guard-scanner 2.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -35
- package/dist/__tests__/scanner.test.d.ts +10 -0
- package/dist/__tests__/scanner.test.d.ts.map +1 -0
- package/dist/__tests__/scanner.test.js +443 -0
- package/dist/__tests__/scanner.test.js.map +1 -0
- package/dist/cli.d.ts +10 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +210 -0
- package/dist/cli.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +18 -0
- package/dist/index.js.map +1 -0
- package/dist/ioc-db.d.ts +13 -0
- package/dist/ioc-db.d.ts.map +1 -0
- package/dist/ioc-db.js +130 -0
- package/dist/ioc-db.js.map +1 -0
- package/dist/patterns.d.ts +27 -0
- package/dist/patterns.d.ts.map +1 -0
- package/dist/patterns.js +92 -0
- package/dist/patterns.js.map +1 -0
- package/dist/quarantine.d.ts +18 -0
- package/dist/quarantine.d.ts.map +1 -0
- package/dist/quarantine.js +42 -0
- package/dist/quarantine.js.map +1 -0
- package/dist/scanner.d.ts +56 -0
- package/dist/scanner.d.ts.map +1 -0
- package/dist/scanner.js +1049 -0
- package/dist/scanner.js.map +1 -0
- package/dist/types.d.ts +167 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +7 -0
- package/dist/types.js.map +1 -0
- package/hooks/guard-scanner/plugin.ts +59 -32
- package/openclaw.plugin.json +60 -0
- package/package.json +25 -9
- package/ts-src/__tests__/fixtures/clean-skill/SKILL.md +9 -0
- package/ts-src/__tests__/fixtures/compaction-skill/SKILL.md +11 -0
- package/ts-src/__tests__/fixtures/malicious-skill/SKILL.md +11 -0
- package/ts-src/__tests__/fixtures/malicious-skill/scripts/evil.js +25 -0
- package/ts-src/__tests__/fixtures/prompt-leakage-skill/SKILL.md +20 -0
- package/ts-src/__tests__/fixtures/prompt-leakage-skill/scripts/debug.js +4 -0
- package/ts-src/__tests__/scanner.test.ts +609 -0
- package/ts-src/cli.ts +190 -0
- package/ts-src/index.ts +15 -0
- package/ts-src/ioc-db.ts +131 -0
- package/ts-src/patterns.ts +104 -0
- package/ts-src/quarantine.ts +48 -0
- package/{src/scanner.js → ts-src/scanner.ts} +386 -394
- package/ts-src/types.ts +189 -0
- package/hooks/guard-scanner/handler.ts +0 -207
- package/src/cli.js +0 -149
- package/src/html-template.js +0 -239
- package/src/ioc-db.js +0 -54
- package/src/patterns.js +0 -212
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../ts-src/patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;AAIU,QAAA,QAAQ,GAAkB;IACnC,wEAAwE;IACxE,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9J,EAAE,EAAE,EAAE,oBAAoB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACvK,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5L,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzJ,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,gCAAgC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACxK,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,4BAA4B,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACpK,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,gDAAgD,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,2BAA2B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9L,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,2CAA2C,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrL,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,mDAAmD,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC3L,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,6BAA6B,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,0CAA0C,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE/K,wEAAwE;IACxE,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACvI,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,qCAAqC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5K,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjL,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,8FAA8F,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACxO,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,6DAA6D,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEvM,yEAAyE;IACzE,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,iEAAiE,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrN,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,yEAAyE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACtN,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,yEAAyE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE9N,wEAAwE;IACxE,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,6DAA6D,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACpM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,kCAAkC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzK,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAElN,wEAAwE;IACxE,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,wCAAwC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5L,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClL,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEvL,wEAAwE;IACxE,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,8CAA8C,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE/M,wEAAwE;IACxE,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClN,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,mDAAmD,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzM,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,qEAAqE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEjN,wEAAwE;IACxE,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,sFAAsF,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,iCAAiC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrO,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,0FAA0F,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,8BAA8B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAExO,wEAAwE;IACxE,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,mCAAmC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzK,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrM,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,gDAAgD,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE7L,wEAAwE;IACxE,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,wGAAwG,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,uCAAuC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEjQ,wEAAwE;IACxE,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,2DAA2D,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,yCAAyC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9N,EAAE,EAAE,EAAE,oBAAoB,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,6DAA6D,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjN,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,iGAAiG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,mCAAmC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEvP,wEAAwE;IACxE,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,iDAAiD,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,wBAAwB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjL,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACxJ,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,4BAA4B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAElK,wEAAwE;IACxE,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,oCAAoC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACvK,EAAE,EAAE,EAAE,qBAAqB,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,uCAAuC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAChL,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,iDAAiD,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,yCAAyC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE5M,wEAAwE;IACxE,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,iGAAiG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClP,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,kDAAkD,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjM,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,uFAAuF,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACtO,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,wHAAwH,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,iCAAiC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAChR,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,8CAA8C,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,sCAAsC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;CACpN,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QuarantineNode - Dual-Brain Architecture
|
|
3
|
+
* Evaluates inputs in an isolated context to prevent Zero-Click prompt injections (EchoLeak) and API leaks.
|
|
4
|
+
*/
|
|
5
|
+
export interface QuarantineResult {
|
|
6
|
+
clean: boolean;
|
|
7
|
+
threatDetected?: string;
|
|
8
|
+
sanitizedText: string;
|
|
9
|
+
}
|
|
10
|
+
export declare class QuarantineNode {
|
|
11
|
+
readonly isIsolated: boolean;
|
|
12
|
+
constructor();
|
|
13
|
+
/**
|
|
14
|
+
* Sanitizes untrusted text by removing known zero-click exploits and API secrets.
|
|
15
|
+
*/
|
|
16
|
+
sanitize(input: string): Promise<QuarantineResult>;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=quarantine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quarantine.d.ts","sourceRoot":"","sources":["../ts-src/quarantine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,gBAAgB;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,cAAc;IACvB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;;IAM7B;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CA0B3D"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* QuarantineNode - Dual-Brain Architecture
|
|
4
|
+
* Evaluates inputs in an isolated context to prevent Zero-Click prompt injections (EchoLeak) and API leaks.
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.QuarantineNode = void 0;
|
|
8
|
+
class QuarantineNode {
|
|
9
|
+
isIsolated;
|
|
10
|
+
constructor() {
|
|
11
|
+
this.isIsolated = true; // Strict isolation flag
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Sanitizes untrusted text by removing known zero-click exploits and API secrets.
|
|
15
|
+
*/
|
|
16
|
+
async sanitize(input) {
|
|
17
|
+
// 1. Check for CVE-2025-32711 (EchoLeak zero-click payload)
|
|
18
|
+
if (input.includes("<image src=") && input.includes("onload='fetch") && input.includes("sendBeacon")) {
|
|
19
|
+
return {
|
|
20
|
+
clean: false,
|
|
21
|
+
threatDetected: 'CVE-2025-32711 (EchoLeak)',
|
|
22
|
+
sanitizedText: "[REDACTED_MALICIOUS_PAYLOAD]"
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
// 2. Check for Moltbook API configuration exposure
|
|
26
|
+
if (input.includes("\"OPENAI_API_KEY\":\"sk-")) {
|
|
27
|
+
const redactedInput = input.replace(/sk-[a-zA-Z0-9]{32}/g, "sk-***REDACTED***");
|
|
28
|
+
return {
|
|
29
|
+
clean: false,
|
|
30
|
+
threatDetected: 'MOLTBOOK_API_EXPOSURE',
|
|
31
|
+
sanitizedText: redactedInput
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
// 3. Clean case
|
|
35
|
+
return {
|
|
36
|
+
clean: true,
|
|
37
|
+
sanitizedText: input
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
exports.QuarantineNode = QuarantineNode;
|
|
42
|
+
//# sourceMappingURL=quarantine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quarantine.js","sourceRoot":"","sources":["../ts-src/quarantine.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAQH,MAAa,cAAc;IACd,UAAU,CAAU;IAE7B;QACI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,wBAAwB;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAa;QACxB,4DAA4D;QAC5D,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACnG,OAAO;gBACH,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,2BAA2B;gBAC3C,aAAa,EAAE,8BAA8B;aAChD,CAAC;QACN,CAAC;QAED,mDAAmD;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;YAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,EAAE,mBAAmB,CAAC,CAAC;YAChF,OAAO;gBACH,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,uBAAuB;gBACvC,aAAa,EAAE,aAAa;aAC/B,CAAC;QACN,CAAC;QAED,gBAAgB;QAChB,OAAO;YACH,KAAK,EAAE,IAAI;YACX,aAAa,EAAE,KAAK;SACvB,CAAC;IACN,CAAC;CACJ;AApCD,wCAoCC"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* guard-scanner v3.0.0 — Core Scanner (TypeScript)
|
|
3
|
+
*
|
|
4
|
+
* Full TypeScript rewrite of guard-scanner v2.1.0 + hbg-scan features.
|
|
5
|
+
* Adds: Compaction Persistence check, Signature hash matching, typed interfaces.
|
|
6
|
+
*
|
|
7
|
+
* Zero dependencies. MIT License.
|
|
8
|
+
*/
|
|
9
|
+
import type { SkillResult, ScannerOptions, ScanStats, Thresholds, JSONReport, SARIFReport } from './types.js';
|
|
10
|
+
export declare const VERSION = "3.2.0";
|
|
11
|
+
export declare class GuardScanner {
|
|
12
|
+
readonly verbose: boolean;
|
|
13
|
+
readonly selfExclude: boolean;
|
|
14
|
+
readonly strict: boolean;
|
|
15
|
+
readonly summaryOnly: boolean;
|
|
16
|
+
/** Suppress all console.log output (v3.2.0: for --format stdout piping) */
|
|
17
|
+
readonly quiet: boolean;
|
|
18
|
+
readonly checkDeps: boolean;
|
|
19
|
+
readonly thresholds: Thresholds;
|
|
20
|
+
findings: SkillResult[];
|
|
21
|
+
stats: ScanStats;
|
|
22
|
+
private scannerDir;
|
|
23
|
+
private ignoredSkills;
|
|
24
|
+
private ignoredPatterns;
|
|
25
|
+
private customRules;
|
|
26
|
+
constructor(options?: ScannerOptions);
|
|
27
|
+
loadPlugin(pluginPath: string): void;
|
|
28
|
+
loadCustomRules(rulesFile: string): void;
|
|
29
|
+
private loadIgnoreFile;
|
|
30
|
+
scanDirectory(dir: string): SkillResult[];
|
|
31
|
+
scanSkill(skillPath: string, skillName: string): void;
|
|
32
|
+
private classifyFile;
|
|
33
|
+
private checkIoCs;
|
|
34
|
+
private checkPatterns;
|
|
35
|
+
/** NEW: hbg-scan compatible signature matching (hash + pattern + domain) */
|
|
36
|
+
private checkSignatures;
|
|
37
|
+
/** NEW: Compaction Layer Persistence check (hbg-scan Check 5) */
|
|
38
|
+
private checkCompactionPersistence;
|
|
39
|
+
private checkHardcodedSecrets;
|
|
40
|
+
private shannonEntropy;
|
|
41
|
+
private checkStructure;
|
|
42
|
+
private checkDependencies;
|
|
43
|
+
private checkSkillManifest;
|
|
44
|
+
private checkComplexity;
|
|
45
|
+
private checkConfigImpact;
|
|
46
|
+
private checkHiddenFiles;
|
|
47
|
+
private checkJSDataFlow;
|
|
48
|
+
private checkCrossFile;
|
|
49
|
+
private calculateRisk;
|
|
50
|
+
private getVerdict;
|
|
51
|
+
private getFiles;
|
|
52
|
+
printSummary(): void;
|
|
53
|
+
toJSON(): JSONReport;
|
|
54
|
+
toSARIF(scanDir: string): SARIFReport;
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=scanner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../ts-src/scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EACW,WAAW,EAC9B,cAAc,EAAE,SAAS,EAAE,UAAU,EACrC,UAAU,EAAkB,WAAW,EAE1C,MAAM,YAAY,CAAC;AAOpB,eAAO,MAAM,OAAO,UAAU,CAAC;AA4B/B,qBAAa,YAAY;IACrB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,2EAA2E;IAC3E,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAEhC,QAAQ,EAAE,WAAW,EAAE,CAAM;IAC7B,KAAK,EAAE,SAAS,CAAiE;IAEjF,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,WAAW,CAAqB;gBAE5B,OAAO,GAAE,cAAmB;IAsBxC,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAmBpC,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAuCxC,OAAO,CAAC,cAAc;IA0BtB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,EAAE;IA2CzC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IA2FrD,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,SAAS;IA+BjB,OAAO,CAAC,aAAa;IA+BrB,4EAA4E;IAC5E,OAAO,CAAC,eAAe;IA8CvB,iEAAiE;IACjE,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,qBAAqB;IA0B7B,OAAO,CAAC,cAAc;IAYtB,OAAO,CAAC,cAAc;IAmBtB,OAAO,CAAC,iBAAiB;IAuCzB,OAAO,CAAC,kBAAkB;IAqD1B,OAAO,CAAC,eAAe;IAwCvB,OAAO,CAAC,iBAAiB;IAqCzB,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,eAAe;IAsDvB,OAAO,CAAC,cAAc;IA6CtB,OAAO,CAAC,aAAa;IA4CrB,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,QAAQ;IAoBhB,YAAY,IAAI,IAAI;IAuBpB,MAAM,IAAI,UAAU;IAqCpB,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW;CAwDxC"}
|