guardvibe 3.1.36 → 3.1.38

package/CHANGELOG.md

@@ -5,6 +5,31 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.1.38] - 2026-06-07
+
+### Fixed — false-positive precision, verified one rule at a time (no rule-count change, 438 / 36)
+Each claimed false positive was checked against the actual code in the real-world corpus; only genuine FP classes were narrowed, with an old-vs-new diff confirming zero true-positive loss (14 FPs removed corpus-wide, 0 TP lost).
+- **VG434** (Drizzle) retargeted from the *safe* `sql\`${value}\`` tag (which parameterizes interpolations) to the real injection vector — `sql.raw()` interpolated into an executed query. Renamed to "Drizzle sql.raw() Injection".
+- **VG514** (Docker Compose secret) no longer fires when the value is an env-var reference (`${VAR}` / `$VAR`); hardcoded literals still fire.
+- **VG001** (hardcoded credentials) skips kebab-case slug values under an uppercase-led enum/constant name (e.g. `UserMissingPassword = "missing-password"`) and values explicitly marked as mock/placeholder (e.g. `"MOCK_DAILY_API_KEY"`).
+- **VG139** (TLS verification disabled) is skipped in test files and no longer matches a `skipVerify = false` substring; real `rejectUnauthorized: false` in production code still fires (the prior "FP" claim was wrong — those are real vulnerabilities).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.1.37] - 2026-06-07
+
+### Added — taint + secret scanning on the `check` path (no rule-count change, 438 / 36)
+Until now only `audit` ran taint analysis and secret-pattern scanning; the everyday `check` / `scan <file>` commands, the MCP `check_code` / `scan_file` / `scan_changed_files` tools, the `diff` path and the pre-commit hook ran regex rules only. They now share one combined analyzer, so two-step variable-indirection flows and hardcoded secrets are caught before code is committed:
+- **Two-step taint** — a query, file path or shell command assembled into a variable before reaching the sink (path traversal, SQL/code injection, XSS) is now reported on the check path, not just inline patterns.
+- **Command-injection taint sink** — `exec()` / `execSync()` fed tainted input is now a sink (the lookbehind excludes method calls like `regex.exec()` / `db.execSync()`). Validated against the corpus: 2 hits, both real RCE, zero hits on 9 production repos.
+- **Hardcoded secrets** — PEM private keys, cloud keys and tokens are flagged on the check path even when the variable name is innocuous.
+
+### Fixed — taint precision (improves both `check` and `audit`)
+- **Open redirect** no longer fires on same-origin root-relative targets (`redirect("/path")`, `` redirect(`/${slug}/settings`) ``); external (`https://…`) and protocol-relative (`//host`) targets are still flagged.
+- Taint and secrets are skipped on minified/vendor bundles (`.min.js` and long-line content), matching the audit, and secret patterns are skipped in test fixtures that carry fake keys by design.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.1.36] - 2026-06-07
 
 ### Added — high-value recall rules (436 → 438, 36 tools)

package/build/cli/scan.js

@@ -76,7 +76,7 @@ export async function runDirectoryScan(targetPath, flags) {
 }
 export async function runDiffScan(base, flags) {
     const { execFileSync } = await import("child_process");
-    const { analyzeCode } = await import("../tools/check-code.js");
+    const { analyzeFileSecurity } = await import("../tools/file-security.js");
     const { EXTENSION_MAP, CONFIG_FILE_MAP } = await import("../utils/constants.js");
     const format = validateFormat(flags);
     const outputFile = getOutputPath(flags);
@@ -109,7 +109,7 @@ export async function runDiffScan(base, flags) {
             continue;
         try {
             const content = readFileSync(fullPath, "utf-8");
-            const findings = analyzeCode(content, language, undefined, fullPath, root);
+            const findings = analyzeFileSecurity(content, language, undefined, fullPath, root);
             for (const f of findings) {
                 allFindings.push({ file: relPath, severity: f.rule.severity, name: f.rule.name, id: f.rule.id, line: f.line, fix: f.rule.fix });
             }
@@ -167,7 +167,8 @@ export async function runDiffScan(base, flags) {
     }
 }
 export async function runFileCheck(filePath, flags) {
-    const { checkCode } = await import("../tools/check-code.js");
+    const { renderFindings } = await import("../tools/check-code.js");
+    const { analyzeFileSecurity } = await import("../tools/file-security.js");
     const resolved = resolve(filePath);
     if (!existsSync(resolved)) {
         console.error(`  [ERR] File not found: ${resolved}`);
@@ -191,7 +192,8 @@ export async function runFileCheck(filePath, flags) {
     }
     const format = validateFormat(flags);
     const formatArg = format === "json" ? "json" : format === "buddy" ? "buddy" : "markdown";
-    const result = checkCode(content, language, undefined, resolved, undefined, formatArg);
+    const findings = analyzeFileSecurity(content, language, undefined, resolved, undefined);
+    const result = renderFindings(findings, language, undefined, formatArg, resolved);
     const outputFile = getOutputPath(flags);
     if (outputFile) {
         safeWriteOutput(outputFile, result);

package/build/data/rules/advanced-security.js

@@ -127,7 +127,7 @@ export const advancedSecurityRules = [
         severity: "critical",
         owasp: "A02:2025 Cryptographic Failures",
         description: "TLS certificate verification is disabled, allowing man-in-the-middle attacks. All HTTPS connections become insecure.",
-        pattern: /(?:NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*["']0["']|rejectUnauthorized\s*:\s*false|verify\s*=\s*False|InsecureSkipVerify\s*:\s*true)/gi,
+        pattern: /(?:NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*["']0["']|rejectUnauthorized\s*:\s*false|(?<![\w$])verify\s*=\s*False|InsecureSkipVerify\s*:\s*true)/gi,
         languages: ["javascript", "typescript", "python", "go"],
         fix: "Never disable TLS verification in production. Fix certificate issues instead.",
         fixCode: '// BAD: disables all TLS verification\n// process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";\n// const agent = new https.Agent({ rejectUnauthorized: false });\n\n// GOOD: fix the certificate issue\n// - Use valid certificates (Let\'s Encrypt)\n// - Add CA certificate to Node: --use-openssl-ca\n// - For self-signed dev certs: only disable in NODE_ENV=development',

package/build/data/rules/database.js

@@ -41,13 +41,13 @@ export const databaseRules = [
     },
     {
         id: "VG434",
-        name: "Drizzle Unsafe SQL Interpolation",
+        name: "Drizzle sql.raw() Injection",
         severity: "critical",
         owasp: "A03:2025 Injection",
-        description: "Drizzle sql tagged template with direct variable interpolation. Use sql.placeholder() for safe parameterization.",
-        pattern: /(?:db\.execute|db\.run|db\.get|db\.all)\s*\(\s*sql`[^`]*\$\{/g,
+        description: "sql.raw() interpolated into an executed Drizzle query bypasses parameter binding, enabling SQL injection. Drizzle's sql`${value}` tag binds interpolations safely — only sql.raw() escapes that.",
+        pattern: /(?:db\.execute|db\.run|db\.get|db\.all)\s*\(\s*sql`[^`]*\$\{\s*sql\.raw\b/g,
         languages: ["javascript", "typescript"],
-        fix: "Use sql.placeholder() for dynamic values in Drizzle queries.",
+        fix: "Avoid sql.raw() with dynamic input. Use bound ${value} interpolation, or restrict raw fragments to a hardcoded allowlist of column/table identifiers.",
         fixCode: 'import { sql } from "drizzle-orm";\n\nconst result = await db.execute(\n  sql`SELECT * FROM users WHERE id = ${sql.placeholder("id")}`,\n  { id: userId }\n);',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },

package/build/index.js

@@ -3,7 +3,8 @@ import { createRequire } from "module";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
-import { checkCode, analyzeCode } from "./tools/check-code.js";
+import { renderFindings } from "./tools/check-code.js";
+import { analyzeFileSecurity } from "./tools/file-security.js";
 const require = createRequire(import.meta.url);
 const pkg = require("../package.json");
 import { checkProject } from "./tools/check-project.js";
@@ -75,8 +76,8 @@ server.tool("check_code", "Analyze inline code for security vulnerabilities (OWA
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
 }, async ({ code, language, framework, format }) => {
     const rules = getRules();
-    const results = checkCode(code, language, framework, undefined, undefined, format, rules);
-    const findings = analyzeCode(code, language, framework, undefined, undefined, rules);
+    const findings = analyzeFileSecurity(code, language, framework, undefined, undefined, rules);
+    const results = renderFindings(findings, language, framework, format, undefined);
     const cwd = process.cwd();
     recordScan(cwd, { toolName: "check_code", filesScanned: 1, findings: findings.map(f => ({ severity: f.rule.severity, ruleId: f.rule.id })) });
     const summary = getSummaryLine(cwd, findings.length, format);
@@ -507,8 +508,8 @@ server.tool("scan_file", "Scan a single file on disk by path for security vulner
         return { content: [{ type: "text", text: format === "json" ? JSON.stringify({ summary: { total: 0 }, findings: [] }) : "Unsupported file type." }] };
     }
     const rules = getRules();
-    const result = checkCode(content, language, undefined, resolved, dirname(resolved), format, rules);
-    const findings = analyzeCode(content, language, undefined, resolved, dirname(resolved), rules);
+    const findings = analyzeFileSecurity(content, language, undefined, resolved, dirname(resolved), rules);
+    const result = renderFindings(findings, language, undefined, format, resolved);
     const cwd = dirname(resolved);
     recordScan(cwd, { toolName: "scan_file", filesScanned: 1, findings: findings.map(f => ({ severity: f.rule.severity, ruleId: f.rule.id })) });
     const summary = getSummaryLine(cwd, findings.length, format);
@@ -569,7 +570,7 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
             continue;
         try {
             const content = readFileSync(fullPath, "utf-8");
-            const findings = analyzeCode(content, language, undefined, fullPath, root, rules);
+            const findings = analyzeFileSecurity(content, language, undefined, fullPath, root, rules);
             for (const f of findings) {
                 allFindings.push({
                     file: relPath, id: f.rule.id, name: f.rule.name,

package/build/tools/check-code.d.ts

@@ -14,3 +14,9 @@ export declare function isRuleDefinitionFile(code: string, filePath?: string): b
 export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, rules?: SecurityRule[]): Finding[];
 export declare function formatFindingsJson(findings: Finding[], extra?: Record<string, unknown>): string;
 export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, format?: "markdown" | "json" | "buddy", rules?: SecurityRule[]): string;
+/**
+ * Render a pre-computed Finding[] into the requested output format. Split out of
+ * `checkCode` so the `check` path can run the combined analyzer (`analyzeFileSecurity`
+ * = regex + taint + secrets) and still reuse the exact same rendering.
+ */
+export declare function renderFindings(findings: Finding[], language: string, framework?: string, format?: "markdown" | "json" | "buddy", filePath?: string): string;

package/build/tools/check-code.js

@@ -451,7 +451,7 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         //   agent.get('/?q=' + sqlPayload) which match the regex but aren't database calls
         // - VG042/VG678: HTTP-response/security-header rules (tests don't serve to real users)
         const isTestFile = filePath && /(?:\.(?:[\w-]+-)?(?:spec|test|e2e|stories|cy)\.(?:ts|tsx|js|jsx|mjs|cjs)$|_test\.go$|\/__tests__\/|\/__mocks__\/|\/tests?\/|\/cypress\/|\/playwright\/|\/dockertest\/|\/testutil\/|\/testhelpers?\/|\/testfixtures?\/)/i.test(filePath);
-        if (isTestFile && ["VG001", "VG003", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409", "VG148", "VG424", "VG137"].includes(rule.id))
+        if (isTestFile && ["VG001", "VG003", "VG062", "VG010", "VG011", "VG012", "VG013", "VG014", "VG042", "VG100", "VG130", "VG678", "VG955", "VG133", "VG1021", "VG409", "VG148", "VG424", "VG137", "VG139"].includes(rule.id))
             continue;
         // VG137 (Debug Endpoint Exposes System Information) also misfires on build/test config
         // files: a `<rootDir>/test/` mapper or a `/test` path string near `process.env` in
@@ -944,6 +944,24 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                     if (canonical(idValuePair[1]) === canonical(idValuePair[2]))
                         continue;
                 }
+                // Skip enum/constant members whose value is a kebab-case slug (lowercase words
+                // joined by hyphens, no digits) under an uppercase-led name — error codes like
+                // `UserMissingPassword = "missing-password"`. The uppercase-name requirement keeps a
+                // lowercase `password = "my-secret"` firing (only enum/const members get the pass).
+                // The value is captured with a flat (ReDoS-safe) char class, then validated by
+                // splitting on '-' rather than a nested-quantifier regex.
+                const slugPair = matchedLine.match(/\b([A-Za-z_][A-Za-z0-9_]*)\s*[:=]\s*["']([a-z][a-z-]*)["']/);
+                if (slugPair && /^[A-Z]/.test(slugPair[1])) {
+                    const parts = slugPair[2].split("-");
+                    const isKebabSlug = parts.length >= 2 && parts.every(p => p.length > 0 && /^[a-z]+$/.test(p));
+                    if (isKebabSlug)
+                        continue;
+                }
+                // Skip values explicitly marked as mock/placeholder — `DAILY_API_KEY = "MOCK_DAILY_API_KEY"`,
+                // `apiKey: "your-api-key-here"`. A value literally named as a placeholder is not a secret.
+                const valuePair = matchedLine.match(/[:=]\s*["']([^"'\n]{3,})["']/);
+                if (valuePair && /^(?:mock|example|sample|demo|fake|dummy|stub|placeholder|changeme|change-me|your[-_]|xxx|todo|replace[-_]?me)/i.test(valuePair[1]))
+                    continue;
                 // Skip SCREAMING_SNAKE error/status codes whose value is digits-only.
                 // e.g. `INVALID_PASSWORD = "5020"` — error code, not a credential.
                 if (/\b[A-Z][A-Z0-9_]*\s*=\s*["']\d+["']/.test(matchedLine))
@@ -958,6 +976,16 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
                     && /^[A-Za-z][A-Za-z .,!?'’()-]*\s[A-Za-z .,!?'’()-]+$/.test(msgPair[2]))
                     continue;
             }
+            // VG514 (Docker Compose Hardcoded Secret): the match spans the `environment:` block,
+            // so the flagged secret VALUE is the last `KEY: value` in match[0]. When that value is
+            // an env-var reference (`${VAR}` / `$VAR`) it is NOT hardcoded — the canonical secure
+            // pattern (compose reads it from .env). Hardcoded literals (`POSTGRES_PASSWORD=magical`)
+            // still fire.
+            if (rule.id === "VG514") {
+                const secretVal = match[0].match(/(?:SECRET|PASSWORD|TOKEN|KEY|CREDENTIAL)\w*\s*[=:]\s*["']?([^"'\s]+)/i);
+                if (secretVal && /^\$\{?\w+\}?$/.test(secretVal[1]))
+                    continue;
+            }
             // VG1083 (JWT verification bypass): jwt.decode() is fine when used only to peek at a
             // token that is ALSO verified (decode-then-verify). Skip the decode branch when a real
             // signature verification exists in the file. (The none-algorithm branch always fires.)
@@ -1497,6 +1525,14 @@ export function formatFindingsJson(findings, extra) {
 }
 export function checkCode(code, language, framework, filePath, configDir, format = "markdown", rules) {
     const findings = analyzeCode(code, language, framework, filePath, configDir, rules);
+    return renderFindings(findings, language, framework, format, filePath);
+}
+/**
+ * Render a pre-computed Finding[] into the requested output format. Split out of
+ * `checkCode` so the `check` path can run the combined analyzer (`analyzeFileSecurity`
+ * = regex + taint + secrets) and still reuse the exact same rendering.
+ */
+export function renderFindings(findings, language, framework, format = "markdown", filePath) {
     if (format === "json") {
         return formatFindingsJson(findings);
     }

package/build/tools/file-security.d.ts

@@ -0,0 +1,7 @@
+import { type Finding } from "./check-code.js";
+import type { SecurityRule } from "../data/rules/types.js";
+/**
+ * Run regex rules + per-file taint analysis + secret patterns on a single file's
+ * content and return a merged, de-duplicated `Finding[]`.
+ */
+export declare function analyzeFileSecurity(code: string, language: string, framework?: string, filePath?: string, configDir?: string, rules?: SecurityRule[]): Finding[];

package/build/tools/file-security.js

@@ -0,0 +1,144 @@
+// guardvibe-ignore — defines the combined per-file analyzer; references vulnerability
+// category names (sql-injection, command-injection, etc.) as plain strings, not vulnerable code.
+/**
+ * Combined per-file security analysis for the `check` path.
+ *
+ * `analyzeCode` (regex rules) alone runs on the `check`/`scan <file>`/`check_code`/
+ * `scan_file` and pre-commit paths, while taint analysis and secret-pattern scanning
+ * historically only ran inside `audit`. That left two-step variable-indirection flows
+ * (a query/path/command assembled into a variable before reaching the sink) and
+ * hardcoded secrets (e.g. PEM private keys in innocuously-named variables) invisible to
+ * the most-used commands and to the pre-commit hook.
+ *
+ * `analyzeFileSecurity` merges all three — regex + per-file taint + secret patterns —
+ * into one `Finding[]`, converting taint/secret hits into synthetic-rule findings so the
+ * existing rendering, scoring and JSON pipeline consumes them unchanged. Taint/secret
+ * findings that land on a line a regex rule already covers are dropped to avoid
+ * double-reporting.
+ *
+ * NOTE: this is intentionally NOT wired into the directory `scanDirectory` path, because
+ * `full-audit` already runs the code, secrets and taint sections separately — adding them
+ * to `scanDirectory` would double-count inside `audit`.
+ */
+import { basename } from "path";
+import { analyzeCode } from "./check-code.js";
+import { analyzeTaint } from "./taint-analysis.js";
+import { scanContent } from "./scan-secrets.js";
+import { isExcludedFilename } from "../utils/constants.js";
+const TAINT_OWASP = {
+    "sql-injection": "A03:2021 Injection",
+    "command-injection": "A03:2021 Injection",
+    "code-injection": "A03:2021 Injection",
+    "xss": "A03:2021 Injection",
+    "open-redirect": "A01:2021 Broken Access Control",
+    "path-traversal": "A01:2021 Broken Access Control",
+};
+// Regex VG rules that already represent the same vuln class as a taint sink type.
+// When one fires on the exact sink line, the taint finding is redundant — drop it.
+const TAINT_REGEX_OVERLAP = {
+    "sql-injection": new Set(["VG010", "VG013", "VG123", "VG543", "VG1002"]),
+    "command-injection": new Set(["VG011"]),
+    "code-injection": new Set(["VG014", "VG070"]),
+    "xss": new Set(["VG012", "VG408", "VG852", "VG1080", "VG1084"]),
+    "open-redirect": new Set(["VG101", "VG409", "VG425", "VG660"]),
+    "path-traversal": new Set(["VG102"]),
+};
+// Regex rules that already report a hardcoded secret; drop a secret-pattern hit on the
+// same line as one of these to avoid double-reporting.
+const SECRET_REGEX_OVERLAP = new Set(["VG001", "VG062", "VG003", "VG506"]);
+// Mirrors analyzeCode's test-file skip for credential rules — fixtures legitimately
+// embed fake keys (e.g. a test PEM for a crypto unit test). Real keys in production
+// files (e.g. a hardcoded private key in lib/insecurity.ts) are still flagged.
+const TEST_FILE_RE = /(?:\.(?:[\w-]+-)?(?:spec|test|e2e|stories|cy)\.(?:ts|tsx|js|jsx|mjs|cjs)$|_test\.go$|\/__tests__\/|\/__mocks__\/|\/tests?\/|\/cypress\/|\/playwright\/|\/dockertest\/|\/testutil\/|\/testhelpers?\/|\/testfixtures?\/)/i;
+// Synthetic regex that never matches — synthetic rules are only ever attached to
+// pre-computed findings, never run against source.
+const NEVER_MATCH = /(?!)/;
+// Minified bundles pack everything onto a few enormous lines; mangled `e`/`t` params
+// then masquerade as taint sources (`e.target.value`) feeding innerHTML sinks — a pure
+// FP class. The audit excludes these from taint via collectJsFiles+isExcludedFilename;
+// the check path mirrors that with a name pattern plus a content fallback for bundles
+// that aren't named `.min.js`.
+function looksMinified(code) {
+    if (code.length < 5000)
+        return false;
+    let lineLen = 0;
+    for (let i = 0; i < code.length; i++) {
+        if (code[i] === "\n") {
+            if (lineLen > 1000)
+                return true;
+            lineLen = 0;
+        }
+        else
+            lineLen++;
+    }
+    return lineLen > 1000;
+}
+function taintToFinding(t) {
+    const rule = {
+        id: `TAINT:${t.sink.type}`,
+        name: `Tainted flow: ${t.source.type} → ${t.sink.type}`,
+        severity: t.severity,
+        owasp: TAINT_OWASP[t.sink.type] ?? "A03:2021 Injection",
+        description: t.description,
+        pattern: NEVER_MATCH,
+        languages: ["javascript", "typescript"],
+        fix: t.fix,
+    };
+    return { rule, match: t.sink.code, line: t.sink.line, confidence: "medium" };
+}
+function secretToFinding(s) {
+    const rule = {
+        id: `SECRET:${s.provider}`,
+        name: `Hardcoded secret: ${s.provider}`,
+        severity: s.severity,
+        owasp: "A07:2021 Identification and Authentication Failures",
+        description: `Possible ${s.provider} found in source — move it to an environment variable.`,
+        pattern: NEVER_MATCH,
+        languages: [],
+        fix: s.fix,
+    };
+    return { rule, match: s.match, line: s.line, confidence: "high" };
+}
+/**
+ * Run regex rules + per-file taint analysis + secret patterns on a single file's
+ * content and return a merged, de-duplicated `Finding[]`.
+ */
+export function analyzeFileSecurity(code, language, framework, filePath, configDir, rules) {
+    const regexFindings = analyzeCode(code, language, framework, filePath, configDir, rules);
+    const regexIdsByLine = new Map();
+    for (const f of regexFindings) {
+        const set = regexIdsByLine.get(f.line) ?? new Set();
+        set.add(f.rule.id);
+        regexIdsByLine.set(f.line, set);
+    }
+    // --- Per-file taint (JS/TS only; analyzeTaint no-ops for other languages) ---
+    const taintFindings = [];
+    const seenTaint = new Set();
+    const isVendorBundle = (filePath && isExcludedFilename(basename(filePath))) || looksMinified(code);
+    for (const t of (isVendorBundle ? [] : analyzeTaint(code, language, filePath))) {
+        const overlap = TAINT_REGEX_OVERLAP[t.sink.type];
+        const onLine = regexIdsByLine.get(t.sink.line);
+        if (overlap && onLine && [...onLine].some(id => overlap.has(id)))
+            continue;
+        const key = `${t.sink.type}:${t.sink.line}`;
+        if (seenTaint.has(key))
+            continue;
+        seenTaint.add(key);
+        taintFindings.push(taintToFinding(t));
+    }
+    // --- Secret patterns (skipped in test fixtures, which carry fake keys by design) ---
+    const secretFindings = [];
+    const isTestFile = filePath ? TEST_FILE_RE.test(filePath) : false;
+    const seenSecret = new Set();
+    for (const s of (isTestFile ? [] : scanContent(code, filePath ?? "inline"))) {
+        const onLine = regexIdsByLine.get(s.line);
+        if (onLine && [...onLine].some(id => SECRET_REGEX_OVERLAP.has(id)))
+            continue;
+        const key = `${s.provider}:${s.line}`;
+        if (seenSecret.has(key))
+            continue;
+        seenSecret.add(key);
+        secretFindings.push(secretToFinding(s));
+    }
+    return [...regexFindings, ...taintFindings, ...secretFindings];
+}

package/build/tools/scan-staged.js

@@ -1,6 +1,7 @@
 import { execFileSync } from "child_process";
 import { extname, basename } from "path";
-import { analyzeCode, formatFindingsJson } from "./check-code.js";
+import { formatFindingsJson } from "./check-code.js";
+import { analyzeFileSecurity } from "./file-security.js";
 import { securityBanner } from "../utils/banner.js";
 const EXTENSION_MAP = {
     ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
@@ -79,7 +80,7 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
             skippedFiles.push(filePath);
             continue;
         }
-        const findings = analyzeCode(content, language, undefined, filePath, cwd, rules);
+        const findings = analyzeFileSecurity(content, language, undefined, filePath, cwd, rules);
         if (findings.length > 0) {
             results.push({ path: filePath, findings });
         }

package/build/tools/taint-analysis.js

@@ -39,6 +39,12 @@ const TAINT_SINKS = [
     { pattern: /new\s+Function\s*\(/g, type: "code-injection", severity: "critical",
         description: "User input flows into Function constructor, enabling arbitrary code execution.",
         fix: "Never construct functions from user input. Use a safe evaluator or predefined functions." },
+    // Command injection: bare child_process exec()/execSync() (the shell-invoking forms).
+    // The negative lookbehind excludes method calls like `regex.exec(...)`, `query.exec()`,
+    // and `db.execSync(...)` — only the imported, shell-spawning function is a sink.
+    { pattern: /(?<!\.)\bexec(?:Sync)?\s*\(/g, type: "command-injection", severity: "critical",
+        description: "User input flows into a shell command (exec/execSync), enabling OS command injection.",
+        fix: "Use execFile()/spawn() with an argument array (no shell) and validate input against an allowlist." },
     { pattern: /writeFileSync?\s*\(/g, type: "path-traversal", severity: "high",
         description: "User input flows into file write path, enabling arbitrary file overwrite.",
         fix: "Validate and sanitize file paths. Use path.resolve() and verify the result is within allowed directories." },
@@ -78,6 +84,17 @@ function isSafeParameterizedSqlSink(lines, sinkIdx) {
     const interps = tpl.match(/\$\{[^}]*\}/g) || [];
     return interps.every(s => /\$\{\s*[\w$.]*(?:hash|sha\d*|md5|bcrypt|argon2?|hmac|digest|encode|escape|encodeURIComponent|toString|String|Number|parseInt|parseFloat)\b/i.test(s));
 }
+/**
+ * A `redirect(...)` whose target is a root-relative, same-origin path
+ * (e.g. redirect("/login") or redirect(`/${slug}/settings`)) cannot be an open
+ * redirect — the browser stays on the current origin. Only external URLs
+ * (`https://…`), protocol-relative URLs (`//host`), or non-literal targets are
+ * candidates. This kills the dominant open-redirect FP class on Next.js pages,
+ * which routinely build internal navigation paths from route params/searchParams.
+ */
+function isSameOriginRedirect(line) {
+    return /\bredirect\s*\(\s*["'`]\/(?!\/)/.test(line);
+}
 function extractAssignments(lines) {
     const assignments = [];
     const assignPattern = /(?:const|let|var)\s+([\w]+)\s*=\s*(.*)/;
@@ -152,6 +169,8 @@ export function analyzeTaint(code, language, filePath) {
                 continue;
             if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
                 continue;
+            if (sink.type === "open-redirect" && isSameOriginRedirect(line))
+                continue;
             for (const tVar of taintedVars) {
                 if (line.includes(tVar.name)) {
                     const chain = [];
@@ -183,6 +202,8 @@ export function analyzeTaint(code, language, filePath) {
                 continue;
             if (sink.type === "sql-injection" && isSafeParameterizedSqlSink(lines, i))
                 continue;
+            if (sink.type === "open-redirect" && isSameOriginRedirect(line))
+                continue;
             for (const source of TAINT_SOURCES) {
                 source.pattern.lastIndex = 0;
                 if (source.pattern.test(line)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.1.36",
+  "version": "3.1.38",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 438 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",