guardvibe 3.1.36 → 3.1.37

package/CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.1.37] - 2026-06-07
+
+### Added — taint + secret scanning on the `check` path (no rule-count change, 438 / 36)
+Until now only `audit` ran taint analysis and secret-pattern scanning; the everyday `check` / `scan <file>` commands, the MCP `check_code` / `scan_file` / `scan_changed_files` tools, the `diff` path and the pre-commit hook ran regex rules only. They now share one combined analyzer, so two-step variable-indirection flows and hardcoded secrets are caught before code is committed:
+- **Two-step taint** — a query, file path or shell command assembled into a variable before reaching the sink (path traversal, SQL/code injection, XSS) is now reported on the check path, not just inline patterns.
+- **Command-injection taint sink** — `exec()` / `execSync()` fed tainted input is now a sink (the lookbehind excludes method calls like `regex.exec()` / `db.execSync()`). Validated against the corpus: 2 hits, both real RCE, zero hits on 9 production repos.
+- **Hardcoded secrets** — PEM private keys, cloud keys and tokens are flagged on the check path even when the variable name is innocuous.
+
+### Fixed — taint precision (improves both `check` and `audit`)
+- **Open redirect** no longer fires on same-origin root-relative targets (`redirect("/path")`, `` redirect(`/${slug}/settings`) ``); external (`https://…`) and protocol-relative (`//host`) targets are still flagged.
+- Taint and secrets are skipped on minified/vendor bundles (`.min.js` and long-line content), matching the audit, and secret patterns are skipped in test fixtures that carry fake keys by design.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.1.36] - 2026-06-07
 
 ### Added — high-value recall rules (436 → 438, 36 tools)

package/build/cli/scan.js

@@ -76,7 +76,7 @@ export async function runDirectoryScan(targetPath, flags) {
 }
 export async function runDiffScan(base, flags) {
     const { execFileSync } = await import("child_process");
-    const { analyzeCode } = await import("../tools/check-code.js");
+    const { analyzeFileSecurity } = await import("../tools/file-security.js");
     const { EXTENSION_MAP, CONFIG_FILE_MAP } = await import("../utils/constants.js");
     const format = validateFormat(flags);
     const outputFile = getOutputPath(flags);
@@ -109,7 +109,7 @@ export async function runDiffScan(base, flags) {
             continue;
         try {
             const content = readFileSync(fullPath, "utf-8");
-            const findings = analyzeCode(content, language, undefined, fullPath, root);
+            const findings = analyzeFileSecurity(content, language, undefined, fullPath, root);
             for (const f of findings) {
                 allFindings.push({ file: relPath, severity: f.rule.severity, name: f.rule.name, id: f.rule.id, line: f.line, fix: f.rule.fix });
             }
@@ -167,7 +167,8 @@ export async function runDiffScan(base, flags) {
     }
 }
 export async function runFileCheck(filePath, flags) {
-    const { checkCode } = await import("../tools/check-code.js");
+    const { renderFindings } = await import("../tools/check-code.js");
+    const { analyzeFileSecurity } = await import("../tools/file-security.js");
     const resolved = resolve(filePath);
     if (!existsSync(resolved)) {
         console.error(`  [ERR] File not found: ${resolved}`);
@@ -191,7 +192,8 @@ export async function runFileCheck(filePath, flags) {
     }
     const format = validateFormat(flags);
     const formatArg = format === "json" ? "json" : format === "buddy" ? "buddy" : "markdown";
-    const result = checkCode(content, language, undefined, resolved, undefined, formatArg);
+    const findings = analyzeFileSecurity(content, language, undefined, resolved, undefined);
+    const result = renderFindings(findings, language, undefined, formatArg, resolved);
     const outputFile = getOutputPath(flags);
     if (outputFile) {
         safeWriteOutput(outputFile, result);

package/build/index.js

@@ -3,7 +3,8 @@ import { createRequire } from "module";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
-import { checkCode, analyzeCode } from "./tools/check-code.js";
+import { renderFindings } from "./tools/check-code.js";
+import { analyzeFileSecurity } from "./tools/file-security.js";
 const require = createRequire(import.meta.url);
 const pkg = require("../package.json");
 import { checkProject } from "./tools/check-project.js";
@@ -75,8 +76,8 @@ server.tool("check_code", "Analyze inline code for security vulnerabilities (OWA
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
 }, async ({ code, language, framework, format }) => {
     const rules = getRules();
-    const results = checkCode(code, language, framework, undefined, undefined, format, rules);
-    const findings = analyzeCode(code, language, framework, undefined, undefined, rules);
+    const findings = analyzeFileSecurity(code, language, framework, undefined, undefined, rules);
+    const results = renderFindings(findings, language, framework, format, undefined);
     const cwd = process.cwd();
     recordScan(cwd, { toolName: "check_code", filesScanned: 1, findings: findings.map(f => ({ severity: f.rule.severity, ruleId: f.rule.id })) });
     const summary = getSummaryLine(cwd, findings.length, format);
@@ -507,8 +508,8 @@ server.tool("scan_file", "Scan a single file on disk by path for security vulner
         return { content: [{ type: "text", text: format === "json" ? JSON.stringify({ summary: { total: 0 }, findings: [] }) : "Unsupported file type." }] };
     }
     const rules = getRules();
-    const result = checkCode(content, language, undefined, resolved, dirname(resolved), format, rules);
-    const findings = analyzeCode(content, language, undefined, resolved, dirname(resolved), rules);
+    const findings = analyzeFileSecurity(content, language, undefined, resolved, dirname(resolved), rules);
+    const result = renderFindings(findings, language, undefined, format, resolved);
     const cwd = dirname(resolved);
     recordScan(cwd, { toolName: "scan_file", filesScanned: 1, findings: findings.map(f => ({ severity: f.rule.severity, ruleId: f.rule.id })) });
     const summary = getSummaryLine(cwd, findings.length, format);
@@ -569,7 +570,7 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
             continue;
         try {
             const content = readFileSync(fullPath, "utf-8");
-            const findings = analyzeCode(content, language, undefined, fullPath, root, rules);
+            const findings = analyzeFileSecurity(content, language, undefined, fullPath, root, rules);
             for (const f of findings) {
                 allFindings.push({
                     file: relPath, id: f.rule.id, name: f.rule.name,

package/build/tools/check-code.d.ts

@@ -14,3 +14,9 @@ export declare function isRuleDefinitionFile(code: string, filePath?: string): b
 export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, rules?: SecurityRule[]): Finding[];
 export declare function formatFindingsJson(findings: Finding[], extra?: Record<string, unknown>): string;
 export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, format?: "markdown" | "json" | "buddy", rules?: SecurityRule[]): string;
+/**
+ * Render a pre-computed Finding[] into the requested output format. Split out of
+ * `checkCode` so the `check` path can run the combined analyzer (`analyzeFileSecurity`
+ * = regex + taint + secrets) and still reuse the exact same rendering.
+ */
+export declare function renderFindings(findings: Finding[], language: string, framework?: string, format?: "markdown" | "json" | "buddy", filePath?: string): string;

package/build/tools/check-code.js

@@ -1497,6 +1497,14 @@ export function formatFindingsJson(findings, extra) {
 }
 export function checkCode(code, language, framework, filePath, configDir, format = "markdown", rules) {
     const findings = analyzeCode(code, language, framework, filePath, configDir, rules);
+    return renderFindings(findings, language, framework, format, filePath);
+}
+/**
+ * Render a pre-computed Finding[] into the requested output format. Split out of
+ * `checkCode` so the `check` path can run the combined analyzer (`analyzeFileSecurity`
+ * = regex + taint + secrets) and still reuse the exact same rendering.
+ */
+export function renderFindings(findings, language, framework, format = "markdown", filePath) {
     if (format === "json") {
         return formatFindingsJson(findings);
     }

package/build/tools/file-security.d.ts

@@ -0,0 +1,7 @@
+import { type Finding } from "./check-code.js";
+import type { SecurityRule } from "../data/rules/types.js";
+/**
+ * Run regex rules + per-file taint analysis + secret patterns on a single file's
+ * content and return a merged, de-duplicated `Finding[]`.
+ */
+export declare function analyzeFileSecurity(code: string, language: string, framework?: string, filePath?: string, configDir?: string, rules?: SecurityRule[]): Finding[];

package/build/tools/file-security.js

@@ -0,0 +1,144 @@
+// guardvibe-ignore — defines the combined per-file analyzer; references vulnerability
+// category names (sql-injection, command-injection, etc.) as plain strings, not vulnerable code.
+/**
+ * Combined per-file security analysis for the `check` path.
+ *
+ * `analyzeCode` (regex rules) alone runs on the `check`/`scan <file>`/`check_code`/
+ * `scan_file` and pre-commit paths, while taint analysis and secret-pattern scanning
+ * historically only ran inside `audit`. That left two-step variable-indirection flows
+ * (a query/path/command assembled into a variable before reaching the sink) and
+ * hardcoded secrets (e.g. PEM private keys in innocuously-named variables) invisible to
+ * the most-used commands and to the pre-commit hook.
+ *
+ * `analyzeFileSecurity` merges all three — regex + per-file taint + secret patterns —
+ * into one `Finding[]`, converting taint/secret hits into synthetic-rule findings so the
+ * existing rendering, scoring and JSON pipeline consumes them unchanged. Taint/secret
+ * findings that land on a line a regex rule already covers are dropped to avoid
+ * double-reporting.
+ *
+ * NOTE: this is intentionally NOT wired into the directory `scanDirectory` path, because
+ * `full-audit` already runs the code, secrets and taint sections separately — adding them
+ * to `scanDirectory` would double-count inside `audit`.
+ */
+import { basename } from "path";
+import { analyzeCode } from "./check-code.js";
+import { analyzeTaint } from "./taint-analysis.js";
+import { scanContent } from "./scan-secrets.js";
+import { isExcludedFilename } from "../utils/constants.js";
+const TAINT_OWASP = {
+    "sql-injection": "A03:2021 Injection",
+    "command-injection": "A03:2021 Injection",
+    "code-injection": "A03:2021 Injection",
+    "xss": "A03:2021 Injection",
+    "open-redirect": "A01:2021 Broken Access Control",
+    "path-traversal": "A01:2021 Broken Access Control",
+};
+// Regex VG rules that already represent the same vuln class as a taint sink type.
+// When one fires on the exact sink line, the taint finding is redundant — drop it.
+const TAINT_REGEX_OVERLAP = {
+    "sql-injection": new Set(["VG010", "VG013", "VG123", "VG543", "VG1002"]),
+    "command-injection": new Set(["VG011"]),
+    "code-injection": new Set(["VG014", "VG070"]),
+    "xss": new Set(["VG012", "VG408", "VG852", "VG1080", "VG1084"]),
+    "open-redirect": new Set(["VG101", "VG409", "VG425", "VG660"]),
+    "path-traversal": new Set(["VG102"]),
+};
+// Regex rules that already report a hardcoded secret; drop a secret-pattern hit on the
+// same line as one of these to avoid double-reporting.
+const SECRET_REGEX_OVERLAP = new Set(["VG001", "VG062", "VG003", "VG506"]);
+// Mirrors analyzeCode's test-file skip for credential rules — fixtures legitimately
+// embed fake keys (e.g. a test PEM for a crypto unit test). Real keys in production
+// files (e.g. a hardcoded private key in lib/insecurity.ts) are still flagged.
+const TEST_FILE_RE = /(?:\.(?:[\w-]+-)?(?:spec|test|e2e|stories|cy)\.(?:ts|tsx|js|jsx|mjs|cjs)$|_test\.go$|\/__tests__\/|\/__mocks__\/|\/tests?\/|\/cypress\/|\/playwright\/|\/dockertest\/|\/testutil\/|\/testhelpers?\/|\/testfixtures?\/)/i;
+// Synthetic regex that never matches — synthetic rules are only ever attached to
+// pre-computed findings, never run against source.
+const NEVER_MATCH = /(?!)/;
+// Minified bundles pack everything onto a few enormous lines; mangled `e`/`t` params
+// then masquerade as taint sources (`e.target.value`) feeding innerHTML sinks — a pure
+// FP class. The audit excludes these from taint via collectJsFiles+isExcludedFilename;
+// the check path mirrors that with a name pattern plus a content fallback for bundles
+// that aren't named `.min.js`.
+function looksMinified(code) {
+    if (code.length < 5000)
+        return false;
+    let lineLen = 0;
+    for (let i = 0; i < code.length; i++) {
+        if (code[i] === "\n") {
+            if (lineLen > 1000)
+                return true;
+            lineLen = 0;
+        }
+        else
+            lineLen++;
+    }
+    return lineLen > 1000;
+}
+function taintToFinding(t) {
+    const rule = {
+        id: `TAINT:${t.sink.type}`,
+        name: `Tainted flow: ${t.source.type} → ${t.sink.type}`,
+        severity: t.severity,
+        owasp: TAINT_OWASP[t.sink.type] ?? "A03:2021 Injection",
+        description: t.description,
+        pattern: NEVER_MATCH,
+        languages: ["javascript", "typescript"],
+        fix: t.fix,
+    };
+    return { rule, match: t.sink.code, line: t.sink.line, confidence: "medium" };
+}
+function secretToFinding(s) {
+    const rule = {
+        id: `SECRET:${s.provider}`,
+        name: `Hardcoded secret: ${s.provider}`,
+        severity: s.severity,
+        owasp: "A07:2021 Identification and Authentication Failures",
+        description: `Possible ${s.provider} found in source — move it to an environment variable.`,
+        pattern: NEVER_MATCH,
+        languages: [],
+        fix: s.fix,
+    };
+    return { rule, match: s.match, line: s.line, confidence: "high" };
+}
+/**
+ * Run regex rules + per-file taint analysis + secret patterns on a single file's
+ * content and return a merged, de-duplicated `Finding[]`.
+ */
+export function analyzeFileSecurity(code, language, framework, filePath, configDir, rules) {
+    const regexFindings = analyzeCode(code, language, framework, filePath, configDir, rules);
+    const regexIdsByLine = new Map();
+    for (const f of regexFindings) {
+        const set = regexIdsByLine.get(f.line) ?? new Set();
+        set.add(f.rule.id);
+        regexIdsByLine.set(f.line, set);
+    }
+    // --- Per-file taint (JS/TS only; analyzeTaint no-ops for other languages) ---
+    const taintFindings = [];
+    const seenTaint = new Set();
+    const isVendorBundle = (filePath && isExcludedFilename(basename(filePath))) || looksMinified(code);
+    for (const t of (isVendorBundle ? [] : analyzeTaint(code, language, filePath))) {
+        const overlap = TAINT_REGEX_OVERLAP[t.sink.type];
+        const onLine = regexIdsByLine.get(t.sink.line);
+        if (overlap && onLine && [...onLine].some(id => overlap.has(id)))
+            continue;
+        const key = `${t.sink.type}:${t.sink.line}`;
+        if (seenTaint.has(key))
+            continue;
+        seenTaint.add(key);
+        taintFindings.push(taintToFinding(t));
+    }
+    // --- Secret patterns (skipped in test fixtures, which carry fake keys by design) ---
+    const secretFindings = [];
+    const isTestFile = filePath ? TEST_FILE_RE.test(filePath) : false;
+    const seenSecret = new Set();
+    for (const s of (isTestFile ? [] : scanContent(code, filePath ?? "inline"))) {
+        const onLine = regexIdsByLine.get(s.line);
+        if (onLine && [...onLine].some(id => SECRET_REGEX_OVERLAP.has(id)))
+            continue;
+        const key = `${s.provider}:${s.line}`;
+        if (seenSecret.has(key))
+            continue;
+        seenSecret.add(key);
+        secretFindings.push(secretToFinding(s));
+    }
+    return [...regexFindings, ...taintFindings, ...secretFindings];
+}

package/build/tools/scan-staged.js

@@ -1,6 +1,7 @@
 import { execFileSync } from "child_process";
 import { extname, basename } from "path";
-import { analyzeCode, formatFindingsJson } from "./check-code.js";
+import { formatFindingsJson } from "./check-code.js";
+import { analyzeFileSecurity } from "./file-security.js";
 import { securityBanner } from "../utils/banner.js";
 const EXTENSION_MAP = {
     ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
@@ -79,7 +80,7 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
             skippedFiles.push(filePath);
             continue;
         }
-        const findings = analyzeCode(content, language, undefined, filePath, cwd, rules);
+        const findings = analyzeFileSecurity(content, language, undefined, filePath, cwd, rules);
         if (findings.length > 0) {
             results.push({ path: filePath, findings });
         }

package/build/tools/taint-analysis.js

@@ -39,6 +39,12 @@ const TAINT_SINKS = [
     { pattern: /new\s+Function\s*\(/g, type: "code-injection", severity: "critical",
         description: "User input flows into Function constructor, enabling arbitrary code execution.",
         fix: "Never construct functions from user input. Use a safe evaluator or predefined functions." },
+    // Command injection: bare child_process exec()/execSync() (the shell-invoking forms).
+    // The negative lookbehind excludes method calls like `regex.exec(...)`, `query.exec()`,
+    // and `db.execSync(...)` — only the imported, shell-spawning function is a sink.
+    { pattern: /(?<!\.)\bexec(?:Sync)?\s*\(/g, type: "command-injection", severity: "critical",
+        description: "User input flows into a shell command (exec/execSync), enabling OS command injection.",
+        fix: "Use execFile()/spawn() with an argument array (no shell) and validate input against an allowlist." },
     { pattern: /writeFileSync?\s*\(/g, type: "path-traversal", severity: "high",
         description: "User input flows into file write path, enabling arbitrary file overwrite.",
         fix: "Validate and sanitize file paths. Use path.resolve() and verify the result is within allowed directories." },
@@ -78,6 +84,17 @@ function isSafeParameterizedSqlSink(lines, sinkIdx) {
     const interps = tpl.match(/\$\{[^}]*\}/g) || [];
     return interps.every(s => /\$\{\s*[\w$.]*(?:hash|sha\d*|md5|bcrypt|argon2?|hmac|digest|encode|escape|encodeURIComponent|toString|String|Number|parseInt|parseFloat)\b/i.test(s));
 }
+/**
+ * A `redirect(...)` whose target is a root-relative, same-origin path
+ * (e.g. redirect("/login") or redirect(`/${slug}/settings`)) cannot be an open
+ * redirect — the browser stays on the current origin. Only external URLs
+ * (`https://…`), protocol-relative URLs (`//host`), or non-literal targets are
+ * candidates. This kills the dominant open-redirect FP class on Next.js pages,
+ * which routinely build internal navigation paths from route params/searchParams.
+ */
+function isSameOriginRedirect(line) {
+    return /\bredirect\s*\(\s*["'`]\/(?!\/)/.test(line);
+}
 function extractAssignments(lines) {
     const assignments = [];
     const assignPattern = /(?:const|let|var)\s+([\w]+)\s*=\s*(.*)/;
@@ -152,6 +169,8 @@ export function analyzeTaint(code, language, filePath) {
                 continue;
             if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
                 continue;
+            if (sink.type === "open-redirect" && isSameOriginRedirect(line))
+                continue;
             for (const tVar of taintedVars) {
                 if (line.includes(tVar.name)) {
                     const chain = [];
@@ -183,6 +202,8 @@ export function analyzeTaint(code, language, filePath) {
                 continue;
             if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
                 continue;
+            if (sink.type === "open-redirect" && isSameOriginRedirect(line))
+                continue;
             for (const source of TAINT_SOURCES) {
                 source.pattern.lastIndex = 0;
                 if (source.pattern.test(line)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.1.36",
+  "version": "3.1.37",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 438 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",