muaddib-scanner 2.8.2 → 2.8.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.8.2",
+  "version": "2.8.4",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/ioc/scraper.js

@@ -462,7 +462,11 @@ function extractVersions(affected) {
     }
   }
 
-  return versions.size > 0 ? [...versions] : ['*'];
+  if (versions.size === 0) {
+    console.log('[SCRAPER]   WARN: No version info found, skipping wildcard fallback');
+    return [];
+  }
+  return [...versions];
 }
 
 /**
@@ -519,7 +523,8 @@ async function scrapeShaiHuludDetector() {
       // Extract packages — one IOC per version for correct matching
       const pkgList = data.packages || [];
       for (const pkg of pkgList) {
-        const versions = pkg.affectedVersions || ['*'];
+        const versions = pkg.affectedVersions || [];
+        if (versions.length === 0) continue; // Skip packages with no version info — avoids false wildcard
         for (const ver of versions) {
           packages.push({
             id: `SHAI-HULUD-${pkg.name}-${ver}`,
@@ -588,10 +593,11 @@ async function scrapeDatadogIOCs() {
             ? versionsStr.split(',').map(v => v.trim()).filter(Boolean)
             : [versionsStr];
           for (const ver of versionList) {
+            if (!ver || ver === '*') continue; // Skip wildcard fallbacks — avoids false positive cascade
             packages.push({
               id: `DATADOG-${name}`,
               name: name,
-              version: ver || '*',
+              version: ver,
               severity: 'critical',
               confidence: 'high',
               source: 'datadog-consolidated',
@@ -967,10 +973,11 @@ async function scrapeStaticIOCs() {
   
   // Socket.dev reports
   for (const pkg of staticIOCs.socket || []) {
+    if (!pkg.version) continue; // Skip entries without version — avoids wildcard cascade
     packages.push({
       id: `SOCKET-${pkg.name}`,
       name: pkg.name,
-      version: pkg.version || '*',
+      version: pkg.version,
       severity: pkg.severity || 'critical',
       confidence: 'high',
       source: 'socket-dev',
@@ -983,10 +990,11 @@ async function scrapeStaticIOCs() {
   
   // Phylum Research
   for (const pkg of staticIOCs.phylum || []) {
+    if (!pkg.version) continue; // Skip entries without version — avoids wildcard cascade
     packages.push({
       id: `PHYLUM-${pkg.name}`,
       name: pkg.name,
-      version: pkg.version || '*',
+      version: pkg.version,
       severity: pkg.severity || 'critical',
       confidence: 'high',
       source: 'phylum',
@@ -999,10 +1007,11 @@ async function scrapeStaticIOCs() {
   
   // npm removed packages
   for (const pkg of staticIOCs.npmRemoved || []) {
+    if (!pkg.version) continue; // Skip entries without version — avoids wildcard cascade
     packages.push({
       id: `NPM-REMOVED-${pkg.name}`,
       name: pkg.name,
-      version: pkg.version || '*',
+      version: pkg.version,
       severity: 'critical',
       confidence: 'high',
       source: 'npm-removed',

package/src/scanner/ast-detectors.js

@@ -2062,11 +2062,14 @@ function handlePostWalk(ctx) {
   // Wave 4: Download-execute-cleanup — https download + chmod executable + execSync + unlink
   // Exclude when all URLs in the file point to safe registries (npm, GitHub, nodejs.org)
   // B4: removed fetchOnlySafeDomains guard — compound requires fetch+chmod+exec, which is never legitimate
+  // C10: If file also contains hash/checksum verification, downgrade to HIGH — real droppers
+  // don't verify payload integrity; legitimate installers (esbuild, sharp) do.
   if (ctx.hasRemoteFetch && ctx.hasChmodExecutable && ctx.hasExecSyncCall) {
     ctx.threats.push({
       type: 'download_exec_binary',
-      severity: 'CRITICAL',
-      message: 'Download-execute pattern: remote fetch + chmod executable + execSync in same file. Binary dropper camouflaged as native addon build.',
+      severity: ctx.hasHashVerification ? 'HIGH' : 'CRITICAL',
+      message: 'Download-execute pattern: remote fetch + chmod executable + execSync in same file.' +
+        (ctx.hasHashVerification ? ' Hash verification detected — likely legitimate binary installer.' : ' Binary dropper camouflaged as native addon build.'),
       file: ctx.relFile
     });
   }
@@ -2082,22 +2085,41 @@ function handlePostWalk(ctx) {
     });
   }
 
-  // WASM payload detection: WebAssembly.compile/instantiate + readFileSync/https in same file
-  // WASM host import objects can contain callback functions that read credentials and exfiltrate.
-  // This pattern is never legitimate in npm packages — WASM should use pure computation, not host I/O.
+  // WASM payload detection: WebAssembly.compile/instantiate + network in same file
+  // C5+C6: Only emit CRITICAL wasm_host_sink if corroborating exfil signals exist
+  // (env_access, sensitive_string, credential reads). WASM + fetch alone is likely
+  // just WASM module loading via fetch() (standard pattern: fetch('mod.wasm').then(WebAssembly.instantiateStreaming))
   if (ctx.hasWasmLoad && ctx.hasNetworkCallInFile) {
-    ctx.threats.push({
-      type: 'wasm_host_sink',
-      severity: 'CRITICAL',
-      message: 'WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow.',
-      file: ctx.relFile
-    });
+    // C5/C6: Distinguish fetch-for-WASM-loading from independent network channels
+    // https.request, http.get, dns.resolve are NEVER used for WASM loading — they indicate
+    // an independent network channel (e.g., WASM host callbacks for C2 exfiltration)
+    const hasExfilSignal = ctx.threats.some(t =>
+      t.file === ctx.relFile && (
+        t.type === 'env_access' || t.type === 'sensitive_string' ||
+        t.type === 'suspicious_dataflow' || t.type === 'credential_regex_harvest'
+      )
+    );
+    if (ctx.hasNonFetchNetworkCall || hasExfilSignal) {
+      ctx.threats.push({
+        type: 'wasm_host_sink',
+        severity: 'CRITICAL',
+        message: 'WebAssembly module with network-capable host imports and credential/env access. WASM can invoke host callbacks to exfiltrate data while hiding control flow.',
+        file: ctx.relFile
+      });
+    } else {
+      // WASM + network but no credential/env signals → standalone MEDIUM (likely fetch for WASM loading)
+      ctx.threats.push({
+        type: 'wasm_standalone',
+        severity: 'MEDIUM',
+        message: 'WebAssembly module with network calls but no credential/env access signals. Likely WASM loading via fetch(). Verify .wasm file purpose.',
+        file: ctx.relFile
+      });
+    }
   }
 
   // WASM standalone: WebAssembly.compile/instantiate WITHOUT network sinks.
   // Legitimate: crypto, image processing, codecs. Still warrants investigation
   // because WASM hides control flow from static analysis.
-  // Compound WASM + network → wasm_host_sink (CRITICAL) takes priority (mutually exclusive).
   if (ctx.hasWasmLoad && !ctx.hasNetworkCallInFile) {
     ctx.threats.push({
       type: 'wasm_standalone',

package/src/scanner/ast.js

@@ -111,6 +111,8 @@ function analyzeFile(content, filePath, basePath) {
     hasEnvEnumeration: false,  // Object.entries/keys/values(process.env)
     hasEnvHarvestPattern: /\b(KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL|NPM|AWS|SSH|WEBHOOK)\b/.test(content),
     hasNetworkCallInFile: /\b(fetch|https?\.request|https?\.get|dns\.resolve)\b/.test(content),
+    // C5: Non-fetch network calls indicate independent network channel (NOT WASM loading)
+    hasNonFetchNetworkCall: /\bhttps?\.request\b|\bhttps?\.get\b|\bdns\.resolve\b/.test(content),
     // Credential regex harvesting: regex literals or new RegExp() whose PATTERN contains credential keywords
     // Must check that the keyword is inside the regex, not just anywhere in the file
     hasCredentialRegex: hasCredentialInsideRegex(content),
@@ -154,7 +156,11 @@ function analyzeFile(content, filePath, basePath) {
     // WASM payload detection: WebAssembly.compile/instantiate with host import sinks
     hasWasmLoad: /\bWebAssembly\s*\.\s*(compile|instantiate|compileStreaming|instantiateStreaming)\b/.test(content),
     hasWasmHostSink: false,  // set in handleCallExpression when WASM import object contains network/fs sinks
-    hasProxyTrap: false  // set in handleNewExpression when Proxy has set/get/apply trap
+    hasProxyTrap: false,  // set in handleNewExpression when Proxy has set/get/apply trap
+    // C10: Hash verification — legitimate binary installers verify checksums
+    // Requires BOTH createHash() call AND .digest() call — false positives from
+    // standalone mentions of 'sha256' or 'integrity' in comments/descriptions
+    hasHashVerification: /\bcreateHash\s*\(/.test(content) && /\.digest\s*\(/.test(content)
   };
 
   // Compute fetchOnlySafeDomains: check if ALL URLs in file point to known registries

package/src/scanner/dataflow.js

@@ -809,6 +809,26 @@ function analyzeFile(content, filePath, basePath) {
     const allTelemetryOnly = sources.every(s => s.type === 'telemetry_read');
     if (allTelemetryOnly && severity === 'CRITICAL') severity = 'HIGH';
 
+    // C7: SDK pattern downgrade — if ALL env_read sources match SDK env→domain mappings,
+    // this is legitimate SDK usage (e.g., STRIPE_API_KEY → api.stripe.com). Cap at HIGH.
+    if (severity === 'CRITICAL') {
+      const envSources = sources.filter(s => s.type === 'env_read');
+      if (envSources.length > 0 && sources.every(s => s.type === 'env_read' || s.type === 'telemetry_read')) {
+        try {
+          const { isSDKPattern } = require('../intent-graph.js');
+          const fileContent = fs.readFileSync(filePath, 'utf8');
+          const allSDK = envSources.every(s => {
+            // Extract env var name from source name (e.g., "STRIPE_API_KEY" from "process.env.STRIPE_API_KEY")
+            const envVar = s.name.replace(/^process\.env\./, '').replace(/^process\.env\[['"]/, '').replace(/['"]\]$/, '');
+            return isSDKPattern(envVar, fileContent);
+          });
+          if (allSDK) severity = 'HIGH';
+        } catch {
+          // Intent graph not available — keep CRITICAL
+        }
+      }
+    }
+
     const sourceDesc = hasCommandOutput ? 'command output' : 'credentials read';
     threats.push({
       type: 'suspicious_dataflow',

package/src/scanner/package.js

@@ -188,11 +188,15 @@ async function scanPackageJson(targetPath) {
     }
 
     if (malicious) {
+      // C1: Include triggering dependency metadata for diagnostic
       threats.push({
         type: 'known_malicious_package',
         severity: 'CRITICAL',
         message: `Malicious dependency declared: ${depName}@${depVersion} (source: ${malicious.source || 'IOC'})`,
-        file: 'package.json'
+        file: 'package.json',
+        matchedDep: depName,
+        matchedVersion: malicious.version,
+        iocSource: malicious.source || 'IOC'
       });
     }
   }

package/src/scoring.js

@@ -340,6 +340,21 @@ function applyFPReductions(threats, reachableFiles, packageName, packageDeps) {
       t.severity = 'MEDIUM';
       t.mcpSdkDowngrade = true;
     }
+
+    // C12: AI SDK awareness — env_access on AI API keys is expected in SDK packages.
+    // Downgrade env_access HIGH → MEDIUM when @modelcontextprotocol/sdk, @anthropic/sdk,
+    // or openai is in dependencies AND the env var is an AI provider key.
+    // Does NOT affect compound detections (intent_credential_exfil stays CRITICAL).
+    if (t.type === 'env_access' && t.severity === 'HIGH' &&
+        packageDeps && typeof packageDeps === 'object') {
+      const hasAiSdk = packageDeps['@modelcontextprotocol/sdk'] ||
+                       packageDeps['@anthropic/sdk'] ||
+                       packageDeps['openai'];
+      if (hasAiSdk && /\b(ANTHROPIC_API_KEY|OPENAI_API_KEY|CLAUDE_API_KEY)\b/.test(t.message)) {
+        t.reductions.push({ rule: 'ai_sdk_env', from: 'HIGH', to: 'MEDIUM' });
+        t.severity = 'MEDIUM';
+      }
+    }
   }
 }