agent-security-scanner-mcp 3.8.0 → 3.10.0

package/src/utils.js

@@ -5,6 +5,7 @@ import { dirname, join, extname, basename } from "path";
 import { fileURLToPath } from "url";
 import { FIX_TEMPLATES } from './fix-patterns.js';
 import { getDaemonClient, shutdownDaemon } from './daemon-client.js';
+export { isTestFile } from './context.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -358,3 +359,60 @@ export function toSarif(file_path, language, issues) {
     }]
   };
 }
+
+/**
+ * Extract import/require statements from source code.
+ * Returns deduplicated array of module specifiers.
+ */
+export function extractImports(code, language) {
+  const imports = new Set();
+
+  switch (language) {
+    case 'javascript':
+    case 'typescript': {
+      // ES imports: import X from 'Y', import { X } from 'Y', import 'Y'
+      const esImports = code.matchAll(/import\s+(?:type\s+)?(?:[\s\S]*?\s+from\s+)?['"]([^'"]+)['"]/g);
+      for (const m of esImports) imports.add(m[1]);
+      // require(): const X = require('Y')
+      const requires = code.matchAll(/require\s*\(\s*['"]([^'"]+)['"]\s*\)/g);
+      for (const m of requires) imports.add(m[1]);
+      break;
+    }
+    case 'python': {
+      // import X, from X import Y
+      const pyImports = code.matchAll(/^\s*import\s+(\S+)/gm);
+      for (const m of pyImports) imports.add(m[1].split('.')[0]);
+      const pyFroms = code.matchAll(/^\s*from\s+(\S+)\s+import/gm);
+      for (const m of pyFroms) imports.add(m[1].split('.')[0]);
+      break;
+    }
+    case 'go': {
+      // Single import: import "X"
+      const goSingle = code.matchAll(/^\s*import\s+"([^"]+)"/gm);
+      for (const m of goSingle) imports.add(m[1]);
+      // Multi import block: import ( "X" )
+      const goBlocks = code.matchAll(/import\s*\(\s*([\s\S]*?)\)/g);
+      for (const block of goBlocks) {
+        const entries = block[1].matchAll(/["']([^"']+)["']/g);
+        for (const e of entries) imports.add(e[1]);
+      }
+      break;
+    }
+    case 'ruby': {
+      // require 'X', require_relative 'X', gem 'X'
+      const rubyReqs = code.matchAll(/(?:require(?:_relative)?|gem)\s+['"]([^'"]+)['"]/g);
+      for (const m of rubyReqs) imports.add(m[1]);
+      break;
+    }
+    case 'java': {
+      // import X.Y.Z; import static X.Y.Z;
+      const javaImports = code.matchAll(/^\s*import\s+(?:static\s+)?([^;]+);/gm);
+      for (const m of javaImports) imports.add(m[1].trim());
+      break;
+    }
+    default:
+      break;
+  }
+
+  return [...imports];
+}

package/src/tools/garak-bridge.js

@@ -1,209 +0,0 @@
-// src/tools/garak-bridge.js
-// Bridge to NVIDIA Garak LLM vulnerability scanner for deep prompt injection analysis
-// Garak is optional — if not installed, this module returns empty results gracefully
-
-import { execFileSync } from 'child_process';
-import { writeFileSync, readFileSync, unlinkSync, existsSync } from 'fs';
-import { join } from 'path';
-import { tmpdir } from 'os';
-import { randomUUID } from 'crypto';
-
-// Check if Garak is installed
-let garakAvailable = null; // null = not yet checked
-
-function isGarakInstalled() {
-  if (garakAvailable !== null) return garakAvailable;
-  try {
-    execFileSync('python3', ['-c', 'import garak; print(garak.__version__)'], {
-      timeout: 10000,
-      stdio: ['pipe', 'pipe', 'pipe']
-    });
-    garakAvailable = true;
-  } catch {
-    try {
-      execFileSync('python', ['-c', 'import garak; print(garak.__version__)'], {
-        timeout: 10000,
-        stdio: ['pipe', 'pipe', 'pipe']
-      });
-      garakAvailable = true;
-    } catch {
-      garakAvailable = false;
-    }
-  }
-  return garakAvailable;
-}
-
-// Python script that runs Garak probes against a prompt
-const GARAK_RUNNER_SCRIPT = `
-import sys
-import json
-import tempfile
-
-def run_garak_analysis(prompt_text):
-    """Run targeted Garak probes and return structured findings."""
-    findings = []
-
-    try:
-        from garak.probes.encoding import InjectBase64, InjectBase16, InjectROT13, InjectHex
-        from garak.probes.promptinject import HijackHateHumans, HijackKillHumans
-        from garak.detectors.base import TriggerListDetector
-
-        # Check if prompt text contains patterns that Garak's encoding probes would flag
-        # We run Garak's detector logic directly against the prompt content
-
-        import base64
-        import codecs
-
-        # Test common encoding schemes on the prompt
-        encodings_to_test = {
-            'base64': lambda t: base64.b64decode(t).decode('utf-8', errors='ignore'),
-            'base16': lambda t: bytes.fromhex(t).decode('utf-8', errors='ignore'),
-            'rot13': lambda t: codecs.decode(t, 'rot_13'),
-        }
-
-        # Known trigger phrases (subset from Garak's trigger lists)
-        triggers = [
-            'ignore previous instructions',
-            'ignore all instructions',
-            'disregard your instructions',
-            'you are now DAN',
-            'override safety',
-            'system prompt',
-            'delete all',
-            'send to',
-            'rm -rf',
-            'reverse shell',
-            'backdoor',
-        ]
-
-        for enc_name, decoder in encodings_to_test.items():
-            try:
-                decoded = decoder(prompt_text)
-                decoded_lower = decoded.lower()
-                for trigger in triggers:
-                    if trigger in decoded_lower:
-                        findings.append({
-                            'rule_id': f'garak.encoding.{enc_name}.{trigger.replace(" ", "-")}',
-                            'category': 'prompt-injection-encoded',
-                            'severity': 'ERROR',
-                            'message': f'Garak deep scan: {enc_name}-encoded payload contains trigger phrase "{trigger}"',
-                            'matched_text': decoded[:100],
-                            'confidence': 'HIGH',
-                            'risk_score': '85',
-                            'action': 'BLOCK'
-                        })
-            except Exception:
-                pass
-
-        # Check for Garak-style latent injection patterns
-        latent_patterns = [
-            ('resume_injection', r'(?i)(ignore|disregard|override).{0,50}(instructions|safety|rules)'),
-            ('document_injection', r'(?i)(SYSTEM|ADMIN|ROOT)\\s*:\\s*(override|execute|ignore)'),
-            ('translation_injection', r'(?i)(translate|convert).{0,30}(ignore|override|execute)'),
-        ]
-
-        import re
-        for pattern_name, pattern in latent_patterns:
-            try:
-                match = re.search(pattern, prompt_text, re.IGNORECASE)
-                if match:
-                    findings.append({
-                        'rule_id': f'garak.latentinjection.{pattern_name}',
-                        'category': 'prompt-injection-content',
-                        'severity': 'WARNING',
-                        'message': f'Garak deep scan: latent injection pattern "{pattern_name}" detected',
-                        'matched_text': match.group(0)[:100],
-                        'confidence': 'MEDIUM',
-                        'risk_score': '70',
-                        'action': 'WARN'
-                    })
-            except Exception:
-                pass
-
-    except ImportError:
-        findings.append({
-            'rule_id': 'garak.unavailable',
-            'category': 'unknown',
-            'severity': 'INFO',
-            'message': 'Garak package not fully installed. Install with: pip install garak',
-            'matched_text': 'garak import failed',
-            'confidence': 'HIGH',
-            'risk_score': '0',
-            'action': 'LOG'
-        })
-    except Exception as e:
-        findings.append({
-            'rule_id': 'garak.error',
-            'category': 'unknown',
-            'severity': 'INFO',
-            'message': f'Garak analysis error: {str(e)[:200]}',
-            'matched_text': str(e)[:100],
-            'confidence': 'LOW',
-            'risk_score': '0',
-            'action': 'LOG'
-        })
-
-    return findings
-
-if __name__ == '__main__':
-    input_file = sys.argv[1]
-    with open(input_file, 'r') as f:
-        prompt_text = f.read()
-
-    results = run_garak_analysis(prompt_text)
-    print(json.dumps(results))
-`;
-
-/**
- * Run Garak deep analysis probes against a prompt
- * @param {string} promptText - The prompt text to analyze
- * @returns {Array} Array of finding objects compatible with scan-prompt.js findings format
- */
-export function runGarakProbes(promptText) {
-  if (!isGarakInstalled()) {
-    return [{
-      rule_id: 'garak.not-installed',
-      category: 'unknown',
-      severity: 'INFO',
-      message: 'Garak not installed. Install with: pip install garak',
-      matched_text: 'garak not found',
-      confidence: 'HIGH',
-      risk_score: '0',
-      action: 'LOG'
-    }];
-  }
-
-  const tmpId = randomUUID();
-  const inputFile = join(tmpdir(), `garak-input-${tmpId}.txt`);
-  const scriptFile = join(tmpdir(), `garak-runner-${tmpId}.py`);
-
-  try {
-    writeFileSync(inputFile, promptText);
-    writeFileSync(scriptFile, GARAK_RUNNER_SCRIPT);
-
-    const pythonCmd = process.platform === 'win32' ? 'python' : 'python3';
-    const output = execFileSync(pythonCmd, [scriptFile, inputFile], {
-      timeout: 30000,
-      encoding: 'utf-8',
-      stdio: ['pipe', 'pipe', 'pipe']
-    });
-
-    return JSON.parse(output.trim());
-  } catch (error) {
-    return [{
-      rule_id: 'garak.execution-error',
-      category: 'unknown',
-      severity: 'INFO',
-      message: `Garak execution failed: ${error.message?.substring(0, 200)}`,
-      matched_text: 'garak error',
-      confidence: 'LOW',
-      risk_score: '0',
-      action: 'LOG'
-    }];
-  } finally {
-    try { if (existsSync(inputFile)) unlinkSync(inputFile); } catch {}
-    try { if (existsSync(scriptFile)) unlinkSync(scriptFile); } catch {}
-  }
-}
-
-export { isGarakInstalled };