muaddib-scanner 2.10.40 → 2.10.41

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.10.40",
+  "version": "2.10.41",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/integrations/canary-tokens.js

@@ -10,6 +10,46 @@ function generateBase32(length) {
   return Array.from(bytes).map(b => chars[b % 32]).join('');
 }
 
+// Minimum consecutive chars from an encoded variant to match in a DNS domain.
+// 8 chars avoids FP on short legitimate hex subdomains (e.g. commit SHAs, CDN hashes).
+const MIN_ENCODED_MATCH = 8;
+
+/**
+ * Generate hex/base64/base64url encoded variants of a token value.
+ * Attackers encode tokens before DNS exfiltration to evade raw string matching.
+ * @param {string} value - Raw token value
+ * @returns {Array<{encoding: string, encoded: string}>}
+ */
+function generateEncodedVariants(value) {
+  const buf = Buffer.from(value);
+  return [
+    { encoding: 'hex', encoded: buf.toString('hex') },
+    { encoding: 'base64', encoded: buf.toString('base64') },
+    { encoding: 'base64url', encoded: buf.toString('base64url') }
+  ];
+}
+
+/**
+ * Check if a DNS domain contains an encoded token variant.
+ * Strips dots to reassemble data chunked across DNS labels (RFC 1035: max 63 chars/label).
+ * @param {string} domain - Full DNS query domain
+ * @param {Array<{encoding: string, encoded: string}>} variants
+ * @returns {{encoding: string, match: string}|null}
+ */
+function findEncodedInDomain(domain, variants) {
+  const stripped = domain.replace(/\./g, '');
+  for (const { encoding, encoded } of variants) {
+    if (encoded.length < MIN_ENCODED_MATCH) continue;
+    for (let i = 0; i <= encoded.length - MIN_ENCODED_MATCH; i++) {
+      const chunk = encoded.substring(i, i + MIN_ENCODED_MATCH);
+      if (stripped.includes(chunk)) {
+        return { encoding, match: chunk };
+      }
+    }
+  }
+  return null;
+}
+
 /**
  * Canary token generators.
  * Each generator produces a format-valid token that matches the real service format.
@@ -173,6 +213,7 @@ function detectCanaryExfiltration(networkLogs, tokens) {
   for (const domain of (networkLogs.dns_queries || [])) {
     if (!domain) continue;
     for (const [tokenName, tokenValue] of tokenEntries) {
+      // Raw value match
       if (domain.includes(tokenValue)) {
         exfiltrations.push({
           token: tokenName,
@@ -180,6 +221,18 @@ function detectCanaryExfiltration(networkLogs, tokens) {
           foundIn: `DNS query: ${domain}`,
           severity: 'CRITICAL'
         });
+        continue;
+      }
+      // Encoded variant match (hex, base64, base64url — catches DNS label chunking)
+      const variants = generateEncodedVariants(tokenValue);
+      const encodedMatch = findEncodedInDomain(domain, variants);
+      if (encodedMatch) {
+        exfiltrations.push({
+          token: tokenName,
+          value: tokenValue,
+          foundIn: `DNS query (${encodedMatch.encoding}-encoded): ${domain}`,
+          severity: 'CRITICAL'
+        });
       }
     }
   }

package/src/sandbox/gvisor-parser.js

@@ -0,0 +1,348 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+// ══════════════════════════════════════════════════════════════
+// gVisor strace log parser
+//
+// gVisor's --strace flag logs syscalls at the kernel level in its
+// debug log files. This parser extracts security-relevant data
+// (file access, network connections, process execution) and returns
+// the SAME structure as sandbox-runner.sh's strace/tcpdump parsing,
+// so the downstream scoreFindings() analyzer needs no changes.
+//
+// gVisor strace format:
+//   D0331 12:34:56.789012  1 strace.go:587] [  PID] process E syscall(args) = ret (dur)
+//
+// Or bare (without Go log prefix):
+//   [  PID] process E syscall(args) = ret (dur)
+// ══════════════════════════════════════════════════════════════
+
+const SENSITIVE_PATTERN = /\.npmrc|\.ssh\/|\.aws\/|\.env(?:$|[^a-zA-Z])|\/etc\/passwd|\/etc\/shadow|\.gitconfig|\.bash_history/;
+
+// Processes that are sandbox infrastructure — not spawned by the package
+const SAFE_PROCESSES = new Set(['node', 'npm', 'npx', 'sh', 'git']);
+
+// ── Line-level parsers ──
+
+/**
+ * Parse a single gVisor strace line.
+ * Handles both Go-log-prefixed and bare formats.
+ *
+ * @param {string} line - Raw log line
+ * @returns {object|null} Parsed syscall info or null if not a strace line
+ */
+function parseStraceLine(line) {
+  // Strip Go log prefix if present: everything up to `] ` before the `[PID]` block
+  const bracketIdx = line.indexOf('] [');
+  const content = bracketIdx >= 0 ? line.substring(bracketIdx + 2).trim() : line.trim();
+
+  // Match: [PID] process E/X syscall(args) = return (duration)
+  const match = content.match(
+    /^\[\s*(\d+)\]\s+(\S+)\s+[EX]\s+(\w+)\((.+)\)\s*=\s*(.+?)(?:\s+\([\d.]+[µm]?s\))?$/
+  );
+  if (!match) return null;
+
+  return {
+    pid: parseInt(match[1], 10),
+    process: match[2],
+    syscall: match[3],
+    args: match[4],
+    returnValue: match[5].trim()
+  };
+}
+
+/**
+ * Extract file path and flags from openat/open args.
+ * gVisor format: AT_FDCWD, "/path", O_RDONLY|O_CLOEXEC
+ *
+ * @param {string} args - Syscall arguments string
+ * @returns {object|null} { path, flags } or null
+ */
+function extractOpenatPath(args) {
+  // Comma-separated: AT_FDCWD, "/path/to/file", O_RDONLY|O_CLOEXEC, 0o0
+  const match = args.match(/"([^"]+)"[\s,]+([A-Z_|]+)/);
+  if (match) return { path: match[1], flags: match[2] };
+
+  // Space-separated (some gVisor versions): AT_FDCWD "/path" O_RDONLY
+  const matchSpace = args.match(/"([^"]+)"\s+([A-Z_|]+)/);
+  if (matchSpace) return { path: matchSpace[1], flags: matchSpace[2] };
+
+  return null;
+}
+
+/**
+ * Extract IP and port from connect() args.
+ * gVisor format: {Family: AF_INET, Addr: 1.2.3.4, Port: 443}
+ *
+ * @param {string} args - Syscall arguments string
+ * @returns {object|null} { ip, port } or null
+ */
+function extractConnectInfo(args) {
+  const match = args.match(/\{Family:\s*AF_INET,\s*Addr:\s*([\d.]+),\s*Port:\s*(\d+)\}/);
+  if (!match) return null;
+  return { ip: match[1], port: parseInt(match[2], 10) };
+}
+
+/**
+ * Extract command path from execve() args.
+ * gVisor format: execve("/usr/bin/curl", ["curl", ...], ...)
+ *
+ * @param {string} args - Syscall arguments string
+ * @returns {string|null} Command path or null
+ */
+function extractExecveCommand(args) {
+  const match = args.match(/^"([^"]+)"/);
+  return match ? match[1] : null;
+}
+
+// ── Main parser ──
+
+/**
+ * Parse gVisor strace log content and extract security-relevant findings.
+ * Returns the SAME data structure as sandbox-runner.sh's strace parsing
+ * so scoreFindings() works identically.
+ *
+ * @param {string} content - Raw gVisor strace log content
+ * @returns {object} { sensitive_files: {read, written}, network: {http_connections}, processes: {spawned} }
+ */
+function parseGvisorStrace(content) {
+  const sensitiveReads = new Set();
+  const sensitiveWrites = new Set();
+  const connections = new Map();  // dedup by ip:port
+  const processes = new Map();    // dedup by pid:command
+
+  const lines = content.split('\n');
+
+  for (const line of lines) {
+    const parsed = parseStraceLine(line);
+    if (!parsed) continue;
+
+    // Only process successful syscalls (return >= 0)
+    if (parsed.returnValue.startsWith('-')) continue;
+
+    switch (parsed.syscall) {
+      case 'openat':
+      case 'open': {
+        const info = extractOpenatPath(parsed.args);
+        if (!info || !SENSITIVE_PATTERN.test(info.path)) break;
+
+        if (/O_WRONLY|O_RDWR|O_CREAT/.test(info.flags)) {
+          sensitiveWrites.add(info.path);
+        } else if (/O_RDONLY/.test(info.flags)) {
+          sensitiveReads.add(info.path);
+        }
+        break;
+      }
+
+      case 'connect': {
+        const conn = extractConnectInfo(parsed.args);
+        if (!conn) break;
+        if (conn.ip.startsWith('127.')) break;  // skip loopback
+        if (conn.port === 65535) break;          // skip probe port
+        const key = `${conn.ip}:${conn.port}`;
+        if (!connections.has(key)) {
+          connections.set(key, { host: conn.ip, port: conn.port, protocol: 'TCP' });
+        }
+        break;
+      }
+
+      case 'execve': {
+        const cmd = extractExecveCommand(parsed.args);
+        if (!cmd) break;
+        const basename = path.basename(cmd);
+        if (SAFE_PROCESSES.has(basename)) break;
+        const key = `${parsed.pid}:${cmd}`;
+        if (!processes.has(key)) {
+          processes.set(key, { command: cmd, pid: parsed.pid });
+        }
+        break;
+      }
+    }
+  }
+
+  return {
+    sensitive_files: {
+      read: [...sensitiveReads],
+      written: [...sensitiveWrites]
+    },
+    network: {
+      http_connections: [...connections.values()]
+    },
+    processes: {
+      spawned: [...processes.values()]
+    }
+  };
+}
+
+// ── Log discovery ──
+
+/**
+ * Find gVisor log files for a specific container.
+ * Searches the debug-log directory using multiple strategies:
+ *   1. %ID% template → directory named after full container ID
+ *   2. Truncated ID (12 chars) directory
+ *   3. Files in logDir containing the container ID
+ *
+ * @param {string} containerId - Docker container ID (full 64-char or truncated)
+ * @param {string} logDir - gVisor debug-log base directory (default: /tmp/runsc)
+ * @returns {string[]} Matching log file paths
+ */
+function findGvisorLogs(containerId, logDir) {
+  logDir = logDir || '/tmp/runsc';
+  const logFiles = [];
+
+  if (!fs.existsSync(logDir)) return logFiles;
+
+  const shortId = containerId.substring(0, 12);
+
+  // Strategy 1: directory named after full container ID (%ID% template)
+  const fullDir = path.join(logDir, containerId);
+  if (fs.existsSync(fullDir) && fs.statSync(fullDir).isDirectory()) {
+    return collectLogFiles(fullDir);
+  }
+
+  // Strategy 2: directory named after truncated ID
+  const shortDir = path.join(logDir, shortId);
+  if (fs.existsSync(shortDir) && fs.statSync(shortDir).isDirectory()) {
+    return collectLogFiles(shortDir);
+  }
+
+  // Strategy 3: flat files containing the container ID in name
+  try {
+    const files = fs.readdirSync(logDir);
+    for (const file of files) {
+      if ((file.includes(containerId) || file.includes(shortId)) &&
+          (file.endsWith('.log') || file.includes('boot'))) {
+        logFiles.push(path.join(logDir, file));
+      }
+    }
+  } catch { /* directory not readable */ }
+
+  return logFiles;
+}
+
+function collectLogFiles(dir) {
+  const files = [];
+  try {
+    for (const file of fs.readdirSync(dir)) {
+      if (file.endsWith('.log') || file.includes('boot')) {
+        files.push(path.join(dir, file));
+      }
+    }
+  } catch { /* directory not readable */ }
+  return files;
+}
+
+// ── Aggregated parser (main entry point) ──
+
+/**
+ * Parse gVisor log file and return report-compatible structure.
+ * This is the main export matching the spec:
+ *   parseGvisorLog(logPath) → same format as parseStraceOutput()
+ *
+ * @param {string} logPath - Path to a gVisor strace log file
+ * @returns {object} Report supplement with sensitive_files, network, processes
+ */
+function parseGvisorLog(logPath) {
+  try {
+    const content = fs.readFileSync(logPath, 'utf8');
+    return parseGvisorStrace(content);
+  } catch {
+    return {
+      sensitive_files: { read: [], written: [] },
+      network: { http_connections: [] },
+      processes: { spawned: [] }
+    };
+  }
+}
+
+/**
+ * Parse all gVisor logs for a container and return aggregated report supplement.
+ *
+ * @param {string} containerId - Docker container ID
+ * @param {string} logDir - gVisor debug-log base directory
+ * @returns {object} Aggregated report supplement
+ */
+function parseGvisorLogs(containerId, logDir) {
+  const emptyResult = {
+    sensitive_files: { read: [], written: [] },
+    network: { http_connections: [] },
+    processes: { spawned: [] }
+  };
+
+  const logFiles = findGvisorLogs(containerId, logDir);
+  if (logFiles.length === 0) return emptyResult;
+
+  // Aggregate across all log files (boot, gofer, etc.)
+  const allReads = new Set();
+  const allWrites = new Set();
+  const allConnections = new Map();
+  const allProcesses = new Map();
+
+  for (const logFile of logFiles) {
+    const result = parseGvisorLog(logFile);
+
+    for (const f of result.sensitive_files.read) allReads.add(f);
+    for (const f of result.sensitive_files.written) allWrites.add(f);
+    for (const c of result.network.http_connections) {
+      const key = `${c.host}:${c.port}`;
+      if (!allConnections.has(key)) allConnections.set(key, c);
+    }
+    for (const p of result.processes.spawned) {
+      const key = `${p.pid}:${p.command}`;
+      if (!allProcesses.has(key)) allProcesses.set(key, p);
+    }
+  }
+
+  return {
+    sensitive_files: { read: [...allReads], written: [...allWrites] },
+    network: { http_connections: [...allConnections.values()] },
+    processes: { spawned: [...allProcesses.values()] }
+  };
+}
+
+/**
+ * Clean up gVisor log files for a container after analysis.
+ * Prevents disk fill from accumulated logs across sandbox runs.
+ *
+ * @param {string} containerId - Docker container ID
+ * @param {string} logDir - gVisor debug-log base directory
+ */
+function cleanupGvisorLogs(containerId, logDir) {
+  logDir = logDir || '/tmp/runsc';
+  const shortId = containerId.substring(0, 12);
+
+  try {
+    // Try container-specific directory first
+    for (const dirName of [containerId, shortId]) {
+      const dir = path.join(logDir, dirName);
+      if (fs.existsSync(dir) && fs.statSync(dir).isDirectory()) {
+        fs.rmSync(dir, { recursive: true, force: true });
+        return;
+      }
+    }
+
+    // Fall back to individual files
+    const files = fs.readdirSync(logDir);
+    for (const file of files) {
+      if (file.includes(containerId) || file.includes(shortId)) {
+        fs.unlinkSync(path.join(logDir, file));
+      }
+    }
+  } catch { /* cleanup is best-effort */ }
+}
+
+module.exports = {
+  parseGvisorLog,
+  parseGvisorLogs,
+  parseGvisorStrace,
+  findGvisorLogs,
+  cleanupGvisorLogs,
+  // Exported for unit tests
+  parseStraceLine,
+  extractOpenatPath,
+  extractConnectInfo,
+  extractExecveCommand
+};

package/src/sandbox/index.js

@@ -16,6 +16,7 @@ const {
 const { NPM_PACKAGE_REGEX } = require('../shared/constants.js');
 const { analyzePreloadLog } = require('./analyzer.js');
 const { classifyDomain } = require('./network-allowlist.js');
+const { parseGvisorLogs, cleanupGvisorLogs } = require('./gvisor-parser.js');
 
 const DOCKER_IMAGE = 'muaddib-sandbox';
 const CONTAINER_TIMEOUT = 120000; // 120 seconds
@@ -135,6 +136,17 @@ function imageExists() {
   }
 }
 
+// ── gVisor availability check ──
+
+function isGvisorAvailable() {
+  try {
+    const info = execSync('docker info', { encoding: 'utf8', stdio: 'pipe', timeout: 10000 });
+    return /\brunsc\b/.test(info);
+  } catch {
+    return false;
+  }
+}
+
 // ── Build image (with cache) ──
 
 async function buildSandboxImage() {
@@ -186,6 +198,7 @@ async function runSingleSandbox(packageName, options = {}) {
   const mode = strict ? 'strict' : 'permissive';
   const timeOffset = options.timeOffset || 0;
   const runTimeout = options.runTimeout || CONTAINER_TIMEOUT;
+  const gvisorMode = options.gvisor || false;
 
   return new Promise((resolve) => {
     let stdout = '';
@@ -209,6 +222,12 @@ async function runSingleSandbox(packageName, options = {}) {
       '--cap-drop=ALL'
     ];
 
+    // gVisor runtime: use runsc instead of default runc
+    if (gvisorMode) {
+      dockerArgs.push('--runtime=runsc');
+      dockerArgs.push('-e', 'MUADDIB_GVISOR=1');
+    }
+
     // Inject canary tokens as environment variables
     if (canaryTokens) {
       for (const [key, value] of Object.entries(canaryTokens)) {
@@ -239,11 +258,14 @@ async function runSingleSandbox(packageName, options = {}) {
     }
 
     // Both modes need NET_RAW for tcpdump (runs as root in entrypoint).
+    // gVisor mode: no tcpdump needed — gVisor captures via --strace/--log-packets.
     // Strict mode also needs NET_ADMIN for iptables network blocking.
     // SYS_PTRACE is not needed: strace traces its own child (npm install via su).
     // SETUID + SETGID required for su (privilege drop to sandboxuser).
     // CHOWN required for chown in sandbox-runner.sh.
-    dockerArgs.push('--cap-add=NET_RAW');
+    if (!gvisorMode) {
+      dockerArgs.push('--cap-add=NET_RAW');
+    }
     dockerArgs.push('--cap-add=SETUID');
     dockerArgs.push('--cap-add=SETGID');
     dockerArgs.push('--cap-add=CHOWN');
@@ -270,6 +292,7 @@ async function runSingleSandbox(packageName, options = {}) {
     dockerArgs.push(mode);
 
     const proc = spawn('docker', dockerArgs);
+    let gvisorContainerId = null;
 
     // Timeout: kill container
     const timer = setTimeout(() => {
@@ -294,6 +317,16 @@ async function runSingleSandbox(packageName, options = {}) {
 
     proc.stderr.on('data', (data) => {
       stderr += data.toString();
+
+      // Capture container ID for gVisor log retrieval (once, while container is running)
+      if (gvisorMode && !gvisorContainerId) {
+        try {
+          gvisorContainerId = execFileSync('docker', ['inspect', '--format={{.Id}}', containerName], {
+            encoding: 'utf8', stdio: 'pipe', timeout: 5000
+          }).trim();
+        } catch { /* container not yet ready, will retry on next data event */ }
+      }
+
       // Forward sandbox progress logs (sanitize ANSI escape sequences)
       const text = data.toString().replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '');
       for (const line of text.split(/\r?\n/)) {
@@ -366,6 +399,43 @@ async function runSingleSandbox(packageName, options = {}) {
         return;
       }
 
+      // In gVisor mode, merge kernel-level strace data from gVisor debug logs.
+      // sandbox-runner.sh skips strace/tcpdump in gVisor mode, so file access,
+      // connections, and process data come from gVisor's kernel-level tracing.
+      if (gvisorMode && gvisorContainerId) {
+        const gvisorLogDir = process.env.MUADDIB_GVISOR_LOG_DIR || '/tmp/runsc';
+        const gvisorData = parseGvisorLogs(gvisorContainerId, gvisorLogDir);
+
+        // Merge gVisor findings into report without duplicating
+        if (!report.sensitive_files) report.sensitive_files = { read: [], written: [] };
+        if (!report.network) report.network = {};
+        if (!report.processes) report.processes = { spawned: [] };
+
+        const existingReads = new Set(report.sensitive_files.read || []);
+        for (const f of gvisorData.sensitive_files.read) {
+          if (!existingReads.has(f)) report.sensitive_files.read.push(f);
+        }
+
+        const existingWrites = new Set(report.sensitive_files.written || []);
+        for (const f of gvisorData.sensitive_files.written) {
+          if (!existingWrites.has(f)) report.sensitive_files.written.push(f);
+        }
+
+        const existingConns = new Set((report.network.http_connections || []).map(c => `${c.host}:${c.port}`));
+        if (!report.network.http_connections) report.network.http_connections = [];
+        for (const c of gvisorData.network.http_connections) {
+          if (!existingConns.has(`${c.host}:${c.port}`)) report.network.http_connections.push(c);
+        }
+
+        const existingProcs = new Set((report.processes.spawned || []).map(p => p.command));
+        for (const p of gvisorData.processes.spawned) {
+          if (!existingProcs.has(p.command)) report.processes.spawned.push(p);
+        }
+
+        // Cleanup gVisor logs to prevent disk fill
+        cleanupGvisorLogs(gvisorContainerId, gvisorLogDir);
+      }
+
       const { score, findings } = scoreFindings(report);
 
       // Analyze preload log for behavioral findings
@@ -475,6 +545,17 @@ async function runSandbox(packageName, options = {}) {
     return cleanResult;
   }
 
+  // Detect sandbox runtime (gVisor or default Docker/runc)
+  let useGvisor = process.env.MUADDIB_SANDBOX_RUNTIME === 'gvisor';
+  if (useGvisor) {
+    if (isGvisorAvailable()) {
+      console.log('[SANDBOX] Runtime: gvisor (runsc)');
+    } else {
+      console.log('[SANDBOX] Runtime: gvisor requested but runsc not configured in Docker. Falling back to Docker standard.');
+      useGvisor = false;
+    }
+  }
+
   // Generate canary tokens for this sandbox session
   let canaryTokens = null;
   if (canaryEnabled) {
@@ -492,7 +573,8 @@ async function runSandbox(packageName, options = {}) {
   await acquireSandboxSlot();
 
   try {
-    console.log(`[SANDBOX] Analyzing "${displayName}" in isolated container (mode: ${mode}${canaryEnabled ? ', canary: on' : ''}${local ? ', local' : ''}, runs: ${TIME_OFFSETS.length}, slots: ${_sandboxSemaphore.active}/${SANDBOX_CONCURRENCY_MAX})...`);
+    const runtimeLabel = useGvisor ? 'gvisor' : 'docker';
+    console.log(`[SANDBOX] Analyzing "${displayName}" in isolated container (mode: ${mode}, runtime: ${runtimeLabel}${canaryEnabled ? ', canary: on' : ''}${local ? ', local' : ''}, runs: ${TIME_OFFSETS.length}, slots: ${_sandboxSemaphore.active}/${SANDBOX_CONCURRENCY_MAX})...`);
 
     const allRuns = [];
     let bestResult = cleanResult;
@@ -508,7 +590,8 @@ async function runSandbox(packageName, options = {}) {
         localAbsPath,
         displayName,
         timeOffset: offset,
-        runTimeout: SINGLE_RUN_TIMEOUT
+        runTimeout: SINGLE_RUN_TIMEOUT,
+        gvisor: useGvisor
       });
 
       allRuns.push({
@@ -894,4 +977,4 @@ function displayResults(result) {
   }
 }
 
-module.exports = { buildSandboxImage, runSandbox, runSingleSandbox, scoreFindings, generateNetworkReport, EXFIL_PATTERNS, SAFE_DOMAINS, getSeverity, displayResults, isDockerAvailable, imageExists, STATIC_CANARY_TOKENS, detectStaticCanaryExfiltration, analyzePreloadLog, TIME_OFFSETS, SAFE_SANDBOX_CMDS, SANDBOX_CONCURRENCY_MAX, acquireSandboxSlot, releaseSandboxSlot, resetSandboxLimiter, getSandboxSemaphore };
+module.exports = { buildSandboxImage, runSandbox, runSingleSandbox, scoreFindings, generateNetworkReport, EXFIL_PATTERNS, SAFE_DOMAINS, getSeverity, displayResults, isDockerAvailable, imageExists, isGvisorAvailable, STATIC_CANARY_TOKENS, detectStaticCanaryExfiltration, analyzePreloadLog, TIME_OFFSETS, SAFE_SANDBOX_CMDS, SANDBOX_CONCURRENCY_MAX, acquireSandboxSlot, releaseSandboxSlot, resetSandboxLimiter, getSandboxSemaphore };