agent-security-scanner-mcp 3.7.0 → 3.9.0

package/src/tools/scan-security.js

@@ -1,12 +1,16 @@
 // src/tools/scan-security.js
 import { z } from "zod";
 import { existsSync, readFileSync } from "fs";
-import { detectLanguage, runAnalyzer, generateFix, toSarif } from '../utils.js';
+import { detectLanguage, runAnalyzerAsync, generateFix, toSarif, getEngineMode } from '../utils.js';
+import { deduplicateFindings } from '../dedup.js';
+import { applyContextFilter, detectFrameworks, applyFrameworkAdjustments } from '../context.js';
+import { loadConfig, shouldExcludeFile, applyConfig } from '../config.js';
 
 export const scanSecuritySchema = {
   file_path: z.string().describe("Path to the file to scan"),
   output_format: z.enum(['json', 'sarif']).optional().describe("Output format: 'json' (default) or 'sarif' for GitHub/GitLab integration"),
-  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)")
+  verbosity: z.enum(['minimal', 'compact', 'full']).optional().describe("Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata)"),
+  engine: z.enum(['auto', 'ast', 'regex']).optional().describe("Analysis engine: 'auto' (default, AST with regex fallback), 'ast' (tree-sitter only), 'regex' (regex only)")
 };
 
 // Verbosity formatters
@@ -16,6 +20,7 @@ function formatMinimal(file_path, language, issues) {
   return {
     file: file_path,
     language,
+    engine_mode: getEngineMode(),
     total: issues.length,
     critical: bySeverity.error,
     warning: bySeverity.warning,
@@ -30,11 +35,13 @@ function formatCompact(file_path, language, issues) {
   return {
     file: file_path,
     language,
+    engine_mode: getEngineMode(),
     issues_count: issues.length,
     issues: issues.map(i => ({
       line: i.line + 1,
       ruleId: i.ruleId,
       severity: i.severity,
+      confidence: i.confidence || 'MEDIUM',
       message: i.message,
       fix: i.suggested_fix?.fixed ? i.suggested_fix.fixed.trim() : null
     }))
@@ -45,31 +52,55 @@ function formatFull(file_path, language, issues) {
   return {
     file: file_path,
     language,
+    engine_mode: getEngineMode(),
     issues_count: issues.length,
     issues: issues
   };
 }
 
-export async function scanSecurity({ file_path, output_format, verbosity }) {
+export async function scanSecurity({ file_path, output_format, verbosity, engine }) {
   if (!existsSync(file_path)) {
     return {
       content: [{ type: "text", text: JSON.stringify({ error: "File not found" }) }]
     };
   }
 
-  const issues = runAnalyzer(file_path);
+  // Load project configuration
+  const config = loadConfig(file_path);
 
-  if (issues.error) {
+  // Check file exclusion
+  if (shouldExcludeFile(file_path, config)) {
     return {
-      content: [{ type: "text", text: JSON.stringify(issues) }]
+      content: [{ type: "text", text: JSON.stringify({ file: file_path, message: "File excluded by configuration", issues_count: 0 }) }]
     };
   }
 
+  const rawIssues = await runAnalyzerAsync(file_path, engine || 'auto');
+
+  if (rawIssues.error) {
+    return {
+      content: [{ type: "text", text: JSON.stringify(rawIssues) }]
+    };
+  }
+
+  // Cross-engine deduplication
+  const dedupedIssues = deduplicateFindings(rawIssues);
+
   // Read file content for fix suggestions
   const content = readFileSync(file_path, 'utf-8');
   const lines = content.split('\n');
   const language = detectLanguage(file_path);
 
+  // Context-aware filtering (suppress known module imports)
+  const contextFiltered = applyContextFilter(dedupedIssues, file_path, language);
+
+  // Framework-aware severity adjustment
+  const frameworks = detectFrameworks(file_path, language);
+  const frameworkAdjusted = applyFrameworkAdjustments(contextFiltered, frameworks);
+
+  // Apply .scannerrc configuration (rule suppression, severity/confidence thresholds)
+  const issues = applyConfig(frameworkAdjusted, file_path, config);
+
   // Enhance issues with fix suggestions
   const enhancedIssues = issues.map(issue => {
     const line = lines[issue.line] || '';

package/src/typosquat.js

@@ -0,0 +1,210 @@
+// Typosquatting detection for package hallucination
+// Checks suspicious package names against known popular packages per ecosystem
+
+// Top popular packages per ecosystem for typosquat comparison
+const TOP_PACKAGES = {
+  npm: [
+    'express', 'react', 'lodash', 'axios', 'chalk', 'commander', 'debug',
+    'moment', 'request', 'uuid', 'bluebird', 'async', 'underscore', 'semver',
+    'glob', 'minimist', 'yargs', 'mkdirp', 'rimraf', 'colors', 'webpack',
+    'babel-core', 'typescript', 'eslint', 'jest', 'mocha', 'chai', 'sinon',
+    'prettier', 'next', 'vue', 'angular', 'svelte', 'dotenv', 'cors',
+    'helmet', 'mongoose', 'redis', 'pg', 'mysql2', 'socket.io', 'ws',
+    'jsonwebtoken', 'bcrypt', 'passport', 'nodemon', 'pm2', 'gulp', 'grunt',
+    'bower'
+  ],
+  pypi: [
+    'requests', 'flask', 'django', 'numpy', 'pandas', 'scipy', 'boto3',
+    'setuptools', 'pip', 'wheel', 'six', 'urllib3', 'certifi', 'idna',
+    'chardet', 'pyyaml', 'jinja2', 'cryptography', 'pillow', 'matplotlib',
+    'sqlalchemy', 'celery', 'redis', 'pytest', 'click', 'rich', 'fastapi',
+    'pydantic', 'httpx', 'aiohttp', 'tornado', 'gunicorn', 'uvicorn',
+    'black', 'mypy', 'pylint', 'flake8', 'tox', 'coverage', 'sphinx',
+    'beautifulsoup4', 'scrapy', 'selenium', 'paramiko', 'fabric', 'ansible',
+    'tensorflow', 'pytorch', 'scikit-learn'
+  ],
+  rubygems: [
+    'rails', 'rake', 'bundler', 'rspec', 'sinatra', 'puma', 'unicorn',
+    'devise', 'pundit', 'sidekiq', 'redis', 'pg', 'mysql2', 'activerecord',
+    'actionpack', 'activesupport', 'nokogiri', 'httparty', 'faraday',
+    'rest-client', 'json', 'minitest', 'capybara', 'factory_bot', 'faker',
+    'rubocop', 'solargraph', 'pry', 'byebug', 'dotenv', 'figaro', 'jwt',
+    'bcrypt', 'omniauth', 'paperclip', 'carrierwave', 'aws-sdk', 'stripe',
+    'graphql', 'grape'
+  ],
+  crates: [
+    'serde', 'tokio', 'clap', 'rand', 'log', 'reqwest', 'hyper',
+    'actix-web', 'regex', 'lazy_static', 'chrono', 'uuid', 'futures',
+    'async-std', 'anyhow', 'thiserror', 'tracing', 'env_logger', 'config',
+    'diesel', 'sqlx', 'sea-orm', 'rocket', 'axum', 'warp', 'tower',
+    'bytes', 'url', 'http', 'serde_json', 'toml', 'base64', 'sha2',
+    'ring', 'rustls', 'rayon', 'crossbeam', 'parking_lot', 'dashmap',
+    'once_cell'
+  ]
+};
+
+/**
+ * Compute the Levenshtein edit distance between two strings.
+ * Uses a standard dynamic programming approach with O(min(m,n)) space.
+ * @param {string} a - First string
+ * @param {string} b - Second string
+ * @returns {number} The edit distance between a and b
+ */
+export function levenshteinDistance(a, b) {
+  // Ensure a is the shorter string to optimize space usage
+  if (a.length > b.length) {
+    [a, b] = [b, a];
+  }
+
+  const m = a.length;
+  const n = b.length;
+
+  // Early termination: if one string is empty, distance is the other's length
+  if (m === 0) return n;
+
+  // Use single row with rolling updates (O(min(m,n)) space)
+  let prev = new Array(m + 1);
+  let curr = new Array(m + 1);
+
+  // Initialize first row
+  for (let i = 0; i <= m; i++) {
+    prev[i] = i;
+  }
+
+  for (let j = 1; j <= n; j++) {
+    curr[0] = j;
+    for (let i = 1; i <= m; i++) {
+      if (a[i - 1] === b[j - 1]) {
+        curr[i] = prev[i - 1];
+      } else {
+        curr[i] = 1 + Math.min(
+          prev[i],      // deletion
+          curr[i - 1],  // insertion
+          prev[i - 1]   // substitution
+        );
+      }
+    }
+    // Swap rows
+    [prev, curr] = [curr, prev];
+  }
+
+  return prev[m];
+}
+
+/**
+ * Find popular packages that are similar to the given (possibly misspelled) package name.
+ * Used to detect potential typosquatting attacks where a malicious package has a name
+ * very close to a legitimate popular package.
+ *
+ * @param {string} packageName - The package name to check (not found in registry)
+ * @param {string} ecosystem - The package ecosystem: 'npm', 'pypi', 'rubygems', or 'crates'
+ * @param {number} [maxDistance=2] - Maximum Levenshtein distance to consider a match
+ * @param {number} [limit=5] - Maximum number of similar packages to return
+ * @returns {Array<{name: string, distance: number, warning: string}>} Similar packages sorted by distance
+ */
+export function findSimilarPackages(packageName, ecosystem, maxDistance = 2, limit = 5) {
+  const knownPackages = TOP_PACKAGES[ecosystem];
+  if (!knownPackages) {
+    return [];
+  }
+
+  const normalizedInput = packageName.toLowerCase();
+  const matches = [];
+
+  for (const known of knownPackages) {
+    const normalizedKnown = known.toLowerCase();
+
+    // Skip exact matches -- the package exists, not a typosquat
+    if (normalizedInput === normalizedKnown) {
+      continue;
+    }
+
+    // Quick length-based pruning: if length difference exceeds maxDistance,
+    // the edit distance must be at least that large
+    if (Math.abs(normalizedInput.length - normalizedKnown.length) > maxDistance) {
+      continue;
+    }
+
+    const distance = levenshteinDistance(normalizedInput, normalizedKnown);
+
+    if (distance >= 1 && distance <= maxDistance) {
+      matches.push({
+        name: known,
+        distance,
+        warning: `Did you mean '${known}'? Possible typosquatting attack (edit distance: ${distance})`
+      });
+    }
+  }
+
+  // Sort by distance (closest first), then alphabetically for stable ordering
+  matches.sort((a, b) => a.distance - b.distance || a.name.localeCompare(b.name));
+
+  return matches.slice(0, limit);
+}
+
+// Common internal/private naming prefixes that may indicate dependency confusion risk
+const INTERNAL_PREFIXES = [
+  'internal-',
+  'private-',
+  'priv-',
+  'corp-',
+  'company-',
+  'org-',
+  'dev-',
+  'local-'
+];
+
+// Pattern for scoped package names that look like company-internal packages
+const SCOPED_PACKAGE_RE = /^@([a-z0-9-]+)\//;
+
+/**
+ * Check whether a package name shows signs of dependency confusion risk.
+ * Dependency confusion attacks exploit the case where an internal (private) package
+ * name is also published on a public registry, allowing an attacker to trick
+ * package managers into installing the malicious public version.
+ *
+ * @param {string} packageName - The package name to check
+ * @returns {{ risk: boolean, warning: string | null }} Risk assessment
+ */
+export function checkDependencyConfusion(packageName) {
+  // Check for scoped packages (@company/X) -- the unscoped name X could exist publicly
+  const scopedMatch = packageName.match(SCOPED_PACKAGE_RE);
+  if (scopedMatch) {
+    const scope = scopedMatch[1];
+    const unscopedName = packageName.replace(SCOPED_PACKAGE_RE, '');
+
+    // Check if the unscoped portion matches a known popular package
+    for (const ecosystem of Object.keys(TOP_PACKAGES)) {
+      const knownPackages = TOP_PACKAGES[ecosystem];
+      if (knownPackages.includes(unscopedName)) {
+        return {
+          risk: true,
+          warning: `Scoped package '${packageName}' contains unscoped name '${unscopedName}' which is a known public package. Verify this is the intended package to avoid dependency confusion.`
+        };
+      }
+    }
+
+    // Even without a known match, scoped names with common company-like scopes
+    // are worth flagging as they follow internal naming patterns
+    return {
+      risk: true,
+      warning: `Scoped package '${packageName}' follows an internal naming pattern (@${scope}/...). Ensure the scope is authentic and the package is not a dependency confusion attack targeting an internal package.`
+    };
+  }
+
+  // Check for internal-looking prefixes
+  const lowerName = packageName.toLowerCase();
+  for (const prefix of INTERNAL_PREFIXES) {
+    if (lowerName.startsWith(prefix)) {
+      const baseName = lowerName.slice(prefix.length);
+      if (baseName.length > 0) {
+        return {
+          risk: true,
+          warning: `Package '${packageName}' uses the '${prefix}' prefix which suggests an internal/private package. If this is intended to be a public package, it may be a dependency confusion attack targeting the internal '${baseName}' package.`
+        };
+      }
+    }
+  }
+
+  return { risk: false, warning: null };
+}

package/src/utils.js

@@ -1,8 +1,10 @@
 import { execFileSync } from "child_process";
+import { createHash } from "crypto";
 import { readFileSync, existsSync } from "fs";
 import { dirname, join, extname, basename } from "path";
 import { fileURLToPath } from "url";
 import { FIX_TEMPLATES } from './fix-patterns.js';
+import { getDaemonClient, shutdownDaemon } from './daemon-client.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -12,6 +14,16 @@ try {
   __dirname = process.cwd();
 }
 
+// Read version from package.json at module load time
+const _packageVersion = (() => {
+  try {
+    const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
+    return pkg.version || '0.0.0';
+  } catch {
+    return '0.0.0';
+  }
+})();
+
 // Detect language from file extension
 export function detectLanguage(filePath) {
   // Check basename first for extensionless files like Dockerfile
@@ -35,11 +47,43 @@ export function detectLanguage(filePath) {
   return langMap[ext] || 'generic';
 }
 
+// Detect which analysis engine is available
+export function detectEngineMode() {
+  try {
+    execFileSync('python3', ['-c', 'import tree_sitter; print("ast")'], {
+      encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe']
+    });
+    return 'ast';
+  } catch {
+    try {
+      execFileSync('python3', ['--version'], {
+        encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe']
+      });
+      return 'regex';
+    } catch {
+      return 'regex-only';
+    }
+  }
+}
+
+// Cached engine mode (detected once per process)
+let _cachedEngineMode = null;
+export function getEngineMode() {
+  if (_cachedEngineMode === null) {
+    _cachedEngineMode = detectEngineMode();
+  }
+  return _cachedEngineMode;
+}
+
 // Run the Python analyzer
-export function runAnalyzer(filePath) {
+export function runAnalyzer(filePath, engine = 'auto') {
   try {
     const analyzerPath = join(__dirname, '..', 'analyzer.py');
-    const result = execFileSync('python3', [analyzerPath, filePath], {
+    const args = [analyzerPath, filePath];
+    if (engine !== 'auto') {
+      args.push('--engine', engine);
+    }
+    const result = execFileSync('python3', args, {
       encoding: 'utf-8',
       timeout: 30000
     });
@@ -49,17 +93,111 @@ export function runAnalyzer(filePath) {
   }
 }
 
+// Async analyzer — tries daemon first, falls back to sync execFileSync
+export async function runAnalyzerAsync(filePath, engine = 'auto') {
+  try {
+    const client = getDaemonClient();
+    if (client.isAvailable) {
+      return await client.analyze(filePath, engine);
+    }
+  } catch {
+    // Daemon failed — fall through to sync
+  }
+  return runAnalyzer(filePath, engine);
+}
+
+// Async cross-file analyzer — tries daemon first, falls back to sync
+export async function runCrossFileAnalyzerAsync(filePaths) {
+  try {
+    const client = getDaemonClient();
+    if (client.isAvailable) {
+      const result = await client.crossFileAnalyze(filePaths);
+      return Array.isArray(result)
+        ? result.filter(f => f.ruleId === 'cross-file-taint-warning')
+        : [];
+    }
+  } catch {
+    // Daemon failed — fall through to sync
+  }
+  return runCrossFileAnalyzer(filePaths);
+}
+
+export { shutdownDaemon };
+
+// Patterns that indicate an unsafe fix (user input still concatenated into dangerous sinks)
+const UNSAFE_FIX_PATTERNS = [
+  // execFile/exec with string concatenation of user input
+  /\bexecFile\s*\(\s*["'][^"']*["']\s*\+\s*\w+/,
+  /\bexecFile\s*\(\s*`[^`]*\$\{/,
+  // spawn/exec with shell: true still present alongside user input
+  /\bspawn\s*\(.*shell\s*:\s*true/,
+  // subprocess.run with shell=True still present
+  /subprocess\.\w+\(.*shell\s*=\s*True/,
+  // os.system still in a "fix"
+  /\bos\.system\s*\(/,
+];
+
+// Validate that a fix produces syntactically reasonable and safe output
+export function validateFix(original, fixed) {
+  if (!fixed || fixed === original) return false;
+
+  // Strip escaped quotes for bracket/quote counting
+  const unescaped = fixed.replace(/\\["'`]/g, '');
+
+  // Check balanced quotes (single pass)
+  const singleQ = (unescaped.match(/'/g) || []).length;
+  const doubleQ = (unescaped.match(/"/g) || []).length;
+  const backtickQ = (unescaped.match(/`/g) || []).length;
+  if (singleQ % 2 !== 0 || doubleQ % 2 !== 0 || backtickQ % 2 !== 0) return false;
+
+  // Check balanced brackets
+  const brackets = { '(': 0, '[': 0, '{': 0 };
+  const closers = { ')': '(', ']': '[', '}': '{' };
+  for (const char of unescaped) {
+    if (brackets[char] !== undefined) brackets[char]++;
+    if (closers[char]) {
+      brackets[closers[char]]--;
+      if (brackets[closers[char]] < 0) return false;
+    }
+  }
+  if (Object.values(brackets).some(v => v !== 0)) return false;
+
+  // Reject fixes that still contain unsafe patterns
+  for (const pattern of UNSAFE_FIX_PATTERNS) {
+    if (pattern.test(fixed)) return false;
+  }
+
+  return true;
+}
+
 // Generate fix suggestion for an issue
 export function generateFix(issue, line, language) {
   const ruleId = issue.ruleId.toLowerCase();
 
   for (const [pattern, template] of Object.entries(FIX_TEMPLATES)) {
     if (ruleId.includes(pattern)) {
-      return {
-        description: template.description,
-        original: line,
-        fixed: template.fix(line, language)
-      };
+      try {
+        const fixed = template.fix(line, language);
+        // Validate the fix produces reasonable output
+        if (fixed && !validateFix(line, fixed)) {
+          return {
+            description: template.description + " (manual fix required)",
+            original: line,
+            fixed: null
+          };
+        }
+        return {
+          description: template.description,
+          original: line,
+          fixed: fixed
+        };
+      } catch {
+        return {
+          description: template.description + " (manual fix required)",
+          original: line,
+          fixed: null
+        };
+      }
     }
   }
 
@@ -70,6 +208,26 @@ export function generateFix(issue, line, language) {
   };
 }
 
+// Run cross-file taint analysis
+export function runCrossFileAnalyzer(filePaths) {
+  try {
+    const analyzerPath = join(__dirname, '..', 'cross_file_analyzer.py');
+    if (!existsSync(analyzerPath)) return [];
+    const result = execFileSync('python3', [analyzerPath, ...filePaths], {
+      encoding: 'utf-8',
+      timeout: 120000,
+      maxBuffer: 10 * 1024 * 1024
+    });
+    const parsed = JSON.parse(result);
+    // Return only cross-file warnings (per-file findings are handled by scanSecurity)
+    return Array.isArray(parsed)
+      ? parsed.filter(f => f.ruleId === 'cross-file-taint-warning')
+      : [];
+  } catch {
+    return [];
+  }
+}
+
 // Convert issues to SARIF 2.1.0 format
 export function toSarif(file_path, language, issues) {
   const severityToLevel = {
@@ -113,6 +271,55 @@ export function toSarif(file_path, language, issues) {
       }]
     };
 
+    // Add partial fingerprints for cross-run deduplication
+    if (issue.line_content) {
+      result.partialFingerprints = {
+        primaryLocationLineHash: createHash('sha256')
+          .update(issue.line_content)
+          .digest('hex')
+      };
+    }
+
+    // Add code flows for taint analysis findings
+    if (issue.taint_source && issue.taint_sink) {
+      result.codeFlows = [{
+        threadFlows: [{
+          locations: [
+            {
+              location: {
+                physicalLocation: {
+                  artifactLocation: { uri: file_path },
+                  region: { startLine: issue.taint_source.line || 1 }
+                },
+                message: { text: issue.taint_source.label || 'Source' }
+              }
+            },
+            {
+              location: {
+                physicalLocation: {
+                  artifactLocation: { uri: file_path },
+                  region: { startLine: issue.taint_sink.line || 1 }
+                },
+                message: { text: issue.taint_sink.label || 'Sink' }
+              }
+            }
+          ]
+        }]
+      }];
+    }
+
+    // Add related locations if present
+    if (issue.related_file) {
+      result.relatedLocations = [{
+        id: 0,
+        physicalLocation: {
+          artifactLocation: { uri: issue.related_file },
+          region: { startLine: issue.related_line || 1 }
+        },
+        message: { text: issue.related_message || 'Related location' }
+      }];
+    }
+
     // Add fix if available
     if (issue.suggested_fix && issue.suggested_fix.fixed) {
       result.fixes = [{
@@ -142,7 +349,7 @@ export function toSarif(file_path, language, issues) {
       tool: {
         driver: {
           name: 'agent-security-scanner-mcp',
-          version: '3.1.0',
+          version: _packageVersion,
           informationUri: 'https://github.com/sinewaveai/agent-security-scanner-mcp',
           rules: Array.from(rulesMap.values())
         }