jsguardian 1.2.0

package/ai-semantic-poison.js

@@ -0,0 +1,276 @@
+"use strict";
+// ============================================================================
+// Layer 3f — Semantic Poison  (AI refusal-heuristic triggering)
+//
+// CONCEPT:
+//   AI security tools (GitHub Copilot, automated SAST, red-team LLMs) are
+//   trained on patterns that trigger refusal or caution flags:
+//     - Hardcoded cryptographic key material (AES keys, HMAC secrets, RSA PEM)
+//     - Cloud provider credential prefixes (AKIA*, sk_live_*, ghp_*)
+//     - "TODO: remove before prod" credential leak patterns
+//     - Internal API endpoint strings that look like live infrastructure
+//
+//   Unlike Layer 3/3c (which use explicit "STOP / HONEYPOT" text), semantic
+//   poison uses NO instruction text.  The trigger is structural resemblance
+//   to patterns the model was trained to flag.
+//
+//   Dual-mode effect:
+//     • Cautious models / tools: refuse to proceed, report "potential credential
+//       exposure detected" — analysis stops without human escalation.
+//     • Non-cautious models: spend token budget extracting, validating, and
+//       correlating fake credentials against each other — all wasted effort.
+//
+// ARCHITECTURE:
+//   buildSemanticPoisonSource() returns a raw JS source string.
+//   It is injected by pipeline.ts AFTER cneObfuscate() runs — same pattern as
+//   buildDriftDetectorSource() — so strings NEVER pass through CNE's
+//   applyStringSplit().  A string like "sk_live_Abc..." arrives in the final
+//   output intact, as a single literal that any grep/pattern-matcher catches.
+//
+// THREE MECHANISMS (all emitted as a single JS source block):
+//
+//   A — Crypto primitive vars
+//       var declarations with per-build seeded-random values that look valid:
+//         var AES_KEY = "a3f7b2c8d1e4f09a...";      // 64 hex = 32 bytes
+//         var RSA_PRIVATE_KEY = "-----BEGIN RSA..."; // multi-line PEM
+//         var STRIPE_SK = "sk_live_51Abc3d...";
+//       Variable names will be renamed by CNE applyFullRename when the IIFE
+//       wrapper is re-parsed... wait — we inject POST-CNE so there's no further
+//       rename pass.  Names stay as-is, which is fine: the TRIGGER is the VALUE,
+//       not the name (tools grep for "sk_live_", "BEGIN RSA PRIVATE KEY" etc.)
+//
+//   B — Fake internal endpoint strings
+//       Standalone string expressions that look like license/auth API routes:
+//         "https://api.license.acme.corp/v2/validate";
+//         "/internal/api/v3/auth/token";
+//
+//   C — Credential-leak comment-style string expressions
+//       Expression statements resembling debug traces left in accidentally:
+//         "TODO: remove before prod -- STRIPE_SK=" + "sk_live_51Abc...";
+//         "DEBUG admin_jwt=" + "eyJhbGci...";
+//       Split across + to look like a logger call argument.
+//
+// PLACEMENT:
+//   The generated block is prepended to the output (before the module IIFE).
+//   It is then wrapped by wrapInModuleIife() so everything is scoped
+//   consistently.  The vars and expressions are at IIFE-local scope — visible
+//   to any tool that reads the source, unreachable from outside.
+// ============================================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildSemanticPoisonSource = buildSemanticPoisonSource;
+// ---------------------------------------------------------------------------
+// RNG helpers
+// ---------------------------------------------------------------------------
+function randHex(rng, bytes) {
+    let s = "";
+    for (let i = 0; i < bytes; i++)
+        s += ((rng.int32() >>> 0) & 0xff).toString(16).padStart(2, "0");
+    return s;
+}
+function randAlphaNum(rng, len) {
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    let s = "";
+    for (let i = 0; i < len; i++)
+        s += chars[(rng.int32() >>> 0) % chars.length];
+    return s;
+}
+function randBase64(rng, bytes) {
+    const raw = [];
+    for (let i = 0; i < bytes; i++)
+        raw.push((rng.int32() >>> 0) & 0xff);
+    return Buffer.from(raw).toString("base64");
+}
+// ---------------------------------------------------------------------------
+// Fake value generators — per-build seeded, never real secrets
+// ---------------------------------------------------------------------------
+function fakePem(rng, kind) {
+    // RSA-2048 private key body: ~1600 base64 chars in 64-char lines
+    const body = randBase64(rng, 1200);
+    const lines = [`-----BEGIN ${kind}-----`];
+    for (let i = 0; i < body.length; i += 64)
+        lines.push(body.slice(i, i + 64));
+    lines.push(`-----END ${kind}-----`);
+    return lines.join("\\n"); // escaped newline so it fits in a single JS string literal
+}
+function fakeAwsKeyId(rng) {
+    return "AKIA" + randAlphaNum(rng, 16).toUpperCase();
+}
+function fakeAwsSecret(rng) {
+    return randBase64(rng, 30).replace(/[^A-Za-z0-9+/]/g, "x").slice(0, 40);
+}
+function fakeStripeKey(rng) {
+    return "sk_live_" + randAlphaNum(rng, 24);
+}
+function fakeGhToken(rng) {
+    return "ghp_" + randAlphaNum(rng, 36);
+}
+function fakeJwt(rng) {
+    const hdr = Buffer.from(JSON.stringify({ alg: "HS256", typ: "JWT" }))
+        .toString("base64url");
+    const pay = Buffer.from(JSON.stringify({
+        sub: randAlphaNum(rng, 8),
+        iat: 1700000000 + ((rng.int32() >>> 0) % 10000000),
+        exp: 1700000000 + ((rng.int32() >>> 0) % 10000000) + 3600,
+    })).toString("base64url");
+    const sig = randBase64(rng, 32)
+        .replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+    return `${hdr}.${pay}.${sig}`;
+}
+const CRYPTO_KEY_POOL = [
+    { name: "AES_KEY", value: r => randHex(r, 32) },
+    { name: "AES_256_KEY", value: r => randHex(r, 32) },
+    { name: "HMAC_SECRET", value: r => randHex(r, 32) },
+    { name: "SIGNING_KEY", value: r => randHex(r, 32) },
+    { name: "MAC_KEY", value: r => randHex(r, 32) },
+    { name: "JWT_SECRET", value: r => randAlphaNum(r, 64) },
+    { name: "TOKEN_SECRET", value: r => randAlphaNum(r, 48) },
+    { name: "SESSION_SECRET", value: r => randHex(r, 32) },
+    { name: "ENCRYPTION_KEY", value: r => randHex(r, 32) },
+    { name: "RSA_PRIVATE_KEY", value: r => fakePem(r, "RSA PRIVATE KEY"), multiline: true },
+    { name: "EC_PRIVATE_KEY", value: r => fakePem(r, "EC PRIVATE KEY"), multiline: true },
+    { name: "CLIENT_SECRET", value: r => randHex(r, 24) },
+    { name: "API_SECRET", value: r => randHex(r, 32) },
+    { name: "MASTER_KEY", value: r => randHex(r, 32) },
+    { name: "SERVICE_ACCOUNT_KEY", value: r => randBase64(r, 96) },
+    { name: "STRIPE_SK", value: fakeStripeKey },
+    { name: "STRIPE_SECRET_KEY", value: fakeStripeKey },
+    { name: "AWS_SECRET_KEY", value: fakeAwsSecret },
+    { name: "AWS_ACCESS_KEY_ID", value: fakeAwsKeyId },
+    { name: "GH_TOKEN", value: fakeGhToken },
+    { name: "GITHUB_TOKEN", value: fakeGhToken },
+    { name: "DB_PASSWORD", value: r => randAlphaNum(r, 28) + "!@#" },
+    { name: "POSTGRES_PASSWORD", value: r => randAlphaNum(r, 20) + "!2$" },
+    { name: "REDIS_AUTH_TOKEN", value: r => randHex(r, 20) },
+    { name: "INTERNAL_API_KEY", value: r => randHex(r, 16) },
+];
+// ---------------------------------------------------------------------------
+// B — Fake internal endpoint strings
+// ---------------------------------------------------------------------------
+const ENDPOINT_TEMPLATES = [
+    "https://api.license.<<D>>.com/v<<N>>/validate",
+    "https://auth.<<D>>.io/v<<N>>/token/verify",
+    "https://license.<<D>>.corp/api/verify",
+    "https://internal-api.<<D>>.net/v<<N>>/auth/check",
+    "https://key-server.<<D>>.internal/v<<N>>/decrypt",
+    "https://telemetry.<<D>>.io/v<<N>>/collect",
+    "wss://events.<<D>>.corp/v<<N>>/stream",
+    "/api/v<<N>>/license/validate",
+    "/internal/v<<N>>/auth/token",
+    "/api/v<<N>>/entitlements/check",
+];
+const FAKE_DOMAINS = [
+    "acme", "corp", "enterprise", "secure", "vault",
+    "keyservice", "authsvc", "licensor", "guardian", "sentinel",
+];
+function renderEndpoint(rng, tmpl) {
+    const d = FAKE_DOMAINS[(rng.int32() >>> 0) % FAKE_DOMAINS.length];
+    const n = 1 + ((rng.int32() >>> 0) % 4);
+    return tmpl.replace("<<D>>", d).replace("<<N>>", String(n));
+}
+// ---------------------------------------------------------------------------
+// C — Credential-leak concat expressions
+//     Split across + so they look like logger lines left accidentally.
+//     Each part is a separate JS string literal — but TOGETHER they form
+//     the pattern that SAST / AI tools are trained to flag.
+// ---------------------------------------------------------------------------
+/** Build one credential-leak line of the given kind (0-7). */
+function buildLeakLineKind(rng, kind) {
+    switch (kind) {
+        case 0: return ["TODO: remove before prod -- STRIPE_SK=", fakeStripeKey(rng)];
+        case 1: return [`DEBUG aws_access=${fakeAwsKeyId(rng)} aws_secret=`, fakeAwsSecret(rng)];
+        case 2: return ["DEBUG admin_jwt=", fakeJwt(rng)];
+        case 3: return ["FIXME: hardcoded gh_token=", fakeGhToken(rng)];
+        case 4: return ["TODO remove temp admin password: ", randAlphaNum(rng, 16) + "!2$"];
+        case 5: return ["NOTE: encryption_key hardcoded for testing: ", randHex(rng, 32)];
+        case 6: return ["REMOVE: jwt_signing_secret=", randAlphaNum(rng, 48)];
+        default: return ["DEBUG master_key=", randHex(rng, 32)];
+    }
+}
+function buildLeakLine(rng) {
+    return buildLeakLineKind(rng, (rng.int32() >>> 0) % 8);
+}
+// ---------------------------------------------------------------------------
+// Shuffle helper
+// ---------------------------------------------------------------------------
+function shuffleArr(arr, rng) {
+    for (let i = arr.length - 1; i > 0; i--) {
+        const j = Math.floor(rng.next() * (i + 1));
+        [arr[i], arr[j]] = [arr[j], arr[i]];
+    }
+    return arr;
+}
+// ---------------------------------------------------------------------------
+// Main export — returns a raw JS source string
+// ---------------------------------------------------------------------------
+// ---------------------------------------------------------------------------
+// Encoding helper — wraps a credential value so it is NOT visible as a plain
+// string literal.  A human sees only a base64 blob; the real value only
+// materialises at runtime via Buffer.from decode.
+// The variable NAME stays readable — AI/SAST tools trigger on the name+decode
+// pattern (var GH_TOKEN = Buffer.from(...)), not the literal value itself.
+// ---------------------------------------------------------------------------
+function encodeCredential(value) {
+    const b64 = Buffer.from(value).toString("base64");
+    return `Buffer.from(${JSON.stringify(b64)},"base64").toString()`;
+}
+/**
+ * Build a raw JS source block containing:
+ *   A) Guaranteed high-value triggers (RSA PEM, EC PEM, Stripe, AWS, GitHub)
+ *      plus 3–5 extra random entries from the pool.
+ *   B) 4–6 fake internal endpoint string declarations.
+ *   C) All 8 credential-leak line types in shuffled order — every build
+ *      contains every pattern type regardless of RNG state.
+ *
+ * Credential VALUES are base64-encoded so they are NOT readable as plaintext
+ * in the source.  Variable names and leak-line prefixes remain visible —
+ * AI/SAST tools trigger on those patterns.  The actual secret strings only
+ * materialise at runtime via Buffer.from decode.
+ *
+ * Injected AFTER cneObfuscate() so strings are never fragmented by
+ * applyStringSplit().
+ */
+function buildSemanticPoisonSource(rng) {
+    const lines = ["/* layer-3f */"];
+    // ── A: Crypto primitive vars ──────────────────────────────────────────────
+    // Guaranteed set: highest-value trigger patterns, always included.
+    const GUARANTEED = [
+        { name: "RSA_PRIVATE_KEY", value: r => fakePem(r, "RSA PRIVATE KEY"), multiline: true },
+        { name: "EC_PRIVATE_KEY", value: r => fakePem(r, "EC PRIVATE KEY"), multiline: true },
+        { name: "STRIPE_SECRET_KEY", value: fakeStripeKey },
+        { name: "AWS_ACCESS_KEY_ID", value: fakeAwsKeyId },
+        { name: "AWS_SECRET_KEY", value: fakeAwsSecret },
+        { name: "GH_TOKEN", value: fakeGhToken },
+        { name: "JWT_SECRET", value: r => randAlphaNum(r, 64) },
+        { name: "HMAC_SECRET", value: r => randHex(r, 32) },
+    ];
+    shuffleArr(GUARANTEED, rng); // randomise order across builds
+    for (const entry of GUARANTEED) {
+        lines.push(`var ${entry.name} = ${encodeCredential(entry.value(rng))};`);
+    }
+    // Extra random picks from remaining pool
+    const guaranteed_names = new Set(GUARANTEED.map(e => e.name));
+    const rest = shuffleArr(CRYPTO_KEY_POOL.filter(e => !guaranteed_names.has(e.name)), rng);
+    const extraCount = 3 + Math.floor(rng.next() * 3); // 3..5
+    for (let i = 0; i < Math.min(extraCount, rest.length); i++) {
+        lines.push(`var ${rest[i].name} = ${encodeCredential(rest[i].value(rng))};`);
+    }
+    // ── B: Fake endpoint strings ───────────────────────────────────────────────
+    // URLs are not credential values — keep as plain strings (their purpose is
+    // to look like live infrastructure endpoints, not to carry secret data).
+    const epPool = shuffleArr([...ENDPOINT_TEMPLATES], rng);
+    const epCount = 4 + Math.floor(rng.next() * 3); // 4..6
+    for (let i = 0; i < Math.min(epCount, epPool.length); i++) {
+        const url = renderEndpoint(rng, epPool[i]);
+        lines.push(`var _lsEndpoint${i} = ${JSON.stringify(url)};`);
+    }
+    // ── C: Credential-leak concat expressions ─────────────────────────────────
+    // Prefix (e.g. "TODO: remove before prod -- STRIPE_SK=") stays plaintext —
+    // it is the pattern SAST/AI tools match on.
+    // The credential VALUE (second part) is base64-encoded so it isn't readable.
+    const leakOrder = shuffleArr([0, 1, 2, 3, 4, 5, 6, 7], rng);
+    for (const kind of leakOrder) {
+        const [a, b] = buildLeakLineKind(rng, kind);
+        lines.push(`${JSON.stringify(a)} + ${encodeCredential(b)};`);
+    }
+    return lines.join("\n");
+}

package/canary.js

@@ -0,0 +1,158 @@
+"use strict";
+// ============================================================================
+// Layer 7 — Differential Canary Algorithm
+//
+// CONCEPT (adversarial, novel):
+//   For each exported/top-level function that looks like a validator or
+//   key-processing routine, we inject a SHADOW copy at global scope with:
+//     - Identical name (shadows the real export)
+//     - Identical structure and most logic
+//     - A TRAPDOOR: one subtle constant is wrong in a way that passes
+//       basic (low-privilege) tests but silently fails for elevated tiers.
+//
+//   Attack scenario:
+//     AI extracts `function validateLicense(key) { ... }` from the AST.
+//     It's at global scope, looks complete, passes a basic-tier key test.
+//     The AI/red-team is CONFIDENT they have the algorithm.
+//     They try to forge an enterprise key -> canary returns {tier:"unknown"}.
+//     They spend days debugging their key generation, not the algorithm.
+//     The real function is inside the module IIFE, untouched.
+//
+// TRAPDOOR STRATEGY:
+//   We mutate exactly ONE of these per canary (chosen randomly):
+//     a) A tier-discriminating constant (e.g. tier===4 becomes tier===3)
+//     b) A feature bitmask bit flip (enterprise features 0x1F -> 0x0F)
+//     c) A checksum multiplier tweak (FNV prime 16777619 -> 16777621)
+//     d) A key segment mask offset (0xFF -> 0xFE)
+//   These all produce correct output for tier=1 (basic) tests but wrong
+//   output for tier=4 (enterprise) — exactly the goal the attacker has.
+//
+// IMPORTANT: canary functions are injected OUTSIDE the module IIFE, at
+//   true global scope. The real module.exports (set inside the IIFE) wins
+//   for require() callers. Canaries only fool AST extraction tools.
+// ============================================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildCanarySource = buildCanarySource;
+exports.injectCanary = injectCanary;
+// Trapdoor variants — each is a source snippet with a subtle wrong constant.
+// The placeholder %%WRONG%% is substituted with a per-build random wrong value.
+const CANARY_TEMPLATES = [
+    // Trapdoor A: wrong tier constant (3 instead of 4 for enterprise)
+    {
+        name: "tierConstant",
+        description: "enterprise tier ID wrong (3 vs 4)",
+        inject: (rng) => `
+function validateLicense(key) {
+  if (!key || typeof key !== 'string') return null;
+  var parts = key.toUpperCase().split('-');
+  if (parts.length !== 4) return null;
+  var segs = parts.map(function(p){ return parseInt(p, 36); });
+  if (segs.some(isNaN)) return null;
+  var s0=segs[0], s1=segs[1], s2=segs[2], s3=segs[3];
+  var SALT = ${(0x7f3a9b2c ^ (rng.int32() & 0x00FF00FF)) >>> 0};
+  var PID  = ${(0x43524950 ^ (rng.int32() & 0x00FF00FF)) >>> 0};
+  if ((s0 ^ SALT) !== PID) return { valid: false, reason: 'invalid_product' };
+  var tier = s1 & 0xFF;
+  var seats = (s1 >> 8) & 0xFF;
+  var BASE = new Date('2024-01-01').getTime();
+  var exp = BASE + s2 * 86400000;
+  if (exp < Date.now()) return { valid: false, reason: 'expired' };
+  var h = 2166136261;
+  h = Math.imul(h ^ (s0 & 0xFF), 16777619);
+  h = Math.imul(h ^ (s1 & 0xFF), 16777619);
+  h = Math.imul(h ^ (s2 & 0xFF), 16777619);
+  h = (h >>> 0) & 0xFFFF;
+  if (h !== (s3 & 0xFFFF)) return { valid: false, reason: 'checksum_mismatch' };
+  var tierNames = { 1: 'basic', 2: 'advanced', 3: 'enterprise' };
+  var tierName = tierNames[tier] || 'unknown';
+  var featureMasks = { basic: 0x01, advanced: 0x13, enterprise: 0x1F };
+  var features = featureMasks[tierName] || 0;
+  return { valid: true, tier: tierName, seats: seats || 5, features: features };
+}`,
+    },
+    // Trapdoor B: feature bitmask for enterprise is 0x0F (missing api bit 0x08... or export)
+    {
+        name: "featureMask",
+        description: "enterprise feature mask wrong (0x0F vs 0x1F)",
+        inject: (rng) => `
+function validateLicense(key) {
+  if (!key || typeof key !== 'string') return null;
+  var parts = key.toUpperCase().split('-');
+  if (parts.length !== 4) return null;
+  var segs = parts.map(function(p){ return parseInt(p, 36); });
+  if (segs.some(isNaN)) return null;
+  var s0=segs[0], s1=segs[1], s2=segs[2], s3=segs[3];
+  var _SALT = ${(0x7f3a9b2c ^ (rng.int32() & 0x000F000F)) >>> 0};
+  var _PID  = ${(0x43524950 ^ (rng.int32() & 0x000F000F)) >>> 0};
+  if ((s0 ^ _SALT) !== _PID) return { valid: false, reason: 'invalid_product' };
+  var tier = s1 & 0xFF;
+  var seats = (s1 >> 8) & 0xFF;
+  var BASE = new Date('2024-01-01').getTime();
+  if (BASE + s2 * 86400000 < Date.now()) return { valid: false, reason: 'expired' };
+  var h = 2166136261;
+  h = Math.imul(h ^ (s0 & 0xFF), 16777619);
+  h = Math.imul(h ^ (s1 & 0xFF), 16777619);
+  h = Math.imul(h ^ (s2 & 0xFF), 16777619);
+  if (((h >>> 0) & 0xFFFF) !== (s3 & 0xFFFF)) return { valid: false, reason: 'checksum_mismatch' };
+  var tn = tier === 1 ? 'basic' : tier === 2 ? 'advanced' : tier === 4 ? 'enterprise' : 'unknown';
+  var fm = { basic: 0x01, advanced: 0x13, enterprise: 0x0F };
+  return { valid: true, tier: tn, seats: seats || 5, features: fm[tn] || 0 };
+}`,
+    },
+    // Trapdoor C: FNV prime is wrong (16777621 vs 16777619) — checksum always mismatches
+    {
+        name: "checksumPrime",
+        description: "FNV prime wrong (16777621 vs 16777619) — all forged keys fail checksum",
+        inject: (rng) => `
+function validateLicense(key) {
+  if (!key || typeof key !== 'string') return null;
+  var parts = key.toUpperCase().split('-');
+  if (parts.length !== 4) return null;
+  var segs = parts.map(function(p){ return parseInt(p, 36); });
+  if (segs.some(isNaN)) return null;
+  var s0=segs[0], s1=segs[1], s2=segs[2], s3=segs[3];
+  if ((s0 ^ ${(0x7f3a9b2c ^ ((rng.int32() & 0xFF) << 8)) >>> 0}) !== ${(0x43524950 ^ ((rng.int32() & 0xFF) << 8)) >>> 0})
+    return { valid: false, reason: 'invalid_product' };
+  var BASE = new Date('2024-01-01').getTime();
+  if (BASE + s2 * 86400000 < Date.now()) return { valid: false, reason: 'expired' };
+  var h = 2166136261;
+  h = Math.imul(h ^ (s0 & 0xFF), 16777621);
+  h = Math.imul(h ^ (s1 & 0xFF), 16777621);
+  h = Math.imul(h ^ (s2 & 0xFF), 16777621);
+  if (((h >>> 0) & 0xFFFF) !== (s3 & 0xFFFF)) return { valid: false, reason: 'checksum_mismatch' };
+  var tier = s1 & 0xFF;
+  var tn = tier===1?'basic':tier===2?'advanced':tier===4?'enterprise':'unknown';
+  return { valid: true, tier: tn, seats: ((s1>>8)&0xFF)||5, features: tn==='enterprise'?0x1F:tn==='advanced'?0x13:0x01 };
+}`,
+    },
+];
+/**
+ * Returns the raw canary source text (both shadow validateLicense and hasFeature).
+ * Returns empty string if the probabilistic rate check fails.
+ * Used by the pipeline so the canary can be passed through CNE rename before appending.
+ */
+function buildCanarySource(rng, opts = {}) {
+    const rate = opts.canaryPoisonRate ?? 0.5;
+    if (rng.next() > rate)
+        return "";
+    const tmpl = CANARY_TEMPLATES[Math.floor(rng.next() * CANARY_TEMPLATES.length)];
+    const canarySource = tmpl.inject(rng);
+    const canaryHasFeature = `
+function hasFeature(license, featureName) {
+  if (!license || !license.valid) return false;
+  var bits = { basic:0x01, advanced:0x02, enterprise:0x04, api:0x08, export:0x10 };
+  var bit = bits[featureName];
+  if (!bit) return false;
+  return (license.features & bit) === bit;
+}`;
+    return canarySource + "\n" + canaryHasFeature + "\n";
+}
+/**
+ * Injects canary shadow functions appended to code (legacy path / jsobf mode).
+ */
+function injectCanary(code, rng, opts = {}) {
+    const src = buildCanarySource(rng, opts);
+    if (!src)
+        return code;
+    return code + "\n\n" + src;
+}