@lhi/tdd-audit 1.5.0 → 1.8.2

package/docs/vulnerability-patterns.md

@@ -0,0 +1,200 @@
+# Vulnerability Patterns Reference
+
+All 34 patterns detected by `@lhi/tdd-audit`. Patterns are checked against every scannable source file line-by-line. Prompt/skill patterns are checked separately against `.md` files in agent configuration directories.
+
+---
+
+## CRITICAL
+
+### SQL Injection
+**Grep signature:** template literal SELECT, string-concatenated query, Python f-string/%-format SQL, tagged template DB call
+**Why it matters:** Attacker can read, modify, or delete any data in your database by manipulating the query string.
+**Fix:** Parameterized queries / ORM methods. See [`green-phase.md`](../prompts/green-phase.md#sql-injection).
+
+### Command Injection
+**Grep signature:** `exec(` / `execSync(` with `req.params|body|query`; `subprocess.run(shell=True)`
+**Why it matters:** Attacker can run arbitrary shell commands on your server.
+**Fix:** Use `execFile`/`spawn` with an argument array (no shell interpolation).
+
+### TLS Bypass
+**Grep signature:** `badCertificateCallback = true`, `rejectUnauthorized: false`, `NODE_TLS_REJECT_UNAUTHORIZED=0`
+**Why it matters:** All HTTPS connections become vulnerable to man-in-the-middle attacks.
+**Fix:** Remove the override. For internal CAs, set `NODE_EXTRA_CA_CERTS` or pass the cert to `SecurityContext`.
+
+### Hardcoded Secret
+**Grep signature:** `const API_KEY = "..."`, `let SECRET_KEY = "..."` (≥20 chars)
+**Note:** `skipInTests: true` — matches in test files are marked `likelyFalsePositive`.
+**Why it matters:** Secret is committed to git history and visible to anyone with repo access.
+**Fix:** Move to environment variables. Run `gitleaks` to check if already committed.
+
+### SSRF (Server-Side Request Forgery)
+**Grep signature:** `fetch(req.query.url)`, `axios.get(req.body.url)`, `got(req.params.url)`
+**Why it matters:** Attacker can probe internal services (AWS metadata, Redis, internal APIs) via your server.
+**Fix:** Validate URL against an explicit hostname allowlist. Block private IP ranges.
+
+### Insecure Deserialization
+**Grep signature:** `.unserialize(req.)`, `__proto__ =`, `Object.setPrototypeOf(x, req.`
+**Why it matters:** Attacker can achieve RCE or privilege escalation by crafting a malicious serialized payload.
+**Fix:** Never deserialize user-supplied data. Use JSON with a schema validator instead.
+
+### JWT Alg None
+**Grep signature:** `algorithm: 'none'`
+**Why it matters:** The `alg:none` attack strips the JWT signature entirely, allowing anyone to forge tokens.
+**Fix:** Use `jsonwebtoken` with an explicit `algorithms` allowlist — never include `'none'`.
+
+---
+
+## HIGH
+
+### IDOR (Insecure Direct Object Reference)
+**Grep signature:** `findById(req.params|body|query.`, `findOne({id: req.params|body|query`
+**Why it matters:** Any logged-in user can access another user's private data by guessing or iterating IDs.
+**Fix:** Scope all DB queries to `req.user.id`. Never trust a client-supplied resource ID.
+
+### XSS (Cross-Site Scripting)
+**Grep signature:** `innerHTML =`, `dangerouslySetInnerHTML={{`, `document.write(`, `res.send(\`...\${req.`
+**Why it matters:** Attacker can inject scripts that run in other users' browsers, stealing sessions or redirecting them.
+**Fix:** Escape on output (`escape-html`), sanitize rich HTML (`DOMPurify`), or use a framework that auto-escapes.
+
+### Path Traversal
+**Grep signature:** `readFile/sendFile/createReadStream(req.`, `path.join(req.params|body|query`
+**Why it matters:** Attacker can read files outside the uploads directory (`.env`, `/etc/passwd`).
+**Fix:** `path.resolve()` the final path and assert it starts with the allowed base directory.
+
+### Broken Auth
+**Grep signature:** `jwt.decode(` (without `.verify`), `verify: false`, `secret = "short_string"`
+**Why it matters:** Anyone can forge a valid-looking token and impersonate any user.
+**Fix:** Always use `jwt.verify()` with an explicit secret from environment variables.
+
+### Sensitive Storage
+**Grep signature:** `localStorage.setItem('token'`, `AsyncStorage.setItem('token'`
+**Why it matters:** Tokens stored in unencrypted storage are readable on rooted/jailbroken devices and via XSS.
+**Fix:** Use `expo-secure-store` (React Native/Expo) or `flutter_secure_storage` (Flutter).
+
+### eval() Injection
+**Grep signature:** `eval(route.params`, `eval(searchParams.get`, `eval(req.query|body`
+**Why it matters:** Attacker can execute arbitrary JavaScript in the application context.
+**Fix:** Never use `eval()` with user input. Use `JSON.parse()` for data deserialization.
+
+### Insecure Random
+**Grep signature:** `token = Math.random()`, `sessionId = Math.random()`
+**Why it matters:** `Math.random()` is not cryptographically secure — tokens can be predicted.
+**Fix:** Use `crypto.randomBytes()` (Node.js) or `secrets.token_hex()` (Python).
+
+### Secret Fallback
+**Grep signature:** `process.env.SECRET || "hardcoded_value"`
+**Why it matters:** The hardcoded fallback is committed to source control and used whenever the env var is missing.
+**Fix:** Fail fast if the env var is absent — never fall back to a default secret.
+
+### Open Redirect
+**Grep signature:** `res.redirect(req.query|body|params.`, `window.location = params.`
+**Why it matters:** Attacker can redirect users to phishing sites after a legitimate login flow.
+**Fix:** Allow only relative paths. Reject `http://` / `https://` and `//` prefix destinations.
+
+### NoSQL Injection
+**Grep signature:** `.find(req.body|query)`, `.findOne(req.body|query)`, `$where:`
+**Why it matters:** Attacker can bypass authentication by injecting MongoDB operators (`{ $gt: '' }`).
+**Fix:** Cast query values to strings. Use `express-mongo-sanitize` to strip `$` operators.
+
+### Template Injection
+**Grep signature:** `res.render(req.params|query`, `ejs.render(req.body`, `pug.render(req.body`
+**Why it matters:** Attacker can execute server-side template code, potentially achieving RCE.
+**Fix:** Never pass user input as the template name or raw template string.
+
+### Mass Assignment
+**Grep signature:** `new Model(req.body)`, `.create(req.body)`, `.update({}, req.body)`
+**Why it matters:** Attacker can set privileged fields (`isAdmin`, `role`) by adding them to a POST body.
+**Fix:** Destructure and allowlist only the fields users are permitted to set.
+
+### Prototype Pollution
+**Grep signature:** `_.merge(req.body|query)`, `deepmerge(req.body|query)`, `Object.assign({}, req.body)`
+**Why it matters:** Attacker can inject properties into `Object.prototype`, affecting all objects in the process.
+**Fix:** Sanitize `__proto__` / `constructor` / `prototype` keys before any recursive merge.
+
+### Weak Crypto
+**Grep signature:** `createHash('md5')`, `createHash('sha1')`, `md5(password)`, `sha1(password)`
+**Why it matters:** MD5 and SHA1 hashes are trivially crackable with rainbow tables.
+**Fix:** Use `bcrypt` (cost factor ≥12) or `argon2` for passwords.
+
+### XXE (XML External Entity)
+**Grep signature:** `noent: true`, `expand_entities = True`, `resolve_entities = True`
+**Why it matters:** Attacker can read local files or perform SSRF via XML entity expansion.
+**Fix:** Disable entity expansion in your XML parser. Never enable it for user-supplied XML.
+
+### WebView JS Bridge
+**Grep signature:** `addJavascriptInterface(`, `javaScriptEnabled: true`, `allowFileAccess: true`, `allowUniversalAccessFromFileURLs: true`
+**Why it matters:** Exposed JavaScript bridge or relaxed WebView settings allow XSS-to-native escalation.
+**Fix:** Disable unnecessary WebView capabilities. Never expose a JS bridge to untrusted content.
+
+### Timing-Unsafe Comparison
+**Grep signature:** `token === `, `password ===`, `secret ==` (equality comparison of secrets)
+**Why it matters:** Timing side-channel allows attackers to brute-force tokens bit by bit.
+**Fix:** Use `crypto.timingSafeEqual()` (Node.js) or `hmac.compare_digest()` (Python) for all secret comparisons.
+
+### ReDoS
+**Grep signature:** `new RegExp(req.query|body|params.`
+**Why it matters:** Attacker can craft input that causes catastrophic regex backtracking, DoSing the process.
+**Fix:** Never construct regex from user input. If required, use a regex complexity validator.
+
+---
+
+## MEDIUM
+
+### Sensitive Log
+**Grep signature:** `console.log(token|password|secret|jwt|authorization|apiKey`
+**Note:** `skipInTests: true`
+**Why it matters:** Secrets end up in log aggregation systems, monitoring dashboards, and CI output.
+**Fix:** Remove or redact sensitive fields before logging.
+
+### CORS Wildcard
+**Grep signature:** `cors({ origin: '*' })`, `Access-Control-Allow-Origin: *`
+**Why it matters:** Any origin can make credentialed requests to your API.
+**Fix:** Specify an explicit origin allowlist in your CORS configuration.
+
+### Cleartext Traffic
+**Grep signature:** `baseURL = 'http://...'` (non-localhost)
+**Note:** `skipInTests: true`
+**Why it matters:** API traffic is sent unencrypted and visible to network observers.
+**Fix:** Use `https://` for all non-localhost API base URLs.
+
+### Deep Link Injection
+**Grep signature:** `Linking.getInitialURL()`, `Linking.addEventListener('url'`
+**Why it matters:** Attacker can inject malicious data via crafted deep links if parameters are not validated.
+**Fix:** Validate and sanitize all values extracted from deep link URLs before use.
+
+---
+
+## Prompt / Skill / Agent Patterns
+
+These patterns are checked against `.md` files in `prompts/`, `skills/`, `.claude/`, `workflows/`, `CLAUDE.md`, `SKILL.md`, `.cursorrules`, and `.clinerules`.
+
+### Deprecated CSRF Package (CRITICAL)
+**Grep signature:** `\bcsurf\b` (not in a comment line)
+**Why it matters:** `csurf` was deprecated in March 2023 and is unmaintained. Projects that follow instructions referencing it will install a package with unpatched vulnerabilities.
+**Fix:** Replace with `csrf-csrf` (`doubleCsrf` pattern).
+
+### Unpinned npx MCP Server (HIGH)
+**Grep signature:** `"command": "npx"` in MCP server config
+**Why it matters:** `npx` resolves the latest version at runtime. A compromised package version executes arbitrary code in the agent's context.
+**Fix:** Pin MCP servers to exact versions or install locally. Use `node /path/to/server.js` instead of `npx`.
+
+### Cleartext URL in Prompt (MEDIUM)
+**Grep signature:** `http://` (non-localhost) in prompt/skill markdown
+**Why it matters:** Cleartext URLs in agent instructions can mislead the agent into making insecure HTTP requests.
+**Fix:** Replace with `https://` URLs.
+
+---
+
+## Config / Manifest Patterns
+
+### Config Secret (CRITICAL)
+**Files checked:** `app.json`, `app.config.js`, `app.config.ts`
+**Grep signature:** `apiKey: "..."`, `secret: "..."`, `accessToken: "..."` (≥20 chars)
+**Why it matters:** Expo/React Native config files are bundled into the app binary and shipped to users.
+**Fix:** Use `expo-constants` with environment variables at build time. Never embed secrets in config files.
+
+### Android Debuggable (HIGH)
+**Files checked:** `android/app/src/main/AndroidManifest.xml`
+**Grep signature:** `android:debuggable="true"`
+**Why it matters:** Debug builds expose the app to `adb` inspection and arbitrary code injection on the device.
+**Fix:** Remove `android:debuggable` from `AndroidManifest.xml` (the build system sets it correctly per variant).

package/lib/scanner.js

@@ -45,6 +45,9 @@ const VULN_PATTERNS = [
 ];
 
 const SCAN_EXTENSIONS = new Set(['.js', '.ts', '.jsx', '.tsx', '.mjs', '.py', '.go', '.dart']);
+
+/** Maximum file size to read before skipping (512 KB). Prevents OOM on large generated files. */
+const MAX_SCAN_FILE_BYTES = 512 * 1024;
 const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', 'out', '__pycache__', 'venv', '.venv', 'vendor', '.expo', '.dart_tool', '.pub-cache']);
 
 // ─── Prompt / Skill Patterns ──────────────────────────────────────────────────
@@ -214,14 +217,22 @@ function hasSafeAuditStatus(lines) {
 }
 
 /**
- * Returns true if the match at matchIndex falls inside a backtick code span.
- * Used to suppress PROMPT_PATTERN hits on pattern-documentation table rows.
+ * Returns true if the match at matchIndex falls inside a *closed* backtick
+ * code span on the same line.  A code span is closed only when there is an
+ * odd number of backticks before the match AND at least one closing backtick
+ * after it on the same line.  A lone, unmatched backtick before the pattern
+ * does NOT constitute a code span and must NOT suppress the finding.
  * @param {string} line
  * @param {number} matchIndex - character index of the match start
  */
 function isInsideBackticks(line, matchIndex) {
   const before = line.slice(0, matchIndex);
-  return (before.match(/`/g) || []).length % 2 === 1;
+  const after  = line.slice(matchIndex);
+  const backticksBefore = (before.match(/`/g) || []).length;
+  const backticksAfter  = (after.match(/`/g)  || []).length;
+  // Suppress only when the span is properly closed: odd opening count + at
+  // least one closing backtick exists after the match position.
+  return backticksBefore % 2 === 1 && backticksAfter >= 1;
 }
 
 /**
@@ -234,16 +245,32 @@ function isCommentLine(line) {
 
 /**
  * Scan all prompt/skill .md files in projectDir for prompt-specific patterns.
+ *
+ * Returns a findings array with a non-enumerable `.exempted` property — an
+ * array of relative paths for files skipped via `audit_status: safe`.  Using
+ * a non-enumerable property preserves full backward compatibility: spread,
+ * toEqual([]), and quickScan's `...scanPromptFiles()` all continue to work.
+ *
  * @param {string} projectDir - project root
- * @returns {Array} findings
+ * @returns {Array} findings  (with non-enumerable .exempted: string[])
  */
 function scanPromptFiles(projectDir) {
   const findings = [];
+  const exempted = [];
   for (const filePath of walkMdFiles(projectDir)) {
     if (!isPromptFile(filePath, projectDir)) continue;
     let lines;
-    try { lines = fs.readFileSync(filePath, 'utf8').split('\n'); } catch { continue; }
-    if (hasSafeAuditStatus(lines)) continue;
+    try {
+      // SEC-06: read first, then check length — eliminates statSync/readFileSync TOCTOU race.
+      const content = fs.readFileSync(filePath, 'utf8');
+      if (content.length > MAX_SCAN_FILE_BYTES) continue;
+      if (content.includes('\0')) continue; // skip binary files (mirrors quickScan guard)
+      lines = content.split('\n');
+    } catch { continue; }
+    if (hasSafeAuditStatus(lines)) {
+      exempted.push(path.relative(projectDir, filePath));
+      continue;
+    }
     for (let i = 0; i < lines.length; i++) {
       for (const p of PROMPT_PATTERNS) {
         const match = p.pattern.exec(lines[i]);
@@ -262,6 +289,8 @@ function scanPromptFiles(projectDir) {
       }
     }
   }
+  // Attach exempted as non-enumerable so spread / toEqual([]) are unaffected.
+  Object.defineProperty(findings, 'exempted', { value: exempted, enumerable: false, configurable: true });
   return findings;
 }
 
@@ -339,8 +368,10 @@ function quickScan(projectDir) {
     const inTest = isTestFile(filePath, projectDir);
     let content;
     // L1 fix: guard against binary / non-UTF-8 files
+    // SEC-06: read first, then check length — eliminates statSync/readFileSync TOCTOU race.
     try {
       content = fs.readFileSync(filePath, 'utf8');
+      if (content.length > MAX_SCAN_FILE_BYTES) continue;
     } catch {
       continue;
     }
@@ -372,38 +403,47 @@ function quickScan(projectDir) {
 
 /**
  * Print a human-readable findings report to stdout.
- * @param {Array} findings
+ * @param {Array}    findings - array of finding objects
+ * @param {string[]} [exempted=[]] - relative paths of files skipped via audit_status:safe
  */
-function printFindings(findings) {
+function printFindings(findings, exempted = []) {
   if (findings.length === 0) {
     console.log('   ✅ No obvious vulnerability patterns detected.\n');
-    return;
-  }
-  const real = findings.filter(f => !f.likelyFalsePositive);
-  const noisy = findings.filter(f => f.likelyFalsePositive);
-
-  const bySeverity = { CRITICAL: [], HIGH: [], MEDIUM: [], LOW: [] };
-  for (const f of real) (bySeverity[f.severity] || bySeverity.LOW).push(f);
-  const icons = { CRITICAL: '🔴', HIGH: '🟠', MEDIUM: '🟡', LOW: '🔵' };
-
-  console.log(`\n   Found ${real.length} potential issue(s)${noisy.length ? ` (+${noisy.length} in test files — see below)` : ''}:\n`);
-  for (const [sev, list] of Object.entries(bySeverity)) {
-    if (!list.length) continue;
-    for (const f of list) {
-      const testBadge = f.inTestFile ? ' [test file]' : '';
-      console.log(`   ${icons[sev]} [${sev}] ${f.name} — ${f.file}:${f.line}${testBadge}`);
-      console.log(`         ${f.snippet}`);
+  } else {
+    const real = findings.filter(f => !f.likelyFalsePositive);
+    const noisy = findings.filter(f => f.likelyFalsePositive);
+
+    const bySeverity = { CRITICAL: [], HIGH: [], MEDIUM: [], LOW: [] };
+    for (const f of real) (bySeverity[f.severity] || bySeverity.LOW).push(f);
+    const icons = { CRITICAL: '🔴', HIGH: '🟠', MEDIUM: '🟡', LOW: '🔵' };
+
+    console.log(`\n   Found ${real.length} potential issue(s)${noisy.length ? ` (+${noisy.length} in test files — see below)` : ''}:\n`);
+    for (const [sev, list] of Object.entries(bySeverity)) {
+      if (!list.length) continue;
+      for (const f of list) {
+        const testBadge = f.inTestFile ? ' [test file]' : '';
+        console.log(`   ${icons[sev]} [${sev}] ${f.name} — ${f.file}:${f.line}${testBadge}`);
+        console.log(`         ${f.snippet}`);
+      }
     }
-  }
 
-  if (noisy.length) {
-    console.log('\n   ⚪ Likely intentional (in test files — verify manually):');
-    for (const f of noisy) {
-      console.log(`      ${f.name} — ${f.file}:${f.line}`);
+    if (noisy.length) {
+      console.log('\n   ⚪ Likely intentional (in test files — verify manually):');
+      for (const f of noisy) {
+        console.log(`      ${f.name} — ${f.file}:${f.line}`);
+      }
     }
+
+    console.log('\n   Run /tdd-audit in your agent to remediate.\n');
   }
 
-  console.log('\n   Run /tdd-audit in your agent to remediate.\n');
+  if (exempted.length) {
+    console.log('   ⚠️  Files skipped via audit_status:safe (verify these exemptions are intentional):');
+    for (const p of exempted) {
+      console.log(`      ${p}`);
+    }
+    console.log('');
+  }
 }
 
 module.exports = {
@@ -411,6 +451,7 @@ module.exports = {
   PROMPT_PATTERNS,
   SCAN_EXTENSIONS,
   SKIP_DIRS,
+  MAX_SCAN_FILE_BYTES,
   detectFramework,
   detectAppFramework,
   detectTestBaseDir,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lhi/tdd-audit",
-  "version": "1.5.0",
+  "version": "1.8.2",
   "description": "Security skill installer for Claude Code, Gemini CLI, Cursor, Codex, and OpenCode. Patches vulnerabilities using a Red-Green-Refactor exploit-test protocol.",
   "main": "index.js",
   "bin": {
@@ -14,7 +14,8 @@
     "templates/",
     "workflows/",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "docs/"
   ],
   "scripts": {
     "test": "jest --forceExit",

package/workflows/tdd-audit.md

@@ -1,5 +1,11 @@
 ---
 description: Run the complete TDD Remediation Autonomous Audit
+risk: low
+source: personal
+date_added: "2024-01-01"
+audited_by: lcanady
+last_audited: "2026-03-25"
+audit_status: safe
 ---
 Please use the TDD Remediation Protocol Auto-Audit skill (located in the `skills/tdd-remediation` folder) to secure this repository.