guardvibe 3.26.0 → 3.27.0

package/CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.27.0] - 2026-06-25
+
+### Improved — AST engine: multi-hop SQL-injection taint (no rule/tool count change: 450 rules / 39 tools)
+- **Multi-hop bare-variable SQL sinks.** Dataflow analysis now catches the case where a user-tainted SQL string is built into a *variable* and that bare variable is passed to a query sink (`const q = "SELECT ... " + req.body.x; db.sequelize.query(q)`). The inline taint patterns only match the dangerous string when it appears literally in the sink call, so they missed the variable-indirection (multi-hop) shape; the AST locates sinks whose first argument is a bare identifier and confirms it is a tainted SQL string before reporting.
+- **High precision / zero-FP guarding:** reports only when the variable is user-tainted *and* its definition is provably a SQL string (carries SQL keywords) — a parameterized query (`db.query(q, [userVal])`) stays silent (the SQL string has no tainted source; the user value rides the bind array), as does a non-SQL `.query(opts)` or a sanitizer-wrapped service-layer build. Deterministic (bundled TypeScript parser).
+- Corpus delta: 1 real SQL-injection caught that the inline patterns missed, zero false positives, zero drift on other rules. 7 new tests.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.26.0] - 2026-06-25
 
 ### Improved — AST engine: inter-procedural & nested ownership for BOLA/IDOR (no rule/tool count change: 450 rules / 39 tools)

package/build/tools/ast-engine.d.ts

@@ -26,6 +26,18 @@ export declare function bolaOwnershipGuarded(code: string, filePath: string | un
  * false on uncertainty so a genuinely unguarded mutation keeps firing.
  */
 export declare function bolaMutationGuarded(code: string, filePath: string | undefined, line: number): boolean;
+/**
+ * Find SQL-sink calls whose first argument is a BARE identifier (the multi-hop shape
+ * the inline regex can't see). Returns the 1-based sink line and the variable name so
+ * the taint engine can confirm the variable is a user-tainted SQL string before
+ * reporting. Empty (no suppression of other paths) when TypeScript is unavailable or
+ * the parse fails. The first argument must be a plain identifier — an inline
+ * string/template/concat is already covered by the regex sinks and is skipped here.
+ */
+export declare function bareVarSqlSinks(code: string, filePath?: string): Array<{
+    line: number;
+    varName: string;
+}>;
 /**
  * True when the argument to a `new RegExp(...)` at `line` is PROVABLY a constant
  * (a string literal, a variable assigned from a string literal, or the callback

package/build/tools/ast-engine.js

@@ -348,6 +348,45 @@ export function bolaMutationGuarded(code, filePath, line) {
         return true;
     return hasInterProceduralOwnershipGuard(ts, sf, target);
 }
+// SQL sink methods whose FIRST argument is the query string. The inline taint regex
+// only fires when that string is written literally in the sink call (backtick / `+`),
+// so it misses the case where the SQL string was built into a VARIABLE and the bare
+// variable is passed in (`db.sequelize.query(query)`). `.raw`/`$…Unsafe` are always
+// raw SQL; `query`/`execute` are overloaded, so taint.ts gates them on the variable
+// actually being a user-tainted SQL string.
+const SQL_RAW_SINK_METHODS = new Set(["query", "execute", "raw", "$queryRawUnsafe", "$executeRawUnsafe"]);
+/**
+ * Find SQL-sink calls whose first argument is a BARE identifier (the multi-hop shape
+ * the inline regex can't see). Returns the 1-based sink line and the variable name so
+ * the taint engine can confirm the variable is a user-tainted SQL string before
+ * reporting. Empty (no suppression of other paths) when TypeScript is unavailable or
+ * the parse fails. The first argument must be a plain identifier — an inline
+ * string/template/concat is already covered by the regex sinks and is skipped here.
+ */
+export function bareVarSqlSinks(code, filePath) {
+    const ts = getTs();
+    if (!ts)
+        return [];
+    let sf;
+    try {
+        sf = ts.createSourceFile(filePath ?? "file.ts", code, ts.ScriptTarget.Latest, true, scriptKindFor(ts, filePath));
+    }
+    catch {
+        return [];
+    }
+    const sinks = [];
+    const visit = (node) => {
+        if (ts.isCallExpression(node) && ts.isPropertyAccessExpression(node.expression)
+            && SQL_RAW_SINK_METHODS.has(node.expression.name.text)
+            && node.arguments.length > 0 && ts.isIdentifier(node.arguments[0])) {
+            const line = sf.getLineAndCharacterOfPosition(node.arguments[0].getStart(sf)).line + 1;
+            sinks.push({ line, varName: node.arguments[0].text });
+        }
+        ts.forEachChild(node, visit);
+    };
+    visit(sf);
+    return sinks;
+}
 const ITER_METHODS = new Set(["map", "forEach", "some", "every", "filter", "find", "findIndex", "reduce", "flatMap"]);
 /** First `const NAME = <initializer>` for NAME anywhere in the file (file-scope-ish). */
 function findVarInit(ts, sf, name) {

package/build/tools/taint-analysis.js

@@ -5,6 +5,7 @@
  */
 import { isRuleDefinitionFile } from "./check-code.js";
 import { looksMinified } from "../utils/constants.js";
+import { bareVarSqlSinks } from "./ast-engine.js";
 // User input sources (tainted data entry points)
 const TAINT_SOURCES = [
     { pattern: /(?:req|request)\.(?:body|query|params|headers|cookies)\b/g, type: "http-input" },
@@ -300,6 +301,44 @@ export function analyzeTaint(code, language, filePath) {
                 });
             }
         }
+    // Multi-hop SQL injection: a user-tainted SQL string built into a VARIABLE and then
+    // passed BARE to a SQL sink (`const q = "SELECT ... " + req.body.x; db.query(q)`).
+    // The inline sink regexes only match the dangerous string in the sink call itself, so
+    // they miss the variable-indirection case. The AST locates sinks whose first argument
+    // is a bare identifier; we report only when that identifier is a tainted variable
+    // whose definition is provably a SQL string (contains SQL keywords) — high precision,
+    // and a parameterized query (`db.query(q, [userVal])`) stays silent because the SQL
+    // string `q` has no tainted source and the user value rides the bind array.
+    const SQL_KEYWORDS = /\b(?:SELECT|INSERT|UPDATE|DELETE|FROM|WHERE|UNION|DROP|INTO|JOIN)\b/i;
+    const hasSqlSinkCandidate = /\.\s*(?:query|execute|raw|\$queryRawUnsafe|\$executeRawUnsafe)\s*\(\s*[A-Za-z_$]/.test(code);
+    if (hasSqlSinkCandidate && SQL_KEYWORDS.test(code)) {
+        for (const site of bareVarSqlSinks(code, filePath)) {
+            const tv = taintedVars.find(v => v.name === site.varName);
+            if (!tv)
+                continue;
+            // The variable must provably hold a SQL string built from user input — its
+            // defining assignment line carries SQL keywords (so a non-SQL `.query(opts)` or a
+            // bind-parameter value never qualifies).
+            const def = lines[tv.line - 1] ?? "";
+            if (!SQL_KEYWORDS.test(def))
+                continue;
+            if (SANITIZERS.some(s => s.test(def)))
+                continue;
+            if (findings.some(f => f.sink.line === site.line && f.sink.type === "sql-injection"))
+                continue;
+            findings.push({
+                source: { type: tv.sourceType ?? "propagated", line: tv.line, variable: tv.name },
+                sink: { type: "sql-injection", line: site.line, code: (lines[site.line - 1] ?? "").trim().substring(0, 100) },
+                chain: [
+                    `[SOURCE] ${tv.sourceType ?? "propagated"} -> ${tv.name} (line ${tv.line})`,
+                    `[SINK] sql-injection (line ${site.line})`,
+                ],
+                severity: "critical",
+                description: "A user-tainted SQL string is built into a variable and passed to a query sink, enabling SQL injection.",
+                fix: "Use parameterized queries with placeholder values (bind parameters); never concatenate user input into the SQL string.",
+            });
+        }
+    }
     return findings;
 }
 export function formatTaintFindings(findings, format) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.26.0",
+  "version": "3.27.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 450 rules, 39 tools, CLI + doctor. Prompt-level shift-left security (secure_prompt — embed security requirements BEFORE code generation), host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 77 CVE rules refreshed daily from GHSA/OSV/CISA KEV — js-cookie cookie-attribute injection, PostCSS </style> stringify XSS, Axios proxy prototype-pollution gadget, Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",