guardvibe 3.20.0 → 3.21.0

package/CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.21.0] - 2026-06-18
+
+### Added — 3 rules from daily threat intel: Hono CORS reflection + @hono/node-server bypass (445 → 448 rules / 38 tools)
+- **VG1092 — Hono CORS origin reflection with credentials + June 2026 cluster (CVE-2026-54290 / GHSA-88fw-hqm2-52qc, high).** hono < 4.12.25 reflects any request Origin back with `Access-Control-Allow-Credentials: true` when `credentials:true` is set without an explicit allowlist (account-takeover-grade CORS); the release also re-fixes cache cross-user leak (CVE-2026-44457), JWT NumericDate (CVE-2026-44459), and bodyLimit bypass (CVE-2026-44456). **Distinct from VG1043 (pre-4.12.18 cluster):** flags exactly the residual 4.12.18–4.12.24 window, no double-firing. 0-FP semver: caret/tilde within 4.12 resolve to the fixed 4.12.25 → only exact/`=` pins flagged.
+- **VG1093 — @hono/node-server serveStatic middleware bypass via repeated slashes (GHSA-92pp-h63x-v22m, high).** @hono/node-server < 1.19.13 lets a request like `//admin/secret.txt` skip route-based middleware (auth guards) and serve protected static files. Fixed in 1.19.13. 0-FP semver: caret on 1.x and tilde within 1.19 resolve to the fix → only exact/`=` pins (plus tilde within 1.0–1.18 and any range on 0.x) flagged.
+- **VG1094 — CORS origin reflection with credentials (behavioral, CVE-2026-54290, high).** Code-level companion to VG1092: flags `cors({ credentials:true })` combined with a reflected origin (`origin: true` or an arrow function that returns its origin argument unchanged), the exact misconfiguration that made CVE-2026-54290 exploitable on any CORS middleware (Hono, Express). Targets the reflected-origin forms VG973 (wildcard literal) cannot see; allowlist-guarded functions are not flagged.
+- 31 new tests. CVE version-pin rule count 74 → 76. Sourced from the daily GHSA/OSV/CISA-KEV intel brief and verified against the upstream advisories; everything else in that brief — axios CVE-2025-62718/42264/25639 (already covered by VG1042/VG1091), Next.js RSC cache poisoning CVE-2026-44576/44577/44582 (already covered by VG1047 `< 15.5.18 / 16.2.6`), Drizzle CVE-2026-39356, Clerk bypass cluster, Vercel AI SDK filetype, Anthropic SDK memory tool, postcss XSS — was already covered. Zero new runtime dependencies.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.20.0] - 2026-06-14
 
 ### Added — 3 fresh CVE version-pin rules from daily threat intel (442 → 445 rules / 38 tools)

package/README.md

@@ -15,7 +15,7 @@
 - **🔍 An independent second pair of eyes.** The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop *while* your AI codes (real-time edit hook), not after.
 - **⬅️ NEW: Starts before the first line of code.** Every scanner on earth — including your agent reviewing itself — acts *after* the code exists. [`secure_prompt`](#prompt-level-security-shift-left) acts *before*: it analyzes the coding prompt itself, detects the stack and attack surfaces it implies, and embeds severity-ranked GuardVibe requirements into the prompt your AI executes. The vulnerability is prevented, not caught. Deterministic, zero LLM calls — and if the prompt is already secure, it passes through untouched.
 
-**The security MCP built for vibe coding.** 445 security rules, 38 tools covering the entire AI-generated code journey — from the prompt itself to production deployment.
+**The security MCP built for vibe coding.** 448 security rules, 38 tools covering the entire AI-generated code journey — from the prompt itself to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -27,7 +27,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **445 security rules, 38 tools** purpose-built for the stacks AI agents generate
+- **448 security rules, 38 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -65,7 +65,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | CVE version detection | 71 packages, refreshed daily | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 445 (focused, 68 AI-native) | 5000+ (broad) | N/A |
+| Rule count | 448 (focused, 68 AI-native) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -288,7 +288,7 @@ Same user intent — but the model now generates auth code with the guardrails s
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (445 rules across 25 modules)
+## Security Rules (448 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|

package/build/data/rules/cve-versions.js

@@ -865,4 +865,28 @@ export const cveVersionRules = [
         fixCode: '// package.json\n"axios": "^1.16.0"  // or latest\n\n// Defence-in-depth — block prototype writes at bootstrap\nObject.freeze(Object.prototype);',
         compliance: ["SOC2:CC6.1", "SOC2:CC7.1", "PCI-DSS:Req6.2"],
     },
+    {
+        id: "VG1092",
+        name: "Hono CORS Origin Reflection With Credentials + June 2026 Cluster (CVE-2026-54290 / GHSA-88fw-hqm2-52qc)",
+        severity: "high",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "Hono versions before 4.12.25 ship a CORS middleware that, when credentials:true is set without an explicit origin allowlist, reflects ANY request Origin header back with Access-Control-Allow-Credentials:true — letting any site issue credentialed cross-origin requests (account-takeover-grade CSRF/CORS, CVE-2026-54290). The same release also re-fixes the cache cross-user leak (CVE-2026-44457), JWT NumericDate validation (CVE-2026-44459), and bodyLimit bypass (CVE-2026-44456). Distinct from VG1043 (the pre-4.12.18 cluster): a project that took VG1043's advice and pinned 4.12.18 is STILL exposed to the CORS reflection, so this rule flags exactly that residual window (4.12.18 through 4.12.24). Caret and tilde ranges within 4.12 resolve to the fixed 4.12.25 and are not flagged — only exact/= pins are.",
+        pattern: /["']hono["']\s*:\s*["']=?\s*4\.12\.(?:1[89]|2[0-4])["']/g,
+        languages: ["json"],
+        fix: "Upgrade Hono to 4.12.25 or later: npm install hono@latest. Until upgraded, never combine cors({ credentials: true }) with a wildcard or reflected origin — pass an explicit origin allowlist.",
+        fixCode: '// package.json\n"hono": "^4.12.25"  // or latest\n\n// Safe CORS — explicit allowlist, never reflect arbitrary origins with credentials\nimport { cors } from "hono/cors";\napp.use("/api/*", cors({\n  origin: ["https://myapp.com"],\n  credentials: true,\n}));',
+        compliance: ["SOC2:CC6.1", "SOC2:CC6.6", "PCI-DSS:Req6.2"],
+    },
+    {
+        id: "VG1093",
+        name: "@hono/node-server serveStatic Middleware Bypass via Repeated Slashes (GHSA-92pp-h63x-v22m)",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "@hono/node-server versions before 1.19.13 mishandle paths containing repeated slashes, so a request like //admin/secret.txt bypasses route-based middleware (auth/authorization guards) and serves protected static files directly through serveStatic. Any app that gates a static directory with middleware is exposed. Fixed in 1.19.13. Caret ranges on the 1.x line and tilde ranges within 1.19 resolve to the fixed 1.19.13, so only exact/= pins (and tilde within 1.0–1.18, plus any range on 0.x) are flagged.",
+        pattern: /["']@hono\/node-server["']\s*:\s*["'](?:(?:\^|~|>=?)?\s*0\.\d+\.\d+|(?:~|=)?\s*1\.(?:[0-9]|1[0-8])\.\d+|=?\s*1\.19\.(?:[0-9]|1[0-2])(?![0-9]))["']/g,
+        languages: ["json"],
+        fix: "Upgrade @hono/node-server to 1.19.13 or later: npm install @hono/node-server@latest. As defence-in-depth, normalize incoming paths (collapse repeated slashes) before middleware authorization checks.",
+        fixCode: '// package.json\n"@hono/node-server": "^1.19.13"  // or latest',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.2", "HIPAA:§164.312(a)"],
+    },
 ];

package/build/data/rules/modern-stack.js

@@ -221,6 +221,18 @@ export const modernStackRules = [
         fixCode: 'import { cors } from "hono/cors";\n\napp.use("/*", cors({\n  origin: ["https://myapp.com", "https://staging.myapp.com"],\n}));',
         compliance: ["SOC2:CC6.6"],
     },
+    {
+        id: "VG1094",
+        name: "CORS Origin Reflection With Credentials (CVE-2026-54290)",
+        severity: "high",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "cors() is configured with credentials:true AND an origin that reflects the caller — either origin:true or an arrow function that returns its origin argument unchanged (origin: (o) => o). This combination echoes any request's Origin back together with Access-Control-Allow-Credentials:true, so any website can make authenticated cross-origin requests on the victim's behalf (account-takeover-grade CSRF). This is the exact misconfiguration that made Hono CVE-2026-54290 exploitable, and it is dangerous on any CORS middleware (Hono, Express). The wildcard literal origin:'*' form is covered separately by VG973; this rule targets the reflected-origin forms that VG973 cannot see.",
+        pattern: /cors\s*\(\s*\{(?=[\s\S]{0,400}?credentials\s*:\s*true)[\s\S]{0,400}?origin\s*:\s*(?:true\b|\(\s*(\w+)\s*\)\s*=>\s*\1\b)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Never combine credentials:true with a reflected origin. Pass an explicit allowlist of trusted origins, or validate the incoming origin against an allowlist before returning it.",
+        fixCode: 'import { cors } from "hono/cors";\n\nconst ALLOWED = new Set(["https://myapp.com", "https://app.myapp.com"]);\napp.use("/api/*", cors({\n  origin: (origin) => (ALLOWED.has(origin) ? origin : null),\n  credentials: true,\n}));',
+        compliance: ["SOC2:CC6.1", "SOC2:CC6.6", "PCI-DSS:Req6.2"],
+    },
     // =====================================================
     // GraphQL Security
     // =====================================================

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.20.0",
+  "version": "3.21.0",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 445 rules, 38 tools, CLI + doctor. Prompt-level shift-left security (secure_prompt — embed security requirements BEFORE code generation), host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 74 CVE rules refreshed daily from GHSA/OSV/CISA KEV — js-cookie cookie-attribute injection, PostCSS </style> stringify XSS, Axios proxy prototype-pollution gadget, Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
+  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 448 rules, 38 tools, CLI + doctor. Prompt-level shift-left security (secure_prompt — embed security requirements BEFORE code generation), host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 76 CVE rules refreshed daily from GHSA/OSV/CISA KEV — js-cookie cookie-attribute injection, PostCSS </style> stringify XSS, Axios proxy prototype-pollution gadget, Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",
@@ -111,7 +111,7 @@
     "zod": "^3.25.0"
   },
   "overrides": {
-    "hono": "^4.12.21",
+    "hono": "^4.12.25",
     "fast-uri": "^3.1.2",
     "ip-address": "^10.2.0"
   },