@oculum/scanner 1.0.11 → 1.0.13

package/src/{layer2 → detect/structural}/dangerous-functions/index.ts

@@ -5,13 +5,17 @@
  * This module orchestrates detection across multiple specialized modules.
  */
 
-import type { Vulnerability, VulnerabilitySeverity } from '../../types'
+import type { Vulnerability, VulnerabilitySeverity } from '../../../shared/types'
+import type { ParsedFile } from '../../../shared/parsed-file'
 import {
   isComment,
   isTestOrMockFile,
   isScannerOrFixtureFile,
   isSeedOrDataGenFile,
-} from '../../utils/context-helpers'
+  isDesktopAppContext,
+  isMcpServerContext,
+  isFileLoaderContext,
+} from '../../../parse/file-classifier'
 
 // Pattern definitions
 import {
@@ -30,6 +34,7 @@ import {
   hasDOMPurifySanitization,
   isLLMPromptContext,
   isStaticBootstrapScript,
+  isTrustedLibraryHTMLOutput,
 } from './dom-xss'
 
 // JSON.parse detection
@@ -57,12 +62,15 @@ import { hasOnlyStaticInputs, hasPathTraversalProtection } from './utils/helpers
 // Re-export types and patterns for external use
 export { DANGEROUS_FUNCTIONS, type DangerousFunctionPattern } from './patterns'
 
+const BASE_CONFIDENCE = 0.40
+
 /**
  * Main detection function for dangerous function calls
  */
 export function detectDangerousFunctions(
   content: string,
-  filePath: string
+  filePath: string,
+  options?: { parsed?: ParsedFile }
 ): Vulnerability[] {
   const vulnerabilities: Vulnerability[] = []
 
@@ -71,7 +79,7 @@ export function detectDangerousFunctions(
     return vulnerabilities
   }
 
-  const lines = content.split('\n')
+  const lines = options?.parsed?.lines ?? content.split('\n')
   const isTestFile = isTestOrMockFile(filePath)
 
   lines.forEach((line, index) => {
@@ -100,7 +108,8 @@ export function detectDangerousFunctions(
             index,
             filePath,
             isTestFile,
-            vulnerabilities
+            vulnerabilities,
+            lines
           )
           break
         }
@@ -139,7 +148,8 @@ export function detectDangerousFunctions(
               index,
               filePath,
               isTestFile,
-              vulnerabilities
+              vulnerabilities,
+              lines
             )
           ) {
             break
@@ -159,7 +169,8 @@ export function detectDangerousFunctions(
             index,
             filePath,
             isTestFile,
-            vulnerabilities
+            vulnerabilities,
+            lines
           )
           break
         }
@@ -176,7 +187,8 @@ export function detectDangerousFunctions(
             index,
             filePath,
             isTestFile,
-            vulnerabilities
+            vulnerabilities,
+            lines
           )
           break
         }
@@ -204,7 +216,38 @@ export function detectDangerousFunctions(
             index,
             filePath,
             isTestFile,
-            vulnerabilities
+            vulnerabilities,
+            lines
+          )
+          break
+        }
+
+        // Special handling for regex patterns - check for escaped input
+        if (funcPattern.name === 'Potentially unsafe regex') {
+          handleRegexPattern(
+            funcPattern,
+            line,
+            content,
+            index,
+            filePath,
+            isTestFile,
+            vulnerabilities,
+            lines
+          )
+          break
+        }
+
+        // Special handling for spread operator with user input
+        if (funcPattern.name === 'Spread operator with user input') {
+          handleSpreadPattern(
+            funcPattern,
+            line,
+            content,
+            index,
+            filePath,
+            isTestFile,
+            vulnerabilities,
+            lines
           )
           break
         }
@@ -244,30 +287,37 @@ function handleInnerHTMLPattern(
   index: number,
   filePath: string,
   isTestFile: boolean,
-  vulnerabilities: Vulnerability[]
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
 ): void {
   // Check if this is a style element (CSS injection is not XSS)
-  if (isStyleElementInnerHTML(line, content, index)) {
+  if (isStyleElementInnerHTML(line, content, index, lines)) {
     // Style elements with CSS are safe - don't report anything
     // CSS cannot execute JavaScript, so there's no XSS risk
     return
   }
 
   // Check if this uses static content only - skip entirely (safe)
-  if (isStaticHTMLContent(line, content, index)) {
+  if (isStaticHTMLContent(line, content, index, lines)) {
     return // Static HTML is safe - no finding needed
   }
 
   // Check if DOMPurify or similar sanitization is used - skip entirely (safe)
-  if (hasDOMPurifySanitization(line, content, index)) {
+  if (hasDOMPurifySanitization(line, content, index, lines)) {
     return // Sanitized HTML is safe - no finding needed
   }
 
   // Check if this is a static bootstrap script (e.g., theme/font loader) - skip entirely (safe)
-  if (isStaticBootstrapScript(line, content, index)) {
+  if (isStaticBootstrapScript(line, content, index, lines)) {
     return // Static bootstrap scripts are safe - no finding needed
   }
 
+  // Check if this uses output from trusted HTML rendering libraries (Shiki, highlight.js, marked, etc.)
+  // These libraries produce sanitized HTML output
+  if (isTrustedLibraryHTMLOutput(line, content, index, lines)) {
+    return // Trusted library output is safe - no finding needed
+  }
+
   // Check if this is in LLM prompt context (not XSS - it's prompt injection)
   if (isLLMPromptContext(line, content, filePath)) {
     vulnerabilities.push({
@@ -283,8 +333,9 @@ function handleInnerHTMLPattern(
       suggestedFix:
         'Consider input validation, content filtering, or structured prompts to limit prompt injection risk.',
       confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
       layer: 2,
-    })
+      source: 'structural' as const,    })
     return
   }
 
@@ -308,8 +359,9 @@ function handleInnerHTMLPattern(
       (isTestFile ? ' (in test file)' : ''),
     suggestedFix: funcPattern.suggestedFix,
     confidence: isTestFile ? 'low' : 'high',
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-    requiresAIValidation: true, // Dynamic HTML needs validation
+      source: 'structural' as const,    requiresAIValidation: true, // Dynamic HTML needs validation
   })
 }
 
@@ -362,8 +414,9 @@ function handleEvalPattern(
     description: funcPattern.description,
     suggestedFix: funcPattern.suggestedFix,
     confidence: 'high',
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-    requiresAIValidation: true, // Code execution patterns need validation
+      source: 'structural' as const,    requiresAIValidation: true, // Code execution patterns need validation
   })
   return true
 }
@@ -379,7 +432,8 @@ function handleChildProcessPattern(
   index: number,
   filePath: string,
   isTestFile: boolean,
-  vulnerabilities: Vulnerability[]
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
 ): boolean {
   // First check if this is actually from child_process (not RegExp.exec)
   const isExecMatch = /\bexec\s*\(/.test(line)
@@ -400,10 +454,10 @@ function handleChildProcessPattern(
   }
 
   // Check if arguments are validated via allowlist
-  const lines = content.split('\n')
+  const _lines = lines ?? content.split('\n')
   const contextStart = Math.max(0, index - 15)
-  const contextEnd = Math.min(lines.length, index + 5)
-  const context = lines.slice(contextStart, contextEnd).join('\n')
+  const contextEnd = Math.min(_lines.length, index + 5)
+  const context = _lines.slice(contextStart, contextEnd).join('\n')
 
   // Detect allowlist validation patterns before exec/spawn
   const hasArgAllowlist =
@@ -432,6 +486,59 @@ function handleChildProcessPattern(
     return true // Static command is safe - no finding needed
   }
 
+  // Check for build/script context with hardcoded command + args array
+  const isBuildScript = /(build|generate|format|lint|setup|deploy|migrate|compile)/i.test(filePath) ||
+    /\/(scripts?|tools?|bin)\//i.test(filePath)
+
+  if (isBuildScript) {
+    // spawnSync("cmd", ["arg1", "arg2"]) with string literal command is safe in build scripts
+    const hasHardcodedCommand = /spawn(?:Sync)?\s*\(\s*['"][^'"]+['"]/.test(line)
+    if (hasHardcodedCommand) {
+      vulnerabilities.push({
+        id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+        filePath,
+        lineNumber: index + 1,
+        lineContent: line.trim(),
+        severity: 'info',
+        category: 'dangerous_function',
+        title: funcPattern.name + ' (build script)',
+        description: 'Shell command execution in build/tooling script with hardcoded command. Build scripts are developer-controlled.',
+        suggestedFix: 'Ensure this script is not exposed to untrusted input.',
+        confidence: 'low',
+        baseConfidence: BASE_CONFIDENCE,
+        layer: 2,
+      source: 'structural' as const,      })
+      return true
+    }
+  }
+
+  // Check for desktop app or MCP server context
+  // These contexts legitimately spawn processes
+  const isDesktopApp = isDesktopAppContext(filePath)
+  const isMcpServer = isMcpServerContext(filePath)
+
+  if (isDesktopApp || isMcpServer) {
+    // Desktop apps and MCP servers legitimately spawn processes
+    // Still report but with reduced severity and context
+    const contextType = isDesktopApp ? 'desktop app' : 'MCP server'
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: 'medium', // Reduced from high
+      category: 'dangerous_function',
+      title: `${funcPattern.name} (${contextType})`,
+      description: `${funcPattern.description} (Expected in ${contextType} context - verify input validation)`,
+      suggestedFix:
+        'Ensure command arguments from IPC are validated against an allowlist.',
+      confidence: 'medium',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return true
+  }
+
   // Dynamic command - report with standard severity
   let severity = funcPattern.severity
   let confidence: 'high' | 'medium' | 'low' = 'high'
@@ -458,8 +565,9 @@ function handleChildProcessPattern(
     description: funcPattern.description + (isTestFile ? ' (in test file)' : ''),
     suggestedFix: funcPattern.suggestedFix,
     confidence,
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-  })
+      source: 'structural' as const,  })
   return true
 }
 
@@ -473,7 +581,8 @@ function handleSQLPattern(
   index: number,
   filePath: string,
   isTestFile: boolean,
-  vulnerabilities: Vulnerability[]
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
 ): void {
   // Check for whitelist validation - skip entirely (safe)
   if (hasSQLWhitelistValidation(content, index)) {
@@ -496,6 +605,40 @@ function handleSQLPattern(
     return // Parameterized query - safe, no finding needed
   }
 
+  // Knex .raw() with ? placeholders and array binding - this IS parameterized
+  // e.g., db.raw(`"table"."col" + ?`, [value]) or db.raw('SELECT ... WHERE id = ?', [id])
+  const knexRawParameterized = /\.raw\s*\(\s*[`'"]/i.test(line) &&
+    /\?\s*[`'"]\s*,\s*\[/.test(line)
+  if (knexRawParameterized) {
+    return // Knex .raw() with ? placeholders is parameterized - safe
+  }
+
+  // Knex .raw() with only const enum/table name interpolation (not user input)
+  // e.g., db.raw(`"${TableName.Users}"."col"`) where TableName is a const enum
+  const knexRawConstInterpolation = /\.raw\s*\(\s*`/.test(line) &&
+    /\$\{[A-Z][A-Za-z]*\.[A-Z]/.test(line)
+  if (knexRawConstInterpolation) {
+    const interpolations = line.match(/\$\{([^}]+)\}/g) || []
+    const allConst = interpolations.every(i => /^\$\{[A-Z_][A-Z_a-z]*\./.test(i))
+    if (allConst) {
+      return // Only const enum interpolation - safe
+    }
+  }
+
+  // Knex .raw() for SET statement_timeout (infrastructure, not user input)
+  // e.g., trx.raw(`SET statement_timeout = ${QUERY_TIMEOUT_MS}`)
+  const isSetStatement = /\.raw\s*\(\s*[`'"]SET\s+/i.test(line)
+  if (isSetStatement) {
+    return // SET statements are infrastructure config, not queries with user data
+  }
+
+  // DROP TRIGGER / DDL statements from migration/schema files
+  const isDDLStatement = /\.raw\s*\(\s*[`'"](DROP|CREATE|ALTER)\s+/i.test(line) &&
+    /(migration|schema|seed)/i.test(filePath)
+  if (isDDLStatement) {
+    return // DDL in migration/schema files - not user-facing
+  }
+
   // Check for Prisma tagged template literal - these ARE parameterized (safe)
   // Prisma's $queryRaw`...${var}...` treats ${} as parameterized values, not string interpolation
   // e.g., prisma.$queryRaw`SELECT * FROM users WHERE id = ${userId}`
@@ -506,10 +649,10 @@ function handleSQLPattern(
 
   // Check for schema-validated input (zod .enum() for table/column names)
   // e.g., z.enum(['users', 'posts']).parse(input) followed by SQL
-  const lines = content.split('\n')
+  const _lines = lines ?? content.split('\n')
   const contextStart = Math.max(0, index - 20)
   const contextEnd = index
-  const previousContext = lines.slice(contextStart, contextEnd).join('\n')
+  const previousContext = _lines.slice(contextStart, contextEnd).join('\n')
 
   // Detect zod enum validation for SQL identifiers
   const hasSchemaValidation =
@@ -549,8 +692,9 @@ function handleSQLPattern(
     description: funcPattern.description + (isTestFile ? ' (in test file)' : ''),
     suggestedFix: funcPattern.suggestedFix,
     confidence,
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-  })
+      source: 'structural' as const,  })
 }
 
 /**
@@ -563,8 +707,38 @@ function handleFilePathPattern(
   index: number,
   filePath: string,
   isTestFile: boolean,
-  vulnerabilities: Vulnerability[]
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
 ): void {
+  // Check for desktop app context (Electron, Tauri, etc.)
+  // Desktop apps legitimately access filesystem
+  const isDesktopApp = isDesktopAppContext(filePath)
+
+  // Check for file loader context
+  // File loaders legitimately access filesystem to process files
+  const isFileLoader = isFileLoaderContext(filePath)
+
+  // Desktop apps and file loaders are expected to access filesystem
+  if (isDesktopApp || isFileLoader) {
+    const contextType = isDesktopApp ? 'desktop app' : 'file loader'
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: 'info',
+      category: 'dangerous_function',
+      title: `${funcPattern.name} (${contextType})`,
+      description: `Dynamic file path in ${contextType} context. File system access is expected functionality. Verify path inputs are validated.`,
+      suggestedFix:
+        'Ensure file paths are validated and constrained to expected directories.',
+      confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return
+  }
+
   // Check file context for CLI/tooling (lower risk)
   const isCLITool =
     /\/(cli|scripts?|tools?|bin)\//i.test(filePath) ||
@@ -580,11 +754,18 @@ function handleFilePathPattern(
     /\/(utils?|helpers?|lib|common|shared)\//i.test(filePath) ||
     /(util(s)?|helper(s)?|checksum|hash)\.(ts|js)$/i.test(filePath)
 
+  // Check for server infrastructure/config files (transport, signing, credentials)
+  // These files read/write config-controlled paths, not user input
+  const isServerInfrastructureFile =
+    /\/(transports?|signing|credentials?|certificates?|certs?)\//i.test(filePath) ||
+    /\/(config|infrastructure|provisioning)\//i.test(filePath) ||
+    /(transport|signer|credential|certificate)\.(ts|js)$/i.test(filePath)
+
   // Get surrounding context for protection check
-  const lines = content.split('\n')
+  const _lines = lines ?? content.split('\n')
   const contextStart = Math.max(0, index - 10)
-  const contextEnd = Math.min(lines.length, index + 10)
-  const context = lines.slice(contextStart, contextEnd).join('\n')
+  const contextEnd = Math.min(_lines.length, index + 10)
+  const context = _lines.slice(contextStart, contextEnd).join('\n')
 
   // Check if path comes from directory iteration (fs.readdir, fs.readdirSync)
   // These paths are filesystem-controlled, not user input
@@ -592,6 +773,9 @@ function handleFilePathPattern(
     /\b(readdir|readdirSync|opendir|opendirSync)\s*\(/.test(content) &&
     (/for\s*\(\s*(const|let|var)\s+\w+\s+of/.test(context) ||
      /\.forEach\s*\(/.test(context) ||
+     /\.map\s*\(/.test(context) ||              // array.map() iteration
+     /pMap\s*\(/.test(context) ||               // p-map library (parallel map)
+     /Promise\.all\s*\(/.test(context) ||       // Promise.all mapping
      /entry\.(name|isFile|isDirectory)/.test(context) ||
      /dirent\.(name|isFile|isDirectory)/.test(context))
 
@@ -609,8 +793,9 @@ function handleFilePathPattern(
       suggestedFix:
         'Ensure path normalization and base directory checks are applied consistently.',
       confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
       layer: 2,
-    })
+      source: 'structural' as const,    })
     return
   }
 
@@ -620,6 +805,29 @@ function handleFilePathPattern(
     return
   }
 
+  // Check for Object.entries/keys/values over hardcoded objects
+  // Pattern: for (const [key, val] of Object.entries(STATIC_OBJ))
+  const hasHardcodedObjectIteration = ((): boolean => {
+    // Look for Object.entries/keys/values in context
+    const hasObjectIteration = /Object\.(entries|keys|values)\s*\(/.test(context)
+    if (!hasObjectIteration) return false
+
+    // Check if the object being iterated is defined as a const literal nearby
+    // Pattern: const objName = { ... }; ... Object.entries(objName)
+    const objectMatch = context.match(/Object\.(entries|keys|values)\s*\(\s*(\w+)\s*\)/)
+    if (!objectMatch) return false
+
+    const objName = objectMatch[2]
+    // Check if objName is defined as a const object literal in the file
+    const isConstObject = new RegExp(`const\\s+${objName}\\s*=\\s*\\{`).test(content)
+    return isConstObject
+  })()
+
+  if (hasHardcodedObjectIteration) {
+    // Skip entirely - iterating over hardcoded object, not user input
+    return
+  }
+
   // GitHub Action paths are workflow-controlled (not arbitrary user input)
   if (isGitHubAction) {
     vulnerabilities.push({
@@ -635,8 +843,9 @@ function handleFilePathPattern(
       suggestedFix:
         'Verify paths come from trusted action inputs or environment variables.',
       confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
       layer: 2,
-    })
+      source: 'structural' as const,    })
     return
   }
 
@@ -655,8 +864,9 @@ function handleFilePathPattern(
       suggestedFix:
         'Add path validation if accepting paths from untrusted sources.',
       confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
       layer: 2,
-    })
+      source: 'structural' as const,    })
     return
   }
 
@@ -668,6 +878,30 @@ function handleFilePathPattern(
     return
   }
 
+  // Server infrastructure files (signing, transport, credentials) use config-controlled paths
+  // These paths come from environment variables or internal configuration, not user input
+  if (isServerInfrastructureFile && !hasRequestData) {
+    // Check if path comes from environment variables or function parameters
+    const hasEnvVarPath = /process\.env\.|import\.meta\.env\.|env\s*\(/i.test(context)
+    const hasConfigPath = /config\.|settings\.|credentials?\./i.test(context)
+    const hasCertPath = /certPath|keyPath|credentialsPath|googleApplicationCredentials/i.test(context)
+
+    if (hasEnvVarPath || hasConfigPath || hasCertPath) {
+      // Skip entirely - paths from env vars/config are not user-controlled
+      return
+    }
+  }
+
+  // Check if file path variable comes from environment variable wrapper function
+  // Common pattern: env('VAR_NAME') || 'default', process.env.VAR, etc.
+  const hasEnvVarSource = /env\s*\(\s*['"][^'"]+['"]\s*\)|process\.env\.\w+|import\.meta\.env\.\w+/i.test(context)
+  const hasOnlyConfigSource = hasEnvVarSource && !hasRequestData
+
+  if (hasOnlyConfigSource) {
+    // Path comes from environment variable, not user input - skip
+    return
+  }
+
   // Standard handling for unprotected paths
   let severity = funcPattern.severity
   let confidence: 'high' | 'medium' | 'low' = 'high'
@@ -694,8 +928,9 @@ function handleFilePathPattern(
     description: funcPattern.description + (isTestFile ? ' (in test file)' : ''),
     suggestedFix: funcPattern.suggestedFix,
     confidence,
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-  })
+      source: 'structural' as const,  })
 }
 
 /**
@@ -809,6 +1044,14 @@ function handleMathRandomPattern(
     suggestedFix =
       'Use crypto.randomBytes() for security tokens. Use crypto.randomUUID() for unique IDs.'
   }
+  // UI/cosmetic context - info (skeleton widths, animations, visual effects)
+  else if (context.inUIContext) {
+    severity = 'info'
+    confidence = 'low'
+    description =
+      'Math.random() in UI/cosmetic context. Acceptable for visual effects, skeleton loading, animations.'
+    suggestedFix = 'No change needed for UI/cosmetic randomness.'
+  }
   // Business logic context - low
   else if (context.inBusinessLogicContext) {
     severity = 'low'
@@ -842,14 +1085,83 @@ function handleMathRandomPattern(
     description,
     suggestedFix,
     confidence,
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-  })
+      source: 'structural' as const,  })
 }
 
 /**
- * Handle Python subprocess/os.system patterns
- * Safe pattern: subprocess.run(['static', 'args']) without shell=True
- * Unsafe pattern: subprocess.run(command, shell=True) or os.system(command)
+ * Extract the full Python function call block starting from the trigger line.
+ * Uses paren-balancing to collect up to `maxLines` forward, capturing multi-line calls.
+ * Returns the joined block string.
+ */
+function extractPythonCallBlock(
+  lines: string[],
+  startIndex: number,
+  maxLines: number = 10
+): string {
+  let depth = 0
+  let started = false
+  const blockLines: string[] = []
+
+  for (let i = startIndex; i < Math.min(lines.length, startIndex + maxLines); i++) {
+    const ln = lines[i]
+    blockLines.push(ln)
+
+    for (const ch of ln) {
+      if (ch === '(') {
+        depth++
+        started = true
+      } else if (ch === ')') {
+        depth--
+      }
+    }
+
+    // Once we've opened at least one paren and balanced back to 0, we're done
+    if (started && depth <= 0) break
+  }
+
+  return blockLines.join('\n')
+}
+
+/**
+ * Check if a Python list (as a string) contains only static string literals.
+ * Returns true if every element is a plain string literal (no f-strings, no variables).
+ */
+function isPythonListAllStatic(listContent: string): boolean {
+  // Remove the outer brackets
+  const inner = listContent.replace(/^\[/, '').replace(/\]$/, '').trim()
+  if (!inner) return true // empty list
+
+  // Split on commas (rough — good enough for typical subprocess args)
+  const elements = inner.split(',').map(e => e.trim()).filter(e => e.length > 0)
+
+  for (const el of elements) {
+    // Must be a plain string literal: 'foo', "bar", or """...""" / '''...'''
+    // Reject f-strings, variables, function calls
+    if (/^f['"`]/.test(el)) return false // f-string
+    if (/^['"]/.test(el) && /['"]$/.test(el)) continue // simple string literal
+    if (/^"""/.test(el) || /^'''/.test(el)) continue // triple-quoted
+    return false // variable, function call, or other expression
+  }
+  return true
+}
+
+/**
+ * Handle Python subprocess/os.system patterns with multi-line awareness.
+ *
+ * Decision tree:
+ * 1. os.system(...)                              → HIGH (always dangerous)
+ * 2. shell=True in call block?                   → HIGH
+ * 3. First arg is inline list [...]?
+ *    a. All string literals, no f-strings        → SKIP (safe)
+ *    b. Has f-strings or variables               → LOW (list args prevent shell injection)
+ * 4. First arg is a variable name?
+ *    a. Resolved to list nearby, all static      → SKIP
+ *    b. Resolved to list nearby, has dynamics    → LOW
+ *    c. Can't resolve                            → LOW (unresolved, flag for review)
+ * 5. f-string as direct arg (not in list)?       → HIGH (command injection)
+ * 6. Everything else                             → HIGH (fallback)
  */
 function handlePythonSubprocessPattern(
   funcPattern: DangerousFunctionPattern,
@@ -858,53 +1170,347 @@ function handlePythonSubprocessPattern(
   index: number,
   filePath: string,
   isTestFile: boolean,
-  vulnerabilities: Vulnerability[]
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
 ): void {
-  // os.system is always dangerous - no safe usage
+  // 1. os.system is always dangerous - no safe usage
   if (/os\.system\s*\(/i.test(line)) {
     handleStandardPattern(funcPattern, line, index, filePath, isTestFile, vulnerabilities)
     return
   }
 
-  // Check for subprocess with list args and no shell=True (safe)
-  // Pattern: subprocess.run(['git', 'status', '--porcelain'], ...)
-  // This is safe because args are not parsed by shell
-  const hasListArgs = /subprocess\.(run|call|check_output|Popen)\s*\(\s*\[/i.test(line)
-
-  // Check for shell=True (dangerous)
-  // Look at next line too in case it's multi-line
-  const lines = content.split('\n')
-  const nextLine = lines[index + 1] || ''
-  const combinedLines = line + ' ' + nextLine
-  const hasShellTrue = /shell\s*=\s*True/i.test(combinedLines)
-
-  // Safe: list args without shell=True
-  if (hasListArgs && !hasShellTrue) {
-    // Check if the command is completely static (all string literals in the list)
-    const staticListPattern = /subprocess\.(run|call|check_output|Popen)\s*\(\s*\[\s*(['"][^'"]*['"],?\s*)+\]/i
-    if (staticListPattern.test(line)) {
-      // Completely static command list - safe, skip entirely
+  const _lines = lines ?? content.split('\n')
+
+  // Extract the full multi-line call block (up to 10 lines forward)
+  const callBlock = extractPythonCallBlock(_lines, index)
+
+  // 2. Check for shell=True across the entire call block
+  const hasShellTrue = /shell\s*=\s*True/i.test(callBlock)
+  if (hasShellTrue) {
+    handleStandardPattern(funcPattern, line, index, filePath, isTestFile, vulnerabilities)
+    return
+  }
+
+  // 3. Check for inline list args in the call block (not just same line)
+  const inlineListMatch = callBlock.match(
+    /subprocess\.(run|call|check_output|Popen)\s*\(\s*\[([\s\S]*?)\]/i
+  )
+  if (inlineListMatch) {
+    const listContent = '[' + inlineListMatch[2] + ']'
+    if (isPythonListAllStatic(listContent)) {
+      // 3a. All static string literals → SKIP (safe)
       return
     }
-    // List args but might have variable args - lower severity
+    // 3b. Has f-strings or variables → LOW (list args prevent shell injection)
     vulnerabilities.push({
       id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
       filePath,
       lineNumber: index + 1,
       lineContent: line.trim(),
-      severity: 'low',
+      severity: isTestFile ? 'info' : 'low',
       category: 'dangerous_function',
       title: funcPattern.name + ' (list args)',
       description:
-        'subprocess with list arguments (safer than shell=True). Verify command arguments are validated.',
-      suggestedFix: 'Ensure all arguments are validated and sanitized.',
+        'subprocess with list arguments (safer than shell=True). Some arguments contain variables or f-strings — verify they are validated.',
+      suggestedFix: 'Ensure dynamic arguments are validated and sanitized.',
+      confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return
+  }
+
+  // 4. Check for variable reference as first arg
+  // Pattern: subprocess.run(args, ...) or subprocess.check_output(cmd, ...)
+  const varArgMatch = callBlock.match(
+    /subprocess\.(run|call|check_output|Popen)\s*\(\s*([a-zA-Z_]\w*)\s*[,)]/i
+  )
+  if (varArgMatch) {
+    const varName = varArgMatch[2]
+
+    // Look backwards up to 15 lines for assignment: varName = [...]
+    const searchStart = Math.max(0, index - 15)
+    const previousLines = _lines.slice(searchStart, index + 1).join('\n')
+
+    // Match varName = [...] assignment (possibly multi-line)
+    const assignmentPattern = new RegExp(
+      varName + '\\s*=\\s*\\[([\\s\\S]*?)\\]',
+      'i'
+    )
+    const assignmentMatch = previousLines.match(assignmentPattern)
+
+    if (assignmentMatch) {
+      const listContent = '[' + assignmentMatch[1] + ']'
+      if (isPythonListAllStatic(listContent)) {
+        // 4a. Variable resolves to all-static list → SKIP
+        return
+      }
+      // 4b. Variable resolves to list with dynamic elements → LOW
+      vulnerabilities.push({
+        id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+        filePath,
+        lineNumber: index + 1,
+        lineContent: line.trim(),
+        severity: isTestFile ? 'info' : 'low',
+        category: 'dangerous_function',
+        title: funcPattern.name + ' (list args via variable)',
+        description:
+          `subprocess called with variable '${varName}' which resolves to a list. List arguments prevent shell injection, but some elements are dynamic.`,
+        suggestedFix: 'Ensure dynamic list elements are validated and sanitized.',
+        confidence: 'low',
+        baseConfidence: BASE_CONFIDENCE,
+        layer: 2,
+      source: 'structural' as const,      })
+      return
+    }
+
+    // 4c. Can't resolve the variable — flag for review at LOW
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: isTestFile ? 'info' : 'low',
+      category: 'dangerous_function',
+      title: funcPattern.name + ' (unresolved variable)',
+      description:
+        `subprocess called with variable '${varName}' — could not resolve its value nearby. If it is a list, shell injection risk is low.`,
+      suggestedFix: 'Verify the variable is a list (not a string) and arguments are validated.',
+      confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return
+  }
+
+  // 5. f-string as direct arg (not inside a list) → HIGH (command injection)
+  const hasFStringDirectArg = /subprocess\.(run|call|check_output|Popen)\s*\(\s*f['"`]/i.test(callBlock)
+  if (hasFStringDirectArg) {
+    handleStandardPattern(funcPattern, line, index, filePath, isTestFile, vulnerabilities)
+    return
+  }
+
+  // 6. Everything else → HIGH (fallback)
+  handleStandardPattern(funcPattern, line, index, filePath, isTestFile, vulnerabilities)
+}
+
+/**
+ * Handle regex patterns - check for escaped input
+ * Pattern: new RegExp(escapedInput) or new RegExp(input.replaceAll(...escaped...))
+ */
+function handleRegexPattern(
+  funcPattern: DangerousFunctionPattern,
+  line: string,
+  content: string,
+  index: number,
+  filePath: string,
+  isTestFile: boolean,
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
+): void {
+  const _lines = lines ?? content.split('\n')
+  const contextStart = Math.max(0, index - 15)
+  const contextEnd = Math.min(_lines.length, index + 3)
+  const context = _lines.slice(contextStart, contextEnd).join('\n')
+
+  // Check for RegExp object property access (.source, .flags)
+  // This indicates input is already a validated RegExp, not user string
+  // e.g., new RegExp(existingRegex.source, existingRegex.flags)
+  const isRegExpFromRegExp = /\.source\s*[,)\s]/.test(line)
+  if (isRegExpFromRegExp) {
+    return // Safe - .source only exists on RegExp objects (already validated)
+  }
+
+  // Check for escaping ON THE SAME LINE as new RegExp() - this is a strong signal
+  const sameLineEscapingPatterns = [
+    /\.replaceAll\s*\([^)]*\)\s*[,)]/i,  // .replaceAll(...)) - escaping before RegExp
+    /escape\w*\s*\([^)]*\)\s*[,)]/i,     // escapeRegExp(input)) - function result used
+    /\.replace\s*\([^,]+,[^)]+\)\s*[,)]/i, // .replace(..., ...) followed by closing
+  ]
+  if (sameLineEscapingPatterns.some(p => p.test(line))) {
+    return // Safe - escaping applied on same line before RegExp construction
+  }
+
+  // Check previous 5 lines for escaping assignment (extended from 3 to catch multi-line patterns)
+  const prevLinesStart = Math.max(0, index - 5)
+  const prevLines = _lines.slice(prevLinesStart, index + 1).join('\n')
+
+  // Check for escaping patterns before new RegExp
+  const escapingPatterns = [
+    // Direct escaping function calls
+    /escapeRegExp\s*\(/i,                          // escapeRegExp(input)
+    /escapeString\s*\(/i,                          // escapeString(input)
+    /escape\s*\(\s*pattern/i,                      // escape(pattern)
+    /escapeForRegex\s*\(/i,                        // escapeForRegex(input)
+    /regexEscape\s*\(/i,                           // regexEscape(input)
+
+    // replaceAll with regex escape pattern - original strict patterns
+    /\.replaceAll\s*\(\s*\/\[.*\\\\\]\s*\/[gi]*\s*,\s*['"`]\\\\?\$&['"`]\s*\)/,  // .replaceAll(/[special]/g, '\\$&')
+    /\.replace\s*\(\s*\/\[.*\\\\\]\s*\/[gi]*\s*,\s*['"`]\\\\?\$&['"`]\s*\)/,     // .replace(/[special]/g, '\\$&')
+
+    // More permissive $& replacement detection (the escape marker)
+    // $& is the regex replacement marker that inserts the matched string - used for escaping
+    /\.replace(?:All)?[\s\S]*?['"`]\\*\$&['"`]/,       // .replace/.replaceAll with $& anywhere in call
+    /\.replaceAll?[^;]*\$&/,                           // .replace/.replaceAll until semicolon with $&
+
+    // Lodash/underscore escapeRegExp
+    /_\.escapeRegExp\s*\(/,                        // _.escapeRegExp(input)
+    /lodash.*escapeRegExp/i,                       // lodash.escapeRegExp
+
+    // Variable assignment with escaping (check previous lines)
+    /escaped\w*\s*=.*\.replace/i,                  // escapedInput = input.replace(...)
+    /safe\w*\s*=.*escape/i,                        // safePattern = escapeRegExp(...)
+  ]
+
+  // Check both previous lines and full context
+  const hasEscaping = escapingPatterns.some(p => p.test(line) || p.test(prevLines) || p.test(context))
+
+  // Check for try-catch wrapping (ReDoS contained)
+  const hasTryCatch =
+    /try\s*\{[^}]*new\s+RegExp/i.test(context) ||
+    (context.includes('try {') && _lines.slice(Math.max(0, index - 5), index + 1).some(l => /try\s*\{/.test(l)))
+
+  // Check for configuration-based patterns (trusted input)
+  const isConfigBased =
+    /config\./i.test(line) ||
+    /settings\./i.test(line) ||
+    /rules\./i.test(line) ||
+    /options\.\w+Pattern/i.test(line) ||
+    /urlPattern/i.test(line) ||
+    /routePattern/i.test(line)
+
+  // Escaped input is safe - skip entirely
+  if (hasEscaping) {
+    return
+  }
+
+  // Config-based patterns are trusted - skip
+  if (isConfigBased) {
+    return
+  }
+
+  // Check if regex source is an object property (app-controlled data, not user input)
+  // Patterns: obj.pattern, item.regex, l.urlRegExp, entry.matchPattern
+  const objectPropertySource = /new\s+RegExp\s*\(\s*\w+\.\w*(regex|pattern|regexp|match|rule|expression|filter)\w*/i.test(line)
+  if (objectPropertySource) {
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: 'info',
+      category: 'dangerous_function',
+      title: funcPattern.name + ' (app-controlled)',
+      description: 'Dynamic regex from object property. If the regex source is app-defined (not user input), ReDoS risk is minimal.',
+      suggestedFix: 'Ensure regex patterns come from trusted, validated sources.',
+      confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return
+  }
+
+  // Check if regex source is from array iteration over app data
+  // Pattern: for (const item of items) { new RegExp(item.xxx) }
+  const isArrayIterationContext = /for\s*\(\s*(const|let|var)\s+\w+\s+(of|in)\s+/.test(context) &&
+    /new\s+RegExp\s*\(\s*\w+\./.test(line)
+  if (isArrayIterationContext) {
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: 'info',
+      category: 'dangerous_function',
+      title: funcPattern.name + ' (iteration)',
+      description: 'Dynamic regex in array iteration. If iterating over app-defined data, ReDoS risk is minimal.',
+      suggestedFix: 'Ensure regex patterns come from trusted sources, not user input.',
+      confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return
+  }
+
+  // Try-catch wrapped - lower severity (ReDoS contained)
+  if (hasTryCatch) {
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: 'info',
+      category: 'dangerous_function',
+      title: funcPattern.name + ' (try-catch wrapped)',
+      description:
+        'Dynamic regex with try-catch error handling. ReDoS attacks are contained but may still cause performance issues.',
+      suggestedFix: 'Consider using safe-regex library or adding timeout for regex operations.',
       confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
       layer: 2,
-    })
+      source: 'structural' as const,    })
     return
   }
 
-  // Standard handling for shell=True or non-list args
+  // Standard handling for unprotected regex
+  handleStandardPattern(funcPattern, line, index, filePath, isTestFile, vulnerabilities)
+}
+
+/**
+ * Handle spread operator with user input patterns
+ * Checks for schema validation (Fastify, Zod, tRPC) that strips unknown properties
+ */
+function handleSpreadPattern(
+  funcPattern: DangerousFunctionPattern,
+  line: string,
+  content: string,
+  index: number,
+  filePath: string,
+  isTestFile: boolean,
+  vulnerabilities: Vulnerability[],
+  lines?: string[]
+): void {
+  const _lines = lines ?? content.split('\n')
+  const contextStart = Math.max(0, index - 30)
+  const contextEnd = index
+  const context = _lines.slice(contextStart, contextEnd).join('\n')
+
+  // Fastify/Hapi schema validation on route - body is pre-validated
+  // Pattern: schema: { body: someSchema } before handler
+  const hasRouteSchemaValidation =
+    /schema\s*:\s*\{[^}]*body\s*:\s*\w+/i.test(context) ||
+    /body\s*:\s*\w+Schema/i.test(context)
+
+  // Express + Zod/Joi/Yup middleware validation
+  const hasMiddlewareValidation =
+    /validate\s*\(\s*\w+Schema\s*\)/i.test(context) ||
+    /\.parse\s*\(\s*req\.body\s*\)/i.test(context) ||
+    /celebrate\s*\(/i.test(context)
+
+  // tRPC input validation
+  const hasTRPCValidation =
+    /\.input\s*\(\s*z\./i.test(context) ||
+    /\.input\s*\(\s*\w+Schema\s*\)/i.test(context)
+
+  if (hasRouteSchemaValidation || hasMiddlewareValidation || hasTRPCValidation) {
+    vulnerabilities.push({
+      id: `dangerous-func-${filePath}-${index + 1}-${funcPattern.name}`,
+      filePath,
+      lineNumber: index + 1,
+      lineContent: line.trim(),
+      severity: 'info',
+      category: 'dangerous_function',
+      title: funcPattern.name + ' (schema-validated)',
+      description: 'Request body is spread but has schema validation. Schema validation strips unknown properties, reducing mass assignment risk.',
+      suggestedFix: 'Ensure schema validation is strict (no .passthrough() in Zod, no additionalProperties in JSON Schema).',
+      confidence: 'low',
+      baseConfidence: BASE_CONFIDENCE,
+      layer: 2,
+      source: 'structural' as const,    })
+    return
+  }
+
+  // No schema validation - standard handling
   handleStandardPattern(funcPattern, line, index, filePath, isTestFile, vulnerabilities)
 }
 
@@ -944,6 +1550,7 @@ function handleStandardPattern(
     description: funcPattern.description + (isTestFile ? ' (in test file)' : ''),
     suggestedFix: funcPattern.suggestedFix,
     confidence,
+    baseConfidence: BASE_CONFIDENCE,
     layer: 2,
-  })
+      source: 'structural' as const,  })
 }