ai-warden 0.1.0 → 0.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-warden",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "AI security scanner - Detect prompt injection attacks before they reach production",
   "main": "src/scanner.js",
   "bin": {

package/src/logAnalyzer.js

@@ -0,0 +1,201 @@
+/**
+ * Log Content Analyzer
+ * Scans content of logging statements (console.log, System.debug, etc.)
+ * to detect social engineering and prompt injection attempts
+ */
+
+// Safe patterns in logs (variable interpolation, status messages)
+const SAFE_LOG_PATTERNS = [
+  /\$\{[^}]+\}/g,  // Variable interpolation ${...}
+  /port\s+\d+/i,
+  /server (starting|running|listening|started)/i,
+  /status:\s*(ok|success|error|failed)/i,
+  /\b(info|debug|warning|error):/i,
+  /received request/i,
+  /processing/i,
+  /completed in \d+ms/i,
+];
+
+// Dangerous patterns in log content
+const DANGEROUS_LOG_PATTERNS = [
+  {
+    pattern: /\b(you|developer|engineer)\s+(should|must|need to|have to)\s+(run|execute|fix|access|send)/i,
+    severity: 'CRITICAL',
+    name: 'Social Engineering in Logs',
+    score: 150
+  },
+  {
+    pattern: /\b(run|execute)\s+(this|the following|command):/i,
+    severity: 'CRITICAL',
+    name: 'Command Instruction in Logs',
+    score: 150
+  },
+  {
+    pattern: /\b(curl|wget|nc|netcat|bash|sh|python|node)\s+[^\s]/i,
+    severity: 'HIGH',
+    name: 'Shell Command in Logs',
+    score: 100
+  },
+  {
+    pattern: /\b(send|post|upload)\s+(to|data|file|password|secret)/i,
+    severity: 'HIGH',
+    name: 'Data Exfiltration Pattern in Logs',
+    score: 100
+  },
+  {
+    pattern: /\b(access|read|open)\s+(file|password|secret|token|key)/i,
+    severity: 'HIGH',
+    name: 'Sensitive Access Pattern in Logs',
+    score: 100
+  },
+  {
+    pattern: /\bignore (previous|above|prior)\s+(instructions|prompts|context)/i,
+    severity: 'CRITICAL',
+    name: 'Prompt Override in Logs',
+    score: 200
+  },
+  {
+    pattern: /\byou are (now|actually)\s+a\s+/i,
+    severity: 'CRITICAL',
+    name: 'Role Manipulation in Logs',
+    score: 200
+  },
+  {
+    pattern: /\b(reveal|show|display|print)\s+(system prompt|instructions|context)/i,
+    severity: 'CRITICAL',
+    name: 'System Prompt Leak in Logs',
+    score: 200
+  }
+];
+
+// Common logging functions across languages
+const LOG_FUNCTION_PATTERNS = [
+  // JavaScript/Node.js
+  /console\.(log|info|debug|warn|error|trace)\s*\(/,
+  
+  // Python
+  /print\s*\(/,
+  /logging\.(debug|info|warning|error|critical)\s*\(/,
+  
+  // Java
+  /System\.out\.(print|println)\s*\(/,
+  /logger\.(debug|info|warn|error)\s*\(/,
+  /log\.(debug|info|warn|error)\s*\(/,
+  
+  // Salesforce (Apex)
+  /System\.debug\s*\(/,
+  
+  // C#
+  /Console\.(Write|WriteLine)\s*\(/,
+  /Debug\.(Log|LogWarning|LogError)\s*\(/,
+  
+  // Ruby
+  /puts\s+/,
+  /logger\.(debug|info|warn|error)\s+/,
+  
+  // Go
+  /fmt\.(Print|Println|Printf)\s*\(/,
+  /log\.(Print|Println|Printf|Fatal)\s*\(/,
+  
+  // PHP
+  /echo\s+/,
+  /error_log\s*\(/,
+];
+
+/**
+ * Extract log content from code
+ * Returns array of {statement, content}
+ */
+function extractLogStatements(code) {
+  const statements = [];
+  
+  // More robust extraction - find logging calls and extract their arguments
+  const logCallRegex = /(console\.(log|info|debug|warn|error)|System\.debug|print|puts|echo)\s*\(\s*([^)]+)\s*\)/gi;
+  
+  let match;
+  while ((match = logCallRegex.exec(code)) !== null) {
+    const fullStatement = match[0];
+    const content = match[3] || ''; // The argument content
+    
+    statements.push({
+      statement: fullStatement,
+      content: cleanLogContent(content),
+      position: match.index
+    });
+  }
+  
+  return statements;
+}
+
+/**
+ * Clean log content (remove quotes, backticks, concatenation)
+ */
+function cleanLogContent(content) {
+  return content
+    .replace(/^['"`\s]+|['"`\s]+$/g, '') // Remove quotes/backticks
+    .replace(/\s*\+\s*/g, ' ') // Remove concatenation
+    .replace(/\$\{[^}]+\}/g, '${VAR}') // Normalize variable interpolation
+    .trim();
+}
+
+/**
+ * Analyze log statement content
+ */
+function analyzeLogContent(logStatement) {
+  const { content, statement, position } = logStatement;
+  const findings = [];
+  
+  // If content is very short or empty, skip
+  if (content.length < 10) {
+    return findings;
+  }
+  
+  // Check if content looks safe (common status messages)
+  const hasSafePattern = SAFE_LOG_PATTERNS.some(pattern => pattern.test(content));
+  const hasVariableInterpolation = /\$\{VAR\}/.test(content);
+  
+  // If it's clearly a safe log, don't scan further
+  if (hasSafePattern && !hasVariableInterpolation) {
+    return findings;
+  }
+  
+  // Check for dangerous patterns in log content
+  DANGEROUS_LOG_PATTERNS.forEach(({ pattern, severity, name, score }) => {
+    if (pattern.test(content)) {
+      findings.push({
+        id: 'L001',
+        name,
+        severity,
+        score,
+        match: statement.substring(0, 100),
+        description: `Suspicious content detected in logging statement: "${content.substring(0, 50)}..."`,
+        position
+      });
+    }
+  });
+  
+  return findings;
+}
+
+/**
+ * Main function: Analyze all log statements in code
+ */
+function scanLogStatements(code) {
+  const logStatements = extractLogStatements(code);
+  const allFindings = [];
+  
+  logStatements.forEach(logStatement => {
+    const findings = analyzeLogContent(logStatement);
+    allFindings.push(...findings);
+  });
+  
+  return allFindings;
+}
+
+module.exports = {
+  scanLogStatements,
+  extractLogStatements,
+  analyzeLogContent,
+  DANGEROUS_LOG_PATTERNS,
+  LOG_FUNCTION_PATTERNS
+};

package/src/patterns.js

@@ -96,7 +96,8 @@ const PATTERNS = {
     score: 100,
     patterns: [
       /(exec|system|spawn|eval)\s*\([^)]*\$/gi,
-      /`.*\$\{.*\}.*`/g,
+      // Backticks handled by logAnalyzer.js for context-aware detection
+      // /`.*\$\{.*\}.*`/g,
       /\$\(.*\)/g,
       /;\s*rm\s+-rf/gi,
       /;\s*(curl|wget|nc|netcat)/gi,

package/src/scanner.js

@@ -13,6 +13,7 @@ const path = require('path');
 // Import patterns and heuristics
 const patterns = require('./patterns');
 const heuristics = require('./heuristics');
+const logAnalyzer = require('./logAnalyzer');
 
 class PromptInjectionScanner {
   constructor(options = {}) {
@@ -38,6 +39,9 @@ class PromptInjectionScanner {
     // Pattern matching
     findings.push(...patterns.scanPatterns(content));
 
+    // Log statement analysis (context-aware)
+    findings.push(...logAnalyzer.scanLogStatements(content));
+
     // Heuristic checks
     findings.push(...heuristics.checkSuspiciousUnicode(content));
     findings.push(...heuristics.checkEncodedContent(content));