guardvibe 3.5.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/build/tools/check-code.js +20 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,16 @@ All notable changes to GuardVibe are documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [3.6.0] - 2026-06-07
|
|
9
|
+
|
|
10
|
+
### Fixed — VG120 SSRF false-positive narrowing (sustain 0-FP) (438 rules / 37 tools)
|
|
11
|
+
- **VG120 (SSRF) no longer fires on URLs that are provably not request-controlled.** The regex flags `fetch(variable)` for any bare identifier; it now skips when the URL variable is assigned from a **literal `https://` constant** or **`process.env`** (including an env default parameter, e.g. `webhook = process.env.SOLUTIONS_WEBHOOK`), and skips **minified bundles**. `new URL(...)` is deliberately NOT treated as safe (it may wrap user input).
|
|
12
|
+
- **Validated against the corpus (clean old-vs-new diff): 1 false positive removed, 0 true positives lost, 0 new findings, 0 drift in any other rule.** Recall on genuinely user-controlled URLs is preserved (covered by tests).
|
|
13
|
+
- **Honest limitation:** URLs built from a constant *base variable* (`` `${apiBase}/path` ``) or returned from a helper still need real dataflow to classify safely, so they are intentionally left as-is for a future AST/dataflow engine rather than narrowed by regex (which would risk hiding a real SSRF). The precise signal for user-input→request flows already exists via the SSRF taint sink.
|
|
14
|
+
- No rule or tool changes (438 / 37).
|
|
15
|
+
|
|
16
|
+
Gate green (build / lint / test / self-audit PASS / A / 0).
|
|
17
|
+
|
|
8
18
|
## [3.5.0] - 2026-06-07
|
|
9
19
|
|
|
10
20
|
### Added — agent-native structured output (`guardvibe.agent.v1`) (438 rules / 37 tools)
|
|
@@ -3,6 +3,7 @@ import { owaspRules } from "../data/rules/index.js";
|
|
|
3
3
|
import { loadConfig } from "../utils/config.js";
|
|
4
4
|
import { loadIgnoreFile, isIgnored } from "../utils/ignore.js";
|
|
5
5
|
import { securityBanner } from "../utils/banner.js";
|
|
6
|
+
import { looksMinified } from "../utils/constants.js";
|
|
6
7
|
/** CVE version-pin rule IDs are VG900-VG931 (and only these). Other VG9xx IDs
|
|
7
8
|
* (VG983 Turso, VG990 SVG, VG998 OpenAI browser flag, etc.) are regular code-pattern
|
|
8
9
|
* rules and should NOT be exempted from comment / string-literal skip logic. */
|
|
@@ -873,6 +874,25 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
|
|
|
873
874
|
continue;
|
|
874
875
|
}
|
|
875
876
|
}
|
|
877
|
+
// VG120 (SSRF via User-Controlled URL): the regex flags `fetch(variable)` for any
|
|
878
|
+
// bare identifier, so it over-fires on constant/config endpoints. Safely skip the
|
|
879
|
+
// cases that are provably NOT request-controlled: a minified bundle (not real
|
|
880
|
+
// source; taint already skips these), or a URL variable assigned from a literal
|
|
881
|
+
// https:// constant or process.env (incl. an env default parameter). Template URLs
|
|
882
|
+
// built from a constant *base var* (`${apiBase}/path`) and method-returned URLs
|
|
883
|
+
// need real dataflow to classify and are deliberately LEFT for the AST engine —
|
|
884
|
+
// narrowing them by regex would risk hiding a genuine SSRF. `new URL(...)` is NOT
|
|
885
|
+
// treated as safe (it may wrap user input).
|
|
886
|
+
if (rule.id === "VG120") {
|
|
887
|
+
if (looksMinified(code))
|
|
888
|
+
continue;
|
|
889
|
+
const v = match[0].match(/\(\s*([A-Za-z_$]\w*)\s*[,)]/)?.[1];
|
|
890
|
+
if (v) {
|
|
891
|
+
const safeOrigin = new RegExp(`\\b${v}\\s*=\\s*(?:["'\\\`]https?:\\/\\/|process\\.env\\b)`);
|
|
892
|
+
if (safeOrigin.test(code))
|
|
893
|
+
continue;
|
|
894
|
+
}
|
|
895
|
+
}
|
|
876
896
|
// Skip matches on comment lines and inside string literals.
|
|
877
897
|
// CVE version-pin rules (VG900-VG931) are exempt — they scan package.json
|
|
878
898
|
// dependency declarations where these contexts don't apply.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.6.0",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 438 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
|
|
6
6
|
"type": "module",
|