npm - muaddib-scanner - Versions diffs - 2.5.6 → 2.5.8 - Mend

muaddib-scanner 2.5.6 → 2.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/_test_aiweapon.js +12 -0
package/_test_fp.js +11 -0
package/_test_fp2.js +37 -0
package/_test_fp3.js +19 -0
package/_test_nodemailer.js +17 -0
package/_test_p4_detail.js +45 -0
package/_test_p4_detail2.js +32 -0
package/_test_p4_quick.js +33 -0
package/_test_regex.js +5 -0
package/_vitest_result.json +395 -0
package/iocs/builtin.yaml +80 -11
package/iocs/packages.yaml +216 -12
package/logs/alerts/2026-03-06T13-25-09-667-evil-pkg.json +20 -0
package/logs/alerts/2026-03-06T13-25-09-668-evil-pkg.json +20 -0
package/logs/alerts/2026-03-06T13-25-09-668-suspect-pkg.json +24 -0
package/logs/alerts/2026-03-06T13-25-10-228-evil-pkg.json +24 -0
package/logs/daily-reports/2026-03-06.json +61 -0
package/package.json +1 -1
package/src/ioc/scraper.js +1 -1
package/src/sandbox/analyzer.js +6 -1
package/src/sandbox/index.js +5 -1
package/src/scanner/ast-detectors.js +24 -8
package/src/scanner/ast.js +21 -1
package/src/scanner/typosquat.js +5 -1
package/src/scoring.js +40 -10

package/src/scanner/ast.js CHANGED Viewed

@@ -101,6 +101,8 @@ function analyzeFile(content, filePath, basePath) {
     ideConfigPathVars: new Map(),
     // Wave 4: compound detection — fetch + decrypt + eval chain
     hasRemoteFetch: /\bhttps?\.(get|request)\b/.test(content) || /\bfetch\s*\(/.test(content),
+    // Safe domain exclusion: if ALL URLs in file are from known registries, suppress download_exec_binary
+    fetchOnlySafeDomains: false, // computed below after URL extraction
     hasCryptoDecipher: /\bcreateDecipher(iv)?\s*\(/.test(content),
     // Wave 4: native addon camouflage signals
     hasRequireNodeFile: false,
@@ -111,10 +113,28 @@ function analyzeFile(content, filePath, basePath) {
     hasRunOnInContent: /\brunOn\b|\bfolderOpen\b/.test(content),
     hasWriteFileSyncInContent: /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content),
     // Wave 4: MCP content keyword detection (must also have writeFileSync in same file)
+    // Content-level MCP detection: MCP keyword + writeFileSync + MCP config path in same file
+    // Path co-occurrence prevents FPs where a file reads MCP config but writes elsewhere.
+    // Read-only pattern (readFileSync without writeFileSync to MCP) is not injection.
     hasMcpContentKeywords: (/\bmcpServers\b/.test(content) || /\bmcp\.json\b/.test(content) || /\bclaude_desktop_config\b/.test(content)) &&
-      /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content)
+      /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content) &&
+      (/\.claude[/\\]/.test(content) || /\.cursor[/\\]/.test(content) || /\.vscode[/\\]/.test(content) || /\.windsurf[/\\]/.test(content) || /\.codeium[/\\]/.test(content) || /\.continue[/\\]/.test(content) || /claude_desktop_config/.test(content) || /\bmcp\.json\b/.test(content))
   };
+  // Compute fetchOnlySafeDomains: check if ALL URLs in file point to known registries
+  if (ctx.hasRemoteFetch) {
+    const urlMatches = content.match(/https?:\/\/[^\s'"`)]+/g) || [];
+    const SAFE_FETCH_DOMAINS = [
+      'registry.npmjs.org', 'npmjs.com',
+      'github.com', 'objects.githubusercontent.com', 'raw.githubusercontent.com',
+      'nodejs.org', 'yarnpkg.com',
+      'pypi.org', 'files.pythonhosted.org'
+    ];
+    if (urlMatches.length > 0 && urlMatches.every(u => SAFE_FETCH_DOMAINS.some(d => u.includes(d)))) {
+      ctx.fetchOnlySafeDomains = true;
+    }
+  }
   walk.simple(ast, {
     VariableDeclarator(node) { handleVariableDeclarator(node, ctx); },
     CallExpression(node) { handleCallExpression(node, ctx); },

package/src/scanner/typosquat.js CHANGED Viewed

@@ -108,7 +108,11 @@ const WHITELIST = new Set([
   'docdash',    // resembles lodash
   'yarpm',      // resembles yargs
   'canvg',      // resembles canvas
-  'obug'        // internal sub-dependency
+  'obug',       // internal sub-dependency
+  // FPR P4: Benign packages falsely flagged as typosquat in evaluation
+  'mocks',      // karma dep, resembles mocha (wrong_char)
+  'reactor'     // stencil dep, resembles react (suffix)
 ]);

package/src/scoring.js CHANGED Viewed

@@ -106,11 +106,17 @@ const FP_COUNT_THRESHOLDS = {
   dynamic_require: { maxCount: 10, from: 'HIGH', to: 'LOW' },
   dangerous_call_function: { maxCount: 5, from: 'MEDIUM', to: 'LOW' },
   require_cache_poison: { maxCount: 3, from: 'CRITICAL', to: 'LOW' },
-  suspicious_dataflow: { maxCount: 5, to: 'LOW' },
+  suspicious_dataflow: { maxCount: 3, to: 'LOW' },
   obfuscation_detected: { maxCount: 3, to: 'LOW' },
   module_compile_dynamic: { maxCount: 3, from: 'CRITICAL', to: 'LOW' },
   module_compile: { maxCount: 3, from: 'CRITICAL', to: 'LOW' },
-  zlib_inflate_eval: { maxCount: 2, from: 'CRITICAL', to: 'LOW' }
+  zlib_inflate_eval: { maxCount: 2, from: 'CRITICAL', to: 'LOW' },
+  // P4: plugin loaders legitimately use many dynamic imports (webpack, eslint, knex, gatsby)
+  dynamic_import: { maxCount: 5, from: 'HIGH', to: 'LOW' },
+  // P4: hash algorithms contain bit manipulation that triggers obfuscation heuristics
+  js_obfuscation_pattern: { maxCount: 1, from: 'HIGH', to: 'LOW' },
+  // P4: bundled credential_tampering from minified alias resolution (jspdf, lerna)
+  credential_tampering: { maxCount: 5, to: 'LOW' }
 };
 // Types exempt from dist/ downgrade — IOC matches and lifecycle scripts are always real
@@ -182,6 +188,18 @@ function applyFPReductions(threats, reachableFiles, packageName) {
   const totalThreats = threats.length;
+  // P4: Plugin loader pattern — packages with 2+ dynamic_require + dynamic_import combined
+  // are legitimate plugin systems (webpack, eslint, karma, knex, jasmine, gatsby).
+  // Malware uses one pattern, not both. Bypass the per-type percentage guard.
+  const pluginLoaderCount = (typeCounts.dynamic_require || 0) + (typeCounts.dynamic_import || 0);
+  if (pluginLoaderCount > 1) {
+    for (const t of threats) {
+      if ((t.type === 'dynamic_require' || t.type === 'dynamic_import') && t.severity === 'HIGH') {
+        t.severity = 'LOW';
+      }
+    }
+  }
   for (const t of threats) {
     // Count-based downgrade: if a threat type appears too many times,
     // it's a framework/plugin system, not malware.
@@ -190,7 +208,10 @@ function applyFPReductions(threats, reachableFiles, packageName) {
     const rule = FP_COUNT_THRESHOLDS[t.type];
     if (rule && typeCounts[t.type] > rule.maxCount && (!rule.from || t.severity === rule.from)) {
       const typeRatio = typeCounts[t.type] / totalThreats;
-      if (typeRatio < 0.5) {
+      // P4: suspicious_dataflow bypasses the percentage guard — multiple data flow paths
+      // indicate a complex application (SMTP client, monitoring agent), not malware.
+      // Malware has 1-2 targeted exfiltration flows, not 4+.
+      if (typeRatio < 0.5 || t.type === 'suspicious_dataflow') {
         t.severity = rule.to;
       }
     }
@@ -220,11 +241,13 @@ function applyFPReductions(threats, reachableFiles, packageName) {
       }
     }
-    // Dist/build/minified files: bundler artifacts get severity downgraded one notch.
+    // Dist/build/minified files: bundler artifacts get severity downgraded two notches.
     // Real malware injects payloads in source files, not in dist/ output.
+    // Two-notch downgrade (P4): cross-file bonus amplifies dist/ noise in large packages.
+    // IOC matches and lifecycle scripts are exempt (DIST_EXEMPT_TYPES).
     if (t.file && !DIST_EXEMPT_TYPES.has(t.type) && DIST_FILE_RE.test(t.file)) {
-      if (t.severity === 'CRITICAL') t.severity = 'HIGH';
-      else if (t.severity === 'HIGH') t.severity = 'MEDIUM';
+      if (t.severity === 'CRITICAL') t.severity = 'MEDIUM';
+      else if (t.severity === 'HIGH') t.severity = 'LOW';
       else if (t.severity === 'MEDIUM') t.severity = 'LOW';
     }
@@ -271,9 +294,11 @@ function calculateRiskScore(deduped) {
   let maxFileScore = 0;
   let mostSuspiciousFile = null;
   const fileScores = {};
+  const fileHasMediumPlus = {}; // P4: track files with MEDIUM+ threats for cross-file bonus
   for (const [file, fileThreats] of fileGroups) {
     const score = computeGroupScore(fileThreats);
     fileScores[file] = score;
+    fileHasMediumPlus[file] = fileThreats.some(t => t.severity !== 'LOW');
     if (score > maxFileScore) {
       maxFileScore = score;
       mostSuspiciousFile = file;
@@ -286,11 +311,16 @@ function calculateRiskScore(deduped) {
   // 5. Cross-file bonus: aggregate signal from non-max files
   // A package with 3 files each scoring 20 is more suspicious than 1 file scoring 20.
   // Add 25% of each non-max file's score as a bonus, capped at 25.
-  const sortedScores = Object.values(fileScores).sort((a, b) => b - a);
+  // P4: Only count files that have at least one MEDIUM+ threat.
+  // Files with only LOW findings are noise in large packages and shouldn't amplify the score.
+  const bonusEligibleScores = Object.entries(fileScores)
+    .filter(([file]) => fileHasMediumPlus[file])
+    .map(([, score]) => score)
+    .sort((a, b) => b - a);
   let crossFileBonus = 0;
-  if (sortedScores.length > 1) {
-    for (let i = 1; i < sortedScores.length; i++) {
-      crossFileBonus += Math.ceil(sortedScores[i] * 0.25);
+  if (bonusEligibleScores.length > 1) {
+    for (let i = 1; i < bonusEligibleScores.length; i++) {
+      crossFileBonus += Math.ceil(bonusEligibleScores[i] * 0.25);
     }
     crossFileBonus = Math.min(crossFileBonus, 25);
   }