ferret-scan 2.1.2 → 2.3.0

package/dist/remediation/Quarantine.js

@@ -2,11 +2,49 @@
  * Quarantine System - Safely isolate suspicious files and content
  * Provides reversible quarantine operations with audit trails
  */
-import { readFileSync, writeFileSync, existsSync, mkdirSync, copyFileSync, unlinkSync, statSync } from 'node:fs';
+import { readFileSync, writeFileSync, existsSync, mkdirSync, copyFileSync, unlinkSync, statSync, statfsSync } from 'node:fs';
 import { resolve, dirname, basename } from 'node:path';
 import { createHash } from 'node:crypto';
 import logger from '../utils/logger.js';
 import { validatePathWithinBase, isPathWithinBase } from '../utils/pathSecurity.js';
+/**
+ * Create a quarantine-grade directory with restrictive permissions (0700 on POSIX).
+ * On Windows, Node silently ignores the mode argument — permissions are managed by
+ * the OS ACL instead.
+ */
+function ensureSecureDir(dir) {
+    // 0o700 = owner-only rwx; harmlessly ignored on Windows
+    mkdirSync(dir, { recursive: true, mode: 0o700 });
+    // Verify no group/other bits leaked through (e.g. pre-existing dir with loose perms).
+    // stat().mode & 0o077 !== 0 means at least one g/o bit is set.
+    if (process.platform !== 'win32') {
+        const mode = statSync(dir).mode;
+        if ((mode & 0o077) !== 0) {
+            logger.warn(`Quarantine directory ${dir} has loose permissions (mode ${(mode & 0o777).toString(8)}); secrets may be readable by other users`);
+        }
+    }
+}
+/**
+ * Check whether the quarantine directory has sufficient free space for a file of the given size.
+ * Refuses if the file is ≥50% of remaining disk space to prevent filling the disk.
+ * Returns true (allow) when statfsSync is unavailable (older Node / Windows).
+ */
+function hasSufficientDiskSpace(dir, requiredBytes) {
+    try {
+        // statfsSync is available in Node ≥18.15.0 on POSIX; falls through on Windows.
+        const stats = statfsSync(dir);
+        // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-conversion -- guards against a future { bigint: true } call-site; safe up to ~9 PB
+        const freeBytes = Number(stats.bavail) * Number(stats.bsize);
+        if (requiredBytes >= freeBytes * 0.5) {
+            logger.warn(`Insufficient disk space for quarantine: need ${requiredBytes} bytes, ${freeBytes} available`);
+            return false;
+        }
+    }
+    catch {
+        // statfsSync unavailable — skip the check rather than failing the quarantine.
+    }
+    return true;
+}
 /**
  * Default quarantine options
  */
@@ -54,6 +92,15 @@ export function loadQuarantineDatabase(quarantineDir) {
             logger.warn('Invalid quarantine database, creating new one');
             return createEmptyDatabase();
         }
+        // SECURITY: Sanitize loaded entries — reject any with null bytes in paths
+        db.entries = db.entries.filter(entry => {
+            if (typeof entry.originalPath !== 'string' || entry.originalPath.includes('\0') ||
+                typeof entry.quarantinePath !== 'string' || entry.quarantinePath.includes('\0')) {
+                logger.warn(`Skipping quarantine entry with invalid path: ${entry.id}`);
+                return false;
+            }
+            return true;
+        });
         return db;
     }
     catch (error) {
@@ -66,8 +113,8 @@ export function loadQuarantineDatabase(quarantineDir) {
  */
 export function saveQuarantineDatabase(db, quarantineDir) {
     try {
-        // Ensure directory exists
-        mkdirSync(quarantineDir, { recursive: true });
+        // Ensure directory exists with secure permissions
+        ensureSecureDir(quarantineDir);
         // Update stats and metadata
         db.lastUpdated = new Date().toISOString();
         db.stats = calculateQuarantineStats(db.entries);
@@ -139,8 +186,13 @@ export function quarantineFile(filePath, findings, reason, options = {}) {
         const fileName = basename(filePath);
         const quarantineFileName = `${id}_${fileName}`;
         const quarantinePath = resolve(config.quarantineDir, 'files', quarantineFileName);
-        // Ensure quarantine directory exists
-        mkdirSync(dirname(quarantinePath), { recursive: true });
+        // Ensure quarantine directory exists with secure permissions
+        ensureSecureDir(dirname(quarantinePath));
+        // Refuse quarantine if disk space is critically low
+        if (!hasSufficientDiskSpace(dirname(quarantinePath), stats.size)) {
+            logger.error(`Quarantine aborted for ${filePath}: insufficient disk space`);
+            return null;
+        }
         // Copy file to quarantine
         copyFileSync(filePath, quarantinePath);
         // Calculate metadata
@@ -208,15 +260,22 @@ export function restoreQuarantinedFile(entryId, quarantineDir = DEFAULT_OPTIONS.
             logger.error(`Quarantined file not found: ${entry.quarantinePath}`);
             return false;
         }
-        // SECURITY: Validate originalPath if allowedRestoreBase is specified
-        if (allowedRestoreBase) {
-            if (!isPathWithinBase(entry.originalPath, allowedRestoreBase)) {
-                logger.error(`Restore path outside allowed directory: ${entry.originalPath}`);
-                return false;
-            }
+        // SECURITY: Reject paths containing null bytes — these bypass some OS path checks
+        if (entry.originalPath.includes('\0')) {
+            logger.error(`Restore path contains null byte — rejecting: ${entryId}`);
+            return false;
+        }
+        // SECURITY: Always validate originalPath, defaulting to CWD when no base is supplied.
+        // Without this, an attacker who crafts a quarantine DB entry can restore a file
+        // to any path on the filesystem (e.g. /etc/cron.d/evil, ~/.ssh/authorized_keys).
+        const restoreBase = allowedRestoreBase ?? process.cwd();
+        if (!isPathWithinBase(entry.originalPath, restoreBase)) {
+            logger.error(`Restore path outside allowed directory '${restoreBase}': ${entry.originalPath}`);
+            return false;
         }
         // SECURITY: Validate the quarantine path is within quarantine directory
         validatePathWithinBase(entry.quarantinePath, quarantineDir, 'restoreQuarantinedFile');
+        logger.info(`Restoring '${entry.originalPath}' from quarantine`);
         // Ensure original directory exists
         mkdirSync(dirname(entry.originalPath), { recursive: true });
         // Restore file
@@ -250,6 +309,8 @@ export function deleteQuarantinedFile(entryId, quarantineDir = DEFAULT_OPTIONS.q
             logger.error(`Entry not found at index ${entryIndex}`);
             return false;
         }
+        // SECURITY: Validate quarantine path is within quarantine directory before deleting
+        validatePathWithinBase(entry.quarantinePath, quarantineDir, 'deleteQuarantinedFile');
         // Delete quarantined file
         if (existsSync(entry.quarantinePath)) {
             unlinkSync(entry.quarantinePath);
@@ -321,6 +382,13 @@ export function checkQuarantineHealth(quarantineDir = DEFAULT_OPTIONS.quarantine
     if (!existsSync(quarantineFilesDir)) {
         issues.push('Quarantine files directory missing');
     }
+    // Check directory permissions (POSIX only)
+    if (process.platform !== 'win32' && existsSync(quarantineDir)) {
+        const mode = statSync(quarantineDir).mode;
+        if ((mode & 0o077) !== 0) {
+            issues.push(`Quarantine directory has loose permissions (mode ${(mode & 0o777).toString(8)}); run chmod 700 ${quarantineDir}`);
+        }
+    }
     return {
         healthy: issues.length === 0,
         issues,

package/dist/reporters/ConsoleReporter.js

@@ -84,6 +84,16 @@ function formatSummary(summary, result) {
     lines.push(stats.join('  |  '));
     const ignored = result.ignoredFindings ? `  |  Ignored: ${result.ignoredFindings}` : '';
     lines.push(`Files scanned: ${result.analyzedFiles}  |  Time: ${result.duration}ms  |  Risk Score: ${result.overallRiskScore}/100${ignored}`);
+    if (result.mcpTrustSummary && result.mcpTrustSummary.total > 0) {
+        const t = result.mcpTrustSummary;
+        const trustParts = [
+            t.critical > 0 ? SEVERITY_FORMATTERS['CRITICAL'](`${t.critical} CRITICAL`) : null,
+            t.low > 0 ? SEVERITY_FORMATTERS['HIGH'](`${t.low} LOW`) : null,
+            t.medium > 0 ? SEVERITY_FORMATTERS['MEDIUM'](`${t.medium} MEDIUM`) : null,
+            t.high > 0 ? `${t.high} HIGH` : null,
+        ].filter(Boolean);
+        lines.push(`MCP Trust: ${t.total} server(s) scored — ${trustParts.join(', ')}  |  Lowest: ${t.lowestScore}/100`);
+    }
     return lines.join('\n');
 }
 /**

package/dist/reporters/HtmlReporter.js

@@ -555,6 +555,11 @@ export function generateHtmlReport(result, options = {}) {
         <div class="summary-number" style="color: ${result.overallRiskScore > 75 ? '#dc2626' : result.overallRiskScore > 50 ? '#ea580c' : '#16a34a'}">${result.overallRiskScore}</div>
         <div class="summary-label">Risk Score</div>
       </div>
+      ${result.mcpTrustSummary && result.mcpTrustSummary.total > 0 ? `
+      <div class="summary-card">
+        <div class="summary-number" style="color: ${result.mcpTrustSummary.critical > 0 ? '#dc2626' : result.mcpTrustSummary.low > 0 ? '#ea580c' : '#16a34a'}">${result.mcpTrustSummary.lowestScore}</div>
+        <div class="summary-label">MCP Trust Min</div>
+      </div>` : ''}
     </div>
 
     <div class="filters">

package/dist/reporters/SarifReporter.d.ts

@@ -68,6 +68,7 @@ interface SarifDocument {
                 scanDuration: number;
                 filesScanned: number;
                 riskScore: number;
+                mcpTrustSummary?: import('../types.js').McpTrustSummary;
             };
         };
     }[];

package/dist/reporters/SarifReporter.js

@@ -143,6 +143,7 @@ export function generateSarifReport(result) {
                         scanDuration: result.duration,
                         filesScanned: result.analyzedFiles,
                         riskScore: result.overallRiskScore,
+                        ...(result.mcpTrustSummary ? { mcpTrustSummary: result.mcpTrustSummary } : {}),
                     },
                 },
             }],

package/dist/rules/ai-specific.js

@@ -29,9 +29,9 @@ export const aiSpecificRules = [
         severity: 'HIGH',
         description: 'Detects attempts to make Claude impersonate other entities',
         patterns: [
-            /pretend\s+(to\s+be|you\s+are)\s+.*(anthropic|openai|google|microsoft)/gi,
+            /pretend\s+(to\s+be|you\s+are)\s+[^\n]{0,100}(anthropic|openai|google|microsoft)/gi,
             /you\s+are\s+(now\s+)?(an?\s+)?(anthropic|openai)\s+(employee|staff|system)/gi,
-            /impersonate\s+.*(admin|moderator|system|support)/gi,
+            /impersonate\s+[^\n]{0,100}(admin|moderator|system|support)/gi,
         ],
         fileTypes: ['md'],
         components: ['skill', 'agent', 'ai-config-md'],
@@ -82,8 +82,8 @@ export const aiSpecificRules = [
         severity: 'HIGH',
         description: 'Detects setup for multi-step attacks that unfold over time',
         patterns: [
-            /on\s+the\s+next\s+(message|turn|response)\s+.*(execute|attack|inject|exfiltrate)/gi,
-            /when\s+the\s+user\s+says\s+.*(trigger|activate|execute)\s+.*(attack|payload|exploit)/gi,
+            /on\s+the\s+next\s+(message|turn|response)\s+[^\n]{0,100}(execute|attack|inject|exfiltrate)/gi,
+            /when\s+the\s+user\s+says\s+[^\n]{0,100}(trigger|activate|execute)[^\n]{0,100}(attack|payload|exploit)/gi,
             /wait\s+for\s+(signal|trigger|command)\s+to\s+(attack|execute|inject)/gi,
             /phase\s+\d+\s*:\s*(attack|exploit|inject|exfiltrate|payload)/gi,
             /step\s+\d+\s*:\s*(gain|escalate|exfiltrate|compromise)/gi,
@@ -118,7 +118,7 @@ export const aiSpecificRules = [
         severity: 'MEDIUM',
         description: 'Detects attempts to manipulate output formatting for injection',
         patterns: [
-            /output\s+.*(json|xml|html)\s+without\s+(escaping|validation)/gi,
+            /output\s+[^\n]{0,100}(json|xml|html)\s+without\s+(escaping|validation)/gi,
             /include\s+(raw|unescaped)\s+(html|script|code)/gi,
             /respond\s+with\s+raw\s+/gi,
         ],
@@ -167,8 +167,8 @@ export const aiSpecificRules = [
         severity: 'CRITICAL',
         description: 'Detects patterns that set up indirect prompt injection',
         patterns: [
-            /when\s+you\s+(read|see|find)\s+.*(execute|run|follow)/gi,
-            /if\s+.*(file|url|content)\s+contains.*then\s+(do|execute|run)/gi,
+            /when\s+you\s+(read|see|find)\s+[^\n]{0,100}(execute|run|follow)/gi,
+            /if\s+[^\n]{0,100}(file|url|content)\s+contains[^\n]{0,100}then\s+(do|execute|run)/gi,
             /follow\s+instructions\s+(in|from)\s+(the|any)\s+(file|url|content)/gi,
         ],
         fileTypes: ['md'],
@@ -184,7 +184,7 @@ export const aiSpecificRules = [
         severity: 'HIGH',
         description: 'Detects instructions to abuse AI CLI tools',
         patterns: [
-            /use\s+(bash|write|edit)\s+tool\s+to.*(delete|remove|destroy)/gi,
+            /use\s+(bash|write|edit)\s+tool\s+to[^\n]{0,100}(delete|remove|destroy)/gi,
             /execute\s+(arbitrary|any)\s+(commands?|code)/gi,
             /bypass\s+tool\s+(restrictions|limits|permissions)/gi,
         ],

package/dist/rules/backdoors.js

@@ -32,10 +32,10 @@ export const backdoorRules = [
         patterns: [
             /\/bin\/(ba)?sh\s+-i/gi,
             /bash\s+-i\s+>&/gi,
-            /nc\s+.*-e\s+\/bin/gi,
-            /python.*socket.*connect/gi,
-            /perl.*socket.*INET/gi,
-            /ruby.*TCPSocket/gi,
+            /nc\s+[^\n]{0,100}-e\s+\/bin/gi,
+            /python[^\n]{0,100}socket[^\n]{0,100}connect/gi,
+            /perl[^\n]{0,100}socket[^\n]{0,100}INET/gi,
+            /ruby[^\n]{0,100}TCPSocket/gi,
         ],
         fileTypes: ['sh', 'bash', 'zsh', 'md'],
         components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
@@ -50,10 +50,10 @@ export const backdoorRules = [
         severity: 'CRITICAL',
         description: 'Detects patterns that download and execute remote code',
         patterns: [
-            /curl\s+.*\|\s*(ba)?sh/gi,
-            /wget\s+.*\|\s*(ba)?sh/gi,
-            /curl\s+.*\|\s*python/gi,
-            /wget\s+.*-O\s*-\s*\|\s*(ba)?sh/gi,
+            /curl\s+[^\n]{0,200}\|\s*(ba)?sh/gi,
+            /wget\s+[^\n]{0,200}\|\s*(ba)?sh/gi,
+            /curl\s+[^\n]{0,200}\|\s*python/gi,
+            /wget\s+[^\n]{0,100}-O\s*-\s*\|\s*(ba)?sh/gi,
         ],
         fileTypes: ['sh', 'bash', 'zsh', 'md'],
         components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
@@ -71,7 +71,7 @@ export const backdoorRules = [
             />\s*\/etc\//gi,
             />\s*~\/\.(bash|zsh|profile)/gi,
             /tee\s+\/etc\//gi,
-            /echo.*>>\s*~\/\.(bash|zsh)/gi,
+            /echo[^\n]{0,200}>>\s*~\/\.(bash|zsh)/gi,
         ],
         fileTypes: ['sh', 'bash', 'zsh', 'md'],
         components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
@@ -104,7 +104,7 @@ export const backdoorRules = [
         severity: 'MEDIUM',
         description: 'Detects creation of background processes or daemons',
         patterns: [
-            /nohup\s+.*&/gi,
+            /nohup\s+[^\n]{0,200}&/gi,
             /disown/gi,
             /setsid/gi,
             /&\s*$/gm,
@@ -122,8 +122,8 @@ export const backdoorRules = [
         severity: 'CRITICAL',
         description: 'Detects execution of base64 or otherwise encoded commands',
         patterns: [
-            /echo\s+.*\|\s*base64\s+-d\s*\|\s*(ba)?sh/gi,
-            /base64\s+-d.*\|\s*(ba)?sh/gi,
+            /echo\s+[^\n]{0,200}\|\s*base64\s+-d\s*\|\s*(ba)?sh/gi,
+            /base64\s+-d[^\n]{0,100}\|\s*(ba)?sh/gi,
             /python\s+-c\s+['"]import\s+base64/gi,
         ],
         fileTypes: ['sh', 'bash', 'zsh', 'md'],

package/dist/rules/correlationRules.js

@@ -22,7 +22,7 @@ export const correlationRules = [
             {
                 id: 'CORR-001-A',
                 description: 'Credential access followed by network transmission',
-                filePatterns: ['*'],
+                filePatterns: [],
                 contentPatterns: [
                     'SECRET|TOKEN|API_KEY|getenv|process\\.env',
                     'fetch|axios|XMLHttpRequest|curl|wget|request'
@@ -50,7 +50,7 @@ export const correlationRules = [
             {
                 id: 'CORR-002-A',
                 description: 'Permission escalation with startup persistence',
-                filePatterns: ['*'],
+                filePatterns: [],
                 contentPatterns: [
                     'chmod|chown|setuid|sudo|defaultMode.*dontAsk',
                     'startup|onload|autostart|service.*enable|systemctl.*enable'
@@ -131,7 +131,7 @@ export const correlationRules = [
             {
                 id: 'CORR-005-A',
                 description: 'AI safeguard bypass with data harvesting',
-                filePatterns: ['*'],
+                filePatterns: [],
                 contentPatterns: [
                     'ignore.*previous.*instruction|forget.*safeguard|bypass.*filter',
                     'conversation.*history|user.*data|personal.*information|collect.*data'
@@ -158,7 +158,7 @@ export const correlationRules = [
             {
                 id: 'CORR-006-A',
                 description: 'Package installation with network communication',
-                filePatterns: ['*'],
+                filePatterns: [],
                 contentPatterns: [
                     'npm.*install|pip.*install|wget.*http|curl.*http|git.*clone',
                     'http://|https://|fetch\\(|axios|request\\(|XMLHttpRequest'
@@ -186,7 +186,7 @@ export const correlationRules = [
             {
                 id: 'CORR-007-A',
                 description: 'File access with network transmission',
-                filePatterns: ['*'],
+                filePatterns: [],
                 contentPatterns: [
                     'readFile|writeFile|fs\\.|glob|find.*-name',
                     'fetch\\(|axios|post|put|XMLHttpRequest'
@@ -213,7 +213,7 @@ export const correlationRules = [
             {
                 id: 'CORR-008-A',
                 description: 'Authentication bypass with privileged access',
-                filePatterns: ['*'],
+                filePatterns: [],
                 contentPatterns: [
                     'auth.*bypass|no.*auth|skip.*login|admin.*access',
                     'sudo|root|administrator|privileged|elevated'

package/dist/rules/index.d.ts

@@ -33,6 +33,7 @@ export declare function getRuleById(id: string): Rule | undefined;
  * Get enabled rules only
  */
 export declare function getEnabledRules(): Rule[];
+export declare function clearRuleCache(): void;
 /**
  * Get rules for scanning with filters applied
  */

package/dist/rules/index.js

@@ -59,10 +59,18 @@ export function getRuleById(id) {
 export function getEnabledRules() {
     return ALL_RULES.filter(rule => rule.enabled);
 }
+const scanRuleCache = new Map();
+export function clearRuleCache() {
+    scanRuleCache.clear();
+}
 /**
  * Get rules for scanning with filters applied
  */
 export function getRulesForScan(categories, severities) {
+    const key = `${[...categories].sort().join(',')}::${[...severities].sort().join(',')}`;
+    const cached = scanRuleCache.get(key);
+    if (cached)
+        return cached;
     const rules = ALL_RULES.filter(rule => {
         if (!rule.enabled)
             return false;
@@ -72,7 +80,8 @@ export function getRulesForScan(categories, severities) {
             return false;
         return true;
     });
-    logger.debug(`Loaded ${rules.length} rules for scan`);
+    scanRuleCache.set(key, rules);
+    logger.debug(`Loaded ${rules.length} rules for scan (cached)`);
     return rules;
 }
 /**

package/dist/rules/injection.js

@@ -30,7 +30,7 @@ export const injectionRules = [
         severity: 'HIGH',
         description: 'Detects attempts to switch Claude into different operational modes',
         patterns: [
-            /you\s+are\s+now\s+in\s+[^\n]{0,100}(mode|state)/gi,
+            /you\s+are\s+now\s+in\s+\S+\s+(mode|state)/gi,
             /enter\s+(developer|admin|debug|unrestricted|jailbreak)\s+mode/gi,
             /switch\s+to\s+(developer|admin|debug|unrestricted)\s+mode/gi,
             /activate\s+(developer|admin|debug|god)\s+mode/gi,
@@ -110,10 +110,10 @@ export const injectionRules = [
         severity: 'MEDIUM',
         description: 'Detects suspicious role-play instructions that may be injection attempts',
         patterns: [
-            /roleplay\s+as\s+.*(evil|malicious|hacker|attacker)/gi,
-            /pretend\s+(to\s+be|you\s+are)\s+.*(evil|malicious|hacker)/gi,
-            /act\s+as\s+.*(evil|malicious|hacker|attacker)/gi,
-            /you\s+are\s+(an?\s+)?(evil|malicious|rogue|compromised)/gi,
+            /roleplay\s+as\s+[^\n]{0,100}(evil|malicious|hacker|attacker)/gi,
+            /pretend\s+(to\s+be|you\s+are)\s+[^\n]{0,100}(evil|malicious|hacker)/gi,
+            /act\s+as\s+[^\n]{0,100}(evil|malicious|hacker|attacker)/gi,
+            /you\s+are\s+(an?\s+)?[^\n]{0,50}(evil|malicious|rogue|compromised)/gi,
         ],
         fileTypes: ['md', 'json'],
         components: ['skill', 'agent', 'ai-config-md'],
@@ -128,9 +128,9 @@ export const injectionRules = [
         severity: 'HIGH',
         description: 'Detects hidden instructions using HTML comments or special formatting',
         patterns: [
-            /<!--.*?(ignore|override|disregard|bypass).*?-->/gis,
-            /\[hidden\].*?(ignore|override|disregard)/gi,
-            /\[SYSTEM\].*?instruction/gi,
+            /<!--[\s\S]{0,500}?(ignore|override|disregard|bypass)[\s\S]{0,500}?-->/gi,
+            /\[hidden\][^\n]{0,100}(ignore|override|disregard)/gi,
+            /\[SYSTEM\][^\n]{0,100}instruction/gi,
         ],
         fileTypes: ['md'],
         components: ['skill', 'agent', 'ai-config-md'],

package/dist/rules/patterns/common.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Shared regex building blocks for security detection rules
+ *
+ * Centralises frequently reused keyword sets and pattern factories so rule
+ * files stay readable and changes propagate consistently across all rules.
+ */
+/** Credential-related keyword alternation used across detection rules */
+export declare const CREDENTIAL_KEYWORDS = "api[_-]?key|token|secret|password|credential";
+/** High-entropy suffix matching strings ≥20 alphanumeric chars */
+export declare const HIGH_ENTROPY_SUFFIX = "[a-zA-Z0-9]{20,}";
+/**
+ * Build a credential-harvest detection pattern for a given verb.
+ *
+ * Matches:  `<verb>  [up to 100 chars]  (credential keyword)`
+ * Avoids catastrophic backtracking via bounded non-newline character class.
+ *
+ * @param verb A plain literal verb string — e.g. "send", "transmit", "upload".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export declare function buildHarvestPattern(verb: string): RegExp;
+/**
+ * Build an assignment detection pattern for a given credential keyword.
+ *
+ * Matches:  `api_key = "abc123..."` or `secret-key: 'xyz...'`
+ *
+ * @param keyword A plain literal credential keyword — e.g. "api_key", "secret-token".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export declare function buildCredentialAssignPattern(keyword: string): RegExp;
+//# sourceMappingURL=common.d.ts.map

package/dist/rules/patterns/common.js

@@ -0,0 +1,48 @@
+/**
+ * Shared regex building blocks for security detection rules
+ *
+ * Centralises frequently reused keyword sets and pattern factories so rule
+ * files stay readable and changes propagate consistently across all rules.
+ */
+// ─── Keyword sets ─────────────────────────────────────────────────────────────
+/** Credential-related keyword alternation used across detection rules */
+export const CREDENTIAL_KEYWORDS = 'api[_-]?key|token|secret|password|credential';
+/** High-entropy suffix matching strings ≥20 alphanumeric chars */
+export const HIGH_ENTROPY_SUFFIX = '[a-zA-Z0-9]{20,}';
+// ─── Pattern factories ────────────────────────────────────────────────────────
+/**
+ * Build a credential-harvest detection pattern for a given verb.
+ *
+ * Matches:  `<verb>  [up to 100 chars]  (credential keyword)`
+ * Avoids catastrophic backtracking via bounded non-newline character class.
+ *
+ * @param verb A plain literal verb string — e.g. "send", "transmit", "upload".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export function buildHarvestPattern(verb) {
+    // Reject dangerous patterns that could cause ReDoS or injection
+    if (/\*|\+|\{|\||\\|\$|\^|\(|\)/.test(verb)) {
+        throw new Error(`buildHarvestPattern: verb contains dangerous regex metacharacters, got: ${verb}`);
+    }
+    return new RegExp(`${verb}\\s+\\w+(?:\\s+\\w+){0,10}\\s+(${CREDENTIAL_KEYWORDS})`, 'gi');
+}
+/**
+ * Build an assignment detection pattern for a given credential keyword.
+ *
+ * Matches:  `api_key = "abc123..."` or `secret-key: 'xyz...'`
+ *
+ * @param keyword A plain literal credential keyword — e.g. "api_key", "secret-token".
+ *   Must NOT contain regex metacharacters. The following characters are rejected
+ *   at runtime: `* + { | \ $ ^ ( )`
+ *   Callers should pass a hard-coded string, never user-supplied input.
+ */
+export function buildCredentialAssignPattern(keyword) {
+    // Reject dangerous patterns that could cause ReDoS or injection
+    if (/\*|\+|\{|\||\\|\$|\^|\(|\)/.test(keyword)) {
+        throw new Error(`buildCredentialAssignPattern: keyword contains dangerous regex metacharacters, got: ${keyword}`);
+    }
+    return new RegExp(`${keyword}\\s*[:=]\\s*["']${HIGH_ENTROPY_SUFFIX}`, 'gi');
+}
+//# sourceMappingURL=common.js.map

package/dist/scanner/IAnalyzer.d.ts

@@ -0,0 +1,19 @@
+/**
+ * IAnalyzer — interface for pluggable file analyzers
+ */
+import type { DiscoveredFile, Finding, Rule, ScannerConfig } from '../types.js';
+export interface AnalyzerContext {
+    file: DiscoveredFile;
+    content: string;
+    config: ScannerConfig;
+    /** Merged rule set (base + custom) for this scan */
+    rules: Rule[];
+    /** Findings accumulated so far (allows later analyzers to gate on earlier results) */
+    existingFindings: Finding[];
+}
+export interface IAnalyzer {
+    readonly name: string;
+    shouldRun(ctx: AnalyzerContext): boolean;
+    analyze(ctx: AnalyzerContext): Promise<Finding[]>;
+}
+//# sourceMappingURL=IAnalyzer.d.ts.map

package/dist/scanner/IAnalyzer.js

@@ -0,0 +1,5 @@
+/**
+ * IAnalyzer — interface for pluggable file analyzers
+ */
+export {};
+//# sourceMappingURL=IAnalyzer.js.map

package/dist/scanner/PatternMatcher.js

@@ -54,13 +54,29 @@ function calculateRiskScore(severity, matchCount, fileComponent) {
 /**
  * Find all pattern matches in content using global regex search
  */
-function findMatches(content, patterns) {
+function findMatches(content, patterns, opts = { maxMatches: 1000, maxRuntimeMs: 5000 }) {
+    const startTime = Date.now();
     const matches = [];
     for (const pattern of patterns) {
+        // Check time budget before starting each pattern
+        if (Date.now() - startTime > opts.maxRuntimeMs) {
+            logger.warn(`Regex matcher time budget exceeded (${opts.maxRuntimeMs}ms), stopping pattern processing`);
+            return matches;
+        }
         // Create a new regex with global flag
         const globalPattern = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
         let match;
         while ((match = globalPattern.exec(content)) !== null) {
+            // Check time budget on each match
+            if (Date.now() - startTime > opts.maxRuntimeMs) {
+                logger.warn(`Regex matcher time budget exceeded (${opts.maxRuntimeMs}ms) during pattern processing`);
+                return matches;
+            }
+            // Check match count limit
+            if (matches.length >= opts.maxMatches) {
+                logger.warn(`Max match limit reached (${opts.maxMatches}), stopping pattern processing`);
+                return matches;
+            }
             // Guard against zero-length matches to prevent infinite loops
             if (match[0].length === 0) {
                 globalPattern.lastIndex += 1;
@@ -151,7 +167,8 @@ export function matchRule(rule, file, content, options) {
     }
     const findings = [];
     const lines = splitLines(content);
-    const matches = findMatches(content, rule.patterns);
+    const patternOptions = { maxMatches: 1000, maxRuntimeMs: 5000 };
+    const matches = findMatches(content, rule.patterns, patternOptions);
     // Group matches by line to avoid duplicates
     const matchesByLine = new Map();
     for (const match of matches) {