guardvibe 3.0.20 → 3.0.23

package/README.md

@@ -235,16 +235,16 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (335 rules across 25 modules)
+## Security Rules (341 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
 | Core OWASP | 38 | SQL injection, XSS, CSRF, command injection, CORS, SSRF, hardcoded secrets |
 | Next.js App Router | 17 | Server Actions, secret exposure, auth bypass, CSP, redirects |
 | Auth (Clerk / Auth.js / Supabase Auth) | 16 | Middleware, secret keys, session storage, role checks, SSR cookies |
-| Database (Supabase / Prisma / Drizzle) | 11 | Raw queries, client exposure, service role leaks, NoSQL injection |
+| Database (Supabase / Prisma / Drizzle) | 12 | Raw queries, client exposure, service role leaks, NoSQL injection, Drizzle identifier injection (CVE-2026-39356) |
 | OWASP API Security | 10 | BOLA/IDOR, mass assignment, pagination, rate limiting, error leaks |
-| Modern Stack | 39 | Zod, tRPC, Hono, GraphQL, Uploadthing, Turso, Convex, OAuth, CSP, webhooks, AI SDK |
+| Modern Stack | 40 | Zod, tRPC, Hono, GraphQL, Uploadthing, Turso, Convex, OAuth, CSP, webhooks, AI SDK, React Server Action validation (React2Shell) |
 | Deployment Config | 21 | Vercel, Next.js config, Docker Compose, Fly, Render, Netlify, Cloudflare, K8s secrets |
 | Payments (Stripe / Polar / Lemon) | 9 | Webhook signatures, key exposure, price manipulation |
 | Services (Resend / Upstash / Pinecone / PostHog) | 11 | API key leaks, PII tracking, email injection |
@@ -254,7 +254,7 @@ All scanning tools support `format: "json"` for machine-readable output.
 | AI / LLM Security | 16 | Prompt injection, MCP SSRF, excessive agency, indirect injection |
 | **AI Host Security** | **10** | **CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit** |
 | **AI Tool Runtime** | **4** | **MCP tool output sanitization, obfuscated descriptions, safety bypass** |
-| CVE Version Intelligence | 23 | Known vulnerable versions in package.json (23 CVEs) |
+| CVE Version Intelligence | 27 | Known vulnerable versions in package.json — incl. Axios supply-chain backdoor, Clerk middleware bypass (GHSA-vqx2), Next.js RSC DoS (CVE-2026-23869), Hono CRLF (CVE-2026-29086) |
 | Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |
 | SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |
 | Supply Chain | 16 | Malicious install scripts, lockfile integrity, dependency confusion, typosquat detection |

package/build/data/rules/cve-versions.js

@@ -277,4 +277,52 @@ export const cveVersionRules = [
         fixCode: '// package.json\n"defu": "^6.1.5"  // or latest',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2"],
     },
+    {
+        id: "VG923",
+        name: "Axios Backdoor Versions (Supply Chain Attack March 2026)",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "Axios versions 1.14.1 and 0.30.4 were published via a compromised maintainer account in March 2026. These versions contain a backdoor that exfiltrates environment variables (API keys, database URLs, secrets) to an attacker-controlled server on every HTTP request. The malicious payload was hidden in the 'plain-crypto-js' transitive dependency. Any project pinned to these exact versions is actively compromised.",
+        pattern: /["']axios["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:1\.14\.1|0\.30\.4)["']/g,
+        languages: ["json"],
+        fix: "IMMEDIATELY upgrade Axios. Rotate ALL secrets and API keys that were accessible to the compromised environment. Check npm audit and verify lockfile integrity hashes.",
+        fixCode: '// COMPROMISED — remove immediately:\n// "axios": "1.14.1"  ← backdoor\n// "axios": "0.30.4"  ← backdoor\n\n// Safe — upgrade to latest:\n"axios": "^1.7.9"\n\n// Post-incident: rotate ALL exposed secrets\n// - API keys, database URLs, JWT secrets\n// - Check: npm audit && npm ls plain-crypto-js',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG924",
+        name: "Hono setCookie Header Injection (CVE-2026-29086)",
+        severity: "high",
+        owasp: "A02:2025 Injection",
+        description: "Hono versions before 4.12.4 are vulnerable to Set-Cookie header injection via setCookie(). Attackers can inject CRLF characters into cookie values to add arbitrary HTTP headers or forge additional Set-Cookie headers, enabling session fixation and cross-site attacks.",
+        pattern: /["']hono["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:[0-3]\.\d+\.\d+|4\.(?:[0-9]|1[01])\.\d+|4\.12\.[0-3])["']/g,
+        languages: ["json"],
+        fix: "Upgrade Hono to 4.12.4 or later: npm install hono@latest",
+        fixCode: '// package.json — upgrade to patched version\n"hono": "^4.12.4"  // or latest\n\n// If you cannot upgrade, sanitize cookie values:\nfunction safeCookieValue(v: string) {\n  return v.replace(/[\\r\\n]/g, "");\n}\ncookie(c, "session", safeCookieValue(token));',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2"],
+    },
+    {
+        id: "VG925",
+        name: "Clerk SDK Middleware Route Protection Bypass (GHSA-vqx2-fgx2-5wq9)",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Official Clerk SDKs (@clerk/nextjs, @clerk/nuxt, @clerk/astro) versions 1.1.0 to <1.13.28 and 2.0.0 to <2.2.2 are vulnerable to middleware-based route protection bypass. createRouteMatcher can be bypassed by crafted requests, allowing attackers to skip middleware gating and reach protected handlers. Sessions are not compromised, but routes guarded only by middleware become exposed. Upgrade to 1.13.28+ or 2.2.2+.",
+        pattern: /["']@clerk\/(?:nextjs|nuxt|astro)["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:1\.(?:[1-9]|1[0-2])\.\d+|1\.13\.(?:[0-9]|1[0-9]|2[0-7])|2\.[01]\.\d+|2\.2\.[01])["']/g,
+        languages: ["json"],
+        fix: "Upgrade @clerk/nextjs, @clerk/nuxt, or @clerk/astro to 1.13.28+ or 2.2.2+. Add defence-in-depth: re-check auth inside protected route handlers instead of relying solely on middleware.",
+        fixCode: '// package.json\n"@clerk/nextjs": "^2.2.2"  // or latest (^1.13.28 for v1)\n\n// Defence-in-depth — also verify auth inside the route, not just middleware:\nimport { auth } from "@clerk/nextjs/server";\nexport async function GET() {\n  const { userId } = await auth();\n  if (!userId) return new Response("Unauthorized", { status: 401 });\n  // ...\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.2", "HIPAA:§164.312(a)"],
+    },
+    {
+        id: "VG926",
+        name: "Next.js / React Server Components DoS (CVE-2026-23869)",
+        severity: "high",
+        owasp: "A06:2025 Vulnerable Components",
+        description: "Next.js versions before 16.2.3 and React versions before 19.2.5 are vulnerable to a DoS in the React Flight protocol when deserializing Server Functions payloads. Crafted HTTP requests to Server Function endpoints cause up to a minute of CPU exhaustion per request before throwing, enabling remote unauthenticated DoS on any app that exposes RSC Server Actions. Affects react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel.",
+        pattern: /["'](?:next|react|react-dom)["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:16\.[01]\.\d+|16\.2\.[012]|19\.2\.[0-4])["']/g,
+        languages: ["json"],
+        fix: "Upgrade Next.js to 16.2.3+ and React to 19.2.5+. Apply rate limiting on Server Action / RSC POST endpoints to mitigate abuse while rolling out the patch.",
+        fixCode: '// package.json\n"next": "^16.2.3",\n"react": "^19.2.5",\n"react-dom": "^19.2.5"\n\n// Rate-limit Server Actions until patched (example: middleware.ts)\n// Throttle POST requests to RSC endpoints by IP',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2"],
+    },
 ];

package/build/data/rules/database.js

@@ -135,4 +135,16 @@ export const databaseRules = [
         fixCode: 'import { z } from "zod";\n\n// Validate input before query\nconst schema = z.object({ id: z.string().regex(/^[a-f0-9]{24}$/) });\nconst { id } = schema.parse(req.body);\n\n// Safe query — no raw operators from user input\nconst user = await db.collection("users").findOne({ _id: new ObjectId(id) });',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
+    {
+        id: "VG1011",
+        name: "Drizzle sql.identifier() / .as() with User Input",
+        severity: "critical",
+        owasp: "A02:2025 Injection",
+        description: "Drizzle ORM's sql.identifier() and .as() accept raw strings for table/column names and aliases. Unlike sql`` tagged templates (which parameterize values), these functions interpolate directly into the SQL string. If user input reaches sql.identifier() or .as(), attackers can inject arbitrary SQL fragments — including UNION SELECT, subqueries, or DDL statements — bypassing ORM-level protections entirely.",
+        pattern: /(?:sql\.identifier|\.as)\s*\(\s*(?!["'`])[^)]*(?:req\.|params\.|query\.|body\.|input|args|user|ctx\.|formData|searchParams)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never pass user input to sql.identifier() or .as(). Use a strict allowlist of valid table/column names and validate against it.",
+        fixCode: 'import { sql } from "drizzle-orm";\n\n// BAD: user input in identifier\nconst col = req.query.sortBy;\ndb.select().from(sql.identifier(col)); // SQL injection!\n\n// GOOD: allowlist valid identifiers\nconst ALLOWED_COLUMNS = ["name", "email", "created_at"] as const;\nconst col = ALLOWED_COLUMNS.find(c => c === req.query.sortBy);\nif (!col) throw new Error("Invalid column");\ndb.select().from(users).orderBy(users[col]);',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/data/rules/modern-stack.js

@@ -581,4 +581,16 @@ export const modernStackRules = [
         fixCode: '// BAD: pattern injection\n.ilike("name", `%${query}%`)\n\n// GOOD: escape special characters\nfunction escapeLike(s: string) {\n  return s.replace(/[%_\\\\]/g, "\\\\$&");\n}\n.ilike("name", `%${escapeLike(query)}%`)',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
+    {
+        id: "VG1010",
+        name: "React Server Action Without Input Validation (React2Shell Risk)",
+        severity: "critical",
+        owasp: "A02:2025 Injection",
+        description: 'Server Action in a "use server" file accepts arguments and passes them to database operations, file system calls, or shell commands without schema validation. CVE-2025-55182 (React2Shell) exploits the React Flight protocol to send crafted payloads to Server Actions — any unvalidated action argument is a direct RCE/injection vector. CVSS 10.0.',
+        pattern: /["']use server["'][\s\S]{0,3000}?export\s+async\s+function\s+\w+\s*\([^)]+\)(?![\s\S]{0,500}?(?:\.parse\s*\(|\.safeParse\s*\(|valibot|superstruct|arktype|yup\.\w+\.validate|assertIs))[\s\S]{0,500}?(?:prisma|db\.|sql`|supabase|exec|spawn|readFile|writeFile|fetch\()/g,
+        languages: ["javascript", "typescript"],
+        fix: 'Validate ALL Server Action arguments with zod or a schema library at the top of every "use server" function. Never trust the deserialized payload.',
+        fixCode: '// BAD: unvalidated Server Action argument\n"use server";\nexport async function updateUser(data: any) {\n  await prisma.user.update({ where: { id: data.id }, data });\n}\n\n// GOOD: validate with zod before any operation\n"use server";\nimport { z } from "zod";\nconst schema = z.object({ id: z.string().uuid(), name: z.string().max(100) });\nexport async function updateUser(raw: unknown) {\n  const data = schema.parse(raw);\n  await prisma.user.update({ where: { id: data.id }, data: { name: data.name } });\n}',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/index.js

@@ -884,7 +884,7 @@ server.tool("deep_scan", "LLM-powered deep security analysis for vulnerabilities
     return { content: [{ type: "text", text: output }] };
 });
 // Tool 33: Full audit — single source of truth
-server.tool("full_audit", "Single command that runs ALL checks: code scan (335 rules), secret detection, dependency CVEs, config audit, taint analysis, and auth coverage. Returns PASS/FAIL/WARN verdict with deterministic hash. IMPORTANT: If verdict is FAIL or WARN, you MUST call remediation_plan next to get a section-by-section fix checklist — do NOT skip any section. After fixing, call verify_remediation to confirm ALL sections are addressed. Example: full_audit({path: '.'})", {
+server.tool("full_audit", "Single command that runs ALL checks: code scan (341 rules), secret detection, dependency CVEs, config audit, taint analysis, and auth coverage. Returns PASS/FAIL/WARN verdict with deterministic hash. IMPORTANT: If verdict is FAIL or WARN, you MUST call remediation_plan next to get a section-by-section fix checklist — do NOT skip any section. After fixing, call verify_remediation to confirm ALL sections are addressed. Example: full_audit({path: '.'})", {
     path: z.string().default(".").describe("Project root directory"),
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format"),
     skipDeps: z.boolean().default(false).describe("Skip dependency vulnerability check"),

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.0.20",
+  "version": "3.0.23",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security MCP for vibe coding. 335 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
+  "description": "Security MCP for vibe coding. 341 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",