guardrail-security 1.0.0

package/dist/supply-chain/index.js

@@ -0,0 +1,26 @@
+"use strict";
+/**
+ * Supply Chain Attack Detection
+ *
+ * Detects typosquatting, malicious packages, and generates SBOMs
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./detector"), exports);
+__exportStar(require("./typosquat"), exports);
+__exportStar(require("./malicious-db"), exports);
+__exportStar(require("./script-analyzer"), exports);
+__exportStar(require("./vulnerability-db"), exports);

package/dist/supply-chain/malicious-db.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Malicious Package Database
+ *
+ * Checks packages against known malicious packages
+ */
+export interface MaliciousPackageInfo {
+    name: string;
+    version?: string;
+    reason: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    cve?: string;
+    reported: Date;
+}
+export declare class MaliciousPackageDB {
+    private maliciousPackages;
+    constructor();
+    /**
+     * Check if package is known to be malicious
+     */
+    checkPackage(name: string, version: string): Promise<{
+        isMalicious: boolean;
+        matches: MaliciousPackageInfo[];
+    }>;
+    /**
+     * Load malicious packages database
+     */
+    private loadDatabase;
+    /**
+     * Update database from external sources
+     */
+    updateDatabase(): Promise<{
+        added: number;
+        updated: number;
+    }>;
+    /**
+     * Add custom malicious package
+     */
+    addMaliciousPackage(info: MaliciousPackageInfo): void;
+}
+export declare const maliciousPackageDB: MaliciousPackageDB;
+//# sourceMappingURL=malicious-db.d.ts.map

package/dist/supply-chain/malicious-db.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"malicious-db.d.ts","sourceRoot":"","sources":["../../src/supply-chain/malicious-db.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,IAAI,CAAC;CAChB;AAaD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,iBAAiB,CAAkD;;IAM3E;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QACzD,WAAW,EAAE,OAAO,CAAC;QACrB,OAAO,EAAE,oBAAoB,EAAE,CAAC;KACjC,CAAC;IAyBF;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAWnE;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,oBAAoB,GAAG,IAAI;CAMtD;AAGD,eAAO,MAAM,kBAAkB,oBAA2B,CAAC"}

package/dist/supply-chain/malicious-db.js

@@ -0,0 +1,82 @@
+"use strict";
+/**
+ * Malicious Package Database
+ *
+ * Checks packages against known malicious packages
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.maliciousPackageDB = exports.MaliciousPackageDB = void 0;
+/**
+ * Known malicious packages (this would be updated regularly from external sources)
+ */
+const KNOWN_MALICIOUS = [
+// Example entries - in production, this would be fetched from:
+// - npm security advisories
+// - Snyk vulnerability database
+// - GitHub Advisory Database
+// - Custom threat intelligence feeds
+];
+class MaliciousPackageDB {
+    maliciousPackages = new Map();
+    constructor() {
+        this.loadDatabase();
+    }
+    /**
+     * Check if package is known to be malicious
+     */
+    async checkPackage(name, version) {
+        const matches = [];
+        // Check exact name match
+        const nameMatches = this.maliciousPackages.get(name) || [];
+        for (const match of nameMatches) {
+            // If no version specified in DB, flag all versions
+            if (!match.version) {
+                matches.push(match);
+                continue;
+            }
+            // Check version match
+            if (match.version === version || match.version === '*') {
+                matches.push(match);
+            }
+        }
+        return {
+            isMalicious: matches.length > 0,
+            matches,
+        };
+    }
+    /**
+     * Load malicious packages database
+     */
+    loadDatabase() {
+        for (const pkg of KNOWN_MALICIOUS) {
+            if (!this.maliciousPackages.has(pkg.name)) {
+                this.maliciousPackages.set(pkg.name, []);
+            }
+            this.maliciousPackages.get(pkg.name).push(pkg);
+        }
+    }
+    /**
+     * Update database from external sources
+     */
+    async updateDatabase() {
+        // In production, this would:
+        // 1. Fetch from npm security advisories API
+        // 2. Fetch from Snyk API
+        // 3. Fetch from GitHub Advisory Database
+        // 4. Merge with existing database
+        // 5. Return statistics
+        return { added: 0, updated: 0 };
+    }
+    /**
+     * Add custom malicious package
+     */
+    addMaliciousPackage(info) {
+        if (!this.maliciousPackages.has(info.name)) {
+            this.maliciousPackages.set(info.name, []);
+        }
+        this.maliciousPackages.get(info.name).push(info);
+    }
+}
+exports.MaliciousPackageDB = MaliciousPackageDB;
+// Export singleton
+exports.maliciousPackageDB = new MaliciousPackageDB();

package/dist/supply-chain/script-analyzer.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Script Analyzer
+ *
+ * Analyzes package.json scripts for suspicious behavior
+ */
+export interface ScriptAnalysisResult {
+    scriptName: string;
+    scriptContent: string;
+    isSuspicious: boolean;
+    threats: ScriptThreat[];
+    riskScore: number;
+}
+export interface ScriptThreat {
+    type: 'data_exfiltration' | 'crypto_mining' | 'backdoor' | 'malicious_download' | 'privilege_escalation';
+    pattern: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    description: string;
+}
+export declare class ScriptAnalyzer {
+    /**
+     * Analyze package.json scripts
+     */
+    analyzeScripts(_packageName: string, _version: string): Promise<ScriptAnalysisResult[]>;
+    /**
+     * Analyze a single script
+     */
+    analyzeScript(scriptName: string, scriptContent: string): ScriptAnalysisResult;
+    /**
+     * Detect data exfiltration patterns
+     */
+    detectExfiltration(script: string): boolean;
+    /**
+     * Detect crypto mining
+     */
+    detectCryptoMining(script: string): boolean;
+    /**
+     * Detect backdoor patterns
+     */
+    private detectBackdoor;
+    /**
+     * Detect malicious downloads
+     */
+    private detectMaliciousDownload;
+    /**
+     * Detect privilege escalation
+     */
+    private detectPrivilegeEscalation;
+    /**
+     * Calculate risk score
+     */
+    private calculateRiskScore;
+}
+export declare const scriptAnalyzer: ScriptAnalyzer;
+//# sourceMappingURL=script-analyzer.d.ts.map

package/dist/supply-chain/script-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-analyzer.d.ts","sourceRoot":"","sources":["../../src/supply-chain/script-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,mBAAmB,GAAG,eAAe,GAAG,UAAU,GAAG,oBAAoB,GAAG,sBAAsB,CAAC;IACzG,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,cAAc;IACzB;;OAEG;IACG,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAM7F;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,oBAAoB;IAiE9E;;OAEG;IACH,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAa3C;;OAEG;IACH,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAY3C;;OAEG;IACH,OAAO,CAAC,cAAc;IAWtB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAU/B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAWjC;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAgB3B;AAGD,eAAO,MAAM,cAAc,gBAAuB,CAAC"}

package/dist/supply-chain/script-analyzer.js

@@ -0,0 +1,160 @@
+"use strict";
+/**
+ * Script Analyzer
+ *
+ * Analyzes package.json scripts for suspicious behavior
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scriptAnalyzer = exports.ScriptAnalyzer = void 0;
+class ScriptAnalyzer {
+    /**
+     * Analyze package.json scripts
+     */
+    async analyzeScripts(_packageName, _version) {
+        // In production, this would fetch package.json from npm registry
+        // For now, return empty array
+        return [];
+    }
+    /**
+     * Analyze a single script
+     */
+    analyzeScript(scriptName, scriptContent) {
+        const threats = [];
+        // Check for data exfiltration
+        if (this.detectExfiltration(scriptContent)) {
+            threats.push({
+                type: 'data_exfiltration',
+                pattern: 'network_request',
+                severity: 'high',
+                description: 'Script makes network requests that could exfiltrate data',
+            });
+        }
+        // Check for crypto mining
+        if (this.detectCryptoMining(scriptContent)) {
+            threats.push({
+                type: 'crypto_mining',
+                pattern: 'crypto_miner',
+                severity: 'high',
+                description: 'Script contains crypto mining code',
+            });
+        }
+        // Check for backdoors
+        if (this.detectBackdoor(scriptContent)) {
+            threats.push({
+                type: 'backdoor',
+                pattern: 'reverse_shell',
+                severity: 'critical',
+                description: 'Script opens a backdoor or reverse shell',
+            });
+        }
+        // Check for malicious downloads
+        if (this.detectMaliciousDownload(scriptContent)) {
+            threats.push({
+                type: 'malicious_download',
+                pattern: 'download_execute',
+                severity: 'critical',
+                description: 'Script downloads and executes code',
+            });
+        }
+        // Check for privilege escalation
+        if (this.detectPrivilegeEscalation(scriptContent)) {
+            threats.push({
+                type: 'privilege_escalation',
+                pattern: 'sudo_usage',
+                severity: 'high',
+                description: 'Script attempts privilege escalation',
+            });
+        }
+        // Calculate risk score
+        const riskScore = this.calculateRiskScore(threats);
+        return {
+            scriptName,
+            scriptContent,
+            isSuspicious: threats.length > 0,
+            threats,
+            riskScore,
+        };
+    }
+    /**
+     * Detect data exfiltration patterns
+     */
+    detectExfiltration(script) {
+        const patterns = [
+            /curl\s+.*\|\s*bash/i, // Pipe to bash
+            /wget\s+.*\|\s*sh/i, // Pipe to sh
+            /fetch\(['"]http/i, // HTTP requests
+            /axios\./i, // Axios requests
+            /http\.request/i, // HTTP module
+            /child_process\.exec.*curl/i, // Execute curl
+        ];
+        return patterns.some((p) => p.test(script));
+    }
+    /**
+     * Detect crypto mining
+     */
+    detectCryptoMining(script) {
+        const patterns = [
+            /coinhive/i,
+            /cryptonight/i,
+            /monero/i,
+            /xmrig/i,
+            /stratum\+tcp/i,
+        ];
+        return patterns.some((p) => p.test(script));
+    }
+    /**
+     * Detect backdoor patterns
+     */
+    detectBackdoor(script) {
+        const patterns = [
+            /nc\s+-l/i, // Netcat listener
+            /\/bin\/sh\s+-i/i, // Interactive shell
+            /bash\s+-i/i, // Interactive bash
+            /python.*socket/i, // Python socket
+        ];
+        return patterns.some((p) => p.test(script));
+    }
+    /**
+     * Detect malicious downloads
+     */
+    detectMaliciousDownload(script) {
+        const patterns = [
+            /curl.*\|\s*bash/i,
+            /wget.*&&.*chmod\s*\+x/i,
+            /download.*&&.*execute/i,
+        ];
+        return patterns.some((p) => p.test(script));
+    }
+    /**
+     * Detect privilege escalation
+     */
+    detectPrivilegeEscalation(script) {
+        const patterns = [
+            /sudo\s+/i,
+            /su\s+-/i,
+            /chmod\s+777/i,
+            /chown\s+root/i,
+        ];
+        return patterns.some((p) => p.test(script));
+    }
+    /**
+     * Calculate risk score
+     */
+    calculateRiskScore(threats) {
+        const severityScores = {
+            low: 25,
+            medium: 50,
+            high: 75,
+            critical: 100,
+        };
+        if (threats.length === 0)
+            return 0;
+        const totalScore = threats.reduce((sum, threat) => {
+            return sum + severityScores[threat.severity];
+        }, 0);
+        return Math.min(100, totalScore / threats.length);
+    }
+}
+exports.ScriptAnalyzer = ScriptAnalyzer;
+// Export singleton
+exports.scriptAnalyzer = new ScriptAnalyzer();

package/dist/supply-chain/typosquat.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Typosquatting Detection
+ *
+ * Detects potential typosquatting attacks against popular packages
+ */
+export interface TyposquatResult {
+    isTyposquat: boolean;
+    suspiciousPackage: string;
+    targetPackage?: string;
+    similarity: number;
+    patterns: string[];
+}
+export declare class TyposquatDetector {
+    private popularPackages;
+    constructor();
+    /**
+     * Detect typosquatting
+     */
+    detectTyposquatting(packageName: string): Promise<TyposquatResult>;
+    /**
+     * Check for character swap (e.g., raect vs react)
+     */
+    private checkCharacterSwap;
+    /**
+     * Check for missing character (e.g., reat vs react)
+     */
+    private checkMissingCharacter;
+    /**
+     * Check for extra character (e.g., reactt vs react)
+     */
+    private checkExtraCharacter;
+    /**
+     * Check for homoglyph substitution (e.g., react with Cyrillic 'а')
+     */
+    private checkHomoglyph;
+    /**
+     * Check for combosquatting (e.g., react-native-safe vs react)
+     */
+    private checkCombosquatting;
+    /**
+     * Check Levenshtein distance
+     */
+    private checkLevenshtein;
+    /**
+     * Calculate Levenshtein distance
+     */
+    levenshteinDistance(a: string, b: string): number;
+    /**
+     * Get popular packages list
+     */
+    getPopularPackages(): Promise<string[]>;
+    /**
+     * Add custom popular package
+     */
+    addPopularPackage(packageName: string): void;
+}
+export declare const typosquatDetector: TyposquatDetector;
+//# sourceMappingURL=typosquat.d.ts.map

package/dist/supply-chain/typosquat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typosquat.d.ts","sourceRoot":"","sources":["../../src/supply-chain/typosquat.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAuBH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,eAAe,CAAc;;IAMrC;;OAEG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IA2CxE;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAwB1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAqB7B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAqB3B;;OAEG;IACH,OAAO,CAAC,cAAc;IAoCtB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAiBxB;;OAEG;IACH,mBAAmB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM;IAsCjD;;OAEG;IACG,kBAAkB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAI7C;;OAEG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;CAG7C;AAGD,eAAO,MAAM,iBAAiB,mBAA0B,CAAC"}