muaddib-scanner 2.10.96 → 2.10.97

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.10.96",
+  "version": "2.10.97",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/ml/feature-extractor.js

@@ -696,7 +696,11 @@ function extractFeatures(result, meta) {
   features.typosquat_scoped_package = typosquatScopedPackage(result, meta) ? 1 : 0;
   features.obfuscation_without_vector = obfuscationWithoutVector(result) ? 1 : 0;
   features.placeholder_anti_dep_confusion = placeholderAntiDepConfusion(result, meta) ? 1 : 0;
-  features.install_script_no_network_egress = installScriptNoNetworkEgress(result, meta) ? 1 : 0;
+  // F8 disabled for retrain — fires on malware due to incomplete EGRESS_TYPES
+  // (missing dangerous_exec, lifecycle_dangerous_exec, node_inline_exec).
+  // Re-enable in v2.10.97 after EGRESS_TYPES fix + re-validation.
+  // See ml-retrain/ml-auc-v2.10.96.md for details.
+  features.install_script_no_network_egress = 0; // installScriptNoNetworkEgress(result, meta) ? 1 : 0;
 
   return features;
 }

package/src/pipeline/processor.js

@@ -3,7 +3,7 @@ const path = require('path');
 const { getRule } = require('../rules/index.js');
 const { getPlaybook } = require('../response/playbooks.js');
 const { computeReachableFiles } = require('../scanner/reachability.js');
-const { applyFPReductions, applyCompoundBoosts, calculateRiskScore, getSeverityWeights } = require('../scoring.js');
+const { applyFPReductions, applyCompoundBoosts, calculateRiskScore, getSeverityWeights, applyContextualFPCaps } = require('../scoring.js');
 const { buildIntentPairs } = require('../intent-graph.js');
 const { debugLog } = require('../utils.js');
 
@@ -100,12 +100,21 @@ async function process(threats, targetPath, options, pythonDeps, warnings, scann
   // Read package name and dependencies for FP reduction heuristics
   let packageName = null;
   let packageDeps = null;
+  let _pkgMeta = null; // v2.10.97: full pkg metadata for contextual FP caps
   try {
     const pkgPath = path.join(targetPath, 'package.json');
     if (fs.existsSync(pkgPath)) {
       const pkgData = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
       packageName = pkgData.name || null;
       packageDeps = pkgData.dependencies || null;
+      _pkgMeta = {
+        name: pkgData.name,
+        scripts: pkgData.scripts || {},
+        description: pkgData.description || '',
+        homepage: pkgData.homepage || (typeof pkgData.repository === 'string' ? pkgData.repository : (pkgData.repository && pkgData.repository.url) || ''),
+        dependencies: pkgData.dependencies,
+        devDependencies: pkgData.devDependencies,
+      };
     }
   } catch { /* graceful fallback */ }
 
@@ -301,6 +310,15 @@ async function process(threats, targetPath, options, pythonDeps, warnings, scann
     scannerErrors: scannerErrors.length > 0 ? scannerErrors : undefined
   };
 
+  // v2.10.97: contextual FP post-filter — deterministic score caps for
+  // packages matching well-known FP clusters (100% precision, 302 human labels).
+  const fpCaps = applyContextualFPCaps(result, _pkgMeta);
+  if (fpCaps.length > 0) {
+    debugLog('[FP-CAP] ' + (packageName || targetPath) + ': ' +
+      fpCaps.map(c => c.feature + (c.cap > 0 ? '→MAX' + c.cap : '→suppress')).join(', ') +
+      ' → score=' + result.summary.riskScore);
+  }
+
   return {
     result,
     deduped,

package/src/scoring.js

@@ -1011,8 +1011,110 @@ function calculateRiskScore(deduped, intentResult) {
   };
 }
 
+// ============================================
+// v2.10.97: CONTEXTUAL FP POST-FILTER
+// ============================================
+// Deterministic score caps for packages matching well-known FP clusters.
+// Each feature has 100% precision on 302 human-reviewed packages (zero
+// malware misclassified).  Applied AFTER calculateRiskScore() so that
+// compound boosts and lifecycle floors have already had their say.
+const {
+  bundleWithoutInstallScripts,
+  installUrlGithubReleases,
+  networkDestinationFirstParty,
+  gitHookSourceLocal,
+  typosquatScopedPackage,
+  obfuscationWithoutVector,
+  placeholderAntiDepConfusion,
+} = require('./ml/feature-extractor.js');
+
+/**
+ * Apply contextual FP score caps to a scan result.
+ * Mutates result.summary.riskScore / riskLevel in-place.
+ * Returns array of { feature, cap } describing applied caps (empty if none).
+ */
+function applyContextualFPCaps(result, pkgMeta) {
+  if (!result || !result.summary) return [];
+
+  const meta = {
+    name: pkgMeta && pkgMeta.name,
+    registryMeta: {
+      scripts: (pkgMeta && pkgMeta.scripts) || {},
+      description: (pkgMeta && pkgMeta.description) || '',
+      homepage: (pkgMeta && pkgMeta.homepage) || '',
+      dependencies: (pkgMeta && pkgMeta.dependencies),
+      devDependencies: (pkgMeta && pkgMeta.devDependencies),
+    },
+  };
+
+  const applied = [];
+
+  // F7: placeholder anti-dep-confusion → MAX 20
+  if (placeholderAntiDepConfusion(result, meta)) {
+    applied.push({ feature: 'placeholder_anti_dep_confusion', cap: 20 });
+  }
+  // F1: minified bundle without install scripts → MAX 30
+  if (bundleWithoutInstallScripts(result, meta)) {
+    applied.push({ feature: 'bundle_without_install_scripts', cap: 30 });
+  }
+  // F3: credential destination first-party API → MAX 30
+  if (networkDestinationFirstParty(result, meta)) {
+    applied.push({ feature: 'network_destination_first_party', cap: 30 });
+  }
+  // F2: binary installer from GitHub Releases → MAX 35
+  if (installUrlGithubReleases(result)) {
+    applied.push({ feature: 'install_url_github_releases', cap: 35 });
+  }
+  // F4: git hooks from local source → MAX 35
+  if (gitHookSourceLocal(result)) {
+    applied.push({ feature: 'git_hook_source_local', cap: 35 });
+  }
+  // F6: commercial obfuscation without attack vector → MAX 35
+  if (obfuscationWithoutVector(result)) {
+    applied.push({ feature: 'obfuscation_without_vector', cap: 35 });
+  }
+  // F5: typosquat on scoped package → suppress typosquat points
+  if (typosquatScopedPackage(result, meta)) {
+    applied.push({ feature: 'typosquat_scoped_package', cap: -1 });
+  }
+
+  if (applied.length === 0) return applied;
+
+  // Apply the tightest (lowest) cap
+  const caps = applied.filter(a => a.cap > 0);
+  const lowestCap = caps.length > 0 ? Math.min(...caps.map(a => a.cap)) : Infinity;
+
+  if (lowestCap < result.summary.riskScore) {
+    result.summary.riskScore = lowestCap;
+    result.summary.riskLevel =
+      lowestCap >= _riskThresholds.CRITICAL ? 'CRITICAL'
+        : lowestCap >= _riskThresholds.HIGH ? 'HIGH'
+        : lowestCap >= _riskThresholds.MEDIUM ? 'MEDIUM'
+        : lowestCap > 0 ? 'LOW' : 'SAFE';
+  }
+
+  // F5: subtract typosquat points from score
+  if (applied.find(a => a.feature === 'typosquat_scoped_package')) {
+    const typoPoints = result.threats
+      .filter(t => t.type === 'typosquat_detected' || t.type === 'lifecycle_typosquat')
+      .reduce((s, t) => s + (t.points || 0), 0);
+    if (typoPoints > 0) {
+      result.summary.riskScore = Math.max(0, result.summary.riskScore - typoPoints);
+      const rs = result.summary.riskScore;
+      result.summary.riskLevel =
+        rs >= _riskThresholds.CRITICAL ? 'CRITICAL'
+          : rs >= _riskThresholds.HIGH ? 'HIGH'
+          : rs >= _riskThresholds.MEDIUM ? 'MEDIUM'
+          : rs > 0 ? 'LOW' : 'SAFE';
+    }
+  }
+
+  return applied;
+}
+
 module.exports = {
   SEVERITY_WEIGHTS, RISK_THRESHOLDS, MAX_RISK_SCORE, CONFIDENCE_FACTORS,
   isPackageLevelThreat, computeGroupScore, applyFPReductions, applyCompoundBoosts, calculateRiskScore,
-  applyConfigOverrides, resetConfigOverrides, getSeverityWeights, getRiskThresholds
+  applyConfigOverrides, resetConfigOverrides, getSeverityWeights, getRiskThresholds,
+  applyContextualFPCaps
 };