guardvibe 3.1.16 → 3.1.18

package/build/data/rules/core.js

@@ -260,7 +260,7 @@ export const coreRules = [
         severity: "medium",
         owasp: "A05:2025 Security Misconfiguration",
         description: "Cookies set without secure, httpOnly, or sameSite flags.",
-        pattern: /(?:cookie|setCookie|set-cookie|res\.cookie)\s*\([^)]*(?!(?:.*secure|.*httpOnly|.*sameSite))/gi,
+        pattern: /(?:\bcookie|setCookie|set-cookie|res\.cookie)[ \t]*\([^)]*(?!(?:.*secure|.*httpOnly|.*sameSite))/gi,
         languages: ["javascript", "typescript"],
         fix: "Set all security flags: { secure: true, httpOnly: true, sameSite: 'strict' }.",
         fixCode: "res.cookie('session', token, {\n  secure: true,\n  httpOnly: true,\n  sameSite: 'strict',\n  maxAge: 3600000\n});",

package/build/data/rules/nextjs.js

@@ -153,7 +153,7 @@ export const nextjsRules = [
         severity: "high",
         owasp: "A01:2025 Broken Access Control",
         description: "Server Action returns a full database query result without field selection. Sensitive fields (passwordHash, internalNotes) get serialized to the client.",
-        pattern: /["']use server["'][\s\S]{0,800}?(?:return\s+\w+\.)?(?:findUnique|findFirst|findMany)\s*\((?:(?!select\s*:)[\s\S])*?\)/g,
+        pattern: /["']use server["'][\s\S]{0,1500}?\breturn\b[^\n;]{0,80}?(?:findUnique|findFirst|findMany)\s*\((?:(?!select\s*:)[\s\S])*?\)/g,
         languages: ["javascript", "typescript"],
         fix: "Always use select to return only needed fields from Server Actions.",
         fixCode: '"use server";\nexport async function getUser(id: string) {\n  return prisma.user.findUnique({\n    where: { id },\n    select: { id: true, name: true, email: true },\n  });\n}',

package/build/tools/check-code.js

@@ -370,7 +370,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         //   agent.get('/?q=' + sqlPayload) which match the regex but aren't database calls
         // - VG042/VG678: HTTP-response/security-header rules (tests don't serve to real users)
         const isTestFile = filePath && /(?:\.(?:[\w-]+-)?(?:spec|test|e2e|stories|cy)\.(?:ts|tsx|js|jsx|mjs|cjs)$|\/__tests__\/|\/tests?\/|\/cypress\/|\/playwright\/)/i.test(filePath);
-        if (isTestFile && ["VG001", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409"].includes(rule.id))
+        if (isTestFile && ["VG001", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409"].includes(rule.id))
             continue;
         // VG955 (Missing Pagination on List Endpoint): only fire on actual request-handling
         // surfaces — API routes, App Router `route.{ts,tsx}`, pages/api, or Server Actions.
@@ -490,6 +490,12 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         // request handler to authorize. Rule still fires inside route handlers and Server Actions.
         if (rule.id === "VG1008" && isBatchScriptFile)
             continue;
+        // Skip VG961 (z.any/z.unknown) in batch scripts and cron routes — `data: z.any()` and
+        // similar opaque fields in migration/seed scripts and cron job payloads are intentional
+        // passthroughs (e.g. Tinybird `tb.buildPipe({ parameters: ..., data: z.any() })`),
+        // not "validation disabled at the entry point" misuses.
+        if (rule.id === "VG961" && (isBatchScriptFile || isCronRoute))
+            continue;
         // Skip VG132 (Missing Request Body Size Limit) on Next.js route handlers and
         // pages/api endpoints — Next.js/Vercel apply a default 4.5MB body limit at the
         // platform layer, which is what the rule is checking for.
@@ -836,6 +842,21 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 if (/\b\w*Ref\.current\b/.test(matchedLine))
                     continue;
             }
+            // VG152 (Object Injection via Dynamic Property Access): only fire on bracket-key
+            // ASSIGNMENT (`obj[key] = ...`) — that's the prototype-pollution shape. Read-only
+            // bracket access (`obj[key]` on RHS, in conditional, in function arg) does not
+            // pollute prototypes; even with attacker-controlled key, you only get a read of
+            // an existing or undefined property. The rule's pattern triggers on `req.X` etc.
+            // upstream + `\w+[key]` somewhere within 100 chars, which fires on completely
+            // benign read patterns like `data[key]` inside `for (const key in data)` loops or
+            // `DEFAULT_REDIRECTS[key]` lookups against hardcoded constants. The match string
+            // ends at `]` (no trailing `=`), so look slightly past match end for the assignment.
+            if (rule.id === "VG152") {
+                const window = code.slice(match.index, match.index + match[0].length + 10);
+                const isAssignment = /\w+\s*\[\s*(?:key|field|prop|name|column|attr|param)\s*\]\s*=(?!=)/.test(window);
+                if (!isAssignment)
+                    continue;
+            }
             // VG126 (Dynamic RegExp from User Input): skip when the variable name signals it has
             // already been escaped/sanitized (e.g. `escapedElement`, `safeQuery`, `sanitizedInput`).
             if (rule.id === "VG126") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.1.16",
+  "version": "3.1.18",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 390 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, +25 AI-native rules (MCP supply-chain, RAG/vector poisoning, agent loop DoS, public-prefix LLM keys, sandbox bypass). Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",