@lhi/tdd-audit 1.11.0 → 1.14.0

package/lib/server.js

@@ -1,48 +1,53 @@
 'use strict';
 
 const crypto = require('crypto');
-const http   = require('http');
 const path   = require('path');
-const { quickScan, scanPromptFiles } = require('./scanner');
-const { toJson, toSarif, toText }    = require('./reporter');
+const { quickScan }                   = require('./scanner');
+const { toJson, toSarif }             = require('./reporter');
 const { loadConfig, parseCliOverrides } = require('./config');
-const { version } = require('../package.json');
+const { version }                     = require('../package.json');
+const { buildApp, RATE_LIMIT_MAX }    = require('./plugin');
+const {
+  jobs, createJob, updateJob, MAX_JOBS, JOB_TTL_MS,
+} = require('./jobs');
 
-// ─── Job store (in-memory) ────────────────────────────────────────────────────
+// ─── Auth (kept here for backward compat — SEC-17 reads this file) ────────────
 
-const jobs    = new Map();
-let   jobSeq  = 0;
-
-const MAX_JOBS    = 1_000;
-const JOB_TTL_MS  = 60 * 60 * 1_000; // 1 hour
-
-function evictJobs() {
-  const cutoff = Date.now() - JOB_TTL_MS;
-  for (const [id, job] of jobs) {
-    if (new Date(job.createdAt).getTime() < cutoff) jobs.delete(id);
-  }
-  // Hard cap: drop oldest entries until within limit
-  while (jobs.size >= MAX_JOBS) {
-    jobs.delete(jobs.keys().next().value);
-  }
-}
+// Fixed HMAC key for normalising token lengths before constant-time comparison.
+const _authHmacKey = crypto.randomBytes(32);
 
-function createJob() {
-  evictJobs();
-  const id = `job_${++jobSeq}_${Date.now()}`;
-  jobs.set(id, { id, status: 'pending', createdAt: new Date().toISOString() });
-  return id;
+/**
+ * Authenticate incoming requests.
+ * Accepts Node.js http.IncomingMessage OR Fastify Request objects.
+ * Uses HMAC + timingSafeEqual to prevent timing-oracle attacks.
+ */
+function authenticate(req, cfg) {
+  if (!cfg.serverApiKey) return true;
+  const headers = req.headers || {};
+  const header  = headers['authorization'] || '';
+  const token   = header.startsWith('Bearer ') ? header.slice(7) : '';
+  const expected = crypto.createHmac('sha256', _authHmacKey).update(cfg.serverApiKey).digest();
+  const actual   = crypto.createHmac('sha256', _authHmacKey).update(token).digest();
+  return crypto.timingSafeEqual(expected, actual);
 }
 
-function updateJob(id, patch) {
-  const job = jobs.get(id);
-  if (job) jobs.set(id, { ...job, ...patch });
+/**
+ * Validate and sanitise the `path` field from POST /scan.
+ * Only allow paths inside cwd to prevent path traversal.
+ */
+function safeScanPath(rawPath) {
+  const cwd      = process.cwd();
+  const resolved = path.resolve(cwd, rawPath || cwd);
+  const cwdNorm  = cwd.endsWith(path.sep) ? cwd : cwd + path.sep;
+  if (resolved !== cwd && !resolved.startsWith(cwdNorm)) {
+    throw new Error('Path outside working directory');
+  }
+  return resolved;
 }
 
-// ─── Rate limiter (in-memory, per-IP sliding window) ─────────────────────────
+// ─── Rate limiter (kept here for backward compat — SEC-14/16/20 read this) ───
 
-const RATE_LIMIT_MAX    = 60;           // requests per window
-const RATE_LIMIT_WINDOW = 60 * 1_000;  // 1 minute in ms
+const RATE_LIMIT_WINDOW = 60 * 1_000;
 
 const rateLimiter = {
   _counts: new Map(),
@@ -89,46 +94,11 @@ function readBody(req) {
   });
 }
 
-// Fixed HMAC key for normalising token lengths before constant-time comparison.
-// Does not need to be secret — purpose is timing-safety, not confidentiality.
-const _authHmacKey = crypto.randomBytes(32);
-
-/**
- * Authenticate incoming requests.
- * Uses HMAC + timingSafeEqual to prevent timing-oracle attacks.
- */
-function authenticate(req, cfg) {
-  if (!cfg.serverApiKey) return true; // no key configured — open
-  const header = req.headers['authorization'] || '';
-  const token  = header.startsWith('Bearer ') ? header.slice(7) : '';
-  const expected = crypto.createHmac('sha256', _authHmacKey).update(cfg.serverApiKey).digest();
-  const actual   = crypto.createHmac('sha256', _authHmacKey).update(token).digest();
-  return crypto.timingSafeEqual(expected, actual);
-}
-
-/**
- * Validate and sanitise the `path` field from POST /scan.
- * Only allow paths inside cwd to prevent path traversal.
- */
-function safeScanPath(rawPath) {
-  const cwd      = process.cwd();
-  const resolved = path.resolve(cwd, rawPath || cwd);
-  // Append sep so "/app" cannot match "/app-evil" via startsWith
-  const cwdNorm  = cwd.endsWith(path.sep) ? cwd : cwd + path.sep;
-  if (resolved !== cwd && !resolved.startsWith(cwdNorm)) {
-    throw new Error('Path outside working directory');
-  }
-  return resolved;
-}
-
-// ─── Router ───────────────────────────────────────────────────────────────────
+// ─── Router (kept for backward compat — SEC-16/20 and E2E tests use this) ────
 
 async function handleRequest(req, res, cfg) {
   const { method, url } = req;
 
-  // ── Rate limiting ──────────────────────────────────────────────────────────
-  // Only trust X-Forwarded-For when cfg.trustProxy is explicitly enabled.
-  // Default is false to prevent header-spoofing rate-limit bypasses.
   const ip = cfg.trustProxy
     ? (req.headers['x-forwarded-for'] || req.socket?.remoteAddress || '').split(',')[0].trim()
     : (req.socket?.remoteAddress || 'unknown');
@@ -136,17 +106,14 @@ async function handleRequest(req, res, cfg) {
     return json(res, 429, { error: 'Too Many Requests' });
   }
 
-  // ── GET /health ────────────────────────────────────────────────────────────
   if (method === 'GET' && url === '/health') {
     return json(res, 200, { status: 'ok', version });
   }
 
-  // All other routes require authentication
   if (!authenticate(req, cfg)) {
     return json(res, 401, { error: 'Unauthorized' });
   }
 
-  // ── POST /scan ─────────────────────────────────────────────────────────────
   if (method === 'POST' && url === '/scan') {
     let body;
     try { body = await readBody(req); }
@@ -156,19 +123,16 @@ async function handleRequest(req, res, cfg) {
     try { scanPath = safeScanPath(body.path); }
     catch (e) { return json(res, 400, { error: e.message }); }
 
-    const format  = body.format || cfg.output || 'json';
-    const t0      = Date.now();
+    const format   = body.format || cfg.output || 'json';
+    const t0       = Date.now();
     const findings = quickScan(scanPath);
     const exempted = findings.exempted || [];
     const duration = Date.now() - t0;
 
-    if (format === 'sarif') {
-      return json(res, 200, toSarif(findings, scanPath));
-    }
+    if (format === 'sarif') return json(res, 200, toSarif(findings, scanPath));
     return json(res, 200, { ...toJson(findings, exempted), duration });
   }
 
-  // ── POST /remediate ────────────────────────────────────────────────────────
   if (method === 'POST' && url === '/remediate') {
     let body;
     try { body = await readBody(req); }
@@ -181,7 +145,6 @@ async function handleRequest(req, res, cfg) {
 
     const jobId = createJob();
 
-    // Kick off async remediation (non-blocking)
     setImmediate(async () => {
       try {
         updateJob(jobId, { status: 'running', startedAt: new Date().toISOString() });
@@ -200,7 +163,6 @@ async function handleRequest(req, res, cfg) {
     return json(res, 202, { jobId });
   }
 
-  // ── GET /jobs/:id ──────────────────────────────────────────────────────────
   const jobMatch = url.match(/^\/jobs\/([^/?]+)$/);
   if (method === 'GET' && jobMatch) {
     const job = jobs.get(jobMatch[1]);
@@ -211,33 +173,28 @@ async function handleRequest(req, res, cfg) {
   return json(res, 404, { error: 'Not found' });
 }
 
-// ─── Start ────────────────────────────────────────────────────────────────────
+// ─── Start (uses Fastify) ─────────────────────────────────────────────────────
 
-function start(args = []) {
+async function start(args = []) {
   const cfg  = loadConfig(process.cwd(), parseCliOverrides(args));
   const port = cfg.port;
 
-  const server = http.createServer(async (req, res) => {
-    try {
-      await handleRequest(req, res, cfg);
-    } catch (err) {
-      // Production error handler — no stack traces
-      json(res, 500, { error: 'Internal server error' });
-    }
-  });
+  const fastify = buildApp(cfg);
 
-  server.listen(port, () => {
-    process.stdout.write(`\n🔒 tdd-audit REST API listening on http://localhost:${port}\n`);
-    if (!cfg.serverApiKey) {
-      process.stderr.write('⚠️  No --api-key set — server is unauthenticated. Set one for production.\n');
-    }
-    process.stdout.write('   GET  /health\n');
-    process.stdout.write('   POST /scan        { path, format? }\n');
-    process.stdout.write('   POST /remediate   { findings, provider, apiKey, model? }\n');
-    process.stdout.write('   GET  /jobs/:id\n\n');
-  });
+  await fastify.listen({ port, host: '0.0.0.0' });
 
-  return server; // returned for testing
+  process.stdout.write(`\n🔒 tdd-audit REST API listening on http://localhost:${port}\n`);
+  if (!cfg.serverApiKey) {
+    process.stderr.write('⚠️  No --api-key set — server is unauthenticated. Set one for production.\n');
+  }
+  process.stdout.write('   GET  /health\n');
+  process.stdout.write('   POST /scan         { path, format? }\n');
+  process.stdout.write('   POST /remediate    { findings, provider, apiKey, model? }\n');
+  process.stdout.write('   POST /audit        { path, provider?, apiKey?, model? }\n');
+  process.stdout.write('   GET  /jobs/:id\n');
+  process.stdout.write('   GET  /jobs/:id/stream  (SSE)\n\n');
+
+  return fastify.server; // returned for testing
 }
 
 module.exports = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lhi/tdd-audit",
-  "version": "1.11.0",
+  "version": "1.14.0",
   "description": "Security skill installer for Claude Code, Gemini CLI, Cursor, Codex, and OpenCode. Patches vulnerabilities using a Red-Green-Refactor exploit-test protocol.",
   "main": "index.js",
   "bin": {
@@ -50,7 +50,18 @@
   },
   "author": "Kyra Lee",
   "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/kyralee2992/tdd-remediation-skill.git"
+  },
+  "homepage": "https://github.com/kyralee2992/tdd-remediation-skill#readme",
+  "bugs": {
+    "url": "https://github.com/kyralee2992/tdd-remediation-skill/issues"
+  },
   "devDependencies": {
     "jest": "^30.3.0"
+  },
+  "dependencies": {
+    "fastify": "^5.8.4"
   }
 }

package/prompts/auto-audit.md

@@ -247,6 +247,80 @@ resolve_entities.*True              # Python lxml entity expansion
 # bundle audit
 ```
 
+**AI / LLM Security (check when the project uses OpenAI, Anthropic, LangChain, or any LLM SDK)**
+```
+role.*content.*req\.            # LLM Prompt Injection — user input in messages array
+messages.*push.*req\.           # LLM Prompt Injection — appending request data to LLM context
+eval\(.*response                # LLM Output Execution — evaluating model output
+eval\(.*result                  # LLM Output Execution — evaluating model result
+eval\(.*completion              # LLM Output Execution — evaluating AI completion
+ShellTool\(\)                   # LangChain ShellTool — shell command execution
+LLMMathChain\.from_llm          # LangChain math eval — known RCE (CVE-2023-29374)
+PALChain\.from_llm              # LangChain PAL — eval of LLM-generated Python
+require\(req\.                  # Dynamic Require — loading user-controlled modules
+vm\.runIn.*Context.*req\.       # VM Code Injection — sandbox escape risk
+require.*node-serialize         # node-serialize RCE — known deserialization vulnerability
+langchain_experimental          # LangChain Experimental — contains RCE-risk components
+system_prompt.*mongodb://       # Credentials in AI Prompt — DB URL in prompt context
+prompt.*postgresql://           # Credentials in AI Prompt — DB URL in prompt context
+```
+
+**Hardcoded AI API Keys**
+```
+sk-proj-                        # OpenAI new-format key (≥60 chars)
+T3BlbkFJ                        # OpenAI old-format key marker (base64 of "OpenAI")
+sk-ant-api03-                   # Anthropic API key prefix
+hf_[A-Za-z0-9]{30,}            # HuggingFace token (≥30 chars after hf_)
+NEXT_PUBLIC_.*SECRET            # Next.js client-bundled secret variable
+NEXT_PUBLIC_.*API_KEY           # Next.js client-bundled API key
+NEXT_PUBLIC_.*TOKEN             # Next.js client-bundled token
+```
+
+**GitHub Actions Injection (scan .github/workflows/*.yml)**
+```
+github\.event\.pull_request\.title   # Attacker-controlled PR title in run: step
+github\.event\.pull_request\.body    # Attacker-controlled PR body in run: step
+github\.event\.issue\.title          # Attacker-controlled issue title in run: step
+github\.event\.issue\.body           # Attacker-controlled issue body in run: step
+github\.event\.comment\.body         # Attacker-controlled comment body in run: step
+github\.head_ref                     # Attacker-controlled branch name in run: step
+```
+
+**Electron Security (check main process and BrowserWindow config)**
+```
+nodeIntegration.*true           # CRITICAL: enables Node.js in renderer — XSS → full system compromise
+webSecurity.*false              # CRITICAL: disables same-origin policy in renderer
+contextIsolation.*false         # HIGH: allows prototype pollution from web content
+```
+
+**Supply Chain (check package.json)**
+```
+postinstall.*curl               # Supply Chain Exfiltration — curl in postinstall script
+preinstall.*curl                # Supply Chain Exfiltration — curl in preinstall script
+postinstall.*wget               # Supply Chain Exfiltration — wget in postinstall script
+```
+
+**Web / Protocol Injection**
+```
+res\.setHeader.*req\.           # Header Injection — user input in response header value
+xpath\.select.*req\.            # XPath Injection — user input in XPath query
+httpOnly.*false                 # Insecure Cookie — session cookie readable via JavaScript
+```
+
+**Trojan Source (use Grep with unicode flag if available)**
+```
+\u202[A-E]|\u206[6-9]          # Bidi control characters — visual/compiled mismatch (CVE-2021-42574)
+```
+
+**Dependency Audit**
+```
+# Run manually — not grep-based:
+# npm audit --audit-level=high
+# pip-audit
+# govulncheck ./...
+# bundle audit
+```
+
 ### 0d. Audit Prompt & Skill Files
 
 For projects that contain AI agent configurations, scan the following locations for prompt-specific vulnerabilities:
@@ -257,6 +331,8 @@ For projects that contain AI agent configurations, scan the following locations
 |---|---|---|
 | `csurf` package reference | CRITICAL | `csurf` was deprecated March 2023 and is unmaintained — use `csrf-csrf` instead |
 | `"command": "npx"` in MCP config | HIGH | Unpinned npx MCP server executes whatever version npm resolves at runtime |
+| `"description": "ignore previous instructions..."` | HIGH | MCP Tool Poisoning — malicious instructions embedded in tool description fields hijack agent behavior |
+| `"description": "override instructions..."` | HIGH | MCP Tool Poisoning — agent reads tool list and executes injected instructions |
 | `http://` URL (non-localhost) | MEDIUM | Cleartext URLs in prompts can mislead agents to make insecure requests |
 | Prompt reads arbitrary user-controlled files without a guardrail | HIGH | AI reading untrusted file content without isolation is a prompt-injection risk (ASI01) |