources-builder.ts +0 -898
  139. package/src/core/generator/schema-utils.ts +0 -112
  140. package/src/core/generator/serializer.ts +0 -343
  141. package/src/core/generator/suite-generator.ts +0 -1301
  142. package/src/core/generator/types.ts +0 -63
  143. package/src/core/identity/identity-file.ts +0 -0
  144. package/src/core/lint/affects.ts +0 -28
  145. package/src/core/lint/config.ts +0 -96
  146. package/src/core/lint/format.ts +0 -42
  147. package/src/core/lint/index.ts +0 -94
  148. package/src/core/lint/reporter.ts +0 -128
  149. package/src/core/lint/rules/consistency.ts +0 -158
  150. package/src/core/lint/rules/heuristics.ts +0 -97
  151. package/src/core/lint/rules/strictness.ts +0 -109
  152. package/src/core/lint/types.ts +0 -96
  153. package/src/core/lint/walker.ts +0 -248
  154. package/src/core/meta/meta-store.ts +0 -11
  155. package/src/core/output/README.md +0 -73
  156. package/src/core/output/index.ts +0 -13
  157. package/src/core/output/run.ts +0 -91
  158. package/src/core/output/types.ts +0 -122
  159. package/src/core/parser/dynamic-values.ts +0 -160
  160. package/src/core/parser/env-interpolation.ts +0 -104
  161. package/src/core/parser/filter.ts +0 -97
  162. package/src/core/parser/schema.ts +0 -359
  163. package/src/core/parser/types.ts +0 -117
  164. package/src/core/parser/variables.ts +0 -0
  165. package/src/core/parser/yaml-parser.ts +0 -181
  166. package/src/core/probe/bootstrap.ts +0 -34
  167. package/src/core/probe/dry-run-envelope.ts +0 -61
  168. package/src/core/probe/mass-assignment/classify.ts +0 -175
  169. package/src/core/probe/mass-assignment/cleanup.ts +0 -52
  170. package/src/core/probe/mass-assignment/digest.ts +0 -114
  171. package/src/core/probe/mass-assignment/orchestrator.ts +0 -459
  172. package/src/core/probe/mass-assignment/regression.ts +0 -141
  173. package/src/core/probe/mass-assignment/suspects.ts +0 -92
  174. package/src/core/probe/mass-assignment/types.ts +0 -135
  175. package/src/core/probe/mass-assignment-probe-class.ts +0 -198
  176. package/src/core/probe/mass-assignment-probe.ts +0 -27
  177. package/src/core/probe/mass-assignment-template.ts +0 -240
  178. package/src/core/probe/method-probe.ts +0 -164
  179. package/src/core/probe/method-shared.ts +0 -69
  180. package/src/core/probe/negative-probe.ts +0 -691
  181. package/src/core/probe/orphan-tracker.ts +0 -188
  182. package/src/core/probe/path-discovery.ts +0 -439
  183. package/src/core/probe/probe-harness.ts +0 -119
  184. package/src/core/probe/registry.ts +0 -89
  185. package/src/core/probe/runner.ts +0 -136
  186. package/src/core/probe/security/baseline.ts +0 -174
  187. package/src/core/probe/security/classify.ts +0 -341
  188. package/src/core/probe/security/cleanup.ts +0 -125
  189. package/src/core/probe/security/detectors.ts +0 -71
  190. package/src/core/probe/security/digest.ts +0 -104
  191. package/src/core/probe/security/orchestrator.ts +0 -398
  192. package/src/core/probe/security/regression.ts +0 -103
  193. package/src/core/probe/security/types.ts +0 -151
  194. package/src/core/probe/security-probe-class.ts +0 -207
  195. package/src/core/probe/security-probe.ts +0 -32
  196. package/src/core/probe/shared.ts +0 -531
  197. package/src/core/probe/static-probe-class.ts +0 -125
  198. package/src/core/probe/types.ts +0 -165
  199. package/src/core/probe/verdict-aggregator.ts +0 -33
  200. package/src/core/probe/webhooks-probe.ts +0 -282
  201. package/src/core/reporter/console.ts +0 -240
  202. package/src/core/reporter/index.ts +0 -22
  203. package/src/core/reporter/json.ts +0 -22
  204. package/src/core/reporter/junit.ts +0 -93
  205. package/src/core/reporter/ndjson.ts +0 -37
  206. package/src/core/reporter/types.ts +0 -15
  207. package/src/core/runner/assertions.ts +0 -383
  208. package/src/core/runner/async-pool.ts +0 -108
  209. package/src/core/runner/auth-path.ts +0 -8
  210. package/src/core/runner/ci-context.ts +0 -72
  211. package/src/core/runner/executor.ts +0 -652
  212. package/src/core/runner/expr-eval.ts +0 -41
  213. package/src/core/runner/form-encode.ts +0 -41
  214. package/src/core/runner/http-client.ts +0 -224
  215. package/src/core/runner/learn-drift.ts +0 -293
  216. package/src/core/runner/preflight-vars.ts +0 -153
  217. package/src/core/runner/progress-tracker.ts +0 -73
  218. package/src/core/runner/rate-limiter.ts +0 -185
  219. package/src/core/runner/run-kind.ts +0 -45
  220. package/src/core/runner/schema-validator.ts +0 -308
  221. package/src/core/runner/send-request.ts +0 -232
  222. package/src/core/runner/transforms.ts +0 -65
  223. package/src/core/runner/types.ts +0 -94
  224. package/src/core/secrets/registry.ts +0 -164
  225. package/src/core/secrets/secrets-file.ts +0 -115
  226. package/src/core/selectors/operation-filter.ts +0 -144
  227. package/src/core/setup-api.ts +0 -590
  228. package/src/core/severity/category.ts +0 -94
  229. package/src/core/severity/index.ts +0 -58
  230. package/src/core/spec/infer-schema.ts +0 -102
  231. package/src/core/spec/layers.ts +0 -154
  232. package/src/core/spec/merge-specs.ts +0 -156
  233. package/src/core/spec/schema-from-runs.ts +0 -117
  234. package/src/core/spec/schema-overlay.ts +0 -130
  235. package/src/core/util/ajv.ts +0 -13
  236. package/src/core/util/format-eta.ts +0 -21
  237. package/src/core/util/headers.ts +0 -9
  238. package/src/core/util/url.ts +0 -24
  239. package/src/core/utils.ts +0 -13
  240. package/src/core/workspace/config.ts +0 -129
  241. package/src/core/workspace/fixture-gap-report.ts +0 -84
  242. package/src/core/workspace/fixture-gaps.ts +0 -71
  243. package/src/core/workspace/manifest.ts +0 -283
  244. package/src/core/workspace/output-rotation.ts +0 -62
  245. package/src/core/workspace/root.ts +0 -96
  246. package/src/core/workspace/triage-path.ts +0 -87
  247. package/src/db/lint-runs.ts +0 -47
  248. package/src/db/migrate.ts +0 -128
  249. package/src/db/migrations/0001_run_kind.sql +0 -25
  250. package/src/db/migrations/0002_run_kind_request.sql +0 -59
  251. package/src/db/migrations/sql.d.ts +0 -4
  252. package/src/db/queries/collections.ts +0 -133
  253. package/src/db/queries/coverage.ts +0 -9
  254. package/src/db/queries/dashboard.ts +0 -59
  255. package/src/db/queries/results.ts +0 -216
  256. package/src/db/queries/runs.ts +0 -289
  257. package/src/db/queries/sessions.ts +0 -42
  258. package/src/db/queries/settings.ts +0 -28
  259. package/src/db/queries/types.ts +0 -172
  260. package/src/db/queries.ts +0 -75
  261. package/src/db/schema.ts +0 -298
@@ -1,341 +0,0 @@
1
- import type { EndpointInfo } from "../../generator/types.ts";
2
- import { classify as classifyRecommendedAction } from "../../classifier/recommended-action.ts";
3
- import type {
4
- SecurityClass,
5
- SecurityFieldHit,
6
- SecurityFinding,
7
- } from "./types.ts";
8
-
9
- /** ARV-56: route through the single classifier. */
10
- function stampAction(f: SecurityFinding): SecurityFinding {
11
- const action = classifyRecommendedAction({
12
- finding_class: "probe:security",
13
- severity: f.severity as Parameters<typeof classifyRecommendedAction>[0]["severity"],
14
- });
15
- if (action) f.recommended_action = action;
16
- return f;
17
- }
18
-
19
- export interface ClassifyResp {
20
- status: number;
21
- body?: unknown;
22
- body_parsed?: unknown;
23
- headers?: Record<string, string>;
24
- }
25
-
26
- export function classify(
27
- hit: SecurityFieldHit,
28
- payload: string,
29
- resp: ClassifyResp,
30
- ctx: { endpoint?: EndpointInfo } = {},
31
- ): SecurityFinding {
32
- return stampAction(classifyInner(hit, payload, resp, ctx));
33
- }
34
-
35
- /**
36
- * ARV-254: detect whether an endpoint declares delivery semantics for
37
- * a URL field — i.e. the server is documented to actually hit the URL
38
- * (webhook receiver, push subscription, callback).
39
- *
40
- * Without OOB infrastructure (interactsh / Burp Collaborator —
41
- * deferred to ARV-177 post-pivot), zond can't prove the server fetched
42
- * the URL. So SSRF "accept" lands as LOW by default. But if the spec
43
- * declares delivery, we know the URL gets fetched on some schedule,
44
- * which raises the stakes — surface as MEDIUM with an explicit
45
- * disclaimer that OOB verification is still required for HIGH.
46
- *
47
- * Heuristic: path or tag contains "webhook" / "callback" / "subscription"
48
- * (case-insensitive). When ARV-189 lands, this also reads
49
- * `x-zond-delivery: true` from the spec.
50
- */
51
- function endpointDeclaresDelivery(ep: EndpointInfo | undefined): boolean {
52
- if (!ep) return false;
53
- const haystacks: string[] = [ep.path.toLowerCase()];
54
- if (Array.isArray(ep.tags)) {
55
- for (const t of ep.tags) haystacks.push(String(t).toLowerCase());
56
- }
57
- return haystacks.some((h) => /webhook|callback|subscription/.test(h));
58
- }
59
-
60
- /**
61
- * Check whether the CRLF payload reflects into any response header
62
- * value. ARV-253: header reflection is the smoking gun for CRLF —
63
- * response splitting / header injection becomes exploitable as soon as
64
- * the server emits attacker-controlled bytes in headers.
65
- *
66
- * We check raw payload AND its URL-decoded form so encodings like
67
- * `%0d%0a` survive the comparison.
68
- */
69
- function reflectsInHeaders(payload: string, headers: Record<string, string> | undefined): string | null {
70
- if (!headers || !payload) return null;
71
- const decoded = safeDecodeURI(payload);
72
- const variants = [payload, decoded].filter((v) => v && v.length >= 3);
73
- for (const [name, value] of Object.entries(headers)) {
74
- for (const v of variants) {
75
- if (value.includes(v)) return name;
76
- }
77
- }
78
- return null;
79
- }
80
-
81
- function isHtmlContentType(headers: Record<string, string> | undefined): boolean {
82
- const ct = headers?.["content-type"] ?? headers?.["Content-Type"] ?? "";
83
- return /text\/html|application\/xhtml/i.test(ct);
84
- }
85
-
86
- function classifyInner(
87
- hit: SecurityFieldHit,
88
- payload: string,
89
- resp: ClassifyResp,
90
- ctx: { endpoint?: EndpointInfo } = {},
91
- ): SecurityFinding {
92
- const status = resp.status;
93
- const echo = classifyEcho(resp.body_parsed ?? resp.body, payload, hit.class);
94
- const echoed = echo.matched;
95
-
96
- if (status >= 500) {
97
- // ARV-250: 5xx on attack payload is a reliability signal, not a
98
- // proven security issue. Single-signal proof (one crashed response)
99
- // caps severity at LOW per the m-21 severity matrix. ARV-251
100
- // relocates this signal to the reliability category; the existing
101
- // `not_a_server_error` check already tracks 5xx on positive input,
102
- // so the security probe here is a secondary signal at best.
103
- return {
104
- field: hit.field,
105
- class: hit.class,
106
- payload,
107
- status,
108
- echoed,
109
- severity: "low",
110
- reason: `5xx unhandled — server crashed on ${hit.class} payload (reliability signal; see also not_a_server_error check)`,
111
- };
112
- }
113
- if (status >= 200 && status < 300) {
114
- // ARV-253: CRLF severity now keyed on reflection context, not on
115
- // raw echo. The pivot principle: HIGH requires evidence the stored
116
- // payload reaches a dangerous rendering context (header value /
117
- // unescaped HTML). Echo in a JSON body alone is single_signal —
118
- // storage is real, exploit pathway is not. Caps at LOW.
119
- if (hit.class === "crlf") {
120
- const headerName = reflectsInHeaders(payload, resp.headers);
121
- if (headerName) {
122
- return {
123
- field: hit.field,
124
- class: hit.class,
125
- payload,
126
- status,
127
- echoed: true,
128
- severity: "high",
129
- reason: `payload reflected in response header \`${headerName}\` — response-splitting / header-injection candidate (evidence_chain)`,
130
- };
131
- }
132
- if (echoed && isHtmlContentType(resp.headers)) {
133
- return {
134
- field: hit.field,
135
- class: hit.class,
136
- payload,
137
- status,
138
- echoed,
139
- severity: "high",
140
- reason: `payload echoed (${echo.kind}) in text/html response — unescaped reflection candidate (evidence_chain)`,
141
- };
142
- }
143
- if (echoed) {
144
- return {
145
- field: hit.field,
146
- class: hit.class,
147
- payload,
148
- status,
149
- echoed,
150
- severity: "low",
151
- reason: `payload echoed (${echo.kind}) in JSON body — storage observed, no dangerous-context reflection. Manual follow-up: check whether the stored value reaches a downstream renderer (HTML page, RSS, custom header).`,
152
- };
153
- }
154
- return {
155
- field: hit.field,
156
- class: hit.class,
157
- payload,
158
- status,
159
- echoed: false,
160
- severity: "info",
161
- reason: `${status} accepted ${hit.class} payload but no reflection observed — sanitization may be missing but no exploit pathway proven`,
162
- };
163
- }
164
- // ARV-254: SSRF / open-redirect severity rebalance.
165
- //
166
- // Without an out-of-band (OOB) channel zond can't prove the server
167
- // actually fetched the injected URL. "API accepted 169.254" is
168
- // single_signal proof — caps at LOW per the m-21 matrix.
169
- //
170
- // Stake-raising signal: when the spec declares delivery semantics
171
- // (path/tag mentions webhook / callback / subscription), the server
172
- // is documented to fetch the URL — surface MEDIUM. Full HIGH is
173
- // gated on OOB confirmation which lands with ARV-177 (deferred-
174
- // post-pivot, out of scope for now).
175
- const declaresDelivery = endpointDeclaresDelivery(ctx.endpoint);
176
- const oobDisclaimer = "no OOB channel — accept ≠ proven fetch. Verify with Burp Collaborator / interactsh manually for HIGH severity.";
177
- if (echoed) {
178
- const label = echo.kind === "verbatim"
179
- ? "payload echoed verbatim"
180
- : `payload echoed (${echo.kind})`;
181
- if (declaresDelivery) {
182
- return {
183
- field: hit.field,
184
- class: hit.class,
185
- payload,
186
- status,
187
- echoed,
188
- severity: "low",
189
- reason: `${label}; ${hit.class}: endpoint declares delivery (webhook/callback) but ${oobDisclaimer}`,
190
- };
191
- }
192
- return {
193
- field: hit.field,
194
- class: hit.class,
195
- payload,
196
- status,
197
- echoed,
198
- severity: "low",
199
- reason: `${label} — stored ${hit.class} candidate; ${oobDisclaimer}`,
200
- };
201
- }
202
- if (declaresDelivery) {
203
- return {
204
- field: hit.field,
205
- class: hit.class,
206
- payload,
207
- status,
208
- echoed,
209
- severity: "medium",
210
- reason: `2xx accepted ${hit.class} payload on endpoint declaring delivery semantics (webhook/callback). ${oobDisclaimer}`,
211
- };
212
- }
213
- return {
214
- field: hit.field,
215
- class: hit.class,
216
- payload,
217
- status,
218
- echoed,
219
- severity: "low",
220
- reason: `2xx accepted ${hit.class} payload but no echo observed. ${oobDisclaimer}`,
221
- };
222
- }
223
- if (status >= 400) {
224
- return {
225
- field: hit.field,
226
- class: hit.class,
227
- payload,
228
- status,
229
- echoed,
230
- severity: "ok",
231
- reason: `${status} rejected — ${hit.class} payload refused`,
232
- };
233
- }
234
- return {
235
- field: hit.field,
236
- class: hit.class,
237
- payload,
238
- status,
239
- echoed,
240
- severity: "inconclusive",
241
- reason: `unexpected status ${status}`,
242
- };
243
- }
244
-
245
- function bodyToString(body: unknown): string {
246
- if (!body) return "";
247
- if (typeof body === "string") return body;
248
- // Walk object/array, concatenating raw string leaves so CR/LF chars aren't
249
- // hidden behind JSON escape sequences (\r → "\\r" after JSON.stringify).
250
- const parts: string[] = [];
251
- const seen = new WeakSet<object>();
252
- const visit = (v: unknown): void => {
253
- if (typeof v === "string") parts.push(v);
254
- else if (v && typeof v === "object") {
255
- if (seen.has(v as object)) return;
256
- seen.add(v as object);
257
- if (Array.isArray(v)) v.forEach(visit);
258
- else for (const k of Object.keys(v as object)) visit((v as Record<string, unknown>)[k]);
259
- }
260
- };
261
- try {
262
- visit(body);
263
- } catch {
264
- return "";
265
- }
266
- return parts.join("\n");
267
- }
268
-
269
- function safeDecodeURI(s: string): string {
270
- try {
271
- return decodeURIComponent(s);
272
- } catch {
273
- return s;
274
- }
275
- }
276
-
277
- type EchoKind =
278
- | "verbatim"
279
- | "url-decoded"
280
- | "CR stripped"
281
- | "LF stripped"
282
- | "CRLF→LF"
283
- | "CRLF→CR"
284
- | "tail after CRLF";
285
-
286
- export interface EchoResult {
287
- matched: boolean;
288
- kind: EchoKind | "none";
289
- }
290
-
291
- export function classifyEcho(body: unknown, payload: string, cls: SecurityClass): EchoResult {
292
- if (!payload) return { matched: false, kind: "none" };
293
- const haystackRaw = bodyToString(body);
294
- if (!haystackRaw) return { matched: false, kind: "none" };
295
-
296
- // SSRF / open-redirect: verbatim only — URLs are usually preserved as-is.
297
- if (cls !== "crlf") {
298
- return haystackRaw.includes(payload)
299
- ? { matched: true, kind: "verbatim" }
300
- : { matched: false, kind: "none" };
301
- }
302
-
303
- // CRLF: try verbatim → URL-decode pairs → CR/LF normalization variants → tail.
304
- if (haystackRaw.includes(payload)) return { matched: true, kind: "verbatim" };
305
-
306
- const haystackDecoded = safeDecodeURI(haystackRaw);
307
- const payloadDecoded = safeDecodeURI(payload);
308
-
309
- if (
310
- (payloadDecoded !== payload && haystackRaw.includes(payloadDecoded)) ||
311
- (haystackDecoded !== haystackRaw && haystackDecoded.includes(payload)) ||
312
- (payloadDecoded !== payload && haystackDecoded !== haystackRaw && haystackDecoded.includes(payloadDecoded))
313
- ) {
314
- return { matched: true, kind: "url-decoded" };
315
- }
316
-
317
- // Normalize: try variants of payload where backend stripped CR or LF.
318
- const variants: Array<[string, EchoKind]> = [];
319
- if (payloadDecoded.includes("\r\n")) {
320
- variants.push([payloadDecoded.replace(/\r\n/g, "\n"), "CRLF→LF"]);
321
- variants.push([payloadDecoded.replace(/\r\n/g, "\r"), "CRLF→CR"]);
322
- variants.push([payloadDecoded.replace(/\r\n/g, ""), "CRLF→LF"]);
323
- }
324
- if (payloadDecoded.includes("\r")) variants.push([payloadDecoded.replace(/\r/g, ""), "CR stripped"]);
325
- if (payloadDecoded.includes("\n")) variants.push([payloadDecoded.replace(/\n/g, ""), "LF stripped"]);
326
-
327
- for (const [variant, kind] of variants) {
328
- if (variant && variant !== payloadDecoded && (haystackRaw.includes(variant) || haystackDecoded.includes(variant))) {
329
- return { matched: true, kind };
330
- }
331
- }
332
-
333
- // Tail-substring: parser truncated at newline, only suffix landed in storage.
334
- const splitMatch = payloadDecoded.match(/(?:\r\n|%0d%0a|%0a|%0d|\r|\n)(.+)$/i);
335
- const tail = splitMatch?.[1];
336
- if (tail && tail.length >= 3 && (haystackRaw.includes(tail) || haystackDecoded.includes(tail))) {
337
- return { matched: true, kind: "tail after CRLF" };
338
- }
339
-
340
- return { matched: false, kind: "none" };
341
- }
@@ -1,125 +0,0 @@
1
- import type { EndpointInfo, SecuritySchemeInfo } from "../../generator/types.ts";
2
- import { executeRequest } from "../../runner/http-client.ts";
3
- import {
4
- captureFieldFor,
5
- findDeleteCounterpart,
6
- liveAuthHeaders,
7
- } from "../shared.ts";
8
- import type { ProbeStepOpts, SecurityVerdict } from "./types.ts";
9
- import { joinBaseAndPath } from "../../util/url.ts";
10
-
11
- /**
12
- * Best-effort DELETE on stateful endpoints after a successful baseline /
13
- * attack. Handles eventual-consistency retries (round-5) and persists
14
- * id/deletePath on the verdict so `zond cleanup --orphans` can replay
15
- * the DELETE without re-running the probe.
16
- */
17
- export async function tryCleanup(
18
- ep: EndpointInfo,
19
- allEndpoints: EndpointInfo[],
20
- schemes: SecuritySchemeInfo[],
21
- vars: Record<string, string>,
22
- responseBody: unknown,
23
- verdict: SecurityVerdict,
24
- opts: ProbeStepOpts,
25
- ): Promise<void> {
26
- const delEp = findDeleteCounterpart(ep, allEndpoints);
27
- if (!delEp) {
28
- // Surface the gap. Round-4 dogfooding: 3 DSN keys leaked from
29
- // POST /keys/ silently because the spec didn't expose a DELETE
30
- // counterpart — flagging it in the digest gives the operator a
31
- // chance to clean up by hand instead of finding out later.
32
- accumulateCleanupError(verdict, `no DELETE counterpart for ${ep.method.toUpperCase()} ${ep.path}; possible leaked resource`);
33
- return;
34
- }
35
- const idField = captureFieldFor(ep);
36
- const id = pickId(responseBody, idField);
37
- if (!id) {
38
- accumulateCleanupError(verdict, `cleanup skipped: response had no usable id for ${ep.method.toUpperCase()} ${ep.path}`);
39
- return;
40
- }
41
- // DELETE path has one path-param at the end; replace it with the captured id.
42
- const concretePath = delEp.path.replace(/\{[^}]+\}/, encodeURIComponent(String(id)));
43
- const url = joinBaseAndPath(vars["base_url"], concretePath);
44
- const headers = liveAuthHeaders(delEp, schemes, vars);
45
-
46
- // TASK-278: stash id + deletePath on the verdict so the orphan tracker
47
- // (and `zond cleanup --orphans`) can replay this DELETE without re-running
48
- // the probe. Done before retries so even an aborted run leaves a trace.
49
- {
50
- const prior = verdict.cleanup ?? { attempted: false };
51
- verdict.cleanup = {
52
- ...prior,
53
- attempted: prior.attempted || true,
54
- id,
55
- deletePath: concretePath,
56
- };
57
- }
58
-
59
- // Eventual-consistency retry (round-5 follow-up): POST creates on the
60
- // write replica, immediate DELETE hits a read replica that hasn't seen
61
- // the new id yet → 404. Two short backoffs swallow that transient
62
- // 404; a 404 that survives the backoff is a real leak and lands in
63
- // verdict.cleanup.error. Only 404 is retried — 5xx, network errors,
64
- // 401/403 fail fast (the situation isn't going to improve).
65
- const RETRY_DELAYS_MS = opts.cleanupRetryDelaysMs ?? [200, 1000];
66
- let lastResp: { status: number } | null = null;
67
- let lastNetErr: string | null = null;
68
- for (let attempt = 0; attempt <= RETRY_DELAYS_MS.length; attempt++) {
69
- if (attempt > 0) await new Promise(r => setTimeout(r, RETRY_DELAYS_MS[attempt - 1]!));
70
- try {
71
- const resp = await executeRequest(
72
- { method: "DELETE", url, headers },
73
- { timeout: opts.timeoutMs ?? 30000, retries: 0 },
74
- );
75
- lastResp = { status: resp.status };
76
- if (resp.status >= 200 && resp.status < 300) {
77
- const prior = verdict.cleanup ?? { attempted: false };
78
- verdict.cleanup = {
79
- attempted: true,
80
- status: resp.status,
81
- ...(prior.error ? { error: prior.error } : {}),
82
- ...(prior.id !== undefined ? { id: prior.id } : {}),
83
- ...(prior.deletePath ? { deletePath: prior.deletePath } : {}),
84
- };
85
- return;
86
- }
87
- // Only retry transient 404 (eventual-consistency window).
88
- if (resp.status !== 404) break;
89
- } catch (err) {
90
- lastNetErr = err instanceof Error ? err.message : String(err);
91
- // Network errors are not retried — they're not transient in the
92
- // eventual-consistency sense (they're config/connectivity issues).
93
- break;
94
- }
95
- }
96
-
97
- if (lastNetErr) {
98
- accumulateCleanupError(verdict, `DELETE ${delEp.path} network error: ${lastNetErr}`);
99
- } else if (lastResp) {
100
- const tail = lastResp.status === 404 ? " (persisted across retries — likely real leak)" : "";
101
- accumulateCleanupError(verdict, `DELETE ${delEp.path} → ${lastResp.status} (id=${id})${tail}`);
102
- }
103
- }
104
-
105
- function accumulateCleanupError(verdict: SecurityVerdict, msg: string): void {
106
- const prior = verdict.cleanup ?? { attempted: false };
107
- const errors = prior.error ? `${prior.error} | ${msg}` : msg;
108
- verdict.cleanup = {
109
- attempted: true,
110
- ...(prior.status ? { status: prior.status } : {}),
111
- ...(prior.id !== undefined ? { id: prior.id } : {}),
112
- ...(prior.deletePath ? { deletePath: prior.deletePath } : {}),
113
- error: errors,
114
- };
115
- }
116
-
117
- function pickId(body: unknown, field: string): string | number | undefined {
118
- if (!body || typeof body !== "object") return undefined;
119
- const obj = body as Record<string, unknown>;
120
- for (const key of [field, "id", "slug", "uuid", "key"]) {
121
- const v = obj[key];
122
- if (typeof v === "string" || typeof v === "number") return v;
123
- }
124
- return undefined;
125
- }
@@ -1,71 +0,0 @@
1
- import type { OpenAPIV3 } from "openapi-types";
2
- import type { EndpointInfo } from "../../generator/types.ts";
3
- import type { SecurityClass, SecurityFieldHit } from "./types.ts";
4
-
5
- // ARV-310: SSRF only targets URL-shaped field names — url / *_url / *_uri /
6
- // href / endpoint. Dropped the unanchored `webhook` / `callback` substrings
7
- // that matched free-text fields (e.g. `callback_message`, and grouped
8
- // `description` hits) which are not request-forgeable sinks. Schema
9
- // format=uri|url still qualifies a field regardless of name.
10
- const SSRF_NAME_RE =
11
- /(url$|uri$|^href$|^endpoint$)/i;
12
- // ARV-310: CRLF targets header-reflected / redirect-shaped fields (email
13
- // Subject, log prefix, redirect targets), NOT free-text body fields. Dropped
14
- // `^name$` / `^title$` / `^description$` / `^tag$` — those are not header
15
- // sinks and produced the bulk of the GitHub-scan false positives
16
- // (name ×37, name,description ×22, title ×9).
17
- const CRLF_NAME_RE =
18
- /(^subject$|^message_subject$|prefix$|^location$|^redirect$)/i;
19
- const OPEN_REDIRECT_NAME_RE =
20
- /(^redirect$|^next$|^return_to$|^redirect_url$|^redirect_to$|^redirectTo$)/i;
21
-
22
- function matchesClass(
23
- cls: SecurityClass,
24
- name: string,
25
- schema: OpenAPIV3.SchemaObject,
26
- ): boolean {
27
- // Skip enum-bounded fields — payload would obviously fail validation
28
- // and we'd just waste requests on guaranteed-4xx attempts.
29
- if (Array.isArray(schema.enum) && schema.enum.length > 0) return false;
30
- if (schema.type !== "string" && schema.type !== undefined) return false;
31
- switch (cls) {
32
- case "ssrf":
33
- return SSRF_NAME_RE.test(name) || schema.format === "uri" || schema.format === "url";
34
- case "crlf":
35
- return CRLF_NAME_RE.test(name);
36
- case "open-redirect":
37
- return OPEN_REDIRECT_NAME_RE.test(name);
38
- }
39
- }
40
-
41
- export function detectFields(
42
- ep: EndpointInfo,
43
- classes: SecurityClass[],
44
- ): SecurityFieldHit[] {
45
- const out: SecurityFieldHit[] = [];
46
- const schema = ep.requestBodySchema;
47
- if (!schema || !schema.properties) return out;
48
- for (const [name, propSchema] of Object.entries(schema.properties)) {
49
- const s = propSchema as OpenAPIV3.SchemaObject;
50
- for (const cls of classes) {
51
- if (matchesClass(cls, name, s)) out.push({ field: name, class: cls });
52
- }
53
- }
54
- return out;
55
- }
56
-
57
- export const PAYLOADS: Record<SecurityClass, string[]> = {
58
- ssrf: [
59
- "http://127.0.0.1:80/",
60
- "http://169.254.169.254/latest/meta-data/",
61
- "file:///etc/passwd",
62
- ],
63
- crlf: [
64
- "zond-safe\r\nX-Zond-Injected: yes",
65
- "zond-safe%0d%0aX-Zond-Injected: yes",
66
- ],
67
- "open-redirect": [
68
- "https://zond-attacker.example.tld",
69
- "//zond-attacker.example.tld",
70
- ],
71
- };
@@ -1,104 +0,0 @@
1
- import type {
2
- SecurityProbeResult,
3
- SecuritySeverity,
4
- SecurityVerdict,
5
- } from "./types.ts";
6
- import { encodePathForRepro } from "../shared.ts";
7
-
8
- /** TASK-154 §N: clip noisy payloads (some SSRF/CRLF/redirect strings are URL-
9
- * encoded blobs > 60 chars). Keep the leading prefix users recognise plus an
10
- * ellipsis, so the digest line stays readable. */
11
- function truncatePayload(payload: string, max: number): string {
12
- if (payload.length <= max) return payload;
13
- return payload.slice(0, max - 1) + "…";
14
- }
15
-
16
- export function formatSecurityDigest(
17
- result: SecurityProbeResult,
18
- specPath: string,
19
- ): string {
20
- const lines: string[] = [];
21
- lines.push(`# zond probe-security digest`);
22
- lines.push("");
23
- lines.push(`Spec: \`${specPath}\``);
24
- lines.push(`Classes: ${result.classes.join(", ")}`);
25
- lines.push(`Endpoints scanned: ${result.totalEndpoints} · probed: ${result.specProbed}`);
26
- // ARV-140 AC#4: surface the cleanup-feasibility outcome up front so a
27
- // green run doesn't hide "we attacked 14 leak-prone POSTs anyway".
28
- if (result.cleanupFeasibility) {
29
- const f = result.cleanupFeasibility;
30
- if (f.skippedNoCleanup > 0) {
31
- lines.push(`Cleanup pre-flight: ${f.skippedNoCleanup} endpoint(s) skipped (no DELETE counterpart). Pass \`--allow-leaks\` to attack anyway.`);
32
- } else if (f.forcedNoCleanup > 0) {
33
- lines.push(`Cleanup pre-flight: ${f.forcedNoCleanup} endpoint(s) attacked despite no DELETE counterpart (--allow-leaks).`);
34
- }
35
- // ARV-153: surface action-verb POSTs we now attack without a DELETE
36
- // counterpart so green runs make the recall win visible.
37
- if (f.actionNoCleanupNeeded > 0) {
38
- lines.push(`Cleanup pre-flight: ${f.actionNoCleanupNeeded} action POST(s) attacked (no resource created — DELETE counterpart not needed).`);
39
- }
40
- }
41
- lines.push("");
42
-
43
- // Cleanup failures section is mandatory and goes FIRST when present —
44
- // round-4 dogfooding: a "green" run (HIGH=0) silently leaked DSN keys
45
- // and left renamed projects, because cleanup failures were buried in
46
- // per-verdict objects. Surface them prominently so a green probe is a
47
- // signal the org is clean, not just that nothing crashed.
48
- const cleanupFailures = result.verdicts.filter(v => v.cleanup?.error);
49
- if (cleanupFailures.length > 0) {
50
- lines.push(`## ⚠️ Cleanup failures (${cleanupFailures.length}) — manual remediation may be required`);
51
- lines.push("");
52
- for (const v of cleanupFailures) {
53
- lines.push(`- **${v.method} ${v.path}** — ${v.cleanup!.error}`);
54
- // ARV-245 (R-04/F16): paste-ready manual repro when we have a
55
- // deletePath. Auto-encode the path so operators dealing with
56
- // CRLF-poisoned ids (round-4 GitHub labels) don't have to remember
57
- // to percent-encode `\r`/`\n`/spaces themselves.
58
- const dp = v.cleanup?.deletePath;
59
- if (dp) {
60
- const encoded = encodePathForRepro(dp);
61
- const note = /[\r\n\t ]/.test(dp) ? " (note: id contains whitespace/CRLF — percent-encoded)" : "";
62
- lines.push(` - Manual repro: \`zond request DELETE ${encoded} --api <name>\`${note}`);
63
- }
64
- }
65
- lines.push("");
66
- }
67
-
68
- const buckets: Record<SecuritySeverity, SecurityVerdict[]> = {
69
- high: [], medium: [], low: [], info: [], inconclusive: [], "inconclusive-baseline": [], ok: [], skipped: [],
70
- };
71
- for (const v of result.verdicts) buckets[v.severity].push(v);
72
-
73
- const ordered: SecuritySeverity[] = ["high", "inconclusive", "inconclusive-baseline", "medium", "low", "info", "ok", "skipped"];
74
- const titles: Record<SecuritySeverity, string> = {
75
- high: "🚨 HIGH — header-reflection / HTML reflection / 5xx",
76
- medium: "⚠️ MEDIUM — SSRF accept on endpoint declaring delivery (no OOB confirmation)",
77
- low: "🟡 LOW — storage observed, no dangerous-context reflection (verify manually)",
78
- info: "· INFO — accepted, no reflection observed (sanitization signal only)",
79
- inconclusive: "❓ INCONCLUSIVE — could not classify",
80
- "inconclusive-baseline": "⚠️ INCONCLUSIVE-BASELINE — baseline 4xx, attacks not run",
81
- ok: "✅ OK — payloads rejected with 4xx",
82
- skipped: "⏭️ SKIPPED — no detected fields / no body",
83
- };
84
- for (const sev of ordered) {
85
- const list = buckets[sev];
86
- if (list.length === 0) continue;
87
- lines.push(`## ${titles[sev]} (${list.length})`);
88
- lines.push("");
89
- for (const v of list) {
90
- const cleanupTag = v.cleanup?.error ? " 🧹 cleanup-failure" : "";
91
- lines.push(`- **${v.method} ${v.path}**${cleanupTag} — ${v.summary}`);
92
- for (const f of v.findings) {
93
- // TASK-154 §N: surface the actual payload that triggered the finding
94
- // — without it the digest is useless for case-study writing (which
95
- // SSRF target? which CRLF shape?). Truncate long payloads so the
96
- // line stays readable.
97
- const payload = truncatePayload(f.payload, 60);
98
- lines.push(` - \`${f.field}\` / ${f.class} [\`${payload}\`] → ${f.status} (${f.severity}) — ${f.reason}`);
99
- }
100
- }
101
- lines.push("");
102
- }
103
- return lines.join("\n");
104
- }