hackmyagent 0.11.9 → 0.11.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +83 -0
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/semantic/integration/finding-adapter.d.ts.map +1 -1
- package/dist/semantic/integration/finding-adapter.js +1 -0
- package/dist/semantic/integration/finding-adapter.js.map +1 -1
- package/dist/telemetry/contribute.d.ts +9 -34
- package/dist/telemetry/contribute.d.ts.map +1 -1
- package/dist/telemetry/contribute.js +22 -124
- package/dist/telemetry/contribute.js.map +1 -1
- package/package.json +6 -5
|
@@ -2152,6 +2152,7 @@ dist/
|
|
|
2152
2152
|
? 'Container runs as non-root user or no Dockerfile present'
|
|
2153
2153
|
: 'Dockerfile runs as root - add USER directive for non-root user',
|
|
2154
2154
|
fixable: false,
|
|
2155
|
+
guidance: 'A container running as root means any exploit that escapes the application gets full control of the container and potentially the host system.',
|
|
2155
2156
|
});
|
|
2156
2157
|
// PROC-002: Check for security headers middleware
|
|
2157
2158
|
let hasSecurityHeaders = false;
|
|
@@ -2171,6 +2172,7 @@ dist/
|
|
|
2171
2172
|
? 'Security headers middleware detected (helmet)'
|
|
2172
2173
|
: 'Consider using helmet or similar for security headers',
|
|
2173
2174
|
fixable: false,
|
|
2175
|
+
guidance: 'Missing security headers (CSP, X-Frame-Options, HSTS) leave your app vulnerable to clickjacking, XSS, and protocol downgrade attacks.',
|
|
2174
2176
|
});
|
|
2175
2177
|
// PROC-003: Check for input validation
|
|
2176
2178
|
let hasInputValidation = false;
|
|
@@ -2190,6 +2192,7 @@ dist/
|
|
|
2190
2192
|
? 'Input validation library detected'
|
|
2191
2193
|
: 'No input validation library found - validate all user inputs',
|
|
2192
2194
|
fixable: false,
|
|
2195
|
+
guidance: 'Without input validation, attackers can inject SQL, scripts, or malformed data that corrupts state, steals data, or crashes the application.',
|
|
2193
2196
|
});
|
|
2194
2197
|
// PROC-004: Check for error handling
|
|
2195
2198
|
let hasErrorHandling = false;
|
|
@@ -2220,6 +2223,7 @@ dist/
|
|
|
2220
2223
|
? 'Error handling patterns detected'
|
|
2221
2224
|
: 'Ensure proper error handling to prevent information disclosure',
|
|
2222
2225
|
fixable: false,
|
|
2226
|
+
guidance: 'Unhandled errors can crash the process, leak stack traces with internal paths and variable names, and create denial-of-service conditions.',
|
|
2223
2227
|
});
|
|
2224
2228
|
return findings;
|
|
2225
2229
|
}
|
|
@@ -2248,6 +2252,7 @@ dist/
|
|
|
2248
2252
|
? 'Consider adding deny rules to block dangerous operations'
|
|
2249
2253
|
: 'No Claude settings file found',
|
|
2250
2254
|
fixable: false,
|
|
2255
|
+
guidance: 'Without deny rules, Claude Code can execute any tool or command. Deny rules act as a blocklist to prevent dangerous operations like rm -rf or credential access.',
|
|
2251
2256
|
});
|
|
2252
2257
|
// CLAUDE-005: Check for memory/context persistence
|
|
2253
2258
|
const memorySettings = claudeSettings?.memory;
|
|
@@ -2263,6 +2268,7 @@ dist/
|
|
|
2263
2268
|
? 'Claude memory enabled - be aware sensitive data may persist'
|
|
2264
2269
|
: 'Claude memory not explicitly enabled',
|
|
2265
2270
|
fixable: false,
|
|
2271
|
+
guidance: 'Persistent memory can retain API keys, internal URLs, or confidential instructions across sessions. An attacker who gains access to the memory store can extract this data.',
|
|
2266
2272
|
});
|
|
2267
2273
|
// CLAUDE-006: Check CLAUDE.md for sensitive instructions
|
|
2268
2274
|
let hasSensitiveInstructions = false;
|
|
@@ -2288,6 +2294,7 @@ dist/
|
|
|
2288
2294
|
? 'CLAUDE.md contains sensitive instructions - these may be extractable via prompt injection'
|
|
2289
2295
|
: 'No obviously sensitive instructions detected in CLAUDE.md',
|
|
2290
2296
|
fixable: false,
|
|
2297
|
+
guidance: 'CLAUDE.md is typically committed to version control. Sensitive instructions there can be extracted via prompt injection or by anyone with repo access.',
|
|
2291
2298
|
});
|
|
2292
2299
|
// CLAUDE-007: Check for tool timeout configuration
|
|
2293
2300
|
const hasToolTimeout = claudeSettings?.toolTimeout !== undefined;
|
|
@@ -2304,6 +2311,7 @@ dist/
|
|
|
2304
2311
|
? 'Consider setting tool timeouts to prevent runaway operations'
|
|
2305
2312
|
: 'No Claude settings found',
|
|
2306
2313
|
fixable: false,
|
|
2314
|
+
guidance: 'Without tool timeouts, a stuck or malicious tool call can hang indefinitely, consuming resources and blocking the agent from responding.',
|
|
2307
2315
|
});
|
|
2308
2316
|
return findings;
|
|
2309
2317
|
}
|
|
@@ -2331,6 +2339,7 @@ dist/
|
|
|
2331
2339
|
? 'Consider setting request timeouts for MCP servers'
|
|
2332
2340
|
: 'No MCP config found',
|
|
2333
2341
|
fixable: false,
|
|
2342
|
+
guidance: 'Without request timeouts, a hung or malicious MCP server can block the agent indefinitely, causing denial-of-service and preventing other tools from executing.',
|
|
2334
2343
|
});
|
|
2335
2344
|
// MCP-007: Check for retry limits
|
|
2336
2345
|
const hasRetryConfig = mcpConfig?.retries !== undefined;
|
|
@@ -2347,6 +2356,7 @@ dist/
|
|
|
2347
2356
|
? 'Consider setting retry limits to prevent infinite loops'
|
|
2348
2357
|
: 'No MCP config found',
|
|
2349
2358
|
fixable: false,
|
|
2359
|
+
guidance: 'Without retry limits, a failing MCP server can trigger infinite retry loops that waste API credits, saturate network connections, and stall the agent.',
|
|
2350
2360
|
});
|
|
2351
2361
|
// MCP-008: Check for localhost binding
|
|
2352
2362
|
let allLocalhostBound = true;
|
|
@@ -2372,6 +2382,7 @@ dist/
|
|
|
2372
2382
|
? 'MCP servers properly bound to localhost'
|
|
2373
2383
|
: 'Some MCP servers not bound to localhost - may be network accessible',
|
|
2374
2384
|
fixable: false,
|
|
2385
|
+
guidance: 'MCP servers running over network (SSE/HTTP) without authentication let any network-adjacent attacker connect and issue tool calls.',
|
|
2375
2386
|
});
|
|
2376
2387
|
// MCP-009: Check for sensitive tool names
|
|
2377
2388
|
const sensitiveTools = ['execute', 'shell', 'eval', 'system', 'exec', 'spawn'];
|
|
@@ -2397,6 +2408,7 @@ dist/
|
|
|
2397
2408
|
? 'Sensitive tool names detected (shell, exec, eval) - ensure proper restrictions'
|
|
2398
2409
|
: 'No obviously sensitive tool names in MCP config',
|
|
2399
2410
|
fixable: false,
|
|
2411
|
+
guidance: 'Tools named shell, exec, or eval typically provide arbitrary code execution. A prompt injection that invokes these tools can fully compromise the host system.',
|
|
2400
2412
|
});
|
|
2401
2413
|
// MCP-010: Check for logging configuration
|
|
2402
2414
|
let hasLogging = false;
|
|
@@ -2419,6 +2431,7 @@ dist/
|
|
|
2419
2431
|
? 'MCP logging appears to be configured - ensure sensitive data is not logged'
|
|
2420
2432
|
: 'No explicit MCP logging configuration detected',
|
|
2421
2433
|
fixable: false,
|
|
2434
|
+
guidance: 'Logging MCP requests and responses creates an audit trail for detecting misuse. Without it, malicious tool calls leave no trace for incident response.',
|
|
2422
2435
|
});
|
|
2423
2436
|
return findings;
|
|
2424
2437
|
}
|
|
@@ -2453,6 +2466,7 @@ dist/
|
|
|
2453
2466
|
? 'HTTPS/TLS configuration detected'
|
|
2454
2467
|
: 'No HTTPS configuration found - ensure production uses TLS',
|
|
2455
2468
|
fixable: false,
|
|
2469
|
+
guidance: 'Without TLS, all traffic including API keys, tokens, and user data is transmitted in plaintext. Anyone on the network can intercept and read it.',
|
|
2456
2470
|
});
|
|
2457
2471
|
// NET-004: Check for exposed debug endpoints
|
|
2458
2472
|
let hasDebugEndpoints = false;
|
|
@@ -2486,6 +2500,7 @@ dist/
|
|
|
2486
2500
|
? 'Debug/admin endpoints detected - ensure they are protected or disabled in production'
|
|
2487
2501
|
: 'No obvious debug endpoints found',
|
|
2488
2502
|
fixable: false,
|
|
2503
|
+
guidance: 'Debug and admin endpoints expose internal state, configuration, and metrics. Attackers use these to map your infrastructure and find weaknesses.',
|
|
2489
2504
|
});
|
|
2490
2505
|
// NET-005: Check for WebSocket security
|
|
2491
2506
|
let hasWebsocket = false;
|
|
@@ -2523,6 +2538,7 @@ dist/
|
|
|
2523
2538
|
? 'WebSocket authentication detected'
|
|
2524
2539
|
: 'WebSocket without obvious authentication - ensure connections are verified',
|
|
2525
2540
|
fixable: false,
|
|
2541
|
+
guidance: 'Unauthenticated WebSocket connections let any client send commands to your backend. Unlike HTTP, WebSockets maintain persistent connections that bypass traditional request-based security.',
|
|
2526
2542
|
});
|
|
2527
2543
|
// NET-006: Check for proxy configuration
|
|
2528
2544
|
let hasProxyConfig = false;
|
|
@@ -2541,6 +2557,7 @@ dist/
|
|
|
2541
2557
|
passed: true, // Informational
|
|
2542
2558
|
message: 'HTTP proxy library detected - verify SSRF protections are in place',
|
|
2543
2559
|
fixable: false,
|
|
2560
|
+
guidance: 'HTTP proxies without SSRF protections allow attackers to reach internal services, cloud metadata endpoints, and private networks through your server.',
|
|
2544
2561
|
});
|
|
2545
2562
|
}
|
|
2546
2563
|
return findings;
|
|
@@ -2576,6 +2593,7 @@ dist/
|
|
|
2576
2593
|
? 'API versioning pattern detected'
|
|
2577
2594
|
: 'Consider implementing API versioning for backwards compatibility',
|
|
2578
2595
|
fixable: false,
|
|
2596
|
+
guidance: 'Without API versioning, breaking changes affect all clients immediately. Versioning enables safe deprecation and prevents accidental security regressions.',
|
|
2579
2597
|
});
|
|
2580
2598
|
// API-002: Check for API documentation
|
|
2581
2599
|
let hasApiDocs = false;
|
|
@@ -2595,6 +2613,7 @@ dist/
|
|
|
2595
2613
|
? 'API documentation library detected'
|
|
2596
2614
|
: 'Consider adding OpenAPI/Swagger documentation',
|
|
2597
2615
|
fixable: false,
|
|
2616
|
+
guidance: 'Undocumented APIs are harder to use correctly and easier to misuse. Clear documentation reduces the chance of insecure integrations by consumers.',
|
|
2598
2617
|
});
|
|
2599
2618
|
// API-003: Check for API key in URL
|
|
2600
2619
|
let hasKeyInUrl = false;
|
|
@@ -2627,6 +2646,7 @@ dist/
|
|
|
2627
2646
|
? 'API key in URL pattern detected - use headers instead'
|
|
2628
2647
|
: 'No obvious API key in URL patterns found',
|
|
2629
2648
|
fixable: false,
|
|
2649
|
+
guidance: 'API keys in URLs are logged by browsers, proxies, and web servers. They appear in referrer headers and browser history, making them easy to steal.',
|
|
2630
2650
|
});
|
|
2631
2651
|
// API-004: Check for response headers security
|
|
2632
2652
|
let hasSecurityHeaders = false;
|
|
@@ -2657,6 +2677,7 @@ dist/
|
|
|
2657
2677
|
? 'Security headers detected in responses'
|
|
2658
2678
|
: 'Add security headers (X-Content-Type-Options, X-Frame-Options, CSP)',
|
|
2659
2679
|
fixable: false,
|
|
2680
|
+
guidance: 'Missing security headers like X-Frame-Options and CSP leave your API responses vulnerable to clickjacking, MIME-sniffing, and cross-site scripting attacks.',
|
|
2660
2681
|
});
|
|
2661
2682
|
return findings;
|
|
2662
2683
|
}
|
|
@@ -2680,6 +2701,7 @@ dist/
|
|
|
2680
2701
|
? 'Secret management capability detected'
|
|
2681
2702
|
: 'Consider using a secret manager (Vault, AWS Secrets Manager, doppler)',
|
|
2682
2703
|
fixable: false,
|
|
2704
|
+
guidance: 'Without a secret manager, credentials end up in .env files, config files, or source code where they can be leaked through version control or log files.',
|
|
2683
2705
|
});
|
|
2684
2706
|
// SEC-002: Check for encryption library
|
|
2685
2707
|
let hasEncryption = false;
|
|
@@ -2699,6 +2721,7 @@ dist/
|
|
|
2699
2721
|
? 'Encryption library detected'
|
|
2700
2722
|
: 'Consider using encryption for sensitive data (bcrypt, argon2)',
|
|
2701
2723
|
fixable: false,
|
|
2724
|
+
guidance: 'Without encryption, sensitive data like passwords and tokens are stored in plaintext. A database breach or file leak exposes everything immediately.',
|
|
2702
2725
|
});
|
|
2703
2726
|
// SEC-003: Check for key rotation support
|
|
2704
2727
|
let hasKeyRotation = false;
|
|
@@ -2727,6 +2750,7 @@ dist/
|
|
|
2727
2750
|
? 'Key rotation support detected'
|
|
2728
2751
|
: 'Consider implementing key rotation for long-lived secrets',
|
|
2729
2752
|
fixable: false,
|
|
2753
|
+
guidance: 'Without key rotation, a single compromised key grants permanent access. Regular rotation limits the window of exposure when a key is leaked.',
|
|
2730
2754
|
});
|
|
2731
2755
|
// SEC-004: Check for hardcoded connection strings
|
|
2732
2756
|
let hasHardcodedConnStr = false;
|
|
@@ -2760,6 +2784,7 @@ dist/
|
|
|
2760
2784
|
? 'Hardcoded connection strings detected - use environment variables'
|
|
2761
2785
|
: 'No hardcoded connection strings found',
|
|
2762
2786
|
fixable: false,
|
|
2787
|
+
guidance: 'Hardcoded connection strings contain database hostnames, ports, and credentials. Anyone with code access can connect directly to your database.',
|
|
2763
2788
|
});
|
|
2764
2789
|
return findings;
|
|
2765
2790
|
}
|
|
@@ -2801,6 +2826,7 @@ dist/
|
|
|
2801
2826
|
? 'File upload validation detected'
|
|
2802
2827
|
: 'File upload without obvious validation - add file type/size limits',
|
|
2803
2828
|
fixable: false,
|
|
2829
|
+
guidance: 'Unrestricted file uploads let attackers send malicious executables, web shells, or oversized files that can compromise the server or exhaust disk space.',
|
|
2804
2830
|
});
|
|
2805
2831
|
// IO-002: Check for SQL/NoSQL injection protection
|
|
2806
2832
|
let hasDbLibrary = false;
|
|
@@ -2827,6 +2853,7 @@ dist/
|
|
|
2827
2853
|
? 'ORM/query builder detected - provides parameterization'
|
|
2828
2854
|
: 'Raw database driver detected - ensure parameterized queries are used',
|
|
2829
2855
|
fixable: false,
|
|
2856
|
+
guidance: 'Raw database queries built with string concatenation let attackers inject SQL or NoSQL commands that can read, modify, or delete all data in the database.',
|
|
2830
2857
|
});
|
|
2831
2858
|
// IO-003: Check for XSS protection
|
|
2832
2859
|
let hasXssProtection = false;
|
|
@@ -2846,6 +2873,7 @@ dist/
|
|
|
2846
2873
|
? 'XSS protection library detected'
|
|
2847
2874
|
: 'No XSS protection library found - sanitize user input before rendering',
|
|
2848
2875
|
fixable: false,
|
|
2876
|
+
guidance: 'Without XSS protection, user-supplied content rendered in the browser can execute arbitrary JavaScript, stealing session tokens and user data.',
|
|
2849
2877
|
});
|
|
2850
2878
|
// IO-004: Check for path traversal protection
|
|
2851
2879
|
let hasPathTraversal = false;
|
|
@@ -2878,6 +2906,7 @@ dist/
|
|
|
2878
2906
|
? 'Potential path traversal detected - use path.resolve/normalize'
|
|
2879
2907
|
: 'No obvious path traversal vulnerabilities found',
|
|
2880
2908
|
fixable: false,
|
|
2909
|
+
guidance: 'Path traversal (../) in file paths lets attackers read sensitive files like /etc/passwd or .env by escaping the intended directory.',
|
|
2881
2910
|
});
|
|
2882
2911
|
return findings;
|
|
2883
2912
|
}
|
|
@@ -2911,6 +2940,7 @@ dist/
|
|
|
2911
2940
|
? 'Prompt boundaries detected in CLAUDE.md'
|
|
2912
2941
|
: 'Consider adding prompt boundary markers to prevent injection attacks',
|
|
2913
2942
|
fixable: false,
|
|
2943
|
+
guidance: 'Without clear boundary markers, attackers can inject instructions that blend with the system prompt, making it impossible for the model to distinguish trusted from untrusted content.',
|
|
2914
2944
|
});
|
|
2915
2945
|
// PROMPT-002: Check for injection defense instructions
|
|
2916
2946
|
let hasInjectionDefense = false;
|
|
@@ -2935,6 +2965,7 @@ dist/
|
|
|
2935
2965
|
? 'Injection defense instructions found'
|
|
2936
2966
|
: 'Consider adding injection defense instructions to system prompts',
|
|
2937
2967
|
fixable: false,
|
|
2968
|
+
guidance: 'System prompts without injection defenses can be overridden by user inputs that say "ignore previous instructions", bypassing all safety rules.',
|
|
2938
2969
|
});
|
|
2939
2970
|
// PROMPT-003: Check for output constraints
|
|
2940
2971
|
let hasOutputConstraints = false;
|
|
@@ -2959,6 +2990,7 @@ dist/
|
|
|
2959
2990
|
? 'Output confidentiality rules defined'
|
|
2960
2991
|
: 'Consider defining what information should not be disclosed',
|
|
2961
2992
|
fixable: false,
|
|
2993
|
+
guidance: 'Without output confidentiality rules, the agent may freely reveal system prompts, internal tool names, API keys, or other sensitive context when asked.',
|
|
2962
2994
|
});
|
|
2963
2995
|
// PROMPT-004: Check for role confusion protection
|
|
2964
2996
|
let hasRoleProtection = false;
|
|
@@ -2982,6 +3014,7 @@ dist/
|
|
|
2982
3014
|
? 'Role definition found in prompts'
|
|
2983
3015
|
: 'Consider clearly defining the AI role to prevent role confusion attacks',
|
|
2984
3016
|
fixable: false,
|
|
3017
|
+
guidance: 'Without a clear role definition, attackers can use "you are now a hacker assistant" style prompts to override the agent identity and bypass safety constraints.',
|
|
2985
3018
|
});
|
|
2986
3019
|
return findings;
|
|
2987
3020
|
}
|
|
@@ -3024,6 +3057,7 @@ dist/
|
|
|
3024
3057
|
? 'Input validation library detected'
|
|
3025
3058
|
: 'Consider using zod, joi, or similar for input validation',
|
|
3026
3059
|
fixable: false,
|
|
3060
|
+
guidance: 'Without schema validation, any malformed or malicious input reaches your application logic. This is the root cause of injection, overflow, and type confusion attacks.',
|
|
3027
3061
|
});
|
|
3028
3062
|
// INJ-002: Check for XSS protection patterns
|
|
3029
3063
|
let hasXssProtection = false;
|
|
@@ -3058,6 +3092,7 @@ dist/
|
|
|
3058
3092
|
? 'XSS protection patterns detected'
|
|
3059
3093
|
: 'Consider implementing output escaping for user-facing content',
|
|
3060
3094
|
fixable: false,
|
|
3095
|
+
guidance: 'Unescaped user content rendered in HTML lets attackers inject scripts that steal cookies, hijack sessions, and impersonate users.',
|
|
3061
3096
|
});
|
|
3062
3097
|
// INJ-003: Check for SQL injection protection
|
|
3063
3098
|
let hasSqlProtection = false;
|
|
@@ -3094,6 +3129,7 @@ dist/
|
|
|
3094
3129
|
? 'Parameterized queries or ORM detected'
|
|
3095
3130
|
: 'Ensure all database queries use parameterized statements',
|
|
3096
3131
|
fixable: false,
|
|
3132
|
+
guidance: 'SQL injection via string concatenation lets attackers read, modify, or delete any data in your database. Parameterized queries prevent this entirely.',
|
|
3097
3133
|
});
|
|
3098
3134
|
// INJ-004: Check for command injection protection
|
|
3099
3135
|
let hasCmdProtection = false;
|
|
@@ -3134,6 +3170,7 @@ dist/
|
|
|
3134
3170
|
? 'Safe command execution patterns detected or no shell commands found'
|
|
3135
3171
|
: 'Use execFile instead of exec, or disable shell interpolation',
|
|
3136
3172
|
fixable: false,
|
|
3173
|
+
guidance: 'Using exec() with user-controlled input lets attackers inject shell metacharacters (;, |, $()) to run arbitrary commands on the host system.',
|
|
3137
3174
|
});
|
|
3138
3175
|
return findings;
|
|
3139
3176
|
}
|
|
@@ -3167,6 +3204,7 @@ dist/
|
|
|
3167
3204
|
? 'Rate limiting library detected'
|
|
3168
3205
|
: 'Consider implementing rate limiting to prevent abuse',
|
|
3169
3206
|
fixable: false,
|
|
3207
|
+
guidance: 'Without rate limiting, attackers can make unlimited API calls, exhausting your quota and running up costs. It also enables brute-force and credential stuffing attacks.',
|
|
3170
3208
|
});
|
|
3171
3209
|
// RATE-002: Check for retry/backoff patterns
|
|
3172
3210
|
let hasBackoff = false;
|
|
@@ -3200,6 +3238,7 @@ dist/
|
|
|
3200
3238
|
? 'Retry/backoff patterns detected'
|
|
3201
3239
|
: 'Consider implementing exponential backoff for external calls',
|
|
3202
3240
|
fixable: false,
|
|
3241
|
+
guidance: 'Without exponential backoff, retries hammer external services at full speed during outages, worsening the problem and potentially getting your API key banned.',
|
|
3203
3242
|
});
|
|
3204
3243
|
// RATE-003: Check for timeout configurations
|
|
3205
3244
|
let hasTimeouts = false;
|
|
@@ -3232,6 +3271,7 @@ dist/
|
|
|
3232
3271
|
? 'Timeout configurations detected'
|
|
3233
3272
|
: 'Consider setting timeouts for external calls and long-running operations',
|
|
3234
3273
|
fixable: false,
|
|
3274
|
+
guidance: 'Without timeouts, a slow or unresponsive external service can cause your application to hang indefinitely, tying up connections and eventually crashing.',
|
|
3235
3275
|
});
|
|
3236
3276
|
// RATE-004: Check for concurrent request limiting
|
|
3237
3277
|
let hasConcurrencyLimit = false;
|
|
@@ -3265,6 +3305,7 @@ dist/
|
|
|
3265
3305
|
? 'Concurrency limiting detected'
|
|
3266
3306
|
: 'Consider limiting concurrent operations to prevent resource exhaustion',
|
|
3267
3307
|
fixable: false,
|
|
3308
|
+
guidance: 'Without concurrency limits, a burst of requests can spawn unbounded parallel operations that exhaust memory, file descriptors, and CPU, crashing the service.',
|
|
3268
3309
|
});
|
|
3269
3310
|
return findings;
|
|
3270
3311
|
}
|
|
@@ -3304,6 +3345,7 @@ dist/
|
|
|
3304
3345
|
? 'Secure cookie flags detected'
|
|
3305
3346
|
: 'Set httpOnly, secure, and sameSite on session cookies',
|
|
3306
3347
|
fixable: false,
|
|
3348
|
+
guidance: 'Session cookies without secure flags can be stolen via XSS (missing httpOnly), sent over plain HTTP (missing secure), or exploited in cross-site attacks (missing sameSite).',
|
|
3307
3349
|
});
|
|
3308
3350
|
// SESSION-002: Check for session expiry
|
|
3309
3351
|
let hasSessionExpiry = false;
|
|
@@ -3337,6 +3379,7 @@ dist/
|
|
|
3337
3379
|
? 'Session expiry configuration detected'
|
|
3338
3380
|
: 'Configure appropriate session expiry times',
|
|
3339
3381
|
fixable: false,
|
|
3382
|
+
guidance: 'Sessions without expiry remain valid indefinitely. A stolen session token grants permanent access until the server is restarted or the token is manually revoked.',
|
|
3340
3383
|
});
|
|
3341
3384
|
// SESSION-003: Check for CSRF protection
|
|
3342
3385
|
let hasCsrfProtection = false;
|
|
@@ -3359,6 +3402,7 @@ dist/
|
|
|
3359
3402
|
? 'CSRF protection library detected'
|
|
3360
3403
|
: 'Consider implementing CSRF protection for state-changing operations',
|
|
3361
3404
|
fixable: false,
|
|
3405
|
+
guidance: 'Without CSRF protection, a malicious website can trick authenticated users into performing unwanted actions (transfers, password changes, data deletion) by forging requests from their browser.',
|
|
3362
3406
|
});
|
|
3363
3407
|
// SESSION-004: Check for secure token storage
|
|
3364
3408
|
let hasSecureStorage = false;
|
|
@@ -3392,6 +3436,7 @@ dist/
|
|
|
3392
3436
|
? 'Secure token storage detected'
|
|
3393
3437
|
: 'Consider using secure storage for sensitive tokens',
|
|
3394
3438
|
fixable: false,
|
|
3439
|
+
guidance: 'Tokens stored in plaintext files or localStorage can be stolen by any process with file access or XSS attack, allowing full account takeover without credentials.',
|
|
3395
3440
|
});
|
|
3396
3441
|
return findings;
|
|
3397
3442
|
}
|
|
@@ -3432,6 +3477,7 @@ dist/
|
|
|
3432
3477
|
? 'Encryption implementation detected'
|
|
3433
3478
|
: 'Consider encrypting sensitive data at rest',
|
|
3434
3479
|
fixable: false,
|
|
3480
|
+
guidance: 'Without encryption at rest, anyone with disk access (stolen laptop, compromised server, backup leak) can read sensitive data including credentials and user information.',
|
|
3435
3481
|
});
|
|
3436
3482
|
// ENCRYPT-002: Check for secure hashing
|
|
3437
3483
|
let hasSecureHashing = false;
|
|
@@ -3465,6 +3511,7 @@ dist/
|
|
|
3465
3511
|
? 'Secure hashing algorithm detected (bcrypt/argon2/scrypt)'
|
|
3466
3512
|
: 'Use bcrypt, argon2, or scrypt for password hashing',
|
|
3467
3513
|
fixable: false,
|
|
3514
|
+
guidance: 'Passwords hashed with fast algorithms (MD5, SHA1) can be cracked in bulk using rainbow tables or GPU brute-force. Bcrypt, argon2, and scrypt are deliberately slow to resist this.',
|
|
3468
3515
|
});
|
|
3469
3516
|
// ENCRYPT-003: Check for weak algorithms
|
|
3470
3517
|
let hasWeakAlgorithms = false;
|
|
@@ -3498,6 +3545,7 @@ dist/
|
|
|
3498
3545
|
? 'Weak algorithms detected (MD5/SHA1/DES) - use SHA-256+ and AES'
|
|
3499
3546
|
: 'No weak cryptographic algorithms detected',
|
|
3500
3547
|
fixable: false,
|
|
3548
|
+
guidance: 'MD5 and SHA1 have known collision attacks, and DES has a 56-bit key easily brute-forced with modern hardware. Data protected by these algorithms should be considered unprotected.',
|
|
3501
3549
|
});
|
|
3502
3550
|
// ENCRYPT-004: Check for TLS configuration
|
|
3503
3551
|
let hasTlsConfig = false;
|
|
@@ -3531,6 +3579,7 @@ dist/
|
|
|
3531
3579
|
? 'TLS/HTTPS configuration detected'
|
|
3532
3580
|
: 'Ensure all communications use TLS',
|
|
3533
3581
|
fixable: false,
|
|
3582
|
+
guidance: 'Without TLS, all network traffic including credentials, tokens, and sensitive data is transmitted in plaintext and can be intercepted by anyone on the network path.',
|
|
3534
3583
|
});
|
|
3535
3584
|
return findings;
|
|
3536
3585
|
}
|
|
@@ -3571,6 +3620,7 @@ dist/
|
|
|
3571
3620
|
? 'Audit logging implementation detected'
|
|
3572
3621
|
: 'Consider implementing audit logging for security events',
|
|
3573
3622
|
fixable: false,
|
|
3623
|
+
guidance: 'Missing audit logs mean you cannot detect or investigate security incidents after they occur. Attackers operate undetected and forensic analysis becomes impossible.',
|
|
3574
3624
|
});
|
|
3575
3625
|
// AUDIT-002: Check for log rotation
|
|
3576
3626
|
let hasLogRotation = false;
|
|
@@ -3603,6 +3653,7 @@ dist/
|
|
|
3603
3653
|
? 'Log rotation configuration detected'
|
|
3604
3654
|
: 'Consider configuring log rotation to manage disk space',
|
|
3605
3655
|
fixable: false,
|
|
3656
|
+
guidance: 'Without log rotation, logs grow until they fill the disk, causing service outages. Attackers can also exploit this to trigger denial-of-service by generating excessive log entries.',
|
|
3606
3657
|
});
|
|
3607
3658
|
// AUDIT-003: Check for error tracking
|
|
3608
3659
|
let hasErrorTracking = false;
|
|
@@ -3625,6 +3676,7 @@ dist/
|
|
|
3625
3676
|
? 'Error tracking service detected'
|
|
3626
3677
|
: 'Consider using an error tracking service for production',
|
|
3627
3678
|
fixable: false,
|
|
3679
|
+
guidance: 'Without error tracking, security-related failures (auth errors, injection attempts, rate limit hits) go unnoticed in production, giving attackers time to refine their approach.',
|
|
3628
3680
|
});
|
|
3629
3681
|
// AUDIT-004: Check for no sensitive data in logs
|
|
3630
3682
|
let hasLogSanitization = false;
|
|
@@ -3657,6 +3709,7 @@ dist/
|
|
|
3657
3709
|
? 'Log sanitization patterns detected'
|
|
3658
3710
|
: 'Consider redacting sensitive data (passwords, tokens) from logs',
|
|
3659
3711
|
fixable: false,
|
|
3712
|
+
guidance: 'Unsanitized logs containing passwords, tokens, or PII become a secondary breach vector. Log aggregation services, backups, and support teams all gain access to sensitive data.',
|
|
3660
3713
|
});
|
|
3661
3714
|
return findings;
|
|
3662
3715
|
}
|
|
@@ -3693,6 +3746,7 @@ dist/
|
|
|
3693
3746
|
? 'Container configuration detected'
|
|
3694
3747
|
: 'Consider running in Docker containers for isolation',
|
|
3695
3748
|
fixable: false,
|
|
3749
|
+
guidance: 'Without container isolation, a compromised application has direct access to the host filesystem, network, and other processes. Containers limit the blast radius of a breach.',
|
|
3696
3750
|
});
|
|
3697
3751
|
// SANDBOX-002: Check for non-root execution
|
|
3698
3752
|
let hasNonRootConfig = false;
|
|
@@ -3713,6 +3767,7 @@ dist/
|
|
|
3713
3767
|
? 'Non-root user configured in Dockerfile'
|
|
3714
3768
|
: 'Configure containers to run as non-root user',
|
|
3715
3769
|
fixable: false,
|
|
3770
|
+
guidance: 'Containers running as root can escape container isolation more easily. A container breakout as root grants full control of the host system.',
|
|
3716
3771
|
});
|
|
3717
3772
|
// SANDBOX-003: Check for resource limits
|
|
3718
3773
|
let hasResourceLimits = false;
|
|
@@ -3739,6 +3794,7 @@ dist/
|
|
|
3739
3794
|
? 'Resource limits configured'
|
|
3740
3795
|
: 'Consider setting CPU and memory limits for containers',
|
|
3741
3796
|
fixable: false,
|
|
3797
|
+
guidance: 'Without resource limits, a single compromised or buggy container can consume all host CPU and memory, causing denial-of-service for every other service on the machine.',
|
|
3742
3798
|
});
|
|
3743
3799
|
// SANDBOX-004: Check for read-only filesystem
|
|
3744
3800
|
let hasReadOnlyFs = false;
|
|
@@ -3759,6 +3815,7 @@ dist/
|
|
|
3759
3815
|
? 'Read-only filesystem configured'
|
|
3760
3816
|
: 'Consider using read-only filesystem for containers',
|
|
3761
3817
|
fixable: false,
|
|
3818
|
+
guidance: 'A writable filesystem allows attackers to drop malware, modify binaries, or plant persistence mechanisms inside the container. Read-only filesystems prevent post-exploitation tampering.',
|
|
3762
3819
|
});
|
|
3763
3820
|
return findings;
|
|
3764
3821
|
}
|
|
@@ -3795,6 +3852,7 @@ dist/
|
|
|
3795
3852
|
? 'Tool whitelisting configured'
|
|
3796
3853
|
: 'Configure allowedTools to restrict MCP server capabilities',
|
|
3797
3854
|
fixable: false,
|
|
3855
|
+
guidance: 'Without an explicit tool whitelist, MCP servers expose all available tools to the AI agent. A prompt injection attack can invoke any tool, including destructive ones.',
|
|
3798
3856
|
});
|
|
3799
3857
|
// TOOL-002: Check for resource constraints
|
|
3800
3858
|
let hasResourceConstraints = false;
|
|
@@ -3817,6 +3875,7 @@ dist/
|
|
|
3817
3875
|
? 'Resource constraints configured'
|
|
3818
3876
|
: 'Consider setting maxTokens and timeout for MCP tools',
|
|
3819
3877
|
fixable: false,
|
|
3878
|
+
guidance: 'Without token limits and timeouts, a runaway or malicious tool call can consume unlimited API credits and block the agent indefinitely.',
|
|
3820
3879
|
});
|
|
3821
3880
|
// TOOL-003: Check for dangerous tool usage
|
|
3822
3881
|
let hasDangerousTools = false;
|
|
@@ -3842,6 +3901,7 @@ dist/
|
|
|
3842
3901
|
? 'Potentially dangerous tools detected (shell/exec) - ensure proper restrictions'
|
|
3843
3902
|
: 'No obvious dangerous tools detected',
|
|
3844
3903
|
fixable: false,
|
|
3904
|
+
guidance: 'Shell and exec tools give the AI agent arbitrary command execution on the host. A prompt injection can leverage these to exfiltrate data, install malware, or pivot to other systems.',
|
|
3845
3905
|
});
|
|
3846
3906
|
// TOOL-004: Check for tool confirmation requirements
|
|
3847
3907
|
let hasConfirmation = false;
|
|
@@ -3865,6 +3925,7 @@ dist/
|
|
|
3865
3925
|
? 'Tool confirmation instructions detected'
|
|
3866
3926
|
: 'Consider requiring confirmation for destructive operations',
|
|
3867
3927
|
fixable: false,
|
|
3928
|
+
guidance: 'Without confirmation gates, the AI agent can execute destructive operations (file deletion, database drops, deployments) in a single step with no human checkpoint.',
|
|
3868
3929
|
});
|
|
3869
3930
|
return findings;
|
|
3870
3931
|
}
|
|
@@ -4066,6 +4127,7 @@ dist/
|
|
|
4066
4127
|
file: relativePath,
|
|
4067
4128
|
fixable: false,
|
|
4068
4129
|
fix: 'Reduce file size or exclude from scan',
|
|
4130
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
4069
4131
|
});
|
|
4070
4132
|
continue;
|
|
4071
4133
|
}
|
|
@@ -4553,6 +4615,7 @@ dist/
|
|
|
4553
4615
|
file: relativePath,
|
|
4554
4616
|
fixable: false,
|
|
4555
4617
|
fix: 'Reduce file size or exclude from scan',
|
|
4618
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
4556
4619
|
});
|
|
4557
4620
|
continue;
|
|
4558
4621
|
}
|
|
@@ -4760,6 +4823,7 @@ dist/
|
|
|
4760
4823
|
file: relativePath,
|
|
4761
4824
|
fixable: false,
|
|
4762
4825
|
fix: 'Reduce file size or exclude from scan',
|
|
4826
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
4763
4827
|
});
|
|
4764
4828
|
continue;
|
|
4765
4829
|
}
|
|
@@ -5186,6 +5250,7 @@ dist/
|
|
|
5186
5250
|
file: relativePath,
|
|
5187
5251
|
fixable: false,
|
|
5188
5252
|
fix: 'Reduce file size or exclude from scan',
|
|
5253
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
5189
5254
|
});
|
|
5190
5255
|
continue;
|
|
5191
5256
|
}
|
|
@@ -5235,6 +5300,7 @@ dist/
|
|
|
5235
5300
|
file: relativePath,
|
|
5236
5301
|
fixable: false,
|
|
5237
5302
|
fix: 'Reduce file size or exclude from scan',
|
|
5303
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
5238
5304
|
});
|
|
5239
5305
|
continue;
|
|
5240
5306
|
}
|
|
@@ -5282,6 +5348,7 @@ dist/
|
|
|
5282
5348
|
file: relativePath,
|
|
5283
5349
|
fixable: false,
|
|
5284
5350
|
fix: 'Reduce file size or exclude from scan',
|
|
5351
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
5285
5352
|
});
|
|
5286
5353
|
continue;
|
|
5287
5354
|
}
|
|
@@ -5335,6 +5402,7 @@ dist/
|
|
|
5335
5402
|
file: relativePath,
|
|
5336
5403
|
fixable: false,
|
|
5337
5404
|
fix: 'Reduce file size or exclude from scan',
|
|
5405
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
5338
5406
|
});
|
|
5339
5407
|
continue;
|
|
5340
5408
|
}
|
|
@@ -5382,6 +5450,7 @@ dist/
|
|
|
5382
5450
|
file: relativePath,
|
|
5383
5451
|
fixable: false,
|
|
5384
5452
|
fix: 'Reduce file size or exclude from scan',
|
|
5453
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
5385
5454
|
});
|
|
5386
5455
|
continue;
|
|
5387
5456
|
}
|
|
@@ -5521,6 +5590,7 @@ dist/
|
|
|
5521
5590
|
file: relativePath,
|
|
5522
5591
|
fixable: false,
|
|
5523
5592
|
fix: 'Reduce file size or exclude from scan',
|
|
5593
|
+
guidance: 'Oversized files can be used to evade security scanning. Attackers hide malicious content in large files knowing scanners will skip them.',
|
|
5524
5594
|
});
|
|
5525
5595
|
continue;
|
|
5526
5596
|
}
|
|
@@ -5768,6 +5838,7 @@ dist/
|
|
|
5768
5838
|
file: 'package.json',
|
|
5769
5839
|
fixable: false,
|
|
5770
5840
|
fix: 'No action needed',
|
|
5841
|
+
guidance: 'CVE-2026-25157 (CVSS 7.8) allows OS command injection via unescaped SSH project paths. Your version includes the fix.',
|
|
5771
5842
|
});
|
|
5772
5843
|
}
|
|
5773
5844
|
// CVE-004: Docker PATH Command Injection (same fix version)
|
|
@@ -5798,6 +5869,7 @@ dist/
|
|
|
5798
5869
|
file: 'package.json',
|
|
5799
5870
|
fixable: false,
|
|
5800
5871
|
fix: 'No action needed',
|
|
5872
|
+
guidance: 'CVE-2026-24763 (CVSS 8.8) allows command injection through unsafe PATH handling in Docker sandbox. Your version includes the fix.',
|
|
5801
5873
|
});
|
|
5802
5874
|
}
|
|
5803
5875
|
}
|
|
@@ -5848,6 +5920,7 @@ dist/
|
|
|
5848
5920
|
file: relativePath,
|
|
5849
5921
|
fixable: false,
|
|
5850
5922
|
fix: 'No action needed',
|
|
5923
|
+
guidance: 'Origin restrictions prevent cross-origin attacks against the control UI. Your configuration is correctly limiting allowed origins.',
|
|
5851
5924
|
});
|
|
5852
5925
|
}
|
|
5853
5926
|
}
|
|
@@ -6885,6 +6958,7 @@ dist/
|
|
|
6885
6958
|
passed: true,
|
|
6886
6959
|
message: 'No unsafe curl-pipe installs detected',
|
|
6887
6960
|
fixable: false,
|
|
6961
|
+
guidance: 'Piping curl directly to sh executes whatever the remote server returns. A compromised or MITM-ed server can inject arbitrary code.',
|
|
6888
6962
|
});
|
|
6889
6963
|
}
|
|
6890
6964
|
// ---------- NEMO-002: Blueprint/artifact digest verification gap ----------
|
|
@@ -6955,6 +7029,7 @@ dist/
|
|
|
6955
7029
|
passed: true,
|
|
6956
7030
|
message: 'No digest verification gaps detected',
|
|
6957
7031
|
fixable: false,
|
|
7032
|
+
guidance: 'Empty or missing digest fields bypass integrity verification, allowing tampered artifacts to pass through the supply chain unchecked.',
|
|
6958
7033
|
});
|
|
6959
7034
|
}
|
|
6960
7035
|
// ---------- NEMO-003: Hot-reload policy paths reachable from user input ----------
|
|
@@ -7002,6 +7077,7 @@ dist/
|
|
|
7002
7077
|
passed: true,
|
|
7003
7078
|
message: 'No unsafe policy reload paths detected',
|
|
7004
7079
|
fixable: false,
|
|
7080
|
+
guidance: 'User-reachable policy reload paths allow attackers to modify security policies via crafted requests, potentially disabling protections at runtime.',
|
|
7005
7081
|
});
|
|
7006
7082
|
}
|
|
7007
7083
|
// ---------- NEMO-004: API key passed as CLI argument ----------
|
|
@@ -7049,6 +7125,7 @@ dist/
|
|
|
7049
7125
|
passed: true,
|
|
7050
7126
|
message: 'No CLI credential exposure detected',
|
|
7051
7127
|
fixable: false,
|
|
7128
|
+
guidance: 'CLI arguments are visible in process listings (ps aux), shell history, and log files. Environment variables and stdin keep credentials out of these surfaces.',
|
|
7052
7129
|
});
|
|
7053
7130
|
}
|
|
7054
7131
|
// ---------- NEMO-005: exec() with user-controlled string interpolation ----------
|
|
@@ -7094,6 +7171,7 @@ dist/
|
|
|
7094
7171
|
passed: true,
|
|
7095
7172
|
message: 'No command injection via exec() detected',
|
|
7096
7173
|
fixable: false,
|
|
7174
|
+
guidance: 'exec() passes strings to /bin/sh, which interprets shell metacharacters. User-controlled interpolation in exec() enables arbitrary command execution.',
|
|
7097
7175
|
});
|
|
7098
7176
|
}
|
|
7099
7177
|
// ---------- NEMO-006: Predictable /tmp paths without mktemp ----------
|
|
@@ -7140,6 +7218,7 @@ dist/
|
|
|
7140
7218
|
passed: true,
|
|
7141
7219
|
message: 'No predictable temp file paths detected',
|
|
7142
7220
|
fixable: false,
|
|
7221
|
+
guidance: 'Hardcoded /tmp paths are predictable and enable symlink attacks (CWE-377). An attacker can pre-create a symlink to redirect writes to sensitive files.',
|
|
7143
7222
|
});
|
|
7144
7223
|
}
|
|
7145
7224
|
// ---------- NEMO-007: Full process.env passthrough to subprocess ----------
|
|
@@ -7181,6 +7260,7 @@ dist/
|
|
|
7181
7260
|
passed: true,
|
|
7182
7261
|
message: 'No process.env leakage to subprocesses detected',
|
|
7183
7262
|
fixable: false,
|
|
7263
|
+
guidance: 'Spreading process.env leaks all environment variables (including API keys and tokens) to child processes. Use an explicit allowlist of only needed variables.',
|
|
7184
7264
|
});
|
|
7185
7265
|
}
|
|
7186
7266
|
// ---------- NEMO-008: TOCTOU race between verify and apply ----------
|
|
@@ -7238,6 +7318,7 @@ dist/
|
|
|
7238
7318
|
passed: true,
|
|
7239
7319
|
message: 'No TOCTOU race conditions detected',
|
|
7240
7320
|
fixable: false,
|
|
7321
|
+
guidance: 'When verify and execute are separate steps, an attacker can swap the artifact between verification and use. Atomic verify-then-execute eliminates this race window.',
|
|
7241
7322
|
});
|
|
7242
7323
|
}
|
|
7243
7324
|
// ---------- NEMO-009: Unsafe deserialization of untrusted data ----------
|
|
@@ -7376,6 +7457,7 @@ dist/
|
|
|
7376
7457
|
passed: true,
|
|
7377
7458
|
message: 'No unsafe deserialization detected',
|
|
7378
7459
|
fixable: false,
|
|
7460
|
+
guidance: 'Unsafe deserialization (pickle, eval, yaml.load) can execute arbitrary code during data parsing. A crafted payload achieves full remote code execution.',
|
|
7379
7461
|
});
|
|
7380
7462
|
}
|
|
7381
7463
|
// ---------- NEMO-010: Network egress policy allows data exfiltration ----------
|
|
@@ -7426,6 +7508,7 @@ dist/
|
|
|
7426
7508
|
passed: true,
|
|
7427
7509
|
message: 'No exfiltration-prone egress endpoints detected',
|
|
7428
7510
|
fixable: false,
|
|
7511
|
+
guidance: 'Pre-allowed messaging APIs (Telegram, Discord, Slack) enable agents to exfiltrate data without user approval. Require explicit operator opt-in per deployment.',
|
|
7429
7512
|
});
|
|
7430
7513
|
}
|
|
7431
7514
|
return findings;
|