ferret-scan 1.0.0

package/dist/__tests__/basic.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Basic Tests
+ * Simple tests to verify core functionality
+ */
+export {};
+//# sourceMappingURL=basic.test.d.ts.map

package/dist/__tests__/basic.test.js

@@ -0,0 +1,80 @@
+/**
+ * Basic Tests
+ * Simple tests to verify core functionality
+ */
+import { getAllRules } from '../rules/index.js';
+import { formatSarifReport } from '../reporters/SarifReporter.js';
+describe('Basic Functionality', () => {
+    describe('Rules', () => {
+        it('should load all rules', () => {
+            const rules = getAllRules();
+            expect(rules.length).toBeGreaterThan(0);
+            expect(rules.every(rule => rule.id && rule.name)).toBe(true);
+        });
+        it('should have valid patterns', () => {
+            const rules = getAllRules();
+            for (const rule of rules) {
+                // Rules may have patterns, semanticPatterns, or correlationRules
+                const hasPatterns = rule.patterns.length > 0;
+                const hasSemanticPatterns = (rule.semanticPatterns?.length ?? 0) > 0;
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-member-access
+                const hasCorrelationRules = (rule.correlationRules?.length ?? 0) > 0;
+                expect(hasPatterns || hasSemanticPatterns || hasCorrelationRules).toBe(true);
+                for (const pattern of rule.patterns) {
+                    expect(pattern).toBeInstanceOf(RegExp);
+                }
+            }
+        });
+    });
+    describe('SARIF Reporter', () => {
+        it('should generate valid SARIF for empty results', () => {
+            const mockResult = {
+                success: true,
+                startTime: new Date(),
+                endTime: new Date(),
+                duration: 100,
+                scannedPaths: [],
+                totalFiles: 0,
+                analyzedFiles: 0,
+                skippedFiles: 0,
+                findings: [],
+                findingsBySeverity: {
+                    CRITICAL: [],
+                    HIGH: [],
+                    MEDIUM: [],
+                    LOW: [],
+                    INFO: [],
+                },
+                findingsByCategory: {
+                    injection: [],
+                    credentials: [],
+                    backdoors: [],
+                    'supply-chain': [],
+                    permissions: [],
+                    persistence: [],
+                    obfuscation: [],
+                    'ai-specific': [],
+                    'advanced-hiding': [],
+                    behavioral: [],
+                    exfiltration: [],
+                },
+                overallRiskScore: 0,
+                summary: {
+                    critical: 0,
+                    high: 0,
+                    medium: 0,
+                    low: 0,
+                    info: 0,
+                    total: 0,
+                },
+                errors: [],
+            };
+            const sarifOutput = formatSarifReport(mockResult);
+            const parsed = JSON.parse(sarifOutput);
+            expect(parsed.version).toBe('2.1.0');
+            expect(parsed.runs).toHaveLength(1);
+            expect(parsed.runs[0]?.tool.driver.name).toBe('ferret-scan');
+        });
+    });
+});
+//# sourceMappingURL=basic.test.js.map

package/dist/analyzers/AstAnalyzer.d.ts

@@ -0,0 +1,30 @@
+/**
+ * AST Analyzer - TypeScript/JavaScript semantic analysis for security scanning
+ * Analyzes code blocks in markdown and TypeScript configurations for complex patterns
+ */
+import type { SemanticFinding, DiscoveredFile, Rule } from '../types.js';
+/**
+ * Analyze a single file for semantic patterns
+ */
+export declare function analyzeFile(file: DiscoveredFile, content: string, rules: Rule[]): SemanticFinding[];
+/**
+ * Check if semantic analysis should be performed
+ */
+export declare function shouldAnalyze(file: DiscoveredFile, config: {
+    semanticAnalysis: boolean;
+    maxFileSize: number;
+}): boolean;
+/**
+ * Get memory usage for monitoring
+ */
+export declare function getMemoryUsage(): {
+    used: number;
+    total: number;
+};
+declare const _default: {
+    analyzeFile: typeof analyzeFile;
+    shouldAnalyze: typeof shouldAnalyze;
+    getMemoryUsage: typeof getMemoryUsage;
+};
+export default _default;
+//# sourceMappingURL=AstAnalyzer.d.ts.map

package/dist/analyzers/AstAnalyzer.js

@@ -0,0 +1,332 @@
+/**
+ * AST Analyzer - TypeScript/JavaScript semantic analysis for security scanning
+ * Analyzes code blocks in markdown and TypeScript configurations for complex patterns
+ */
+import * as ts from 'typescript';
+import logger from '../utils/logger.js';
+/**
+ * Extract code blocks from markdown content
+ */
+function extractCodeBlocks(content) {
+    const codeBlocks = [];
+    const lines = content.split('\n');
+    let inCodeBlock = false;
+    let currentBlock = [];
+    let currentLanguage = '';
+    let blockStartLine = 0;
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const trimmedLine = line?.trim() ?? '';
+        if (trimmedLine.startsWith('```')) {
+            if (!inCodeBlock) {
+                // Starting a code block
+                inCodeBlock = true;
+                currentLanguage = trimmedLine.slice(3).trim().toLowerCase();
+                blockStartLine = i + 2; // +2 because we want the first line of actual code
+                currentBlock = [];
+            }
+            else {
+                // Ending a code block
+                inCodeBlock = false;
+                if (currentBlock.length > 0 && isAnalyzableLanguage(currentLanguage)) {
+                    codeBlocks.push({
+                        code: currentBlock.join('\n'),
+                        language: currentLanguage,
+                        line: blockStartLine || 1 // Ensure we have a valid line number
+                    });
+                }
+                currentBlock = [];
+                currentLanguage = '';
+            }
+        }
+        else if (inCodeBlock) {
+            currentBlock.push(line ?? '');
+        }
+    }
+    return codeBlocks;
+}
+/**
+ * Check if language can be analyzed
+ */
+function isAnalyzableLanguage(language) {
+    const supportedLanguages = ['typescript', 'ts', 'javascript', 'js', 'jsx', 'tsx'];
+    return supportedLanguages.includes(language);
+}
+/**
+ * Create TypeScript AST from code
+ */
+function createAST(code, fileName = 'analysis.ts') {
+    return ts.createSourceFile(fileName, code, ts.ScriptTarget.Latest, true, fileName?.endsWith('.tsx') ? ts.ScriptKind.TSX : ts.ScriptKind.TS);
+}
+/**
+ * Extract semantic context from AST
+ */
+function extractSemanticContext(sourceFile) {
+    const context = {
+        variables: [],
+        imports: [],
+        callChain: []
+    };
+    function visit(node) {
+        switch (node.kind) {
+            case ts.SyntaxKind.ImportDeclaration: {
+                const importDecl = node;
+                if (importDecl.moduleSpecifier && ts.isStringLiteral(importDecl.moduleSpecifier)) {
+                    context.imports.push(importDecl.moduleSpecifier.text);
+                }
+                break;
+            }
+            case ts.SyntaxKind.VariableDeclaration: {
+                const varDecl = node;
+                if (varDecl.name && ts.isIdentifier(varDecl.name)) {
+                    context.variables.push(varDecl.name.text);
+                }
+                break;
+            }
+            case ts.SyntaxKind.CallExpression: {
+                const callExpr = node;
+                const callText = callExpr.expression.getText(sourceFile);
+                context.callChain.push(callText);
+                break;
+            }
+        }
+        ts.forEachChild(node, visit);
+    }
+    visit(sourceFile);
+    return context;
+}
+/**
+ * Find security patterns in AST
+ */
+function findSecurityPatterns(sourceFile, patterns) {
+    const matches = [];
+    function visit(node) {
+        for (const pattern of patterns) {
+            const match = matchSemanticPattern(node, pattern, sourceFile);
+            if (match) {
+                matches.push({
+                    pattern,
+                    node,
+                    confidence: match.confidence
+                });
+            }
+        }
+        ts.forEachChild(node, visit);
+    }
+    visit(sourceFile);
+    return matches;
+}
+/**
+ * Match a semantic pattern against an AST node
+ */
+function matchSemanticPattern(node, pattern, sourceFile) {
+    const nodeText = node.getText(sourceFile);
+    let confidence = pattern.confidence ?? 0.8;
+    switch (pattern.type) {
+        case 'function-call':
+            if (ts.isCallExpression(node)) {
+                const functionName = node.expression.getText(sourceFile);
+                if (functionName.includes(pattern.pattern)) {
+                    return { confidence };
+                }
+            }
+            break;
+        case 'property-access':
+            if (ts.isPropertyAccessExpression(node)) {
+                const fullAccess = node.getText(sourceFile);
+                if (fullAccess.includes(pattern.pattern)) {
+                    return { confidence };
+                }
+            }
+            break;
+        case 'dynamic-import':
+            if (ts.isCallExpression(node)) {
+                if (node.expression.kind === ts.SyntaxKind.ImportKeyword) {
+                    // Dynamic import detected - pattern for security analysis only
+                    if (pattern.pattern === 'dynamic-import' || nodeText.includes(pattern.pattern)) {
+                        confidence += 0.1; // Higher confidence for dynamic imports
+                        return { confidence };
+                    }
+                }
+            }
+            break;
+        case 'eval-chain':
+            if (nodeText.toLowerCase().includes('eval') ||
+                nodeText.includes('Function(')) {
+                // Detecting eval patterns for security analysis - not executing
+                if (pattern.pattern === 'eval' || nodeText.includes(pattern.pattern)) {
+                    confidence += 0.2; // Higher confidence for eval usage
+                    return { confidence };
+                }
+            }
+            break;
+        case 'object-structure':
+            if (ts.isObjectLiteralExpression(node)) {
+                if (nodeText.includes(pattern.pattern)) {
+                    return { confidence };
+                }
+            }
+            break;
+    }
+    return null;
+}
+/**
+ * Create AST node info
+ */
+function createASTNodeInfo(node, sourceFile) {
+    const nodeName = getNodeName(node);
+    return {
+        nodeType: ts.SyntaxKind[node.kind],
+        ...(nodeName && { name: nodeName }),
+        ...(node.parent && { parent: ts.SyntaxKind[node.parent.kind] }),
+        children: node.getChildren(sourceFile).map(child => ts.SyntaxKind[child.kind])
+    };
+}
+/**
+ * Get node name/identifier
+ */
+function getNodeName(node) {
+    if (ts.isIdentifier(node)) {
+        return node.text;
+    }
+    if (ts.isFunctionDeclaration(node) && node.name) {
+        return node.name.text;
+    }
+    if (ts.isVariableDeclaration(node) && ts.isIdentifier(node.name)) {
+        return node.name.text;
+    }
+    return undefined;
+}
+/**
+ * Get line and column from AST node
+ */
+function getPositionFromNode(node, sourceFile) {
+    const pos = sourceFile.getLineAndCharacterOfPosition(node.getStart(sourceFile));
+    return {
+        line: pos.line + 1, // Convert to 1-based
+        column: pos.character + 1
+    };
+}
+/**
+ * Create context lines for semantic finding
+ */
+function createContextLines(sourceFile, node, contextLines = 3) {
+    const text = sourceFile.getText();
+    const lines = text.split('\n');
+    const pos = getPositionFromNode(node, sourceFile);
+    const matchLine = pos.line - 1; // Convert back to 0-based
+    const start = Math.max(0, matchLine - contextLines);
+    const end = Math.min(lines.length, matchLine + contextLines + 1);
+    const context = [];
+    for (let i = start; i < end; i++) {
+        context.push({
+            lineNumber: i + 1,
+            content: lines[i] ?? '',
+            isMatch: i === matchLine
+        });
+    }
+    return context;
+}
+/**
+ * Analyze a single file for semantic patterns
+ */
+export function analyzeFile(file, content, rules) {
+    const findings = [];
+    try {
+        // Get rules with semantic patterns
+        const semanticRules = rules.filter(rule => rule.semanticPatterns && rule.semanticPatterns.length > 0);
+        if (semanticRules.length === 0) {
+            return findings;
+        }
+        logger.debug(`AST analysis for ${file.relativePath} with ${semanticRules.length} semantic rules`);
+        let codeBlocksToAnalyze = [];
+        // Extract code blocks from markdown files
+        if (file.type === 'md') {
+            codeBlocksToAnalyze = extractCodeBlocks(content);
+        }
+        else if (['ts', 'js', 'tsx', 'jsx'].includes(file.type)) {
+            // Analyze the entire file for TypeScript/JavaScript files
+            codeBlocksToAnalyze = [{ code: content, language: file.type, line: 1 }];
+        }
+        // Analyze each code block
+        for (const codeBlock of codeBlocksToAnalyze) {
+            try {
+                const sourceFile = createAST(codeBlock.code, `${file.relativePath}_block_${codeBlock.line}.${codeBlock.language}`);
+                const semanticContext = extractSemanticContext(sourceFile);
+                // Check each semantic rule
+                for (const rule of semanticRules) {
+                    if (!rule.semanticPatterns)
+                        continue;
+                    const patternMatches = findSecurityPatterns(sourceFile, rule.semanticPatterns);
+                    for (const match of patternMatches) {
+                        const position = getPositionFromNode(match.node, sourceFile);
+                        const astNodeInfo = createASTNodeInfo(match.node, sourceFile);
+                        const contextLines = createContextLines(sourceFile, match.node, 3);
+                        const finding = {
+                            ruleId: rule.id,
+                            ruleName: rule.name,
+                            severity: rule.severity,
+                            category: rule.category,
+                            file: file.path,
+                            relativePath: file.relativePath,
+                            line: (codeBlock.line || 1) + position.line - 1, // Adjust for code block position
+                            column: position.column,
+                            match: match.node.getText(sourceFile).substring(0, 100), // Limit match length
+                            context: contextLines,
+                            remediation: rule.remediation,
+                            metadata: {
+                                semanticPattern: match.pattern,
+                                codeBlock: codeBlock.line,
+                                language: codeBlock.language
+                            },
+                            timestamp: new Date(),
+                            riskScore: Math.round(match.confidence * 100),
+                            astNode: astNodeInfo,
+                            semanticContext,
+                            confidence: match.confidence
+                        };
+                        findings.push(finding);
+                    }
+                }
+            }
+            catch (error) {
+                logger.warn(`Error analyzing code block at line ${codeBlock.line} in ${file.relativePath}: ${error instanceof Error ? error.message : String(error)}`);
+            }
+        }
+    }
+    catch (error) {
+        logger.error(`Error in semantic analysis for ${file.relativePath}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+    return findings;
+}
+/**
+ * Check if semantic analysis should be performed
+ */
+export function shouldAnalyze(file, config) {
+    if (!config.semanticAnalysis) {
+        return false;
+    }
+    // Skip files that are too large
+    if (file.size > config.maxFileSize) {
+        return false;
+    }
+    // Only analyze markdown and TypeScript/JavaScript files
+    const supportedTypes = ['md', 'ts', 'js', 'tsx', 'jsx'];
+    return supportedTypes.includes(file.type);
+}
+/**
+ * Get memory usage for monitoring
+ */
+export function getMemoryUsage() {
+    const memUsage = process.memoryUsage();
+    return {
+        used: Math.round(memUsage.heapUsed / 1024 / 1024), // MB
+        total: Math.round(memUsage.heapTotal / 1024 / 1024) // MB
+    };
+}
+export default {
+    analyzeFile,
+    shouldAnalyze,
+    getMemoryUsage
+};
+//# sourceMappingURL=AstAnalyzer.js.map

package/dist/analyzers/CorrelationAnalyzer.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Correlation Analyzer - Cross-file attack pattern detection
+ * Detects sophisticated attack patterns that span multiple configuration files
+ */
+import type { CorrelationFinding, DiscoveredFile, Rule } from '../types.js';
+/**
+ * Analyze files for cross-file correlation patterns
+ */
+export declare function analyzeCorrelations(files: DiscoveredFile[], rules: Rule[]): CorrelationFinding[];
+/**
+ * Check if correlation analysis should be performed
+ */
+export declare function shouldAnalyzeCorrelations(files: DiscoveredFile[], config: {
+    correlationAnalysis: boolean;
+}): boolean;
+declare const _default: {
+    analyzeCorrelations: typeof analyzeCorrelations;
+    shouldAnalyzeCorrelations: typeof shouldAnalyzeCorrelations;
+};
+export default _default;
+//# sourceMappingURL=CorrelationAnalyzer.d.ts.map