@surfinguard/core-engine 0.1.0 → 1.0.0

package/patterns/auth.json

@@ -0,0 +1,116 @@
+{
+  "version": "1.0.0",
+  "threats": [
+    {
+      "id": "ID01",
+      "name": "Rogue account creation",
+      "primitive": "MANIPULATION",
+      "severity": 6,
+      "description": "Agent attempts to create user accounts or register on third-party services"
+    },
+    {
+      "id": "ID02",
+      "name": "Permission granting",
+      "primitive": "ESCALATION",
+      "severity": 8,
+      "description": "Agent attempts to grant permissions, add roles, or elevate privileges"
+    },
+    {
+      "id": "ID03",
+      "name": "Credential sharing/rotation",
+      "primitive": "EXFILTRATION",
+      "severity": 8,
+      "description": "Agent attempts to export, share, or rotate credentials and API keys"
+    },
+    {
+      "id": "ID04",
+      "name": "OAuth over-permissioning",
+      "primitive": "ESCALATION",
+      "severity": 7,
+      "description": "Agent attempts to grant broad OAuth scopes or approve excessive permissions"
+    },
+    {
+      "id": "ID05",
+      "name": "MFA disabling",
+      "primitive": "ESCALATION",
+      "severity": 9,
+      "description": "Agent attempts to disable multi-factor authentication or remove authenticator apps"
+    },
+    {
+      "id": "ID06",
+      "name": "Terms of service acceptance",
+      "primitive": "MANIPULATION",
+      "severity": 5,
+      "description": "Agent attempts to accept terms of service, EULA, or legal agreements on behalf of user"
+    }
+  ],
+  "accountCreationPatterns": [
+    "create.*account",
+    "register.*user",
+    "sign.*up",
+    "new.*account",
+    "create.*profile",
+    "create.*user",
+    "register.*account"
+  ],
+  "permissionPatterns": [
+    "add.*role",
+    "grant.*permission",
+    "\\bset\\b.*admin",
+    "add.*user.*to",
+    "invite.*member",
+    "elevat",
+    "promot",
+    "assign.*role",
+    "give.*access"
+  ],
+  "credentialPatterns": [
+    "rotate.*key",
+    "reset.*password",
+    "share.*credential",
+    "export.*key",
+    "create.*token",
+    "generate.*api.key",
+    "create.*api.key",
+    "share.*password"
+  ],
+  "oauthPatterns": [
+    "authorize",
+    "oauth.*consent",
+    "grant.*scope",
+    "allow.*access",
+    "approve.*permission",
+    "scope="
+  ],
+  "mfaPatterns": [
+    "disable.*mfa",
+    "disable.*2fa",
+    "remove.*authenticator",
+    "turn.*off.*two.factor",
+    "delete.*totp",
+    "disable.*two.factor",
+    "remove.*2fa"
+  ],
+  "legalPatterns": [
+    "accept.*terms",
+    "agree.*tos",
+    "consent.*to",
+    "sign.*agreement",
+    "accept.*policy",
+    "accept.*eula",
+    "agree.*privacy"
+  ],
+  "safePatterns": [
+    "login",
+    "logout",
+    "whoami",
+    "me",
+    "profile\\.get",
+    "session",
+    "verify",
+    "validate",
+    "check.*permission",
+    "get.*profile",
+    "current.*user"
+  ]
+}

package/patterns/chains.json

@@ -0,0 +1,171 @@
+{
+  "version": "1.0.0",
+  "chains": [
+    {
+      "id": "CH01",
+      "name": "Reconnaissance → Exploitation",
+      "description": "Agent reads sensitive files or environment variables, then executes commands or makes API calls using harvested data.",
+      "primitive": "EXFILTRATION",
+      "scoreBoost": 3,
+      "windowMs": 600000,
+      "steps": [
+        {
+          "actionTypes": ["file_read", "env_read"],
+          "minScore": 3,
+          "label": "Sensitive file/env reconnaissance",
+          "repeat": true
+        },
+        {
+          "actionTypes": ["command", "api_call", "code_eval"],
+          "minScore": 3,
+          "label": "Exploitation using harvested data"
+        }
+      ]
+    },
+    {
+      "id": "CH02",
+      "name": "Credential Harvesting → Exfiltration",
+      "description": "Agent reads credential files (SSH keys, .env, cloud configs) then sends data to external endpoints.",
+      "primitive": "EXFILTRATION",
+      "scoreBoost": 4,
+      "windowMs": 600000,
+      "steps": [
+        {
+          "actionTypes": ["file_read", "env_read"],
+          "primitives": ["EXFILTRATION"],
+          "minScore": 5,
+          "label": "Credential harvesting"
+        },
+        {
+          "actionTypes": ["api_call", "url"],
+          "minScore": 1,
+          "label": "Data exfiltration via network"
+        }
+      ]
+    },
+    {
+      "id": "CH03",
+      "name": "Persistence Chain",
+      "description": "Agent writes multiple persistence mechanisms (cron jobs, startup scripts, SSH keys).",
+      "primitive": "PERSISTENCE",
+      "scoreBoost": 3,
+      "windowMs": 600000,
+      "steps": [
+        {
+          "actionTypes": ["file_write", "command"],
+          "primitives": ["PERSISTENCE"],
+          "minScore": 4,
+          "label": "First persistence mechanism"
+        },
+        {
+          "actionTypes": ["file_write", "command"],
+          "primitives": ["PERSISTENCE"],
+          "minScore": 4,
+          "label": "Second persistence mechanism"
+        }
+      ]
+    },
+    {
+      "id": "CH04",
+      "name": "Escalation Ladder",
+      "description": "Agent performs privilege escalation followed by high-impact operations.",
+      "primitive": "ESCALATION",
+      "scoreBoost": 3,
+      "windowMs": 600000,
+      "steps": [
+        {
+          "actionTypes": ["command", "query"],
+          "primitives": ["ESCALATION"],
+          "minScore": 4,
+          "label": "Privilege escalation attempt"
+        },
+        {
+          "actionTypes": ["command", "api_call", "file_write"],
+          "minScore": 5,
+          "label": "High-impact operation with elevated privileges"
+        }
+      ]
+    },
+    {
+      "id": "CH05",
+      "name": "Injection → Tool Abuse",
+      "description": "Agent receives prompt injection that manipulates it into executing dangerous actions.",
+      "primitive": "MANIPULATION",
+      "scoreBoost": 4,
+      "windowMs": 300000,
+      "steps": [
+        {
+          "actionTypes": ["text"],
+          "primitives": ["MANIPULATION"],
+          "minScore": 4,
+          "label": "Prompt injection detected"
+        },
+        {
+          "actionTypes": ["command", "api_call", "file_write", "code_eval"],
+          "minScore": 3,
+          "label": "Dangerous action following injection"
+        }
+      ]
+    },
+    {
+      "id": "CH06",
+      "name": "Data Enumeration → Destruction",
+      "description": "Agent enumerates data through queries or file reads, then performs destructive operations.",
+      "primitive": "DESTRUCTION",
+      "scoreBoost": 4,
+      "windowMs": 600000,
+      "steps": [
+        {
+          "actionTypes": ["query", "file_read", "command"],
+          "minScore": 0,
+          "label": "Data enumeration phase"
+        },
+        {
+          "actionTypes": ["command", "query", "file_write"],
+          "primitives": ["DESTRUCTION"],
+          "minScore": 5,
+          "label": "Destructive operation"
+        }
+      ]
+    },
+    {
+      "id": "CH07",
+      "name": "Shell Staging",
+      "description": "Agent downloads a payload (curl/wget) then executes it.",
+      "primitive": "DESTRUCTION",
+      "scoreBoost": 4,
+      "windowMs": 300000,
+      "steps": [
+        {
+          "actionTypes": ["command", "api_call"],
+          "valuePatterns": ["curl", "wget", "fetch", "download"],
+          "minScore": 1,
+          "label": "Payload download"
+        },
+        {
+          "actionTypes": ["command", "code_eval"],
+          "minScore": 4,
+          "label": "Payload execution"
+        }
+      ]
+    },
+    {
+      "id": "CH08",
+      "name": "Multi-Vector Exfiltration",
+      "description": "Agent reads multiple sensitive resources in succession, indicating systematic data theft.",
+      "primitive": "EXFILTRATION",
+      "scoreBoost": 3,
+      "windowMs": 600000,
+      "steps": [
+        {
+          "actionTypes": ["file_read", "env_read", "query"],
+          "primitives": ["EXFILTRATION"],
+          "minScore": 3,
+          "label": "Sensitive data access",
+          "repeat": true
+        }
+      ],
+      "minOccurrences": 3
+    }
+  ]
+}

package/patterns/code.json

@@ -0,0 +1,204 @@
+{
+  "version": "1.0.0",
+  "threats": [
+    {
+      "id": "G01",
+      "name": "Backdoor injection",
+      "primitive": "PERSISTENCE",
+      "severity": 10,
+      "description": "Reverse shell, bind shell, or socket + exec patterns"
+    },
+    {
+      "id": "G02",
+      "name": "Vulnerability injection",
+      "primitive": "ESCALATION",
+      "severity": 8,
+      "description": "eval(), exec(), Function(), SQL concat, innerHTML — code injection vectors"
+    },
+    {
+      "id": "G03",
+      "name": "Dependency confusion",
+      "primitive": "DESTRUCTION",
+      "severity": 7,
+      "description": "Typosquatted or malicious package installation"
+    },
+    {
+      "id": "G04",
+      "name": "Obfuscated malicious code",
+      "primitive": "MANIPULATION",
+      "severity": 7,
+      "description": "Base64/hex encoded payloads, dynamic imports, obfuscation"
+    },
+    {
+      "id": "G05",
+      "name": "Phone-home code",
+      "primitive": "EXFILTRATION",
+      "severity": 8,
+      "description": "HTTP POST to external combined with file read or env access"
+    },
+    {
+      "id": "G06",
+      "name": "Insecure defaults",
+      "primitive": "ESCALATION",
+      "severity": 6,
+      "description": "Hardcoded credentials, disabled TLS verification, binding to 0.0.0.0"
+    },
+    {
+      "id": "G07",
+      "name": "Logic bombs",
+      "primitive": "PERSISTENCE",
+      "severity": 9,
+      "description": "Date/condition-triggered destructive actions"
+    },
+    {
+      "id": "G08",
+      "name": "Crypto wallet replacement",
+      "primitive": "EXFILTRATION",
+      "severity": 9,
+      "description": "Patterns that match and replace cryptocurrency wallet addresses"
+    }
+  ],
+  "backdoorPatterns": [
+    "socket.*connect.*exec",
+    "socket.*connect.*spawn",
+    "socket.*connect.*popen",
+    "reverse_tcp",
+    "reverse_shell",
+    "bind_shell",
+    "ncat -e",
+    "nc -e",
+    "/dev/tcp/",
+    "bash -i >& /dev/tcp/",
+    "mkfifo.*nc",
+    "socket\\.socket.*subprocess",
+    "net\\.Dial.*os/exec",
+    "Runtime\\.getRuntime\\(\\)\\.exec"
+  ],
+  "vulnerabilityPatterns": [
+    "eval(",
+    "exec(",
+    "Function(",
+    "new Function(",
+    "setTimeout(\\s*['\"`]",
+    "setInterval(\\s*['\"`]",
+    "document.write(",
+    "innerHTML\\s*=",
+    "outerHTML\\s*=",
+    "pickle.loads(",
+    "pickle.load(",
+    "yaml.load(",
+    "yaml.unsafe_load(",
+    "marshal.loads(",
+    "subprocess.call.*shell=True",
+    "os.system(",
+    "os.popen(",
+    "child_process",
+    "__import__(",
+    "compile(",
+    "unserialize(",
+    "deserialize("
+  ],
+  "dependencyConfusion": [
+    "colorsss",
+    "cross-envv",
+    "lodahs",
+    "babelcli",
+    "crossenv",
+    "d3.js",
+    "fabric.js",
+    "ffmpegs",
+    "gruntcli",
+    "http-proxy.js",
+    "jquery.js",
+    "mariadb",
+    "mongose",
+    "maboroshi",
+    "mysqljs",
+    "node-hierarchical",
+    "node-fabric",
+    "node-opensl",
+    "node-openssl",
+    "nodecaffe",
+    "nodefabric",
+    "nodeffmpeg",
+    "nodemailer-js",
+    "nodemailerpro",
+    "opencv.js",
+    "openssl.js",
+    "proxy.js",
+    "shadowsock",
+    "smb",
+    "sqlite.js",
+    "sqliter",
+    "sqlserver",
+    "tkinter"
+  ],
+  "obfuscationPatterns": [
+    "atob(",
+    "btoa(",
+    "Buffer.from(",
+    "String.fromCharCode(",
+    "\\\\x[0-9a-fA-F]{2}",
+    "\\\\u[0-9a-fA-F]{4}",
+    "require(.*\\+.*)",
+    "import(.*\\+.*)",
+    "__import__(.*\\+.*)"
+  ],
+  "phoneHomePatterns": [
+    "fetch.*POST.*readFile",
+    "fetch.*POST.*readdir",
+    "requests\\.post.*open(",
+    "http\\.request.*fs\\.read",
+    "urllib.*urlopen.*open(",
+    "XMLHttpRequest.*readFile",
+    "axios\\.post.*readFile",
+    "curl_exec.*fopen"
+  ],
+  "insecureDefaults": [
+    "0.0.0.0",
+    "password.*=.*['\"]",
+    "passwd.*=.*['\"]",
+    "secret.*=.*['\"]",
+    "api_key.*=.*['\"]",
+    "apikey.*=.*['\"]",
+    "AKIA[0-9A-Z]{16}",
+    "verify=False",
+    "verify_ssl=False",
+    "NODE_TLS_REJECT_UNAUTHORIZED.*0",
+    "rejectUnauthorized.*false",
+    "InsecureRequestWarning",
+    "disable_warnings"
+  ],
+  "logicBombPatterns": [
+    "Date\\.now\\(\\).*>.*\\d{10}",
+    "new Date\\(\\).*>.*new Date\\(",
+    "time\\.time\\(\\).*>.*\\d{10}",
+    "datetime\\.now\\(\\).*>",
+    "getMonth\\(\\).*===.*&&.*delete",
+    "getDay\\(\\).*===.*&&.*rm",
+    "time\\.time\\(\\).*>.*os\\.remove"
+  ],
+  "cryptoReplacement": [
+    "1[13][a-km-zA-HJ-NP-Z1-9]{25,34}",
+    "bc1[a-zA-HJ-NP-Z0-9]{25,39}",
+    "0x[0-9a-fA-F]{40}",
+    "[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}",
+    "\\breplace\\b.*\\b(bitcoin|btc|eth|ethereum|wallet|address)\\b"
+  ],
+  "safePatterns": [
+    "console.log(",
+    "print(",
+    "println(",
+    "fmt.Println(",
+    "System.out.println(",
+    "import unittest",
+    "describe(",
+    "it(",
+    "test(",
+    "expect(",
+    "assert",
+    "def test_",
+    "function test",
+    "class Test"
+  ]
+}

package/patterns/data-pipeline.json

@@ -0,0 +1,116 @@
+{
+  "version": "1.0.0",
+  "threats": [
+    {
+      "id": "ML01",
+      "name": "ETL pipeline modification",
+      "primitive": "DESTRUCTION",
+      "severity": 8,
+      "description": "Agent modifies ETL pipelines, data flows, or transformation logic"
+    },
+    {
+      "id": "ML02",
+      "name": "Model poisoning/deployment",
+      "primitive": "MANIPULATION",
+      "severity": 9,
+      "description": "Agent deploys untested models, replaces weights, or injects bias into ML models"
+    },
+    {
+      "id": "ML03",
+      "name": "Training data alteration",
+      "primitive": "MANIPULATION",
+      "severity": 9,
+      "description": "Agent modifies training data labels, injects poisoned samples, or corrupts ground truth"
+    },
+    {
+      "id": "ML04",
+      "name": "Vector store unauthorized access",
+      "primitive": "EXFILTRATION",
+      "severity": 7,
+      "description": "Agent dumps or bulk-reads vector stores, embedding databases, or similarity indexes"
+    },
+    {
+      "id": "ML05",
+      "name": "Mass dataset export",
+      "primitive": "EXFILTRATION",
+      "severity": 9,
+      "description": "Agent exports entire datasets, bulk downloads records, or replicates databases externally"
+    }
+  ],
+  "etlModificationPatterns": [
+    "modify.*etl",
+    "alter.*pipeline",
+    "change.*transform",
+    "update.*data.*flow",
+    "edit.*dag",
+    "airflow.*trigger",
+    "modify.*spark.*job",
+    "alter.*dbt.*model",
+    "change.*data.*source"
+  ],
+  "modelPoisoningPatterns": [
+    "deploy.*untested.*model",
+    "deploy.*model.*untested",
+    "deploy.*model",
+    "replace.*model",
+    "push.*model.*prod",
+    "update.*weights",
+    "inject.*bias",
+    "retrain.*with.*poison",
+    "swap.*model.*file",
+    "override.*model.*version",
+    "modify.*inference"
+  ],
+  "trainingDataPatterns": [
+    "modify.*training.*data",
+    "alter.*dataset.*label",
+    "inject.*samples",
+    "corrupt.*training",
+    "change.*annotation",
+    "relabel.*data",
+    "tamper.*ground.*truth",
+    "edit.*training.*set",
+    "poisoning.*attack"
+  ],
+  "vectorStorePatterns": [
+    "query.*embedding.*all",
+    "dump.*vector.*store",
+    "export.*embedding",
+    "read.*all.*vectors",
+    "access.*chromadb",
+    "pinecone.*fetch.*all",
+    "weaviate.*dump",
+    "qdrant.*scroll",
+    "faiss.*reconstruct"
+  ],
+  "datasetExportPatterns": [
+    "export.*full.*dataset",
+    "download.*database",
+    "dump.*all.*records",
+    "bulk.*export",
+    "extract.*all.*data",
+    "copy.*entire.*table",
+    "replicate.*dataset",
+    "backup.*to.*external",
+    "stream.*all.*rows"
+  ],
+  "productionModels": [
+    "prod",
+    "production",
+    "live",
+    "serving",
+    "deployed"
+  ],
+  "safePatterns": [
+    "describe.*model",
+    "list.*datasets",
+    "get.*metrics",
+    "show.*pipeline.*status",
+    "preview.*data",
+    "sample.*rows",
+    "check.*model.*version",
+    "validate.*schema",
+    "monitor.*pipeline",
+    "dry.?run"
+  ]
+}