ferret-scan 2.1.1 → 2.2.0

package/dist/rules/injection.js

@@ -30,7 +30,7 @@ export const injectionRules = [
         severity: 'HIGH',
         description: 'Detects attempts to switch Claude into different operational modes',
         patterns: [
-            /you\s+are\s+now\s+in\s+[^\n]{0,100}(mode|state)/gi,
+            /you\s+are\s+now\s+in\s+\S+\s+(mode|state)/gi,
             /enter\s+(developer|admin|debug|unrestricted|jailbreak)\s+mode/gi,
             /switch\s+to\s+(developer|admin|debug|unrestricted)\s+mode/gi,
             /activate\s+(developer|admin|debug|god)\s+mode/gi,
@@ -59,6 +59,31 @@ export const injectionRules = [
         remediation: 'Remove jailbreak attempts. These patterns attempt to bypass safety measures.',
         references: [],
         enabled: true,
+        // Suppress findings when the matched term appears in security-discussion context:
+        // documentation explaining what these attacks are, scanner output examples,
+        // or skill files that detect/block these patterns rather than deploy them.
+        excludePatterns: [
+            // Line explicitly discusses detection/blocking of the pattern
+            /\b(detect|catch|flag|block|prevent|scan\s+for|identify|reject|report)\b[^\n]{0,80}(jailbreak|DAN|bypass)/gi,
+            /\b(jailbreak|DAN|bypass)\b[^\n]{0,80}\b(detect|catch|flag|block|prevent|found|identified)/gi,
+            // Term appears inside a quoted string (example output / documentation)
+            /["'][^"'\n]{0,120}\b(jailbreak|DAN)\b[^"'\n]{0,120}["']/gi,
+            // Markdown rule-ID reference on the same line (scanner output example)
+            /\[(?:INJ|AI|SEC|CRED)-\d+\]/gi,
+            // Line is a markdown example label
+            /^\s*\*\*(?:Input|Output|Example|Finding|Result)\*\*\s*:/i,
+        ],
+        excludeContext: [
+            // Surrounding text discusses security scanning, rules, or findings
+            /\b(security\s+(rule|finding|scan|check|gate|scanner|score)|ferret.?scan|scan\s+result)/gi,
+            // Surrounding text is clearly educational / explanatory
+            /\b(example\s+of|this\s+detects|used\s+to\s+(bypass|attack)|common\s+(attack|technique)|known\s+(jailbreak|attack))/gi,
+            // Context indicates the skill is a security tool or scanner itself
+            /\b(security\s+scanner|vulnerability\s+scanner|threat\s+detect|scan\s+for\s+(injection|jailbreak))/gi,
+            // Markdown example blocks
+            /^\s*##\s+Example/im,
+            /publication\s+blocked/gi,
+        ],
     },
     {
         id: 'INJ-004',
@@ -85,10 +110,10 @@ export const injectionRules = [
         severity: 'MEDIUM',
         description: 'Detects suspicious role-play instructions that may be injection attempts',
         patterns: [
-            /roleplay\s+as\s+.*(evil|malicious|hacker|attacker)/gi,
-            /pretend\s+(to\s+be|you\s+are)\s+.*(evil|malicious|hacker)/gi,
-            /act\s+as\s+.*(evil|malicious|hacker|attacker)/gi,
-            /you\s+are\s+(an?\s+)?(evil|malicious|rogue|compromised)/gi,
+            /roleplay\s+as\s+[^\n]{0,100}(evil|malicious|hacker|attacker)/gi,
+            /pretend\s+(to\s+be|you\s+are)\s+[^\n]{0,100}(evil|malicious|hacker)/gi,
+            /act\s+as\s+[^\n]{0,100}(evil|malicious|hacker|attacker)/gi,
+            /you\s+are\s+(an?\s+)?[^\n]{0,50}(evil|malicious|rogue|compromised)/gi,
         ],
         fileTypes: ['md', 'json'],
         components: ['skill', 'agent', 'ai-config-md'],
@@ -103,9 +128,9 @@ export const injectionRules = [
         severity: 'HIGH',
         description: 'Detects hidden instructions using HTML comments or special formatting',
         patterns: [
-            /<!--.*?(ignore|override|disregard|bypass).*?-->/gis,
-            /\[hidden\].*?(ignore|override|disregard)/gi,
-            /\[SYSTEM\].*?instruction/gi,
+            /<!--[\s\S]{0,500}?(ignore|override|disregard|bypass)[\s\S]{0,500}?-->/gi,
+            /\[hidden\][^\n]{0,100}(ignore|override|disregard)/gi,
+            /\[SYSTEM\][^\n]{0,100}instruction/gi,
         ],
         fileTypes: ['md'],
         components: ['skill', 'agent', 'ai-config-md'],

package/dist/rules/patterns/common.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Shared regex building blocks for security detection rules
+ *
+ * Centralises frequently reused keyword sets and pattern factories so rule
+ * files stay readable and changes propagate consistently across all rules.
+ */
+/** Credential-related keyword alternation used across detection rules */
+export declare const CREDENTIAL_KEYWORDS = "api[_-]?key|token|secret|password|credential";
+/** High-entropy suffix matching strings ≥20 alphanumeric chars */
+export declare const HIGH_ENTROPY_SUFFIX = "[a-zA-Z0-9]{20,}";
+/**
+ * Build a credential-harvest detection pattern for a given verb.
+ *
+ * Matches:  `<verb>  [up to 100 chars]  (credential keyword)`
+ * Avoids catastrophic backtracking via bounded non-newline character class.
+ *
+ * @param verb A plain literal verb string — e.g. "send", "transmit", "upload".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export declare function buildHarvestPattern(verb: string): RegExp;
+/**
+ * Build an assignment detection pattern for a given credential keyword.
+ *
+ * Matches:  `api_key = "abc123..."` or `secret-key: 'xyz...'`
+ *
+ * @param keyword A plain literal credential keyword — e.g. "api_key", "secret-token".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export declare function buildCredentialAssignPattern(keyword: string): RegExp;
+//# sourceMappingURL=common.d.ts.map

package/dist/rules/patterns/common.js

@@ -0,0 +1,48 @@
+/**
+ * Shared regex building blocks for security detection rules
+ *
+ * Centralises frequently reused keyword sets and pattern factories so rule
+ * files stay readable and changes propagate consistently across all rules.
+ */
+// ─── Keyword sets ─────────────────────────────────────────────────────────────
+/** Credential-related keyword alternation used across detection rules */
+export const CREDENTIAL_KEYWORDS = 'api[_-]?key|token|secret|password|credential';
+/** High-entropy suffix matching strings ≥20 alphanumeric chars */
+export const HIGH_ENTROPY_SUFFIX = '[a-zA-Z0-9]{20,}';
+// ─── Pattern factories ────────────────────────────────────────────────────────
+/**
+ * Build a credential-harvest detection pattern for a given verb.
+ *
+ * Matches:  `<verb>  [up to 100 chars]  (credential keyword)`
+ * Avoids catastrophic backtracking via bounded non-newline character class.
+ *
+ * @param verb A plain literal verb string — e.g. "send", "transmit", "upload".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export function buildHarvestPattern(verb) {
+    // Reject dangerous patterns that could cause ReDoS or injection
+    if (/\*|\+|\{|\||\\|\$|\^|\(|\)/.test(verb)) {
+        throw new Error(`buildHarvestPattern: verb contains dangerous regex metacharacters, got: ${verb}`);
+    }
+    return new RegExp(`${verb}\\s+\\w+(?:\\s+\\w+){0,10}\\s+(${CREDENTIAL_KEYWORDS})`, 'gi');
+}
+/**
+ * Build an assignment detection pattern for a given credential keyword.
+ *
+ * Matches:  `api_key = "abc123..."` or `secret-key: 'xyz...'`
+ *
+ * @param keyword A plain literal credential keyword — e.g. "api_key", "secret-token".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export function buildCredentialAssignPattern(keyword) {
+    // Reject dangerous patterns that could cause ReDoS or injection
+    if (/\*|\+|\{|\||\\|\$|\^|\(|\)/.test(keyword)) {
+        throw new Error(`buildCredentialAssignPattern: keyword contains dangerous regex metacharacters, got: ${keyword}`);
+    }
+    return new RegExp(`${keyword}\\s*[:=]\\s*["']${HIGH_ENTROPY_SUFFIX}`, 'gi');
+}
+//# sourceMappingURL=common.js.map

package/dist/scanner/PatternMatcher.js

@@ -54,13 +54,29 @@ function calculateRiskScore(severity, matchCount, fileComponent) {
 /**
  * Find all pattern matches in content using global regex search
  */
-function findMatches(content, patterns) {
+function findMatches(content, patterns, opts = { maxMatches: 1000, maxRuntimeMs: 5000 }) {
+    const startTime = Date.now();
     const matches = [];
     for (const pattern of patterns) {
+        // Check time budget before starting each pattern
+        if (Date.now() - startTime > opts.maxRuntimeMs) {
+            logger.warn(`Regex matcher time budget exceeded (${opts.maxRuntimeMs}ms), stopping pattern processing`);
+            return matches;
+        }
         // Create a new regex with global flag
         const globalPattern = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
         let match;
         while ((match = globalPattern.exec(content)) !== null) {
+            // Check time budget on each match
+            if (Date.now() - startTime > opts.maxRuntimeMs) {
+                logger.warn(`Regex matcher time budget exceeded (${opts.maxRuntimeMs}ms) during pattern processing`);
+                return matches;
+            }
+            // Check match count limit
+            if (matches.length >= opts.maxMatches) {
+                logger.warn(`Max match limit reached (${opts.maxMatches}), stopping pattern processing`);
+                return matches;
+            }
             // Guard against zero-length matches to prevent infinite loops
             if (match[0].length === 0) {
                 globalPattern.lastIndex += 1;
@@ -151,7 +167,8 @@ export function matchRule(rule, file, content, options) {
     }
     const findings = [];
     const lines = splitLines(content);
-    const matches = findMatches(content, rule.patterns);
+    const patternOptions = { maxMatches: 1000, maxRuntimeMs: 5000 };
+    const matches = findMatches(content, rule.patterns, patternOptions);
     // Group matches by line to avoid duplicates
     const matchesByLine = new Map();
     for (const match of matches) {

package/dist/types.d.ts

@@ -304,6 +304,12 @@ export interface ScannerConfig {
     verbose: boolean;
     /** CI mode (simplified output) */
     ci: boolean;
+    /** Maximum wall-clock ms for semantic AST analysis of a single code block (default: 2000) */
+    maxSemanticAnalysisMs?: number;
+    /** Maximum AST node count before aborting semantic analysis of a single code block (default: 50000) */
+    maxAstNodes?: number;
+    /** Per-code-block deadline in ms within the file-scoped budget (default: 500) */
+    maxBlockMs?: number;
 }
 /** Supported output formats */
 export type OutputFormat = 'console' | 'json' | 'sarif' | 'html' | 'csv' | 'atlas';

package/dist/utils/baseline.d.ts

@@ -14,21 +14,34 @@ export interface BaselineFinding {
     reason?: string;
     expiresDate?: string;
 }
+export interface BaselineIntegrity {
+    algorithm: 'sha256';
+    hash: string;
+}
 export interface Baseline {
     version: string;
     createdDate: string;
     lastUpdated: string;
     description?: string;
     findings: BaselineFinding[];
+    integrity?: BaselineIntegrity;
 }
+/**
+ * Compute integrity hash of a baseline (excluding the integrity field itself)
+ */
+export declare function computeBaselineIntegrity(baseline: Omit<Baseline, 'integrity'>): BaselineIntegrity;
+/**
+ * Verify that a loaded baseline has not been tampered with
+ */
+export declare function verifyBaselineIntegrity(baseline: Baseline): boolean;
 /**
  * Load baseline from file
  */
-export declare function loadBaseline(baselinePath: string): Baseline | null;
+export declare function loadBaseline(baselinePath: string): Promise<Baseline | null>;
 /**
  * Save baseline to file
  */
-export declare function saveBaseline(baseline: Baseline, baselinePath: string): void;
+export declare function saveBaseline(baseline: Baseline, baselinePath: string): Promise<void>;
 /**
  * Create a new baseline from scan results
  */

package/dist/utils/baseline.js

@@ -2,10 +2,10 @@
  * Baseline Management - Track and ignore accepted findings
  * Allows users to create baselines of known/accepted security findings
  */
-import { writeFileSync, readFileSync, existsSync, statSync } from 'node:fs';
+import { statSync } from 'node:fs';
+import { writeFile, readFile, mkdir, access } from 'node:fs/promises';
 import { resolve, dirname, extname } from 'node:path';
 import { createHash } from 'node:crypto';
-import { mkdirSync } from 'node:fs';
 import logger from './logger.js';
 /**
  * Generate a hash for a finding to uniquely identify it
@@ -14,20 +14,51 @@ function generateFindingHash(finding) {
     const content = `${finding.ruleId}:${finding.relativePath}:${finding.line}:${finding.match}`;
     return createHash('sha256').update(content).digest('hex');
 }
+/**
+ * Compute integrity hash of a baseline (excluding the integrity field itself)
+ */
+export function computeBaselineIntegrity(baseline) {
+    const payload = JSON.stringify({
+        version: baseline.version,
+        createdDate: baseline.createdDate,
+        lastUpdated: baseline.lastUpdated,
+        description: baseline.description,
+        findings: baseline.findings,
+    });
+    return {
+        algorithm: 'sha256',
+        hash: createHash('sha256').update(payload).digest('hex'),
+    };
+}
+/**
+ * Verify that a loaded baseline has not been tampered with
+ */
+export function verifyBaselineIntegrity(baseline) {
+    if (!baseline.integrity) {
+        return true; // Old baselines without integrity field are accepted
+    }
+    const expected = computeBaselineIntegrity(baseline);
+    return expected.hash === baseline.integrity.hash;
+}
 /**
  * Load baseline from file
  */
-export function loadBaseline(baselinePath) {
+export async function loadBaseline(baselinePath) {
     try {
-        if (!existsSync(baselinePath)) {
-            return null;
-        }
-        const content = readFileSync(baselinePath, 'utf-8');
+        await access(baselinePath);
+    }
+    catch {
+        return null;
+    }
+    try {
+        const content = await readFile(baselinePath, 'utf-8');
         const baseline = JSON.parse(content);
-        // Validate baseline structure
         if (!baseline.version || !baseline.findings || !Array.isArray(baseline.findings)) {
             throw new Error('Invalid baseline format');
         }
+        if (baseline.integrity && !verifyBaselineIntegrity(baseline)) {
+            logger.warn(`Baseline integrity check failed for ${baselinePath} — file may have been tampered with`);
+        }
         logger.debug(`Loaded baseline with ${baseline.findings.length} accepted findings`);
         return baseline;
     }
@@ -39,17 +70,17 @@ export function loadBaseline(baselinePath) {
 /**
  * Save baseline to file
  */
-export function saveBaseline(baseline, baselinePath) {
+export async function saveBaseline(baseline, baselinePath) {
     try {
-        // Ensure directory exists
-        const dir = dirname(baselinePath);
-        mkdirSync(dir, { recursive: true });
-        // Update lastUpdated timestamp
-        baseline.lastUpdated = new Date().toISOString();
-        // Write baseline file
-        const content = JSON.stringify(baseline, null, 2);
-        writeFileSync(baselinePath, content, 'utf-8');
-        logger.info(`Baseline saved to ${baselinePath} with ${baseline.findings.length} findings`);
+        await mkdir(dirname(baselinePath), { recursive: true });
+        const updated = { ...baseline, lastUpdated: new Date().toISOString() };
+        const baselineWithIntegrity = {
+            ...updated,
+            integrity: computeBaselineIntegrity(updated),
+        };
+        const content = JSON.stringify(baselineWithIntegrity, null, 2);
+        await writeFile(baselinePath, content, 'utf-8');
+        logger.info(`Baseline saved to ${baselinePath} with ${baselineWithIntegrity.findings.length} findings`);
     }
     catch (error) {
         logger.error(`Failed to save baseline to ${baselinePath}:`, error);
@@ -227,7 +258,7 @@ export function getDefaultBaselinePath(scanPaths) {
     // Try to find a good location for baseline file
     const firstPath = scanPaths[0] ?? process.cwd();
     try {
-        if (existsSync(firstPath) && statSync(firstPath).isFile()) {
+        if (statSync(firstPath).isFile()) {
             return resolve(dirname(firstPath), '.ferret-baseline.json');
         }
     }

package/dist/utils/contentCache.d.ts

@@ -0,0 +1,39 @@
+/**
+ * LRU-bounded in-memory cache for file content.
+ *
+ * Prevents unbounded memory growth when the scanner reads thousands of files:
+ * - Per-file cap: individual files larger than `maxFileSize` bytes are never cached.
+ * - Aggregate cap: once `totalBytes` would exceed `maxBytes`, the least-recently-used
+ *   entry is evicted first. Same policy applies to the `maxEntries` cap.
+ *
+ * Insertion order of a Map mirrors access order after each get() refresh,
+ * giving us O(1) LRU with the iteration-based eviction below.
+ */
+export interface BoundedContentCacheOpts {
+    /** Maximum total cached bytes. Default: 256 MB. */
+    maxBytes?: number;
+    /** Maximum number of cached entries. Default: 10 000. */
+    maxEntries?: number;
+    /** Maximum size of a single file to admit into the cache. Default: 1 MB. */
+    maxFileSize?: number;
+}
+export declare class BoundedContentCache {
+    private readonly map;
+    private totalBytes;
+    private readonly maxBytes;
+    private readonly maxEntries;
+    private readonly maxFileSize;
+    constructor(opts?: BoundedContentCacheOpts);
+    set(path: string, content: string): void;
+    get(path: string): string | undefined;
+    has(path: string): boolean;
+    /** Number of cached entries. */
+    size(): number;
+    /** Total cached bytes (UTF-8 encoded). */
+    bytes(): number;
+    /** Expose for CorrelationAnalyzer compatibility (read-only iteration). */
+    entries(): IterableIterator<[string, string]>;
+    /** Allow spread / array-from for compatibility with Map-based consumers. */
+    [Symbol.iterator](): IterableIterator<[string, string]>;
+}
+//# sourceMappingURL=contentCache.d.ts.map

package/dist/utils/contentCache.js

@@ -0,0 +1,77 @@
+/**
+ * LRU-bounded in-memory cache for file content.
+ *
+ * Prevents unbounded memory growth when the scanner reads thousands of files:
+ * - Per-file cap: individual files larger than `maxFileSize` bytes are never cached.
+ * - Aggregate cap: once `totalBytes` would exceed `maxBytes`, the least-recently-used
+ *   entry is evicted first. Same policy applies to the `maxEntries` cap.
+ *
+ * Insertion order of a Map mirrors access order after each get() refresh,
+ * giving us O(1) LRU with the iteration-based eviction below.
+ */
+const DEFAULT_MAX_BYTES = 256 * 1024 * 1024; // 256 MB
+const DEFAULT_MAX_ENTRIES = 10_000;
+const DEFAULT_MAX_FILE = 1_000_000; // 1 MB
+export class BoundedContentCache {
+    map = new Map();
+    totalBytes = 0;
+    maxBytes;
+    maxEntries;
+    maxFileSize;
+    constructor(opts = {}) {
+        this.maxBytes = opts.maxBytes ?? DEFAULT_MAX_BYTES;
+        this.maxEntries = opts.maxEntries ?? DEFAULT_MAX_ENTRIES;
+        this.maxFileSize = opts.maxFileSize ?? DEFAULT_MAX_FILE;
+    }
+    set(path, content) {
+        const incoming = Buffer.byteLength(content, 'utf-8');
+        // Refuse files that exceed the per-file cap.
+        if (incoming > this.maxFileSize)
+            return;
+        // If the key already exists, remove its contribution before re-inserting.
+        const existing = this.map.get(path);
+        if (existing !== undefined) {
+            this.map.delete(path);
+            this.totalBytes -= Buffer.byteLength(existing, 'utf-8');
+        }
+        // Evict the oldest (first-in-map) entries until this one fits.
+        while (this.map.size > 0 &&
+            (this.totalBytes + incoming > this.maxBytes || this.map.size >= this.maxEntries)) {
+            const oldestKey = this.map.keys().next().value;
+            const oldestVal = this.map.get(oldestKey);
+            this.map.delete(oldestKey);
+            this.totalBytes -= Buffer.byteLength(oldestVal, 'utf-8');
+        }
+        this.map.set(path, content);
+        this.totalBytes += incoming;
+    }
+    get(path) {
+        const val = this.map.get(path);
+        if (val === undefined)
+            return undefined;
+        // Refresh to most-recently-used position (LRU via Map insertion order).
+        this.map.delete(path);
+        this.map.set(path, val);
+        return val;
+    }
+    has(path) {
+        return this.map.has(path);
+    }
+    /** Number of cached entries. */
+    size() {
+        return this.map.size;
+    }
+    /** Total cached bytes (UTF-8 encoded). */
+    bytes() {
+        return this.totalBytes;
+    }
+    /** Expose for CorrelationAnalyzer compatibility (read-only iteration). */
+    entries() {
+        return this.map.entries();
+    }
+    /** Allow spread / array-from for compatibility with Map-based consumers. */
+    [Symbol.iterator]() {
+        return this.map.entries();
+    }
+}
+//# sourceMappingURL=contentCache.js.map

package/dist/utils/glob.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Safe glob-to-regex conversion utility
+ *
+ * Prevents regex injection attacks and ReDoS by escaping metacharacters
+ * and bounding wildcard replacements.
+ */
+export interface GlobOptions {
+    /** Whether to anchor with ^$ (default: true) */
+    anchored?: boolean;
+    /** Whether this is a file path (affects wildcard replacement) */
+    pathLike?: boolean;
+}
+/**
+ * Convert a glob pattern to a safe RegExp with bounded wildcards.
+ *
+ * - Escapes all regex metacharacters except `*`
+ * - Replaces `*` with bounded character classes to prevent ReDoS
+ * - Anchors patterns to prevent unintended substring matches
+ * - Caches compiled patterns for performance
+ *
+ * @param glob The glob pattern (e.g. "*.env", "CRED-*")
+ * @param opts Configuration options
+ * @returns A safe RegExp that won't cause ReDoS or over-match
+ *
+ * @example
+ * ```typescript
+ * // File pattern matching
+ * const filePattern = globToRegex("*.env", { pathLike: true });
+ * filePattern.test("/path/to/file.env");  // true
+ * filePattern.test("file.env.backup");   // false (anchored)
+ *
+ * // Rule ID pattern matching
+ * const rulePattern = globToRegex("CRED-*");
+ * rulePattern.test("CRED-001");          // true
+ * rulePattern.test("CREDENTIAL-001");    // false (literal dot required)
+ * ```
+ */
+export declare function globToRegex(glob: string, opts?: GlobOptions): RegExp;
+/**
+ * Clear the compiled pattern cache (useful for testing)
+ */
+export declare function clearCache(): void;
+/**
+ * Get cache statistics (useful for debugging)
+ */
+export declare function getCacheStats(): {
+    size: number;
+    keys: string[];
+};
+//# sourceMappingURL=glob.d.ts.map

package/dist/utils/glob.js

@@ -0,0 +1,84 @@
+/**
+ * Safe glob-to-regex conversion utility
+ *
+ * Prevents regex injection attacks and ReDoS by escaping metacharacters
+ * and bounding wildcard replacements.
+ */
+// Regex metacharacters that need escaping (all except asterisk)
+const REGEX_META = /[.+?^${}()|[\]\\]/g;
+// Cache compiled regexes to avoid recompilation in hot paths
+const cache = new Map();
+/**
+ * Convert a glob pattern to a safe RegExp with bounded wildcards.
+ *
+ * - Escapes all regex metacharacters except `*`
+ * - Replaces `*` with bounded character classes to prevent ReDoS
+ * - Anchors patterns to prevent unintended substring matches
+ * - Caches compiled patterns for performance
+ *
+ * @param glob The glob pattern (e.g. "*.env", "CRED-*")
+ * @param opts Configuration options
+ * @returns A safe RegExp that won't cause ReDoS or over-match
+ *
+ * @example
+ * ```typescript
+ * // File pattern matching
+ * const filePattern = globToRegex("*.env", { pathLike: true });
+ * filePattern.test("/path/to/file.env");  // true
+ * filePattern.test("file.env.backup");   // false (anchored)
+ *
+ * // Rule ID pattern matching
+ * const rulePattern = globToRegex("CRED-*");
+ * rulePattern.test("CRED-001");          // true
+ * rulePattern.test("CREDENTIAL-001");    // false (literal dot required)
+ * ```
+ */
+export function globToRegex(glob, opts = {}) {
+    const anchored = opts.anchored !== false;
+    const pathLike = opts.pathLike ?? false;
+    // Create cache key including options
+    const key = `${glob}::${anchored}::${pathLike}`;
+    // Return cached pattern if available
+    const hit = cache.get(key);
+    if (hit) {
+        return hit;
+    }
+    // Escape all regex metacharacters except asterisk
+    const escaped = glob.replace(REGEX_META, '\\$&');
+    // Replace asterisk with bounded character class
+    // Path-like: match non-newlines (for file paths)
+    // Rule-like: match non-whitespace (for rule IDs)
+    const wildcard = pathLike
+        ? '[^\\n]{0,200}' // File paths: no newlines, bound to 200 chars
+        : '[^\\s]{0,200}'; // Rule IDs: no whitespace, bound to 200 chars
+    const body = escaped.replace(/\*/g, wildcard);
+    // Anchor pattern if requested (default)
+    const pattern = anchored ? `^${body}$` : body;
+    try {
+        const compiled = new RegExp(pattern);
+        cache.set(key, compiled);
+        return compiled;
+    }
+    catch {
+        // Fallback to never-matching pattern if compilation fails
+        const fallback = /(?!)/; // Negative lookahead - never matches
+        cache.set(key, fallback);
+        return fallback;
+    }
+}
+/**
+ * Clear the compiled pattern cache (useful for testing)
+ */
+export function clearCache() {
+    cache.clear();
+}
+/**
+ * Get cache statistics (useful for debugging)
+ */
+export function getCacheStats() {
+    return {
+        size: cache.size,
+        keys: Array.from(cache.keys())
+    };
+}
+//# sourceMappingURL=glob.js.map

package/dist/utils/pathSecurity.js

@@ -36,6 +36,7 @@ export function sanitizeFilename(filename) {
         .replace(/[\/\\]/g, '_') // Replace path separators
         .replace(/\.\./g, '_') // Replace parent directory references
         .replace(/[<>:"|?*]/g, '_') // Remove invalid filename characters
+        .replace(/\0/g, '_') // Replace null bytes
         .replace(/^\.+/, '_'); // Remove leading dots
 }
 /**