guardvibe 3.1.32 → 3.1.33

package/CHANGELOG.md

@@ -5,6 +5,21 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.1.33] - 2026-06-07
+
+### Fixed — false-positive precision (no rule-count change, stays 433 / 36)
+Surfaced by an end-to-end accuracy sweep across the labeled fixture set and the real-world corpus; each change has positive + negative tests and was cross-checked against an uncapped before/after diff (removal-only, zero real findings lost).
+- **Engine:** multi-line `/* */` block comments are now stripped before matching (string-aware, scoped to C-style languages) so rules no longer fire on commented-out code; YAML/Python/shell/Dockerfile (which use `#`) are unaffected.
+- **VG060** no longer flags MD5/SHA-1 used for file/build-artifact checksums (keeps real password-hashing).
+- **VG1002** only flags query operators whose value is attacker-controlled (a static `{ $ne: true }` literal is skipped; `$where` built from a variable/concat/interpolation still fires).
+- **VG123 / VG010 / taint** skip queries that are parameterized (`bind`/`replacements`/`$1`/`:name`) and whose only interpolation is a hash/encode helper.
+- **VG951** recognizes ownership fields (`author`, `email`, `accountId`, …) in the where-clause.
+- **VG138** ignores confirm-password (`password === cpassword`) and emptiness checks.
+- **VG001** ignores UI/error-message string variables; **VG148**/**VG424** skip test (`.spec`) files.
+- **VG013** renamed to "ORM/NoSQL query injection risk" with stack-aware remediation (Sequelize/TypeORM operator injection, not Mongo-only).
+
+Tests 1820 → 1848. Self-audit PASS / A / 0. Determinism unchanged across the corpus.
+
 ## [3.1.32] - 2026-06-06
 
 ### Added — 4 new CVE rules (429 → 433), sourced via `npm run intel`

package/README.md

@@ -457,7 +457,7 @@ If your AI agent cannot connect to GuardVibe:
 
 1. **Restart your IDE/agent.** MCP servers are started by the host application. After running `npx guardvibe init`, restart Claude Code, Cursor, or Gemini CLI for the config to take effect.
 2. **Check the config path.** Run `npx guardvibe init claude` again and verify the output shows the correct config file location (`.mcp.json` in your project root for Claude Code, `.cursor/mcp.json` for Cursor).
-3. **Re-run `init` to upgrade.** When upgrading GuardVibe, re-run `npx guardvibe init claude` — `.mcp.json` is pinned to a specific version (e.g. `guardvibe@3.1.32`) at init time for fast deterministic startup. As of v3.1.2 the re-run also rewrites stale pins automatically (`Upgraded GuardVibe pin (3.1.27 → 3.1.28)`); since v3.1.27 the PostToolUse hook command is pinned to the same version (was `@latest`) and re-run upgrades a stale hook too. The same applies to `npx guardvibe hook install` and `npx guardvibe ci github` (since v3.1.3) — both are version-pinned at install/generate time and re-run to upgrade.
+3. **Re-run `init` to upgrade.** When upgrading GuardVibe, re-run `npx guardvibe init claude` — `.mcp.json` is pinned to a specific version (e.g. `guardvibe@3.1.33`) at init time for fast deterministic startup. As of v3.1.2 the re-run also rewrites stale pins automatically (`Upgraded GuardVibe pin (3.1.27 → 3.1.28)`); since v3.1.27 the PostToolUse hook command is pinned to the same version (was `@latest`) and re-run upgrades a stale hook too. The same applies to `npx guardvibe hook install` and `npx guardvibe ci github` (since v3.1.3) — both are version-pinned at install/generate time and re-run to upgrade.
 4. **Pre-3.1.1 users won't see the auto-update banner.** GuardVibe started writing a once-per-day "newer version available" notice to stderr in v3.1.1. If your install predates that, you'll never see it — run `npx -y guardvibe@latest init <host>` once to bake in the latest pin and start receiving banners on subsequent sessions.
 5. **Verify Node.js version.** GuardVibe requires Node.js >= 18.0.0. Check with `node --version`.
 6. **Check npx cache.** If you upgraded GuardVibe and the old version is cached, run `npx -y guardvibe@latest` to force the latest version.

package/build/data/rules/api-security.js

@@ -20,7 +20,7 @@ export const apiSecurityRules = [
         severity: "critical",
         owasp: "API1:2023 Broken Object Level Authorization",
         description: "Delete or update operation uses user-supplied ID without verifying resource ownership. Any authenticated user can modify or delete other users' resources.",
-        pattern: /(?:delete|update|destroy|remove)\s*\(\s*\{?\s*(?:where\s*:\s*\{)?\s*(?:id|_id)\s*:\s*(?:req\.(?:params|query|body)|params\.|args\.|input\.)(?:(?!userId|user_id|ownerId|owner_id|createdBy|created_by)[\s\S]){0,200}?\}/gi,
+        pattern: /(?:delete|update|destroy|remove)\s*\(\s*\{?\s*(?:where\s*:\s*\{)?\s*(?:id|_id)\s*:\s*(?:req\.(?:params|query|body)|params\.|args\.|input\.)(?:(?!userId|user_id|ownerId|owner_id|createdBy|created_by|author|authorId|author_id|email|userEmail|accountId|account_id|tenantId|tenant_id|orgId|org_id|organizationId)[\s\S]){0,200}?\}/gi,
         languages: ["javascript", "typescript"],
         fix: "Include the authenticated user's ID in the where clause to prevent unauthorized modifications.",
         fixCode: '// Scope mutations to the authenticated user\nconst { userId } = await auth();\nawait prisma.post.delete({\n  where: { id: params.id, userId }, // ownership!\n});',

package/build/data/rules/core.js

@@ -100,14 +100,14 @@ export const coreRules = [
     },
     {
         id: "VG013",
-        name: "NoSQL injection risk",
+        name: "ORM/NoSQL query injection risk",
         severity: "high",
         owasp: "A02:2025 Injection",
-        description: "User input passed directly to MongoDB/NoSQL query operators.",
+        description: "User input passed directly into an ORM/NoSQL query filter object — a MongoDB/Mongoose .find()/.findOne() or a SQL-ORM where clause (Sequelize .find({where}), TypeORM). When the value is an object instead of a scalar, an attacker can inject query operators (MongoDB $ne/$gt/$where, or Sequelize string-operator aliases like $gt/$ne in v4) to bypass authentication or filters. Express parses req.query via qs into nested objects, so query-param values reach the filter as objects unless coerced.",
         pattern: /(?:find|findOne|updateOne|deleteOne|aggregate)\s*\(\s*\{[^}]*(?:req\.|request\.|body\.|params\.)/gi,
         languages: ["javascript", "typescript"],
-        fix: "Validate and sanitize input before using in queries. Use mongoose schema validation. Reject objects where strings are expected.",
-        fixCode: "// Validate input type before query\nconst id = typeof req.params.id === 'string' ? req.params.id : '';\nawait collection.findOne({ _id: new ObjectId(id) });",
+        fix: "Coerce filter values to scalars before querying and reject objects where strings are expected: const id = typeof req.params.id === 'string' ? req.params.id : ''. For Mongoose use schema validation; for Sequelize wrap values (String(req.query.id)) and never spread raw req objects into a where clause.",
+        fixCode: "// Coerce to a scalar before using in any ORM/NoSQL query filter\nconst id = typeof req.params.id === 'string' ? req.params.id : '';\n// Mongoose: await collection.findOne({ _id: new ObjectId(id) });\n// Sequelize: await Model.findOne({ where: { id: String(req.query.id) } });",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
     {

package/build/tools/check-code.js

@@ -70,6 +70,77 @@ function isInComment(lines, lineNumber) {
         trimmed.startsWith("<!--") ||
         trimmed.startsWith("/*"));
 }
+/**
+ * Compute the set of 1-based line numbers that fall inside a multi-line block
+ * comment (slash-star ... star-slash). `isInComment` only catches lines whose
+ * trimmed start is a comment marker, so a line like `  res.cookie(...)` sitting
+ * INSIDE a commented-out block (common in teaching repos that keep "Fix for X"
+ * demos inline) was scanned as live code — a false-positive class for VG100,
+ * VG042 and any other non-CVE rule. This is a string-aware lexer pass (skips
+ * markers that appear inside ' " ` strings and after a // line comment) so URLs
+ * (`http://`), division, and regex-ish literals don't spuriously open a block.
+ */
+function computeBlockCommentLines(code) {
+    const inBlock = new Set();
+    let line = 1;
+    let state = "code";
+    for (let i = 0; i < code.length; i++) {
+        const c = code[i];
+        const c2 = i + 1 < code.length ? code[i + 1] : "";
+        if (c === "\n") {
+            line++;
+            if (state === "line")
+                state = "code";
+            continue;
+        }
+        switch (state) {
+            case "code":
+                if (c === "/" && c2 === "/") {
+                    state = "line";
+                    i++;
+                }
+                else if (c === "/" && c2 === "*") {
+                    state = "block";
+                    inBlock.add(line);
+                    i++;
+                }
+                else if (c === "'")
+                    state = "sq";
+                else if (c === '"')
+                    state = "dq";
+                else if (c === "`")
+                    state = "tpl";
+                break;
+            case "block":
+                inBlock.add(line);
+                if (c === "*" && c2 === "/") {
+                    state = "code";
+                    i++;
+                }
+                break;
+            case "sq":
+                if (c === "\\")
+                    i++;
+                else if (c === "'")
+                    state = "code";
+                break;
+            case "dq":
+                if (c === "\\")
+                    i++;
+                else if (c === '"')
+                    state = "code";
+                break;
+            case "tpl":
+                if (c === "\\")
+                    i++;
+                else if (c === "`")
+                    state = "code";
+                break;
+            // "line" state is exited at the newline handler above
+        }
+    }
+    return inBlock;
+}
 /**
  * Check if a match is inside a multi-line string literal (template literal,
  * fixCode/description property, or string concatenation).
@@ -187,6 +258,7 @@ function hasAuthGuardPattern(code) {
     }
     // Pattern 3: function called with await that contains auth-like keywords in name
     // Broad catch: any function name containing auth/session/permission/guard/verify/protect
+    // guardvibe-ignore VG153 — dotted-identifier path matcher; each `\w+\.` segment is dot-anchored, so backtracking is linear, not catastrophic
     if (/await\s+(?:\w+\.)*\w*(?:auth|Auth|session|Session|permission|Permission|guard|Guard|verify|Verify|protect|Protect|check|Check|ensure|Ensure|require|Require|assert|Assert|authorize|Authorize)\w*\s*\(/i.test(code)) {
         return true;
     }
@@ -221,6 +293,7 @@ function hasRoleCheckPattern(code) {
         /(?:requireAdmin|requireRole|checkAdmin|isAdmin|verifyAdmin|assertAdmin)\s*\(/i.test(code))
         return true;
     // await requireAdmin() with error check pattern (naming-agnostic admin guard)
+    // guardvibe-ignore VG153 — dotted-identifier path matcher; dot-anchored segments make backtracking linear
     if (/await\s+(?:\w+\.)*\w*(?:Admin|admin)\w*\s*\([^)]*\)\s*;?\s*\n\s*if\s*\(/i.test(code))
         return true;
     return false;
@@ -346,6 +419,14 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         if (customPattern.test(code))
             codeHasAuthGuard = true;
     }
+    // Line numbers inside multi-line /* */ block comments — computed once per file
+    // (string-aware) so the per-match comment skip can drop matches on commented-out
+    // code whose own line doesn't start with a comment marker. Gated to languages that
+    // actually use C-style /* */ comments — YAML/Python/shell/Dockerfile/TOML use #, so
+    // a `/*` there (e.g. a `# .../health/*` path glob in a k8s manifest) is NOT a comment
+    // opener and must not suppress real findings.
+    const usesCStyleBlockComments = language === "javascript" || language === "typescript" || language === "go";
+    const blockCommentLines = usesCStyleBlockComments && code.includes("/*") ? computeBlockCommentLines(code) : null;
     const effectiveRules = rules ?? owaspRules;
     for (const rule of effectiveRules) {
         if (!rule.languages.includes(language))
@@ -370,7 +451,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         //   agent.get('/?q=' + sqlPayload) which match the regex but aren't database calls
         // - VG042/VG678: HTTP-response/security-header rules (tests don't serve to real users)
         const isTestFile = filePath && /(?:\.(?:[\w-]+-)?(?:spec|test|e2e|stories|cy)\.(?:ts|tsx|js|jsx|mjs|cjs)$|_test\.go$|\/__tests__\/|\/__mocks__\/|\/tests?\/|\/cypress\/|\/playwright\/|\/dockertest\/|\/testutil\/|\/testhelpers?\/|\/testfixtures?\/)/i.test(filePath);
-        if (isTestFile && ["VG001", "VG003", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409"].includes(rule.id))
+        if (isTestFile && ["VG001", "VG003", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409", "VG148", "VG424"].includes(rule.id))
             continue;
         // VG955 (Missing Pagination on List Endpoint): only fire on actual request-handling
         // surfaces — API routes, App Router `route.{ts,tsx}`, pages/api, or Server Actions.
@@ -792,6 +873,10 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 const isMultiLineMatch = match[0].includes("\n");
                 if (!isMultiLineMatch && isInComment(lines, lineNumber))
                     continue;
+                // Single-line match sitting inside a /* ... */ block comment (its own line
+                // may not start with a comment marker) — commented-out dead code, skip.
+                if (!isMultiLineMatch && blockCommentLines?.has(lineNumber))
+                    continue;
                 if (isInsideStringLiteral(lines, lineNumber, code, match.index))
                     continue;
             }
@@ -853,6 +938,71 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 // e.g. `INVALID_PASSWORD = "5020"` — error code, not a credential.
                 if (/\b[A-Z][A-Z0-9_]*\s*=\s*["']\d+["']/.test(matchedLine))
                     continue;
+                // Skip UI/error message string variables: `invalidPasswordErrorMessage = "Invalid password"`.
+                // The identifier signals a user-facing message/label/error and the value is a prose phrase
+                // (letters + at least one space), not a credential. isHumanReadableString needs 4+ words;
+                // this catches shorter 2-3 word phrases when the name is clearly a message.
+                const msgPair = matchedLine.match(/\b([A-Za-z_][A-Za-z0-9_]*)\s*[:=]\s*["']([^"']{3,})["']/);
+                if (msgPair
+                    && /(?:message|msg|error|\berr\b|label|title|hint|text|placeholder|description|tooltip|notice|warning|caption|heading|prompt|copy)/i.test(msgPair[1])
+                    && /^[A-Za-z][A-Za-z .,!?'’()-]*\s[A-Za-z .,!?'’()-]+$/.test(msgPair[2]))
+                    continue;
+            }
+            // VG138 (Plaintext Password Comparison): skip benign non-credential comparisons.
+            // (1) Confirm-password match: `req.body.password == req.body.cpassword` compares two
+            //     user inputs from the same form, not a submission against a stored secret.
+            // (2) Emptiness/presence check: `password === ''` validates that a field was provided.
+            if (rule.id === "VG138") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/(?:cpassword|confirm[_]?password|password[_]?confirm(?:ation)?|password2|repeat[_]?password|retype[_]?password|verify[_]?password)/i.test(matchedLine))
+                    continue;
+                if (/(?:password|passwd|pwd)\s*(?:===|!==|==|!=)\s*(['"])\1/i.test(matchedLine))
+                    continue;
+            }
+            // VG1002 (MongoDB NoSQL Injection via Query Operators): a query operator only enables
+            // injection when its value is attacker-controlled. Skip ONLY when the operator's value is
+            // a pure literal (`{ $ne: true }`, `{ $gt: 5 }`, `{ $regex: "^a" }`) — a static internal
+            // filter. A value built from a variable, concatenation, or template interpolation
+            // (`$where: 'this.x == ' + id`, `$where: `...${id}``) is a real injection vector — keep it.
+            if (rule.id === "VG1002") {
+                const after = code.slice(match.index + match[0].length, match.index + match[0].length + 80);
+                const staticLiteral = /^\s*:\s*(?:true|false|null|-?\d+(?:\.\d+)?|'[^'`$+]*'|"[^"`$+]*")\s*[},\]]/.test(after);
+                if (staticLiteral)
+                    continue;
+            }
+            // VG060 (Weak password hashing): MD5/SHA-1 have legitimate non-credential uses — file/
+            // build-artifact checksums, ETags, cache keys, content integrity. Skip when the context
+            // is clearly a checksum/digest-of-bytes (or a build-tool config) and not a password.
+            if (rule.id === "VG060") {
+                const isBuildConfig = filePath ? /(?:^|\/)(?:Gruntfile|gulpfile|webpack\.config|rollup\.config|vite\.config|esbuild|metro\.config)\.[cm]?[jt]s$/i.test(filePath) : false;
+                const start = Math.max(0, lineNumber - 5);
+                const window = lines.slice(start, lineNumber + 4).join("\n");
+                // NB: do NOT treat `.update(data)` / `.update(content)` as a checksum signal — `data`
+                // is too generic and `hash(data)` is exactly how weak password hashing looks. Require a
+                // file/byte-buffer or explicit checksum marker instead.
+                const looksLikeChecksum = /(?:readFileSync|createReadStream|\bBuffer\b|\.update\s*\(\s*(?:buffer|buf|fileBuffer)|fs\.read|\.md5\b|checksum|etag|integrity|cacheKey|cache[_-]?key|contentHash|fileHash|subresource)/i.test(window);
+                const looksLikePassword = /(?:password|passwd|\bpwd\b|credential|user\.pass|loginPass)/i.test(window);
+                if ((isBuildConfig || looksLikeChecksum) && !looksLikePassword)
+                    continue;
+            }
+            // VG123 (SQL Injection via Template Literal) + VG010 (SQL injection): skip when the query
+            // is parameterized (sequelize bind/replacements or $1/:name placeholders) AND every ${...}
+            // interpolation is a safe transform (hash/encode/escape/number) — not raw user input. e.g.
+            // `query(`... email = $1 ... password = '${security.hash(req.body.password)}'`, { bind: [..] })`.
+            // VG010 is included because the VG010↔VG123 dedup makes VG010 take over the same line once
+            // VG123 is suppressed — without this the FP is just relabeled, not removed.
+            if (rule.id === "VG123" || rule.id === "VG010") {
+                const tplStart = code.indexOf("`", match.index);
+                if (tplStart !== -1) {
+                    const tplEnd = code.indexOf("`", tplStart + 1);
+                    const tpl = tplEnd !== -1 ? code.slice(tplStart + 1, tplEnd) : "";
+                    const callCtx = code.slice(match.index, (tplEnd !== -1 ? tplEnd : match.index) + 200);
+                    const isParameterized = /\b(?:bind|replacements)\s*:/.test(callCtx) || /[=\s](?:\$\d+|:[a-zA-Z_]\w*)\b/.test(tpl);
+                    const interps = tpl.match(/\$\{[^}]*\}/g) || [];
+                    const allSafe = interps.length > 0 && interps.every(s => /\$\{\s*[\w$.]*(?:hash|sha\d*|md5|bcrypt|argon2?|hmac|digest|encode|escape|encodeURIComponent|toString|String|Number|parseInt|parseFloat)\b/i.test(s));
+                    if (isParameterized && allSafe)
+                        continue;
+                }
             }
             // VG106 (Timing-Unsafe Secret Comparison): skip when one operand is a React useRef
             // pattern (`*Ref.current`). Refs hold local component state, not user-provided input,
@@ -884,6 +1034,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 //   - `z.enum(filterConfig.field.operators)` (TS `as const` config object) — when
                 //     the file has any `as const` cast, treat nested property access as static
                 const matchedLine = lines[lineNumber - 1] ?? "";
+                // guardvibe-ignore VG153 — dotted-identifier path matcher; dot-anchored segments make backtracking linear
                 if (/z\.enum\s*\(\s*[\w$]+(?:\.[\w$]+)+/.test(matchedLine)) {
                     if (/\.enumValues\b/.test(matchedLine))
                         continue;

package/build/tools/taint-analysis.js

@@ -59,6 +59,25 @@ const SANITIZERS = [
     /sanitizeHtml\s*\(/,
     /xss\s*\(/,
 ];
+/**
+ * A SQL sink is NOT injectable when the query is parameterized (sequelize
+ * bind/replacements, or $1 / :name placeholders) AND every ${...} interpolation
+ * in the template is a safe transform (hash/encode/escape/number) rather than raw
+ * user input. e.g. sequelize.query(`... email = $1 ... password = '${security.hash(pw)}'`,
+ * { bind: [req.body.email] }) — the only interpolation is a fixed-charset hash, and
+ * the user value is bound. Without this, the inline-source loop reports req.body.*
+ * appearing inside the hash() call as a SQLi flow (false positive).
+ */
+function isSafeParameterizedSqlSink(lines, sinkIdx) {
+    const ctx = lines.slice(sinkIdx, sinkIdx + 4).join("\n");
+    const parameterized = /\b(?:bind|replacements)\s*:/.test(ctx) || /[=\s](?:\$\d+|:[a-zA-Z_]\w*)\b/.test(ctx);
+    if (!parameterized)
+        return false;
+    const sinkLine = lines[sinkIdx] ?? "";
+    const tpl = (sinkLine.match(/`[^`]*`/) || [""])[0];
+    const interps = tpl.match(/\$\{[^}]*\}/g) || [];
+    return interps.every(s => /\$\{\s*[\w$.]*(?:hash|sha\d*|md5|bcrypt|argon2?|hmac|digest|encode|escape|encodeURIComponent|toString|String|Number|parseInt|parseFloat)\b/i.test(s));
+}
 function extractAssignments(lines) {
     const assignments = [];
     const assignPattern = /(?:const|let|var)\s+([\w]+)\s*=\s*(.*)/;
@@ -131,6 +150,8 @@ export function analyzeTaint(code, language, filePath) {
             sink.pattern.lastIndex = 0;
             if (!sink.pattern.test(line))
                 continue;
+            if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
+                continue;
             for (const tVar of taintedVars) {
                 if (line.includes(tVar.name)) {
                     const chain = [];
@@ -160,6 +181,8 @@ export function analyzeTaint(code, language, filePath) {
             sink.pattern.lastIndex = 0;
             if (!sink.pattern.test(line))
                 continue;
+            if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
+                continue;
             for (const source of TAINT_SOURCES) {
                 source.pattern.lastIndex = 0;
                 if (source.pattern.test(line)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.1.32",
+  "version": "3.1.33",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 433 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",