muaddib-scanner 2.10.42 → 2.10.44

package/README.md

@@ -30,7 +30,7 @@
 
 npm and PyPI supply-chain attacks are exploding. Shai-Hulud compromised 25K+ repos in 2025. Existing tools detect threats but don't help you respond.
 
-MUAD'DIB combines **14 parallel scanners** (195 detection rules), a **deobfuscation engine**, **inter-module dataflow analysis**, **compound scoring**, **ML classifiers** (XGBoost), and Docker sandbox to detect known threats and suspicious behavioral patterns in npm and PyPI packages.
+MUAD'DIB combines **14 parallel scanners** (200 detection rules), a **deobfuscation engine**, **inter-module dataflow analysis**, **compound scoring**, **ML classifiers** (XGBoost), and gVisor/Docker sandbox to detect known threats and suspicious behavioral patterns in npm and PyPI packages.
 
 ---
 
@@ -195,7 +195,7 @@ muaddib replay                     # Ground truth validation (46/49 TPR)
 | GitHub Actions | Shai-Hulud backdoor detection |
 | Hash Scanner | Known malicious file hashes |
 
-### 195 detection rules
+### 200 detection rules
 
 All rules are mapped to MITRE ATT&CK techniques. See [SECURITY.md](SECURITY.md#detection-rules-v21021) for the complete rules reference.
 
@@ -271,7 +271,7 @@ With pre-commit framework:
 ```yaml
 repos:
   - repo: https://github.com/DNSZLSK/muad-dib
-    rev: v2.10.31
+    rev: v2.10.43
     hooks:
       - id: muaddib-scan
 ```
@@ -288,7 +288,7 @@ repos:
 | **FPR** (Benign random) | **7.5%** (15/200) | 200 random npm packages, stratified sampling |
 | **ADR** (Adversarial + Holdout) | **94.0%** (101/107) | 67 adversarial + 40 holdout (107 available on disk), global threshold=20 |
 
-**2868 tests** across 62 files. **195 rules** (190 RULES + 5 PARANOID).
+**3034 tests** across 65 files. **200 rules** (195 RULES + 5 PARANOID).
 
 > **Methodology caveats:**
 > - TPR measured on 49 Node.js attack samples (3 browser-only excluded from 51 total)
@@ -329,7 +329,7 @@ npm test
 
 ### Testing
 
-- **2868 tests** across 62 modular test files
+- **3034 tests** across 65 modular test files
 - **56 fuzz tests** - Malformed inputs, ReDoS, unicode, binary
 - **Datadog 17K benchmark** - 14,587 confirmed malware samples (in-scope)
 - **Ground truth validation** - 51 real-world attacks (93.9% TPR)
@@ -351,7 +351,7 @@ npm test
 - [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) - Experimental protocol, holdout scores
 - [Threat Model](docs/threat-model.md) - What MUAD'DIB detects and doesn't detect
 - [Adversarial Evaluation](ADVERSARIAL.md) - Red team samples and ADR results
-- [Security Policy](SECURITY.md) - Detection rules reference (195 rules)
+- [Security Policy](SECURITY.md) - Detection rules reference (200 rules)
 - [Security Audit](docs/SECURITY_AUDIT.md) - Bypass validation report
 - [FP Analysis](docs/EVALUATION.md) - Historical false positive analysis
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.10.42",
+  "version": "2.10.44",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/monitor/classify.js

@@ -56,7 +56,8 @@ const HIGH_CONFIDENCE_MALICE_TYPES = new Set([
   'systemd_persistence',                   // writeFile to systemd/ or systemctl enable (CanisterWorm T1543.002)
   'npm_token_steal',                       // exec("npm config get _authToken") (CanisterWorm findNpmTokens)
   'root_filesystem_wipe',                  // rm -rf / (CanisterWorm kamikaze.sh wiper T1485)
-  'proc_mem_scan'                          // /proc/mem scanning (TeamPCP Trivy credential stealer)
+  'proc_mem_scan',                         // /proc/mem scanning (TeamPCP Trivy credential stealer)
+  'trusted_new_unknown_dependency'         // TRUSTED package added unknown/new (<7d) dependency (account takeover)
 ]);
 
 // Lifecycle compound types that indicate real malicious intent beyond a simple postinstall

package/src/monitor/daemon.js

@@ -4,7 +4,7 @@ const path = require('path');
 const os = require('os');
 const { isDockerAvailable, SANDBOX_CONCURRENCY_MAX } = require('../sandbox/index.js');
 const { setVerboseMode, isSandboxEnabled, isCanaryEnabled, isLlmDetectiveEnabled, getLlmDetectiveMode } = require('./classify.js');
-const { loadState, saveState, loadDailyStats, saveDailyStats, purgeTarballCache, getParisHour } = require('./state.js');
+const { loadState, saveState, loadDailyStats, saveDailyStats, purgeTarballCache, getParisHour, atomicWriteFileSync } = require('./state.js');
 const { isTemporalEnabled, isTemporalAstEnabled, isTemporalPublishEnabled, isTemporalMaintainerEnabled } = require('./temporal.js');
 const { pendingGrouped, flushScopeGroup, sendDailyReport, DAILY_REPORT_HOUR } = require('./webhook.js');
 const { poll } = require('./ingestion.js');
@@ -14,11 +14,88 @@ const { startHealthcheck } = require('./healthcheck.js');
 const POLL_INTERVAL = 60_000;
 const PROCESS_LOOP_INTERVAL = 2_000;    // Queue check interval when empty
 const QUEUE_WARNING_THRESHOLD = 5_000;  // Warn if queue depth exceeds this
+const QUEUE_PERSIST_INTERVAL = 60_000;  // Persist queue to disk every 60s
+const QUEUE_STATE_FILE = path.join(__dirname, '..', '..', 'data', 'queue-state.json');
+const QUEUE_STATE_MAX_AGE_MS = 24 * 60 * 60 * 1000; // 24h expiry
+const MAX_QUEUE_PERSIST_SIZE = 100_000; // Don't persist if queue > 100K items
 
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 
+/**
+ * Persist scanQueue to disk so it survives restarts.
+ * Uses atomicWriteFileSync (write-to-tmp + rename) for crash safety.
+ * Skips if queue is empty or exceeds MAX_QUEUE_PERSIST_SIZE.
+ */
+function persistQueue(scanQueue, state) {
+  try {
+    if (scanQueue.length === 0) {
+      // Empty queue — remove stale file if it exists
+      try { fs.unlinkSync(QUEUE_STATE_FILE); } catch {}
+      return;
+    }
+    if (scanQueue.length > MAX_QUEUE_PERSIST_SIZE) {
+      console.log(`[MONITOR] WARNING: queue too large to persist (${scanQueue.length} > ${MAX_QUEUE_PERSIST_SIZE})`);
+      return;
+    }
+    const payload = JSON.stringify({
+      savedAt: new Date().toISOString(),
+      lastSeq: state.npmLastSeq || null,
+      count: scanQueue.length,
+      items: scanQueue
+    });
+    atomicWriteFileSync(QUEUE_STATE_FILE, payload);
+  } catch (err) {
+    console.error('[MONITOR] Failed to persist queue:', err.message);
+  }
+}
+
+/**
+ * Restore scanQueue from disk on boot. Items are appended to the (empty) scanQueue.
+ * File is deleted after successful restore to prevent double-restore.
+ * Skips if file is missing, corrupt, or older than 24h.
+ */
+function restoreQueue(scanQueue) {
+  try {
+    if (!fs.existsSync(QUEUE_STATE_FILE)) return 0;
+    const raw = fs.readFileSync(QUEUE_STATE_FILE, 'utf8');
+    const data = JSON.parse(raw);
+
+    // Validate structure
+    if (!data || !Array.isArray(data.items) || !data.savedAt) {
+      console.log('[MONITOR] Queue state file invalid — ignoring');
+      try { fs.unlinkSync(QUEUE_STATE_FILE); } catch {}
+      return 0;
+    }
+
+    // Check age — discard if > 24h
+    const ageMs = Date.now() - new Date(data.savedAt).getTime();
+    if (ageMs > QUEUE_STATE_MAX_AGE_MS) {
+      console.log(`[MONITOR] Queue state expired (${Math.round(ageMs / 3600000)}h old) — ignoring`);
+      try { fs.unlinkSync(QUEUE_STATE_FILE); } catch {}
+      return 0;
+    }
+
+    // Restore items
+    const count = data.items.length;
+    if (count === 0) {
+      try { fs.unlinkSync(QUEUE_STATE_FILE); } catch {}
+      return 0;
+    }
+    scanQueue.push(...data.items);
+    console.log(`[MONITOR] Restored ${count} packages from queue state (saved at ${data.savedAt})`);
+
+    // Delete after successful restore
+    try { fs.unlinkSync(QUEUE_STATE_FILE); } catch {}
+    return count;
+  } catch (err) {
+    console.log(`[MONITOR] WARNING: could not restore queue state: ${err.message}`);
+    try { fs.unlinkSync(QUEUE_STATE_FILE); } catch {}
+    return 0;
+  }
+}
+
 function cleanupOrphanTmpDirs() {
   const tmpBase = path.join(os.tmpdir(), 'muaddib-monitor');
   try {
@@ -176,7 +253,14 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
   console.log(`[MONITOR] Polling every ${POLL_INTERVAL / 1000}s (decoupled from processing). Ctrl+C to stop.\n`);
 
   let running = true;
-  let pollIntervalHandle = null;  // Decoupled poll timer — set after initial poll
+  let pollIntervalHandle = null;   // Decoupled poll timer — set after initial poll
+  let queuePersistHandle = null;   // Queue persistence timer
+
+  // Restore queue from previous run (if file exists and is < 24h old)
+  const restoredCount = restoreQueue(scanQueue);
+  if (restoredCount > 0) {
+    console.log(`[MONITOR] ${restoredCount} packages pre-loaded from previous session`);
+  }
 
   // Graceful shutdown handler (shared by SIGINT and SIGTERM)
   // Daily report is NEVER sent on shutdown — it only fires at 08:00 Paris time.
@@ -188,6 +272,12 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
       clearInterval(pollIntervalHandle);
       pollIntervalHandle = null;
     }
+    if (queuePersistHandle) {
+      clearInterval(queuePersistHandle);
+      queuePersistHandle = null;
+    }
+    // Persist remaining queue items so they survive the restart
+    persistQueue(scanQueue, state);
     healthcheck.stop();
     // Flush all pending scope groups before exit
     for (const [scope, group] of pendingGrouped) {
@@ -232,6 +322,15 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
     }
   }, POLL_INTERVAL);
 
+  // ─── Queue persistence ───
+  // Snapshot queue to disk every 60s so items survive restarts/crashes.
+  // Without this, the decoupled poll advances the CouchDB seq but queued
+  // items are lost on restart — they won't be re-polled.
+  queuePersistHandle = setInterval(() => {
+    if (!running) return;
+    persistQueue(scanQueue, state);
+  }, QUEUE_PERSIST_INTERVAL);
+
   // ─── Continuous processing loop ───
   // Consumes scanQueue independently of polling. Workers inside processQueue
   // check scanQueue.length > 0 after each item, so items added by a concurrent
@@ -264,7 +363,13 @@ module.exports = {
   reportStats,
   isDailyReportDue,
   sleep,
+  persistQueue,
+  restoreQueue,
   POLL_INTERVAL,
   PROCESS_LOOP_INTERVAL,
-  QUEUE_WARNING_THRESHOLD
+  QUEUE_WARNING_THRESHOLD,
+  QUEUE_PERSIST_INTERVAL,
+  QUEUE_STATE_FILE,
+  QUEUE_STATE_MAX_AGE_MS,
+  MAX_QUEUE_PERSIST_SIZE
 };

package/src/monitor/ingestion.js

@@ -81,6 +81,105 @@ async function getWeeklyDownloads(packageName) {
   }
 }
 
+// --- Trusted dependency diff check ---
+
+const TRUSTED_DEP_AGE_THRESHOLD_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+/**
+ * Check for new dependencies added to a TRUSTED (popular) package.
+ * Detects supply-chain attacks where a compromised maintainer account adds a
+ * malicious dependency in a patch bump (e.g., axios 1.14.0 → 1.14.1 adding
+ * plain-crypto-js, 2026-03-30).
+ *
+ * @param {string} name - Package name
+ * @param {string} newVersion - Newly published version
+ * @returns {Array} Array of findings (empty if no new deps or on error)
+ */
+async function checkTrustedDepDiff(name, newVersion) {
+  const findings = [];
+  try {
+    // Fetch packument to get version list and dependencies
+    const body = await httpsGet(`https://registry.npmjs.org/${encodeURIComponent(name)}`, 10_000);
+    const packument = JSON.parse(body);
+
+    if (!packument.versions || !packument.time) return findings;
+
+    // Sort versions by publish time (not semver — handles prereleases correctly)
+    const timeMap = packument.time;
+    const versionKeys = Object.keys(packument.versions)
+      .filter(v => timeMap[v])
+      .sort((a, b) => new Date(timeMap[a]) - new Date(timeMap[b]));
+
+    const newIdx = versionKeys.indexOf(newVersion);
+    if (newIdx <= 0) return findings; // First version or not found
+
+    const prevVersion = versionKeys[newIdx - 1];
+
+    const prevDeps = (packument.versions[prevVersion] && packument.versions[prevVersion].dependencies) || {};
+    const newDeps = (packument.versions[newVersion] && packument.versions[newVersion].dependencies) || {};
+
+    // Find newly added dependencies (name not present in previous version)
+    const addedDeps = Object.keys(newDeps).filter(dep => !(dep in prevDeps));
+    if (addedDeps.length === 0) return findings;
+
+    console.log(`[MONITOR] TRUSTED dep diff: ${name} ${prevVersion} → ${newVersion}: +${addedDeps.length} new dep(s): ${addedDeps.join(', ')}`);
+
+    for (const dep of addedDeps) {
+      let ageMs = null;
+      try {
+        const depBody = await httpsGet(`https://registry.npmjs.org/${encodeURIComponent(dep)}`, 5_000);
+        const depData = JSON.parse(depBody);
+        const created = depData.time && depData.time.created;
+        if (created) {
+          ageMs = Date.now() - new Date(created).getTime();
+        }
+      } catch (err) {
+        console.log(`[MONITOR] WARNING: could not check age of dependency ${dep}: ${err.message}`);
+      }
+
+      if (ageMs === null || ageMs < TRUSTED_DEP_AGE_THRESHOLD_MS) {
+        // Unknown or < 7 days old — CRITICAL
+        const ageDays = ageMs !== null ? Math.floor(ageMs / 86400000) : 'unknown';
+        findings.push({
+          type: 'trusted_new_unknown_dependency',
+          severity: 'CRITICAL',
+          confidence: ageMs === null ? 'medium' : 'high',
+          file: 'package.json',
+          message: `TRUSTED package ${name} added unknown dependency ${dep} (age: ${ageDays}d) in version ${prevVersion} → ${newVersion}`,
+          rule_id: 'MUADDIB-TRUSTED-001',
+          mitre: 'T1195.002',
+          dep,
+          depAgeDays: ageDays,
+          prevVersion,
+          newVersion
+        });
+      } else {
+        // Known dependency (>= 7 days old) — HIGH
+        const ageDays = Math.floor(ageMs / 86400000);
+        findings.push({
+          type: 'trusted_new_dependency',
+          severity: 'HIGH',
+          confidence: 'medium',
+          file: 'package.json',
+          message: `TRUSTED package ${name} added new dependency ${dep} (age: ${ageDays}d) in version ${prevVersion} → ${newVersion}`,
+          rule_id: 'MUADDIB-TRUSTED-002',
+          mitre: 'T1195.002',
+          dep,
+          depAgeDays: ageDays,
+          prevVersion,
+          newVersion
+        });
+      }
+    }
+
+    return findings;
+  } catch (err) {
+    // Graceful fallback — log warning, continue as TRUSTED
+    console.log(`[MONITOR] WARNING: trusted dep diff check failed for ${name}@${newVersion}: ${err.message}`);
+    return findings;
+  }
+}
+
 // --- Tarball URL helpers ---
 
 function getNpmTarballUrl(pkgData) {
@@ -583,6 +682,8 @@ module.exports = {
   // HTTP helpers
   httpsGet,
   getWeeklyDownloads,
+  checkTrustedDepDiff,
+  TRUSTED_DEP_AGE_THRESHOLD_MS,
 
   // Tarball URL helpers
   getNpmTarballUrl,

package/src/monitor/queue.js

@@ -98,7 +98,7 @@ const {
 } = require('./temporal.js');
 
 // From ./ingestion.js (will be created — currently in monitor.js)
-const { getNpmLatestTarball, getPyPITarballUrl, getWeeklyDownloads } = require('./ingestion.js');
+const { getNpmLatestTarball, getPyPITarballUrl, getWeeklyDownloads, checkTrustedDepDiff } = require('./ingestion.js');
 
 // From ./tarball-archive.js
 const { archiveSuspectTarball } = require('./tarball-archive.js');
@@ -518,14 +518,34 @@ async function scanPackage(name, version, ecosystem, tarballUrl, registryMeta, s
         if (ecosystem === 'npm' && !hasIOCMatch(result) && !hasTyposquat(result) && !hasHighOrCritical(result)) {
           const downloads = await getWeeklyDownloads(name);
           if (downloads >= POPULAR_THRESHOLD) {
-            stats.scanned++;
-            const elapsed = Date.now() - startTime;
-            stats.totalTimeMs += elapsed;
-            stats.clean++;
-            console.log(`[MONITOR] TRUSTED (popular): ${name}@${version} (${Math.round(downloads / 1000)}k downloads/week, ${counts.join(', ')})`);
-            updateScanStats('clean');
-            recordTrainingSample(result, { name, version, ecosystem, label: 'clean', registryMeta: meta, unpackedSize: meta.unpackedSize, npmRegistryMeta, fileCountTotal, hasTests });
-            return { sandboxResult: null, staticClean: true };
+            // Dependency diff check: detect supply-chain injection on TRUSTED packages
+            // (e.g., axios 1.14.0 → 1.14.1 adding unknown plain-crypto-js, 2026-03-30)
+            const trustedFindings = await checkTrustedDepDiff(name, version);
+            const hasCriticalDepFinding = trustedFindings.some(f => f.severity === 'CRITICAL');
+
+            if (hasCriticalDepFinding) {
+              // CRITICAL: unknown/new dependency — bypass TRUSTED, route to full scan + sandbox
+              console.log(`[MONITOR] TRUSTED BYPASS: ${name}@${version} — new unknown dependency detected, routing to full scan`);
+              result.threats.push(...trustedFindings);
+              for (const f of trustedFindings) {
+                if (f.severity === 'CRITICAL') result.summary.critical = (result.summary.critical || 0) + 1;
+                else if (f.severity === 'HIGH') result.summary.high = (result.summary.high || 0) + 1;
+              }
+              // Fall through to full classification below (do NOT return)
+            } else {
+              // No CRITICAL dep findings — normal TRUSTED skip (log HIGH findings if any)
+              for (const f of trustedFindings) {
+                console.log(`[MONITOR] TRUSTED dep change: ${f.message}`);
+              }
+              stats.scanned++;
+              const elapsed = Date.now() - startTime;
+              stats.totalTimeMs += elapsed;
+              stats.clean++;
+              console.log(`[MONITOR] TRUSTED (popular): ${name}@${version} (${Math.round(downloads / 1000)}k downloads/week, ${counts.join(', ')})`);
+              updateScanStats('clean');
+              recordTrainingSample(result, { name, version, ecosystem, label: 'clean', registryMeta: meta, unpackedSize: meta.unpackedSize, npmRegistryMeta, fileCountTotal, hasTests });
+              return { sandboxResult: null, staticClean: true };
+            }
           }
         }
 

package/src/response/playbooks.js

@@ -829,6 +829,15 @@ const PLAYBOOKS = {
   lifecycle_missing_script:
     'CRITIQUE: Script lifecycle reference un fichier inexistant dans le package. Script fantome. ' +
     'Le payload peut etre injecte dynamiquement ou lors d\'une mise a jour. Installer avec --ignore-scripts. Supprimer le package.',
+
+  trusted_new_unknown_dependency:
+    'CRITIQUE: Package populaire (TRUSTED) a ajoute une dependance inconnue ou tres recente (<7 jours). ' +
+    'Indicateur de compromission de compte mainteneur (supply-chain attack). Bloquer la mise a jour. ' +
+    'Verifier le changelog, les commits recents, et contacter le mainteneur. Inspecter la nouvelle dependance.',
+
+  trusted_new_dependency:
+    'HAUTE: Package populaire (TRUSTED) a ajoute une nouvelle dependance connue. ' +
+    'Verifier le changelog et la legitimite de l\'ajout. Pas de blocage immediat mais surveillance renforcee.',
 };
 
 function getPlaybook(threatType) {

package/src/rules/index.js

@@ -2206,6 +2206,30 @@ const RULES = {
     ],
     mitre: 'T1195.002'
   },
+  // Trusted dependency diff detections (monitor-only)
+  trusted_new_unknown_dependency: {
+    id: 'MUADDIB-TRUSTED-001',
+    name: 'Trusted Package Added Unknown Dependency',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Un package TRUSTED (>50k downloads/semaine) a ajoute une nouvelle dependance inconnue ou tres recente (<7 jours) — indicateur de compromission de compte mainteneur (supply-chain attack type axios/plain-crypto-js).',
+    references: [
+      'https://attack.mitre.org/techniques/T1195.002/',
+      'https://blog.sonatype.com/malicious-npm-packages-targeting-popular-libraries'
+    ],
+    mitre: 'T1195.002'
+  },
+  trusted_new_dependency: {
+    id: 'MUADDIB-TRUSTED-002',
+    name: 'Trusted Package Added New Dependency',
+    severity: 'HIGH',
+    confidence: 'medium',
+    description: 'Un package TRUSTED (>50k downloads/semaine) a ajoute une nouvelle dependance connue (>7 jours) dans un bump de version — changement de surface d\'attaque a verifier.',
+    references: [
+      'https://attack.mitre.org/techniques/T1195.002/'
+    ],
+    mitre: 'T1195.002'
+  },
 };
 
 function getRule(type) {