guardvibe 3.15.0 → 3.17.0

package/CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.17.0] - 2026-06-09
+
+### Added — FAZ 3 part 3: AST constant-origin detection for VG126 (442 rules / 37 tools)
+- **VG126 ("Dynamic RegExp from User Input") no longer fires when the argument is provably constant.** `regexpArgIsConstant` (AST) suppresses `new RegExp(x)` when `x` is: a string literal, a variable assigned from a string literal, the callback parameter of an iteration over a const string-array (incl. an imported SCREAMING_SNAKE_CASE list, by convention), or `someRegExp.source`/`.flags` (cloning a compiled RegExp). Minified bundles are skipped too. Anything not provably constant keeps firing.
+- **Validated (clean stash diff): VG126 29 → 21; all 8 removed are confirmed non-user-input** — dub `detect-bot` ×2 (`UA_BOTS`/`REFERRER_BOTS` bot-pattern lists), a minified vendor bundle, and payload `deepCopyObject` ×5 (`new RegExp(cur.source, cur.flags)` RegExp clones). **0 true positives lost, 0 false positives added.** 10 RegExp tests.
+- No rule or tool changes (442 / 37). FAZ 3 part 3 (reuses the part-1 AST engine).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.16.0] - 2026-06-08
+
+### Added — FAZ 3 part 2: AST BOLA ownership-guard detection for VG950 (442 rules / 37 tools)
+- **VG950 (BOLA — find-by-id without ownership) is now AST-aware.** It had no ownership handling at all (VG951 already excludes where-clause ownership). `bolaOwnershipGuarded` suppresses VG950 when the AST proves the query is ownership-guarded — EITHER an ownership field in the **WHERE clause** with a non-route-param value, OR a same-function **post-fetch ownership comparison** of the fetched resource against the session (e.g. `if (eventType.userId !== ctx.user.id) throw`).
+- **Precise where the regex can't be:** it ignores a `userId` that only appears in `select` (a regex lookahead would suppress on that → false negative), it sees an ownership check that lives in a separate statement, and it refuses to count an ownership field whose value is itself a route param (still BOLA).
+- **Validated (clean stash diff): VG950 22 → 15; all 7 removed are genuinely ownership-guarded** — 3 via where-clause ownership (dub rewards/oauth-apps/tokens), 4 via post-fetch comparison (cal schedule/ooo handlers, each with a real `…userId !== user.id` check). **0 true BOLA hidden (0 false negatives), 0 false positives introduced.** 10 new tests.
+- No rule or tool changes (442 / 37). FAZ 3 part 2 (engine reused from part 1).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.15.0] - 2026-06-08
 
 ### Added — FAZ 3 part 1: AST dataflow engine + precise VG406 (442 rules / 37 tools)

package/build/tools/ast-engine.d.ts

@@ -5,3 +5,23 @@
  * the rule keeps its prior behavior rather than silently hiding a finding.
  */
 export declare function paramReachesSink(code: string, filePath?: string): boolean;
+/**
+ * BOLA ownership-guard detection for VG950 (find-by-user-id). Returns true (the
+ * query is ownership-guarded → suppress the finding) when EITHER:
+ *  (1) the find call's WHERE clause (not select!) contains an ownership field
+ *      whose value is not itself a route param, OR
+ *  (2) the enclosing function performs a post-fetch ownership comparison of an
+ *      ownership field against a session/user value.
+ * Returns false on uncertainty (no parser, no matching call) so the rule keeps
+ * firing — for a BOLA rule we prefer a false positive over hiding a real one.
+ */
+export declare function bolaOwnershipGuarded(code: string, filePath: string | undefined, line: number): boolean;
+/**
+ * True when the argument to a `new RegExp(...)` at `line` is PROVABLY a constant
+ * (a string literal, a variable assigned from a string literal, or the callback
+ * parameter of an iteration over a const string-array — the "bot list" pattern),
+ * so VG126 ("Dynamic RegExp from user input") is a false positive there. Returns
+ * false on any uncertainty so the rule keeps firing — a regex built from anything
+ * not provably constant stays flagged.
+ */
+export declare function regexpArgIsConstant(code: string, filePath: string | undefined, line: number): boolean;

package/build/tools/ast-engine.js

@@ -136,3 +136,169 @@ export function paramReachesSink(code, filePath) {
     }
     return sinkArgs.some(args => refsTaint(args, tainted));
 }
+const FIND_METHODS = new Set(["findUnique", "findFirst", "findById", "findOne", "getOne"]);
+const OWNERSHIP_FIELDS = new Set([
+    "userId", "user_id", "ownerId", "owner_id", "authorId", "author_id", "createdById", "createdBy", "created_by",
+    "accountId", "account_id", "tenantId", "tenant_id", "orgId", "org_id", "organizationId",
+    "projectId", "project_id", "workspaceId", "workspace_id", "teamId", "team_id", "memberId", "member_id",
+    "programId", "customerId",
+]);
+// A comparison of a fetched resource's ownership field, on a line that also references a session/user.
+const OWNERSHIP_COMPARE = /\.\s*(?:userId|ownerId|authorId|createdById|teamId|workspaceId|orgId|organizationId|tenantId|memberId|accountId|projectId)\b\s*(?:===|!==|==|!=)/i;
+const SESSION_REF = /\b(?:session|ctx|auth|currentUser|viewer|member|account|workspace|team|org|self|me|user)\b/i;
+/**
+ * BOLA ownership-guard detection for VG950 (find-by-user-id). Returns true (the
+ * query is ownership-guarded → suppress the finding) when EITHER:
+ *  (1) the find call's WHERE clause (not select!) contains an ownership field
+ *      whose value is not itself a route param, OR
+ *  (2) the enclosing function performs a post-fetch ownership comparison of an
+ *      ownership field against a session/user value.
+ * Returns false on uncertainty (no parser, no matching call) so the rule keeps
+ * firing — for a BOLA rule we prefer a false positive over hiding a real one.
+ */
+export function bolaOwnershipGuarded(code, filePath, line) {
+    const ts = getTs();
+    if (!ts)
+        return false;
+    let sf;
+    try {
+        sf = ts.createSourceFile(filePath ?? "file.ts", code, ts.ScriptTarget.Latest, true, scriptKindFor(ts, filePath));
+    }
+    catch {
+        return false;
+    }
+    let target;
+    const visit = (node) => {
+        if (!target && ts.isCallExpression(node)) {
+            const callee = node.expression;
+            const method = ts.isPropertyAccessExpression(callee) ? callee.name.text
+                : ts.isIdentifier(callee) ? callee.text : undefined;
+            if (method && FIND_METHODS.has(method)) {
+                const startLine = sf.getLineAndCharacterOfPosition(node.getStart(sf)).line + 1;
+                if (Math.abs(startLine - line) <= 1)
+                    target = node;
+            }
+        }
+        if (!target)
+            ts.forEachChild(node, visit);
+    };
+    visit(sf);
+    if (!target)
+        return false;
+    // (1) ownership field in the WHERE clause with a non-param value.
+    const arg0 = target.arguments[0];
+    if (arg0 && ts.isObjectLiteralExpression(arg0)) {
+        const whereProp = arg0.properties.find(p => ts.isPropertyAssignment(p) && p.name && ts.isIdentifier(p.name) && p.name.text === "where");
+        if (whereProp && ts.isPropertyAssignment(whereProp) && ts.isObjectLiteralExpression(whereProp.initializer)) {
+            for (const prop of whereProp.initializer.properties) {
+                const nm = prop.name && ts.isIdentifier(prop.name) ? prop.name.text : undefined;
+                if (nm && OWNERSHIP_FIELDS.has(nm)) {
+                    const valText = ts.isPropertyAssignment(prop) ? prop.initializer.getText(sf) : nm;
+                    if (!/\b(?:params|searchParams)\b/.test(valText))
+                        return true;
+                }
+            }
+        }
+    }
+    // (2) post-fetch ownership comparison against a session/user value, in the same function.
+    let fn = target;
+    while (fn && !(ts.isFunctionDeclaration(fn) || ts.isFunctionExpression(fn) || ts.isArrowFunction(fn) || ts.isMethodDeclaration(fn))) {
+        fn = fn.parent;
+    }
+    const body = fn ? fn.getText(sf) : code;
+    for (const ln of body.split("\n")) {
+        if (OWNERSHIP_COMPARE.test(ln) && SESSION_REF.test(ln))
+            return true;
+    }
+    return false;
+}
+const ITER_METHODS = new Set(["map", "forEach", "some", "every", "filter", "find", "findIndex", "reduce", "flatMap"]);
+/** First `const NAME = <initializer>` for NAME anywhere in the file (file-scope-ish). */
+function findVarInit(ts, sf, name) {
+    let found;
+    const visit = (node) => {
+        if (!found && ts.isVariableDeclaration(node) && ts.isIdentifier(node.name) && node.name.text === name && node.initializer) {
+            found = node.initializer;
+        }
+        if (!found)
+            ts.forEachChild(node, visit);
+    };
+    visit(sf);
+    return found;
+}
+/** A non-empty array literal whose elements are all string/template literals (a const pattern list). */
+function isConstStringArray(ts, sf, node) {
+    // SCREAMING_SNAKE_CASE identifier = constant by convention (often an imported list).
+    if (ts.isIdentifier(node) && /^[A-Z][A-Z0-9_]+$/.test(node.text))
+        return true;
+    let arr = node;
+    if (ts.isIdentifier(node))
+        arr = findVarInit(ts, sf, node.text);
+    if (arr && ts.isArrayLiteralExpression(arr)) {
+        return arr.elements.length > 0 &&
+            arr.elements.every(el => ts.isStringLiteral(el) || ts.isNoSubstitutionTemplateLiteral(el));
+    }
+    return false;
+}
+/**
+ * True when the argument to a `new RegExp(...)` at `line` is PROVABLY a constant
+ * (a string literal, a variable assigned from a string literal, or the callback
+ * parameter of an iteration over a const string-array — the "bot list" pattern),
+ * so VG126 ("Dynamic RegExp from user input") is a false positive there. Returns
+ * false on any uncertainty so the rule keeps firing — a regex built from anything
+ * not provably constant stays flagged.
+ */
+export function regexpArgIsConstant(code, filePath, line) {
+    const ts = getTs();
+    if (!ts)
+        return false;
+    let sf;
+    try {
+        sf = ts.createSourceFile(filePath ?? "file.ts", code, ts.ScriptTarget.Latest, true, scriptKindFor(ts, filePath));
+    }
+    catch {
+        return false;
+    }
+    let target;
+    const visit = (node) => {
+        if (!target && ts.isNewExpression(node) && ts.isIdentifier(node.expression) && node.expression.text === "RegExp"
+            && node.arguments && node.arguments.length > 0) {
+            const startLine = sf.getLineAndCharacterOfPosition(node.getStart(sf)).line + 1;
+            if (Math.abs(startLine - line) <= 1)
+                target = node;
+        }
+        if (!target)
+            ts.forEachChild(node, visit);
+    };
+    visit(sf);
+    if (!target || !target.arguments)
+        return false;
+    const arg = target.arguments[0];
+    if (ts.isStringLiteral(arg) || ts.isNoSubstitutionTemplateLiteral(arg))
+        return true;
+    // `new RegExp(x.source, x.flags)` — cloning an existing compiled RegExp, not user input.
+    if (ts.isPropertyAccessExpression(arg) && (arg.name.text === "source" || arg.name.text === "flags"))
+        return true;
+    if (!ts.isIdentifier(arg))
+        return false;
+    const argName = arg.text;
+    // (a) const argName = "literal"
+    const init = findVarInit(ts, sf, argName);
+    if (init && (ts.isStringLiteral(init) || ts.isNoSubstitutionTemplateLiteral(init)))
+        return true;
+    // (b) argName is the callback parameter of an iteration over a const string array.
+    let fn = target.parent;
+    while (fn && !((ts.isArrowFunction(fn) || ts.isFunctionExpression(fn))
+        && fn.parameters.some(p => ts.isIdentifier(p.name) && p.name.text === argName))) {
+        fn = fn.parent;
+    }
+    if (fn && (ts.isArrowFunction(fn) || ts.isFunctionExpression(fn))) {
+        const call = fn.parent;
+        if (call && ts.isCallExpression(call) && ts.isPropertyAccessExpression(call.expression)
+            && ITER_METHODS.has(call.expression.name.text)
+            && isConstStringArray(ts, sf, call.expression.expression)) {
+            return true;
+        }
+    }
+    return false;
+}

package/build/tools/check-code.js

@@ -4,7 +4,7 @@ import { loadConfig } from "../utils/config.js";
 import { loadIgnoreFile, isIgnored } from "../utils/ignore.js";
 import { securityBanner } from "../utils/banner.js";
 import { looksMinified } from "../utils/constants.js";
-import { paramReachesSink } from "./ast-engine.js";
+import { paramReachesSink, bolaOwnershipGuarded, regexpArgIsConstant } from "./ast-engine.js";
 /** CVE version-pin rule IDs are VG900-VG931 (and only these). Other VG9xx IDs
  * (VG983 Turso, VG990 SVG, VG998 OpenAI browser flag, etc.) are regular code-pattern
  * rules and should NOT be exempted from comment / string-literal skip logic. */
@@ -880,6 +880,18 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
             const lineNumber = beforeMatch.split("\n").length;
             if (isLineSuppressed(suppressions, lineNumber, rule.id))
                 continue;
+            // VG950 (BOLA find-by-id): suppress when AST proves the query is ownership-guarded —
+            // an ownership field in the WHERE clause (non-param value) or a post-fetch ownership
+            // comparison against the session. Precise where the regex can't be: it ignores a
+            // `userId` that only appears in `select`, and sees a separate comparison statement.
+            if (rule.id === "VG950" && filePath && bolaOwnershipGuarded(code, filePath, lineNumber))
+                continue;
+            // VG126 (Dynamic RegExp from User Input): the regex matches `new RegExp(anyVar)`,
+            // but the var is often a provable constant — a string literal or the callback
+            // param iterating a const string array (the classic bot-UA / referrer-list pattern).
+            // Suppress only when AST proves the argument is constant; anything else keeps firing.
+            if (rule.id === "VG126" && (looksMinified(code) || (filePath && regexpArgIsConstant(code, filePath, lineNumber))))
+                continue;
             // VG202: skip when the FROM target matches a previous AS-alias in the same file.
             if (dockerStageAliases) {
                 const target = match[0].replace(/^FROM\s+/i, "").split(/[:@\s]/)[0].toLowerCase();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.15.0",
+  "version": "3.17.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 442 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 71 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",