brainblast 0.4.2 → 0.4.3

package/README.md

@@ -99,7 +99,8 @@ the applied changes.
 | Rule | What's wrong | Consequence |
 |------|--------------|-------------|
 | `env-secrets-committed` | A `.env*` file (not `.env.example`/`.sample`/`.template`) is tracked by git and contains a secret-shaped key (`SECRET`, `*_PRIVATE_KEY`, `*_API_KEY`, `*_TOKEN`, `*_PASSWORD`, etc.) with a real-looking (non-placeholder) value | Anyone with read access to the repo — including forks of a public repo — can read the live credential |
-| `env-secret-leaked-to-sink` | A secret-shaped `process.env.X` value (directly, via a local variable, or one hop through a same-file helper) is passed to `console.log`/`res.json`/`res.send`/etc. | Credentials end up in logs, error trackers, or API responses — readable by anyone with log/response access |
+| `env-secret-leaked-to-sink` | A secret-shaped `process.env.X` value flows — directly, via a local variable, forward through helper functions (same-file or imported from another file), or backward into a function that's called elsewhere in the project with a tainted argument — into `console.log`/`res.json`/`res.send`/etc., up to 2 hops across the whole project | Credentials end up in logs, error trackers, or API responses — readable by anyone with log/response access |
+| `request-input-command-injection` | Untrusted `req.body`/`req.query`/`req.params`/`req.headers` data flows — directly or across files — into `exec`/`execSync`/`spawn`/`spawnSync`/`execFile`/`execFileSync` | A malicious request can run arbitrary shell commands on the server |
 
 Each finding lands in `.agent-research/report.json` (stable `schemaVersion: "1.0"`)
 with a `checks[]` array a CI gate can read. Each confirmed FAIL ships a
@@ -183,7 +184,7 @@ All types are exported: `Rule`, `CheckResult`, `CostReport`, `AccountFlow`,
 
 ```sh
 npm install
-npm test         # unit suite (173 tests)
+npm test         # unit suite (180 tests)
 npm run prove    # end-to-end: generated tests RED on vulnerable, GREEN on fixed
 npm run build    # produce dist/ (the published artifact)
 ```

package/dist/{chunk-Q72MTJXQ.js → chunk-XQUQOBXZ.js}

@@ -487,7 +487,7 @@ var envSecretsCommitted = (c, p) => {
   return { result: "pass", detail: p.passDetail ?? "No committed secret-looking values found." };
 };
 
-// src/checkers/envTaintToSink.ts
+// src/checkers/taintToSink.ts
 import { SyntaxKind as SyntaxKind7 } from "ts-morph";
 function calleeName(call) {
   const exp = call.getExpression();
@@ -497,59 +497,65 @@ function calleeName(call) {
   }
   return "";
 }
-function envVarIn(text) {
-  const m = text.match(/process\.env\.([A-Za-z0-9_]+)/);
-  return m?.[1];
+function calleeIdentifierName(call) {
+  const exp = call.getExpression();
+  return exp.getKind() === SyntaxKind7.Identifier ? exp.getText() : void 0;
 }
 function wordIn(text, name) {
   return new RegExp(`\\b${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`).test(text);
 }
-function findDirectLeak(fn, sinkCalls, secretKeyRe, taintedNames) {
+function matchesSource(text, sourceRes) {
+  return sourceRes.some((re) => re.test(text));
+}
+function localTaintedNames(fn, sourceRes) {
+  const names = /* @__PURE__ */ new Set();
+  for (const decl of fn.getDescendantsOfKind(SyntaxKind7.VariableDeclaration)) {
+    const init = decl.getInitializer();
+    if (init && matchesSource(init.getText(), sourceRes)) names.add(decl.getName());
+  }
+  return names;
+}
+function findDirectLeak(fn, sinkCalls, sourceRes, taintedNames) {
   for (const call of fn.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
     const name = calleeName(call);
     if (!sinkCalls.has(name)) continue;
     for (const arg of call.getArguments()) {
       const text = arg.getText();
-      const envVar = envVarIn(text);
-      if (envVar && secretKeyRe.test(envVar)) {
-        return `process.env.${envVar} is passed directly to ${name}(...) \u2014 secret values must not be logged or returned to clients.`;
+      if (matchesSource(text, sourceRes)) {
+        return `'${text}' is passed directly to ${name}(...) \u2014 tainted values must not reach this sink.`;
       }
       for (const tv of taintedNames) {
         if (wordIn(text, tv)) {
-          return `'${tv}' (holding a secret-shaped process.env value) is passed to ${name}(...) \u2014 secret values must not be logged or returned to clients.`;
+          return `'${tv}' (a tainted value) is passed to ${name}(...) \u2014 tainted values must not reach this sink.`;
         }
       }
     }
   }
   return void 0;
 }
-var envTaintToSink = (c, p) => {
-  const sinkCalls = new Set(p.sinkCalls ?? []);
-  const secretKeyRe = new RegExp(p.secretKeyPattern, "i");
-  const fn = c.fn;
-  const taintedNames = /* @__PURE__ */ new Set();
-  for (const decl of fn.getDescendantsOfKind(SyntaxKind7.VariableDeclaration)) {
-    const init = decl.getInitializer();
-    if (!init) continue;
-    const envVar = envVarIn(init.getText());
-    if (envVar && secretKeyRe.test(envVar)) {
-      taintedNames.add(decl.getName());
-    }
+function resolveFunction(sourceFile, name) {
+  const local = sourceFile.getFunction(name);
+  if (local) return { fn: local, sf: sourceFile };
+  for (const imp of sourceFile.getImportDeclarations()) {
+    const named2 = imp.getNamedImports().find((ni) => (ni.getAliasNode()?.getText() ?? ni.getName()) === name);
+    if (!named2) continue;
+    const targetSf = imp.getModuleSpecifierSourceFile();
+    if (!targetSf) continue;
+    const targetFn = targetSf.getFunction(named2.getName());
+    if (targetFn) return { fn: targetFn, sf: targetSf };
   }
-  const direct = findDirectLeak(fn, sinkCalls, secretKeyRe, taintedNames);
-  if (direct) return { result: "fail", detail: direct };
-  const sourceFile = fn.getSourceFile();
+  return void 0;
+}
+function findForwardLeak(fn, rootName, sinkCalls, sourceRes, taintedNames, hopsLeft, visited) {
+  if (hopsLeft <= 0) return void 0;
   for (const call of fn.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
-    const calleeExp = call.getExpression();
-    if (calleeExp.getKind() !== SyntaxKind7.Identifier) continue;
-    const calleeFnName = calleeExp.getText();
-    if (calleeFnName === (c.fnName ?? "")) continue;
+    const name = calleeIdentifierName(call);
+    if (!name || name === rootName) continue;
     const args = call.getArguments();
     const taintedArgIndices = [];
     args.forEach((arg, i) => {
       const text = arg.getText();
-      const envVar = envVarIn(text);
-      if (envVar && secretKeyRe.test(envVar)) {
+      if (matchesSource(text, sourceRes)) {
         taintedArgIndices.push(i);
         return;
       }
@@ -561,20 +567,99 @@ var envTaintToSink = (c, p) => {
       }
     });
     if (taintedArgIndices.length === 0) continue;
-    const calleeFn = sourceFile.getFunction(calleeFnName);
-    if (!calleeFn) continue;
-    const params = calleeFn.getParameters().map((pr) => pr.getName());
-    const calleeTainted = new Set(taintedArgIndices.map((i) => params[i]).filter((x) => !!x));
+    const resolved = resolveFunction(fn.getSourceFile(), name);
+    if (!resolved) continue;
+    const key = `${resolved.sf.getFilePath()}::${name}`;
+    if (visited.has(key)) continue;
+    visited.add(key);
+    const params = resolved.fn.getParameters().map((pr) => pr.getName());
+    const calleeTainted = new Set(
+      taintedArgIndices.map((i) => params[i]).filter((x) => !!x)
+    );
     if (calleeTainted.size === 0) continue;
-    const hop = findDirectLeak(calleeFn, sinkCalls, secretKeyRe, calleeTainted);
-    if (hop) {
-      return {
-        result: "fail",
-        detail: `A secret-shaped process.env value flows into '${calleeFnName}(...)' (called from '${c.fnName}'), where ${hop}`
-      };
+    const direct = findDirectLeak(resolved.fn, sinkCalls, sourceRes, calleeTainted);
+    if (direct) {
+      const where = resolved.sf === fn.getSourceFile() ? "" : ` (in ${resolved.sf.getFilePath()})`;
+      return `A tainted value flows into '${name}(...)'${where}, where ${direct}`;
+    }
+    const deeper = findForwardLeak(resolved.fn, rootName, sinkCalls, sourceRes, calleeTainted, hopsLeft - 1, visited);
+    if (deeper) return `via '${name}(...)': ${deeper}`;
+  }
+  return void 0;
+}
+function paramsUsedInSink(fn, sinkCalls) {
+  const params = new Set(fn.getParameters().map((p) => p.getName()));
+  const sinked = /* @__PURE__ */ new Set();
+  for (const call of fn.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
+    if (!sinkCalls.has(calleeName(call))) continue;
+    for (const arg of call.getArguments()) {
+      const text = arg.getText();
+      for (const p of params) {
+        if (wordIn(text, p)) sinked.add(p);
+      }
     }
   }
-  return { result: "pass", detail: "No secret-shaped process.env value flows to a logging/response sink." };
+  return sinked;
+}
+function enclosingFunction(node) {
+  return node.getFirstAncestor(
+    (a) => a.getKind() === SyntaxKind7.FunctionDeclaration || a.getKind() === SyntaxKind7.ArrowFunction
+  );
+}
+function findBackwardLeak(candidateFn, fnName, candidateFile, params, sinkedParams, sourceRes) {
+  const project = candidateFn.getProject();
+  for (const sf of project.getSourceFiles()) {
+    for (const call of sf.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
+      if (calleeIdentifierName(call) !== fnName) continue;
+      if (call.getFirstAncestor((a) => a === candidateFn)) continue;
+      const args = call.getArguments();
+      for (const pname of sinkedParams) {
+        const idx = params.indexOf(pname);
+        const arg = args[idx];
+        if (!arg) continue;
+        const text = arg.getText();
+        if (matchesSource(text, sourceRes)) {
+          return `'${fnName}' is called from ${sf.getFilePath()}:${call.getStartLineNumber()} with '${text}' as '${pname}', which this function passes to a sink.`;
+        }
+        if (arg.getKind() === SyntaxKind7.Identifier) {
+          const callerFn = enclosingFunction(arg);
+          if (callerFn) {
+            const callerTainted = localTaintedNames(callerFn, sourceRes);
+            if (callerTainted.has(text)) {
+              return `'${fnName}' is called from ${sf.getFilePath()}:${call.getStartLineNumber()} with '${text}' (a tainted value) as '${pname}', which this function passes to a sink.`;
+            }
+          }
+        }
+      }
+    }
+  }
+  return void 0;
+}
+var taintToSink = (c, p) => {
+  const sourceRes = p.sources.map((s) => new RegExp(s.pattern));
+  const sinkCalls = new Set(p.sinkCalls ?? []);
+  const maxHops = p.maxHops ?? 2;
+  const fn = c.fn;
+  const taintedNames = localTaintedNames(fn, sourceRes);
+  const direct = findDirectLeak(fn, sinkCalls, sourceRes, taintedNames);
+  if (direct) return { result: "fail", detail: direct };
+  const forward = findForwardLeak(fn, c.fnName, sinkCalls, sourceRes, taintedNames, maxHops, /* @__PURE__ */ new Set([
+    `${fn.getSourceFile().getFilePath()}::${c.fnName}`
+  ]));
+  if (forward) return { result: "fail", detail: forward };
+  const sinkedParams = paramsUsedInSink(fn, sinkCalls);
+  if (sinkedParams.size > 0) {
+    const backward = findBackwardLeak(
+      fn,
+      c.fnName,
+      c.filePath,
+      fn.getParameters().map((pr) => pr.getName()),
+      sinkedParams,
+      sourceRes
+    );
+    if (backward) return { result: "fail", detail: backward };
+  }
+  return { result: "pass", detail: "No tracked source value flows to a sink within the analyzed call graph." };
 };
 
 // src/checkers/index.ts
@@ -586,7 +671,7 @@ var registry = {
   "object-arg-property-literal-equals": objectArgPropertyLiteralEquals,
   "anchor-init-if-needed-guarded": anchorInitIfNeededGuarded,
   "env-secrets-committed": envSecretsCommitted,
-  "env-taint-to-sink": envTaintToSink
+  "taint-to-sink": taintToSink
 };
 function runChecker(kind, c, params) {
   const fn = registry[kind];

package/dist/cli.js

@@ -14,7 +14,7 @@ import {
   renderTrustGraphMd,
   resolveRules,
   startWatch
-} from "./chunk-Q72MTJXQ.js";
+} from "./chunk-XQUQOBXZ.js";
 
 // src/cli.ts
 import { writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";

package/dist/index.js

@@ -37,7 +37,7 @@ import {
   saveProgramCache,
   startWatch,
   testKinds
-} from "./chunk-Q72MTJXQ.js";
+} from "./chunk-XQUQOBXZ.js";
 
 // src/generate.ts
 import { writeFileSync, mkdirSync } from "fs";

package/dist/rules/env-secret-leaked-to-sink.yaml

@@ -25,8 +25,12 @@ detect:
     - end
   requiresImport: false
 check:
-  kind: env-taint-to-sink
+  kind: taint-to-sink
   params:
+    sources:
+      - name: env-secret
+        # Secret-shaped process.env.X reads.
+        pattern: "process\\.env\\.[A-Za-z0-9_]*(SECRET|PRIVATE_KEY|API_KEY|ACCESS_KEY|TOKEN|PASSWORD|CREDENTIAL)[A-Za-z0-9_]*"
     sinkCalls:
       - log
       - error
@@ -37,7 +41,7 @@ check:
       - send
       - write
       - end
-    # Key names that typically hold credentials/secrets.
-    secretKeyPattern: "(SECRET|PRIVATE_KEY|API_KEY|ACCESS_KEY|TOKEN|PASSWORD|CREDENTIAL)"
+    # Same-file or imported-module hops to follow before/after the candidate.
+    maxHops: 2
 test:
   kind: none

package/dist/rules/request-input-command-injection.yaml

@@ -0,0 +1,42 @@
+# Pure-data rule (facts). Binds to vetted templates by `check.kind`/`test.kind`.
+id: request-input-command-injection
+severity: critical
+title: Untrusted request input flows into a shell command
+component:
+  name: Node.js child_process
+  type: API
+  version: unversioned
+  sourceUrl: https://nodejs.org/api/child_process.html
+detect:
+  lang: typescript
+  modules: []
+  # Never matches by name alone — only the triggerCalls (sink calls) below
+  # select candidates.
+  nameRegex: "(?!)"
+  triggerCalls:
+    - exec
+    - execSync
+    - spawn
+    - spawnSync
+    - execFile
+    - execFileSync
+  requiresImport: false
+check:
+  kind: taint-to-sink
+  params:
+    sources:
+      - name: request-input
+        # req.body / req.query / req.params / req.headers (any object named
+        # req/request) — the canonical "untrusted user input" surface for an
+        # HTTP handler.
+        pattern: "\\b(req|request)\\.(body|query|params|headers)\\b"
+    sinkCalls:
+      - exec
+      - execSync
+      - spawn
+      - spawnSync
+      - execFile
+      - execFileSync
+    maxHops: 2
+test:
+  kind: none

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "brainblast",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "type": "module",
   "description": "Deterministic auditor for catastrophic AI-integration bugs: scan a repo, find the silent money/auth traps, and generate the behavioral test that proves they're fixed.",
   "keywords": [