agent-security-scanner-mcp 3.2.0 → 3.4.0

package/src/tools/scan-project.js

@@ -0,0 +1,308 @@
+// src/tools/scan-project.js
+import { z } from "zod";
+import { existsSync, readFileSync, readdirSync, statSync } from "fs";
+import { join, resolve, relative, extname, basename } from "path";
+import { execFileSync } from "child_process";
+import { scanSecurity } from './scan-security.js';
+import { matchGlob, loadConfig, shouldExcludeFile } from '../config.js';
+import { detectLanguage } from '../utils.js';
+
+export const scanProjectSchema = {
+  directory_path: z.string().describe("Path to the directory to scan"),
+  recursive: z.boolean().optional().describe("Scan subdirectories recursively (default: true)"),
+  include_patterns: z.array(z.string()).optional().describe("Glob patterns to include (e.g. ['**/*.py', '**/*.js'])"),
+  exclude_patterns: z.array(z.string()).optional().describe("Glob patterns to exclude (e.g. ['*test*', 'vendor/**'])"),
+  diff_only: z.boolean().optional().describe("Only scan git-changed files"),
+  cross_file: z.boolean().optional().describe("Enable cross-file taint analysis (max 50 files)"),
+  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level")
+};
+
+// Scannable file extensions
+const SCANNABLE_EXTENSIONS = new Set([
+  '.py', '.js', '.ts', '.tsx', '.jsx', '.java', '.go', '.rb', '.php',
+  '.rs', '.c', '.cpp', '.cc', '.cxx', '.h', '.hpp', '.cs',
+  '.tf', '.hcl', '.sql',
+]);
+
+// Parse .gitignore into patterns
+function parseGitignore(dirPath) {
+  const gitignorePath = join(dirPath, '.gitignore');
+  if (!existsSync(gitignorePath)) return [];
+
+  try {
+    const content = readFileSync(gitignorePath, 'utf-8');
+    return content.split('\n')
+      .map(line => line.trim())
+      .filter(line => line && !line.startsWith('#'))
+      .map(line => {
+        // Normalize: remove trailing slash for directories
+        if (line.endsWith('/')) return line.slice(0, -1) + '/**';
+        return line;
+      });
+  } catch {
+    return [];
+  }
+}
+
+// Check if a file path matches gitignore patterns
+function isGitignored(filePath, patterns) {
+  const normalized = filePath.replace(/\\/g, '/');
+  return patterns.some(pattern => matchGlob(normalized, pattern));
+}
+
+// Recursively walk a directory, respecting exclusions
+function walkDirectory(dirPath, options = {}) {
+  const { recursive = true, includePatterns = [], excludePatterns = [], gitignorePatterns = [], config } = options;
+  const files = [];
+
+  function walk(currentDir) {
+    let entries;
+    try {
+      entries = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+
+    for (const entry of entries) {
+      // Skip hidden directories/files
+      if (entry.startsWith('.')) continue;
+
+      const fullPath = join(currentDir, entry);
+      const relativePath = relative(dirPath, fullPath);
+
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+
+      if (stat.isDirectory()) {
+        // Skip common non-source directories
+        if (['node_modules', 'vendor', 'dist', 'build', '__pycache__', '.git',
+             'venv', 'env', '.venv', 'target', 'coverage'].includes(entry)) continue;
+
+        // Skip gitignored directories
+        if (isGitignored(relativePath, gitignorePatterns)) continue;
+
+        if (recursive) walk(fullPath);
+      } else if (stat.isFile()) {
+        const ext = extname(entry).toLowerCase();
+        const base = basename(entry).toLowerCase();
+
+        // Check extension or special filenames
+        if (!SCANNABLE_EXTENSIONS.has(ext) && base !== 'dockerfile') continue;
+
+        // Check gitignore
+        if (isGitignored(relativePath, gitignorePatterns)) continue;
+
+        // Check config exclusions
+        if (config && shouldExcludeFile(relativePath, config)) continue;
+
+        // Check include patterns (if specified, only include matching files)
+        if (includePatterns.length > 0) {
+          const matches = includePatterns.some(p => matchGlob(relativePath, p));
+          if (!matches) continue;
+        }
+
+        // Check exclude patterns (if specified, skip matching files)
+        if (excludePatterns.length > 0) {
+          const excluded = excludePatterns.some(p => matchGlob(relativePath, p) || relativePath.includes(p) || entry.includes(p));
+          if (excluded) continue;
+        }
+
+        files.push(fullPath);
+      }
+    }
+  }
+
+  walk(dirPath);
+  return files;
+}
+
+// Get git-changed files in a directory
+function getGitChangedFiles(dirPath) {
+  try {
+    const output = execFileSync('git', ['diff', '--name-only', 'HEAD'], {
+      cwd: dirPath, encoding: 'utf-8', timeout: 10000
+    });
+    const untrackedOutput = execFileSync('git', ['ls-files', '--others', '--exclude-standard'], {
+      cwd: dirPath, encoding: 'utf-8', timeout: 10000
+    });
+    const allFiles = [...output.trim().split('\n'), ...untrackedOutput.trim().split('\n')]
+      .filter(f => f.trim())
+      .map(f => resolve(dirPath, f))
+      .filter(f => existsSync(f));
+    return [...new Set(allFiles)];
+  } catch {
+    return [];
+  }
+}
+
+// Calculate security grade based on findings
+function calculateGrade(totalIssues, totalFiles, errorCount) {
+  if (totalFiles === 0) return 'A';
+  const density = totalIssues / totalFiles;
+
+  if (errorCount === 0 && density === 0) return 'A';
+  if (errorCount === 0 && density < 0.5) return 'B';
+  if (errorCount <= 2 && density < 1.5) return 'C';
+  if (errorCount <= 5 && density < 3) return 'D';
+  return 'F';
+}
+
+export async function scanProject({ directory_path, recursive, include_patterns, exclude_patterns, diff_only, cross_file, verbosity }) {
+  const dirPath = resolve(directory_path);
+
+  if (!existsSync(dirPath)) {
+    return {
+      content: [{ type: "text", text: JSON.stringify({ error: "Directory not found" }) }]
+    };
+  }
+
+  // Load config from directory
+  const config = loadConfig(join(dirPath, 'dummy.js'));
+  const gitignorePatterns = parseGitignore(dirPath);
+
+  // Get files to scan
+  let files;
+  if (diff_only) {
+    files = getGitChangedFiles(dirPath);
+  } else {
+    files = walkDirectory(dirPath, {
+      recursive: recursive !== false,
+      includePatterns: include_patterns || [],
+      excludePatterns: exclude_patterns || [],
+      gitignorePatterns,
+      config
+    });
+  }
+
+  // Filter to scannable extensions
+  files = files.filter(f => {
+    const ext = extname(f).toLowerCase();
+    const base = basename(f).toLowerCase();
+    return SCANNABLE_EXTENSIONS.has(ext) || base === 'dockerfile';
+  });
+
+  if (files.length === 0) {
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        directory: dirPath,
+        message: "No scannable files found",
+        files_scanned: 0,
+        grade: 'A'
+      }) }]
+    };
+  }
+
+  // Scan each file
+  const allIssues = [];
+  const byFile = {};
+  const bySeverity = { error: 0, warning: 0, info: 0 };
+  const byCategory = {};
+
+  for (const filePath of files) {
+    const result = await scanSecurity({ file_path: filePath, verbosity: 'full' });
+    const parsed = JSON.parse(result.content[0].text);
+
+    if (parsed.issues && Array.isArray(parsed.issues)) {
+      const relativePath = relative(dirPath, filePath);
+      byFile[relativePath] = parsed.issues.length;
+
+      for (const issue of parsed.issues) {
+        allIssues.push({ ...issue, file: relativePath });
+        bySeverity[issue.severity] = (bySeverity[issue.severity] || 0) + 1;
+        const category = issue.ruleId?.split('.')[0] || 'other';
+        byCategory[category] = (byCategory[category] || 0) + 1;
+      }
+    }
+  }
+
+  // Cross-file taint analysis (opt-in, max 50 files)
+  let crossFileIssues = [];
+  if (cross_file && files.length <= 50) {
+    try {
+      const { runCrossFileAnalyzer } = await import('../utils.js');
+      if (typeof runCrossFileAnalyzer === 'function') {
+        const crossResults = runCrossFileAnalyzer(files);
+        if (Array.isArray(crossResults)) {
+          crossFileIssues = crossResults;
+          for (const issue of crossFileIssues) {
+            const relativePath = relative(dirPath, issue.file || '');
+            allIssues.push({ ...issue, file: relativePath });
+            bySeverity[issue.severity] = (bySeverity[issue.severity] || 0) + 1;
+          }
+        }
+      }
+    } catch {
+      // Cross-file analysis not available
+    }
+  }
+
+  const grade = calculateGrade(allIssues.length, files.length, bySeverity.error);
+  const level = verbosity || 'compact';
+
+  if (level === 'minimal') {
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        directory: dirPath,
+        files_scanned: files.length,
+        total: allIssues.length,
+        critical: bySeverity.error,
+        warning: bySeverity.warning,
+        info: bySeverity.info,
+        grade,
+        message: allIssues.length > 0
+          ? `Found ${allIssues.length} issue(s) across ${files.length} files. Grade: ${grade}`
+          : `No issues found in ${files.length} files. Grade: ${grade}`
+      }) }]
+    };
+  }
+
+  if (level === 'compact') {
+    // Show top issues per file, sorted by severity
+    const topIssues = allIssues
+      .sort((a, b) => {
+        const order = { error: 0, warning: 1, info: 2 };
+        return (order[a.severity] || 2) - (order[b.severity] || 2);
+      })
+      .slice(0, 50)
+      .map(i => ({
+        file: i.file,
+        line: (i.line || 0) + 1,
+        ruleId: i.ruleId,
+        severity: i.severity,
+        message: i.message
+      }));
+
+    return {
+      content: [{ type: "text", text: JSON.stringify({
+        directory: dirPath,
+        files_scanned: files.length,
+        issues_count: allIssues.length,
+        grade,
+        by_severity: bySeverity,
+        by_category: byCategory,
+        cross_file_issues: crossFileIssues.length > 0 ? crossFileIssues.length : undefined,
+        issues: topIssues
+      }, null, 2) }]
+    };
+  }
+
+  // full
+  return {
+    content: [{ type: "text", text: JSON.stringify({
+      directory: dirPath,
+      files_scanned: files.length,
+      issues_count: allIssues.length,
+      grade,
+      by_severity: bySeverity,
+      by_category: byCategory,
+      by_file: byFile,
+      cross_file_issues: crossFileIssues.length > 0 ? crossFileIssues : undefined,
+      issues: allIssues,
+      scanned_files: files.map(f => relative(dirPath, f))
+    }, null, 2) }]
+  };
+}

package/src/tools/scan-prompt.js

@@ -39,6 +39,12 @@ const CATEGORY_WEIGHTS = {
   "prompt-injection-privilege": 0.85,
   "prompt-injection-multi-turn": 0.7,
   "prompt-injection-output": 0.9,
+  // OpenClaw-specific categories
+  "data_exfiltration": 1.0,
+  "messaging_abuse": 0.95,
+  "credential_theft": 1.0,
+  "autonomous_harm": 0.9,
+  "service_attack": 0.95,
   "unknown": 0.5
 };
 
@@ -189,6 +195,69 @@ function loadPromptInjectionRules() {
   }
 }
 
+// Load OpenClaw-specific rules
+function loadOpenClawRules() {
+  try {
+    const rulesPath = join(__dirname, '..', '..', 'rules', 'openclaw.security.yaml');
+    if (!existsSync(rulesPath)) {
+      return [];
+    }
+
+    const yaml = readFileSync(rulesPath, 'utf-8');
+    const rules = [];
+
+    const ruleBlocks = yaml.split(/^  - id:/m).slice(1);
+
+    for (const block of ruleBlocks) {
+      const lines = ('  - id:' + block).split('\n');
+      const rule = {
+        id: '',
+        severity: 'WARNING',
+        message: '',
+        patterns: [],
+        metadata: {}
+      };
+
+      let inPatterns = false;
+
+      for (const line of lines) {
+        if (line.match(/^\s+- id:\s*/)) {
+          rule.id = line.replace(/^\s+- id:\s*/, '').trim();
+        } else if (line.match(/^\s+severity:\s*/)) {
+          rule.severity = line.replace(/^\s+severity:\s*/, '').trim();
+        } else if (line.match(/^\s+category:\s*/)) {
+          rule.metadata.category = line.replace(/^\s+category:\s*/, '').trim();
+        } else if (line.match(/^\s+action:\s*/)) {
+          rule.metadata.action = line.replace(/^\s+action:\s*/, '').trim();
+        } else if (line.match(/^\s+message:\s*/)) {
+          rule.message = line.replace(/^\s+message:\s*["']?/, '').replace(/["']$/, '').trim();
+        } else if (line.match(/^\s+patterns:\s*$/)) {
+          inPatterns = true;
+        } else if (inPatterns && line.match(/^\s+- /)) {
+          let pattern = line.replace(/^\s+- /, '').trim();
+          pattern = pattern.replace(/^["']|["']$/g, '');
+          pattern = pattern.replace(/\\\\/g, '\\');
+          if (pattern) rule.patterns.push(pattern);
+        } else if (line.match(/^\s+\w+:/) && !line.match(/^\s+- /)) {
+          inPatterns = false;
+        }
+      }
+
+      if (rule.id && rule.patterns.length > 0) {
+        // Set confidence and risk score based on severity
+        rule.metadata.confidence = rule.severity === 'CRITICAL' ? 'HIGH' : 'MEDIUM';
+        rule.metadata.risk_score = rule.severity === 'CRITICAL' ? '90' : '70';
+        rules.push(rule);
+      }
+    }
+
+    return rules;
+  } catch (error) {
+    console.error("Error loading OpenClaw rules:", error.message);
+    return [];
+  }
+}
+
 // Calculate risk score from findings
 function calculateRiskScore(findings, context) {
   if (findings.length === 0) return 0;
@@ -377,7 +446,8 @@ export async function scanAgentPrompt({ prompt_text, context, verbosity }) {
   // Load rules
   const agentRules = loadAgentAttackRules();
   const promptRules = loadPromptInjectionRules();
-  const allRules = [...agentRules, ...promptRules];
+  const openclawRules = loadOpenClawRules();
+  const allRules = [...agentRules, ...promptRules, ...openclawRules];
 
   // 2.7: Extract content from code blocks and append to scan text
   let expandedText = prompt_text;

package/src/tools/scan-security.js

@@ -2,11 +2,15 @@
 import { z } from "zod";
 import { existsSync, readFileSync } from "fs";
 import { detectLanguage, runAnalyzer, generateFix, toSarif } from '../utils.js';
+import { deduplicateFindings } from '../dedup.js';
+import { applyContextFilter, detectFrameworks, applyFrameworkAdjustments } from '../context.js';
+import { loadConfig, shouldExcludeFile, applyConfig } from '../config.js';
 
 export const scanSecuritySchema = {
   file_path: z.string().describe("Path to the file to scan"),
   output_format: z.enum(['json', 'sarif']).optional().describe("Output format: 'json' (default) or 'sarif' for GitHub/GitLab integration"),
-  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)")
+  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)"),
+  engine: z.enum(['auto', 'ast', 'regex']).optional().describe("Analysis engine: 'auto' (default, AST with regex fallback), 'ast' (tree-sitter only), 'regex' (regex only)")
 };
 
 // Verbosity formatters
@@ -35,6 +39,7 @@ function formatCompact(file_path, language, issues) {
       line: i.line + 1,
       ruleId: i.ruleId,
       severity: i.severity,
+      confidence: i.confidence || 'MEDIUM',
       message: i.message,
       fix: i.suggested_fix?.fixed ? i.suggested_fix.fixed.trim() : null
     }))
@@ -50,26 +55,49 @@ function formatFull(file_path, language, issues) {
   };
 }
 
-export async function scanSecurity({ file_path, output_format, verbosity }) {
+export async function scanSecurity({ file_path, output_format, verbosity, engine }) {
   if (!existsSync(file_path)) {
     return {
       content: [{ type: "text", text: JSON.stringify({ error: "File not found" }) }]
     };
   }
 
-  const issues = runAnalyzer(file_path);
+  // Load project configuration
+  const config = loadConfig(file_path);
 
-  if (issues.error) {
+  // Check file exclusion
+  if (shouldExcludeFile(file_path, config)) {
     return {
-      content: [{ type: "text", text: JSON.stringify(issues) }]
+      content: [{ type: "text", text: JSON.stringify({ file: file_path, message: "File excluded by configuration", issues_count: 0 }) }]
     };
   }
 
+  const rawIssues = runAnalyzer(file_path, engine || 'auto');
+
+  if (rawIssues.error) {
+    return {
+      content: [{ type: "text", text: JSON.stringify(rawIssues) }]
+    };
+  }
+
+  // Cross-engine deduplication
+  const dedupedIssues = deduplicateFindings(rawIssues);
+
   // Read file content for fix suggestions
   const content = readFileSync(file_path, 'utf-8');
   const lines = content.split('\n');
   const language = detectLanguage(file_path);
 
+  // Context-aware filtering (suppress known module imports)
+  const contextFiltered = applyContextFilter(dedupedIssues, file_path, language);
+
+  // Framework-aware severity adjustment
+  const frameworks = detectFrameworks(file_path, language);
+  const frameworkAdjusted = applyFrameworkAdjustments(contextFiltered, frameworks);
+
+  // Apply .scannerrc configuration (rule suppression, severity/confidence thresholds)
+  const issues = applyConfig(frameworkAdjusted, file_path, config);
+
   // Enhance issues with fix suggestions
   const enhancedIssues = issues.map(issue => {
     const line = lines[issue.line] || '';

package/src/utils.js

@@ -36,10 +36,14 @@ export function detectLanguage(filePath) {
 }
 
 // Run the Python analyzer
-export function runAnalyzer(filePath) {
+export function runAnalyzer(filePath, engine = 'auto') {
   try {
     const analyzerPath = join(__dirname, '..', 'analyzer.py');
-    const result = execFileSync('python3', [analyzerPath, filePath], {
+    const args = [analyzerPath, filePath];
+    if (engine !== 'auto') {
+      args.push('--engine', engine);
+    }
+    const result = execFileSync('python3', args, {
       encoding: 'utf-8',
       timeout: 30000
     });
@@ -49,17 +53,62 @@ export function runAnalyzer(filePath) {
   }
 }
 
+// Validate that a fix produces syntactically reasonable output
+export function validateFix(original, fixed) {
+  if (!fixed || fixed === original) return false;
+
+  // Strip escaped quotes for bracket/quote counting
+  const unescaped = fixed.replace(/\\["'`]/g, '');
+
+  // Check balanced quotes (single pass)
+  const singleQ = (unescaped.match(/'/g) || []).length;
+  const doubleQ = (unescaped.match(/"/g) || []).length;
+  const backtickQ = (unescaped.match(/`/g) || []).length;
+  if (singleQ % 2 !== 0 || doubleQ % 2 !== 0 || backtickQ % 2 !== 0) return false;
+
+  // Check balanced brackets
+  const brackets = { '(': 0, '[': 0, '{': 0 };
+  const closers = { ')': '(', ']': '[', '}': '{' };
+  for (const char of unescaped) {
+    if (brackets[char] !== undefined) brackets[char]++;
+    if (closers[char]) {
+      brackets[closers[char]]--;
+      if (brackets[closers[char]] < 0) return false;
+    }
+  }
+  if (Object.values(brackets).some(v => v !== 0)) return false;
+
+  return true;
+}
+
 // Generate fix suggestion for an issue
 export function generateFix(issue, line, language) {
   const ruleId = issue.ruleId.toLowerCase();
 
   for (const [pattern, template] of Object.entries(FIX_TEMPLATES)) {
     if (ruleId.includes(pattern)) {
-      return {
-        description: template.description,
-        original: line,
-        fixed: template.fix(line, language)
-      };
+      try {
+        const fixed = template.fix(line, language);
+        // Validate the fix produces reasonable output
+        if (fixed && !validateFix(line, fixed)) {
+          return {
+            description: template.description + " (manual fix required)",
+            original: line,
+            fixed: null
+          };
+        }
+        return {
+          description: template.description,
+          original: line,
+          fixed: fixed
+        };
+      } catch {
+        return {
+          description: template.description + " (manual fix required)",
+          original: line,
+          fixed: null
+        };
+      }
     }
   }
 
@@ -70,6 +119,26 @@ export function generateFix(issue, line, language) {
   };
 }
 
+// Run cross-file taint analysis
+export function runCrossFileAnalyzer(filePaths) {
+  try {
+    const analyzerPath = join(__dirname, '..', 'cross_file_analyzer.py');
+    if (!existsSync(analyzerPath)) return [];
+    const result = execFileSync('python3', [analyzerPath, ...filePaths], {
+      encoding: 'utf-8',
+      timeout: 120000,
+      maxBuffer: 10 * 1024 * 1024
+    });
+    const parsed = JSON.parse(result);
+    // Return only cross-file warnings (per-file findings are handled by scanSecurity)
+    return Array.isArray(parsed)
+      ? parsed.filter(f => f.ruleId === 'cross-file-taint-warning')
+      : [];
+  } catch {
+    return [];
+  }
+}
+
 // Convert issues to SARIF 2.1.0 format
 export function toSarif(file_path, language, issues) {
   const severityToLevel = {