ferret-scan 2.2.0 → 2.4.0

package/dist/__tests__/configLoaderExtra.test.js

@@ -0,0 +1,186 @@
+/**
+ * Additional Config Loader Tests
+ * Tests for loadConfig with LLM and mitreAtlas config file settings
+ */
+import { loadConfig } from '../utils/config.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+describe('loadConfig - config file with LLM settings', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-config-extra-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('loads LLM settings from config file', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            features: {
+                llmAnalysis: true,
+            },
+            llm: {
+                provider: 'openai-compatible',
+                baseUrl: 'https://api.openai.com/v1/chat/completions',
+                model: 'gpt-4o',
+                apiKeyEnv: 'OPENAI_API_KEY',
+                timeoutMs: 30000,
+                jsonMode: true,
+                maxInputChars: 8000,
+                maxOutputTokens: 1000,
+                temperature: 0,
+                systemPromptAddendum: 'Extra instructions',
+                includeMitreAtlasTechniques: true,
+                maxMitreAtlasTechniques: 50,
+                cacheDir: '.ferret-cache/llm',
+                cacheTtlHours: 168,
+                maxRetries: 2,
+                retryBackoffMs: 500,
+                retryMaxBackoffMs: 5000,
+                minRequestIntervalMs: 250,
+                onlyIfFindings: true,
+                maxFindingsPerFile: 5,
+                maxFiles: 10,
+                minConfidence: 0.7,
+            },
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.llm.provider).toBe('openai-compatible');
+        expect(config.llm.model).toBe('gpt-4o');
+        expect(config.llmAnalysis).toBe(true);
+    });
+    it('loads mitreAtlasCatalog settings from config file', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            mitreAtlasCatalog: {
+                enabled: true,
+                autoUpdate: true,
+                sourceUrl: 'https://example.com/stix-atlas.json',
+                cachePath: '.ferret-cache/atlas.json',
+                cacheTtlHours: 72,
+                timeoutMs: 10000,
+                forceRefresh: false,
+            },
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.mitreAtlasCatalog.enabled).toBe(true);
+        expect(config.mitreAtlasCatalog.autoUpdate).toBe(true);
+        expect(config.mitreAtlasCatalog.cacheTtlHours).toBe(72);
+    });
+    it('loads all feature flags from config file', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            features: {
+                entropyAnalysis: true,
+                mcpValidation: true,
+                dependencyAnalysis: true,
+                dependencyAudit: true,
+                capabilityMapping: true,
+                ignoreComments: true,
+                mitreAtlas: true,
+                llmAnalysis: true,
+            },
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.entropyAnalysis).toBe(true);
+        expect(config.mcpValidation).toBe(true);
+        expect(config.dependencyAnalysis).toBe(true);
+        expect(config.dependencyAudit).toBe(true);
+        expect(config.capabilityMapping).toBe(true);
+        expect(config.ignoreComments).toBe(true);
+        expect(config.mitreAtlas).toBe(true);
+        expect(config.llmAnalysis).toBe(true);
+    });
+    it('loads threat intelligence from config file', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            threatIntelligence: {
+                enabled: true,
+                feeds: ['https://example.com/feed'],
+            },
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.threatIntel).toBe(true);
+    });
+    it('loads LLM includeMitreAtlasTechniques explicitly', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            llm: {
+                includeMitreAtlasCatalog: false, // triggers llmIncludeAtlasExplicit
+                includeMitreAtlasTechniques: true,
+            },
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.llm.includeMitreAtlasTechniques).toBe(true);
+    });
+    it('applies CLI llmMaxInputChars option', () => {
+        const config = loadConfig({ llmMaxInputChars: 5000 });
+        expect(config.llm.maxInputChars).toBe(5000);
+    });
+    it('applies CLI llmTimeoutMs option', () => {
+        const config = loadConfig({ llmTimeoutMs: 15000 });
+        expect(config.llm.timeoutMs).toBe(15000);
+    });
+    it('applies CLI dependencyAudit option', () => {
+        const config = loadConfig({ dependencyAudit: true });
+        expect(config.dependencyAudit).toBe(true);
+    });
+    it('handles config file with customRules as array', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            customRules: ['./my-rules.json', './more-rules.yaml'],
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.customRules).toBeDefined();
+    });
+    it('handles config file with customRules as string', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            customRules: './my-rules.json',
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.customRules.length).toBeGreaterThan(0);
+    });
+    it('handles config file with failOn', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            failOn: 'HIGH',
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.failOn).toBe('HIGH');
+    });
+    it('handles config file with configOnly', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            configOnly: true,
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.configOnly).toBe(true);
+    });
+    it('handles config file with marketplaceMode', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            marketplaceMode: 'all',
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.marketplaceMode).toBe('all');
+    });
+    it('handles config file with docDampening', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            docDampening: false,
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.docDampening).toBe(false);
+    });
+    it('handles config file with redact', () => {
+        const configPath = path.join(tmpDir, '.ferretrc.json');
+        fs.writeFileSync(configPath, JSON.stringify({
+            redact: true,
+        }));
+        const config = loadConfig({ config: configPath });
+        expect(config.redact).toBe(true);
+    });
+});
+//# sourceMappingURL=configLoaderExtra.test.js.map

package/dist/__tests__/correlationAnalyzerExtra.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Additional CorrelationAnalyzer Tests
+ */
+export {};
+//# sourceMappingURL=correlationAnalyzerExtra.test.d.ts.map

package/dist/__tests__/correlationAnalyzerExtra.test.js

@@ -0,0 +1,98 @@
+/**
+ * Additional CorrelationAnalyzer Tests
+ */
+import { analyzeCorrelations, shouldAnalyzeCorrelations } from '../analyzers/CorrelationAnalyzer.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+function makeFile(overrides = {}) {
+    return {
+        path: '/project/test.md',
+        relativePath: 'test.md',
+        type: 'md',
+        component: 'agent',
+        size: 100,
+        modified: new Date(),
+        ...overrides,
+    };
+}
+function makeRule(overrides = {}) {
+    return {
+        id: 'TEST-001',
+        name: 'Test Rule',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Test',
+        patterns: [/dangerous/gi],
+        fileTypes: ['md'],
+        components: ['agent', 'skill', 'hook', 'plugin', 'mcp', 'settings', 'ai-config-md', 'rules-file'],
+        remediation: 'Fix it',
+        references: [],
+        enabled: true,
+        ...overrides,
+    };
+}
+describe('shouldAnalyzeCorrelations', () => {
+    it('returns false when correlationAnalysis is disabled', () => {
+        const files = [makeFile(), makeFile()];
+        expect(shouldAnalyzeCorrelations(files, { correlationAnalysis: false })).toBe(false);
+    });
+    it('returns false with fewer than 2 files', () => {
+        expect(shouldAnalyzeCorrelations([makeFile()], { correlationAnalysis: true })).toBe(false);
+        expect(shouldAnalyzeCorrelations([], { correlationAnalysis: true })).toBe(false);
+    });
+    it('returns true with 2+ files and correlationAnalysis enabled', () => {
+        const files = [makeFile(), makeFile(), makeFile()];
+        expect(shouldAnalyzeCorrelations(files, { correlationAnalysis: true })).toBe(true);
+    });
+});
+describe('analyzeCorrelations', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-corr-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('returns empty array for no files', () => {
+        const result = analyzeCorrelations([], [makeRule()]);
+        expect(result).toHaveLength(0);
+    });
+    it('returns empty array for single file', () => {
+        const file = makeFile();
+        const result = analyzeCorrelations([file], [makeRule()]);
+        expect(result).toHaveLength(0);
+    });
+    it('returns empty array for rules without correlationRules', () => {
+        const files = [makeFile(), makeFile()];
+        const rules = [makeRule()]; // No correlationRules
+        const result = analyzeCorrelations(files, rules);
+        expect(result).toHaveLength(0);
+    });
+    it('analyzes files when correlationRules present', () => {
+        // Create two temp files
+        const file1Path = path.join(tmpDir, 'agent1.md');
+        const file2Path = path.join(tmpDir, 'agent2.md');
+        fs.writeFileSync(file1Path, 'secret content');
+        fs.writeFileSync(file2Path, 'exfiltration content');
+        const file1 = makeFile({ path: file1Path, relativePath: 'agent1.md' });
+        const file2 = makeFile({ path: file2Path, relativePath: 'agent2.md' });
+        const ruleWithCorrelation = makeRule({
+            correlationRules: [{
+                    id: 'CORR-001',
+                    description: 'Detects correlated patterns',
+                    filePatterns: ['*.md'],
+                    contentPatterns: ['secret', 'exfiltration'],
+                    maxDistance: 2,
+                }],
+        });
+        const result = analyzeCorrelations([file1, file2], [ruleWithCorrelation]);
+        expect(Array.isArray(result)).toBe(true);
+    });
+    it('returns empty array for no rules', () => {
+        const files = [makeFile(), makeFile()];
+        const result = analyzeCorrelations(files, []);
+        expect(result).toHaveLength(0);
+    });
+});
+//# sourceMappingURL=correlationAnalyzerExtra.test.js.map

package/dist/__tests__/correlationAnalyzerFull.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Comprehensive CorrelationAnalyzer Tests
+ * Tests that trigger the cross-file correlation logic with actual files
+ */
+export {};
+//# sourceMappingURL=correlationAnalyzerFull.test.d.ts.map

package/dist/__tests__/correlationAnalyzerFull.test.js

@@ -0,0 +1,154 @@
+/**
+ * Comprehensive CorrelationAnalyzer Tests
+ * Tests that trigger the cross-file correlation logic with actual files
+ */
+import { analyzeCorrelations } from '../analyzers/CorrelationAnalyzer.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+function makeFileWithContent(filePath, content) {
+    return {
+        path: filePath,
+        relativePath: path.basename(filePath),
+        type: 'md',
+        component: 'agent',
+        size: Buffer.byteLength(content),
+        modified: new Date(),
+    };
+}
+function makeCorrelationRule(overrides = {}) {
+    return {
+        id: 'CORR-001',
+        name: 'Test Correlation Rule',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Detects correlated patterns across files',
+        patterns: [],
+        fileTypes: ['md'],
+        components: ['agent', 'skill', 'hook', 'plugin', 'mcp', 'settings', 'ai-config-md', 'rules-file'],
+        remediation: 'Review the correlated patterns',
+        references: [],
+        enabled: true,
+        correlationRules: [
+            {
+                id: 'CORR-RULE-001',
+                description: 'Exfiltration combined with credential access',
+                filePatterns: ['*.md'],
+                contentPatterns: ['secret', 'exfiltrate'],
+                maxDistance: 3,
+            },
+        ],
+        ...overrides,
+    };
+}
+describe('analyzeCorrelations - with real files', () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ferret-corr-full-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it('detects cross-file correlation with matching patterns', () => {
+        const file1Path = path.join(tmpDir, 'agent1.md');
+        const file2Path = path.join(tmpDir, 'agent2.md');
+        fs.writeFileSync(file1Path, '# Agent 1\nAccess secret files here');
+        fs.writeFileSync(file2Path, '# Agent 2\nExfiltrate data to external server');
+        const file1 = makeFileWithContent(file1Path, '# Agent 1\nAccess secret files here');
+        const file2 = makeFileWithContent(file2Path, '# Agent 2\nExfiltrate data to external server');
+        const rule = makeCorrelationRule();
+        const results = analyzeCorrelations([file1, file2], [rule]);
+        expect(Array.isArray(results)).toBe(true);
+        // May or may not find correlation depending on pattern matching
+    });
+    it('returns no results when files are too far apart (maxDistance)', () => {
+        // Create deeply nested files
+        const deepDir1 = path.join(tmpDir, 'a', 'b', 'c', 'd');
+        const deepDir2 = path.join(tmpDir, 'x', 'y', 'z', 'w');
+        fs.mkdirSync(deepDir1, { recursive: true });
+        fs.mkdirSync(deepDir2, { recursive: true });
+        const file1Path = path.join(deepDir1, 'agent1.md');
+        const file2Path = path.join(deepDir2, 'agent2.md');
+        fs.writeFileSync(file1Path, '# Agent\nAccess secret files');
+        fs.writeFileSync(file2Path, '# Agent\nExfiltrate data');
+        const file1 = makeFileWithContent(file1Path, '# Agent\nAccess secret files');
+        const file2 = makeFileWithContent(file2Path, '# Agent\nExfiltrate data');
+        const rule = makeCorrelationRule({
+            correlationRules: [{
+                    id: 'CORR-RULE-001',
+                    description: 'Test',
+                    filePatterns: ['*.md'],
+                    contentPatterns: ['secret', 'exfiltrate'],
+                    maxDistance: 1, // Very small max distance
+                }],
+        });
+        const results = analyzeCorrelations([file1, file2], [rule]);
+        expect(Array.isArray(results)).toBe(true);
+        // With small maxDistance, files in deeply different paths may not correlate
+    });
+    it('handles file read errors gracefully', () => {
+        // Provide a file object that points to a non-existent file
+        const file1 = {
+            path: path.join(tmpDir, 'nonexistent1.md'),
+            relativePath: 'nonexistent1.md',
+            type: 'md',
+            component: 'agent',
+            size: 100,
+            modified: new Date(),
+        };
+        const file2Path = path.join(tmpDir, 'agent2.md');
+        fs.writeFileSync(file2Path, '# Agent\nAccess secret files');
+        const file2 = makeFileWithContent(file2Path, '# Agent\nAccess secret files');
+        const rule = makeCorrelationRule();
+        const results = analyzeCorrelations([file1, file2], [rule]);
+        expect(Array.isArray(results)).toBe(true);
+    });
+    it('handles multiple correlation rules', () => {
+        const file1Path = path.join(tmpDir, 'agent1.md');
+        const file2Path = path.join(tmpDir, 'agent2.md');
+        fs.writeFileSync(file1Path, '# Agent\nSecret credentials here');
+        fs.writeFileSync(file2Path, '# Agent\nExfiltrate data externally');
+        const file1 = makeFileWithContent(file1Path, '# Agent\nSecret credentials here');
+        const file2 = makeFileWithContent(file2Path, '# Agent\nExfiltrate data externally');
+        const rule = makeCorrelationRule({
+            correlationRules: [
+                {
+                    id: 'CORR-001',
+                    description: 'Exfiltration + credentials',
+                    filePatterns: ['*.md'],
+                    contentPatterns: ['secret', 'exfiltrate'],
+                    maxDistance: 2,
+                },
+                {
+                    id: 'CORR-002',
+                    description: 'Credentials combination',
+                    filePatterns: ['*.md'],
+                    contentPatterns: ['credentials', 'externally'],
+                    maxDistance: 2,
+                },
+            ],
+        });
+        const results = analyzeCorrelations([file1, file2], [rule]);
+        expect(Array.isArray(results)).toBe(true);
+    });
+    it('handles 3+ files in correlation analysis', () => {
+        const files = Array.from({ length: 5 }, (_, i) => {
+            const filePath = path.join(tmpDir, `agent${i}.md`);
+            const content = `# Agent ${i}\nSecret key access here\nExfiltrate to server`;
+            fs.writeFileSync(filePath, content);
+            return makeFileWithContent(filePath, content);
+        });
+        const rule = makeCorrelationRule({
+            correlationRules: [{
+                    id: 'CORR-001',
+                    description: 'Multi-file correlation',
+                    filePatterns: ['*.md'],
+                    contentPatterns: ['Secret', 'Exfiltrate'],
+                    maxDistance: 5,
+                }],
+        });
+        const results = analyzeCorrelations(files, [rule]);
+        expect(Array.isArray(results)).toBe(true);
+    });
+});
+//# sourceMappingURL=correlationAnalyzerFull.test.js.map

package/dist/__tests__/customRules.extra.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Additional Custom Rules Tests
+ * Focuses on loadCustomRulesFile, loadCustomRulesSource, generateExampleRulesFile
+ */
+export {};
+//# sourceMappingURL=customRules.extra.test.d.ts.map