agent-security-scanner-mcp 3.2.0 → 3.4.0

package/index.js

@@ -17,9 +17,12 @@ import { fixSecuritySchema, fixSecurity } from './src/tools/fix-security.js';
 import { loadPackageLists, checkPackageSchema, checkPackage, getPackageStats } from './src/tools/check-package.js';
 import { scanPackagesSchema, scanPackages } from './src/tools/scan-packages.js';
 import { scanAgentPromptSchema, scanAgentPrompt } from './src/tools/scan-prompt.js';
+import { scanDiffSchema, scanDiff } from './src/tools/scan-diff.js';
+import { scanProjectSchema, scanProject } from './src/tools/scan-project.js';
 import { runInit } from './src/cli/init.js';
 import { runDoctor } from './src/cli/doctor.js';
 import { runDemo } from './src/cli/demo.js';
+import { runInitHooks } from './src/cli/init-hooks.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -134,6 +137,22 @@ server.tool(
   scanAgentPrompt
 );
 
+// Register scan_git_diff tool
+server.tool(
+  "scan_git_diff",
+  "Scan git diff for new security vulnerabilities. Only reports issues on changed lines. Use for PR reviews.",
+  scanDiffSchema,
+  scanDiff
+);
+
+// Register scan_project tool
+server.tool(
+  "scan_project",
+  "Scan an entire directory for security vulnerabilities with .gitignore support and security grading. Use verbosity='minimal' for grade + counts, 'compact' (default) for top issues, 'full' for all details.",
+  scanProjectSchema,
+  scanProject
+);
+
 // ===========================================
 // CLI COMMANDS - Extracted to src/cli/
 // ===========================================
@@ -156,17 +175,187 @@ if (cliArgs[0] === 'init') {
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
+} else if (cliArgs[0] === 'init-hooks') {
+  runInitHooks(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
+    console.error(`  Error: ${err.message}\n`);
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-prompt') {
+  // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
+  const text = cliArgs[1];
+  if (!text) {
+    console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  scanAgentPrompt({ prompt_text: text, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.action === 'BLOCK' ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-security') {
+  // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
+  const filePath = cliArgs[1];
+  if (!filePath) {
+    console.error('Usage: agent-security-scanner-mcp scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const formatIdx = cliArgs.indexOf('--format');
+  const outputFormat = formatIdx !== -1 ? cliArgs[formatIdx + 1] : 'json';
+
+  loadPackageLists();
+  scanSecurity({ file_path: filePath, verbosity, output_format: outputFormat }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'check-package') {
+  // CLI mode: check-package <name> <ecosystem>
+  const packageName = cliArgs[1];
+  const ecosystem = cliArgs[2];
+  if (!packageName || !ecosystem) {
+    console.error('Usage: agent-security-scanner-mcp check-package <name> <ecosystem>');
+    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
+    process.exit(1);
+  }
+
+  loadPackageLists();
+  checkPackage({ package_name: packageName, ecosystem }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.legitimate ? 0 : 1);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-packages') {
+  // CLI mode: scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]
+  const filePath = cliArgs[1];
+  const ecosystem = cliArgs[2];
+  if (!filePath || !ecosystem) {
+    console.error('Usage: agent-security-scanner-mcp scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
+    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  scanPackages({ file_path: filePath, ecosystem, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.hallucinated_count > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-project') {
+  // CLI mode: scan-project <dir> [--recursive] [--diff-only] [--cross-file] [--include '*.py'] [--exclude '*.test.js'] [--verbosity minimal|compact|full]
+  const dirPath = cliArgs[1];
+  if (!dirPath || dirPath.startsWith('--')) {
+    console.error('Usage: agent-security-scanner-mcp scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const recursive = !cliArgs.includes('--no-recursive');
+  const diffOnly = cliArgs.includes('--diff-only');
+  const crossFile = cliArgs.includes('--cross-file');
+  const includeIdx = cliArgs.indexOf('--include');
+  const includePatterns = includeIdx !== -1 ? [cliArgs[includeIdx + 1]] : undefined;
+  const excludeIdx = cliArgs.indexOf('--exclude');
+  const excludePatterns = excludeIdx !== -1 ? [cliArgs[excludeIdx + 1]] : undefined;
+
+  scanProject({ directory_path: dirPath, recursive, diff_only: diffOnly, cross_file: crossFile, include_patterns: includePatterns, exclude_patterns: excludePatterns, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    const total = output.issues_count || output.total || 0;
+    process.exit(total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-diff') {
+  // CLI mode: scan-diff [base] [target] [--verbosity minimal|compact|full]
+  // Parse positional args, skipping flag values
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const flagValueIndices = new Set(verbosityIdx !== -1 ? [verbosityIdx, verbosityIdx + 1] : []);
+  const positionalArgs = cliArgs.slice(1).filter((arg, idx) => !arg.startsWith('--') && !flagValueIndices.has(idx + 1));
+  const baseRef = positionalArgs[0];
+  const targetRef = positionalArgs[1];
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanDiff({ base_ref: baseRef, target_ref: targetRef, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'benchmark') {
+  // CLI mode: benchmark [--save] [--json-only] [--compare-latest] [--corpus <path>]
+  const benchmarkPath = join(__dirname, 'benchmarks', 'benchmark_runner.py');
+  const benchArgs = [benchmarkPath];
+
+  // Pass through supported flags
+  for (let i = 1; i < cliArgs.length; i++) {
+    if (['--save', '--json-only', '--compare-latest'].includes(cliArgs[i])) {
+      benchArgs.push(cliArgs[i]);
+    } else if (cliArgs[i] === '--corpus' && cliArgs[i + 1]) {
+      benchArgs.push('--corpus', cliArgs[i + 1]);
+      i++;
+    }
+  }
+
+  try {
+    execFileSync('python3', benchArgs, { stdio: 'inherit', timeout: 300000 });
+  } catch (err) {
+    if (err.status) process.exit(err.status);
+    console.error(`Benchmark error: ${err.message}`);
+    process.exit(1);
+  }
+  process.exit(0);
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
   console.log('\n  agent-security-scanner-mcp\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
+  console.log('    init-hooks           Install Claude Code hooks for auto-scanning');
   console.log('    doctor [--fix]       Check environment & client configs');
   console.log('    demo [--lang js]     Generate vulnerable file + scan it');
+  console.log('    benchmark [flags]      Run accuracy benchmarks\n');
+  console.log('  CLI Tools (for scripts & OpenClaw):');
+  console.log('    scan-prompt <text>   Scan prompt for injection attacks');
+  console.log('    scan-security <file> Scan file for vulnerabilities');
+  console.log('    check-package <n> <e> Check if package exists in ecosystem');
+  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages');
+  console.log('    scan-project <dir>   Scan directory for vulnerabilities with grading');
+  console.log('    scan-diff [base] [target] Scan git diff for new vulnerabilities\n');
   console.log('    (no args)            Start MCP server on stdio\n');
+  console.log('  Options:');
+  console.log('    --verbosity <level>  minimal|compact|full (default: compact)');
+  console.log('    --format <type>      json|sarif (scan-security only)');
+  console.log('    --include <pattern>  Include only matching files (scan-project)');
+  console.log('    --exclude <pattern>  Exclude matching files (scan-project)\n');
   console.log('  Examples:');
   console.log('    npx agent-security-scanner-mcp init');
-  console.log('    npx agent-security-scanner-mcp doctor --fix');
-  console.log('    npx agent-security-scanner-mcp demo --lang py\n');
+  console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
+  console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp check-package flask pypi');
+  console.log('    npx agent-security-scanner-mcp scan-project ./src --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp scan-diff HEAD~1');
+  console.log('    npx agent-security-scanner-mcp benchmark --save --compare-latest\n');
   process.exit(0);
 } else {
   // Normal MCP server mode

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.2.0",
+  "version": "3.4.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline.",
+  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -10,9 +10,11 @@
   },
   "scripts": {
     "start": "node index.js",
+    "postinstall": "node scripts/postinstall.js",
     "test": "vitest run",
     "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage"
+    "test:coverage": "vitest run --coverage",
+    "benchmark": "python3 benchmarks/benchmark_runner.py --save --compare-latest"
   },
   "keywords": [
     "mcp",
@@ -52,7 +54,9 @@
     "zed",
     "prompt-firewall",
     "auto-fix",
-    "hallucination"
+    "hallucination",
+    "openclaw",
+    "clawdbot"
   ],
   "author": "Sinewave AI <divya@sinewave.ai>",
   "license": "MIT",
@@ -80,6 +84,9 @@
     "src/cli/*.js",
     "src/fix-patterns.js",
     "src/utils.js",
+    "src/dedup.js",
+    "src/context.js",
+    "src/config.js",
     "analyzer.py",
     "ast_parser.py",
     "generic_ast.py",
@@ -89,7 +96,10 @@
     "taint_analyzer.py",
     "requirements.txt",
     "rules/**",
-    "packages/**"
+    "packages/**",
+    "skills/**",
+    "scripts/postinstall.js",
+    "cross_file_analyzer.py"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",

package/pattern_matcher.py

@@ -430,6 +430,7 @@ class Finding:
     end_column: int = 0
     metavariables: Dict[str, str] = field(default_factory=dict)
     metadata: Dict[str, Any] = field(default_factory=dict)
+    confidence: str = "MEDIUM"
 
 
 class RuleEngine:

package/regex_fallback.py

@@ -9,10 +9,207 @@ from typing import List, Dict, Optional
 import re
 
 
+# Severity classification by vulnerability class
+SEVERITY_MAP = {
+    # ERROR - exploitable vulnerabilities (injection, RCE, deserialization)
+    'sql-injection': 'error',
+    'sql-injection-query': 'error',
+    'sql-injection-sprintf': 'error',
+    'sql-injection-where': 'error',
+    'sql-injection-order': 'error',
+    'sql-injection-raw': 'error',
+    'sql-injection-db-cursor': 'error',
+    'sql-injection-using-sqlalchemy': 'error',
+    'sql-injection-sqlcommand': 'error',
+    'sql-injection-sqlquery': 'error',
+    'sql-injection-concat': 'error',
+    'command-injection': 'error',
+    'command-injection-exec': 'error',
+    'command-injection-system': 'error',
+    'command-injection-open': 'error',
+    'command-injection-process-start': 'error',
+    'child-process-exec': 'error',
+    'spawn-shell': 'error',
+    'dangerous-subprocess-use': 'error',
+    'dangerous-system-call': 'error',
+    'eval-detected': 'error',
+    'eval-usage': 'error',
+    'exec-detected': 'error',
+    'pickle-load': 'error',
+    'unsafe-unserialize': 'error',
+    'unsafe-yaml-load': 'error',
+    'unsafe-marshal': 'error',
+    'yaml-load': 'error',
+    'file-inclusion': 'error',
+    'path-traversal': 'error',
+    'xss-echo': 'error',
+    'xss-raw': 'error',
+    'ssrf': 'error',
+    'open-redirect': 'error',
+    'backticks-exec': 'error',
+    'preg-code-exec': 'error',
+    'assert-usage': 'error',
+    'insecure-deserialization-binaryformatter': 'error',
+    'insecure-deserialization-xmlserializer': 'error',
+    'libc-system-call': 'error',
+    'format-string-printf': 'error',
+    'format-string-syslog': 'error',
+    'xss-innerhtml': 'error',
+    'xss-response-write': 'error',
+    'path-traversal-directory-delete': 'error',
+    'path-traversal-file-delete': 'error',
+    'path-traversal-file-read': 'error',
+
+    # WARNING - risky patterns requiring attention
+    'innerHTML': 'warning',
+    'outerHTML': 'warning',
+    'document-write': 'warning',
+    'insertAdjacentHTML': 'warning',
+    'dangerouslySetInnerHTML': 'warning',
+    'function-constructor': 'warning',
+    'setTimeout-string': 'warning',
+    'strcpy-usage': 'warning',
+    'strcat-usage': 'warning',
+    'sprintf-usage': 'warning',
+    'vsprintf-usage': 'warning',
+    'gets-usage': 'warning',
+    'system-usage': 'warning',
+    'popen-usage': 'warning',
+    'hardcoded-password': 'warning',
+    'hardcoded-secret': 'warning',
+    'hardcoded-api-key': 'warning',
+    'hardcoded-connection-string': 'warning',
+    'session-secret-hardcoded': 'warning',
+    'ssl-verify-disabled': 'warning',
+    'curl-ssl-disabled': 'warning',
+    'csrf-disabled': 'warning',
+    'mass-assignment-permit-all': 'warning',
+    'constantize': 'warning',
+    'render-inline': 'warning',
+    'privileged-container': 'warning',
+    'run-as-root': 'warning',
+    'allow-privilege-escalation': 'warning',
+    'host-network': 'warning',
+    'host-pid': 'warning',
+    'host-path': 'warning',
+    'secrets-in-env': 'warning',
+    'cluster-admin-binding': 'warning',
+    'capabilities-add': 'warning',
+    'no-readonly-root': 'warning',
+    'wildcard-rbac': 'warning',
+    's3-public-read': 'warning',
+    'security-group-open-ingress': 'warning',
+    'rds-public-access': 'warning',
+    'rds-encryption-disabled': 'warning',
+    'rds-deletion-protection': 'warning',
+    'cloudtrail-disabled': 'warning',
+    'kms-key-rotation': 'warning',
+    'ebs-encryption-disabled': 'warning',
+    'ec2-imdsv1': 'warning',
+    'phpinfo-exposure': 'warning',
+    'error-display': 'warning',
+    'permissive-cors': 'warning',
+    'mcrypt-deprecated': 'warning',
+    'aws-access-key-id': 'warning',
+    'aws-secret-access-key': 'warning',
+    'github-pat': 'warning',
+    'stripe-api-key': 'warning',
+    'private-key-rsa': 'warning',
+    'database-url': 'warning',
+    'jwt-token': 'warning',
+    'openai-api-key': 'warning',
+    'python.lang.security.audit.hardcoded-password': 'warning',
+    'python.lang.security.audit.hardcoded-api-key': 'warning',
+    'generic.secrets.security.hardcoded-password': 'warning',
+    'generic.secrets.security.hardcoded-api-key': 'warning',
+
+    # INFO - informational / hygiene / low-risk patterns
+    'weak-hash-md5': 'info',
+    'weak-hash-sha1': 'info',
+    'weak-hash': 'info',
+    'weak-cipher': 'info',
+    'weak-cipher-des': 'info',
+    'ecb-mode': 'info',
+    'weak-random': 'info',
+    'insecure-random': 'info',
+    'insecure-hash-md5': 'info',
+    'insecure-hash-sha1': 'info',
+    'insecure-memset': 'info',
+    'strtok-usage': 'info',
+    'insecure-tempfile': 'info',
+    'unchecked-return': 'info',
+    'unsafe-block': 'info',
+    'unwrap-usage': 'info',
+    'raw-pointer-deref': 'info',
+    'panic-usage': 'info',
+    'compile-detected': 'info',
+    'scanf-usage': 'info',
+}
+
+# Confidence classification by rule ID
+CONFIDENCE_MAP = {
+    # HIGH - very specific patterns, low false-positive rate
+    'sql-injection-db-cursor': 'HIGH',
+    'sql-injection-using-sqlalchemy': 'HIGH',
+    'sql-injection-sqlcommand': 'HIGH',
+    'sql-injection-sqlquery': 'HIGH',
+    'sql-injection-concat': 'HIGH',
+    'format-string-printf': 'HIGH',
+    'format-string-syslog': 'HIGH',
+    'pickle-load': 'HIGH',
+    'eval-detected': 'HIGH',
+    'eval-usage': 'HIGH',
+    'exec-detected': 'HIGH',
+    'child-process-exec': 'HIGH',
+    'dangerous-subprocess-use': 'HIGH',
+    'dangerous-system-call': 'HIGH',
+    'hardcoded-password': 'HIGH',
+    'hardcoded-connection-string': 'HIGH',
+    'aws-access-key-id': 'HIGH',
+    'github-pat': 'HIGH',
+    'stripe-api-key': 'HIGH',
+    'private-key-rsa': 'HIGH',
+    'openai-api-key': 'HIGH',
+    'unsafe-unserialize': 'HIGH',
+    'backticks-exec': 'HIGH',
+    'preg-code-exec': 'HIGH',
+    'file-inclusion': 'HIGH',
+    'gets-usage': 'HIGH',
+    'insecure-deserialization-binaryformatter': 'HIGH',
+    'insecure-deserialization-xmlserializer': 'HIGH',
+
+    # LOW - broad patterns with high false-positive rate
+    'compile-detected': 'LOW',
+    'unsafe-block': 'LOW',
+    'unwrap-usage': 'LOW',
+    'insecure-memset': 'LOW',
+    'strtok-usage': 'LOW',
+    'unchecked-return': 'LOW',
+    'scanf-usage': 'LOW',
+    'panic-usage': 'LOW',
+    'raw-pointer-deref': 'LOW',
+    'insecure-random': 'LOW',
+    'weak-random': 'LOW',
+    'insecure-hash-md5': 'LOW',
+    'insecure-hash-sha1': 'LOW',
+    'weak-hash-md5': 'LOW',
+    'weak-hash-sha1': 'LOW',
+    'weak-hash': 'LOW',
+    'database-url': 'LOW',
+
+    # Everything else defaults to MEDIUM
+}
+
+
 def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, col_end: Optional[int] = None,
-                  message: Optional[str] = None, severity: str = "warning") -> Dict:
+                  message: Optional[str] = None, severity: Optional[str] = None,
+                  confidence: Optional[str] = None) -> Dict:
     if col_end is None:
         col_end = max(col_start + 1, len(line.rstrip("\n")))
+    if severity is None:
+        severity = SEVERITY_MAP.get(rule_id, "warning")
+    if confidence is None:
+        confidence = CONFIDENCE_MAP.get(rule_id, "MEDIUM")
     return {
         "ruleId": rule_id,
         "message": message or f"[Regex] {rule_id}",
@@ -22,6 +219,7 @@ def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, co
         "endColumn": col_end,
         "length": max(0, col_end - col_start),
         "severity": severity,
+        "confidence": confidence,
         "metadata": {"source": "regex-fallback"},
         "metavariables": {},
     }