@oculum/scanner 1.0.14 → 1.0.15

package/src/detect/ast-rules/child-process-ast.ts

@@ -0,0 +1,276 @@
+/**
+ * AST-Based child_process / Command Injection Detection
+ *
+ * Migrates dangerous-functions child-process detection to AST.
+ *
+ * AST advantages:
+ * - Resolves child_process imports: const { exec } = require('child_process')
+ * - Tracks aliased imports: import { exec as run } from 'child_process'
+ * - Detects if command arguments are static vs dynamic
+ * - Understands allowlist patterns nearby in the function
+ */
+
+import type { ParsedAST } from '../../parse/ast'
+import { findEnclosingFunction } from '../../parse/ast'
+import { registerASTRule, type ASTRuleMatch, type NodeIndex, getNodes } from './index'
+import type Parser from 'tree-sitter'
+import { hasImport, isImportedFrom, collectImportBindings } from './helpers/import-analysis'
+import { resolveCallTarget, getCallArguments } from './helpers/call-analysis'
+import { collectVariableAliases, isConstant } from './helpers/scope-analysis'
+import { isUserInputExpression } from './helpers/user-input'
+import { isScannerOrFixtureFile, isTestOrMockFile } from '../../parse/file-classifier'
+import { hasPythonImport, resolvePythonCallTarget, getPythonKeywordArgument, isPythonUserInputExpression, getPythonCallArguments, collectPythonImportBindings } from './helpers/python-helpers'
+
+// ============================================================================
+// Helpers
+// ============================================================================
+
+const CP_FUNCTIONS = new Set(['exec', 'execSync', 'execFile', 'execFileSync', 'spawn', 'spawnSync', 'fork'])
+
+const PY_SUBPROCESS_FUNCTIONS = new Set(['run', 'call', 'Popen', 'check_output', 'check_call', 'getoutput', 'getstatusoutput'])
+const PY_OS_EXEC_FUNCTIONS = new Set(['system', 'popen', 'execl', 'execle', 'execlp', 'execlpe', 'execv', 'execve', 'execvp', 'execvpe'])
+
+/** Check if there's an allowlist validation pattern nearby */
+function hasAllowlistValidation(fnNode: Parser.SyntaxNode): boolean {
+  const bodyText = fnNode.text
+  // JS: .includes() method
+  if (/allowed(Args|Commands?|Cmds?)\.includes|valid(Args|Commands?)\.includes|ALLOWED_.*\.includes|whitelist\.includes/i.test(bodyText)) return true
+  // Python: `in` operator with allowlist-like variable names
+  if (/\bin\s+(allowed|valid|permitted|ALLOWED|VALID|PERMITTED)_?\w*\b/i.test(bodyText)) return true
+  if (/\bin\s+(allowlist|whitelist|allow_list|white_list)\b/i.test(bodyText)) return true
+  return false
+}
+
+/** Classify file context for severity adjustment */
+function classifyFileContext(filePath: string): 'build' | 'desktop' | 'mcp' | 'cli' | 'normal' {
+  if (/(^|\/)(build|generate|format|lint|setup|deploy|migrate|compile|scripts?|tools?|bin)\//i.test(filePath)) return 'build'
+  if (/(^|\/)(electron|tauri|desktop)\//i.test(filePath)) return 'desktop'
+  if (/(^|\/)mcp\//i.test(filePath)) return 'mcp'
+  if (/(^|\/)cli\//i.test(filePath)) return 'cli'
+  return 'normal'
+}
+
+// ============================================================================
+// AST Rule: child_process command execution
+// ============================================================================
+
+registerASTRule({
+  id: 'ast-child-process',
+  title: 'Shell command execution detected',
+  description: 'child_process exec/spawn can lead to command injection if arguments include user input',
+  severity: 'high',
+  category: 'command_injection',
+  suggestedFix: 'Use execFile() with argument arrays instead of exec(). Validate and sanitize all command arguments against an allowlist.',
+  languages: ['javascript', 'typescript', 'tsx', 'python'],
+  confidence: 'high',
+  baseConfidence: 0.40,
+  layer: 2,
+  source: 'structural',
+  requiresAIValidation: false,
+  detect(ast: ParsedAST, content: string, nodeIndex?: NodeIndex): ASTRuleMatch[] {
+    if (isScannerOrFixtureFile(ast.filePath)) return []
+
+    // Skip vendor/minified/cached files — third-party code, not user's own
+    if (/node_modules[\/\\]\.cache|\.min\.(js|css)|vendor[\/\\]bundle|dist[\/\\].*\.bundle/i.test(ast.filePath)) return []
+
+    // Quick content pre-check — skip files without command execution mentions
+    if (!/child_process|subprocess|os\.system|os\.popen|os\.exec/.test(content)) return []
+
+    const root = ast.tree.rootNode
+    const isTest = isTestOrMockFile(ast.filePath)
+    const fileCtx = classifyFileContext(ast.filePath)
+
+    // --- Python: subprocess, os.system, os.popen ---
+    if (ast.language === 'python') {
+      const hasSubprocess = hasPythonImport(root, 'subprocess')
+      const hasOs = hasPythonImport(root, 'os')
+      if (!hasSubprocess && !hasOs) return []
+      if (isTest) return []
+
+      const matches: ASTRuleMatch[] = []
+
+      // Build set of local names from direct imports: from subprocess import run → 'run'
+      const pyBindings = collectPythonImportBindings(root)
+      const pyCommandNames = new Set<string>()
+      for (const [local, binding] of pyBindings) {
+        if (binding.module === 'subprocess' && PY_SUBPROCESS_FUNCTIONS.has(binding.originalName)) {
+          pyCommandNames.add(local)
+        }
+        if (binding.module === 'os' && PY_OS_EXEC_FUNCTIONS.has(binding.originalName)) {
+          pyCommandNames.add(local)
+        }
+      }
+
+      for (const node of getNodes(nodeIndex!, 'call')) {
+        const target = resolvePythonCallTarget(node)
+        if (!target) continue
+
+        let isCommandCall = false
+
+        // subprocess.run(...), subprocess.Popen(...), etc.
+        if (hasSubprocess && target.type === 'member' &&
+            /^subprocess$/.test(target.object ?? '') &&
+            PY_SUBPROCESS_FUNCTIONS.has(target.name)) {
+          isCommandCall = true
+        }
+
+        // os.system(...), os.popen(...), os.execl(...), etc.
+        if (hasOs && target.type === 'member' &&
+            /^os$/.test(target.object ?? '') &&
+            PY_OS_EXEC_FUNCTIONS.has(target.name)) {
+          isCommandCall = true
+        }
+
+        // Direct call via imported name: from subprocess import run; run(cmd)
+        if (target.type === 'direct' && pyCommandNames.has(target.name)) {
+          isCommandCall = true
+        }
+
+        if (!isCommandCall) continue
+
+        const args = getPythonCallArguments(node)
+
+        // Check for shell=True keyword arg
+        const shellArg = getPythonKeywordArgument(node, 'shell')
+        const hasShellTrue = shellArg?.type === 'true'
+
+        // subprocess with list args + no shell=True is safe (no shell interpretation)
+        if (args.length > 0 && args[0].type === 'list' && !hasShellTrue) continue
+
+        // Check if all positional args are static strings
+        const allStatic = args.length > 0 && args.every(a =>
+          a.type === 'string' || a.type === 'list' && a.namedChildren.every(c => c.type === 'string')
+        )
+
+        // Static commands can never have injection — fully suppress
+        if (allStatic) continue
+
+        // Check for allowlist validation
+        const fn = findEnclosingFunction(node)
+        if (fn && hasAllowlistValidation(fn)) continue
+
+        // Determine severity
+        let severity: 'critical' | 'high' | 'medium' | 'low' | 'info' = 'high'
+        let note = 'Shell command execution with dynamic arguments'
+
+        // os.system() is always high — no arg separation possible
+        if (target.name === 'system') {
+          severity = 'high'
+          note = 'os.system() executes commands via shell — use subprocess with argument list instead'
+        }
+
+        // shell=True with dynamic args is critical
+        if (hasShellTrue && !allStatic) {
+          severity = 'critical'
+          note = 'subprocess with shell=True and dynamic arguments — command injection risk'
+        }
+
+        // Context adjustments (don't override shell=True escalation with dynamic args)
+        if (!hasShellTrue || allStatic) {
+          if (fileCtx === 'build') {
+            severity = 'info'
+            note = 'Shell command in build script context'
+          } else if (fileCtx === 'desktop') {
+            severity = 'medium'
+            note = 'Shell command in desktop application context'
+          } else if (fileCtx === 'mcp') {
+            severity = 'medium'
+            note = 'Shell command in MCP server context'
+          } else if (fileCtx === 'cli') {
+            severity = 'info'
+            note = 'Shell command in CLI tool context'
+          }
+        }
+
+        // Escalate if user input detected
+        if (args.some(a => isPythonUserInputExpression(a))) {
+          severity = 'critical'
+          note = 'Shell command with user input — command injection risk'
+        }
+
+        matches.push({ node, severity, note })
+      }
+
+      return matches
+    }
+
+    // --- JavaScript/TypeScript ---
+    // Check if file imports child_process
+    const hasCP =
+      hasImport(root, 'child_process') ||
+      hasImport(root, 'node:child_process')
+
+    if (!hasCP) return []
+
+    const matches: ASTRuleMatch[] = []
+    const aliases = collectVariableAliases(root)
+    const bindings = collectImportBindings(root)
+
+    // Build set of local names that refer to child_process functions
+    const cpNames = new Set<string>()
+    for (const [local, binding] of bindings) {
+      if (
+        (binding.module === 'child_process' || binding.module === 'node:child_process') &&
+        CP_FUNCTIONS.has(binding.originalName)
+      ) {
+        cpNames.add(local)
+      }
+    }
+
+    for (const node of getNodes(nodeIndex!, 'call_expression')) {
+      const target = resolveCallTarget(node, aliases)
+      if (!target) continue
+
+      // Check if this is a child_process function call
+      const isCPCall = cpNames.has(target.name) ||
+        (target.type === 'member' && CP_FUNCTIONS.has(target.name) &&
+          /child_process|cp/.test(target.object ?? ''))
+
+      if (!isCPCall) continue
+
+      const args = getCallArguments(node)
+
+      // Static command string can never have injection — fully suppress
+      // Only check the first arg (command string); callbacks/options are irrelevant
+      if (args.length > 0 && isConstant(args[0])) continue
+
+      // spawn/spawnSync with array second arg never goes through shell — safe
+      if ((target.name === 'spawn' || target.name === 'spawnSync') && args.length >= 2 && args[1].type === 'array') continue
+
+      // Check for allowlist validation
+      const fn = findEnclosingFunction(node)
+      if (fn && hasAllowlistValidation(fn)) continue
+
+      // Skip tests
+      if (isTest) continue
+
+      // Context-adjusted severity
+      let severity: 'critical' | 'high' | 'medium' | 'low' | 'info' = 'high'
+      let note = 'Shell command execution with dynamic arguments'
+
+      if (fileCtx === 'build') {
+        severity = 'info'
+        note = 'Shell command in build script context'
+      } else if (fileCtx === 'desktop') {
+        severity = 'medium'
+        note = 'Shell command in desktop application context'
+      } else if (fileCtx === 'mcp') {
+        severity = 'medium'
+        note = 'Shell command in MCP server context'
+      } else if (fileCtx === 'cli') {
+        severity = 'info'
+        note = 'Shell command in CLI tool context'
+      }
+
+      // Escalate if user input detected
+      if (args.some(a => isUserInputExpression(a))) {
+        severity = 'critical'
+        note = 'Shell command with user input - command injection risk'
+      }
+
+      matches.push({ node, severity, note })
+    }
+
+    return matches
+  },
+})

package/src/detect/ast-rules/dangerous-eval-ast.ts

@@ -0,0 +1,227 @@
+/**
+ * AST-Based eval() / Function() / setTimeout-string Detection
+ *
+ * Migrates dangerous-functions eval detection to AST.
+ *
+ * AST advantages:
+ * - Distinguishes eval() from model.eval() (member expression vs direct call)
+ * - Tracks aliased eval: const e = eval; e(userInput)
+ * - Detects Function constructor with variable aliasing
+ * - Understands if argument is a string literal (safe) vs dynamic (dangerous)
+ */
+
+import type { ParsedAST } from '../../parse/ast'
+import { findEnclosingFunction } from '../../parse/ast'
+import { registerASTRule, type ASTRuleMatch, type NodeIndex, getNodes } from './index'
+import type Parser from 'tree-sitter'
+import { collectVariableAliases, isConstant, resolveVariableValue } from './helpers/scope-analysis'
+import { resolveCallTarget, getCallArguments } from './helpers/call-analysis'
+import { isInsideTryCatch } from './helpers/control-flow'
+import { isUserInputExpression } from './helpers/user-input'
+import { isScannerOrFixtureFile, isTestOrMockFile } from '../../parse/file-classifier'
+import { resolvePythonCallTarget, isPythonUserInputExpression, isPythonFString, getPythonCallArguments, collectPythonVariableAliases } from './helpers/python-helpers'
+
+// ============================================================================
+// Helpers
+// ============================================================================
+
+/** Check if all arguments to a call are static string literals */
+function allArgsStatic(args: Parser.SyntaxNode[]): boolean {
+  return args.length > 0 && args.every(arg => isConstant(arg))
+}
+
+/** Check if eval is used as a method call (model.eval(), torch.eval()) */
+function isMethodEval(node: Parser.SyntaxNode): boolean {
+  const fn = node.childForFieldName('function')
+  return fn?.type === 'member_expression'
+}
+
+/** Check if a Python argument is a static literal */
+function isPythonStaticArg(node: Parser.SyntaxNode): boolean {
+  if (node.type === 'string' && !isPythonFString(node)) return true
+  if (node.type === 'integer' || node.type === 'float') return true
+  if (node.type === 'true' || node.type === 'false' || node.type === 'none') return true
+  return false
+}
+
+// ============================================================================
+// AST Rule: eval() / Function constructor
+// ============================================================================
+
+registerASTRule({
+  id: 'ast-dangerous-eval',
+  title: 'Dynamic code execution detected',
+  description: 'eval(), Function constructor, or string-based setTimeout/setInterval can execute arbitrary code',
+  severity: 'critical',
+  category: 'dangerous_function',
+  suggestedFix: 'Avoid eval() and Function constructor. Use safer alternatives like JSON.parse() for data, or structured approaches for dynamic behavior.',
+  languages: ['javascript', 'typescript', 'tsx', 'python'],
+  confidence: 'high',
+  baseConfidence: 0.40,
+  layer: 2,
+  source: 'structural',
+  requiresAIValidation: false,
+  detect(ast: ParsedAST, content: string, nodeIndex?: NodeIndex): ASTRuleMatch[] {
+    if (isScannerOrFixtureFile(ast.filePath)) return []
+
+    // Content pre-check: skip files without relevant dynamic execution patterns
+    if (!/\beval\b|\bFunction\b|\bsetTimeout\b|\bsetInterval\b|\bexec\b|\bcompile\b|\b__import__\b/i.test(content)) return []
+
+    const matches: ASTRuleMatch[] = []
+    const root = ast.tree.rootNode
+    const isTest = isTestOrMockFile(ast.filePath)
+
+    // --- Python: eval(), exec(), compile(), __import__() ---
+    if (ast.language === 'python') {
+      if (isTest) return []
+
+      const pyAliases = collectPythonVariableAliases(root)
+
+      for (const node of getNodes(nodeIndex!, 'call')) {
+        const target = resolvePythonCallTarget(node, pyAliases)
+        if (!target) continue
+
+        // Skip method calls: model.eval(), torch.compile()
+        if (target.type === 'member') continue
+
+        const name = target.name
+        if (name !== 'eval' && name !== 'exec' && name !== 'compile' && name !== '__import__') continue
+
+        const args = getPythonCallArguments(node)
+        if (args.length > 0 && args.every(a => isPythonStaticArg(a))) continue
+
+        const hasUserInput = args.some(a => isPythonUserInputExpression(a))
+
+        if (name === 'eval') {
+          matches.push({
+            node,
+            severity: hasUserInput ? 'critical' : 'high',
+            note: hasUserInput
+              ? 'eval() called with user input — critical code execution risk'
+              : 'eval() with dynamic argument — can execute arbitrary Python expressions',
+          })
+        } else if (name === 'exec') {
+          matches.push({
+            node,
+            severity: hasUserInput ? 'critical' : 'high',
+            note: hasUserInput
+              ? 'exec() called with user input — critical code execution risk'
+              : 'exec() with dynamic argument — can execute arbitrary Python code',
+          })
+        } else if (name === 'compile') {
+          matches.push({
+            node,
+            severity: 'medium',
+            note: 'compile() with dynamic argument — code object can be passed to exec()',
+          })
+        } else if (name === '__import__') {
+          matches.push({
+            node,
+            severity: hasUserInput ? 'critical' : 'high',
+            note: hasUserInput
+              ? '__import__() with user input — can load arbitrary Python modules'
+              : '__import__() with dynamic argument — can load arbitrary modules',
+          })
+        }
+      }
+
+      return matches
+    }
+
+    // --- JavaScript/TypeScript ---
+    const aliases = collectVariableAliases(root)
+
+    for (const node of getNodes(nodeIndex!, 'call_expression', 'new_expression')) {
+      const target = resolveCallTarget(node, aliases)
+      if (!target) continue
+
+      const args = getCallArguments(node)
+
+      // --- eval() ---
+      if (target.name === 'eval' && target.type === 'direct') {
+        // Skip method calls: model.eval()
+        if (!target.aliased && isMethodEval(node)) continue
+
+        // Skip static literal arguments
+        if (allArgsStatic(args)) continue
+
+        // Skip test files
+        if (isTest) continue
+
+        const hasUserInput = args.some(a => isUserInputExpression(a))
+        matches.push({
+          node,
+          severity: hasUserInput ? 'critical' : 'medium',
+          note: hasUserInput
+            ? 'eval() called with user input — critical code injection risk'
+            : 'eval() with dynamic argument — verify input is trusted and consider alternatives',
+        })
+        continue
+      }
+
+      // --- new Function() ---
+      if (target.name === 'Function' && (target.type === 'new' || target.type === 'direct')) {
+        if (allArgsStatic(args)) continue
+        if (isTest) continue
+
+        matches.push({
+          node,
+          severity: 'critical',
+          note: 'Function constructor can execute arbitrary code like eval()',
+        })
+        continue
+      }
+
+      // --- setTimeout/setInterval with string first argument ---
+      if (
+        (target.name === 'setTimeout' || target.name === 'setInterval') &&
+        target.type === 'direct'
+      ) {
+        const firstArg = args[0]
+        if (!firstArg) continue
+
+        // Only dangerous when first arg is a string (not a function reference)
+        if (firstArg.type === 'string' || firstArg.type === 'template_string') {
+          if (isConstant(firstArg)) continue // static string, low risk
+          matches.push({
+            node,
+            severity: 'high',
+            note: `${target.name}() with string argument acts like eval()`,
+          })
+          continue
+        }
+
+        // Variable/expression argument (not a function literal) — potential implicit eval
+        if (firstArg.type !== 'arrow_function' &&
+            firstArg.type !== 'function_expression') {
+          if (isConstant(firstArg)) continue
+          // Member expressions are typically function refs: this.tick, obj.handler
+          if (firstArg.type === 'member_expression') continue
+          // Identifiers: resolve value to determine if function or potential string
+          if (firstArg.type === 'identifier') {
+            const resolved = resolveVariableValue(firstArg, firstArg.text)
+            // Skip if resolved to a function
+            if (resolved && (resolved.type === 'arrow_function' || resolved.type === 'function_expression')) continue
+            // Skip if not resolvable — likely a parameter/imported function reference
+            if (!resolved) continue
+            // Resolved to a call expression or other non-function: could be a string
+            matches.push({
+              node,
+              severity: 'medium',
+              note: `${target.name}() with non-function argument — acts like eval() if value is a string`,
+            })
+            continue
+          }
+          matches.push({
+            node,
+            severity: 'medium',
+            note: `${target.name}() with non-function argument — acts like eval() if value is a string`,
+          })
+        }
+        continue
+      }
+    }
+
+    return matches
+  },
+})

package/src/detect/ast-rules/data-exposure-ast.ts

@@ -0,0 +1,162 @@
+/**
+ * AST-Based Data Exposure Detection
+ *
+ * Migrates structural/data-exposure.ts from regex to AST.
+ * Detects sensitive data in API responses (stack traces, error objects).
+ *
+ * AST advantages:
+ * - Understands res.json(err) vs res.json({ error: err.message })
+ * - Detects error spread: res.json({ ...error })
+ * - Distinguishes response sinks from log sinks at the AST level
+ */
+
+import type { ParsedAST } from '../../parse/ast'
+import { registerASTRule, type ASTRuleMatch, type NodeIndex, getNodes } from './index'
+import type Parser from 'tree-sitter'
+import { isMethodCallOn, getCallArguments, getObjectLiteralProperty, resolveCallTarget } from './helpers/call-analysis'
+import { isInsideCatchClause } from './helpers/control-flow'
+import { isScannerOrFixtureFile, isTestOrMockFile, isEducationalVulnerabilityFile } from '../../parse/file-classifier'
+
+// ============================================================================
+// Helpers
+// ============================================================================
+
+/** Known response methods */
+function isResponseCall(node: Parser.SyntaxNode): boolean {
+  if (
+    isMethodCallOn(node, /^(res|response)$/, ['json', 'send']) ||
+    isMethodCallOn(node, /^NextResponse$/, ['json']) ||
+    isMethodCallOn(node, /^Response$/, ['json'])
+  ) return true
+
+  // Chain resolution: res.status(500).json(...) or res.status(500).send(...)
+  const fn = node.childForFieldName('function')
+  if (fn?.type === 'member_expression') {
+    const method = fn.childForFieldName('property')
+    if (method && ['json', 'send'].includes(method.text)) {
+      const obj = fn.childForFieldName('object')
+      if (obj?.type === 'call_expression') {
+        const chainFn = obj.childForFieldName('function')
+        if (chainFn?.type === 'member_expression') {
+          const rootObj = chainFn.childForFieldName('object')
+          if (rootObj && /^(res|response)$/.test(rootObj.text)) return true
+        }
+      }
+    }
+  }
+
+  return false
+}
+
+/** Check if a node references an error variable (.stack, full error, spread) */
+function isErrorExposure(argNode: Parser.SyntaxNode): 'stack' | 'full_error' | 'spread' | 'details' | null {
+  // Direct error object: res.json(err)
+  if (argNode.type === 'identifier' && /^(err|error|e)$/i.test(argNode.text)) {
+    return 'full_error'
+  }
+
+  // err.stack access
+  if (argNode.type === 'member_expression') {
+    const prop = argNode.childForFieldName('property')
+    const obj = argNode.childForFieldName('object')
+    if (prop?.text === 'stack' && /^(err|error|e)$/i.test(obj?.text ?? '')) return 'stack'
+  }
+
+  // err.toString() call expression
+  if (argNode.type === 'call_expression') {
+    const callFn = argNode.childForFieldName('function')
+    if (callFn?.type === 'member_expression') {
+      const obj = callFn.childForFieldName('object')
+      const method = callFn.childForFieldName('property')
+      if (/^(err|error|e)$/i.test(obj?.text ?? '') && method?.text === 'toString') return 'full_error'
+    }
+  }
+
+  // Object with .stack or spread
+  if (argNode.type === 'object') {
+    for (const child of argNode.namedChildren) {
+      // { ...error }
+      if (child.type === 'spread_element') {
+        const spreadExpr = child.namedChildren[0]
+        if (spreadExpr && /^(err|error|e)$/i.test(spreadExpr.text)) return 'spread'
+      }
+      // { stack: error.stack }
+      if (child.type === 'pair') {
+        const key = child.childForFieldName('key')
+        const value = child.childForFieldName('value')
+        if (key?.text === 'stack') return 'stack'
+        if (value?.type === 'member_expression') {
+          const prop = value.childForFieldName('property')
+          if (prop?.text === 'stack') return 'stack'
+        }
+        // { details: ..., internal: ..., debug: ..., trace: ... }
+        if (key && /^(details|internal|debug|trace|stack)$/.test(key.text)) return 'details'
+      }
+    }
+  }
+
+  return null
+}
+
+// ============================================================================
+// AST Rule: Data Exposure in Responses
+// ============================================================================
+
+registerASTRule({
+  id: 'ast-data-exposure',
+  title: 'Sensitive data in API response',
+  description: 'API response may expose sensitive error details, stack traces, or internal information to clients',
+  severity: 'high',
+  category: 'data_exposure',
+  suggestedFix: 'Never return stack traces or raw error objects to clients. Return only { error: message } or a structured error response.',
+  languages: ['javascript', 'typescript', 'tsx'],
+  confidence: 'high',
+  baseConfidence: 0.40,
+  layer: 2,
+  source: 'structural',
+  detect(ast: ParsedAST, _content: string, nodeIndex?: NodeIndex): ASTRuleMatch[] {
+    if (isScannerOrFixtureFile(ast.filePath)) return []
+    if (isTestOrMockFile(ast.filePath)) return []
+    if (isEducationalVulnerabilityFile(ast.filePath)) return []
+
+    const matches: ASTRuleMatch[] = []
+
+    for (const node of getNodes(nodeIndex!, 'call_expression')) {
+      if (!isResponseCall(node)) continue
+
+      const args = getCallArguments(node)
+      if (args.length === 0) continue
+
+      const firstArg = args[0]
+      const exposure = isErrorExposure(firstArg)
+
+      if (exposure === 'stack') {
+        matches.push({
+          node,
+          severity: 'high',
+          note: 'Stack trace exposed in API response. Reveals internal code paths to clients.',
+        })
+      } else if (exposure === 'full_error') {
+        matches.push({
+          node,
+          severity: 'high',
+          note: 'Entire error object returned to client. May expose stack traces and internal details.',
+        })
+      } else if (exposure === 'spread') {
+        matches.push({
+          node,
+          severity: 'high',
+          note: 'Error object spread into response. May expose stack traces and internal details.',
+        })
+      } else if (exposure === 'details') {
+        matches.push({
+          node,
+          severity: 'medium',
+          note: 'Detailed/internal error information in response may leak implementation details.',
+        })
+      }
+    }
+
+    return matches
+  },
+})