guardvibe 3.1.32 → 3.1.34

package/CHANGELOG.md

@@ -5,6 +5,37 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.1.34] - 2026-06-07
+
+### Added — recall (false-negative) improvements (433 → 436 rules, 36 tools)
+Surfaced by a recall battery of canonical vulnerable snippets; each gap was reproduced, fixed, and given positive + negative tests. A ReDoS regression guard for all rule patterns (`tests/meta/redos.test.ts`) was added and caught a polynomial backtrack in one of these very changes before release.
+- **VG010** now catches the most common concat-SQLi style where the SQL string embeds a quote to wrap the value (`"... name = '" + name + "'"`), and Sequelize `literal()` raw fragments.
+- **VG014** extended to `vm.runInNewContext`/`runInContext`/`runInThisContext`/`compileFunction` and `new vm.Script`.
+- **VG070** extended to `unserialize()` (node-serialize), funcster, cryo.
+- **VG103** extended to user-controlled bracket assignment (`obj[req.body.key] = …`) and lodash `_.set`/`objectPath.set`.
+- **VG102** extended to `res.sendFile`/`res.download` path traversal.
+- **VG409** extended to open redirect via `res.setHeader("Location", userInput)`.
+- **VG1080** (new) DOM XSS via `document.write()`/`writeln()` with user input.
+- **VG1081** (new) insecure block cipher mode — AES/DES ECB and the deprecated `crypto.createCipher`.
+- **VG1082** (new) server-side template injection — `Handlebars.compile`/`ejs.render`/`pug`/`nunjucks`/lodash `_.template` on user-controlled template source.
+
+Self-audit PASS / A / 0, gate green, determinism preserved across the corpus.
+
+## [3.1.33] - 2026-06-07
+
+### Fixed — false-positive precision (no rule-count change, stays 433 / 36)
+Surfaced by an end-to-end accuracy sweep across the labeled fixture set and the real-world corpus; each change has positive + negative tests and was cross-checked against an uncapped before/after diff (removal-only, zero real findings lost).
+- **Engine:** multi-line `/* */` block comments are now stripped before matching (string-aware, scoped to C-style languages) so rules no longer fire on commented-out code; YAML/Python/shell/Dockerfile (which use `#`) are unaffected.
+- **VG060** no longer flags MD5/SHA-1 used for file/build-artifact checksums (keeps real password-hashing).
+- **VG1002** only flags query operators whose value is attacker-controlled (a static `{ $ne: true }` literal is skipped; `$where` built from a variable/concat/interpolation still fires).
+- **VG123 / VG010 / taint** skip queries that are parameterized (`bind`/`replacements`/`$1`/`:name`) and whose only interpolation is a hash/encode helper.
+- **VG951** recognizes ownership fields (`author`, `email`, `accountId`, …) in the where-clause.
+- **VG138** ignores confirm-password (`password === cpassword`) and emptiness checks.
+- **VG001** ignores UI/error-message string variables; **VG148**/**VG424** skip test (`.spec`) files.
+- **VG013** renamed to "ORM/NoSQL query injection risk" with stack-aware remediation (Sequelize/TypeORM operator injection, not Mongo-only).
+
+Tests 1820 → 1848. Self-audit PASS / A / 0. Determinism unchanged across the corpus.
+
 ## [3.1.32] - 2026-06-06
 
 ### Added — 4 new CVE rules (429 → 433), sourced via `npm run intel`

package/README.md

@@ -6,7 +6,7 @@
 [![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)
 [![codecov](https://codecov.io/gh/goklab/guardvibe/graph/badge.svg)](https://codecov.io/gh/goklab/guardvibe)
 
-**The security MCP built for vibe coding.** 433 security rules, 36 tools covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 436 security rules, 36 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -14,7 +14,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **433 security rules, 36 tools** purpose-built for the stacks AI agents generate
+- **436 security rules, 36 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -52,7 +52,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | CVE version detection | 67 packages, refreshed daily | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 433 (focused, 68 AI-native) | 5000+ (broad) | N/A |
+| Rule count | 436 (focused, 68 AI-native) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -242,7 +242,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (433 rules across 25 modules)
+## Security Rules (436 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
@@ -457,7 +457,7 @@ If your AI agent cannot connect to GuardVibe:
 
 1. **Restart your IDE/agent.** MCP servers are started by the host application. After running `npx guardvibe init`, restart Claude Code, Cursor, or Gemini CLI for the config to take effect.
 2. **Check the config path.** Run `npx guardvibe init claude` again and verify the output shows the correct config file location (`.mcp.json` in your project root for Claude Code, `.cursor/mcp.json` for Cursor).
-3. **Re-run `init` to upgrade.** When upgrading GuardVibe, re-run `npx guardvibe init claude` — `.mcp.json` is pinned to a specific version (e.g. `guardvibe@3.1.32`) at init time for fast deterministic startup. As of v3.1.2 the re-run also rewrites stale pins automatically (`Upgraded GuardVibe pin (3.1.27 → 3.1.28)`); since v3.1.27 the PostToolUse hook command is pinned to the same version (was `@latest`) and re-run upgrades a stale hook too. The same applies to `npx guardvibe hook install` and `npx guardvibe ci github` (since v3.1.3) — both are version-pinned at install/generate time and re-run to upgrade.
+3. **Re-run `init` to upgrade.** When upgrading GuardVibe, re-run `npx guardvibe init claude` — `.mcp.json` is pinned to a specific version (e.g. `guardvibe@3.1.34`) at init time for fast deterministic startup. As of v3.1.2 the re-run also rewrites stale pins automatically (`Upgraded GuardVibe pin (3.1.27 → 3.1.28)`); since v3.1.27 the PostToolUse hook command is pinned to the same version (was `@latest`) and re-run upgrades a stale hook too. The same applies to `npx guardvibe hook install` and `npx guardvibe ci github` (since v3.1.3) — both are version-pinned at install/generate time and re-run to upgrade.
 4. **Pre-3.1.1 users won't see the auto-update banner.** GuardVibe started writing a once-per-day "newer version available" notice to stderr in v3.1.1. If your install predates that, you'll never see it — run `npx -y guardvibe@latest init <host>` once to bake in the latest pin and start receiving banners on subsequent sessions.
 5. **Verify Node.js version.** GuardVibe requires Node.js >= 18.0.0. Check with `node --version`.
 6. **Check npx cache.** If you upgraded GuardVibe and the old version is cached, run `npx -y guardvibe@latest` to force the latest version.

package/build/data/rules/api-security.js

@@ -20,7 +20,7 @@ export const apiSecurityRules = [
         severity: "critical",
         owasp: "API1:2023 Broken Object Level Authorization",
         description: "Delete or update operation uses user-supplied ID without verifying resource ownership. Any authenticated user can modify or delete other users' resources.",
-        pattern: /(?:delete|update|destroy|remove)\s*\(\s*\{?\s*(?:where\s*:\s*\{)?\s*(?:id|_id)\s*:\s*(?:req\.(?:params|query|body)|params\.|args\.|input\.)(?:(?!userId|user_id|ownerId|owner_id|createdBy|created_by)[\s\S]){0,200}?\}/gi,
+        pattern: /(?:delete|update|destroy|remove)\s*\(\s*\{?\s*(?:where\s*:\s*\{)?\s*(?:id|_id)\s*:\s*(?:req\.(?:params|query|body)|params\.|args\.|input\.)(?:(?!userId|user_id|ownerId|owner_id|createdBy|created_by|author|authorId|author_id|email|userEmail|accountId|account_id|tenantId|tenant_id|orgId|org_id|organizationId)[\s\S]){0,200}?\}/gi,
         languages: ["javascript", "typescript"],
         fix: "Include the authenticated user's ID in the where clause to prevent unauthorized modifications.",
         fixCode: '// Scope mutations to the authenticated user\nconst { userId } = await auth();\nawait prisma.post.delete({\n  where: { id: params.id, userId }, // ownership!\n});',

package/build/data/rules/core.js

@@ -55,7 +55,7 @@ export const coreRules = [
         severity: "critical",
         owasp: "A02:2025 Injection",
         description: "String concatenation, template literals, or f-strings used in SQL queries — whether inline in the DB call or assembled in a variable/return first. This allows SQL injection attacks.",
-        pattern: /(?:query|execute|raw|sql|all|run|get|exec|prepare|QueryRow|QueryContext)\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+\s*|f"[^"]*\{|f'[^']*\{|['"][^'"]*['"]\s*%\s*|['"][^'"]*['"]\s*\.format\s*\(|['"][^'"]*['"]\s*,\s*(?:req\.|request\.|params\.|body\.|args))|(?:=|return)\s*(?:`\s*(?:SELECT|INSERT|UPDATE|DELETE)\b[^`]*\b(?:FROM|INTO|SET|WHERE|VALUES)\b[^`]*\$\{|['"]\s*(?:SELECT|INSERT|UPDATE|DELETE)\b[^\n]*?\b(?:FROM|INTO|SET|WHERE|VALUES)\b[^\n]*?['"]\s*\+\s*\w)/gi,
+        pattern: /(?:query|execute|raw|sql|all|run|get|exec|prepare|literal|QueryRow|QueryContext)\s*\(\s*(?:`[^`]*\$\{|(?:"[^"]*"|'[^']*')\s*\+\s*|f"[^"]*\{|f'[^']*\{|['"][^'"]*['"]\s*%\s*|['"][^'"]*['"]\s*\.format\s*\(|['"][^'"]*['"]\s*,\s*(?:req\.|request\.|params\.|body\.|args))|(?:=|return)\s*(?:`\s*(?:SELECT|INSERT|UPDATE|DELETE)\b[^`]*\b(?:FROM|INTO|SET|WHERE|VALUES)\b[^`]*\$\{|['"]\s*(?:SELECT|INSERT|UPDATE|DELETE)\b[^\n]*?\b(?:FROM|INTO|SET|WHERE|VALUES)\b[^\n]*?['"]\s*\+\s*\w)/gi,
         languages: ["javascript", "typescript", "python", "go"],
         fix: "Use parameterized queries: db.query('SELECT * FROM users WHERE id = $1', [userId]). Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,)). Never concatenate user input into SQL strings.",
         fixCode: "// Use parameterized queries\ndb.query('SELECT * FROM users WHERE id = $1', [userId]);\n// Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))",
@@ -100,14 +100,14 @@ export const coreRules = [
     },
     {
         id: "VG013",
-        name: "NoSQL injection risk",
+        name: "ORM/NoSQL query injection risk",
         severity: "high",
         owasp: "A02:2025 Injection",
-        description: "User input passed directly to MongoDB/NoSQL query operators.",
+        description: "User input passed directly into an ORM/NoSQL query filter object — a MongoDB/Mongoose .find()/.findOne() or a SQL-ORM where clause (Sequelize .find({where}), TypeORM). When the value is an object instead of a scalar, an attacker can inject query operators (MongoDB $ne/$gt/$where, or Sequelize string-operator aliases like $gt/$ne in v4) to bypass authentication or filters. Express parses req.query via qs into nested objects, so query-param values reach the filter as objects unless coerced.",
         pattern: /(?:find|findOne|updateOne|deleteOne|aggregate)\s*\(\s*\{[^}]*(?:req\.|request\.|body\.|params\.)/gi,
         languages: ["javascript", "typescript"],
-        fix: "Validate and sanitize input before using in queries. Use mongoose schema validation. Reject objects where strings are expected.",
-        fixCode: "// Validate input type before query\nconst id = typeof req.params.id === 'string' ? req.params.id : '';\nawait collection.findOne({ _id: new ObjectId(id) });",
+        fix: "Coerce filter values to scalars before querying and reject objects where strings are expected: const id = typeof req.params.id === 'string' ? req.params.id : ''. For Mongoose use schema validation; for Sequelize wrap values (String(req.query.id)) and never spread raw req objects into a where clause.",
+        fixCode: "// Coerce to a scalar before using in any ORM/NoSQL query filter\nconst id = typeof req.params.id === 'string' ? req.params.id : '';\n// Mongoose: await collection.findOne({ _id: new ObjectId(id) });\n// Sequelize: await Model.findOne({ where: { id: String(req.query.id) } });",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
     {
@@ -116,7 +116,7 @@ export const coreRules = [
         severity: "critical",
         owasp: "A02:2025 Injection",
         description: "Dynamic code execution function detected. This can run arbitrary code and is a major security risk.",
-        pattern: /(?:\beval\s*\(|new\s+Function\s*\()/gi,
+        pattern: /(?:\beval\s*\(|new\s+Function\s*\(|\bvm\s*\.\s*(?:runInNewContext|runInContext|runInThisContext|compileFunction)\s*\(|new\s+vm\s*\.\s*Script\s*\()/gi,
         languages: ["javascript", "typescript", "python"],
         fix: "Avoid dynamic code execution. Use JSON.parse() for JSON data. Use a sandboxed environment if absolutely required.",
         fixCode: "// Use JSON.parse for data\nconst data = JSON.parse(input);\n// Alternatives: use a proper parser for your data format\n// const fn = new " + "Function('x', 'return x * 2'); // only if absolutely needed",
@@ -224,7 +224,7 @@ export const coreRules = [
         severity: "high",
         owasp: "A08:2025 Data Integrity Failures",
         description: "Deserializing untrusted data can lead to remote code execution.",
-        pattern: /(?:JSON\.parse\s*\(\s*(?:req\.|request\.|body)|pickle\.loads?\s*\(|yaml\.(?:load|unsafe_load)\s*\()/gi,
+        pattern: /(?:JSON\.parse\s*\(\s*(?:req\.|request\.|body)|pickle\.loads?\s*\(|yaml\.(?:load|unsafe_load)\s*\(|\bunserialize\s*\(|\bfuncster\s*\.|\bcryo\s*\.\s*parse\s*\()/gi,
         languages: ["javascript", "typescript", "python"],
         fix: "Validate all deserialized data with a schema (zod, joi) before processing.",
         fixCode: "// Validate with schema after parsing\nimport { z } from 'zod';\nconst schema = z.object({ name: z.string() });\nconst data = schema.parse(JSON.parse(req.body));",
@@ -284,7 +284,7 @@ export const coreRules = [
         severity: "high",
         owasp: "A01:2025 Broken Access Control",
         description: "User input used in file paths without sanitization.",
-        pattern: /(?:readFile|readFileSync|createReadStream|open|path\.join|path\.resolve)\s*\([^)]*(?:req\.|request\.|params\.|body\.|query\.)/gi,
+        pattern: /(?:readFile|readFileSync|createReadStream|open|sendFile|download|path\.join|path\.resolve)\s*\([^)]*(?:req\.|request\.|params\.|body\.|query\.)/gi,
         languages: ["javascript", "typescript", "python", "go"],
         fix: "Sanitize file paths: remove ../ sequences, verify the result is within the expected directory.",
         fixCode: "import path from 'path';\nconst safePath = path.resolve('/uploads', filename);\nif (!safePath.startsWith('/uploads/')) throw new Error('Invalid path');",
@@ -296,7 +296,7 @@ export const coreRules = [
         severity: "high",
         owasp: "A02:2025 Injection",
         description: "Deep merge or object assignment from user input can lead to prototype pollution.",
-        pattern: /(?:Object\.assign|\bmerge\b|deepMerge|\bextend\b)\s*\([^)]*(?:req\.|request\.|\bbody\b|\bparams\b)/gi,
+        pattern: /(?:(?:Object\.assign|\bmerge\b|deepMerge|\bextend\b|(?:_|lodash)\.set(?:With)?|objectPath\.set|dotProp\.set)\s*\([^)]*(?:req\.|request\.|\bbody\b|\bparams\b)|\[\s*(?:req|request)\.(?:body|params|query)\.[\w.]+\s*\]\s*=(?!=))/gi,
         languages: ["javascript", "typescript"],
         fix: "Use Object.create(null) for lookup objects. Validate that keys don't include __proto__, constructor, or prototype.",
         fixCode: "// Use Object.create(null) for lookups\nconst lookup = Object.create(null);\n// Validate keys\nconst forbidden = ['__proto__', 'constructor', 'prototype'];\nif (forbidden.includes(key)) throw new Error('Invalid key');",

package/build/data/rules/nextjs.js

@@ -117,7 +117,7 @@ export const nextjsRules = [
         severity: "medium",
         owasp: "A01:2025 Broken Access Control",
         description: "redirect() or NextResponse.redirect() uses user-controlled input (searchParams, query) which can redirect users to malicious sites.",
-        pattern: /(?:redirect|NextResponse\.redirect|res\.redirect|Response\.redirect)\s*\(\s*(?:searchParams|params|req\.query|request\.url|url|query|returnTo|callbackUrl|next|goto|returnUrl|redirectUrl|destination)\b/gi,
+        pattern: /(?:(?:redirect|NextResponse\.redirect|res\.redirect|Response\.redirect)\s*\(\s*(?:searchParams|params|req\.query|request\.url|url|query|returnTo|callbackUrl|next|goto|returnUrl|redirectUrl|destination)\b|(?:res|reply)\.setHeader\s*\(\s*['"][Ll]ocation['"]\s*,\s*(?:req\.|request\.|searchParams|params\b|url\b|query\b|returnTo|callbackUrl|returnUrl|redirectUrl|destination))/gi,
         languages: ["javascript", "typescript"],
         fix: "Validate redirect URLs against an allowlist of trusted domains.",
         fixCode: '// Validate redirect URL\nconst ALLOWED_HOSTS = ["example.com"];\nconst target = searchParams.get("next") ?? "/";\ntry {\n  const url = new URL(target, request.url);\n  if (!ALLOWED_HOSTS.includes(url.hostname)) redirect("/");\n  redirect(url.pathname);\n} catch {\n  redirect("/");\n}',

package/build/data/rules/web-security.js

@@ -185,4 +185,40 @@ export const webSecurityRules = [
         fixCode: '// Set nosniff header for uploaded file responses\nres.setHeader("X-Content-Type-Options", "nosniff");\nres.setHeader("Content-Disposition", "attachment"); // force download for unknown types\nres.sendFile(filePath);',
         compliance: ["SOC2:CC6.1"],
     },
+    {
+        id: "VG1080",
+        name: "DOM XSS via document.write()",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "document.write()/document.writeln() called with user-controlled or concatenated/interpolated content. document.write parses its argument as HTML, so attacker-influenced input (location, query params, cookies, window.name) leads to DOM-based cross-site scripting.",
+        pattern: /document\.write(?:ln)?\s*\(\s*(?:[^)]*?(?:location|document\.(?:URL|cookie|referrer)|searchParams|req\.|request\.|params\.|query\.|window\.name|\binput\b)|`[^`]*\$\{|["'][^"']*["']\s*\+)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never build HTML with document.write from untrusted input. Use safe DOM APIs (textContent, createElement) or sanitize with DOMPurify before inserting.",
+        fixCode: "// BAD: document.write('<div>' + location.hash + '</div>')\n// GOOD:\nconst el = document.createElement('div');\nel.textContent = userValue; // auto-escaped\ncontainer.appendChild(el);",
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
+    },
+    {
+        id: "VG1081",
+        name: "Insecure Block Cipher Mode (ECB / deprecated createCipher)",
+        severity: "high",
+        owasp: "A02:2025 Cryptographic Failures",
+        description: "AES/DES used in ECB mode (createCipheriv with an *-ecb algorithm), or the deprecated crypto.createCipher() which derives a key/IV insecurely. ECB encrypts identical plaintext blocks to identical ciphertext blocks, leaking structure; createCipher is password-derived and IV-less. Both are cryptographically broken for confidentiality.",
+        pattern: /(?:createCipheriv\s*\(\s*["'][^"']*-ecb["']|createDecipheriv\s*\(\s*["'][^"']*-ecb["']|crypto\s*\.\s*createCipher\s*\(\s*["'])/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Use an authenticated mode: aes-256-gcm with a random 12-byte IV per message (crypto.randomBytes), or aes-256-cbc with a random IV and a separate MAC. Never use ECB; replace createCipher with createCipheriv.",
+        fixCode: "// GOOD: AES-256-GCM with a random IV\nconst iv = crypto.randomBytes(12);\nconst cipher = crypto.createCipheriv('aes-256-gcm', key, iv);\nconst enc = Buffer.concat([cipher.update(data), cipher.final()]);\nconst tag = cipher.getAuthTag();",
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.5", "HIPAA:§164.312(a)(2)(iv)"],
+    },
+    {
+        id: "VG1082",
+        name: "Server-Side Template Injection (SSTI)",
+        severity: "critical",
+        owasp: "A03:2025 Injection",
+        description: "A template engine compiles/renders a user-controlled template SOURCE (not just user data bound into a fixed template). Handlebars.compile, ejs.render/compile, pug, nunjucks.renderString, or lodash _.template on attacker-influenced input allows server-side template injection — often a path to remote code execution.",
+        pattern: /(?:Handlebars\.compile|ejs\.(?:render|compile)|pug\.(?:compile|render)|nunjucks\.(?:renderString|compile)|_\.template|lodash\.template|dot\.template)\s*\(\s*(?:[^,)]*?(?:req\.|request\.|\bbody\b|\bparams\b|\bquery\b|userInput|\binput\b)|`[^`]*\$\{|[^,)]*\+)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never compile a template from user input. Keep template sources static/server-owned and pass user values only as DATA to a precompiled template. If user-authored templates are required, use a sandboxed engine with no access to globals.",
+        fixCode: "// BAD: ejs.render(req.body.template, data)\n// GOOD: fixed template, user value as data only\nconst tpl = ejs.compile(STATIC_TEMPLATE);\nres.send(tpl({ name: req.body.name }));",
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/tools/check-code.js

@@ -70,6 +70,77 @@ function isInComment(lines, lineNumber) {
         trimmed.startsWith("<!--") ||
         trimmed.startsWith("/*"));
 }
+/**
+ * Compute the set of 1-based line numbers that fall inside a multi-line block
+ * comment (slash-star ... star-slash). `isInComment` only catches lines whose
+ * trimmed start is a comment marker, so a line like `  res.cookie(...)` sitting
+ * INSIDE a commented-out block (common in teaching repos that keep "Fix for X"
+ * demos inline) was scanned as live code — a false-positive class for VG100,
+ * VG042 and any other non-CVE rule. This is a string-aware lexer pass (skips
+ * markers that appear inside ' " ` strings and after a // line comment) so URLs
+ * (`http://`), division, and regex-ish literals don't spuriously open a block.
+ */
+function computeBlockCommentLines(code) {
+    const inBlock = new Set();
+    let line = 1;
+    let state = "code";
+    for (let i = 0; i < code.length; i++) {
+        const c = code[i];
+        const c2 = i + 1 < code.length ? code[i + 1] : "";
+        if (c === "\n") {
+            line++;
+            if (state === "line")
+                state = "code";
+            continue;
+        }
+        switch (state) {
+            case "code":
+                if (c === "/" && c2 === "/") {
+                    state = "line";
+                    i++;
+                }
+                else if (c === "/" && c2 === "*") {
+                    state = "block";
+                    inBlock.add(line);
+                    i++;
+                }
+                else if (c === "'")
+                    state = "sq";
+                else if (c === '"')
+                    state = "dq";
+                else if (c === "`")
+                    state = "tpl";
+                break;
+            case "block":
+                inBlock.add(line);
+                if (c === "*" && c2 === "/") {
+                    state = "code";
+                    i++;
+                }
+                break;
+            case "sq":
+                if (c === "\\")
+                    i++;
+                else if (c === "'")
+                    state = "code";
+                break;
+            case "dq":
+                if (c === "\\")
+                    i++;
+                else if (c === '"')
+                    state = "code";
+                break;
+            case "tpl":
+                if (c === "\\")
+                    i++;
+                else if (c === "`")
+                    state = "code";
+                break;
+            // "line" state is exited at the newline handler above
+        }
+    }
+    return inBlock;
+}
 /**
  * Check if a match is inside a multi-line string literal (template literal,
  * fixCode/description property, or string concatenation).
@@ -187,6 +258,7 @@ function hasAuthGuardPattern(code) {
     }
     // Pattern 3: function called with await that contains auth-like keywords in name
     // Broad catch: any function name containing auth/session/permission/guard/verify/protect
+    // guardvibe-ignore VG153 — dotted-identifier path matcher; each `\w+\.` segment is dot-anchored, so backtracking is linear, not catastrophic
     if (/await\s+(?:\w+\.)*\w*(?:auth|Auth|session|Session|permission|Permission|guard|Guard|verify|Verify|protect|Protect|check|Check|ensure|Ensure|require|Require|assert|Assert|authorize|Authorize)\w*\s*\(/i.test(code)) {
         return true;
     }
@@ -221,6 +293,7 @@ function hasRoleCheckPattern(code) {
         /(?:requireAdmin|requireRole|checkAdmin|isAdmin|verifyAdmin|assertAdmin)\s*\(/i.test(code))
         return true;
     // await requireAdmin() with error check pattern (naming-agnostic admin guard)
+    // guardvibe-ignore VG153 — dotted-identifier path matcher; dot-anchored segments make backtracking linear
     if (/await\s+(?:\w+\.)*\w*(?:Admin|admin)\w*\s*\([^)]*\)\s*;?\s*\n\s*if\s*\(/i.test(code))
         return true;
     return false;
@@ -346,6 +419,14 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         if (customPattern.test(code))
             codeHasAuthGuard = true;
     }
+    // Line numbers inside multi-line /* */ block comments — computed once per file
+    // (string-aware) so the per-match comment skip can drop matches on commented-out
+    // code whose own line doesn't start with a comment marker. Gated to languages that
+    // actually use C-style /* */ comments — YAML/Python/shell/Dockerfile/TOML use #, so
+    // a `/*` there (e.g. a `# .../health/*` path glob in a k8s manifest) is NOT a comment
+    // opener and must not suppress real findings.
+    const usesCStyleBlockComments = language === "javascript" || language === "typescript" || language === "go";
+    const blockCommentLines = usesCStyleBlockComments && code.includes("/*") ? computeBlockCommentLines(code) : null;
     const effectiveRules = rules ?? owaspRules;
     for (const rule of effectiveRules) {
         if (!rule.languages.includes(language))
@@ -370,7 +451,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         //   agent.get('/?q=' + sqlPayload) which match the regex but aren't database calls
         // - VG042/VG678: HTTP-response/security-header rules (tests don't serve to real users)
         const isTestFile = filePath && /(?:\.(?:[\w-]+-)?(?:spec|test|e2e|stories|cy)\.(?:ts|tsx|js|jsx|mjs|cjs)$|_test\.go$|\/__tests__\/|\/__mocks__\/|\/tests?\/|\/cypress\/|\/playwright\/|\/dockertest\/|\/testutil\/|\/testhelpers?\/|\/testfixtures?\/)/i.test(filePath);
-        if (isTestFile && ["VG001", "VG003", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409"].includes(rule.id))
+        if (isTestFile && ["VG001", "VG003", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409", "VG148", "VG424"].includes(rule.id))
             continue;
         // VG955 (Missing Pagination on List Endpoint): only fire on actual request-handling
         // surfaces — API routes, App Router `route.{ts,tsx}`, pages/api, or Server Actions.
@@ -792,6 +873,10 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 const isMultiLineMatch = match[0].includes("\n");
                 if (!isMultiLineMatch && isInComment(lines, lineNumber))
                     continue;
+                // Single-line match sitting inside a /* ... */ block comment (its own line
+                // may not start with a comment marker) — commented-out dead code, skip.
+                if (!isMultiLineMatch && blockCommentLines?.has(lineNumber))
+                    continue;
                 if (isInsideStringLiteral(lines, lineNumber, code, match.index))
                     continue;
             }
@@ -853,6 +938,71 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 // e.g. `INVALID_PASSWORD = "5020"` — error code, not a credential.
                 if (/\b[A-Z][A-Z0-9_]*\s*=\s*["']\d+["']/.test(matchedLine))
                     continue;
+                // Skip UI/error message string variables: `invalidPasswordErrorMessage = "Invalid password"`.
+                // The identifier signals a user-facing message/label/error and the value is a prose phrase
+                // (letters + at least one space), not a credential. isHumanReadableString needs 4+ words;
+                // this catches shorter 2-3 word phrases when the name is clearly a message.
+                const msgPair = matchedLine.match(/\b([A-Za-z_][A-Za-z0-9_]*)\s*[:=]\s*["']([^"']{3,})["']/);
+                if (msgPair
+                    && /(?:message|msg|error|\berr\b|label|title|hint|text|placeholder|description|tooltip|notice|warning|caption|heading|prompt|copy)/i.test(msgPair[1])
+                    && /^[A-Za-z][A-Za-z .,!?'’()-]*\s[A-Za-z .,!?'’()-]+$/.test(msgPair[2]))
+                    continue;
+            }
+            // VG138 (Plaintext Password Comparison): skip benign non-credential comparisons.
+            // (1) Confirm-password match: `req.body.password == req.body.cpassword` compares two
+            //     user inputs from the same form, not a submission against a stored secret.
+            // (2) Emptiness/presence check: `password === ''` validates that a field was provided.
+            if (rule.id === "VG138") {
+                const matchedLine = lines[lineNumber - 1] ?? "";
+                if (/(?:cpassword|confirm[_]?password|password[_]?confirm(?:ation)?|password2|repeat[_]?password|retype[_]?password|verify[_]?password)/i.test(matchedLine))
+                    continue;
+                if (/(?:password|passwd|pwd)\s*(?:===|!==|==|!=)\s*(['"])\1/i.test(matchedLine))
+                    continue;
+            }
+            // VG1002 (MongoDB NoSQL Injection via Query Operators): a query operator only enables
+            // injection when its value is attacker-controlled. Skip ONLY when the operator's value is
+            // a pure literal (`{ $ne: true }`, `{ $gt: 5 }`, `{ $regex: "^a" }`) — a static internal
+            // filter. A value built from a variable, concatenation, or template interpolation
+            // (`$where: 'this.x == ' + id`, `$where: `...${id}``) is a real injection vector — keep it.
+            if (rule.id === "VG1002") {
+                const after = code.slice(match.index + match[0].length, match.index + match[0].length + 80);
+                const staticLiteral = /^\s*:\s*(?:true|false|null|-?\d+(?:\.\d+)?|'[^'`$+]*'|"[^"`$+]*")\s*[},\]]/.test(after);
+                if (staticLiteral)
+                    continue;
+            }
+            // VG060 (Weak password hashing): MD5/SHA-1 have legitimate non-credential uses — file/
+            // build-artifact checksums, ETags, cache keys, content integrity. Skip when the context
+            // is clearly a checksum/digest-of-bytes (or a build-tool config) and not a password.
+            if (rule.id === "VG060") {
+                const isBuildConfig = filePath ? /(?:^|\/)(?:Gruntfile|gulpfile|webpack\.config|rollup\.config|vite\.config|esbuild|metro\.config)\.[cm]?[jt]s$/i.test(filePath) : false;
+                const start = Math.max(0, lineNumber - 5);
+                const window = lines.slice(start, lineNumber + 4).join("\n");
+                // NB: do NOT treat `.update(data)` / `.update(content)` as a checksum signal — `data`
+                // is too generic and `hash(data)` is exactly how weak password hashing looks. Require a
+                // file/byte-buffer or explicit checksum marker instead.
+                const looksLikeChecksum = /(?:readFileSync|createReadStream|\bBuffer\b|\.update\s*\(\s*(?:buffer|buf|fileBuffer)|fs\.read|\.md5\b|checksum|etag|integrity|cacheKey|cache[_-]?key|contentHash|fileHash|subresource)/i.test(window);
+                const looksLikePassword = /(?:password|passwd|\bpwd\b|credential|user\.pass|loginPass)/i.test(window);
+                if ((isBuildConfig || looksLikeChecksum) && !looksLikePassword)
+                    continue;
+            }
+            // VG123 (SQL Injection via Template Literal) + VG010 (SQL injection): skip when the query
+            // is parameterized (sequelize bind/replacements or $1/:name placeholders) AND every ${...}
+            // interpolation is a safe transform (hash/encode/escape/number) — not raw user input. e.g.
+            // `query(`... email = $1 ... password = '${security.hash(req.body.password)}'`, { bind: [..] })`.
+            // VG010 is included because the VG010↔VG123 dedup makes VG010 take over the same line once
+            // VG123 is suppressed — without this the FP is just relabeled, not removed.
+            if (rule.id === "VG123" || rule.id === "VG010") {
+                const tplStart = code.indexOf("`", match.index);
+                if (tplStart !== -1) {
+                    const tplEnd = code.indexOf("`", tplStart + 1);
+                    const tpl = tplEnd !== -1 ? code.slice(tplStart + 1, tplEnd) : "";
+                    const callCtx = code.slice(match.index, (tplEnd !== -1 ? tplEnd : match.index) + 200);
+                    const isParameterized = /\b(?:bind|replacements)\s*:/.test(callCtx) || /[=\s](?:\$\d+|:[a-zA-Z_]\w*)\b/.test(tpl);
+                    const interps = tpl.match(/\$\{[^}]*\}/g) || [];
+                    const allSafe = interps.length > 0 && interps.every(s => /\$\{\s*[\w$.]*(?:hash|sha\d*|md5|bcrypt|argon2?|hmac|digest|encode|escape|encodeURIComponent|toString|String|Number|parseInt|parseFloat)\b/i.test(s));
+                    if (isParameterized && allSafe)
+                        continue;
+                }
             }
             // VG106 (Timing-Unsafe Secret Comparison): skip when one operand is a React useRef
             // pattern (`*Ref.current`). Refs hold local component state, not user-provided input,
@@ -884,6 +1034,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                 //   - `z.enum(filterConfig.field.operators)` (TS `as const` config object) — when
                 //     the file has any `as const` cast, treat nested property access as static
                 const matchedLine = lines[lineNumber - 1] ?? "";
+                // guardvibe-ignore VG153 — dotted-identifier path matcher; dot-anchored segments make backtracking linear
                 if (/z\.enum\s*\(\s*[\w$]+(?:\.[\w$]+)+/.test(matchedLine)) {
                     if (/\.enumValues\b/.test(matchedLine))
                         continue;

package/build/tools/taint-analysis.js

@@ -59,6 +59,25 @@ const SANITIZERS = [
     /sanitizeHtml\s*\(/,
     /xss\s*\(/,
 ];
+/**
+ * A SQL sink is NOT injectable when the query is parameterized (sequelize
+ * bind/replacements, or $1 / :name placeholders) AND every ${...} interpolation
+ * in the template is a safe transform (hash/encode/escape/number) rather than raw
+ * user input. e.g. sequelize.query(`... email = $1 ... password = '${security.hash(pw)}'`,
+ * { bind: [req.body.email] }) — the only interpolation is a fixed-charset hash, and
+ * the user value is bound. Without this, the inline-source loop reports req.body.*
+ * appearing inside the hash() call as a SQLi flow (false positive).
+ */
+function isSafeParameterizedSqlSink(lines, sinkIdx) {
+    const ctx = lines.slice(sinkIdx, sinkIdx + 4).join("\n");
+    const parameterized = /\b(?:bind|replacements)\s*:/.test(ctx) || /[=\s](?:\$\d+|:[a-zA-Z_]\w*)\b/.test(ctx);
+    if (!parameterized)
+        return false;
+    const sinkLine = lines[sinkIdx] ?? "";
+    const tpl = (sinkLine.match(/`[^`]*`/) || [""])[0];
+    const interps = tpl.match(/\$\{[^}]*\}/g) || [];
+    return interps.every(s => /\$\{\s*[\w$.]*(?:hash|sha\d*|md5|bcrypt|argon2?|hmac|digest|encode|escape|encodeURIComponent|toString|String|Number|parseInt|parseFloat)\b/i.test(s));
+}
 function extractAssignments(lines) {
     const assignments = [];
     const assignPattern = /(?:const|let|var)\s+([\w]+)\s*=\s*(.*)/;
@@ -131,6 +150,8 @@ export function analyzeTaint(code, language, filePath) {
             sink.pattern.lastIndex = 0;
             if (!sink.pattern.test(line))
                 continue;
+            if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
+                continue;
             for (const tVar of taintedVars) {
                 if (line.includes(tVar.name)) {
                     const chain = [];
@@ -160,6 +181,8 @@ export function analyzeTaint(code, language, filePath) {
             sink.pattern.lastIndex = 0;
             if (!sink.pattern.test(line))
                 continue;
+            if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
+                continue;
             for (const source of TAINT_SOURCES) {
                 source.pattern.lastIndex = 0;
                 if (source.pattern.test(line)) {

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.1.32",
+  "version": "3.1.34",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security MCP for vibe coding. 433 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
+  "description": "Security MCP for vibe coding. 436 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",