agent-security-scanner-mcp 3.3.0 → 3.4.0

package/src/config.js

@@ -0,0 +1,181 @@
+// .scannerrc configuration loading and filtering.
+// Supports YAML (.scannerrc.yaml/.yml) and JSON (.scannerrc.json) project configs.
+
+import { existsSync, readFileSync } from 'fs';
+import { dirname, join, resolve, sep } from 'path';
+import { execFileSync } from 'child_process';
+
+const DEFAULT_CONFIG = {
+  version: 1,
+  suppress: [],
+  exclude: ['node_modules/**', 'vendor/**', 'dist/**', '**/*.min.js'],
+  severity_threshold: 'info',
+  confidence_threshold: 'LOW',
+};
+
+const SEVERITY_ORDER = { info: 0, warning: 1, error: 2 };
+const CONFIDENCE_ORDER = { LOW: 0, MEDIUM: 1, HIGH: 2 };
+
+// Simple glob-to-regex converter (no external dependency)
+function globToRegex(pattern) {
+  let regex = '';
+  let i = 0;
+  while (i < pattern.length) {
+    const c = pattern[i];
+    if (c === '*') {
+      if (pattern[i + 1] === '*') {
+        if (pattern[i + 2] === '/') {
+          regex += '(?:.+/)?';
+          i += 3;
+          continue;
+        }
+        regex += '.*';
+        i += 2;
+        continue;
+      }
+      regex += '[^/]*';
+    } else if (c === '?') {
+      regex += '[^/]';
+    } else if (c === '{') {
+      regex += '(?:';
+    } else if (c === '}') {
+      regex += ')';
+    } else if (c === ',') {
+      regex += '|';
+    } else if ('.+^$|()[]\\'.includes(c)) {
+      regex += '\\' + c;
+    } else {
+      regex += c;
+    }
+    i++;
+  }
+  return new RegExp('^' + regex + '$');
+}
+
+export function matchGlob(filePath, pattern) {
+  // Normalize path separators
+  const normalized = filePath.replace(/\\/g, '/');
+  const re = globToRegex(pattern);
+  // Test against both full path and basename
+  return re.test(normalized) || re.test(normalized.split('/').pop());
+}
+
+// Walk up from filePath to find config file
+function findConfigFile(startPath) {
+  const names = ['.scannerrc.yaml', '.scannerrc.yml', '.scannerrc.json'];
+  let dir = resolve(dirname(startPath));
+  const root = resolve('/');
+
+  for (let i = 0; i < 50; i++) {
+    for (const name of names) {
+      const candidate = join(dir, name);
+      if (existsSync(candidate)) return candidate;
+    }
+    const parent = dirname(dir);
+    if (parent === dir || dir === root) break;
+    dir = parent;
+  }
+  return null;
+}
+
+function parseYaml(filePath) {
+  try {
+    const result = execFileSync('python3', [
+      '-c',
+      'import yaml,json,sys; print(json.dumps(yaml.safe_load(open(sys.argv[1]))))',
+      filePath,
+    ], { encoding: 'utf-8', timeout: 5000 });
+    return JSON.parse(result.trim());
+  } catch {
+    // Fallback: try simple key-value parsing for basic configs
+    return null;
+  }
+}
+
+export function loadConfig(filePath) {
+  const configFile = findConfigFile(filePath);
+  if (!configFile) return { ...DEFAULT_CONFIG };
+
+  try {
+    let parsed;
+    if (configFile.endsWith('.json')) {
+      parsed = JSON.parse(readFileSync(configFile, 'utf-8'));
+    } else {
+      parsed = parseYaml(configFile);
+    }
+
+    if (!parsed || typeof parsed !== 'object') return { ...DEFAULT_CONFIG };
+
+    return {
+      version: parsed.version || DEFAULT_CONFIG.version,
+      suppress: Array.isArray(parsed.suppress) ? parsed.suppress : DEFAULT_CONFIG.suppress,
+      exclude: Array.isArray(parsed.exclude) ? parsed.exclude : DEFAULT_CONFIG.exclude,
+      severity_threshold: parsed.severity_threshold || DEFAULT_CONFIG.severity_threshold,
+      confidence_threshold: parsed.confidence_threshold || DEFAULT_CONFIG.confidence_threshold,
+    };
+  } catch {
+    return { ...DEFAULT_CONFIG };
+  }
+}
+
+export function shouldExcludeFile(filePath, config) {
+  if (!config.exclude || config.exclude.length === 0) return false;
+  const normalized = filePath.replace(/\\/g, '/');
+  return config.exclude.some(pattern => matchGlob(normalized, pattern));
+}
+
+export function shouldSuppressRule(ruleId, filePath, config) {
+  if (!config.suppress || config.suppress.length === 0) return false;
+
+  for (const entry of config.suppress) {
+    const rule = typeof entry === 'string' ? entry : entry.rule;
+    if (!rule) continue;
+
+    // Check if rule pattern matches
+    const ruleMatches = matchGlob(ruleId, rule);
+    if (!ruleMatches) continue;
+
+    // Check path restriction if present
+    if (entry.paths && Array.isArray(entry.paths)) {
+      const normalized = filePath.replace(/\\/g, '/');
+      const pathMatches = entry.paths.some(p => matchGlob(normalized, p));
+      if (!pathMatches) continue;
+    }
+
+    return true;
+  }
+
+  return false;
+}
+
+export function meetsSeverityThreshold(severity, config) {
+  const threshold = config.severity_threshold || 'info';
+  const severityLevel = SEVERITY_ORDER[severity] ?? 0;
+  const thresholdLevel = SEVERITY_ORDER[threshold] ?? 0;
+  return severityLevel >= thresholdLevel;
+}
+
+export function meetsConfidenceThreshold(confidence, config) {
+  const threshold = config.confidence_threshold || 'LOW';
+  const confidenceLevel = CONFIDENCE_ORDER[confidence] ?? 0;
+  const thresholdLevel = CONFIDENCE_ORDER[threshold] ?? 0;
+  return confidenceLevel >= thresholdLevel;
+}
+
+export function applyConfig(findings, filePath, config) {
+  if (!Array.isArray(findings)) return findings;
+  if (!config) return findings;
+
+  return findings.filter(finding => {
+    // Check rule suppression
+    if (shouldSuppressRule(finding.ruleId, filePath, config)) return false;
+
+    // Check severity threshold
+    if (!meetsSeverityThreshold(finding.severity, config)) return false;
+
+    // Check confidence threshold
+    if (!meetsConfidenceThreshold(finding.confidence || 'MEDIUM', config)) return false;
+
+    return true;
+  });
+}

package/src/context.js

@@ -0,0 +1,228 @@
+// Context-aware filtering to reduce false positives.
+// Suppresses findings on import-only lines for known standard/popular modules.
+
+import { existsSync, readFileSync } from 'fs';
+import { dirname, join } from 'path';
+
+// Known safe standard library and popular modules per language
+const KNOWN_MODULES = {
+  javascript: new Set([
+    // Node.js builtins
+    'assert', 'buffer', 'child_process', 'cluster', 'crypto', 'dgram',
+    'dns', 'events', 'fs', 'http', 'http2', 'https', 'net', 'os',
+    'path', 'perf_hooks', 'process', 'querystring', 'readline', 'stream',
+    'string_decoder', 'timers', 'tls', 'tty', 'url', 'util', 'v8',
+    'vm', 'worker_threads', 'zlib',
+    // Popular frameworks/libraries
+    'express', 'koa', 'fastify', 'hapi', 'next', 'nuxt',
+    'react', 'react-dom', 'vue', 'angular', 'svelte',
+    'lodash', 'underscore', 'ramda',
+    'axios', 'node-fetch', 'got', 'superagent',
+    'moment', 'dayjs', 'date-fns', 'luxon',
+    'winston', 'morgan', 'pino', 'bunyan',
+    'helmet', 'cors', 'body-parser', 'cookie-parser', 'compression',
+    'passport', 'jsonwebtoken', 'bcrypt', 'bcryptjs',
+    'jest', 'mocha', 'chai', 'vitest', 'sinon', 'tape',
+    'typescript', 'webpack', 'vite', 'esbuild', 'rollup', 'parcel',
+    'mysql', 'mysql2', 'pg', 'mongodb', 'mongoose', 'redis', 'ioredis',
+    'sequelize', 'knex', 'prisma', 'typeorm', 'drizzle-orm',
+    'zod', 'joi', 'yup', 'ajv',
+    'dotenv', 'config', 'commander', 'yargs',
+    'chalk', 'debug', 'uuid', 'nanoid',
+    'socket.io', 'ws',
+  ]),
+  typescript: new Set([
+    // Same as JavaScript - TS shares the same ecosystem
+    'assert', 'buffer', 'child_process', 'cluster', 'crypto', 'dgram',
+    'dns', 'events', 'fs', 'http', 'http2', 'https', 'net', 'os',
+    'path', 'process', 'querystring', 'readline', 'stream', 'tls',
+    'url', 'util', 'worker_threads', 'zlib',
+    'express', 'koa', 'fastify', 'next', 'nuxt',
+    'react', 'react-dom', 'vue', 'angular', 'svelte',
+    'lodash', 'axios', 'node-fetch',
+    'helmet', 'cors', 'body-parser',
+    'jest', 'mocha', 'vitest',
+    'typescript', 'webpack', 'vite', 'esbuild',
+    'mysql', 'mysql2', 'pg', 'mongodb', 'mongoose', 'redis',
+    'sequelize', 'knex', 'prisma', 'typeorm',
+    'zod', 'joi',
+  ]),
+  python: new Set([
+    // Standard library
+    'os', 'sys', 'json', 'math', 'datetime', 'collections', 're',
+    'pathlib', 'typing', 'abc', 'io', 'subprocess', 'shutil',
+    'hashlib', 'hmac', 'secrets', 'sqlite3', 'csv', 'xml',
+    'urllib', 'http', 'socket', 'ssl', 'email', 'logging',
+    'unittest', 'argparse', 'configparser', 'functools', 'itertools',
+    'contextlib', 'dataclasses', 'enum', 'struct', 'copy', 'pprint',
+    'textwrap', 'string', 'codecs', 'base64', 'binascii',
+    'threading', 'multiprocessing', 'asyncio', 'concurrent',
+    'pickle', 'shelve', 'marshal', 'dbm',
+    'tempfile', 'glob', 'fnmatch', 'stat',
+    'time', 'calendar', 'locale', 'gettext',
+    'random', 'statistics',
+    // Popular packages
+    'pytest', 'mock', 'coverage',
+    'flask', 'django', 'fastapi', 'starlette', 'uvicorn', 'gunicorn',
+    'requests', 'httpx', 'aiohttp', 'urllib3',
+    'sqlalchemy', 'alembic', 'psycopg2', 'pymongo',
+    'celery', 'redis', 'boto3', 'botocore',
+    'numpy', 'pandas', 'scipy', 'matplotlib',
+    'pydantic', 'marshmallow', 'attrs',
+    'click', 'typer', 'rich',
+    'yaml', 'toml', 'dotenv',
+  ]),
+  ruby: new Set([
+    'rails', 'sinatra', 'rack', 'puma', 'unicorn',
+    'bundler', 'rake', 'rspec', 'minitest',
+    'activerecord', 'activesupport', 'actionpack',
+    'devise', 'pundit', 'cancancan',
+    'json', 'yaml', 'csv', 'net/http', 'uri', 'openssl',
+    'fileutils', 'pathname', 'tempfile', 'logger',
+  ]),
+  go: new Set([
+    'fmt', 'os', 'io', 'net', 'net/http', 'encoding/json',
+    'encoding/xml', 'crypto', 'crypto/tls', 'database/sql',
+    'sync', 'context', 'errors', 'strings', 'strconv',
+    'path', 'path/filepath', 'log', 'testing', 'time',
+    'math', 'sort', 'regexp', 'reflect', 'bufio',
+  ]),
+};
+
+// Patterns that identify import-only lines (no actual code execution)
+const IMPORT_ONLY_PATTERNS = [
+  // JS/TS require
+  /^\s*(const|let|var)\s+\w+\s*=\s*require\s*\(\s*['"][^'"]+['"]\s*\)\s*;?\s*$/,
+  /^\s*(const|let|var)\s+\{[^}]+\}\s*=\s*require\s*\(\s*['"][^'"]+['"]\s*\)\s*;?\s*$/,
+  // JS/TS import
+  /^\s*import\s+.*\s+from\s+['"][^'"]+['"]\s*;?\s*$/,
+  /^\s*import\s+['"][^'"]+['"]\s*;?\s*$/,
+  /^\s*import\s+\w+\s*$/,
+  // Python import
+  /^\s*import\s+[a-zA-Z_][\w.]*\s*(,\s*[a-zA-Z_][\w.]*)*\s*$/,
+  /^\s*from\s+[a-zA-Z_][\w.]*\s+import\s+/,
+  // Ruby require
+  /^\s*require\s+['"][^'"]+['"]\s*$/,
+  /^\s*require_relative\s+['"][^'"]+['"]\s*$/,
+  // Go import (single line)
+  /^\s*"[a-zA-Z_][\w/.]*"\s*$/,
+];
+
+export function isImportOnly(line) {
+  let trimmed = line.trim();
+  if (!trimmed) return false;
+  // Strip trailing single-line comments (JS/Python/Ruby)
+  trimmed = trimmed.replace(/\s*\/\/.*$/, '').replace(/\s*#(?!!).*$/, '').trim();
+  if (!trimmed) return false;
+  return IMPORT_ONLY_PATTERNS.some(p => p.test(trimmed));
+}
+
+export function isKnownModule(moduleName, language) {
+  const modules = KNOWN_MODULES[language];
+  if (!modules) return false;
+  // Handle scoped packages (@org/pkg -> check full name)
+  // Handle subpath imports (child_process -> child_process)
+  const baseName = moduleName.split('/')[0];
+  return modules.has(moduleName) || modules.has(baseName);
+}
+
+// Extract module name from a line of code
+function extractModuleName(line) {
+  // JS/TS: require("module") or require('module')
+  const requireMatch = line.match(/require\s*\(\s*['"]([^'"]+)['"]\s*\)/);
+  if (requireMatch) return requireMatch[1];
+
+  // JS/TS: import ... from "module"
+  const importFromMatch = line.match(/from\s+['"]([^'"]+)['"]/);
+  if (importFromMatch) return importFromMatch[1];
+
+  // Python: import module or from module import ...
+  const pyImportMatch = line.match(/^\s*import\s+([a-zA-Z_][\w]*)/);
+  if (pyImportMatch) return pyImportMatch[1];
+
+  const pyFromMatch = line.match(/^\s*from\s+([a-zA-Z_][\w]*)/);
+  if (pyFromMatch) return pyFromMatch[1];
+
+  return null;
+}
+
+// Filter findings based on context awareness
+export function applyContextFilter(findings, filePath, language) {
+  if (!Array.isArray(findings) || findings.length === 0) return findings;
+
+  let lines = [];
+  try {
+    if (existsSync(filePath)) {
+      lines = readFileSync(filePath, 'utf-8').split('\n');
+    }
+  } catch {
+    return findings;
+  }
+
+  return findings.filter(finding => {
+    const line = lines[finding.line] || '';
+
+    // Only filter import-only lines
+    if (!isImportOnly(line)) return true;
+
+    // Check if the module is known/safe
+    const moduleName = extractModuleName(line);
+    if (moduleName && isKnownModule(moduleName, language)) {
+      return false; // Suppress finding on known module import
+    }
+
+    return true;
+  });
+}
+
+// Framework/middleware detection patterns
+const FRAMEWORK_PATTERNS = {
+  helmet: { pattern: /require\s*\(\s*['"]helmet['"]\s*\)|from\s+['"]helmet['"]|import\s+.*helmet/, languages: ['javascript', 'typescript'] },
+  dompurify: { pattern: /require\s*\(\s*['"](?:dompurify|isomorphic-dompurify)['"]\s*\)|from\s+['"](?:dompurify|isomorphic-dompurify)['"]|import\s+.*(?:dompurify|DOMPurify)/, languages: ['javascript', 'typescript'] },
+  csurf: { pattern: /require\s*\(\s*['"]csurf['"]\s*\)|from\s+['"]csurf['"]/, languages: ['javascript', 'typescript'] },
+  cors: { pattern: /require\s*\(\s*['"]cors['"]\s*\)|from\s+['"]cors['"]/, languages: ['javascript', 'typescript'] },
+  prisma: { pattern: /from\s+prisma|import\s+prisma|@prisma\/client/, languages: ['javascript', 'typescript', 'python'] },
+  bcrypt: { pattern: /import\s+bcrypt|from\s+bcrypt|require\s*\(\s*['"]bcryptjs?['"]\s*\)/, languages: ['javascript', 'typescript', 'python'] },
+};
+
+// Maps framework -> which rule categories it mitigates -> downgraded severity
+const SEVERITY_DOWNGRADE = {
+  helmet: { mitigates: ['xss', 'innerhtml', 'outerhtml', 'document-write', 'cors-wildcard'], to: 'warning' },
+  dompurify: { mitigates: ['xss', 'innerhtml', 'outerhtml', 'dangerouslysetinnerhtml', 'insertadjacenthtml', 'document-write'], to: 'warning' },
+  csurf: { mitigates: ['csrf'], to: 'warning' },
+  cors: { mitigates: ['cors-wildcard'], to: 'info' },
+  prisma: { mitigates: ['sql-injection', 'nosql-injection', 'raw-query'], to: 'warning' },
+  bcrypt: { mitigates: ['md5', 'sha1', 'weak-hash', 'weak-cipher'], to: 'info' },
+};
+
+export function detectFrameworks(filePath, language) {
+  const detected = [];
+  try {
+    if (!existsSync(filePath)) return detected;
+    const content = readFileSync(filePath, 'utf-8');
+    for (const [name, config] of Object.entries(FRAMEWORK_PATTERNS)) {
+      if (config.languages.includes(language) && config.pattern.test(content)) {
+        detected.push(name);
+      }
+    }
+  } catch {
+    // Ignore read errors
+  }
+  return detected;
+}
+
+export function applyFrameworkAdjustments(findings, frameworks) {
+  if (!Array.isArray(findings) || findings.length === 0 || frameworks.length === 0) return findings;
+
+  return findings.map(finding => {
+    const ruleId = finding.ruleId?.toLowerCase() || '';
+    for (const fw of frameworks) {
+      const downgrade = SEVERITY_DOWNGRADE[fw];
+      if (!downgrade) continue;
+      if (downgrade.mitigates.some(m => ruleId.includes(m))) {
+        return { ...finding, severity: downgrade.to, frameworkMitigated: fw };
+      }
+    }
+    return finding;
+  });
+}

package/src/dedup.js

@@ -0,0 +1,129 @@
+// Cross-engine deduplication for security findings.
+// When AST and regex engines flag the same vulnerability on the same line
+// with different ruleIds, this module merges them into a single finding.
+
+// Maps ruleId substrings to vulnerability classes for cross-engine dedup.
+// Order matters: more specific patterns must come before generic ones.
+const VULN_CLASS_PATTERNS = [
+  // XSS variants
+  ['innerhtml', 'xss-innerhtml'],
+  ['outerhtml', 'xss-outerhtml'],
+  ['document-write', 'xss-document-write'],
+  ['document.write', 'xss-document-write'],
+  ['insertadjacenthtml', 'xss-insertadjacenthtml'],
+  ['dangerouslysetinnerhtml', 'xss-dangerouslysetinnerhtml'],
+  ['mustache-escape', 'xss-innerhtml'],
+  ['insecure-document-method', 'xss-document-write'],
+  ['dom-based-xss', 'xss-dom'],
+  ['xss-echo', 'xss-echo'],
+  ['xss-raw', 'xss-raw'],
+  ['xss-response-write', 'xss-response-write'],
+
+  // SQL Injection
+  ['sql-injection', 'sqli'],
+  ['nosql-injection', 'nosqli'],
+
+  // Command Injection
+  ['child-process-exec', 'cmdi-exec'],
+  ['spawn-shell', 'cmdi-spawn'],
+  ['dangerous-subprocess', 'cmdi-subprocess'],
+  ['dangerous-system-call', 'cmdi-system'],
+  ['command-injection', 'cmdi'],
+  ['backticks-exec', 'cmdi-backticks'],
+  ['libc-system-call', 'cmdi-libc'],
+
+  // Code Injection
+  ['eval-detected', 'code-eval'],
+  ['eval-usage', 'code-eval'],
+  ['exec-detected', 'code-exec'],
+  ['function-constructor', 'code-function-constructor'],
+
+  // Deserialization
+  ['pickle-load', 'deser-pickle'],
+  ['unsafe-unserialize', 'deser-unserialize'],
+  ['unsafe-yaml-load', 'deser-yaml'],
+  ['yaml-load', 'deser-yaml'],
+  ['unsafe-marshal', 'deser-marshal'],
+  ['insecure-deserialization', 'deser'],
+
+  // Crypto
+  ['md5', 'weak-hash-md5'],
+  ['sha1', 'weak-hash-sha1'],
+  ['insecure-hash', 'weak-hash'],
+  ['weak-hash', 'weak-hash'],
+  ['weak-cipher', 'weak-cipher'],
+
+  // Secrets
+  ['hardcoded-password', 'hardcoded-password'],
+  ['hardcoded-secret', 'hardcoded-secret'],
+  ['hardcoded-api-key', 'hardcoded-api-key'],
+  ['hardcoded-connection-string', 'hardcoded-connection-string'],
+
+  // Path traversal
+  ['path-traversal', 'path-traversal'],
+
+  // SSL
+  ['ssl-verify-disabled', 'ssl-verify-disabled'],
+
+  // Random
+  ['insecure-random', 'insecure-random'],
+  ['weak-random', 'weak-random'],
+];
+
+// Engine priority (higher = more trusted analysis)
+const ENGINE_PRIORITY = {
+  'taint': 3,
+  'ast': 2,
+  'regex': 1,
+  'regex-fallback': 0,
+};
+
+const SEVERITY_ORDER = { error: 3, warning: 2, info: 1 };
+
+export function classifyFinding(ruleId) {
+  const lower = ruleId.toLowerCase();
+  for (const [pattern, vulnClass] of VULN_CLASS_PATTERNS) {
+    if (lower.includes(pattern)) return vulnClass;
+  }
+  return lower;
+}
+
+export function deduplicateFindings(findings) {
+  if (!Array.isArray(findings)) return findings;
+
+  // Group by (vulnClass, line)
+  const groups = new Map();
+  for (const finding of findings) {
+    const vulnClass = classifyFinding(finding.ruleId);
+    const key = `${vulnClass}:${finding.line}`;
+    if (!groups.has(key)) groups.set(key, []);
+    groups.get(key).push(finding);
+  }
+
+  const deduped = [];
+  for (const group of groups.values()) {
+    if (group.length === 1) {
+      deduped.push(group[0]);
+      continue;
+    }
+
+    // Sort by engine priority (highest first)
+    group.sort((a, b) =>
+      (ENGINE_PRIORITY[b.engine] || 0) - (ENGINE_PRIORITY[a.engine] || 0)
+    );
+
+    const best = { ...group[0] };
+
+    // Preserve highest severity across group
+    for (const f of group) {
+      if ((SEVERITY_ORDER[f.severity] || 0) > (SEVERITY_ORDER[best.severity] || 0)) {
+        best.severity = f.severity;
+      }
+    }
+
+    best.engines_matched = [...new Set(group.map(f => f.engine))];
+    deduped.push(best);
+  }
+
+  return deduped;
+}

package/src/fix-patterns.js

@@ -63,20 +63,56 @@ export const FIX_TEMPLATES = {
   // COMMAND INJECTION
   // ===========================================
   "child-process-exec": {
-    description: "Use execFile() or spawn() with shell: false",
-    fix: (line) => line.replace(/\bexec\s*\(/, 'execFile(')
+    description: "Use execFile() with separate command and arguments array",
+    fix: (line) => {
+      // Match: exec("cmd " + arg) -> execFile("cmd", [arg])
+      const concatMatch = line.match(/\bexec\s*\(\s*["'](\S+)\s+["']\s*\+\s*(\w+)/);
+      if (concatMatch) {
+        return line.replace(/\bexec\s*\(\s*["'](\S+)\s+["']\s*\+\s*(\w+)\s*\)/, 'execFile("$1", [$2])');
+      }
+      // Match: exec(`cmd ${arg}`) -> execFile("cmd", [arg])
+      const templateMatch = line.match(/\bexec\s*\(\s*`(\S+)\s+\$\{(\w+)\}`/);
+      if (templateMatch) {
+        return line.replace(/\bexec\s*\(\s*`(\S+)\s+\$\{(\w+)\}`\s*\)/, 'execFile("$1", [$2])');
+      }
+      // Match: exec(variable) -> execFile with guidance
+      const varMatch = line.match(/\bexec\s*\(\s*(\w+)\s*\)/);
+      if (varMatch) {
+        return line.replace(/\bexec\s*\(\s*(\w+)\s*\)/, 'execFile($1.split(" ")[0], $1.split(" ").slice(1))');
+      }
+      // Fallback: comment with guidance
+      return '// SECURITY: Use execFile(command, [args]) instead of exec() - ' + line.trim();
+    }
   },
   "spawn-shell": {
     description: "Use spawn with shell: false",
     fix: (line) => line.replace(/shell\s*:\s*true/i, 'shell: false')
   },
   "dangerous-subprocess": {
-    description: "Use subprocess.run with list arguments",
-    fix: (line) => line.replace(/subprocess\.(call|run|Popen)\s*\(\s*["'](.+?)["']\s*,\s*shell\s*=\s*True/, 'subprocess.$1(["$2".split()], shell=False')
+    description: "Use subprocess.run with list arguments and shell=False",
+    fix: (line) => {
+      // Replace shell=True with shell=False
+      let fixed = line.replace(/shell\s*=\s*True/, 'shell=False');
+      // Replace string command with shlex.split() for safe list form
+      fixed = fixed.replace(
+        /subprocess\.(call|run|Popen)\s*\(\s*["'](.+?)["']/,
+        'subprocess.$1(shlex.split("$2")'
+      );
+      return fixed;
+    }
   },
   "dangerous-system-call": {
     description: "Use subprocess.run instead of os.system",
-    fix: (line) => line.replace(/os\.system\s*\(/, 'subprocess.run([')
+    fix: (line) => {
+      const match = line.match(/os\.system\s*\(\s*(.+?)\s*\)/);
+      if (match) {
+        return line.replace(
+          /os\.system\s*\(\s*(.+?)\s*\)/,
+          'subprocess.run(shlex.split($1), shell=False)'
+        );
+      }
+      return '# SECURITY: Replace os.system() with subprocess.run(shlex.split(cmd), shell=False)\n# ' + line.trim();
+    }
   },
   "command-injection-exec": {
     description: "Use exec.Command with separate arguments",
@@ -197,8 +233,11 @@ export const FIX_TEMPLATES = {
   // INSECURE DESERIALIZATION
   // ===========================================
   "pickle": {
-    description: "Use JSON instead of pickle",
-    fix: (line) => line.replace(/pickle\.(load|loads)\s*\(/, 'json.$1(')
+    description: "Use JSON instead of pickle for untrusted data",
+    fix: (line) => {
+      const fixed = line.replace(/pickle\.(load|loads)\s*\(/, 'json.$1(');
+      return fixed + '  # NOTE: data must be JSON-formatted';
+    }
   },
   "yaml-load": {
     description: "Use yaml.safe_load()",
@@ -209,8 +248,8 @@ export const FIX_TEMPLATES = {
     fix: (line) => line.replace(/marshal\.(load|loads)\s*\(/, 'json.$1(')
   },
   "shelve": {
-    description: "Use JSON or SQLite instead of shelve",
-    fix: (line) => line.replace(/shelve\.open\s*\(/, 'json.load(open(')
+    description: "Use JSON or SQLite instead of shelve for safe storage",
+    fix: (line) => '# SECURITY: Replace shelve with json or sqlite3 for safe storage\n# ' + line.trim()
   },
   "node-serialize": {
     description: "Use JSON.parse instead of node-serialize",
@@ -257,12 +296,12 @@ export const FIX_TEMPLATES = {
   // PATH TRAVERSAL
   // ===========================================
   "path-traversal": {
-    description: "Sanitize file paths and use basename",
+    description: "Resolve real path and validate prefix to prevent traversal",
     fix: (line, lang) => {
-      if (lang === 'python') return line.replace(/open\s*\(\s*(\w+)/, 'open(os.path.basename($1)');
-      if (lang === 'go') return line.replace(/os\.Open\s*\(\s*(\w+)/, 'os.Open(filepath.Base($1)');
-      if (lang === 'java') return line.replace(/new File\s*\(\s*(\w+)/, 'new File(new File($1).getName()');
-      return line.replace(/readFileSync\s*\(\s*(\w+)/, 'readFileSync(path.basename($1)');
+      if (lang === 'python') return line.replace(/open\s*\(\s*(\w+)/, 'open(os.path.realpath($1)  # TODO: validate path prefix');
+      if (lang === 'go') return line.replace(/os\.Open\s*\(\s*(\w+)/, 'os.Open(filepath.Clean($1)  // TODO: validate path prefix');
+      if (lang === 'java') return line.replace(/new File\s*\(\s*(\w+)/, 'new File($1).getCanonicalFile(  // TODO: validate path prefix');
+      return line.replace(/readFileSync\s*\(\s*(\w+)/, 'readFileSync(path.resolve($1)  // TODO: validate path prefix');
     }
   },
 
@@ -407,7 +446,14 @@ export const FIX_TEMPLATES = {
   // ===========================================
   "prototype-pollution": {
     description: "Validate object keys before assignment",
-    fix: (line) => line.replace(/(\w+)\[(\w+)\]\s*=/, 'if (!["__proto__", "constructor", "prototype"].includes($2)) $1[$2] =')
+    fix: (line) => {
+      // Only fix simple single-line assignments like: obj[key] = value
+      // Reject lines with multiple bracket accesses or chained assignments
+      if (/^\s*\w+\[\w+\]\s*=\s*[^[=]+$/.test(line)) {
+        return line.replace(/(\w+)\[(\w+)\]\s*=/, 'if (!["__proto__", "constructor", "prototype"].includes($2)) $1[$2] =');
+      }
+      return '// SECURITY: Validate key is not __proto__/constructor/prototype before assignment\n// ' + line.trim();
+    }
   },
 
   // ===========================================
@@ -443,7 +489,7 @@ export const FIX_TEMPLATES = {
   // ===========================================
   "helmet-missing": {
     description: "Add helmet middleware for security headers",
-    fix: (line) => 'app.use(helmet()); // Add security headers\n' + line
+    fix: (line) => '// TODO: Add app.use(helmet()) after Express app initialization\n' + line
   },
 
   // ===========================================
@@ -495,7 +541,10 @@ export const FIX_TEMPLATES = {
   },
   "run-shell-form": {
     description: "Use exec form for RUN commands",
-    fix: (line) => line.replace(/RUN\s+(.+)$/, 'RUN ["/bin/sh", "-c", "$1"]')
+    fix: (line) => line.replace(/RUN\s+(.+)$/, (_, cmd) => {
+      const escaped = cmd.replace(/"/g, '\\"');
+      return `RUN ["/bin/sh", "-c", "${escaped}"]`;
+    })
   },
   "sudo-in-dockerfile": {
     description: "Avoid sudo in Dockerfile - use USER directive",