muaddib-scanner 2.2.0 → 2.2.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {
@@ -43,7 +43,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@inquirer/prompts": "8.2.0",
+    "@inquirer/prompts": "8.2.1",
     "acorn": "8.15.0",
     "acorn-walk": "8.3.4",
     "adm-zip": "^0.5.16",
@@ -52,7 +52,7 @@
     "yargs": "18.0.0"
   },
   "devDependencies": {
-    "@eslint/js": "9.39.2",
+    "@eslint/js": "10.0.1",
     "eslint": "10.0.0",
     "eslint-plugin-security": "^3.0.1",
     "globals": "17.3.0"

package/src/response/playbooks.js

@@ -293,6 +293,21 @@ const PLAYBOOKS = {
     'CRITIQUE: Le package a tente de voler des credentials (honey tokens). Comportement malveillant confirme. ' +
     'NE PAS installer. Signaler immediatement sur npm/PyPI. ' +
     'Si deja installe: considerer la machine compromise, regenerer TOUS les secrets.',
+
+  env_charcode_reconstruction:
+    'Obfuscation detectee: le nom de la variable d\'environnement est reconstruit dynamiquement via fromCharCode ' +
+    'pour eviter la detection statique. Technique de vol de GITHUB_TOKEN, NPM_TOKEN, etc. ' +
+    'Verifier quelles variables sont accedees et si elles sont exfiltrees.',
+
+  lifecycle_shell_pipe:
+    'CRITIQUE: Le script lifecycle (preinstall/postinstall) pipe du code distant vers un shell (curl | sh). ' +
+    'NE PAS installer. Ceci execute du code arbitraire a l\'installation. ' +
+    'Si deja installe: considerer la machine compromise. Auditer les modifications systeme.',
+
+  credential_tampering:
+    'CRITIQUE: Ecriture detectee dans un cache sensible (npm _cacache, yarn, pip). ' +
+    'Possible cache poisoning: injection de code malveillant dans des packages caches. ' +
+    'Nettoyer le cache: npm cache clean --force. Reinstaller les dependances depuis zero.',
 };
 
 function getPlaybook(threatType) {

package/src/rules/index.js

@@ -500,7 +500,7 @@ const RULES = {
   workflow_write: {
     id: 'MUADDIB-AST-015',
     name: 'GitHub Actions Workflow Write',
-    severity: 'HIGH',
+    severity: 'CRITICAL',
     confidence: 'high',
     description: 'fs.writeFileSync cree un fichier dans .github/workflows — injection de workflow GitHub Actions pour persistence. Technique Shai-Hulud 2.0.',
     references: [
@@ -562,6 +562,44 @@ const RULES = {
     mitre: 'T1059'
   },
 
+  env_charcode_reconstruction: {
+    id: 'MUADDIB-AST-018',
+    name: 'Environment Variable Key Reconstruction',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'process.env accede avec une cle reconstruite dynamiquement via String.fromCharCode. Technique d\'obfuscation pour eviter la detection statique des noms de variables sensibles (GITHUB_TOKEN, etc.).',
+    references: [
+      'https://attack.mitre.org/techniques/T1027/',
+      'https://attack.mitre.org/techniques/T1552/001/'
+    ],
+    mitre: 'T1027'
+  },
+
+  lifecycle_shell_pipe: {
+    id: 'MUADDIB-PKG-010',
+    name: 'Lifecycle Script Pipes to Shell',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Script lifecycle (preinstall/install/postinstall) execute curl | sh ou wget | bash — telecharge et execute du code distant au moment de npm install.',
+    references: [
+      'https://blog.phylum.io/shai-hulud-npm-worm',
+      'https://socket.dev/blog/2025-supply-chain-report'
+    ],
+    mitre: 'T1195.002'
+  },
+
+  credential_tampering: {
+    id: 'MUADDIB-FLOW-003',
+    name: 'Credential/Cache Tampering',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Ecriture dans un chemin sensible (cache npm _cacache, cache yarn, credentials). Possible cache poisoning: injection de code malveillant dans des packages caches.',
+    references: [
+      'https://attack.mitre.org/techniques/T1565/001/'
+    ],
+    mitre: 'T1565.001'
+  },
+
   ai_agent_abuse: {
     id: 'MUADDIB-AST-013',
     name: 'AI Agent Weaponization',

package/src/scanner/ast.js

@@ -78,6 +78,13 @@ const HOOKABLE_NATIVES = [
   'WebSocket', 'EventSource'
 ];
 
+// Node.js core module classes targeted for prototype hooking
+const NODE_HOOKABLE_MODULES = ['http', 'https', 'net', 'tls', 'stream'];
+const NODE_HOOKABLE_CLASSES = [
+  'IncomingMessage', 'ServerResponse', 'ClientRequest',
+  'OutgoingMessage', 'Socket', 'Server', 'Agent'
+];
+
 // Paths indicating sandbox/container environment detection (anti-analysis)
 const SANDBOX_INDICATORS = [
   '/.dockerenv',
@@ -162,6 +169,20 @@ function analyzeFile(content, filePath, basePath) {
       allowHashBang: true
     });
   } catch {
+    // AST parse failed — apply regex fallback for known dangerous patterns
+
+    // Workflow manipulation: reads + writes to .github/workflows
+    if (/\.github/.test(content) && /workflows/.test(content) &&
+        /writeFileSync|writeFile/.test(content) &&
+        /readdirSync|readFileSync/.test(content)) {
+      threats.push({
+        type: 'workflow_write',
+        severity: 'CRITICAL',
+        message: 'File reads and modifies .github/workflows — GitHub Actions injection (regex fallback).',
+        file: path.relative(basePath, filePath)
+      });
+    }
+
     if (content.length > 1000 && content.split('\n').length < 10) {
       threats.push({
         type: 'possible_obfuscation',
@@ -198,6 +219,9 @@ function analyzeFile(content, filePath, basePath) {
     return null;
   }
 
+  // Pre-scan for fromCharCode pattern (env var name obfuscation)
+  const hasFromCharCode = content.includes('fromCharCode');
+
   walk.simple(ast, {
     VariableDeclarator(node) {
       if (node.id?.type === 'Identifier') {
@@ -232,6 +256,10 @@ function analyzeFile(content, filePath, basePath) {
             if (/\.github[\\/\/]workflows/i.test(joinArgs) || /\.github[\\/\/]actions/i.test(joinArgs)) {
               workflowPathVars.add(node.id.name);
             }
+            // Propagate: path.join(workflowPathVar, ...) inherits tracking
+            else if (node.init.arguments.some(a => a.type === 'Identifier' && workflowPathVars.has(a.name))) {
+              workflowPathVars.add(node.id.name);
+            }
           }
         }
       }
@@ -416,8 +444,8 @@ function analyzeFile(content, filePath, basePath) {
           if (hasWorkflowVar || /\.github[\\/]workflows/i.test(checkPath) || /\.github[\\/]actions/i.test(checkPath)) {
             threats.push({
               type: 'workflow_write',
-              severity: 'HIGH',
-              message: `${writeMethod}() creates file in .github/workflows — GitHub Actions persistence technique.`,
+              severity: 'CRITICAL',
+              message: `${writeMethod}() writes to .github/workflows — GitHub Actions injection/persistence technique.`,
               file: path.relative(basePath, filePath)
             });
           }
@@ -433,7 +461,7 @@ function analyzeFile(content, filePath, basePath) {
           if (pathArg?.type === 'Identifier' && workflowPathVars.has(pathArg.name)) {
             threats.push({
               type: 'workflow_write',
-              severity: 'HIGH',
+              severity: 'CRITICAL',
               message: `${mkdirMethod}() creates .github/workflows directory — GitHub Actions persistence technique.`,
               file: path.relative(basePath, filePath)
             });
@@ -441,6 +469,22 @@ function analyzeFile(content, filePath, basePath) {
         }
       }
 
+      // Detect fs.readdirSync on .github/workflows — workflow enumeration for injection
+      if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
+        const readDirMethod = node.callee.property.name;
+        if ((readDirMethod === 'readdirSync' || readDirMethod === 'readdir') && node.arguments.length > 0) {
+          const pathArg = node.arguments[0];
+          if (pathArg?.type === 'Identifier' && workflowPathVars.has(pathArg.name)) {
+            threats.push({
+              type: 'workflow_write',
+              severity: 'CRITICAL',
+              message: `${readDirMethod}() enumerates .github/workflows — workflow modification/injection technique.`,
+              file: path.relative(basePath, filePath)
+            });
+          }
+        }
+      }
+
       // Detect fs.chmodSync with executable permissions — binary dropper pattern
       if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
         const chmodMethod = node.callee.property.name;
@@ -505,6 +549,24 @@ function analyzeFile(content, filePath, basePath) {
         }
       }
 
+      // Detect Object.defineProperty(process.env, ...) — env interception via property descriptors
+      if (node.callee.type === 'MemberExpression' &&
+          node.callee.object?.type === 'Identifier' && node.callee.object.name === 'Object' &&
+          node.callee.property?.type === 'Identifier' && node.callee.property.name === 'defineProperty' &&
+          node.arguments.length >= 2) {
+        const target = node.arguments[0];
+        if (target.type === 'MemberExpression' &&
+            target.object?.name === 'process' &&
+            target.property?.name === 'env') {
+          threats.push({
+            type: 'env_proxy_intercept',
+            severity: 'CRITICAL',
+            message: 'Object.defineProperty(process.env) detected — intercepts environment variable access for credential theft.',
+            file: path.relative(basePath, filePath)
+          });
+        }
+      }
+
       if (callName === 'eval') {
         const isConstant = hasOnlyStringLiteralArgs(node);
         threats.push({
@@ -665,6 +727,25 @@ function analyzeFile(content, filePath, basePath) {
             file: path.relative(basePath, filePath)
           });
         }
+
+        // <module>.<Class>.prototype.<method> = ... (Node.js core module prototype hooking)
+        // e.g. http.IncomingMessage.prototype.emit = function(...)
+        if (left.object?.type === 'MemberExpression' &&
+            left.object.property?.type === 'Identifier' && left.object.property.name === 'prototype' &&
+            left.object.object?.type === 'MemberExpression' &&
+            left.object.object.object?.type === 'Identifier' &&
+            left.object.object.property?.type === 'Identifier') {
+          const moduleName = left.object.object.object.name;
+          const className = left.object.object.property.name;
+          if (NODE_HOOKABLE_MODULES.includes(moduleName) && NODE_HOOKABLE_CLASSES.includes(className)) {
+            threats.push({
+              type: 'prototype_hook',
+              severity: 'CRITICAL',
+              message: `${moduleName}.${className}.prototype.${left.property?.name || '?'} overridden — Node.js core module prototype hooking for traffic interception.`,
+              file: path.relative(basePath, filePath)
+            });
+          }
+        }
       }
     },
 
@@ -675,6 +756,15 @@ function analyzeFile(content, filePath, basePath) {
       ) {
         // Dynamic access: process.env[variable] — always flag as MEDIUM
         if (node.computed) {
+          // Escalate if env key was built via String.fromCharCode (obfuscation)
+          if (hasFromCharCode) {
+            threats.push({
+              type: 'env_charcode_reconstruction',
+              severity: 'HIGH',
+              message: 'process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation).',
+              file: path.relative(basePath, filePath)
+            });
+          }
           threats.push({
             type: 'env_access',
             severity: 'MEDIUM',

package/src/scanner/dataflow.js

@@ -69,6 +69,17 @@ function analyzeFile(content, filePath, basePath) {
         if (containsSensitiveLiteral(node.init)) {
           sensitivePathVars.add(node.id.name);
         }
+        // Propagate sensitive vars through path.join/resolve
+        if (node.init?.type === 'CallExpression' && node.init.callee?.type === 'MemberExpression') {
+          const obj = node.init.callee.object;
+          const prop = node.init.callee.property;
+          if (obj?.type === 'Identifier' && obj.name === 'path' &&
+              prop?.type === 'Identifier' && (prop.name === 'join' || prop.name === 'resolve')) {
+            if (node.init.arguments.some(a => a.type === 'Identifier' && sensitivePathVars.has(a.name))) {
+              sensitivePathVars.add(node.id.name);
+            }
+          }
+        }
       }
     },
 
@@ -158,6 +169,21 @@ function analyzeFile(content, filePath, basePath) {
         }
       }
 
+      // Detect writeFileSync/writeFile on sensitive paths → cache poisoning / credential tampering
+      if (node.callee.type === 'MemberExpression') {
+        const prop = node.callee.property;
+        if (prop?.type === 'Identifier' && (prop.name === 'writeFileSync' || prop.name === 'writeFile')) {
+          const arg = node.arguments[0];
+          if (arg && isCredentialPath(arg, sensitivePathVars)) {
+            sinks.push({
+              type: 'file_tamper',
+              name: prop.name,
+              line: node.loc?.start?.line
+            });
+          }
+        }
+      }
+
       // Track eval calls for staged payload detection
       if (callName === 'eval') {
         sinks.push({
@@ -173,6 +199,15 @@ function analyzeFile(content, filePath, basePath) {
         node.object?.object?.name === 'process' &&
         node.object?.property?.name === 'env'
       ) {
+        // Dynamic bracket access: process.env[variable]
+        if (node.computed) {
+          sources.push({
+            type: 'env_read',
+            name: 'process.env[dynamic]',
+            line: node.loc?.start?.line
+          });
+          return;
+        }
         const envVar = node.property?.name || '';
         if (isSensitiveEnv(envVar)) {
           sources.push({
@@ -197,11 +232,15 @@ function analyzeFile(content, filePath, basePath) {
     });
   }
 
-  if (sources.length > 0 && sinks.length > 0) {
+  // Separate exfiltration sinks from file tampering sinks
+  const exfilSinks = sinks.filter(s => s.type !== 'file_tamper');
+  const fileTamperSinks = sinks.filter(s => s.type === 'file_tamper');
+
+  if (sources.length > 0 && exfilSinks.length > 0) {
     // Determine severity by scope proximity: if source and sink are < 50 lines apart -> CRITICAL, else HIGH
     let severity = 'HIGH';
     for (const src of sources) {
-      for (const sink of sinks) {
+      for (const sink of exfilSinks) {
         if (src.line && sink.line && Math.abs(src.line - sink.line) < 50) {
           severity = 'CRITICAL';
           break;
@@ -213,7 +252,17 @@ function analyzeFile(content, filePath, basePath) {
     threats.push({
       type: 'suspicious_dataflow',
       severity: severity,
-      message: `Suspicious flow: credentials read (${sources.map(s => s.name).join(', ')}) + network send (${sinks.map(s => s.name).join(', ')})`,
+      message: `Suspicious flow: credentials read (${sources.map(s => s.name).join(', ')}) + network send (${exfilSinks.map(s => s.name).join(', ')})`,
+      file: path.relative(basePath, filePath)
+    });
+  }
+
+  // Detect cache poisoning: credential source + write to sensitive path
+  if (sources.length > 0 && fileTamperSinks.length > 0) {
+    threats.push({
+      type: 'credential_tampering',
+      severity: 'CRITICAL',
+      message: `Cache poisoning: sensitive data access (${sources.map(s => s.name).join(', ')}) + write to sensitive path (${fileTamperSinks.map(s => s.name).join(', ')})`,
       file: path.relative(basePath, filePath)
     });
   }
@@ -226,7 +275,8 @@ const SENSITIVE_PATH_PATTERNS = [
   '/etc/passwd', '/etc/shadow', '/etc/hosts',
   '.ethereum', '.electrum', '.config/solana', '.exodus',
   '.atomic', '.metamask', '.ledger-live', '.trezor',
-  '.bitcoin', '.monero', '.gnupg'
+  '.bitcoin', '.monero', '.gnupg',
+  '_cacache', '.cache/yarn', '.cache/pip'
 ];
 
 function isSensitivePath(val) {

package/src/scanner/package.js

@@ -80,6 +80,19 @@ async function scanPackageJson(targetPath) {
           });
         }
       }
+
+      // Escalate: lifecycle script (preinstall/install/postinstall) + shell pipe → CRITICAL
+      if (['preinstall', 'install', 'postinstall'].includes(scriptName)) {
+        if (/curl\s.*\|\s*(sh|bash)\b/.test(scriptContent) ||
+            /wget\s.*\|\s*(sh|bash)\b/.test(scriptContent)) {
+          threats.push({
+            type: 'lifecycle_shell_pipe',
+            severity: 'CRITICAL',
+            message: `Critical: "${scriptName}" pipes remote code to shell — supply chain RCE.`,
+            file: 'package.json'
+          });
+        }
+      }
     }
   }