guardvibe 3.15.0 → 3.16.0

package/CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.16.0] - 2026-06-08
+
+### Added — FAZ 3 part 2: AST BOLA ownership-guard detection for VG950 (442 rules / 37 tools)
+- **VG950 (BOLA — find-by-id without ownership) is now AST-aware.** It had no ownership handling at all (VG951 already excludes where-clause ownership). `bolaOwnershipGuarded` suppresses VG950 when the AST proves the query is ownership-guarded — EITHER an ownership field in the **WHERE clause** with a non-route-param value, OR a same-function **post-fetch ownership comparison** of the fetched resource against the session (e.g. `if (eventType.userId !== ctx.user.id) throw`).
+- **Precise where the regex can't be:** it ignores a `userId` that only appears in `select` (a regex lookahead would suppress on that → false negative), it sees an ownership check that lives in a separate statement, and it refuses to count an ownership field whose value is itself a route param (still BOLA).
+- **Validated (clean stash diff): VG950 22 → 15; all 7 removed are genuinely ownership-guarded** — 3 via where-clause ownership (dub rewards/oauth-apps/tokens), 4 via post-fetch comparison (cal schedule/ooo handlers, each with a real `…userId !== user.id` check). **0 true BOLA hidden (0 false negatives), 0 false positives introduced.** 10 new tests.
+- No rule or tool changes (442 / 37). FAZ 3 part 2 (engine reused from part 1).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.15.0] - 2026-06-08
 
 ### Added — FAZ 3 part 1: AST dataflow engine + precise VG406 (442 rules / 37 tools)

package/build/tools/ast-engine.d.ts

@@ -5,3 +5,14 @@
  * the rule keeps its prior behavior rather than silently hiding a finding.
  */
 export declare function paramReachesSink(code: string, filePath?: string): boolean;
+/**
+ * BOLA ownership-guard detection for VG950 (find-by-user-id). Returns true (the
+ * query is ownership-guarded → suppress the finding) when EITHER:
+ *  (1) the find call's WHERE clause (not select!) contains an ownership field
+ *      whose value is not itself a route param, OR
+ *  (2) the enclosing function performs a post-fetch ownership comparison of an
+ *      ownership field against a session/user value.
+ * Returns false on uncertainty (no parser, no matching call) so the rule keeps
+ * firing — for a BOLA rule we prefer a false positive over hiding a real one.
+ */
+export declare function bolaOwnershipGuarded(code: string, filePath: string | undefined, line: number): boolean;

package/build/tools/ast-engine.js

@@ -136,3 +136,79 @@ export function paramReachesSink(code, filePath) {
     }
     return sinkArgs.some(args => refsTaint(args, tainted));
 }
+const FIND_METHODS = new Set(["findUnique", "findFirst", "findById", "findOne", "getOne"]);
+const OWNERSHIP_FIELDS = new Set([
+    "userId", "user_id", "ownerId", "owner_id", "authorId", "author_id", "createdById", "createdBy", "created_by",
+    "accountId", "account_id", "tenantId", "tenant_id", "orgId", "org_id", "organizationId",
+    "projectId", "project_id", "workspaceId", "workspace_id", "teamId", "team_id", "memberId", "member_id",
+    "programId", "customerId",
+]);
+// A comparison of a fetched resource's ownership field, on a line that also references a session/user.
+const OWNERSHIP_COMPARE = /\.\s*(?:userId|ownerId|authorId|createdById|teamId|workspaceId|orgId|organizationId|tenantId|memberId|accountId|projectId)\b\s*(?:===|!==|==|!=)/i;
+const SESSION_REF = /\b(?:session|ctx|auth|currentUser|viewer|member|account|workspace|team|org|self|me|user)\b/i;
+/**
+ * BOLA ownership-guard detection for VG950 (find-by-user-id). Returns true (the
+ * query is ownership-guarded → suppress the finding) when EITHER:
+ *  (1) the find call's WHERE clause (not select!) contains an ownership field
+ *      whose value is not itself a route param, OR
+ *  (2) the enclosing function performs a post-fetch ownership comparison of an
+ *      ownership field against a session/user value.
+ * Returns false on uncertainty (no parser, no matching call) so the rule keeps
+ * firing — for a BOLA rule we prefer a false positive over hiding a real one.
+ */
+export function bolaOwnershipGuarded(code, filePath, line) {
+    const ts = getTs();
+    if (!ts)
+        return false;
+    let sf;
+    try {
+        sf = ts.createSourceFile(filePath ?? "file.ts", code, ts.ScriptTarget.Latest, true, scriptKindFor(ts, filePath));
+    }
+    catch {
+        return false;
+    }
+    let target;
+    const visit = (node) => {
+        if (!target && ts.isCallExpression(node)) {
+            const callee = node.expression;
+            const method = ts.isPropertyAccessExpression(callee) ? callee.name.text
+                : ts.isIdentifier(callee) ? callee.text : undefined;
+            if (method && FIND_METHODS.has(method)) {
+                const startLine = sf.getLineAndCharacterOfPosition(node.getStart(sf)).line + 1;
+                if (Math.abs(startLine - line) <= 1)
+                    target = node;
+            }
+        }
+        if (!target)
+            ts.forEachChild(node, visit);
+    };
+    visit(sf);
+    if (!target)
+        return false;
+    // (1) ownership field in the WHERE clause with a non-param value.
+    const arg0 = target.arguments[0];
+    if (arg0 && ts.isObjectLiteralExpression(arg0)) {
+        const whereProp = arg0.properties.find(p => ts.isPropertyAssignment(p) && p.name && ts.isIdentifier(p.name) && p.name.text === "where");
+        if (whereProp && ts.isPropertyAssignment(whereProp) && ts.isObjectLiteralExpression(whereProp.initializer)) {
+            for (const prop of whereProp.initializer.properties) {
+                const nm = prop.name && ts.isIdentifier(prop.name) ? prop.name.text : undefined;
+                if (nm && OWNERSHIP_FIELDS.has(nm)) {
+                    const valText = ts.isPropertyAssignment(prop) ? prop.initializer.getText(sf) : nm;
+                    if (!/\b(?:params|searchParams)\b/.test(valText))
+                        return true;
+                }
+            }
+        }
+    }
+    // (2) post-fetch ownership comparison against a session/user value, in the same function.
+    let fn = target;
+    while (fn && !(ts.isFunctionDeclaration(fn) || ts.isFunctionExpression(fn) || ts.isArrowFunction(fn) || ts.isMethodDeclaration(fn))) {
+        fn = fn.parent;
+    }
+    const body = fn ? fn.getText(sf) : code;
+    for (const ln of body.split("\n")) {
+        if (OWNERSHIP_COMPARE.test(ln) && SESSION_REF.test(ln))
+            return true;
+    }
+    return false;
+}

package/build/tools/check-code.js

@@ -4,7 +4,7 @@ import { loadConfig } from "../utils/config.js";
 import { loadIgnoreFile, isIgnored } from "../utils/ignore.js";
 import { securityBanner } from "../utils/banner.js";
 import { looksMinified } from "../utils/constants.js";
-import { paramReachesSink } from "./ast-engine.js";
+import { paramReachesSink, bolaOwnershipGuarded } from "./ast-engine.js";
 /** CVE version-pin rule IDs are VG900-VG931 (and only these). Other VG9xx IDs
  * (VG983 Turso, VG990 SVG, VG998 OpenAI browser flag, etc.) are regular code-pattern
  * rules and should NOT be exempted from comment / string-literal skip logic. */
@@ -880,6 +880,12 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
             const lineNumber = beforeMatch.split("\n").length;
             if (isLineSuppressed(suppressions, lineNumber, rule.id))
                 continue;
+            // VG950 (BOLA find-by-id): suppress when AST proves the query is ownership-guarded —
+            // an ownership field in the WHERE clause (non-param value) or a post-fetch ownership
+            // comparison against the session. Precise where the regex can't be: it ignores a
+            // `userId` that only appears in `select`, and sees a separate comparison statement.
+            if (rule.id === "VG950" && filePath && bolaOwnershipGuarded(code, filePath, lineNumber))
+                continue;
             // VG202: skip when the FROM target matches a previous AS-alias in the same file.
             if (dockerStageAliases) {
                 const target = match[0].replace(/^FROM\s+/i, "").split(/[:@\s]/)[0].toLowerCase();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.15.0",
+  "version": "3.16.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 442 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 71 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",