npm - @oculum/scanner - Versions diffs - 1.0.9 → 1.0.11 - Mend

@oculum/scanner 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (365) hide show

package/dist/baseline/diff.d.ts +32 -0
package/dist/baseline/diff.d.ts.map +1 -0
package/dist/baseline/diff.js +119 -0
package/dist/baseline/diff.js.map +1 -0
package/dist/baseline/index.d.ts +9 -0
package/dist/baseline/index.d.ts.map +1 -0
package/dist/baseline/index.js +19 -0
package/dist/baseline/index.js.map +1 -0
package/dist/baseline/manager.d.ts +67 -0
package/dist/baseline/manager.d.ts.map +1 -0
package/dist/baseline/manager.js +180 -0
package/dist/baseline/manager.js.map +1 -0
package/dist/baseline/types.d.ts +91 -0
package/dist/baseline/types.d.ts.map +1 -0
package/dist/baseline/types.js +12 -0
package/dist/baseline/types.js.map +1 -0
package/dist/formatters/cli-terminal.d.ts +38 -0
package/dist/formatters/cli-terminal.d.ts.map +1 -1
package/dist/formatters/cli-terminal.js +365 -42
package/dist/formatters/cli-terminal.js.map +1 -1
package/dist/formatters/github-comment.d.ts +1 -1
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +75 -11
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/index.d.ts +1 -1
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +4 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +7 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +155 -16
package/dist/index.js.map +1 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +20 -3
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +20 -0
package/dist/layer1/config-mcp-audit.d.ts.map +1 -0
package/dist/layer1/config-mcp-audit.js +239 -0
package/dist/layer1/config-mcp-audit.js.map +1 -0
package/dist/layer1/index.d.ts +1 -0
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +9 -1
package/dist/layer1/index.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +303 -0
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +17 -3
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +462 -12
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +3 -0
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +17 -0
package/dist/layer2/ai-mcp-security.d.ts.map +1 -0
package/dist/layer2/ai-mcp-security.js +679 -0
package/dist/layer2/ai-mcp-security.js.map +1 -0
package/dist/layer2/ai-package-hallucination.d.ts +19 -0
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -0
package/dist/layer2/ai-package-hallucination.js +696 -0
package/dist/layer2/ai-package-hallucination.js.map +1 -0
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +495 -9
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +372 -1
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +4 -0
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +3 -0
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +16 -0
package/dist/layer2/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/child-process.js +74 -0
package/dist/layer2/dangerous-functions/child-process.js.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts +29 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.js +179 -0
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -0
package/dist/layer2/dangerous-functions/index.d.ts +13 -0
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/index.js +621 -0
package/dist/layer2/dangerous-functions/index.js.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts +31 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.js +319 -0
package/dist/layer2/dangerous-functions/json-parse.js.map +1 -0
package/dist/layer2/dangerous-functions/math-random.d.ts +61 -0
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/math-random.js +459 -0
package/dist/layer2/dangerous-functions/math-random.js.map +1 -0
package/dist/layer2/dangerous-functions/patterns.d.ts +21 -0
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/patterns.js +161 -0
package/dist/layer2/dangerous-functions/patterns.js.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts +13 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.js +119 -0
package/dist/layer2/dangerous-functions/request-validation.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +23 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js +149 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.js +124 -0
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts +9 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.js +23 -0
package/dist/layer2/dangerous-functions/utils/index.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js +89 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +3 -0
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +3 -0
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +3 -0
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +61 -2
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +4 -0
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +20 -0
package/dist/layer2/model-supply-chain.d.ts.map +1 -0
package/dist/layer2/model-supply-chain.js +376 -0
package/dist/layer2/model-supply-chain.js.map +1 -0
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +4 -0
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +4 -0
package/dist/layer2/variables.js.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +24 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.js +188 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -0
package/dist/layer3/anthropic/clients.d.ts +44 -0
package/dist/layer3/anthropic/clients.d.ts.map +1 -0
package/dist/layer3/anthropic/clients.js +81 -0
package/dist/layer3/anthropic/clients.js.map +1 -0
package/dist/layer3/anthropic/index.d.ts +41 -0
package/dist/layer3/anthropic/index.d.ts.map +1 -0
package/dist/layer3/anthropic/index.js +141 -0
package/dist/layer3/anthropic/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +8 -0
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/index.js +14 -0
package/dist/layer3/anthropic/prompts/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +15 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js +169 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +12 -0
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/validation.js +421 -0
package/dist/layer3/anthropic/prompts/validation.js.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts +21 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.js +266 -0
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -0
package/dist/layer3/anthropic/providers/index.d.ts +8 -0
package/dist/layer3/anthropic/providers/index.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/index.js +15 -0
package/dist/layer3/anthropic/providers/index.js.map +1 -0
package/dist/layer3/anthropic/providers/openai.d.ts +18 -0
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/openai.js +340 -0
package/dist/layer3/anthropic/providers/openai.js.map +1 -0
package/dist/layer3/anthropic/request-builder.d.ts +20 -0
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -0
package/dist/layer3/anthropic/request-builder.js +134 -0
package/dist/layer3/anthropic/request-builder.js.map +1 -0
package/dist/layer3/anthropic/types.d.ts +88 -0
package/dist/layer3/anthropic/types.d.ts.map +1 -0
package/dist/layer3/anthropic/types.js +38 -0
package/dist/layer3/anthropic/types.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +9 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/index.js +24 -0
package/dist/layer3/anthropic/utils/index.js.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts +21 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.js +69 -0
package/dist/layer3/anthropic/utils/path-helpers.js.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts +40 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.js +285 -0
package/dist/layer3/anthropic/utils/response-parser.js.map +1 -0
package/dist/layer3/anthropic/utils/retry.d.ts +15 -0
package/dist/layer3/anthropic/utils/retry.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/retry.js +62 -0
package/dist/layer3/anthropic/utils/retry.js.map +1 -0
package/dist/layer3/index.d.ts +1 -0
package/dist/layer3/index.d.ts.map +1 -1
package/dist/layer3/index.js +16 -6
package/dist/layer3/index.js.map +1 -1
package/dist/layer3/osv-check.d.ts +75 -0
package/dist/layer3/osv-check.d.ts.map +1 -0
package/dist/layer3/osv-check.js +308 -0
package/dist/layer3/osv-check.js.map +1 -0
package/dist/rules/framework-fixes.d.ts +48 -0
package/dist/rules/framework-fixes.d.ts.map +1 -0
package/dist/rules/framework-fixes.js +439 -0
package/dist/rules/framework-fixes.js.map +1 -0
package/dist/rules/index.d.ts +8 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +18 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/metadata.d.ts +43 -0
package/dist/rules/metadata.d.ts.map +1 -0
package/dist/rules/metadata.js +734 -0
package/dist/rules/metadata.js.map +1 -0
package/dist/suppression/config-loader.d.ts +74 -0
package/dist/suppression/config-loader.d.ts.map +1 -0
package/dist/suppression/config-loader.js +424 -0
package/dist/suppression/config-loader.js.map +1 -0
package/dist/suppression/hash.d.ts +48 -0
package/dist/suppression/hash.d.ts.map +1 -0
package/dist/suppression/hash.js +88 -0
package/dist/suppression/hash.js.map +1 -0
package/dist/suppression/index.d.ts +11 -0
package/dist/suppression/index.d.ts.map +1 -0
package/dist/suppression/index.js +39 -0
package/dist/suppression/index.js.map +1 -0
package/dist/suppression/inline-parser.d.ts +39 -0
package/dist/suppression/inline-parser.d.ts.map +1 -0
package/dist/suppression/inline-parser.js +218 -0
package/dist/suppression/inline-parser.js.map +1 -0
package/dist/suppression/manager.d.ts +94 -0
package/dist/suppression/manager.d.ts.map +1 -0
package/dist/suppression/manager.js +292 -0
package/dist/suppression/manager.js.map +1 -0
package/dist/suppression/types.d.ts +151 -0
package/dist/suppression/types.d.ts.map +1 -0
package/dist/suppression/types.js +28 -0
package/dist/suppression/types.js.map +1 -0
package/dist/tiers.d.ts +1 -1
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +27 -0
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +62 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/utils/context-helpers.d.ts +4 -0
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +13 -9
package/dist/utils/context-helpers.js.map +1 -1
package/package.json +4 -2
package/src/__tests__/benchmark/fixtures/layer1/mcp-config-audit.json +31 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1489 -82
package/src/__tests__/benchmark/fixtures/layer2/ai-mcp-security.ts +495 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-package-hallucination.ts +255 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-prompt-hygiene.ts +300 -1
package/src/__tests__/benchmark/fixtures/layer2/ai-rag-safety.ts +139 -0
package/src/__tests__/benchmark/fixtures/layer2/byok-patterns.ts +7 -0
package/src/__tests__/benchmark/fixtures/layer2/data-exposure.ts +63 -0
package/src/__tests__/benchmark/fixtures/layer2/excessive-agency.ts +221 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +18 -0
package/src/__tests__/benchmark/fixtures/layer2/model-supply-chain.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer2/phase1-enhancements.ts +157 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +758 -0
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +503 -0
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +321 -0
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +439 -0
package/src/baseline/__tests__/diff.test.ts +261 -0
package/src/baseline/__tests__/manager.test.ts +225 -0
package/src/baseline/diff.ts +135 -0
package/src/baseline/index.ts +29 -0
package/src/baseline/manager.ts +230 -0
package/src/baseline/types.ts +97 -0
package/src/formatters/cli-terminal.ts +444 -41
package/src/formatters/github-comment.ts +79 -11
package/src/formatters/index.ts +4 -0
package/src/index.ts +197 -14
package/src/layer1/config-audit.ts +24 -3
package/src/layer1/config-mcp-audit.ts +276 -0
package/src/layer1/index.ts +16 -6
package/src/layer2/ai-agent-tools.ts +336 -0
package/src/layer2/ai-endpoint-protection.ts +16 -3
package/src/layer2/ai-execution-sinks.ts +516 -12
package/src/layer2/ai-fingerprinting.ts +5 -1
package/src/layer2/ai-mcp-security.ts +730 -0
package/src/layer2/ai-package-hallucination.ts +791 -0
package/src/layer2/ai-prompt-hygiene.ts +547 -9
package/src/layer2/ai-rag-safety.ts +382 -3
package/src/layer2/auth-antipatterns.ts +5 -0
package/src/layer2/byok-patterns.ts +5 -1
package/src/layer2/dangerous-functions/child-process.ts +98 -0
package/src/layer2/dangerous-functions/dom-xss.ts +220 -0
package/src/layer2/dangerous-functions/index.ts +949 -0
package/src/layer2/dangerous-functions/json-parse.ts +385 -0
package/src/layer2/dangerous-functions/math-random.ts +537 -0
package/src/layer2/dangerous-functions/patterns.ts +174 -0
package/src/layer2/dangerous-functions/request-validation.ts +145 -0
package/src/layer2/dangerous-functions/utils/control-flow.ts +162 -0
package/src/layer2/dangerous-functions/utils/helpers.ts +170 -0
package/src/layer2/dangerous-functions/utils/index.ts +25 -0
package/src/layer2/dangerous-functions/utils/schema-validation.ts +91 -0
package/src/layer2/data-exposure.ts +5 -1
package/src/layer2/framework-checks.ts +5 -0
package/src/layer2/index.ts +63 -1
package/src/layer2/logic-gates.ts +5 -0
package/src/layer2/model-supply-chain.ts +456 -0
package/src/layer2/risky-imports.ts +5 -0
package/src/layer2/variables.ts +5 -0
package/src/layer3/__tests__/osv-check.test.ts +384 -0
package/src/layer3/anthropic/auto-dismiss.ts +212 -0
package/src/layer3/anthropic/clients.ts +84 -0
package/src/layer3/anthropic/index.ts +170 -0
package/src/layer3/anthropic/prompts/index.ts +14 -0
package/src/layer3/anthropic/prompts/semantic-analysis.ts +173 -0
package/src/layer3/anthropic/prompts/validation.ts +419 -0
package/src/layer3/anthropic/providers/anthropic.ts +310 -0
package/src/layer3/anthropic/providers/index.ts +8 -0
package/src/layer3/anthropic/providers/openai.ts +384 -0
package/src/layer3/anthropic/request-builder.ts +150 -0
package/src/layer3/anthropic/types.ts +148 -0
package/src/layer3/anthropic/utils/index.ts +26 -0
package/src/layer3/anthropic/utils/path-helpers.ts +68 -0
package/src/layer3/anthropic/utils/response-parser.ts +322 -0
package/src/layer3/anthropic/utils/retry.ts +75 -0
package/src/layer3/index.ts +18 -5
package/src/layer3/osv-check.ts +420 -0
package/src/rules/__tests__/framework-fixes.test.ts +689 -0
package/src/rules/__tests__/metadata.test.ts +218 -0
package/src/rules/framework-fixes.ts +470 -0
package/src/rules/index.ts +21 -0
package/src/rules/metadata.ts +831 -0
package/src/suppression/__tests__/config-loader.test.ts +382 -0
package/src/suppression/__tests__/hash.test.ts +166 -0
package/src/suppression/__tests__/inline-parser.test.ts +212 -0
package/src/suppression/__tests__/manager.test.ts +415 -0
package/src/suppression/config-loader.ts +462 -0
package/src/suppression/hash.ts +95 -0
package/src/suppression/index.ts +51 -0
package/src/suppression/inline-parser.ts +273 -0
package/src/suppression/manager.ts +379 -0
package/src/suppression/types.ts +174 -0
package/src/tiers.ts +36 -0
package/src/types.ts +90 -0
package/src/utils/context-helpers.ts +13 -9
package/dist/layer2/dangerous-functions.d.ts +0 -7
package/dist/layer2/dangerous-functions.d.ts.map +0 -1
package/dist/layer2/dangerous-functions.js +0 -1701
package/dist/layer2/dangerous-functions.js.map +0 -1
package/dist/layer3/anthropic.d.ts +0 -87
package/dist/layer3/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic.js +0 -1948
package/dist/layer3/anthropic.js.map +0 -1
package/dist/layer3/openai.d.ts +0 -25
package/dist/layer3/openai.d.ts.map +0 -1
package/dist/layer3/openai.js +0 -238
package/dist/layer3/openai.js.map +0 -1
package/src/layer2/dangerous-functions.ts +0 -1940
package/src/layer3/anthropic.ts +0 -2257

package/src/layer1/config-mcp-audit.ts ADDED Viewed

@@ -0,0 +1,276 @@
+/**
+ * Layer 1: MCP Configuration Audit
+ * Detects security issues in MCP configuration files
+ *
+ * Scans:
+ * - mcp.json, *.mcp.json
+ * - .mcp/config.json
+ * - mcpServers in package.json
+ *
+ * Detects:
+ * - Secrets in MCP config (API keys, tokens in args)
+ * - Overpermissive settings (disabled approval, infinite timeouts)
+ * - Insecure transport (http:// instead of https://)
+ */
+import type { Vulnerability, VulnerabilitySeverity, VulnerabilityCategory } from '../types'
+import {
+  isComment,
+  isTestOrMockFile,
+  isDocumentationFile,
+  isScannerOrFixtureFile,
+  isExampleDirectory,
+} from '../utils/context-helpers'
+// ============================================================================
+// Configuration File Detection
+// ============================================================================
+/**
+ * Check if file is an MCP configuration file
+ */
+function isMCPConfigFile(filePath: string): boolean {
+  const mcpConfigPatterns = [
+    /mcp\.json$/i,
+    /\.mcp\.json$/i,
+    /\.mcp\/config\.json$/i,
+    /mcp[-_]?config\.json$/i,
+    /claude[-_]?desktop[-_]?config\.json$/i,
+  ]
+  return mcpConfigPatterns.some(p => p.test(filePath))
+}
+/**
+ * Check if file might contain mcpServers configuration (package.json, etc.)
+ */
+function mightContainMCPConfig(filePath: string, content: string): boolean {
+  if (filePath.endsWith('package.json')) {
+    return content.includes('mcpServers') || content.includes('mcp')
+  }
+  if (filePath.endsWith('.json')) {
+    return content.includes('mcpServers') || content.includes('"command"') ||
+           content.includes('"args"') || content.includes('"url"')
+  }
+  return false
+}
+// ============================================================================
+// Pattern Definitions
+// ============================================================================
+interface MCPConfigPattern {
+  name: string
+  pattern: RegExp
+  category: VulnerabilityCategory
+  baseSeverity: VulnerabilitySeverity
+  description: string
+  suggestedFix: string
+}
+/**
+ * MCP Configuration Security Patterns
+ */
+const MCP_CONFIG_PATTERNS: MCPConfigPattern[] = [
+  // Secrets in args array
+  {
+    name: 'API key in MCP server args',
+    pattern: /"args"\s*:\s*\[[^\]]*(?:api[_-]?key|API[_-]?KEY|apiKey)[=:]["'][^"']+["'][^\]]*\]/gi,
+    category: 'ai_mcp_config_secrets',
+    baseSeverity: 'critical',
+    description: 'API key found in MCP server arguments. Secrets should not be stored in configuration files.',
+    suggestedFix: 'Use environment variables for secrets: ["--api-key", "${ANTHROPIC_API_KEY}"] or use a secrets manager.',
+  },
+  // Secret/token in args
+  {
+    name: 'Secret token in MCP server args',
+    pattern: /"args"\s*:\s*\[[^\]]*(?:secret|token|password|credential|auth)[=:]["'][^"']+["'][^\]]*\]/gi,
+    category: 'ai_mcp_config_secrets',
+    baseSeverity: 'critical',
+    description: 'Secret or token found in MCP server arguments. This could be exposed in logs or version control.',
+    suggestedFix: 'Move secrets to environment variables or a secrets manager.',
+  },
+  // Hardcoded bearer token
+  {
+    name: 'Bearer token in MCP config',
+    pattern: /"(?:auth|authorization|header)"\s*:\s*["'][Bb]earer\s+[A-Za-z0-9_-]+["']/gi,
+    category: 'ai_mcp_config_secrets',
+    baseSeverity: 'critical',
+    description: 'Bearer token hardcoded in MCP configuration. This is a security risk.',
+    suggestedFix: 'Use environment variable reference: "Bearer ${MCP_TOKEN}"',
+  },
+  // Environment variable with actual value (not reference)
+  {
+    name: 'Environment variable with hardcoded value',
+    pattern: /"env"\s*:\s*\{[^}]*(?:KEY|TOKEN|SECRET|PASSWORD)\s*"\s*:\s*"(?!\$\{)[^"]+"/gi,
+    category: 'ai_mcp_config_secrets',
+    baseSeverity: 'high',
+    description: 'Environment variable set to hardcoded secret value in MCP config.',
+    suggestedFix: 'Set environment variables outside the config file or use a secrets manager.',
+  },
+  // Disabled approval requirement
+  {
+    name: 'Tool approval disabled',
+    pattern: /"requireApproval"\s*:\s*false/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'medium',
+    description: 'Tool approval is disabled. AI can execute tools without user confirmation.',
+    suggestedFix: 'Enable tool approval for sensitive operations: "requireApproval": true',
+  },
+  // Auto-approve all
+  {
+    name: 'Auto-approve all tools',
+    pattern: /"autoApprove"\s*:\s*(?:true|"\*"|"all"|\["\*"\])/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'high',
+    description: 'All tools are auto-approved. This bypasses user confirmation for all operations.',
+    suggestedFix: 'Limit auto-approval to specific safe tools: "autoApprove": ["read_file", "list_files"]',
+  },
+  // Infinite or very long timeout
+  {
+    name: 'Unlimited tool timeout',
+    pattern: /"(?:toolTimeout|timeout)"\s*:\s*(?:0|null|"infinite"|999999+)/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'medium',
+    description: 'Tool timeout is disabled or very long. Tools could run indefinitely.',
+    suggestedFix: 'Set a reasonable timeout: "toolTimeout": 30000 (30 seconds)',
+  },
+  // HTTP URL (not HTTPS)
+  {
+    name: 'Insecure HTTP transport',
+    pattern: /"(?:url|endpoint|server)"\s*:\s*"http:\/\/(?!localhost|127\.0\.0\.1)[^"]+"/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'medium',
+    description: 'MCP server uses insecure HTTP transport. Data could be intercepted.',
+    suggestedFix: 'Use HTTPS for MCP server URLs: "url": "https://..."',
+  },
+  // Wildcard allowed tools
+  {
+    name: 'Wildcard tool permissions',
+    pattern: /"(?:allowedTools|tools|permissions)"\s*:\s*(?:\["\*"\]|"\*"|"all")/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'medium',
+    description: 'All tools are allowed without restriction. Consider limiting to specific tools.',
+    suggestedFix: 'Explicitly list allowed tools: "allowedTools": ["search", "read_file"]',
+  },
+  // Privileged mode enabled
+  {
+    name: 'Privileged mode enabled',
+    pattern: /"(?:privileged|sudo|admin|root)"\s*:\s*true/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'high',
+    description: 'MCP server running in privileged mode. This grants elevated permissions.',
+    suggestedFix: 'Disable privileged mode unless absolutely necessary. Apply principle of least privilege.',
+  },
+  // Disabled security features
+  {
+    name: 'Security feature disabled',
+    pattern: /"(?:secure|tls|verify|validation|sandbox)"\s*:\s*false/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'medium',
+    description: 'Security feature is explicitly disabled in MCP configuration.',
+    suggestedFix: 'Enable security features: "secure": true, "validation": true',
+  },
+  // Command injection risk in args
+  {
+    name: 'Shell command in MCP args',
+    pattern: /"args"\s*:\s*\[[^\]]*(?:sh\s+-c|bash\s+-c|cmd\s+\/c|powershell)[^\]]*\]/gi,
+    category: 'ai_mcp_config_permissions',
+    baseSeverity: 'high',
+    description: 'MCP server args contain shell command execution. This is a command injection risk.',
+    suggestedFix: 'Avoid shell command execution in MCP args. Use direct command invocation.',
+  },
+]
+// ============================================================================
+// Main Detection Function
+// ============================================================================
+/**
+ * Main detection function for MCP configuration audit
+ */
+export function detectMCPConfigIssues(
+  content: string,
+  filePath: string
+): Vulnerability[] {
+  const vulnerabilities: Vulnerability[] = []
+  // Skip non-applicable files
+  if (isScannerOrFixtureFile(filePath)) return vulnerabilities
+  if (isDocumentationFile(filePath)) return vulnerabilities
+  // Only scan MCP config files or files that might contain MCP config
+  if (!isMCPConfigFile(filePath) && !mightContainMCPConfig(filePath, content)) {
+    return vulnerabilities
+  }
+  const lines = content.split('\n')
+  const isTestFile = isTestOrMockFile(filePath)
+  const isExample = isExampleDirectory(filePath)
+  // Track findings to avoid duplicates
+  const seenFindings = new Set<string>()
+  for (const pattern of MCP_CONFIG_PATTERNS) {
+    const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags)
+    let match
+    while ((match = regex.exec(content)) !== null) {
+      const lineNumber = content.substring(0, match.index).split('\n').length
+      const lineContent = lines[lineNumber - 1]?.trim() || ''
+      // Skip comments
+      if (isComment(lineContent)) continue
+      // Create dedup key
+      const dedupKey = `${filePath}:${lineNumber}:${pattern.category}`
+      if (seenFindings.has(dedupKey)) continue
+      seenFindings.add(dedupKey)
+      let severity = pattern.baseSeverity
+      let description = pattern.description
+      const notes: string[] = []
+      // Check if value is an environment variable reference (safer)
+      if (/\$\{[A-Z_]+\}|\$[A-Z_]+/.test(lineContent)) {
+        if (pattern.category === 'ai_mcp_config_secrets') {
+          severity = 'low'
+          notes.push('Uses environment variable reference (safer pattern)')
+        }
+      }
+      // Downgrade test files
+      if (isTestFile) {
+        severity = 'info'
+        notes.push('in test file')
+      }
+      // Downgrade example/demo directories
+      if (isExample && severity !== 'info') {
+        severity = 'info'
+        notes.push('in example/demo directory')
+      }
+      // Build final description
+      if (notes.length > 0) {
+        description += ` (${notes.join('; ')})`
+      }
+      vulnerabilities.push({
+        id: `mcp-config-${filePath}-${lineNumber}-${pattern.name.replace(/\s+/g, '-')}`,
+        filePath,
+        lineNumber,
+        lineContent,
+        severity,
+        category: pattern.category,
+        title: pattern.name,
+        description,
+        suggestedFix: pattern.suggestedFix,
+        confidence: pattern.category === 'ai_mcp_config_secrets' ? 'high' : 'medium',
+        layer: 1,
+        requiresAIValidation: severity !== 'info' && severity !== 'low',
+      })
+    }
+  }
+  return vulnerabilities
+}

package/src/layer1/index.ts CHANGED Viewed

@@ -13,6 +13,7 @@ import { detectDangerousFiles } from './file-flags'
 import { detectAICommentPatterns } from './comments'
 import { detectSensitiveURLs } from './urls'
 import { detectWeakCrypto } from './weak-crypto'
+import { detectMCPConfigIssues } from './config-mcp-audit'
 import {
   type TierStats,
   computeTierStats,
@@ -47,12 +48,15 @@ export interface Layer1Result {
   stats: Layer1Stats
 }
+// Extended stats type to include MCP config detector
+type Layer1StatsRecord = Record<Layer1DetectorName, number> & { mcp_config: number }
 // Process a single file through all Layer 1 detectors
-function processFileLayer1(file: ScanFile): {
-  findings: Vulnerability[],
-  stats: Record<Layer1DetectorName, number>
+function processFileLayer1(file: ScanFile): {
+  findings: Vulnerability[],
+  stats: Layer1StatsRecord
 } {
-  const stats: Record<Layer1DetectorName, number> = {
+  const stats: Layer1StatsRecord = {
     known_secrets: 0,
     weak_crypto: 0,
     sensitive_urls: 0,
@@ -60,6 +64,7 @@ function processFileLayer1(file: ScanFile): {
     config_audit: 0,
     file_flags: 0,
     ai_comments: 0,
+    mcp_config: 0,
   }
   const entropyFindings = detectHighEntropyStrings(file.content, file.path)
@@ -69,6 +74,7 @@ function processFileLayer1(file: ScanFile): {
   const commentFindings = detectAICommentPatterns(file.content, file.path)
   const urlFindings = detectSensitiveURLs(file.content, file.path)
   const cryptoFindings = detectWeakCrypto(file.content, file.path)
+  const mcpConfigFindings = detectMCPConfigIssues(file.content, file.path)
   stats.entropy = entropyFindings.length
   stats.known_secrets = patternFindings.length
@@ -77,6 +83,7 @@ function processFileLayer1(file: ScanFile): {
   stats.ai_comments = commentFindings.length
   stats.sensitive_urls = urlFindings.length
   stats.weak_crypto = cryptoFindings.length
+  stats.mcp_config = mcpConfigFindings.length
   return {
     findings: [
@@ -87,6 +94,7 @@ function processFileLayer1(file: ScanFile): {
       ...commentFindings,
       ...urlFindings,
       ...cryptoFindings,
+      ...mcpConfigFindings,
     ],
     stats,
   }
@@ -106,7 +114,7 @@ export async function runLayer1Scan(
   const vulnerabilities: Vulnerability[] = []
   // Track raw counts per detector (before dedupe)
-  const rawStats: Record<Layer1DetectorName, number> = {
+  const rawStats: Layer1StatsRecord = {
     known_secrets: 0,
     weak_crypto: 0,
     sensitive_urls: 0,
@@ -114,6 +122,7 @@ export async function runLayer1Scan(
     config_audit: 0,
     file_flags: 0,
     ai_comments: 0,
+    mcp_config: 0,
   }
   // Track progress for frequent updates
@@ -132,7 +141,7 @@ export async function runLayer1Scan(
       vulnerabilities.push(...result.findings)
       // Accumulate stats
       for (const [key, value] of Object.entries(result.stats)) {
-        rawStats[key as Layer1DetectorName] += value
+        rawStats[key as keyof Layer1StatsRecord] += value
       }
     }
@@ -221,3 +230,4 @@ export { detectDangerousFiles } from './file-flags'
 export { detectAICommentPatterns } from './comments'
 export { detectSensitiveURLs } from './urls'
 export { detectWeakCrypto } from './weak-crypto'
+export { detectMCPConfigIssues } from './config-mcp-audit'