muaddib-scanner 2.2.27 → 2.3.0

package/bin/muaddib.js

@@ -33,6 +33,7 @@ let temporalFullMode = false;
 let breakdownMode = false;
 let noDeobfuscate = false;
 let noModuleGraph = false;
+let noReachability = false;
 let feedLimit = null;
 let feedSeverity = null;
 let feedSince = null;
@@ -122,6 +123,8 @@ for (let i = 0; i < options.length; i++) {
     noDeobfuscate = true;
   } else if (options[i] === '--no-module-graph') {
     noModuleGraph = true;
+  } else if (options[i] === '--no-reachability') {
+    noReachability = true;
   } else if (options[i] === '--temporal') {
     temporalMode = true;
   } else if (options[i] === '--limit') {
@@ -415,6 +418,7 @@ const helpText = `
     --no-canary         Disable honey token injection in sandbox
     --no-deobfuscate    Disable deobfuscation pre-processing
     --no-module-graph   Disable cross-file dataflow analysis
+    --no-reachability   Disable entry-point reachability analysis
     --exclude [dir]     Exclude directory from scan (repeatable)
     --limit [n]         Limit feed entries (default: 50)
     --severity [level]  Filter by severity (CRITICAL|HIGH|MEDIUM|LOW)
@@ -461,7 +465,8 @@ if (command === 'version' || command === '--version' || command === '-v') {
     entropyThreshold: entropyThreshold,
     breakdown: breakdownMode,
     noDeobfuscate: noDeobfuscate,
-    noModuleGraph: noModuleGraph
+    noModuleGraph: noModuleGraph,
+    noReachability: noReachability
   }).then(exitCode => {
     process.exit(exitCode);
   }).catch(err => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.2.27",
+  "version": "2.3.0",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/index.js

@@ -19,6 +19,7 @@ const { scanEntropy } = require('./scanner/entropy.js');
 const { scanAIConfig } = require('./scanner/ai-config.js');
 const { deobfuscate } = require('./scanner/deobfuscate.js');
 const { buildModuleGraph, annotateTaintedExports, detectCrossFileFlows } = require('./scanner/module-graph.js');
+const { computeReachableFiles } = require('./scanner/reachability.js');
 const { runTemporalAnalyses } = require('./temporal-runner.js');
 const { formatOutput } = require('./output-formatter.js');
 const { setExtraExcludes, getExtraExcludes, Spinner, listInstalledPackages, clearFileListCache } = require('./utils.js');
@@ -333,9 +334,22 @@ async function run(targetPath, options = {}) {
     }
   }
 
+  // Reachability analysis: determine which files are reachable from entry points
+  let reachableFiles = null;
+  if (!options.noReachability) {
+    try {
+      const reachability = computeReachableFiles(targetPath);
+      if (!reachability.skipped) {
+        reachableFiles = reachability.reachableFiles;
+      }
+    } catch {
+      // Graceful fallback — treat all files as reachable
+    }
+  }
+
   // FP reduction: legitimate frameworks produce high volumes of certain threat types.
   // A malware package typically has 1-3 occurrences, not dozens.
-  applyFPReductions(deduped);
+  applyFPReductions(deduped, reachableFiles);
 
   // Enrich each threat with rules
   const enrichedThreats = deduped.map(t => {

package/src/response/playbooks.js

@@ -354,6 +354,31 @@ const PLAYBOOKS = {
     'execution via require() ou Module._compile(), puis suppression via unlinkSync/rmSync. ' +
     'Ce pattern de staging est typique des malwares cherchant a eviter la detection post-mortem. ' +
     'Isoler la machine et inspecter les artefacts temporaires avant nettoyage.',
+
+  mcp_config_injection:
+    'CRITIQUE: Ecriture dans les fichiers de configuration MCP d\'assistants IA (.claude/, .cursor/, .continue/, .vscode/). ' +
+    'Technique SANDWORM_MODE: le malware empoisonne la configuration MCP pour ajouter des serveurs malveillants. ' +
+    'Verifier immediatement les fichiers de config IA. Supprimer les entrees MCP non reconnues. Supprimer le package.',
+
+  git_hooks_injection:
+    'Injection de hooks Git detectee. Le package ecrit dans .git/hooks/ (pre-commit, pre-push, etc.) ' +
+    'ou modifie git config init.templateDir pour la persistence globale. ' +
+    'Verifier .git/hooks/ et git config --global --list. Supprimer les hooks non reconnus.',
+
+  env_harvesting_dynamic:
+    'Collecte dynamique de variables d\'environnement via Object.entries/keys/values(process.env) ' +
+    'avec filtrage par patterns sensibles. Technique de vol de credentials a grande echelle. ' +
+    'Verifier les tokens/secrets exposes. Revoquer immediatement les credentials compromis.',
+
+  dns_chunk_exfiltration:
+    'Exfiltration via requetes DNS detectee. Les donnees sont encodees en base64 et envoyees comme sous-domaines DNS. ' +
+    'Cette technique contourne les firewalls et proxies car le DNS est rarement filtre. ' +
+    'Bloquer les requetes DNS sortantes du package. Verifier les donnees exfiltrees.',
+
+  llm_api_key_harvesting:
+    'Acces a 3+ cles API de providers LLM (OpenAI, Anthropic, Google, etc.). Usage unique = legitime, ' +
+    'acces multiples = collecte pour revente ou abus. Verifier si le package a une raison ' +
+    'legitime d\'acceder a plusieurs providers. Revoquer les cles exposees si necessaire.',
 };
 
 function getPlaybook(threatType) {

package/src/rules/index.js

@@ -713,6 +713,66 @@ const RULES = {
     mitre: 'T1070.004'
   },
 
+  mcp_config_injection: {
+    id: 'MUADDIB-AST-027',
+    name: 'MCP Config Injection',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Injection de configuration MCP: ecriture dans les fichiers de configuration d\'assistants IA (.claude/, .cursor/, .continue/, .vscode/, .windsurf/). Technique SANDWORM_MODE pour empoisonner la chaine d\'outils IA.',
+    references: [
+      'https://attack.mitre.org/techniques/T1546/016/'
+    ],
+    mitre: 'T1546.016'
+  },
+
+  git_hooks_injection: {
+    id: 'MUADDIB-AST-028',
+    name: 'Git Hooks Injection',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Injection de hooks Git: ecriture dans .git/hooks/ ou modification de git config init.templateDir. Technique de persistence via hooks pre-commit, pre-push, post-checkout.',
+    references: [
+      'https://attack.mitre.org/techniques/T1546/004/'
+    ],
+    mitre: 'T1546.004'
+  },
+
+  env_harvesting_dynamic: {
+    id: 'MUADDIB-AST-029',
+    name: 'Dynamic Environment Variable Harvesting',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Collecte dynamique de variables d\'environnement via Object.entries/keys/values(process.env) avec filtrage par patterns sensibles (TOKEN, SECRET, KEY, PASSWORD, AWS, SSH). Technique de vol de credentials.',
+    references: [
+      'https://attack.mitre.org/techniques/T1552/001/'
+    ],
+    mitre: 'T1552.001'
+  },
+
+  dns_chunk_exfiltration: {
+    id: 'MUADDIB-AST-030',
+    name: 'DNS Chunk Exfiltration',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Exfiltration DNS: donnees encodees en base64 dans les requetes DNS. Canal covert pour contourner les firewalls. Pattern: dns.resolve + Buffer.from().toString("base64").',
+    references: [
+      'https://attack.mitre.org/techniques/T1048/003/'
+    ],
+    mitre: 'T1048.003'
+  },
+
+  llm_api_key_harvesting: {
+    id: 'MUADDIB-AST-031',
+    name: 'LLM API Key Harvesting',
+    severity: 'MEDIUM',
+    confidence: 'medium',
+    description: 'Collecte de cles API LLM: acces a 3+ variables d\'environnement de providers IA (OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY, etc.). Vecteur de monetisation.',
+    references: [
+      'https://attack.mitre.org/techniques/T1552/001/'
+    ],
+    mitre: 'T1552.001'
+  },
+
   ai_agent_abuse: {
     id: 'MUADDIB-AST-013',
     name: 'AI Agent Weaponization',

package/src/scanner/ast-detectors.js

@@ -83,6 +83,38 @@ const NODE_HOOKABLE_CLASSES = [
   'OutgoingMessage', 'Socket', 'Server', 'Agent'
 ];
 
+// AI/MCP config paths targeted for config injection (SANDWORM_MODE)
+const MCP_CONFIG_PATHS = [
+  '.claude/', 'claude_desktop_config',
+  '.cursor/', 'mcp.json',
+  '.continue/',
+  '.vscode/',
+  '.windsurf/', '.codeium/'
+];
+
+// MCP content indicators in written data
+const MCP_CONTENT_PATTERNS = ['mcpServers', '"mcp"', '"server"', '"command"', '"args"'];
+
+// Git hooks names
+const GIT_HOOKS = [
+  'pre-commit', 'pre-push', 'post-checkout', 'post-merge',
+  'pre-receive', 'post-receive', 'prepare-commit-msg', 'commit-msg',
+  'pre-rebase', 'post-rewrite', 'pre-auto-gc'
+];
+
+// LLM API key environment variable names (3+ = harvesting)
+const LLM_API_KEY_VARS = [
+  'OPENAI_API_KEY', 'ANTHROPIC_API_KEY', 'GOOGLE_API_KEY',
+  'GROQ_API_KEY', 'TOGETHER_API_KEY', 'FIREWORKS_API_KEY',
+  'REPLICATE_API_KEY', 'MISTRAL_API_KEY', 'COHERE_API_KEY'
+];
+
+// Env harvesting sensitive patterns (for Object.entries/keys/values filtering)
+const ENV_HARVEST_PATTERNS = [
+  'KEY', 'SECRET', 'TOKEN', 'PASSWORD', 'CREDENTIAL',
+  'NPM', 'AWS', 'SSH', 'WEBHOOK'
+];
+
 // Paths indicating sandbox/container environment detection (anti-analysis)
 const SANDBOX_INDICATORS = [
   '/.dockerenv',
@@ -487,6 +519,84 @@ function handleCallExpression(node, ctx) {
     }
   }
 
+  // SANDWORM_MODE R5: MCP config injection — writeFileSync to AI config paths
+  if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
+    const mcpWriteMethod = node.callee.property.name;
+    if (['writeFileSync', 'writeFile'].includes(mcpWriteMethod) && node.arguments.length >= 2) {
+      const mcpPathArg = node.arguments[0];
+      const mcpPathStr = extractStringValue(mcpPathArg);
+      // Also check path.join() calls
+      let mcpJoinedPath = '';
+      if (mcpPathArg?.type === 'CallExpression' && mcpPathArg.arguments) {
+        mcpJoinedPath = mcpPathArg.arguments.map(a => extractStringValue(a) || '').join('/');
+      }
+      const mcpCheckPath = (mcpPathStr || mcpJoinedPath).toLowerCase();
+      const isMcpPath = MCP_CONFIG_PATHS.some(p => mcpCheckPath.includes(p.toLowerCase()));
+      if (isMcpPath) {
+        // Check content argument for MCP-related patterns
+        const contentArg = node.arguments[1];
+        const contentStr = extractStringValue(contentArg);
+        const hasContentPattern = contentStr
+          ? MCP_CONTENT_PATTERNS.some(p => contentStr.includes(p.replace(/"/g, '')))
+          : true; // dynamic content = suspicious by default for AI config paths
+        if (hasContentPattern) {
+          ctx.threats.push({
+            type: 'mcp_config_injection',
+            severity: 'CRITICAL',
+            message: `MCP config injection: ${mcpWriteMethod}() writes to AI assistant configuration (${mcpCheckPath}). SANDWORM_MODE technique for AI toolchain poisoning.`,
+            file: ctx.relFile
+          });
+        }
+      }
+    }
+  }
+
+  // SANDWORM_MODE R6: Git hooks injection — writeFileSync to .git/hooks/
+  if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
+    const gitWriteMethod = node.callee.property.name;
+    if (['writeFileSync', 'writeFile'].includes(gitWriteMethod) && node.arguments.length >= 1) {
+      const gitPathArg = node.arguments[0];
+      const gitPathStr = extractStringValue(gitPathArg);
+      let gitJoinedPath = '';
+      if (gitPathArg?.type === 'CallExpression' && gitPathArg.arguments) {
+        gitJoinedPath = gitPathArg.arguments.map(a => extractStringValue(a) || '').join('/');
+      }
+      const gitCheckPath = gitPathStr || gitJoinedPath;
+      if (/\.git[\\/]hooks[\\/]/i.test(gitCheckPath) ||
+          GIT_HOOKS.some(h => gitCheckPath.includes(h) && gitCheckPath.includes('.git'))) {
+        ctx.threats.push({
+          type: 'git_hooks_injection',
+          severity: 'HIGH',
+          message: `Git hook injection: ${gitWriteMethod}() writes to .git/hooks/. Persistence technique.`,
+          file: ctx.relFile
+        });
+      }
+    }
+  }
+
+  // SANDWORM_MODE R6: Git hooks injection via exec — git config --global init.templateDir or git config hooks
+  if ((execName || memberExec) && node.arguments.length > 0) {
+    const gitExecArg = node.arguments[0];
+    const gitExecStr = extractStringValue(gitExecArg);
+    if (gitExecStr) {
+      if (/git\s+config\s+.*init\.templateDir/i.test(gitExecStr)) {
+        ctx.threats.push({
+          type: 'git_hooks_injection',
+          severity: 'HIGH',
+          message: 'Git hook injection: modifying global git template directory via "git config init.templateDir". Persistence technique.',
+          file: ctx.relFile
+        });
+      } else if (/git\s+config\b/.test(gitExecStr) && /hooks/i.test(gitExecStr)) {
+        ctx.threats.push({
+          type: 'git_hooks_injection',
+          severity: 'HIGH',
+          message: 'Git hook injection: modifying git hooks configuration. Persistence technique.',
+          file: ctx.relFile
+        });
+      }
+    }
+  }
+
   // Detect fs.chmodSync with executable permissions (deferred to postWalk for compound check)
   if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
     const chmodMethod = node.callee.property.name;
@@ -698,7 +808,7 @@ function handleCallExpression(node, ctx) {
         });
       }
       // Module._compile counts as temp file exec for write-execute-delete pattern
-      ctx.hasTempFileExec = ctx.hasTempFileExec || ctx.hasTmpdirInContent;
+      ctx.hasTempFileExec = ctx.hasTempFileExec || ctx.hasDevShmInContent;
     }
 
     // SANDWORM_MODE: Track writeFileSync/writeFile to temp paths
@@ -706,13 +816,13 @@ function handleCallExpression(node, ctx) {
       const arg = node.arguments && node.arguments[0];
       if (arg) {
         const strVal = extractStringValue(arg);
-        if (strVal && (/\/dev\/shm\b/.test(strVal) || /\btmp\b/i.test(strVal) || /\btemp\b/i.test(strVal))) {
+        if (strVal && /\/dev\/shm\b/.test(strVal)) {
           ctx.hasTempFileWrite = true;
         }
-        // Variable reference to tmpdir/temp path
+        // Variable reference to /dev/shm path
         if (!strVal && (arg.type === 'Identifier' || arg.type === 'CallExpression' || arg.type === 'MemberExpression')) {
-          // Dynamic path — check if file content involves tmpdir patterns
-          ctx.hasTempFileWrite = ctx.hasTempFileWrite || ctx.hasTmpdirInContent;
+          // Dynamic path — check if file content involves /dev/shm
+          ctx.hasTempFileWrite = ctx.hasTempFileWrite || ctx.hasDevShmInContent;
         }
       }
     }
@@ -727,13 +837,30 @@ function handleCallExpression(node, ctx) {
   if (callName === 'require' && node.arguments.length > 0) {
     const arg = node.arguments[0];
     const strVal = extractStringValue(arg);
-    if (strVal && (/\/dev\/shm\b/.test(strVal) || /\btmp\b/i.test(strVal) || /\btemp\b/i.test(strVal))) {
+    if (strVal && /\/dev\/shm\b/.test(strVal)) {
       ctx.hasTempFileExec = true;
-    } else if (!strVal && ctx.hasTmpdirInContent) {
-      // Variable argument in a file that references tmpdir paths
+    } else if (!strVal && ctx.hasDevShmInContent) {
+      // Variable argument in a file that references /dev/shm
       ctx.hasTempFileExec = true;
     }
   }
+
+  // SANDWORM_MODE R7: Detect Object.entries/keys/values(process.env)
+  if (node.callee.type === 'MemberExpression' &&
+      node.callee.object?.type === 'Identifier' && node.callee.object.name === 'Object' &&
+      node.callee.property?.type === 'Identifier' &&
+      ['entries', 'keys', 'values'].includes(node.callee.property.name) &&
+      node.arguments.length >= 1) {
+    const enumArg = node.arguments[0];
+    // Check if argument is process.env
+    if (enumArg.type === 'MemberExpression' &&
+        enumArg.object?.type === 'Identifier' && enumArg.object.name === 'process' &&
+        enumArg.property?.type === 'Identifier' && enumArg.property.name === 'env') {
+      ctx.hasEnvEnumeration = true;
+    }
+  }
+
+  // SANDWORM_MODE R8: dns.resolve detection moved to walk.ancestor() in ast.js (FIX 5)
 }
 
 function handleImportExpression(node, ctx) {
@@ -939,6 +1066,10 @@ function handleMemberExpression(node, ctx) {
           file: ctx.relFile
         });
       }
+      // SANDWORM_MODE R9: Count LLM API key accesses
+      if (LLM_API_KEY_VARS.includes(envVar)) {
+        ctx.llmApiKeyCount++;
+      }
     }
   }
 }
@@ -946,9 +1077,11 @@ function handleMemberExpression(node, ctx) {
 function handlePostWalk(ctx) {
   // SANDWORM_MODE: zlib inflate + base64 decode + eval/Function/Module._compile = obfuscated payload
   if (ctx.hasZlibInflate && ctx.hasBase64Decode && ctx.hasDynamicExec) {
+    // FIX 4: dist/build files get LOW severity (bundlers legitimately use zlib+base64+eval)
+    const isDistFile = /^(dist|build)[/\\]/i.test(ctx.relFile) || /\.bundle\.js$/i.test(ctx.relFile);
     ctx.threats.push({
       type: 'zlib_inflate_eval',
-      severity: 'CRITICAL',
+      severity: isDistFile ? 'LOW' : 'CRITICAL',
       message: 'Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern.',
       file: ctx.relFile
     });
@@ -964,6 +1097,36 @@ function handlePostWalk(ctx) {
     });
   }
 
+  // SANDWORM_MODE R7: env harvesting = Object.entries/keys/values(process.env) + sensitive pattern in file
+  if (ctx.hasEnvEnumeration && ctx.hasEnvHarvestPattern && ctx.hasNetworkCallInFile) {
+    ctx.threats.push({
+      type: 'env_harvesting_dynamic',
+      severity: 'HIGH',
+      message: 'Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique.',
+      file: ctx.relFile
+    });
+  }
+
+  // SANDWORM_MODE R8: DNS exfiltration = dns require + base64 encode + dns call (loop implied by co-occurrence)
+  if (ctx.hasDnsLoop) {
+    ctx.threats.push({
+      type: 'dns_chunk_exfiltration',
+      severity: 'HIGH',
+      message: 'DNS exfiltration: data encoded in DNS queries. Covert channel for firewall bypass.',
+      file: ctx.relFile
+    });
+  }
+
+  // SANDWORM_MODE R9: LLM API key harvesting (3+ different providers = harvesting)
+  if (ctx.llmApiKeyCount >= 3) {
+    ctx.threats.push({
+      type: 'llm_api_key_harvesting',
+      severity: 'MEDIUM',
+      message: `LLM API key harvesting: accessing ${ctx.llmApiKeyCount} AI provider keys. Monetization vector.`,
+      file: ctx.relFile
+    });
+  }
+
   // JS reverse shell pattern
   if (ctx.hasJsReverseShell) {
     ctx.threats.push({

package/src/scanner/ast.js

@@ -84,7 +84,17 @@ function analyzeFile(content, filePath, basePath) {
     hasTempFileWrite: false,
     hasTempFileExec: false,
     hasFileDelete: false,
-    hasTmpdirInContent: /\btmpdir\b|\/dev\/shm\b|\/tmp\b/i.test(content)
+    hasDevShmInContent: /\/dev\/shm\b/.test(content),
+    // SANDWORM_MODE P2: env harvesting co-occurrence
+    hasEnvEnumeration: false,  // Object.entries/keys/values(process.env)
+    hasEnvHarvestPattern: /\b(KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL|NPM|AWS|SSH|WEBHOOK)\b/.test(content),
+    hasNetworkCallInFile: /\b(fetch|https?\.request|https?\.get|dns\.resolve)\b/.test(content),
+    // SANDWORM_MODE P2: DNS exfiltration co-occurrence
+    hasDnsRequire: /\brequire\s*\(\s*['"]dns['"]\s*\)/.test(content) || /\bdns\s*\.\s*resolve/.test(content),
+    hasBase64Encode: /\.toString\s*\(\s*['"]base64(url)?['"]\s*\)/.test(content),
+    hasDnsLoop: false,  // set when dns call inside loop context detected
+    // SANDWORM_MODE P2: LLM API key harvesting
+    llmApiKeyCount: 0
   };
 
   walk.simple(ast, {
@@ -97,6 +107,35 @@ function analyzeFile(content, filePath, basePath) {
     MemberExpression(node) { handleMemberExpression(node, ctx); }
   });
 
+  // FIX 5: DNS chunk exfiltration — verify dns.resolve* is inside a loop body
+  if (ctx.hasDnsRequire && ctx.hasBase64Encode && !ctx.hasDnsLoop) {
+    walk.ancestor(ast, {
+      CallExpression(node, _state, ancestors) {
+        if (ctx.hasDnsLoop) return;
+        if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
+          const name = node.callee.property.name;
+          if (['resolve', 'resolve4', 'resolveTxt', 'resolveCname'].includes(name)) {
+            for (const anc of ancestors) {
+              if (['ForStatement', 'WhileStatement', 'ForOfStatement',
+                   'ForInStatement', 'DoWhileStatement'].includes(anc.type)) {
+                ctx.hasDnsLoop = true;
+                return;
+              }
+              // forEach/map callback = implicit loop
+              if (anc.type === 'CallExpression' && anc.callee?.type === 'MemberExpression') {
+                const m = anc.callee.property?.name;
+                if (['forEach', 'map', 'reduce', 'filter'].includes(m)) {
+                  ctx.hasDnsLoop = true;
+                  return;
+                }
+              }
+            }
+          }
+        }
+      }
+    });
+  }
+
   handlePostWalk(ctx);
 
   return threats;