ferret-scan 2.2.0 → 2.4.0

package/dist/__tests__/ThreatFeed.test.js

@@ -0,0 +1,359 @@
+/**
+ * ThreatFeed Tests
+ * Tests for threat intelligence database operations: load, save, add, remove, query.
+ */
+jest.mock('node:fs');
+import * as fs from 'node:fs';
+import { loadThreatDatabase, saveThreatDatabase, addIndicators, removeIndicators, getIndicatorsByType, getIndicatorsByCategory, getHighConfidenceIndicators, searchIndicators, needsUpdate, } from '../intelligence/ThreatFeed.js';
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const mockFs = fs;
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function makeIndicator(overrides = {}) {
+    return {
+        value: 'example.com',
+        type: 'domain',
+        category: 'phishing',
+        severity: 'high',
+        description: 'Test domain indicator',
+        source: 'test-source',
+        firstSeen: '2024-01-01T00:00:00Z',
+        lastSeen: '2024-01-01T00:00:00Z',
+        confidence: 80,
+        tags: ['test'],
+        ...overrides,
+    };
+}
+function makeDatabase(overrides = {}) {
+    return {
+        version: '1.0',
+        lastUpdated: new Date(Date.now() - 1000).toISOString(),
+        sources: [],
+        indicators: [],
+        stats: {
+            totalIndicators: 0,
+            byType: {
+                domain: 0, url: 0, ip: 0, hash: 0, email: 0,
+                filename: 0, package: 0, pattern: 0, signature: 0,
+            },
+            byCategory: {},
+            bySeverity: {},
+        },
+        ...overrides,
+    };
+}
+const VALID_DB_JSON = JSON.stringify({
+    version: '1.0',
+    lastUpdated: new Date().toISOString(),
+    sources: [],
+    indicators: [
+        {
+            value: 'evil.com',
+            type: 'domain',
+            category: 'phishing',
+            severity: 'high',
+            description: 'Evil domain',
+            source: 'test',
+            firstSeen: '2024-01-01T00:00:00Z',
+            lastSeen: '2024-01-01T00:00:00Z',
+            confidence: 90,
+            tags: ['phishing'],
+        },
+    ],
+    stats: {
+        totalIndicators: 1,
+        byType: { domain: 1, url: 0, ip: 0, hash: 0, email: 0, filename: 0, package: 0, pattern: 0, signature: 0 },
+        byCategory: { phishing: 1 },
+        bySeverity: { high: 1 },
+    },
+});
+// ---------------------------------------------------------------------------
+// loadThreatDatabase
+// ---------------------------------------------------------------------------
+describe('loadThreatDatabase', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+    });
+    it('returns default database when threat-db.json does not exist', () => {
+        mockFs.existsSync.mockReturnValue(false);
+        const db = loadThreatDatabase('/nonexistent-dir');
+        expect(db).toBeDefined();
+        expect(db.version).toBeDefined();
+        // Should still have builtin indicators
+        expect(db.indicators.length).toBeGreaterThan(0);
+    });
+    it('loads database from existing file', () => {
+        mockFs.existsSync.mockReturnValue(true);
+        mockFs.readFileSync.mockReturnValue(VALID_DB_JSON);
+        const db = loadThreatDatabase('/intel-dir');
+        expect(db.indicators).toHaveLength(1);
+        expect(db.indicators[0].value).toBe('evil.com');
+    });
+    it('falls back to default database when file has invalid JSON', () => {
+        mockFs.existsSync.mockReturnValue(true);
+        mockFs.readFileSync.mockReturnValue('{ invalid json }');
+        const db = loadThreatDatabase('/intel-dir');
+        // Should return default (with builtin indicators)
+        expect(db).toBeDefined();
+        expect(db.indicators.length).toBeGreaterThan(0);
+    });
+    it('falls back to default database when file fails schema validation', () => {
+        mockFs.existsSync.mockReturnValue(true);
+        mockFs.readFileSync.mockReturnValue(JSON.stringify({ notADb: true }));
+        const db = loadThreatDatabase('/intel-dir');
+        expect(db).toBeDefined();
+        // Default DB has builtin indicators
+        expect(db.indicators.length).toBeGreaterThan(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// saveThreatDatabase
+// ---------------------------------------------------------------------------
+describe('saveThreatDatabase', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+        mockFs.mkdirSync.mockReturnValue(undefined);
+        mockFs.writeFileSync.mockReturnValue(undefined);
+    });
+    it('saves database and updates metadata', () => {
+        const db = makeDatabase({
+            indicators: [makeIndicator()],
+        });
+        saveThreatDatabase(db, '/intel-dir');
+        expect(mockFs.mkdirSync).toHaveBeenCalled();
+        expect(mockFs.writeFileSync).toHaveBeenCalled();
+        // Verify the saved content is valid JSON
+        const savedArgs = mockFs.writeFileSync.mock.calls[0];
+        const saved = JSON.parse(savedArgs[1]);
+        expect(saved.indicators).toHaveLength(1);
+        expect(saved.stats.totalIndicators).toBe(1);
+    });
+    it('throws when writeFileSync fails', () => {
+        mockFs.mkdirSync.mockReturnValue(undefined);
+        mockFs.writeFileSync.mockImplementation(() => { throw new Error('disk full'); });
+        const db = makeDatabase();
+        expect(() => saveThreatDatabase(db, '/intel-dir')).toThrow('disk full');
+    });
+    it('updates lastUpdated timestamp on save', () => {
+        const oldTime = '2020-01-01T00:00:00Z';
+        const db = makeDatabase({ lastUpdated: oldTime });
+        saveThreatDatabase(db, '/intel-dir');
+        const savedArgs = mockFs.writeFileSync.mock.calls[0];
+        const saved = JSON.parse(savedArgs[1]);
+        expect(saved.lastUpdated).not.toBe(oldTime);
+    });
+});
+// ---------------------------------------------------------------------------
+// addIndicators
+// ---------------------------------------------------------------------------
+describe('addIndicators', () => {
+    it('adds new indicators to database', () => {
+        const db = makeDatabase();
+        const result = addIndicators(db, [
+            {
+                value: 'new-evil.com',
+                type: 'domain',
+                category: 'phishing',
+                severity: 'high',
+                description: 'New evil domain',
+                source: 'test',
+                confidence: 85,
+                tags: ['phishing'],
+            },
+        ]);
+        expect(result.indicators).toHaveLength(1);
+        expect(result.indicators[0].value).toBe('new-evil.com');
+        expect(result.indicators[0].firstSeen).toBeDefined();
+        expect(result.indicators[0].lastSeen).toBeDefined();
+    });
+    it('skips duplicate indicators', () => {
+        const existing = makeIndicator({ value: 'known.com', type: 'domain' });
+        const db = makeDatabase({ indicators: [existing] });
+        const result = addIndicators(db, [
+            {
+                value: 'known.com',
+                type: 'domain',
+                category: 'phishing',
+                severity: 'medium',
+                description: 'Duplicate',
+                source: 'test2',
+                confidence: 70,
+                tags: [],
+            },
+        ]);
+        expect(result.indicators).toHaveLength(1);
+    });
+    it('adds multiple indicators at once', () => {
+        const db = makeDatabase();
+        const result = addIndicators(db, [
+            { value: 'a.com', type: 'domain', category: 'c1', severity: 'high', description: 'd', source: 's', confidence: 80, tags: [] },
+            { value: 'b.com', type: 'domain', category: 'c2', severity: 'low', description: 'd', source: 's', confidence: 60, tags: [] },
+        ]);
+        expect(result.indicators).toHaveLength(2);
+    });
+    it('updates stats after adding indicators', () => {
+        const db = makeDatabase();
+        const result = addIndicators(db, [
+            { value: 'pkg-evil', type: 'package', category: 'malicious-package', severity: 'critical', description: 'evil pkg', source: 's', confidence: 100, tags: [] },
+        ]);
+        expect(result.stats.totalIndicators).toBe(1);
+        expect(result.stats.byType['package']).toBe(1);
+        expect(result.stats.bySeverity['critical']).toBe(1);
+    });
+    it('does not mutate original database', () => {
+        const db = makeDatabase();
+        addIndicators(db, [{ value: 'x.com', type: 'domain', category: 'c', severity: 'low', description: 'd', source: 's', confidence: 50, tags: [] }]);
+        expect(db.indicators).toHaveLength(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// removeIndicators
+// ---------------------------------------------------------------------------
+describe('removeIndicators', () => {
+    it('removes indicator by type:value key', () => {
+        const db = makeDatabase({
+            indicators: [
+                makeIndicator({ value: 'remove.com', type: 'domain' }),
+                makeIndicator({ value: 'keep.com', type: 'domain' }),
+            ],
+        });
+        const result = removeIndicators(db, ['domain:remove.com']);
+        expect(result.indicators).toHaveLength(1);
+        expect(result.indicators[0].value).toBe('keep.com');
+    });
+    it('removes indicator by index', () => {
+        const db = makeDatabase({
+            indicators: [
+                makeIndicator({ value: 'first.com' }),
+                makeIndicator({ value: 'second.com' }),
+            ],
+        });
+        const result = removeIndicators(db, ['0']);
+        expect(result.indicators).toHaveLength(1);
+        expect(result.indicators[0].value).toBe('second.com');
+    });
+    it('returns unchanged database when id not found', () => {
+        const db = makeDatabase({ indicators: [makeIndicator()] });
+        const result = removeIndicators(db, ['nonexistent:key']);
+        expect(result.indicators).toHaveLength(1);
+    });
+    it('updates stats after removal', () => {
+        const db = makeDatabase({
+            indicators: [makeIndicator({ value: 'x.com', type: 'domain' })],
+        });
+        const result = removeIndicators(db, ['domain:x.com']);
+        expect(result.stats.totalIndicators).toBe(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// getIndicatorsByType
+// ---------------------------------------------------------------------------
+describe('getIndicatorsByType', () => {
+    const db = makeDatabase({
+        indicators: [
+            makeIndicator({ value: 'a.com', type: 'domain' }),
+            makeIndicator({ value: 'b.com', type: 'domain' }),
+            makeIndicator({ value: 'pkg-evil', type: 'package' }),
+        ],
+    });
+    it('returns indicators matching the type', () => {
+        const domains = getIndicatorsByType(db, 'domain');
+        expect(domains).toHaveLength(2);
+    });
+    it('returns empty array when no indicators match', () => {
+        const hashes = getIndicatorsByType(db, 'hash');
+        expect(hashes).toHaveLength(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// getIndicatorsByCategory
+// ---------------------------------------------------------------------------
+describe('getIndicatorsByCategory', () => {
+    const db = makeDatabase({
+        indicators: [
+            makeIndicator({ category: 'phishing' }),
+            makeIndicator({ category: 'phishing' }),
+            makeIndicator({ category: 'malware' }),
+        ],
+    });
+    it('returns indicators in the given category', () => {
+        expect(getIndicatorsByCategory(db, 'phishing')).toHaveLength(2);
+    });
+    it('returns empty array for unknown category', () => {
+        expect(getIndicatorsByCategory(db, 'unknown')).toHaveLength(0);
+    });
+});
+// ---------------------------------------------------------------------------
+// getHighConfidenceIndicators
+// ---------------------------------------------------------------------------
+describe('getHighConfidenceIndicators', () => {
+    const db = makeDatabase({
+        indicators: [
+            makeIndicator({ confidence: 95 }),
+            makeIndicator({ confidence: 80 }),
+            makeIndicator({ confidence: 60 }),
+            makeIndicator({ confidence: 40 }),
+        ],
+    });
+    it('returns indicators above default threshold of 80', () => {
+        const result = getHighConfidenceIndicators(db);
+        expect(result).toHaveLength(2);
+    });
+    it('accepts custom confidence threshold', () => {
+        const result = getHighConfidenceIndicators(db, 60);
+        expect(result).toHaveLength(3);
+    });
+    it('returns all when threshold is 0', () => {
+        const result = getHighConfidenceIndicators(db, 0);
+        expect(result).toHaveLength(4);
+    });
+});
+// ---------------------------------------------------------------------------
+// searchIndicators
+// ---------------------------------------------------------------------------
+describe('searchIndicators', () => {
+    const db = makeDatabase({
+        indicators: [
+            makeIndicator({ value: 'phishing-site.com', description: 'Fake bank', tags: ['phishing', 'finance'] }),
+            makeIndicator({ value: 'malware-cdn.net', description: 'Malware CDN', tags: ['malware'] }),
+            makeIndicator({ value: 'legit-check.com', description: 'False positive check', tags: ['safe'] }),
+        ],
+    });
+    it('finds indicators by value substring', () => {
+        expect(searchIndicators(db, 'phishing')).toHaveLength(1);
+    });
+    it('finds indicators by description', () => {
+        expect(searchIndicators(db, 'malware')).toHaveLength(1);
+    });
+    it('finds indicators by tag', () => {
+        expect(searchIndicators(db, 'finance')).toHaveLength(1);
+    });
+    it('returns empty array when no matches', () => {
+        expect(searchIndicators(db, 'zzznomatch')).toHaveLength(0);
+    });
+    it('search is case-insensitive', () => {
+        expect(searchIndicators(db, 'PHISHING')).toHaveLength(1);
+    });
+});
+// ---------------------------------------------------------------------------
+// needsUpdate
+// ---------------------------------------------------------------------------
+describe('needsUpdate', () => {
+    it('returns true when database is older than maxAgeHours', () => {
+        const oldDate = new Date(Date.now() - 25 * 60 * 60 * 1000).toISOString(); // 25 hours ago
+        const db = makeDatabase({ lastUpdated: oldDate });
+        expect(needsUpdate(db, 24)).toBe(true);
+    });
+    it('returns false when database is fresh', () => {
+        const recentDate = new Date(Date.now() - 1 * 60 * 60 * 1000).toISOString(); // 1 hour ago
+        const db = makeDatabase({ lastUpdated: recentDate });
+        expect(needsUpdate(db, 24)).toBe(false);
+    });
+    it('uses default maxAge of 24 hours', () => {
+        const recentDate = new Date(Date.now() - 23 * 60 * 60 * 1000).toISOString();
+        const db = makeDatabase({ lastUpdated: recentDate });
+        expect(needsUpdate(db)).toBe(false);
+    });
+});
+//# sourceMappingURL=ThreatFeed.test.js.map

package/dist/__tests__/WatchMode.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * WatchMode Tests
+ * Tests for the debounce function and createChangeNotifier exported from WatchMode.ts
+ */
+export {};
+//# sourceMappingURL=WatchMode.test.d.ts.map

package/dist/__tests__/WatchMode.test.js

@@ -0,0 +1,104 @@
+/**
+ * WatchMode Tests
+ * Tests for the debounce function and createChangeNotifier exported from WatchMode.ts
+ */
+// Mock Scanner to avoid ora (ESM-only) import issues
+jest.mock('../scanner/Scanner.js', () => ({
+    scan: jest.fn().mockResolvedValue({ findings: [] }),
+}));
+// Mock ConsoleReporter
+jest.mock('../reporters/ConsoleReporter.js', () => ({
+    generateConsoleReport: jest.fn().mockReturnValue('mock report'),
+}));
+import { createChangeNotifier } from '../scanner/WatchMode.js';
+import { EventEmitter } from 'events';
+class MockWatcher extends EventEmitter {
+    close() { return Promise.resolve(); }
+    getWatched() { return {}; }
+}
+let _mockWatcherInstance = null;
+const mockWatch = jest.fn((..._args) => {
+    _mockWatcherInstance = new MockWatcher();
+    return _mockWatcherInstance;
+});
+// Mock chokidar so we don't need real file watching
+jest.mock('chokidar', () => ({
+    __esModule: true,
+    default: {
+        watch: (...args) => mockWatch(...args),
+    },
+}));
+function getWatcherInstance() {
+    return _mockWatcherInstance;
+}
+describe('createChangeNotifier', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+        jest.useFakeTimers();
+    });
+    afterEach(() => {
+        jest.useRealTimers();
+    });
+    it('returns a cleanup function', () => {
+        const cleanup = createChangeNotifier(['/tmp'], jest.fn(), { debounceMs: 100 });
+        expect(typeof cleanup).toBe('function');
+        cleanup();
+    });
+    it('calls chokidar.watch with the given paths', () => {
+        createChangeNotifier(['/project', '/home'], jest.fn(), { debounceMs: 100 });
+        expect(mockWatch).toHaveBeenCalledWith(['/project', '/home'], expect.any(Object));
+    });
+    it('does not invoke callback before debounce period', () => {
+        const callback = jest.fn();
+        createChangeNotifier(['/tmp'], callback, { debounceMs: 500 });
+        const watcher = getWatcherInstance();
+        watcher.emit('all', 'change', '/tmp/file.md');
+        // No time advance yet
+        expect(callback).not.toHaveBeenCalled();
+        const cleanup = createChangeNotifier(['/tmp'], callback, { debounceMs: 500 });
+        cleanup();
+    });
+    it('invokes callback after debounce period with changed files', () => {
+        const callback = jest.fn();
+        createChangeNotifier(['/tmp'], callback, { debounceMs: 500 });
+        const watcher = getWatcherInstance();
+        watcher.emit('all', 'add', '/tmp/file1.md');
+        watcher.emit('all', 'change', '/tmp/file2.md');
+        jest.advanceTimersByTime(600);
+        expect(callback).toHaveBeenCalledTimes(1);
+        expect(callback).toHaveBeenCalledWith(expect.arrayContaining(['/tmp/file1.md', '/tmp/file2.md']));
+    });
+    it('ignores non-add/change/unlink events', () => {
+        const callback = jest.fn();
+        createChangeNotifier(['/tmp'], callback, { debounceMs: 100 });
+        const watcher = getWatcherInstance();
+        watcher.emit('all', 'ready', '/tmp');
+        watcher.emit('all', 'error', '/tmp');
+        jest.advanceTimersByTime(200);
+        expect(callback).not.toHaveBeenCalled();
+    });
+    it('debounces rapid file changes', () => {
+        const callback = jest.fn();
+        createChangeNotifier(['/tmp'], callback, { debounceMs: 300 });
+        const watcher = getWatcherInstance();
+        // Fire multiple change events rapidly
+        for (let i = 0; i < 5; i++) {
+            watcher.emit('all', 'change', `/tmp/file${i}.md`);
+            jest.advanceTimersByTime(50);
+        }
+        // Not called yet
+        expect(callback).not.toHaveBeenCalled();
+        // Advance past debounce
+        jest.advanceTimersByTime(400);
+        // Should have been called once with all files
+        expect(callback).toHaveBeenCalledTimes(1);
+    });
+    it('cleanup calls watcher.close()', () => {
+        const cleanup = createChangeNotifier(['/tmp'], jest.fn(), { debounceMs: 100 });
+        const watcher = getWatcherInstance();
+        const closeSpy = jest.spyOn(watcher, 'close');
+        cleanup();
+        expect(closeSpy).toHaveBeenCalled();
+    });
+});
+//# sourceMappingURL=WatchMode.test.js.map

package/dist/__tests__/astAnalyzerExtra.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Additional AstAnalyzer Tests
+ * Tests for shouldAnalyze and getMemoryUsage
+ */
+export {};
+//# sourceMappingURL=astAnalyzerExtra.test.d.ts.map

package/dist/__tests__/astAnalyzerExtra.test.js

@@ -0,0 +1,67 @@
+/**
+ * Additional AstAnalyzer Tests
+ * Tests for shouldAnalyze and getMemoryUsage
+ */
+import { shouldAnalyze, getMemoryUsage } from '../analyzers/AstAnalyzer.js';
+function makeFile(overrides = {}) {
+    return {
+        path: '/project/test.md',
+        relativePath: 'test.md',
+        type: 'md',
+        component: 'agent',
+        size: 1000,
+        modified: new Date(),
+        ...overrides,
+    };
+}
+describe('shouldAnalyze', () => {
+    const config = { semanticAnalysis: true, maxFileSize: 1024 * 1024 };
+    it('returns false when semanticAnalysis is disabled', () => {
+        expect(shouldAnalyze(makeFile(), { ...config, semanticAnalysis: false })).toBe(false);
+    });
+    it('returns false for files exceeding maxFileSize', () => {
+        const bigFile = makeFile({ size: 2 * 1024 * 1024 });
+        expect(shouldAnalyze(bigFile, config)).toBe(false);
+    });
+    it('returns true for markdown files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'md' }), config)).toBe(true);
+    });
+    it('returns true for TypeScript files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'ts' }), config)).toBe(true);
+    });
+    it('returns true for JavaScript files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'js' }), config)).toBe(true);
+    });
+    it('returns true for TSX files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'tsx' }), config)).toBe(true);
+    });
+    it('returns true for JSX files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'jsx' }), config)).toBe(true);
+    });
+    it('returns false for JSON files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'json' }), config)).toBe(false);
+    });
+    it('returns false for YAML files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'yaml' }), config)).toBe(false);
+    });
+    it('returns false for shell files', () => {
+        expect(shouldAnalyze(makeFile({ type: 'sh' }), config)).toBe(false);
+    });
+});
+describe('getMemoryUsage', () => {
+    it('returns an object with used and total properties', () => {
+        const usage = getMemoryUsage();
+        expect(typeof usage.used).toBe('number');
+        expect(typeof usage.total).toBe('number');
+    });
+    it('returns positive values', () => {
+        const usage = getMemoryUsage();
+        expect(usage.used).toBeGreaterThan(0);
+        expect(usage.total).toBeGreaterThan(0);
+    });
+    it('used is less than or equal to total', () => {
+        const usage = getMemoryUsage();
+        expect(usage.used).toBeLessThanOrEqual(usage.total);
+    });
+});
+//# sourceMappingURL=astAnalyzerExtra.test.js.map

package/dist/__tests__/astAnalyzerFull.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Full AstAnalyzer Tests
+ * Tests for analyzeFile function
+ */
+export {};
+//# sourceMappingURL=astAnalyzerFull.test.d.ts.map