codeprobe-scanner 1.0.17 → 1.0.20

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeprobe-scanner",
-  "version": "1.0.17",
+  "version": "1.0.20",
   "description": "Automated vulnerability scanner with exploit verification and video evidence",
   "type": "module",
   "bin": {

package/src/cli/commands/scan.ts

@@ -82,6 +82,20 @@ function displayReport(report: Report, json: boolean, durationMs: number): void
   console.log(chalk.green(`Patches Available: ${patchCount}/${report.summary.total_cves}`));
   console.log(`Duration: ${msToHuman(durationMs)}`);
 
+  // Display SAST findings if available
+  if ((report as any).code_vulnerabilities && (report as any).code_vulnerabilities.length > 0) {
+    const codeVulns = (report as any).code_vulnerabilities;
+    console.log(chalk.bold('\n🔐 Source Code Vulnerabilities:'));
+    codeVulns.forEach((vuln: any) => {
+      const severity = vuln.severity === 'CRITICAL' ? chalk.red(vuln.severity)
+        : vuln.severity === 'HIGH' ? chalk.yellow(vuln.severity)
+        : vuln.severity === 'MEDIUM' ? chalk.cyan(vuln.severity)
+        : chalk.green(vuln.severity);
+      console.log(`  ${severity} ${vuln.type} in ${vuln.file}:${vuln.line}`);
+      console.log(`    ${vuln.description}`);
+    });
+  }
+
   if (report.scan.cves.length > 0) {
     console.log(chalk.bold('\nCVE Details:'));
     report.scan.cves.forEach((cve) => {
@@ -114,6 +128,27 @@ export async function scanCommand(args: string[]): Promise<void> {
     // Run recursive scan to find all package.json files
     const report = await engine.scanRecursive(repoPath);
 
+    // Also scan for source code vulnerabilities (SAST)
+    console.log("\n🔐 Analyzing source code for vulnerabilities...");
+    const codeVulnerabilities = await engine.scanCodeVulnerabilities(repoPath);
+
+    // If --fix flag is set, apply fixes to source code
+    if (options.fix && codeVulnerabilities.length > 0) {
+      const { createCodeFixer } = await import("../../engine/code-fixer.js");
+      const fixer = createCodeFixer();
+      console.log("\n🔧 Applying source code fixes...");
+      const fixes = await fixer.fixVulnerabilities(codeVulnerabilities);
+      console.log(`   Applied ${fixes.length} code fixes`);
+
+      if (fixes.length > 0) {
+        console.log("\n📝 Fixed vulnerabilities:");
+        fixes.forEach((fix) => {
+          console.log(`   - ${fix.file}:${fix.line}`);
+          console.log(`     Type: ${fix.type}`);
+        });
+      }
+    }
+
     const duration = Date.now() - startTime;
 
     // Save report

package/src/cli/config.ts

@@ -10,6 +10,7 @@ interface ConfigData {
   bright_data_api_key?: string;
   daytona_api_key?: string;
   nosana_api_key?: string;
+  kimi_api_key?: string;
   [key: string]: string | undefined;
 }
 
@@ -138,7 +139,7 @@ export async function setConfig(key: string, value: string): Promise<void> {
   const config = await loadConfig();
 
   // Encrypt if it's a token/secret field (specific fields only)
-  const secretFields = ['github_token', 'bright_data_api_key', 'daytona_api_key', 'nosana_api_key'];
+  const secretFields = ['github_token', 'bright_data_api_key', 'daytona_api_key', 'nosana_api_key', 'kimi_api_key'];
   if (secretFields.includes(key.toLowerCase())) {
     config[key] = encryptToken(value);
   } else {
@@ -156,7 +157,7 @@ export async function clearConfig(key: string): Promise<void> {
   console.log(chalk.green(`✓ Config cleared: ${key}`));
 }
 
-export async function getApiKey(service: 'BRIGHT_DATA' | 'DAYTONA' | 'NOSANA'): Promise<string> {
+export async function getApiKey(service: 'BRIGHT_DATA' | 'DAYTONA' | 'NOSANA' | 'KIMI'): Promise<string> {
   const envKey = process.env[`${service}_API_KEY`];
   if (envKey) {
     return envKey;

package/src/engine/code-fixer.ts

@@ -0,0 +1,169 @@
+import { readFile, writeFile } from "fs/promises";
+import { CodeVulnerability } from "./sast";
+
+export interface CodeFix {
+  file: string;
+  line: number;
+  original: string;
+  fixed: string;
+  type: string;
+}
+
+export class CodeFixer {
+  async fixVulnerabilities(vulnerabilities: CodeVulnerability[]): Promise<CodeFix[]> {
+    const fixes: CodeFix[] = [];
+    const fileCache = new Map<string, { original: string; lines: string[] }>();
+
+    // Group vulnerabilities by file
+    const vulnsByFile = new Map<string, CodeVulnerability[]>();
+    for (const vuln of vulnerabilities) {
+      if (!vulnsByFile.has(vuln.file)) {
+        vulnsByFile.set(vuln.file, []);
+      }
+      vulnsByFile.get(vuln.file)!.push(vuln);
+    }
+
+    // Process each file
+    for (const [filePath, fileVulns] of vulnsByFile) {
+      try {
+        const content = await readFile(filePath, "utf-8");
+        const lines = content.split("\n");
+        let modified = false;
+
+        for (const vuln of fileVulns) {
+          const fix = this.generateFixForVulnerability(vuln, lines);
+          if (fix) {
+            lines[vuln.line - 1] = fix.fixed;
+            fixes.push({ file: filePath, line: vuln.line, original: fix.original, fixed: fix.fixed, type: vuln.type });
+            modified = true;
+          }
+        }
+
+        // Write back if modified
+        if (modified) {
+          const updatedContent = lines.join("\n");
+          await writeFile(filePath, updatedContent, "utf-8");
+          console.log(`   ✓ Fixed ${fileVulns.length} issues in ${filePath}`);
+        }
+      } catch (error) {
+        console.warn(`   ⚠️  Failed to fix ${filePath}: ${error instanceof Error ? error.message : String(error)}`);
+      }
+    }
+
+    return fixes;
+  }
+
+  private generateFixForVulnerability(vuln: CodeVulnerability, lines: string[]): { original: string; fixed: string } | null {
+    try {
+      const lineIndex = vuln.line - 1;
+      if (lineIndex < 0 || lineIndex >= lines.length) {
+        return null;
+      }
+
+      const original = lines[lineIndex];
+      let fixed = original;
+
+      // Apply type-specific fixes
+      if (vuln.type === "Hardcoded Secret") {
+        fixed = this.fixHardcodedSecret(original);
+      } else if (vuln.type === "Command Injection") {
+        fixed = this.fixCommandInjection(original);
+      } else if (vuln.type === "Insecure Random") {
+        fixed = this.fixInsecureRandom(original);
+      } else if (vuln.type === "SQL Injection") {
+        fixed = this.fixSQLInjection(original);
+      } else if (vuln.type === "Cross-Site Scripting (XSS)") {
+        fixed = this.fixXSS(original);
+      }
+
+      if (fixed !== original) {
+        return { original, fixed };
+      }
+    } catch (error) {
+      // Silent fail for individual fixes
+    }
+
+    return null;
+  }
+
+  private fixHardcodedSecret(line: string): string {
+    // Replace hardcoded values with environment variable references
+    let fixed = line;
+
+    // Replace apiKey/api_key patterns
+    if (/api_?key\s*[:=]\s*["']/i.test(fixed)) {
+      const varName = fixed.match(/(\w+)\s*[:=]/)?.[1] || "apiKey";
+      fixed = fixed.replace(/api_?key\s*[:=]\s*["'][^"']*["']/i,
+        `${varName} = process.env.API_KEY || ""`);
+    }
+
+    // Replace password patterns
+    if (/password\s*[:=]\s*["']/i.test(fixed)) {
+      const varName = fixed.match(/(\w+)\s*[:=]/)?.[1] || "password";
+      fixed = fixed.replace(/password\s*[:=]\s*["'][^"']*["']/i,
+        `${varName} = process.env.PASSWORD || ""`);
+    }
+
+    // Replace token patterns
+    if (/token\s*[:=]\s*["']/i.test(fixed)) {
+      const varName = fixed.match(/(\w+)\s*[:=]/)?.[1] || "token";
+      fixed = fixed.replace(/token\s*[:=]\s*["'][^"']*["']/i,
+        `${varName} = process.env.TOKEN || ""`);
+    }
+
+    // Replace secret patterns
+    if (/secret\s*[:=]\s*["']/i.test(fixed)) {
+      const varName = fixed.match(/(\w+)\s*[:=]/)?.[1] || "secret";
+      fixed = fixed.replace(/secret\s*[:=]\s*["'][^"']*["']/i,
+        `${varName} = process.env.SECRET || ""`);
+    }
+
+    return fixed;
+  }
+
+  private fixCommandInjection(line: string): string {
+    // Add escapeShellArg wrapper for unescaped variables
+    if (line.includes("execSync") || line.includes("exec")) {
+      return line.replace(/\$\{([^}]+)\}/g, (match, varName) => {
+        if (!line.includes("escapeShellArg")) {
+          return `\${escapeShellArg(${varName})}`;
+        }
+        return match;
+      });
+    }
+    return line;
+  }
+
+  private fixInsecureRandom(line: string): string {
+    // Replace Math.random with crypto.randomBytes
+    if (line.includes("Math.random()")) {
+      return line.replace(/Math\.random\(\)\.toString\(\d+\)\.slice\([^)]+\)/g, 'randomBytes(4).toString("hex")');
+    }
+    return line;
+  }
+
+  private fixSQLInjection(line: string): string {
+    // Suggest parameterized queries (manual fix needed)
+    if (line.includes("query") && line.includes("$")) {
+      return line.replace(/query\s*\([^)]*\$\{[^}]+\}[^)]*\)/, "query('...', [param1, param2])");
+    }
+    return line;
+  }
+
+  private fixXSS(line: string): string {
+    // Replace innerHTML with textContent
+    if (line.includes("innerHTML")) {
+      return line.replace(/\.innerHTML\s*=/, ".textContent =");
+    }
+
+    // Replace dangerouslySetInnerHTML with safe alternative
+    if (line.includes("dangerouslySetInnerHTML")) {
+      return line.replace(/dangerouslySetInnerHTML=\{[^}]+\}/g, "children");
+    }
+
+    return line;
+  }
+
+}
+
+export const createCodeFixer = () => new CodeFixer();

package/src/engine/index.ts

@@ -132,7 +132,7 @@ export class CodeProbeEngine {
       }
 
       // Step 7: Generate patches for exploitable CVEs + any HIGH/CRITICAL with a known fix version
-      console.log("\x1b[33m[Nosana]\x1b[0m 🔧 Generating patches with LLM...");
+      console.log("\x1b[33m[Kimi]\x1b[0m 🔧 Generating patches with Kimi LLM...");
       await this.patcher.loadPrebakedPatches();
       const patchCandidates = matchedCves.filter((c) =>
         c.exploitable || ((c.severity === "CRITICAL" || c.severity === "HIGH") && c.version_fixed)

package/src/engine/patcher.ts

@@ -67,38 +67,35 @@ export class PatchGenerator {
   async generatePatch(cve: ScanCVE): Promise<string | null> {
     await this.resolveKeys();
 
+    // First, check for prebaked patches (highest priority)
     const prebakedPatch = this.patches.get(cve.id);
     if (prebakedPatch) {
       cve.patch_diff = prebakedPatch.diff;
       return prebakedPatch.diff;
     }
 
-    // Try Kimi LLM for patch generation
+    // Use Kimi LLM for patch generation (primary method)
     if (this.kimiApiKey) {
       try {
-        console.log(`[Kimi] Generating patch for ${cve.id}...`);
+        console.log(`[Kimi] 🔧 Generating patch for ${cve.id}...`);
         const patch = await this.generatePatchWithKimi(cve);
         if (patch) {
           cve.patch_diff = patch;
+          console.log(`[Kimi] ✓ Patch generated for ${cve.id}`);
           return patch;
         }
       } catch (error) {
-        console.warn(`[Kimi] Failed to generate patch: ${error instanceof Error ? error.message : String(error)}`);
-      }
-    }
-
-    // Try Nosana LLM if Kimi failed
-    if (this.nosanaApiKey) {
-      try {
-        console.log(`[Kimi] Generating patch for ${cve.id}...`);
-        const patch = await this.generatePatchWithKimi(cve);
-        if (patch) {
-          cve.patch_diff = patch;
-          return patch;
-        }
-      } catch (error) {
-        console.warn(`[Kimi] Failed to generate patch: ${error instanceof Error ? error.message : String(error)}`);
+        console.warn(
+          `[Kimi] ⚠️  Failed to generate patch for ${cve.id}: ${
+            error instanceof Error ? error.message : String(error)
+          }`
+        );
       }
+    } else {
+      console.warn(
+        `[Kimi] ⚠️  No Kimi API key configured. Set KIMI_API_KEY or run:\n` +
+        `       codeprobe config set kimi_api_key <your-key>`
+      );
     }
 
     return null;