muaddib-scanner 2.2.24 → 2.2.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.fr.md +4 -4
- package/README.md +4 -4
- package/package.json +1 -1
- package/src/ioc/scraper.js +4 -0
package/README.fr.md
CHANGED
|
@@ -285,7 +285,7 @@ Ajoutez à `.pre-commit-config.yaml` :
|
|
|
285
285
|
```yaml
|
|
286
286
|
repos:
|
|
287
287
|
- repo: https://github.com/DNSZLSK/muad-dib
|
|
288
|
-
rev: v2.2.
|
|
288
|
+
rev: v2.2.24
|
|
289
289
|
hooks:
|
|
290
290
|
- id: muaddib-scan # Scanner toutes les menaces
|
|
291
291
|
# - id: muaddib-diff # Ou: seulement les nouvelles
|
|
@@ -640,7 +640,7 @@ Les alertes apparaissent dans Security > Code scanning alerts.
|
|
|
640
640
|
## Architecture
|
|
641
641
|
|
|
642
642
|
```
|
|
643
|
-
MUAD'DIB 2.2.
|
|
643
|
+
MUAD'DIB 2.2.24 Scanner
|
|
644
644
|
|
|
|
645
645
|
+-- IOC Match (225 000+ packages, JSON DB)
|
|
646
646
|
| +-- OSV.dev npm dump (200K+ entrées MAL-*)
|
|
@@ -748,7 +748,7 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
|
|
|
748
748
|
- **ADR** (Adversarial Detection Rate) : taux de detection sur 78 samples malveillants evasifs — 38 adversariaux (4 vagues red team + 3 bypasses) + 40 holdouts (5 batches de 10, testant obfuscation, dataflow inter-module, etc.)
|
|
749
749
|
- **Holdout** (pre-tuning) : taux de detection sur 10 samples jamais vus avec regles gelees (mesure de generalisation)
|
|
750
750
|
|
|
751
|
-
Datasets : 529 npm + 132 PyPI packages benins, 78 samples adversariaux/holdout, 51 attaques ground-truth (65 packages malveillants documentes).
|
|
751
|
+
Datasets : 529 npm + 132 PyPI packages benins, 78 samples adversariaux/holdout, 51 attaques ground-truth (65 packages malveillants documentes). **1317 tests**, 86% coverage.
|
|
752
752
|
|
|
753
753
|
Voir [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) pour le protocole experimental complet.
|
|
754
754
|
|
|
@@ -784,7 +784,7 @@ npm test
|
|
|
784
784
|
|
|
785
785
|
### Tests
|
|
786
786
|
|
|
787
|
-
- **
|
|
787
|
+
- **1317 tests unitaires/integration** sur 20 fichiers modulaires - 86% coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
|
|
788
788
|
- **56 tests de fuzzing** - YAML malforme, JSON invalide, fichiers binaires, ReDoS, unicode, inputs 10MB
|
|
789
789
|
- **78 samples adversariaux/holdout** - 38 adversariaux + 40 holdouts, 78/78 taux de detection (100% ADR)
|
|
790
790
|
- **Validation ground truth** - 51 attaques reelles (45/49 detectees = 91.8% TPR). 4 hors scope : browser-only (3) + risque FP (1)
|
package/README.md
CHANGED
|
@@ -285,7 +285,7 @@ Add to `.pre-commit-config.yaml`:
|
|
|
285
285
|
```yaml
|
|
286
286
|
repos:
|
|
287
287
|
- repo: https://github.com/DNSZLSK/muad-dib
|
|
288
|
-
rev: v2.2.
|
|
288
|
+
rev: v2.2.24
|
|
289
289
|
hooks:
|
|
290
290
|
- id: muaddib-scan # Scan all threats
|
|
291
291
|
# - id: muaddib-diff # Or: only new threats
|
|
@@ -641,7 +641,7 @@ Alerts appear in Security > Code scanning alerts.
|
|
|
641
641
|
## Architecture
|
|
642
642
|
|
|
643
643
|
```
|
|
644
|
-
MUAD'DIB 2.2.
|
|
644
|
+
MUAD'DIB 2.2.24 Scanner
|
|
645
645
|
|
|
|
646
646
|
+-- IOC Match (225,000+ packages, JSON DB)
|
|
647
647
|
| +-- OSV.dev npm dump (200K+ MAL-* entries)
|
|
@@ -751,7 +751,7 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
|
|
|
751
751
|
- **ADR** (Adversarial Detection Rate): detection rate on 75 evasive malicious samples — 35 adversarial (4 red-team waves) + 40 holdout (5 batches of 10, testing obfuscation, inter-module dataflow, etc.)
|
|
752
752
|
- **Holdout** (pre-tuning): detection rate on 10 unseen samples with rules frozen (measures generalization)
|
|
753
753
|
|
|
754
|
-
Datasets: 529 npm + 132 PyPI benign packages, 78 adversarial/holdout samples, 51 ground-truth attacks (65 documented malware packages).
|
|
754
|
+
Datasets: 529 npm + 132 PyPI benign packages, 78 adversarial/holdout samples, 51 ground-truth attacks (65 documented malware packages). **1317 tests**, 86% code coverage.
|
|
755
755
|
|
|
756
756
|
See [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) for the full experimental protocol.
|
|
757
757
|
|
|
@@ -787,7 +787,7 @@ npm test
|
|
|
787
787
|
|
|
788
788
|
### Testing
|
|
789
789
|
|
|
790
|
-
- **
|
|
790
|
+
- **1317 unit/integration tests** across 20 modular test files - 86% code coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
|
|
791
791
|
- **56 fuzz tests** - Malformed YAML, invalid JSON, binary files, ReDoS, unicode, 10MB inputs
|
|
792
792
|
- **78 adversarial/holdout samples** - 38 adversarial + 40 holdout, 78/78 detection rate (100% ADR)
|
|
793
793
|
- **Ground truth validation** - 51 real-world attacks (45/49 detected = 91.8% TPR). 4 out-of-scope: browser-only (3) + FP-risky (1)
|
package/package.json
CHANGED
package/src/ioc/scraper.js
CHANGED
|
@@ -1089,6 +1089,8 @@ async function runScraper() {
|
|
|
1089
1089
|
|
|
1090
1090
|
// Smart deduplication: build map of best entry per key
|
|
1091
1091
|
// For duplicates, keep the one with highest confidence, then most recent date
|
|
1092
|
+
const dedupSpinner = new Spinner();
|
|
1093
|
+
dedupSpinner.start('Deduplicating ' + allPackages.length + ' npm + ' + pypiPackages.length + ' PyPI entries...');
|
|
1092
1094
|
const dedupMap = new Map();
|
|
1093
1095
|
|
|
1094
1096
|
// Seed with existing IOCs
|
|
@@ -1182,6 +1184,8 @@ async function runScraper() {
|
|
|
1182
1184
|
];
|
|
1183
1185
|
}
|
|
1184
1186
|
|
|
1187
|
+
dedupSpinner.succeed('Deduplicated: ' + existingIOCs.packages.length + ' npm + ' + existingIOCs.pypi_packages.length + ' PyPI packages (' + addedPackages + ' new, ' + upgradedPackages + ' upgraded)');
|
|
1188
|
+
|
|
1185
1189
|
// Update metadata
|
|
1186
1190
|
existingIOCs.updated = new Date().toISOString();
|
|
1187
1191
|
existingIOCs.sources = [
|