codeprobe-scanner 1.0.16 → 1.0.19

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeprobe-scanner",
-  "version": "1.0.16",
+  "version": "1.0.19",
   "description": "Automated vulnerability scanner with exploit verification and video evidence",
   "type": "module",
   "bin": {

package/src/cli/commands/scan.ts

@@ -78,9 +78,24 @@ function displayReport(report: Report, json: boolean, durationMs: number): void
         `Theoretical Risk: ${report.summary.theoretical_count}`
     )
   );
-  console.log(`Patches Available: ${report.scan.patches_available}`);
+  const patchCount = report.scan.patches_available ?? 0;
+  console.log(chalk.green(`Patches Available: ${patchCount}/${report.summary.total_cves}`));
   console.log(`Duration: ${msToHuman(durationMs)}`);
 
+  // Display SAST findings if available
+  if ((report as any).code_vulnerabilities && (report as any).code_vulnerabilities.length > 0) {
+    const codeVulns = (report as any).code_vulnerabilities;
+    console.log(chalk.bold('\n🔐 Source Code Vulnerabilities:'));
+    codeVulns.forEach((vuln: any) => {
+      const severity = vuln.severity === 'CRITICAL' ? chalk.red(vuln.severity)
+        : vuln.severity === 'HIGH' ? chalk.yellow(vuln.severity)
+        : vuln.severity === 'MEDIUM' ? chalk.cyan(vuln.severity)
+        : chalk.green(vuln.severity);
+      console.log(`  ${severity} ${vuln.type} in ${vuln.file}:${vuln.line}`);
+      console.log(`    ${vuln.description}`);
+    });
+  }
+
   if (report.scan.cves.length > 0) {
     console.log(chalk.bold('\nCVE Details:'));
     report.scan.cves.forEach((cve) => {
@@ -113,6 +128,27 @@ export async function scanCommand(args: string[]): Promise<void> {
     // Run recursive scan to find all package.json files
     const report = await engine.scanRecursive(repoPath);
 
+    // Also scan for source code vulnerabilities (SAST)
+    console.log("\n🔐 Analyzing source code for vulnerabilities...");
+    const codeVulnerabilities = await engine.scanCodeVulnerabilities(repoPath);
+
+    // If --fix flag is set, apply fixes to source code
+    if (options.fix && codeVulnerabilities.length > 0) {
+      const { createCodeFixer } = await import("../../engine/code-fixer.js");
+      const fixer = createCodeFixer();
+      console.log("\n🔧 Applying source code fixes...");
+      const fixes = await fixer.fixVulnerabilities(codeVulnerabilities);
+      console.log(`   Applied ${fixes.length} code fixes`);
+
+      if (fixes.length > 0) {
+        console.log("\n📝 Fixed vulnerabilities:");
+        fixes.forEach((fix) => {
+          console.log(`   - ${fix.file}:${fix.line}`);
+          console.log(`     Type: ${fix.type}`);
+        });
+      }
+    }
+
     const duration = Date.now() - startTime;
 
     // Save report

package/src/cli/config.ts

@@ -10,6 +10,7 @@ interface ConfigData {
   bright_data_api_key?: string;
   daytona_api_key?: string;
   nosana_api_key?: string;
+  kimi_api_key?: string;
   [key: string]: string | undefined;
 }
 
@@ -138,7 +139,7 @@ export async function setConfig(key: string, value: string): Promise<void> {
   const config = await loadConfig();
 
   // Encrypt if it's a token/secret field (specific fields only)
-  const secretFields = ['github_token', 'bright_data_api_key', 'daytona_api_key', 'nosana_api_key'];
+  const secretFields = ['github_token', 'bright_data_api_key', 'daytona_api_key', 'nosana_api_key', 'kimi_api_key'];
   if (secretFields.includes(key.toLowerCase())) {
     config[key] = encryptToken(value);
   } else {
@@ -156,7 +157,7 @@ export async function clearConfig(key: string): Promise<void> {
   console.log(chalk.green(`✓ Config cleared: ${key}`));
 }
 
-export async function getApiKey(service: 'BRIGHT_DATA' | 'DAYTONA' | 'NOSANA'): Promise<string> {
+export async function getApiKey(service: 'BRIGHT_DATA' | 'DAYTONA' | 'NOSANA' | 'KIMI'): Promise<string> {
   const envKey = process.env[`${service}_API_KEY`];
   if (envKey) {
     return envKey;

package/src/engine/code-fixer.ts

@@ -0,0 +1,150 @@
+import { readFile, writeFile } from "fs/promises";
+import { CodeVulnerability } from "./sast";
+
+export interface CodeFix {
+  file: string;
+  line: number;
+  original: string;
+  fixed: string;
+  type: string;
+}
+
+export class CodeFixer {
+  async fixVulnerabilities(vulnerabilities: CodeVulnerability[]): Promise<CodeFix[]> {
+    const fixes: CodeFix[] = [];
+
+    for (const vuln of vulnerabilities) {
+      const fix = await this.generateFix(vuln);
+      if (fix) {
+        fixes.push(fix);
+        await this.applyFix(fix);
+      }
+    }
+
+    return fixes;
+  }
+
+  private async generateFix(vuln: CodeVulnerability): Promise<CodeFix | null> {
+    try {
+      const file = await readFile(vuln.file, "utf-8");
+      const lines = file.split("\n");
+      const lineIndex = vuln.line - 1;
+
+      if (lineIndex < 0 || lineIndex >= lines.length) {
+        return null;
+      }
+
+      const original = lines[lineIndex];
+      let fixed = original;
+
+      // Apply type-specific fixes
+      if (vuln.type === "Hardcoded Secret") {
+        fixed = this.fixHardcodedSecret(original);
+      } else if (vuln.type === "Command Injection") {
+        fixed = this.fixCommandInjection(original);
+      } else if (vuln.type === "Insecure Random") {
+        fixed = this.fixInsecureRandom(original);
+      } else if (vuln.type === "SQL Injection") {
+        fixed = this.fixSQLInjection(original);
+      } else if (vuln.type === "Cross-Site Scripting (XSS)") {
+        fixed = this.fixXSS(original);
+      }
+
+      if (fixed !== original) {
+        return {
+          file: vuln.file,
+          line: vuln.line,
+          original,
+          fixed,
+          type: vuln.type,
+        };
+      }
+    } catch (error) {
+      console.warn(`Failed to generate fix for ${vuln.file}:${vuln.line}`);
+    }
+
+    return null;
+  }
+
+  private fixHardcodedSecret(line: string): string {
+    // Replace hardcoded values with environment variable references
+    let fixed = line;
+
+    // Replace apiKey/api_key patterns
+    fixed = fixed.replace(/api_?key\s*[:=]\s*["'][^"']*["']/i, (match) => {
+      const key = match.split("=")[0].trim();
+      return `${key} = process.env.API_KEY || "${match.split('"')[1] || match.split("'")[1] || "YOUR_KEY_HERE"}"`;
+    });
+
+    // Replace password patterns
+    fixed = fixed.replace(/password\s*[:=]\s*["'][^"']*["']/i, (match) => {
+      const key = match.split("=")[0].trim();
+      return `${key} = process.env.PASSWORD || ""`;
+    });
+
+    // Replace token patterns
+    fixed = fixed.replace(/token\s*[:=]\s*["'][^"']*["']/i, (match) => {
+      const key = match.split("=")[0].trim();
+      return `${key} = process.env.TOKEN || ""`;
+    });
+
+    return fixed;
+  }
+
+  private fixCommandInjection(line: string): string {
+    // Add escapeShellArg wrapper for unescaped variables
+    if (line.includes("execSync") || line.includes("exec")) {
+      return line.replace(/\$\{([^}]+)\}/g, (match, varName) => {
+        if (!line.includes("escapeShellArg")) {
+          return `\${escapeShellArg(${varName})}`;
+        }
+        return match;
+      });
+    }
+    return line;
+  }
+
+  private fixInsecureRandom(line: string): string {
+    // Replace Math.random with crypto.randomBytes
+    if (line.includes("Math.random()")) {
+      return line.replace(/Math\.random\(\)\.toString\(\d+\)\.slice\([^)]+\)/g, 'randomBytes(4).toString("hex")');
+    }
+    return line;
+  }
+
+  private fixSQLInjection(line: string): string {
+    // Suggest parameterized queries (manual fix needed)
+    if (line.includes("query") && line.includes("$")) {
+      return line.replace(/query\s*\([^)]*\$\{[^}]+\}[^)]*\)/, "query('...', [param1, param2])");
+    }
+    return line;
+  }
+
+  private fixXSS(line: string): string {
+    // Replace innerHTML with textContent
+    if (line.includes("innerHTML")) {
+      return line.replace(/\.innerHTML\s*=/, ".textContent =");
+    }
+
+    // Replace dangerouslySetInnerHTML with safe alternative
+    if (line.includes("dangerouslySetInnerHTML")) {
+      return line.replace(/dangerouslySetInnerHTML=\{[^}]+\}/g, "children");
+    }
+
+    return line;
+  }
+
+  private async applyFix(fix: CodeFix): Promise<void> {
+    try {
+      const file = await readFile(fix.file, "utf-8");
+      const lines = file.split("\n");
+      lines[fix.line - 1] = fix.fixed;
+      const updated = lines.join("\n");
+      await writeFile(fix.file, updated, "utf-8");
+    } catch (error) {
+      console.warn(`Failed to apply fix to ${fix.file}:${fix.line}`);
+    }
+  }
+}
+
+export const createCodeFixer = () => new CodeFixer();

package/src/engine/patcher.ts

@@ -90,14 +90,14 @@ export class PatchGenerator {
     // Try Nosana LLM if Kimi failed
     if (this.nosanaApiKey) {
       try {
-        console.log(`[Nosana] Generating patch for ${cve.id}...`);
-        const patch = await this.generatePatchWithNosana(cve);
+        console.log(`[Kimi] Generating patch for ${cve.id}...`);
+        const patch = await this.generatePatchWithKimi(cve);
         if (patch) {
           cve.patch_diff = patch;
           return patch;
         }
       } catch (error) {
-        console.warn(`[Nosana] Failed to generate patch: ${error instanceof Error ? error.message : String(error)}`);
+        console.warn(`[Kimi] Failed to generate patch: ${error instanceof Error ? error.message : String(error)}`);
       }
     }
 

package/src/engine/report.ts

@@ -12,6 +12,7 @@ export class ReportBuilder {
     dependencies: number
   ): Promise<Report> {
     const exploitableCves = cves.filter((c) => c.exploitable);
+    const patchesAvailable = cves.filter((c) => c.patch_diff).length;
 
     const scan: Scan = {
       id: this.generateScanId(),
@@ -23,6 +24,7 @@ export class ReportBuilder {
       exploitable_count: exploitableCves.length,
       theoretical_count: cves.length - exploitableCves.length,
       total_dependencies: dependencies,
+      patches_available: patchesAvailable,
     };
 
     const report: Report = {