guardvibe 3.1.3 → 3.1.5

package/build/data/rules/advanced-security.js

@@ -47,7 +47,11 @@ export const advancedSecurityRules = [
         severity: "high",
         owasp: "A04:2025 Insecure Design",
         description: "Code reads a value, checks a condition, then updates based on the check — without a database transaction. Two concurrent requests can both pass the check before either writes, leading to double-spending, overselling, or duplicate operations.",
-        pattern: /(?:findUnique|findFirst|findOne|findById)\s*\([\s\S]{0,200}?\)\s*;?\s*\n[\s\S]{0,300}?if\s*\([\s\S]{0,200}?\)\s*\{[\s\S]{0,500}?(?:\.update\s*\(|\.delete\s*\(|\.decrement|\.increment)(?:(?!\$transaction|\.transaction|BEGIN|SERIALIZABLE|FOR UPDATE|NOWAIT)[\s\S]){0,300}?\}/g,
+        // Negative lookahead at the start of the if-body skips the 404-mapping shape
+        // (`if (!x) { return …; }`). Without it, the engine's backtracking matched updates
+        // that lived OUTSIDE the if-block (within 500-char window after the brace), making
+        // every `findUnique → if(!x) 404 → update` admin route a false hit.
+        pattern: /(?:findUnique|findFirst|findOne|findById)\s*\([\s\S]{0,200}?\)\s*;?\s*\n[\s\S]{0,300}?if\s*\([\s\S]{0,200}?\)\s*\{(?!\s*(?:return\b|throw\b|res\.\w+\(|response\.\w+\(|next\.\w+\(|NextResponse\.))[\s\S]{0,500}?(?:\.update\s*\(|\.delete\s*\(|\.decrement|\.increment)(?:(?!\$transaction|\.transaction|BEGIN|SERIALIZABLE|FOR UPDATE|NOWAIT)[\s\S]){0,300}?\}/g,
         languages: ["javascript", "typescript"],
         fix: "Wrap check-then-act sequences in a database transaction, or use atomic operations (e.g., UPDATE WHERE balance >= amount).",
         fixCode: '// BAD: race condition\nconst account = await db.account.findUnique({ where: { id } });\nif (account.balance >= 100) {\n  await db.account.update({ where: { id }, data: { balance: { decrement: 100 } } });\n}\n\n// GOOD: atomic transaction\nawait db.$transaction(async (tx) => {\n  const account = await tx.account.findUnique({ where: { id } });\n  if (account.balance < 100) throw new Error("Insufficient");\n  await tx.account.update({ where: { id }, data: { balance: { decrement: 100 } } });\n});',

package/build/data/rules/ai-tool-runtime.js

@@ -96,7 +96,12 @@ export const aiToolRuntimeRules = [
         severity: "high",
         owasp: "A05:2025 Security Misconfiguration",
         description: "AI tool / MCP tool parameter schema (`z.enum(...)`, JSON Schema `enum`) is constructed at runtime from user input, fetched data, or a mutable variable. Runtime-mutable schemas defeat the safety guarantees the LLM relies on — an attacker can widen the accepted enum set or inject schema fields by poisoning the input.",
-        pattern: /(?:z\.enum\s*\(\s*(?!\[\s*["'])(?:[a-zA-Z_$][\w$]*|\.\.\.\w+)|["']enum["']\s*:\s*(?!\[\s*(?:["']|true|false|null|\d))(?:[a-zA-Z_$][\w$]*\b|`[^`]*\$\{))/g,
+        // Lowercase-start identifier required: PascalCase (`FraudAlertStatus`) and SCREAMING_SNAKE
+        // (`STATUSES`) are TypeScript enum imports / module-level const arrays — compile-time
+        // static, not user-mutable. Real attack shape uses lowercase variable names
+        // (`allowedActions`, `userActions`, `...userInput`). Template-literal interpolation in
+        // the JSON-schema branch (`enum: \`...${x}...\``) stays matched — that IS a real risk.
+        pattern: /(?:z\.enum\s*\(\s*(?!\[\s*["'])(?:[a-z_$][\w$]*|\.\.\.[a-z_$]\w*)|["']enum["']\s*:\s*(?!\[\s*(?:["']|true|false|null|\d))(?:[a-z_$][\w$]*\b|`[^`]*\$\{))/g,
         languages: ["javascript", "typescript"],
         fix: "Define enum values as static literal arrays in source. Never compute schema enums from runtime data.",
         fixCode: '// SAFE:\nparameters: z.object({\n  action: z.enum(["read", "list"]),\n})\n\n// UNSAFE — user controls allowed actions:\n// parameters: z.object({ action: z.enum(allowedActions) })',

package/build/data/rules/dockerfile.js

@@ -53,7 +53,10 @@ export const dockerfileRules = [
         severity: "medium",
         owasp: "A05:2025 Security Misconfiguration",
         description: "ADD has extra features (URL fetch, tar extraction) that can introduce unexpected behavior. Use COPY for local files.",
-        pattern: /ADD\s+(?!https?:\/\/)\S+\s+\S+/gi,
+        // Anchor to start of line + case-sensitive: Docker `ADD` instruction is uppercase and
+        // begins a line. Matching `add` case-insensitive caught `RUN pnpm add`, `apk add`,
+        // `yarn add`, etc. — package-manager subcommands inside RUN, not Docker instructions.
+        pattern: /^ADD\s+(?!https?:\/\/)\S+\s+\S+/gm,
         languages: ["dockerfile"],
         fix: "Use COPY instead of ADD for local files. Only use ADD for URLs or tar extraction.",
         fixCode: "# Use COPY for local files\nCOPY ./src /app/src\n# Only use ADD for remote files or tar extraction\n# ADD https://example.com/file.tar.gz /app/",

package/build/data/rules/nextjs.js

@@ -90,7 +90,10 @@ export const nextjsRules = [
         severity: "high",
         owasp: "A01:2025 Broken Access Control",
         description: "Sensitive data (tokens, secrets, internal IDs) appears to be passed from server to client component as props.",
-        pattern: /(?:(?:^|[^a-zA-Z])(?:secret|token|password|apiKey|api_key|privateKey|private_key|internalId|ssn|creditCard|credit_card))\s*=\s*\{[\s\S]*?\}/g,
+        // Require no-space `=` to match JSX prop syntax (`token={value}`) and exclude JS object
+        // literal assignments (`apiKey = { ... }`, `token = { ... }`) common in test helpers,
+        // default-param destructuring, and config objects.
+        pattern: /(?:(?:^|[^a-zA-Z])(?:secret|token|password|apiKey|api_key|privateKey|private_key|internalId|ssn|creditCard|credit_card))=\{[\s\S]*?\}/g,
         languages: ["javascript", "typescript"],
         fix: "Never pass sensitive data as props to client components. Keep secrets server-side.",
         fixCode: "// Keep sensitive data server-side\nexport default async function Page() {\n  const secret = process.env.API_SECRET;\n  const publicData = await fetchData(secret);\n  return <ClientComponent data={publicData} />;\n}",

package/build/tools/check-code.js

@@ -471,6 +471,33 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         // Skip destructive DDL rules (VG540-VG542) and view rules (VG439) in migration directories
         if ((rule.id.startsWith("VG54") || rule.id === "VG439") && isMigrationFile)
             continue;
+        // VG146 (Unquoted .env Value): only fire on `.env` / `.env.local` / `.env.production` etc.
+        // Bash scripts use `${VAR:-default}` and similar expansions that legitimately contain
+        // `{`, `}`, `:` characters; matching them as "unquoted env values" is a FP class.
+        if (rule.id === "VG146" && filePath && !/(?:^|\/)\.env(?:\.[\w.-]+)?$/.test(filePath))
+            continue;
+        // VG200 (Container running as root): skip when a USER directive exists anywhere in the file.
+        // The rule's regex with `(?:(?!^USER)[\s\S])*` is unreliable across multi-stage builds; a
+        // file-level check is more robust.
+        if (rule.id === "VG200" && /^USER\s+\S+/m.test(code))
+            continue;
+        // VG206 (Missing HEALTHCHECK): skip when a HEALTHCHECK directive exists anywhere. The
+        // rule's regex requires HEALTHCHECK *after* CMD/ENTRYPOINT, but Dockerfiles commonly place
+        // HEALTHCHECK before CMD (nginx production stage), producing FPs.
+        if (rule.id === "VG206" && /^HEALTHCHECK\s+/m.test(code))
+            continue;
+        // VG407 (Server Data Leaked to Client Component): skip files that ARE client components.
+        // Signals: the `"use client"` directive (Next.js App Router) OR usage of React state/effect
+        // hooks (universal client-render signal — Remix, Vite-React, Pages Router, etc.). The rule
+        // targets server→client prop-boundary leaks; intra-client passing of local form state to
+        // a child component (e.g. PasswordStrengthIndicator) is not the same boundary.
+        if (rule.id === "VG407") {
+            const head = code.slice(0, 1000);
+            const hasUseClient = /^\s*['"]use client['"];?\s*$/m.test(head);
+            const hasReactStateHooks = /\b(?:useState|useReducer|useEffect|useLayoutEffect|useRef|useMemo|useCallback|useContext|useTransition|useSyncExternalStore)\s*\(/.test(code);
+            if (hasUseClient || hasReactStateHooks)
+                continue;
+        }
         // Skip SQL injection rules in schema/migration .sql files (DDL, not user input)
         if (rule.id === "VG543" && (isMigrationFile || isSqlSchemaFile))
             continue;
@@ -651,12 +678,24 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 effectiveRule = { ...effectiveRule, severity: "low" };
             }
         }
+        // VG202 (latest/untagged image): pre-compute `AS <alias>` names from the file so
+        // matches against intermediate-stage references (`FROM base AS builder`) can be
+        // filtered out at match time. The set is null for other rules to avoid wasted work.
+        const dockerStageAliases = rule.id === "VG202"
+            ? new Set(Array.from(code.matchAll(/^FROM\s+\S+\s+AS\s+(\w[\w.-]*)/gim)).map(m => m[1].toLowerCase()))
+            : null;
         let match;
         while ((match = rule.pattern.exec(code)) !== null) {
             const beforeMatch = code.substring(0, match.index);
             const lineNumber = beforeMatch.split("\n").length;
             if (isLineSuppressed(suppressions, lineNumber, rule.id))
                 continue;
+            // VG202: skip when the FROM target matches a previous AS-alias in the same file.
+            if (dockerStageAliases) {
+                const target = match[0].replace(/^FROM\s+/i, "").split(/[:@\s]/)[0].toLowerCase();
+                if (dockerStageAliases.has(target))
+                    continue;
+            }
             // Skip matches on comment lines and inside string literals.
             // CVE version-pin rules (VG900-VG931) are exempt — they scan package.json
             // dependency declarations where these contexts don't apply.
@@ -802,6 +841,8 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 const matched = match[0];
                 if (/\bin\s*:\s*\[/i.test(matched))
                     continue; // where: { x: { in: [...] } }
+                if (/\bin\s*:\s*[a-zA-Z_$]/i.test(matched))
+                    continue; // where: { x: { in: someArray } } — variable-spread is also caller-bounded
                 if (/\b(?:id|[a-zA-Z]+Id)\s*:\s*\{?\s*in\s*:/i.test(matched))
                     continue; // where: { partnerId: { in: ids } }
                 if (/\b(?:id|[a-zA-Z]+Id)\s*:\s*[a-zA-Z_$]/i.test(matched))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.1.3",
+  "version": "3.1.5",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 390 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, +25 AI-native rules (MCP supply-chain, RAG/vector poisoning, agent loop DoS, public-prefix LLM keys, sandbox bypass). Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",