ferret-scan 2.2.0 → 2.4.0

package/dist/__tests__/mcpValidator.extra.test.js

@@ -0,0 +1,270 @@
+/**
+ * Additional MCP Validator Tests
+ */
+import { validateMcpConfigContent, validateMcpConfig, mcpAssessmentsToFindings, findAndValidateMcpConfigs, } from '../features/mcpValidator.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+describe('validateMcpConfigContent', () => {
+    it('returns valid=true for empty servers', () => {
+        const result = validateMcpConfigContent(JSON.stringify({ mcpServers: {} }));
+        expect(result.valid).toBe(true);
+        expect(result.assessments).toHaveLength(0);
+    });
+    it('returns valid=false for invalid JSON', () => {
+        const result = validateMcpConfigContent('not valid json {{{');
+        expect(result.valid).toBe(false);
+        expect(result.errors.length).toBeGreaterThan(0);
+    });
+    it('validates safe server with trusted npx command', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'safe-server': {
+                    command: 'npx',
+                    args: ['@modelcontextprotocol/server-filesystem@1.0.0', '/tmp'],
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        expect(result.assessments).toHaveLength(1);
+        // No issues for pinned trusted package
+        const assessment = result.assessments[0];
+        expect(assessment.issues.filter(i => i.type === 'unpinned-npx')).toHaveLength(0);
+    });
+    it('detects unpinned npx package', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'test-server': {
+                    command: 'npx',
+                    args: ['some-mcp-server'],
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.some(i => i.type === 'unpinned-npx')).toBe(true);
+    });
+    it('detects insecure HTTP transport', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'remote-server': {
+                    url: 'http://api.example.com/mcp',
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.some(i => i.type === 'insecure-transport')).toBe(true);
+    });
+    it('allows HTTPS transport', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'secure-server': {
+                    url: 'https://api.example.com/mcp',
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.filter(i => i.type === 'insecure-transport')).toHaveLength(0);
+    });
+    it('detects hardcoded secret in env vars', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'api-server': {
+                    command: 'npx',
+                    args: ['mcp-server@1.0.0'],
+                    env: {
+                        API_TOKEN: 'sk-real-secret-token-123456',
+                    },
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.some(i => i.type === 'hardcoded-secret')).toBe(true);
+    });
+    it('allows env var references', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'api-server': {
+                    command: 'npx',
+                    args: ['mcp-server@1.0.0'],
+                    env: {
+                        API_TOKEN: '${MY_TOKEN}',
+                    },
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.filter(i => i.type === 'hardcoded-secret')).toHaveLength(0);
+    });
+    it('detects tunnel service', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'tunnel-server': {
+                    url: 'https://abc123.ngrok.io/mcp',
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.some(i => i.type === 'tunnel-service')).toBe(true);
+    });
+    it('handles servers using alternative "servers" key', () => {
+        const config = JSON.stringify({
+            servers: {
+                'alt-server': {
+                    command: 'node',
+                    args: ['./server.js'],
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        expect(result.assessments).toHaveLength(1);
+    });
+    it('detects shell expansion in command', () => {
+        const config = JSON.stringify({
+            mcpServers: {
+                'shell-server': {
+                    command: 'bash',
+                    args: ['-c', 'echo $(whoami)'],
+                },
+            },
+        });
+        const result = validateMcpConfigContent(config);
+        expect(result.valid).toBe(true);
+        const assessment = result.assessments[0];
+        expect(assessment.issues.some(i => i.type === 'shell-expansion')).toBe(true);
+    });
+});
+describe('validateMcpConfig', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-mcp-test-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('returns error for non-existent file', () => {
+        const result = validateMcpConfig('/nonexistent/mcp.json');
+        expect(result.valid).toBe(false);
+        expect(result.errors[0]).toContain('not found');
+    });
+    it('validates a valid MCP config file', () => {
+        const filePath = path.join(tmpDir, '.mcp.json');
+        fs.writeFileSync(filePath, JSON.stringify({ mcpServers: {} }));
+        const result = validateMcpConfig(filePath);
+        expect(result.valid).toBe(true);
+    });
+});
+describe('mcpAssessmentsToFindings', () => {
+    it('returns empty array for no assessments', () => {
+        const findings = mcpAssessmentsToFindings([], '/project/.mcp.json');
+        expect(findings).toHaveLength(0);
+    });
+    it('converts assessments with issues to findings', () => {
+        const assessments = [
+            {
+                serverName: 'test-server',
+                command: 'npx',
+                args: ['test'],
+                url: undefined,
+                capabilities: [],
+                riskLevel: 'high',
+                issues: [
+                    {
+                        type: 'unpinned-npx',
+                        severity: 'MEDIUM',
+                        description: 'Unpinned npx package',
+                        remediation: 'Pin package version',
+                    },
+                ],
+            },
+        ];
+        const findings = mcpAssessmentsToFindings(assessments, '/project/.mcp.json');
+        expect(findings).toHaveLength(1);
+        expect(findings[0]?.severity).toBe('MEDIUM');
+        expect(findings[0]?.ruleId).toMatch(/^MCP-/);
+    });
+    it('categorizes secret issues correctly', () => {
+        const assessments = [
+            {
+                serverName: 'test-server',
+                command: 'npx',
+                args: [],
+                url: undefined,
+                capabilities: [],
+                riskLevel: 'high',
+                issues: [
+                    {
+                        type: 'hardcoded-secret',
+                        severity: 'HIGH',
+                        description: 'Secret found',
+                        remediation: 'Use env refs',
+                    },
+                ],
+            },
+        ];
+        const findings = mcpAssessmentsToFindings(assessments, '/project/.mcp.json');
+        expect(findings[0]?.category).toBe('credentials');
+    });
+    it('assigns correct risk scores', () => {
+        const assessments = [
+            {
+                serverName: 'test',
+                command: undefined,
+                args: [],
+                url: undefined,
+                capabilities: [],
+                riskLevel: 'critical',
+                issues: [
+                    { type: 'x', severity: 'CRITICAL', description: 'x', remediation: 'x' },
+                    { type: 'y', severity: 'HIGH', description: 'y', remediation: 'y' },
+                    { type: 'z', severity: 'MEDIUM', description: 'z', remediation: 'z' },
+                    { type: 'w', severity: 'LOW', description: 'w', remediation: 'w' },
+                ],
+            },
+        ];
+        const findings = mcpAssessmentsToFindings(assessments, '/project/.mcp.json');
+        expect(findings[0]?.riskScore).toBe(95);
+        expect(findings[1]?.riskScore).toBe(80);
+        expect(findings[2]?.riskScore).toBe(60);
+        expect(findings[3]?.riskScore).toBe(40);
+    });
+});
+describe('findAndValidateMcpConfigs', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-mcp-find-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('returns empty when no MCP configs found', () => {
+        const result = findAndValidateMcpConfigs(tmpDir);
+        expect(result.configs).toHaveLength(0);
+        expect(result.totalIssues).toBe(0);
+    });
+    it('finds and validates .mcp.json', () => {
+        fs.writeFileSync(path.join(tmpDir, '.mcp.json'), JSON.stringify({ mcpServers: {} }));
+        const result = findAndValidateMcpConfigs(tmpDir);
+        expect(result.configs).toHaveLength(1);
+        expect(result.configs[0]?.path).toContain('.mcp.json');
+    });
+    it('finds and validates mcp.json', () => {
+        fs.writeFileSync(path.join(tmpDir, 'mcp.json'), JSON.stringify({ mcpServers: {} }));
+        const result = findAndValidateMcpConfigs(tmpDir);
+        expect(result.configs).toHaveLength(1);
+    });
+});
+//# sourceMappingURL=mcpValidator.extra.test.js.map

package/dist/__tests__/patternMatcherExtra.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Additional PatternMatcher Tests
+ * Covers uncovered branches: excludePatterns, excludeContext, requireContext,
+ * minMatchLength, createPatternMatcher, multiple matches per line
+ */
+export {};
+//# sourceMappingURL=patternMatcherExtra.test.d.ts.map

package/dist/__tests__/patternMatcherExtra.test.js

@@ -0,0 +1,198 @@
+/**
+ * Additional PatternMatcher Tests
+ * Covers uncovered branches: excludePatterns, excludeContext, requireContext,
+ * minMatchLength, createPatternMatcher, multiple matches per line
+ */
+import { matchRule, matchRules, createPatternMatcher } from '../scanner/PatternMatcher.js';
+function makeFile(overrides = {}) {
+    return {
+        path: '/project/.claude/agents/test.md',
+        relativePath: 'agents/test.md',
+        type: 'md',
+        component: 'agent',
+        size: 100,
+        modified: new Date(),
+        ...overrides,
+    };
+}
+function makeRule(overrides = {}) {
+    return {
+        id: 'TEST-001',
+        name: 'Test Rule',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Test description',
+        patterns: [/dangerous/gi],
+        fileTypes: ['md'],
+        components: ['agent', 'skill', 'hook', 'plugin', 'mcp', 'settings', 'ai-config-md', 'rules-file'],
+        remediation: 'Fix it',
+        references: [],
+        enabled: true,
+        ...overrides,
+    };
+}
+describe('matchRule', () => {
+    const opts = { contextLines: 2 };
+    it('returns empty array when rule does not apply to file type', () => {
+        const rule = makeRule({ fileTypes: ['json'] });
+        const file = makeFile({ type: 'md' });
+        const findings = matchRule(rule, file, 'dangerous content', opts);
+        expect(findings).toHaveLength(0);
+    });
+    it('returns empty array when rule does not apply to component', () => {
+        const rule = makeRule({ components: ['hook'] });
+        const file = makeFile({ component: 'agent' });
+        const findings = matchRule(rule, file, 'dangerous content', opts);
+        expect(findings).toHaveLength(0);
+    });
+    it('finds matches in content', () => {
+        const rule = makeRule();
+        const file = makeFile();
+        const findings = matchRule(rule, file, 'this is dangerous', opts);
+        expect(findings).toHaveLength(1);
+        expect(findings[0]?.ruleId).toBe('TEST-001');
+        expect(findings[0]?.line).toBe(1);
+    });
+    it('handles multiple matches across different lines', () => {
+        const rule = makeRule();
+        const file = makeFile();
+        const content = 'line one dangerous\nline two safe\nline three dangerous';
+        const findings = matchRule(rule, file, content, opts);
+        expect(findings).toHaveLength(2);
+    });
+    it('excludes matches below minMatchLength', () => {
+        const rule = makeRule({
+            patterns: [/bad/gi],
+            minMatchLength: 10, // "bad" is only 3 chars
+        });
+        const file = makeFile();
+        const findings = matchRule(rule, file, 'this is bad', opts);
+        expect(findings).toHaveLength(0);
+    });
+    it('keeps matches at or above minMatchLength', () => {
+        const rule = makeRule({
+            patterns: [/dangerouslylongmatch/gi],
+            minMatchLength: 5,
+        });
+        const file = makeFile();
+        const findings = matchRule(rule, file, 'dangerouslylongmatch here', opts);
+        expect(findings).toHaveLength(1);
+    });
+    it('excludes matches matching excludePatterns', () => {
+        const rule = makeRule({
+            excludePatterns: [/example\./i],
+        });
+        const file = makeFile();
+        // Line contains 'dangerous' but also 'example.' which triggers exclusion
+        const findings = matchRule(rule, file, 'dangerous example.com', opts);
+        expect(findings).toHaveLength(0);
+    });
+    it('does not exclude matches when excludePattern does not match', () => {
+        const rule = makeRule({
+            excludePatterns: [/safe-example/i],
+        });
+        const file = makeFile();
+        const findings = matchRule(rule, file, 'dangerous real attack', opts);
+        expect(findings).toHaveLength(1);
+    });
+    it('excludes matches based on excludeContext', () => {
+        const rule = makeRule({
+            excludeContext: [/this is documentation/i],
+        });
+        const file = makeFile();
+        const content = 'this is documentation\ndangerous content here\nend of doc';
+        const findings = matchRule(rule, file, content, opts);
+        expect(findings).toHaveLength(0);
+    });
+    it('requires context to be present', () => {
+        const rule = makeRule({
+            requireContext: [/must-be-present/i],
+        });
+        const file = makeFile();
+        const content = 'dangerous content without required context';
+        const findings = matchRule(rule, file, content, opts);
+        expect(findings).toHaveLength(0);
+    });
+    it('keeps match when required context is present', () => {
+        const rule = makeRule({
+            requireContext: [/must-be-present/i],
+        });
+        const file = makeFile();
+        const content = 'must-be-present\ndangerous content here\n';
+        const findings = matchRule(rule, file, content, opts);
+        expect(findings).toHaveLength(1);
+    });
+    it('increases risk score for hook components', () => {
+        const agentFile = makeFile({ component: 'agent' });
+        const hookFile = makeFile({ component: 'hook' });
+        const rule = makeRule({
+            components: ['agent', 'hook', 'plugin', 'mcp', 'skill', 'settings', 'ai-config-md', 'rules-file'],
+        });
+        const agentFindings = matchRule(rule, agentFile, 'dangerous content', opts);
+        const hookFindings = matchRule(rule, hookFile, 'dangerous content', opts);
+        expect(agentFindings).toHaveLength(1);
+        expect(hookFindings).toHaveLength(1);
+        // Hook components get higher risk scores (1.2x multiplier)
+        expect(hookFindings[0]?.riskScore).toBeGreaterThanOrEqual(agentFindings[0].riskScore);
+    });
+    it('deduplicates multiple matches on the same line', () => {
+        const rule = makeRule({
+            patterns: [/bad/gi, /dangerous/gi],
+        });
+        const file = makeFile();
+        // "dangerous" matches pattern 2, but let's have two patterns that match same line
+        const findings = matchRule(rule, file, 'this is bad dangerous content', opts);
+        // Should only create one finding per line, not two
+        const line1Findings = findings.filter(f => f.line === 1);
+        expect(line1Findings).toHaveLength(1);
+    });
+    it('returns empty for disabled rule in matchRules', () => {
+        const rule = makeRule({ enabled: false });
+        const file = makeFile();
+        const findings = matchRules([rule], file, 'dangerous content', opts);
+        expect(findings).toHaveLength(0);
+    });
+});
+describe('matchRules', () => {
+    it('returns findings from multiple enabled rules', () => {
+        const rule1 = makeRule({ id: 'TEST-001', patterns: [/dangerous/gi] });
+        const rule2 = makeRule({ id: 'TEST-002', patterns: [/secret/gi] });
+        const file = makeFile();
+        const content = 'dangerous secret content';
+        const findings = matchRules([rule1, rule2], file, content, { contextLines: 0 });
+        expect(findings.length).toBeGreaterThanOrEqual(2);
+    });
+    it('skips disabled rules', () => {
+        const enabledRule = makeRule({ id: 'ENABLED-001', patterns: [/dangerous/gi] });
+        const disabledRule = makeRule({ id: 'DISABLED-001', patterns: [/secret/gi], enabled: false });
+        const file = makeFile();
+        const findings = matchRules([enabledRule, disabledRule], file, 'dangerous secret', { contextLines: 0 });
+        expect(findings.every(f => f.ruleId === 'ENABLED-001')).toBe(true);
+    });
+});
+describe('createPatternMatcher', () => {
+    it('returns an object with matchRule and matchRules methods', () => {
+        const matcher = createPatternMatcher({ contextLines: 3 });
+        expect(typeof matcher.matchRule).toBe('function');
+        expect(typeof matcher.matchRules).toBe('function');
+    });
+    it('uses the provided options for matching', () => {
+        const matcher = createPatternMatcher({ contextLines: 0 });
+        const rule = makeRule();
+        const file = makeFile();
+        const findings = matcher.matchRule(rule, file, 'dangerous content');
+        expect(findings).toHaveLength(1);
+        expect(findings[0]?.context).toHaveLength(1); // Just the matching line
+    });
+    it('matchRules method works with multiple rules', () => {
+        const matcher = createPatternMatcher({ contextLines: 0 });
+        const rules = [
+            makeRule({ id: 'R1', patterns: [/dangerous/gi] }),
+            makeRule({ id: 'R2', patterns: [/secret/gi] }),
+        ];
+        const file = makeFile();
+        const findings = matcher.matchRules(rules, file, 'dangerous secret');
+        expect(findings.length).toBeGreaterThanOrEqual(2);
+    });
+});
+//# sourceMappingURL=patternMatcherExtra.test.js.map

package/dist/__tests__/patternsCommon.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Rules Patterns Common Tests
+ * Tests for shared regex building blocks used by security detection rules.
+ */
+export {};
+//# sourceMappingURL=patternsCommon.test.d.ts.map

package/dist/__tests__/patternsCommon.test.js

@@ -0,0 +1,107 @@
+/**
+ * Rules Patterns Common Tests
+ * Tests for shared regex building blocks used by security detection rules.
+ */
+import { CREDENTIAL_KEYWORDS, HIGH_ENTROPY_SUFFIX, buildHarvestPattern, buildCredentialAssignPattern, } from '../rules/patterns/common.js';
+// ---------------------------------------------------------------------------
+// CREDENTIAL_KEYWORDS
+// ---------------------------------------------------------------------------
+describe('CREDENTIAL_KEYWORDS', () => {
+    it('is a non-empty string', () => {
+        expect(typeof CREDENTIAL_KEYWORDS).toBe('string');
+        expect(CREDENTIAL_KEYWORDS.length).toBeGreaterThan(0);
+    });
+    it('contains common credential keywords', () => {
+        expect(CREDENTIAL_KEYWORDS).toContain('token');
+        expect(CREDENTIAL_KEYWORDS).toContain('secret');
+        expect(CREDENTIAL_KEYWORDS).toContain('password');
+    });
+});
+// ---------------------------------------------------------------------------
+// HIGH_ENTROPY_SUFFIX
+// ---------------------------------------------------------------------------
+describe('HIGH_ENTROPY_SUFFIX', () => {
+    it('is a non-empty string', () => {
+        expect(typeof HIGH_ENTROPY_SUFFIX).toBe('string');
+        expect(HIGH_ENTROPY_SUFFIX.length).toBeGreaterThan(0);
+    });
+    it('produces a pattern that matches 20+ alphanumeric characters', () => {
+        const re = new RegExp(HIGH_ENTROPY_SUFFIX);
+        expect(re.test('abcdefghijklmnopqrstu')).toBe(true); // 21 chars
+        expect(re.test('short')).toBe(false);
+    });
+});
+// ---------------------------------------------------------------------------
+// buildHarvestPattern
+// ---------------------------------------------------------------------------
+describe('buildHarvestPattern', () => {
+    it('returns a RegExp', () => {
+        const pattern = buildHarvestPattern('send');
+        expect(pattern).toBeInstanceOf(RegExp);
+    });
+    it('is case-insensitive and global', () => {
+        const pattern = buildHarvestPattern('send');
+        expect(pattern.flags).toContain('g');
+        expect(pattern.flags).toContain('i');
+    });
+    it('matches a simple harvest sentence with credential keyword', () => {
+        const pattern = buildHarvestPattern('send');
+        expect(pattern.test('send the password now')).toBe(true);
+    });
+    it('matches with different credential keyword words', () => {
+        const pattern = buildHarvestPattern('transmit');
+        expect(pattern.test('transmit the secret value')).toBe(true);
+    });
+    it('does not match when verb is absent', () => {
+        const pattern = buildHarvestPattern('upload');
+        expect(pattern.test('download the secret value')).toBe(false);
+    });
+    it('throws on verb containing dangerous metacharacter *', () => {
+        expect(() => buildHarvestPattern('send*')).toThrow();
+    });
+    it('throws on verb containing dangerous metacharacter +', () => {
+        expect(() => buildHarvestPattern('send+')).toThrow();
+    });
+    it('throws on verb containing dangerous metacharacter |', () => {
+        expect(() => buildHarvestPattern('send|recv')).toThrow();
+    });
+    it('throws on verb containing dangerous metacharacter (', () => {
+        expect(() => buildHarvestPattern('(send)')).toThrow();
+    });
+});
+// ---------------------------------------------------------------------------
+// buildCredentialAssignPattern
+// ---------------------------------------------------------------------------
+describe('buildCredentialAssignPattern', () => {
+    it('returns a RegExp', () => {
+        const pattern = buildCredentialAssignPattern('api_key');
+        expect(pattern).toBeInstanceOf(RegExp);
+    });
+    it('is case-insensitive and global', () => {
+        const pattern = buildCredentialAssignPattern('api_key');
+        expect(pattern.flags).toContain('g');
+        expect(pattern.flags).toContain('i');
+    });
+    it('matches assignment with = and quoted high-entropy value', () => {
+        const pattern = buildCredentialAssignPattern('api_key');
+        expect(pattern.test('api_key = "abcdefghijklmnopqrstuvwxyz"')).toBe(true);
+    });
+    it('matches assignment with : separator', () => {
+        const pattern = buildCredentialAssignPattern('secret');
+        expect(pattern.test("secret: 'abcdefghijklmnopqrstuvwxyz'")).toBe(true);
+    });
+    it('does not match short values (less than 20 chars)', () => {
+        const pattern = buildCredentialAssignPattern('api_key');
+        expect(pattern.test('api_key = "short"')).toBe(false);
+    });
+    it('throws on keyword containing dangerous metacharacter *', () => {
+        expect(() => buildCredentialAssignPattern('api*key')).toThrow();
+    });
+    it('throws on keyword containing dangerous metacharacter +', () => {
+        expect(() => buildCredentialAssignPattern('api+key')).toThrow();
+    });
+    it('throws on keyword containing dangerous metacharacter \\', () => {
+        expect(() => buildCredentialAssignPattern('api\\key')).toThrow();
+    });
+});
+//# sourceMappingURL=patternsCommon.test.js.map

package/dist/__tests__/policyEnforcement.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Policy Enforcement Tests
+ */
+export {};
+//# sourceMappingURL=policyEnforcement.test.d.ts.map