openclaw-observability 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts +60 -0
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +140 -0
- package/dist/config.js.map +1 -0
- package/dist/index.d.ts +37 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +1114 -0
- package/dist/index.js.map +1 -0
- package/dist/redaction.d.ts +20 -0
- package/dist/redaction.d.ts.map +1 -0
- package/dist/redaction.js +93 -0
- package/dist/redaction.js.map +1 -0
- package/dist/security/chain-detector.d.ts +37 -0
- package/dist/security/chain-detector.d.ts.map +1 -0
- package/dist/security/chain-detector.js +187 -0
- package/dist/security/chain-detector.js.map +1 -0
- package/dist/security/rules.d.ts +22 -0
- package/dist/security/rules.d.ts.map +1 -0
- package/dist/security/rules.js +479 -0
- package/dist/security/rules.js.map +1 -0
- package/dist/security/scanner.d.ts +47 -0
- package/dist/security/scanner.d.ts.map +1 -0
- package/dist/security/scanner.js +150 -0
- package/dist/security/scanner.js.map +1 -0
- package/dist/security/types.d.ts +47 -0
- package/dist/security/types.d.ts.map +1 -0
- package/dist/security/types.js +23 -0
- package/dist/security/types.js.map +1 -0
- package/dist/storage/buffer.d.ts +64 -0
- package/dist/storage/buffer.d.ts.map +1 -0
- package/dist/storage/buffer.js +120 -0
- package/dist/storage/buffer.js.map +1 -0
- package/dist/storage/duckdb-local-writer.d.ts +26 -0
- package/dist/storage/duckdb-local-writer.d.ts.map +1 -0
- package/dist/storage/duckdb-local-writer.js +454 -0
- package/dist/storage/duckdb-local-writer.js.map +1 -0
- package/dist/storage/mysql-writer.d.ts +55 -0
- package/dist/storage/mysql-writer.d.ts.map +1 -0
- package/dist/storage/mysql-writer.js +287 -0
- package/dist/storage/mysql-writer.js.map +1 -0
- package/dist/storage/schema.d.ts +13 -0
- package/dist/storage/schema.d.ts.map +1 -0
- package/dist/storage/schema.js +94 -0
- package/dist/storage/schema.js.map +1 -0
- package/dist/storage/writer.d.ts +31 -0
- package/dist/storage/writer.d.ts.map +1 -0
- package/dist/storage/writer.js +7 -0
- package/dist/storage/writer.js.map +1 -0
- package/dist/types.d.ts +72 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +44 -0
- package/dist/types.js.map +1 -0
- package/dist/web/api.d.ts +115 -0
- package/dist/web/api.d.ts.map +1 -0
- package/dist/web/api.js +219 -0
- package/dist/web/api.js.map +1 -0
- package/dist/web/routes.d.ts +20 -0
- package/dist/web/routes.d.ts.map +1 -0
- package/dist/web/routes.js +175 -0
- package/dist/web/routes.js.map +1 -0
- package/dist/web/ui.d.ts +9 -0
- package/dist/web/ui.d.ts.map +1 -0
- package/dist/web/ui.js +1327 -0
- package/dist/web/ui.js.map +1 -0
- package/openclaw.plugin.json +231 -0
- package/package.json +41 -0
|
@@ -0,0 +1,479 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* L1 Security detection rules
|
|
4
|
+
* Value-level scanning rules based on regex and functions
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.ALL_RULES = void 0;
|
|
8
|
+
const types_1 = require("./types");
|
|
9
|
+
/* ------------------------------------------------------------------ */
|
|
10
|
+
/* Helpers */
|
|
11
|
+
/* ------------------------------------------------------------------ */
|
|
12
|
+
/** Redact detected secrets: keep first 6 chars + ***DETECTED*** */
|
|
13
|
+
function redactSecret(value) {
|
|
14
|
+
if (value.length <= 6)
|
|
15
|
+
return '***DETECTED***';
|
|
16
|
+
return value.substring(0, 6) + '***DETECTED***';
|
|
17
|
+
}
|
|
18
|
+
/** Find all regex matches in text, return redacted findings */
|
|
19
|
+
function regexScan(text, pattern, rule, contextPrefix) {
|
|
20
|
+
const findings = [];
|
|
21
|
+
const seen = new Set();
|
|
22
|
+
let match;
|
|
23
|
+
// Use new RegExp instance to reset lastIndex
|
|
24
|
+
const re = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
|
|
25
|
+
while ((match = re.exec(text)) !== null) {
|
|
26
|
+
const raw = match[0];
|
|
27
|
+
const redacted = redactSecret(raw);
|
|
28
|
+
if (seen.has(redacted))
|
|
29
|
+
continue;
|
|
30
|
+
seen.add(redacted);
|
|
31
|
+
findings.push({
|
|
32
|
+
ruleId: rule.id,
|
|
33
|
+
ruleName: rule.name,
|
|
34
|
+
category: rule.category,
|
|
35
|
+
severity: rule.severity,
|
|
36
|
+
finding: redacted,
|
|
37
|
+
context: `${contextPrefix}: detected pattern at offset ${match.index}`,
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
return findings;
|
|
41
|
+
}
|
|
42
|
+
/* ------------------------------------------------------------------ */
|
|
43
|
+
/* S-series — Secret Leakage */
|
|
44
|
+
/* ------------------------------------------------------------------ */
|
|
45
|
+
const S001_ALIYUN_AK = {
|
|
46
|
+
id: 'S001',
|
|
47
|
+
name: 'Alibaba Cloud AccessKey Leak',
|
|
48
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
49
|
+
severity: types_1.Severity.CRITICAL,
|
|
50
|
+
enabled: true,
|
|
51
|
+
detect: (text) => regexScan(text, /LTAI[A-Za-z0-9]{12,20}/g, S001_ALIYUN_AK, 'Alibaba Cloud AK'),
|
|
52
|
+
};
|
|
53
|
+
const S002_AWS_AK = {
|
|
54
|
+
id: 'S002',
|
|
55
|
+
name: 'AWS AccessKey Leak',
|
|
56
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
57
|
+
severity: types_1.Severity.CRITICAL,
|
|
58
|
+
enabled: true,
|
|
59
|
+
detect: (text) => regexScan(text, /AKIA[0-9A-Z]{16}/g, S002_AWS_AK, 'AWS AK'),
|
|
60
|
+
};
|
|
61
|
+
const S003_PRIVATE_KEY = {
|
|
62
|
+
id: 'S003',
|
|
63
|
+
name: 'Private Key Leak',
|
|
64
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
65
|
+
severity: types_1.Severity.CRITICAL,
|
|
66
|
+
enabled: true,
|
|
67
|
+
detect: (text) => regexScan(text, /-----BEGIN\s+(RSA|EC|OPENSSH|DSA|PGP)\s+PRIVATE\s+KEY-----/gi, S003_PRIVATE_KEY, 'Private Key'),
|
|
68
|
+
};
|
|
69
|
+
const S004_JWT = {
|
|
70
|
+
id: 'S004',
|
|
71
|
+
name: 'JWT Token Leak',
|
|
72
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
73
|
+
severity: types_1.Severity.WARN,
|
|
74
|
+
enabled: true,
|
|
75
|
+
detect: (text) => regexScan(text, /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]+/g, S004_JWT, 'JWT Token'),
|
|
76
|
+
};
|
|
77
|
+
const S005_DB_CONN_STRING = {
|
|
78
|
+
id: 'S005',
|
|
79
|
+
name: 'Database Connection String Leak',
|
|
80
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
81
|
+
severity: types_1.Severity.WARN,
|
|
82
|
+
enabled: true,
|
|
83
|
+
detect: (text) => regexScan(text, /(mysql|postgres|postgresql|mongodb|redis|mssql):\/\/[^:]+:[^@]+@[^\s"',]+/gi, S005_DB_CONN_STRING, 'Database Connection String'),
|
|
84
|
+
};
|
|
85
|
+
const S006_GENERIC_API_KEY = {
|
|
86
|
+
id: 'S006',
|
|
87
|
+
name: 'Generic API Key Leak',
|
|
88
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
89
|
+
severity: types_1.Severity.WARN,
|
|
90
|
+
enabled: true,
|
|
91
|
+
detect: (text) => {
|
|
92
|
+
const findings = [];
|
|
93
|
+
// OpenAI style
|
|
94
|
+
findings.push(...regexScan(text, /sk-[A-Za-z0-9]{32,}/g, S006_GENERIC_API_KEY, 'OpenAI-style Key'));
|
|
95
|
+
// GitHub PAT
|
|
96
|
+
findings.push(...regexScan(text, /ghp_[A-Za-z0-9]{36}/g, S006_GENERIC_API_KEY, 'GitHub PAT'));
|
|
97
|
+
// GitHub fine-grained PAT
|
|
98
|
+
findings.push(...regexScan(text, /github_pat_[A-Za-z0-9_]{30,}/g, S006_GENERIC_API_KEY, 'GitHub Fine-grained PAT'));
|
|
99
|
+
// Generic bearer-like long tokens (40+ hex chars following common key patterns)
|
|
100
|
+
findings.push(...regexScan(text, /(?:api[_-]?key|secret|token|bearer)\s*[:=]\s*["']?([A-Za-z0-9_-]{32,})["']?/gi, S006_GENERIC_API_KEY, 'Generic API Key'));
|
|
101
|
+
return findings;
|
|
102
|
+
},
|
|
103
|
+
};
|
|
104
|
+
const S007_GCP_KEY = {
|
|
105
|
+
id: 'S007',
|
|
106
|
+
name: 'GCP Service Account Key',
|
|
107
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
108
|
+
severity: types_1.Severity.CRITICAL,
|
|
109
|
+
enabled: true,
|
|
110
|
+
detect: (text) => regexScan(text, /"type"\s*:\s*"service_account"/g, S007_GCP_KEY, 'GCP Service Account JSON'),
|
|
111
|
+
};
|
|
112
|
+
const S008_AZURE_CONN = {
|
|
113
|
+
id: 'S008',
|
|
114
|
+
name: 'Azure Connection String Leak',
|
|
115
|
+
category: types_1.RuleCategory.SecretLeakage,
|
|
116
|
+
severity: types_1.Severity.CRITICAL,
|
|
117
|
+
enabled: true,
|
|
118
|
+
detect: (text) => regexScan(text, /DefaultEndpointsProtocol=https?;AccountName=[^;]+;AccountKey=[^;]+/gi, S008_AZURE_CONN, 'Azure Connection String'),
|
|
119
|
+
};
|
|
120
|
+
/* ------------------------------------------------------------------ */
|
|
121
|
+
/* H-series — High Risk Operations */
|
|
122
|
+
/* ------------------------------------------------------------------ */
|
|
123
|
+
const H001_DANGEROUS_SHELL = {
|
|
124
|
+
id: 'H001',
|
|
125
|
+
name: 'Dangerous Shell Command',
|
|
126
|
+
category: types_1.RuleCategory.HighRiskOp,
|
|
127
|
+
severity: types_1.Severity.CRITICAL,
|
|
128
|
+
enabled: true,
|
|
129
|
+
detect: (_text, action) => {
|
|
130
|
+
const dangerous = [
|
|
131
|
+
/rm\s+-rf\s+\//i, // rm -rf /
|
|
132
|
+
/rm\s+-rf\s+~/i, // rm -rf ~
|
|
133
|
+
/mkfs\./i, // format disk
|
|
134
|
+
/dd\s+if=/i, // disk write
|
|
135
|
+
/>\s*\/dev\/sd/i, // overwrite disk
|
|
136
|
+
/chmod\s+777/i, // open all permissions
|
|
137
|
+
/chmod\s+\+s/i, // setuid
|
|
138
|
+
/chown\s+root/i, // change to root
|
|
139
|
+
/curl\s+.*\|\s*sh/i, // curl pipe to sh
|
|
140
|
+
/wget\s+.*\|\s*sh/i, // wget pipe to sh
|
|
141
|
+
/curl\s+.*\|\s*bash/i, // curl pipe to bash
|
|
142
|
+
/\|\s*nc\s+/i, // pipe to netcat
|
|
143
|
+
/python\s+-c\s+['"]import\s+os/i, // python command injection
|
|
144
|
+
/eval\s*\(/i, // eval
|
|
145
|
+
/base64\s+-d\s*\|/i, // base64 decode pipe
|
|
146
|
+
];
|
|
147
|
+
// 1) Actual tool execution -> CRITICAL
|
|
148
|
+
if (action.actionType === 'tool_call') {
|
|
149
|
+
const name = action.actionName.toLowerCase();
|
|
150
|
+
if (!name.includes('shell') && !name.includes('exec') && !name.includes('terminal') && !name.includes('bash') && !name.includes('command'))
|
|
151
|
+
return [];
|
|
152
|
+
const paramText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
153
|
+
const findings = [];
|
|
154
|
+
for (const pat of dangerous) {
|
|
155
|
+
if (pat.test(paramText)) {
|
|
156
|
+
findings.push({
|
|
157
|
+
ruleId: H001_DANGEROUS_SHELL.id,
|
|
158
|
+
ruleName: H001_DANGEROUS_SHELL.name,
|
|
159
|
+
category: H001_DANGEROUS_SHELL.category,
|
|
160
|
+
severity: types_1.Severity.CRITICAL,
|
|
161
|
+
finding: `Dangerous command pattern: ${pat.source}`,
|
|
162
|
+
context: `tool=${action.actionName}`,
|
|
163
|
+
});
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
return findings;
|
|
167
|
+
}
|
|
168
|
+
// 2) User message intent detection -> WARN
|
|
169
|
+
if (action.actionType === 'model_resolve' || action.actionType === 'message') {
|
|
170
|
+
const inputText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
171
|
+
for (const pat of dangerous) {
|
|
172
|
+
if (pat.test(inputText)) {
|
|
173
|
+
return [{
|
|
174
|
+
ruleId: H001_DANGEROUS_SHELL.id,
|
|
175
|
+
ruleName: H001_DANGEROUS_SHELL.name,
|
|
176
|
+
category: H001_DANGEROUS_SHELL.category,
|
|
177
|
+
severity: types_1.Severity.WARN,
|
|
178
|
+
finding: `User requested dangerous command: ${pat.source}`,
|
|
179
|
+
context: `action=${action.actionName}, intent detected (may not have been executed)`,
|
|
180
|
+
}];
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
return [];
|
|
185
|
+
},
|
|
186
|
+
};
|
|
187
|
+
const H002_SENSITIVE_PATH = {
|
|
188
|
+
id: 'H002',
|
|
189
|
+
name: 'Sensitive File Path Access',
|
|
190
|
+
category: types_1.RuleCategory.HighRiskOp,
|
|
191
|
+
severity: types_1.Severity.WARN,
|
|
192
|
+
enabled: true,
|
|
193
|
+
detect: (_text, action) => {
|
|
194
|
+
const sensitivePaths = [
|
|
195
|
+
/\.ssh\//i,
|
|
196
|
+
/\.env(?:\.|$|["'\s])/i,
|
|
197
|
+
/\.aws\/credentials/i,
|
|
198
|
+
/\.kube\/config/i,
|
|
199
|
+
/\.docker\/config\.json/i,
|
|
200
|
+
/\/etc\/shadow/i,
|
|
201
|
+
/\/etc\/passwd/i,
|
|
202
|
+
/id_rsa/i,
|
|
203
|
+
/id_ed25519/i,
|
|
204
|
+
/\.pem["']/i,
|
|
205
|
+
/\.key["']/i,
|
|
206
|
+
/credentials\.json/i,
|
|
207
|
+
/\.netrc/i,
|
|
208
|
+
/\.pgpass/i,
|
|
209
|
+
/\.my\.cnf/i,
|
|
210
|
+
];
|
|
211
|
+
// 1) Actual tool execution -> CRITICAL
|
|
212
|
+
if (action.actionType === 'tool_call') {
|
|
213
|
+
const paramText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
214
|
+
const findings = [];
|
|
215
|
+
for (const pat of sensitivePaths) {
|
|
216
|
+
if (pat.test(paramText)) {
|
|
217
|
+
findings.push({
|
|
218
|
+
ruleId: H002_SENSITIVE_PATH.id,
|
|
219
|
+
ruleName: H002_SENSITIVE_PATH.name,
|
|
220
|
+
category: H002_SENSITIVE_PATH.category,
|
|
221
|
+
severity: types_1.Severity.CRITICAL,
|
|
222
|
+
finding: `Sensitive path access: ${pat.source}`,
|
|
223
|
+
context: `tool=${action.actionName}`,
|
|
224
|
+
});
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
return findings;
|
|
228
|
+
}
|
|
229
|
+
// 2) User message intent detection -> WARN
|
|
230
|
+
if (action.actionType === 'model_resolve' || action.actionType === 'message') {
|
|
231
|
+
const inputText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
232
|
+
for (const pat of sensitivePaths) {
|
|
233
|
+
if (pat.test(inputText)) {
|
|
234
|
+
return [{
|
|
235
|
+
ruleId: H002_SENSITIVE_PATH.id,
|
|
236
|
+
ruleName: H002_SENSITIVE_PATH.name,
|
|
237
|
+
category: H002_SENSITIVE_PATH.category,
|
|
238
|
+
severity: types_1.Severity.WARN,
|
|
239
|
+
finding: `User requested sensitive path access: ${pat.source}`,
|
|
240
|
+
context: `action=${action.actionName}, intent detected (may not have been executed)`,
|
|
241
|
+
}];
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
return [];
|
|
246
|
+
},
|
|
247
|
+
};
|
|
248
|
+
const H003_LARGE_OUTPUT = {
|
|
249
|
+
id: 'H003',
|
|
250
|
+
name: 'Abnormally Large Data Output',
|
|
251
|
+
category: types_1.RuleCategory.DataExfil,
|
|
252
|
+
severity: types_1.Severity.WARN,
|
|
253
|
+
enabled: true,
|
|
254
|
+
detect: (_text, action) => {
|
|
255
|
+
if (action.actionType !== 'tool_call')
|
|
256
|
+
return [];
|
|
257
|
+
const outputText = action.outputResult ? JSON.stringify(action.outputResult) : '';
|
|
258
|
+
const sizeKB = Math.round(Buffer.byteLength(outputText, 'utf8') / 1024);
|
|
259
|
+
if (sizeKB > 100) {
|
|
260
|
+
return [{
|
|
261
|
+
ruleId: H003_LARGE_OUTPUT.id,
|
|
262
|
+
ruleName: H003_LARGE_OUTPUT.name,
|
|
263
|
+
category: H003_LARGE_OUTPUT.category,
|
|
264
|
+
severity: H003_LARGE_OUTPUT.severity,
|
|
265
|
+
finding: `Tool output size: ${sizeKB}KB (threshold: 100KB)`,
|
|
266
|
+
context: `tool=${action.actionName}`,
|
|
267
|
+
}];
|
|
268
|
+
}
|
|
269
|
+
return [];
|
|
270
|
+
},
|
|
271
|
+
};
|
|
272
|
+
const H004_ENV_ACCESS = {
|
|
273
|
+
id: 'H004',
|
|
274
|
+
name: 'Environment Variable Access',
|
|
275
|
+
category: types_1.RuleCategory.HighRiskOp,
|
|
276
|
+
severity: types_1.Severity.WARN,
|
|
277
|
+
enabled: true,
|
|
278
|
+
detect: (_text, action) => {
|
|
279
|
+
if (action.actionType !== 'tool_call')
|
|
280
|
+
return [];
|
|
281
|
+
const text = JSON.stringify(action.inputParams) + JSON.stringify(action.outputResult);
|
|
282
|
+
// Check for bulk environment variable leakage (multiple KEY=VALUE patterns)
|
|
283
|
+
const envVarPattern = /[A-Z_]{3,}=\S+/g;
|
|
284
|
+
const matches = text.match(envVarPattern);
|
|
285
|
+
if (matches && matches.length >= 5) {
|
|
286
|
+
return [{
|
|
287
|
+
ruleId: H004_ENV_ACCESS.id,
|
|
288
|
+
ruleName: H004_ENV_ACCESS.name,
|
|
289
|
+
category: H004_ENV_ACCESS.category,
|
|
290
|
+
severity: H004_ENV_ACCESS.severity,
|
|
291
|
+
finding: `Bulk environment variables detected: ${matches.length} variables`,
|
|
292
|
+
context: `tool=${action.actionName}, sample: ${matches.slice(0, 3).map(m => m.split('=')[0]).join(', ')}...`,
|
|
293
|
+
}];
|
|
294
|
+
}
|
|
295
|
+
return [];
|
|
296
|
+
},
|
|
297
|
+
};
|
|
298
|
+
const H005_SUDO = {
|
|
299
|
+
id: 'H005',
|
|
300
|
+
name: 'Privilege Escalation Attempt',
|
|
301
|
+
category: types_1.RuleCategory.HighRiskOp,
|
|
302
|
+
severity: types_1.Severity.CRITICAL,
|
|
303
|
+
enabled: true,
|
|
304
|
+
detect: (_text, action) => {
|
|
305
|
+
const sudoPatterns = [
|
|
306
|
+
/sudo\s+/i,
|
|
307
|
+
/su\s+-\s/i,
|
|
308
|
+
/pkexec\s+/i,
|
|
309
|
+
/doas\s+/i,
|
|
310
|
+
];
|
|
311
|
+
// 1) Actual tool execution -> CRITICAL
|
|
312
|
+
if (action.actionType === 'tool_call') {
|
|
313
|
+
const paramText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
314
|
+
const findings = [];
|
|
315
|
+
for (const pat of sudoPatterns) {
|
|
316
|
+
if (pat.test(paramText)) {
|
|
317
|
+
findings.push({
|
|
318
|
+
ruleId: H005_SUDO.id,
|
|
319
|
+
ruleName: H005_SUDO.name,
|
|
320
|
+
category: H005_SUDO.category,
|
|
321
|
+
severity: types_1.Severity.CRITICAL,
|
|
322
|
+
finding: `Privilege escalation attempt: ${pat.source}`,
|
|
323
|
+
context: `tool=${action.actionName}`,
|
|
324
|
+
});
|
|
325
|
+
break;
|
|
326
|
+
}
|
|
327
|
+
}
|
|
328
|
+
return findings;
|
|
329
|
+
}
|
|
330
|
+
// 2) User message intent detection -> WARN (LLM may refuse, but intent is logged)
|
|
331
|
+
if (action.actionType === 'model_resolve' || action.actionType === 'message') {
|
|
332
|
+
const inputText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
333
|
+
for (const pat of sudoPatterns) {
|
|
334
|
+
if (pat.test(inputText)) {
|
|
335
|
+
return [{
|
|
336
|
+
ruleId: H005_SUDO.id,
|
|
337
|
+
ruleName: H005_SUDO.name,
|
|
338
|
+
category: H005_SUDO.category,
|
|
339
|
+
severity: types_1.Severity.WARN,
|
|
340
|
+
finding: `User requested privilege escalation: ${pat.source}`,
|
|
341
|
+
context: `action=${action.actionName}, intent detected (may not have been executed)`,
|
|
342
|
+
}];
|
|
343
|
+
}
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
return [];
|
|
347
|
+
},
|
|
348
|
+
};
|
|
349
|
+
/* ------------------------------------------------------------------ */
|
|
350
|
+
/* T-series — Prompt Injection / Skill Threats */
|
|
351
|
+
/* ------------------------------------------------------------------ */
|
|
352
|
+
const T005_PROMPT_INJECTION = {
|
|
353
|
+
id: 'T005',
|
|
354
|
+
name: 'Prompt Injection Detection',
|
|
355
|
+
category: types_1.RuleCategory.PromptInjection,
|
|
356
|
+
severity: types_1.Severity.WARN,
|
|
357
|
+
enabled: true,
|
|
358
|
+
detect: (_text, action) => {
|
|
359
|
+
const injectionPatterns = [
|
|
360
|
+
/ignore\s+(all\s+)?previous\s+(instructions?|prompts?)/i,
|
|
361
|
+
/disregard\s+(all\s+)?(above|previous)/i,
|
|
362
|
+
/new\s+instructions?\s*:/i,
|
|
363
|
+
/system\s*prompt\s*:/i,
|
|
364
|
+
/you\s+are\s+now\s+/i,
|
|
365
|
+
/forget\s+(everything|all|your)/i,
|
|
366
|
+
/override\s+(your|the)\s+(instructions?|rules?|guidelines?)/i,
|
|
367
|
+
/\[system\]/i,
|
|
368
|
+
/\[INST\]/i,
|
|
369
|
+
/<<SYS>>/i,
|
|
370
|
+
/act\s+as\s+(a|an)\s+/i,
|
|
371
|
+
];
|
|
372
|
+
const findings = [];
|
|
373
|
+
// 1) Check user input (message / model_resolve) -> user-initiated injection
|
|
374
|
+
if (action.actionType === 'message' || action.actionType === 'model_resolve') {
|
|
375
|
+
const inputText = action.inputParams ? JSON.stringify(action.inputParams).toLowerCase() : '';
|
|
376
|
+
for (const pat of injectionPatterns) {
|
|
377
|
+
if (pat.test(inputText)) {
|
|
378
|
+
findings.push({
|
|
379
|
+
ruleId: T005_PROMPT_INJECTION.id,
|
|
380
|
+
ruleName: T005_PROMPT_INJECTION.name,
|
|
381
|
+
category: T005_PROMPT_INJECTION.category,
|
|
382
|
+
severity: types_1.Severity.WARN,
|
|
383
|
+
finding: `Prompt injection attempt in user input: ${pat.source}`,
|
|
384
|
+
context: `action=${action.actionName}, in input/params`,
|
|
385
|
+
});
|
|
386
|
+
break;
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
// 2) Check tool output (tool_call) -> malicious tool return injection
|
|
391
|
+
if (action.actionType === 'tool_call') {
|
|
392
|
+
const outputText = action.outputResult ? JSON.stringify(action.outputResult).toLowerCase() : '';
|
|
393
|
+
for (const pat of injectionPatterns) {
|
|
394
|
+
if (pat.test(outputText)) {
|
|
395
|
+
findings.push({
|
|
396
|
+
ruleId: T005_PROMPT_INJECTION.id,
|
|
397
|
+
ruleName: T005_PROMPT_INJECTION.name,
|
|
398
|
+
category: T005_PROMPT_INJECTION.category,
|
|
399
|
+
severity: types_1.Severity.CRITICAL, // tool injection is more severe
|
|
400
|
+
finding: `Prompt injection in tool output: ${pat.source}`,
|
|
401
|
+
context: `tool=${action.actionName}, in output/result — potential skill trojan`,
|
|
402
|
+
});
|
|
403
|
+
break;
|
|
404
|
+
}
|
|
405
|
+
}
|
|
406
|
+
}
|
|
407
|
+
return findings;
|
|
408
|
+
},
|
|
409
|
+
};
|
|
410
|
+
/** Built-in safe domain whitelist (always active) */
|
|
411
|
+
const BUILTIN_SAFE_DOMAINS = [
|
|
412
|
+
'api.openai.com', 'api.anthropic.com', 'dashscope.aliyuncs.com',
|
|
413
|
+
'generativelanguage.googleapis.com', 'api.groq.com',
|
|
414
|
+
'localhost', '127.0.0.1', '0.0.0.0',
|
|
415
|
+
'github.com', 'api.github.com',
|
|
416
|
+
'googleapis.com', 'azure.com',
|
|
417
|
+
];
|
|
418
|
+
const T003_EXTERNAL_REQUEST = {
|
|
419
|
+
id: 'T003',
|
|
420
|
+
name: 'External Network Request Detection',
|
|
421
|
+
category: types_1.RuleCategory.DataExfil,
|
|
422
|
+
severity: types_1.Severity.INFO,
|
|
423
|
+
enabled: true,
|
|
424
|
+
detect: (_text, action, ctx) => {
|
|
425
|
+
if (action.actionType !== 'tool_call')
|
|
426
|
+
return [];
|
|
427
|
+
const paramText = action.inputParams ? JSON.stringify(action.inputParams) : '';
|
|
428
|
+
// Merge built-in whitelist + user-configured whitelist
|
|
429
|
+
const userWhitelist = ctx?.domainWhitelist ?? [];
|
|
430
|
+
const safeList = [...BUILTIN_SAFE_DOMAINS, ...userWhitelist];
|
|
431
|
+
// Extract URLs
|
|
432
|
+
const urlPattern = /https?:\/\/([a-zA-Z0-9.-]+)/gi;
|
|
433
|
+
const findings = [];
|
|
434
|
+
const seen = new Set();
|
|
435
|
+
let match;
|
|
436
|
+
while ((match = urlPattern.exec(paramText)) !== null) {
|
|
437
|
+
const domain = match[1].toLowerCase();
|
|
438
|
+
if (seen.has(domain))
|
|
439
|
+
continue;
|
|
440
|
+
seen.add(domain);
|
|
441
|
+
// Whitelisted domains are not alerted
|
|
442
|
+
if (safeList.some(s => domain === s || domain.endsWith('.' + s)))
|
|
443
|
+
continue;
|
|
444
|
+
findings.push({
|
|
445
|
+
ruleId: T003_EXTERNAL_REQUEST.id,
|
|
446
|
+
ruleName: T003_EXTERNAL_REQUEST.name,
|
|
447
|
+
category: T003_EXTERNAL_REQUEST.category,
|
|
448
|
+
severity: types_1.Severity.WARN, // non-whitelisted domain -> escalate
|
|
449
|
+
finding: `External request to: ${domain}`,
|
|
450
|
+
context: `tool=${action.actionName}`,
|
|
451
|
+
});
|
|
452
|
+
}
|
|
453
|
+
return findings;
|
|
454
|
+
},
|
|
455
|
+
};
|
|
456
|
+
/* ------------------------------------------------------------------ */
|
|
457
|
+
/* Export all rules */
|
|
458
|
+
/* ------------------------------------------------------------------ */
|
|
459
|
+
exports.ALL_RULES = [
|
|
460
|
+
// S-series — Secret Leakage
|
|
461
|
+
S001_ALIYUN_AK,
|
|
462
|
+
S002_AWS_AK,
|
|
463
|
+
S003_PRIVATE_KEY,
|
|
464
|
+
S004_JWT,
|
|
465
|
+
S005_DB_CONN_STRING,
|
|
466
|
+
S006_GENERIC_API_KEY,
|
|
467
|
+
S007_GCP_KEY,
|
|
468
|
+
S008_AZURE_CONN,
|
|
469
|
+
// H-series — High Risk Operations
|
|
470
|
+
H001_DANGEROUS_SHELL,
|
|
471
|
+
H002_SENSITIVE_PATH,
|
|
472
|
+
H003_LARGE_OUTPUT,
|
|
473
|
+
H004_ENV_ACCESS,
|
|
474
|
+
H005_SUDO,
|
|
475
|
+
// T-series — Prompt Injection / Skill Threats
|
|
476
|
+
T005_PROMPT_INJECTION,
|
|
477
|
+
T003_EXTERNAL_REQUEST,
|
|
478
|
+
];
|
|
479
|
+
//# sourceMappingURL=rules.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../src/security/rules.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,mCAAkE;AAuBlE,wEAAwE;AACxE,0EAA0E;AAC1E,wEAAwE;AAExE,mEAAmE;AACnE,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC/C,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,gBAAgB,CAAC;AAClD,CAAC;AAED,+DAA+D;AAC/D,SAAS,SAAS,CAChB,IAAY,EACZ,OAAe,EACf,IAA8E,EAC9E,aAAqB;IAErB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,IAAI,KAA6B,CAAC;IAElC,6CAA6C;IAC7C,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;IACzG,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,SAAS;QACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEnB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,GAAG,aAAa,gCAAgC,KAAK,CAAC,KAAK,EAAE;SACvE,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,MAAM,cAAc,GAAiB;IACnC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,8BAA8B;IACpC,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CAAC,IAAI,EAAE,yBAAyB,EAAE,cAAc,EAAE,kBAAkB,CAAC;CACjF,CAAC;AAEF,MAAM,WAAW,GAAiB;IAChC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,oBAAoB;IAC1B,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CAAC,IAAI,EAAE,mBAAmB,EAAE,WAAW,EAAE,QAAQ,CAAC;CAC9D,CAAC;AAEF,MAAM,gBAAgB,GAAiB;IACrC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,kBAAkB;IACxB,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CACP,IAAI,EACJ,8DAA8D,EAC9D,gBAAgB,EAChB,aAAa,CACd;CACJ,CAAC;AAEF,MAAM,QAAQ,GAAiB;IAC7B,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CACP,IAAI,EACJ,+DAA+D,EAC/D,QAAQ,EACR,WAAW,CACZ;CACJ,CAAC;AAEF,MAAM,mBAAmB,GAAiB;IACxC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,iCAAiC;IACvC,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CACP,IAAI,EACJ,6EAA6E,EAC7E,mBAAmB,EACnB,4BAA4B,CAC7B;CACJ,CAAC;AAEF,MAAM,oBAAoB,GAAiB;IACzC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,sBAAsB;IAC5B,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACf,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,eAAe;QACf,QAAQ,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,kBAAkB,CAAC,CAAC,CAAC;QACpG,aAAa;QACb,QAAQ,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,YAAY,CAAC,CAAC,CAAC;QAC9F,0BAA0B;QAC1B,QAAQ,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,+BAA+B,EAAE,oBAAoB,EAAE,yBAAyB,CAAC,CAAC,CAAC;QACpH,gFAAgF;QAChF,QAAQ,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,+EAA+E,EAAE,oBAAoB,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC5J,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,MAAM,YAAY,GAAiB;IACjC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,yBAAyB;IAC/B,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CAAC,IAAI,EAAE,iCAAiC,EAAE,YAAY,EAAE,0BAA0B,CAAC;CAC/F,CAAC;AAEF,MAAM,eAAe,GAAiB;IACpC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,8BAA8B;IACpC,QAAQ,EAAE,oBAAY,CAAC,aAAa;IACpC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CACf,SAAS,CACP,IAAI,EACJ,sEAAsE,EACtE,eAAe,EACf,yBAAyB,CAC1B;CACJ,CAAC;AAEF,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,MAAM,oBAAoB,GAAiB;IACzC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,yBAAyB;IAC/B,QAAQ,EAAE,oBAAY,CAAC,UAAU;IACjC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,MAAM,SAAS,GAAG;YAChB,gBAAgB,EAAW,WAAW;YACtC,eAAe,EAAY,WAAW;YACtC,SAAS,EAAmB,cAAc;YAC1C,WAAW,EAAiB,aAAa;YACzC,gBAAgB,EAAW,iBAAiB;YAC5C,cAAc,EAAa,uBAAuB;YAClD,cAAc,EAAa,SAAS;YACpC,eAAe,EAAY,iBAAiB;YAC5C,mBAAmB,EAAO,kBAAkB;YAC5C,mBAAmB,EAAO,kBAAkB;YAC5C,qBAAqB,EAAK,oBAAoB;YAC9C,aAAa,EAAc,iBAAiB;YAC5C,gCAAgC,EAAE,2BAA2B;YAC7D,YAAY,EAAe,OAAO;YAClC,mBAAmB,EAAQ,qBAAqB;SACjD,CAAC;QAEF,uCAAuC;QACvC,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,OAAO,EAAE,CAAC;YAEtJ,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/E,MAAM,QAAQ,GAAsB,EAAE,CAAC;YACvC,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,oBAAoB,CAAC,EAAE;wBAC/B,QAAQ,EAAE,oBAAoB,CAAC,IAAI;wBACnC,QAAQ,EAAE,oBAAoB,CAAC,QAAQ;wBACvC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;wBAC3B,OAAO,EAAE,8BAA8B,GAAG,CAAC,MAAM,EAAE;wBACnD,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE;qBACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,2CAA2C;QAC3C,IAAI,MAAM,CAAC,UAAU,KAAK,eAAe,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/E,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,OAAO,CAAC;4BACN,MAAM,EAAE,oBAAoB,CAAC,EAAE;4BAC/B,QAAQ,EAAE,oBAAoB,CAAC,IAAI;4BACnC,QAAQ,EAAE,oBAAoB,CAAC,QAAQ;4BACvC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;4BACvB,OAAO,EAAE,qCAAqC,GAAG,CAAC,MAAM,EAAE;4BAC1D,OAAO,EAAE,UAAU,MAAM,CAAC,UAAU,gDAAgD;yBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF,MAAM,mBAAmB,GAAiB;IACxC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,4BAA4B;IAClC,QAAQ,EAAE,oBAAY,CAAC,UAAU;IACjC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,MAAM,cAAc,GAAG;YACrB,UAAU;YACV,uBAAuB;YACvB,qBAAqB;YACrB,iBAAiB;YACjB,yBAAyB;YACzB,gBAAgB;YAChB,gBAAgB;YAChB,SAAS;YACT,aAAa;YACb,YAAY;YACZ,YAAY;YACZ,oBAAoB;YACpB,UAAU;YACV,WAAW;YACX,YAAY;SACb,CAAC;QAEF,uCAAuC;QACvC,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/E,MAAM,QAAQ,GAAsB,EAAE,CAAC;YACvC,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,mBAAmB,CAAC,EAAE;wBAC9B,QAAQ,EAAE,mBAAmB,CAAC,IAAI;wBAClC,QAAQ,EAAE,mBAAmB,CAAC,QAAQ;wBACtC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;wBAC3B,OAAO,EAAE,0BAA0B,GAAG,CAAC,MAAM,EAAE;wBAC/C,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE;qBACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,2CAA2C;QAC3C,IAAI,MAAM,CAAC,UAAU,KAAK,eAAe,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/E,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,OAAO,CAAC;4BACN,MAAM,EAAE,mBAAmB,CAAC,EAAE;4BAC9B,QAAQ,EAAE,mBAAmB,CAAC,IAAI;4BAClC,QAAQ,EAAE,mBAAmB,CAAC,QAAQ;4BACtC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;4BACvB,OAAO,EAAE,yCAAyC,GAAG,CAAC,MAAM,EAAE;4BAC9D,OAAO,EAAE,UAAU,MAAM,CAAC,UAAU,gDAAgD;yBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAiB;IACtC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,8BAA8B;IACpC,QAAQ,EAAE,oBAAY,CAAC,SAAS;IAChC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW;YAAE,OAAO,EAAE,CAAC;QACjD,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;QACxE,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;YACjB,OAAO,CAAC;oBACN,MAAM,EAAE,iBAAiB,CAAC,EAAE;oBAC5B,QAAQ,EAAE,iBAAiB,CAAC,IAAI;oBAChC,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;oBACpC,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;oBACpC,OAAO,EAAE,qBAAqB,MAAM,uBAAuB;oBAC3D,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE;iBACrC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAiB;IACpC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,6BAA6B;IACnC,QAAQ,EAAE,oBAAY,CAAC,UAAU;IACjC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW;YAAE,OAAO,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAEtF,4EAA4E;QAC5E,MAAM,aAAa,GAAG,iBAAiB,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC;oBACN,MAAM,EAAE,eAAe,CAAC,EAAE;oBAC1B,QAAQ,EAAE,eAAe,CAAC,IAAI;oBAC9B,QAAQ,EAAE,eAAe,CAAC,QAAQ;oBAClC,QAAQ,EAAE,eAAe,CAAC,QAAQ;oBAClC,OAAO,EAAE,wCAAwC,OAAO,CAAC,MAAM,YAAY;oBAC3E,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,aAAa,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;iBAC7G,CAAC,CAAC;QACL,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF,MAAM,SAAS,GAAiB;IAC9B,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,8BAA8B;IACpC,QAAQ,EAAE,oBAAY,CAAC,UAAU;IACjC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;IAC3B,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,MAAM,YAAY,GAAG;YACnB,UAAU;YACV,WAAW;YACX,YAAY;YACZ,UAAU;SACX,CAAC;QAEF,uCAAuC;QACvC,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/E,MAAM,QAAQ,GAAsB,EAAE,CAAC;YACvC,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,SAAS,CAAC,EAAE;wBACpB,QAAQ,EAAE,SAAS,CAAC,IAAI;wBACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;wBAC5B,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;wBAC3B,OAAO,EAAE,iCAAiC,GAAG,CAAC,MAAM,EAAE;wBACtD,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE;qBACrC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,kFAAkF;QAClF,IAAI,MAAM,CAAC,UAAU,KAAK,eAAe,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/E,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,OAAO,CAAC;4BACN,MAAM,EAAE,SAAS,CAAC,EAAE;4BACpB,QAAQ,EAAE,SAAS,CAAC,IAAI;4BACxB,QAAQ,EAAE,SAAS,CAAC,QAAQ;4BAC5B,QAAQ,EAAE,gBAAQ,CAAC,IAAI;4BACvB,OAAO,EAAE,wCAAwC,GAAG,CAAC,MAAM,EAAE;4BAC7D,OAAO,EAAE,UAAU,MAAM,CAAC,UAAU,gDAAgD;yBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC;AAEF,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,MAAM,qBAAqB,GAAiB;IAC1C,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,4BAA4B;IAClC,QAAQ,EAAE,oBAAY,CAAC,eAAe;IACtC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,MAAM,iBAAiB,GAAG;YACxB,wDAAwD;YACxD,wCAAwC;YACxC,0BAA0B;YAC1B,sBAAsB;YACtB,qBAAqB;YACrB,iCAAiC;YACjC,6DAA6D;YAC7D,aAAa;YACb,WAAW;YACX,UAAU;YACV,uBAAuB;SACxB,CAAC;QAEF,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,4EAA4E;QAC5E,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,IAAI,MAAM,CAAC,UAAU,KAAK,eAAe,EAAE,CAAC;YAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7F,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;gBACpC,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,qBAAqB,CAAC,EAAE;wBAChC,QAAQ,EAAE,qBAAqB,CAAC,IAAI;wBACpC,QAAQ,EAAE,qBAAqB,CAAC,QAAQ;wBACxC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;wBACvB,OAAO,EAAE,2CAA2C,GAAG,CAAC,MAAM,EAAE;wBAChE,OAAO,EAAE,UAAU,MAAM,CAAC,UAAU,mBAAmB;qBACxD,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,sEAAsE;QACtE,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChG,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;gBACpC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBACzB,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,qBAAqB,CAAC,EAAE;wBAChC,QAAQ,EAAE,qBAAqB,CAAC,IAAI;wBACpC,QAAQ,EAAE,qBAAqB,CAAC,QAAQ;wBACxC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ,EAAG,gCAAgC;wBAC9D,OAAO,EAAE,oCAAoC,GAAG,CAAC,MAAM,EAAE;wBACzD,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,6CAA6C;qBAChF,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,qDAAqD;AACrD,MAAM,oBAAoB,GAAG;IAC3B,gBAAgB,EAAE,mBAAmB,EAAE,wBAAwB;IAC/D,mCAAmC,EAAE,cAAc;IACnD,WAAW,EAAE,WAAW,EAAE,SAAS;IACnC,YAAY,EAAE,gBAAgB;IAC9B,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF,MAAM,qBAAqB,GAAiB;IAC1C,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,oCAAoC;IAC1C,QAAQ,EAAE,oBAAY,CAAC,SAAS;IAChC,QAAQ,EAAE,gBAAQ,CAAC,IAAI;IACvB,OAAO,EAAE,IAAI;IACb,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,GAAI,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW;YAAE,OAAO,EAAE,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE/E,uDAAuD;QACvD,MAAM,aAAa,GAAG,GAAG,EAAE,eAAe,IAAI,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,CAAC,GAAG,oBAAoB,EAAE,GAAG,aAAa,CAAC,CAAC;QAE7D,eAAe;QACf,MAAM,UAAU,GAAG,+BAA+B,CAAC;QACnD,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACtC,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS;YAC/B,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEjB,sCAAsC;YACtC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YAE3E,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,qBAAqB,CAAC,EAAE;gBAChC,QAAQ,EAAE,qBAAqB,CAAC,IAAI;gBACpC,QAAQ,EAAE,qBAAqB,CAAC,QAAQ;gBACxC,QAAQ,EAAE,gBAAQ,CAAC,IAAI,EAAG,qCAAqC;gBAC/D,OAAO,EAAE,wBAAwB,MAAM,EAAE;gBACzC,OAAO,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE;aACrC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,wEAAwE;AACxE,0EAA0E;AAC1E,wEAAwE;AAE3D,QAAA,SAAS,GAAmB;IACvC,4BAA4B;IAC5B,cAAc;IACd,WAAW;IACX,gBAAgB;IAChB,QAAQ;IACR,mBAAmB;IACnB,oBAAoB;IACpB,YAAY;IACZ,eAAe;IACf,kCAAkC;IAClC,oBAAoB;IACpB,mBAAmB;IACnB,iBAAiB;IACjB,eAAe;IACf,SAAS;IACT,8CAA8C;IAC9C,qBAAqB;IACrB,qBAAqB;CACtB,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SecurityScanner — main entry point for security detection
|
|
3
|
+
* Coordinates L1 rule engine + L2 behavior chain detector
|
|
4
|
+
*/
|
|
5
|
+
import { AuditAction } from '../types';
|
|
6
|
+
import { SecurityAlert } from './types';
|
|
7
|
+
export interface SecurityConfig {
|
|
8
|
+
/** Whether security scanning is enabled */
|
|
9
|
+
enabled: boolean;
|
|
10
|
+
/** Enabled rule categories */
|
|
11
|
+
rules: {
|
|
12
|
+
secretLeakage: boolean;
|
|
13
|
+
highRiskOps: boolean;
|
|
14
|
+
promptInjection: boolean;
|
|
15
|
+
chainDetection: boolean;
|
|
16
|
+
};
|
|
17
|
+
/** Domain whitelist — applies to T003 external request detection */
|
|
18
|
+
domainWhitelist: string[];
|
|
19
|
+
}
|
|
20
|
+
export declare const DEFAULT_SECURITY_CONFIG: SecurityConfig;
|
|
21
|
+
export declare function resolveSecurityConfig(raw: Partial<SecurityConfig> | undefined): SecurityConfig;
|
|
22
|
+
export declare class SecurityScanner {
|
|
23
|
+
private rules;
|
|
24
|
+
private chainDetector;
|
|
25
|
+
private config;
|
|
26
|
+
/** Runtime context — passed to each rule's detect method */
|
|
27
|
+
private ruleCtx;
|
|
28
|
+
/** Cumulative statistics */
|
|
29
|
+
private stats;
|
|
30
|
+
constructor(config: SecurityConfig);
|
|
31
|
+
/**
|
|
32
|
+
* Scan a single AuditAction, return 0~N security alerts
|
|
33
|
+
*/
|
|
34
|
+
scan(action: AuditAction): SecurityAlert[];
|
|
35
|
+
/** Get statistics */
|
|
36
|
+
getStats(): {
|
|
37
|
+
scanned: number;
|
|
38
|
+
alertsGenerated: number;
|
|
39
|
+
};
|
|
40
|
+
/** Reset */
|
|
41
|
+
reset(): void;
|
|
42
|
+
/** Extract all scannable text from an action */
|
|
43
|
+
private extractText;
|
|
44
|
+
/** SecurityFinding -> SecurityAlert */
|
|
45
|
+
private toAlert;
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=scanner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/security/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,aAAa,EAA2C,MAAM,SAAS,CAAC;AAQjF,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,WAAW,EAAE,OAAO,CAAC;QACrB,eAAe,EAAE,OAAO,CAAC;QACzB,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,oEAAoE;IACpE,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,eAAO,MAAM,uBAAuB,EAAE,cASrC,CAAC;AAEF,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,SAAS,GACvC,cAAc,CAUhB;AAeD,qBAAa,eAAe;IAC1B,OAAO,CAAC,KAAK,CAAiB;IAC9B,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,MAAM,CAAiB;IAC/B,4DAA4D;IAC5D,OAAO,CAAC,OAAO,CAAc;IAE7B,4BAA4B;IAC5B,OAAO,CAAC,KAAK,CAGX;gBAEU,MAAM,EAAE,cAAc;IAiBlC;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,aAAa,EAAE;IAqC1C,qBAAqB;IACrB,QAAQ;;;;IAIR,YAAY;IACZ,KAAK,IAAI,IAAI;IASb,gDAAgD;IAChD,OAAO,CAAC,WAAW;IAOnB,uCAAuC;IACvC,OAAO,CAAC,OAAO;CAqBhB"}
|