pinata-security-cli 0.5.3 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -2
- package/dist/cli/index.js +2423 -1909
- package/dist/cli/index.js.map +1 -1
- package/dist/index.d.ts +40 -1
- package/dist/index.js +10 -3
- package/dist/index.js.map +1 -1
- package/package.json +8 -1
- package/src/categories/definitions/concurrency/idempotency-missing.yml +5 -5
- package/src/categories/definitions/concurrency/race-condition.yml +2 -2
- package/src/categories/definitions/data/data-race.yml +15 -18
- package/src/categories/definitions/data/encoding-mismatch.yml +4 -4
- package/src/categories/definitions/data/null-handling.yml +8 -23
- package/src/categories/definitions/input/boundary-testing.yml +12 -40
- package/src/categories/definitions/input/injection-fuzzing.yml +19 -0
- package/src/categories/definitions/input/null-undefined.yml +11 -39
- package/src/categories/definitions/network/connection-failure.yml +9 -3
- package/src/categories/definitions/resource/memory-leak.yml +15 -17
- package/src/categories/definitions/security/auth-failures.yml +8 -0
- package/src/categories/definitions/security/command-injection.yml +17 -0
- package/src/categories/definitions/security/csrf.yml +19 -0
- package/src/categories/definitions/security/data-exposure.yml +24 -0
- package/src/categories/definitions/security/dependency-risks.yml +6 -6
- package/src/categories/definitions/security/deserialization.yml +44 -0
- package/src/categories/definitions/security/file-upload.yml +39 -0
- package/src/categories/definitions/security/ldap-injection.yml +23 -0
- package/src/categories/definitions/security/path-traversal.yml +13 -0
- package/src/categories/definitions/security/prompt-injection.yml +14 -0
- package/src/categories/definitions/security/sql-injection.yml +30 -0
- package/src/categories/definitions/security/ssrf.yml +60 -0
- package/src/categories/definitions/security/xss.yml +36 -0
- package/src/categories/definitions/security/xxe.yml +32 -0
package/dist/index.d.ts
CHANGED
|
@@ -92,7 +92,12 @@ type Example = z.infer<typeof ExampleSchema>;
|
|
|
92
92
|
*/
|
|
93
93
|
declare const PatternTypeSchema: z.ZodEnum<["ast", "regex", "semantic"]>;
|
|
94
94
|
/**
|
|
95
|
-
* Schema for detection patterns that identify code susceptible to a category
|
|
95
|
+
* Schema for detection patterns that identify code susceptible to a category.
|
|
96
|
+
*
|
|
97
|
+
* The optional `sources` and `sanitizers` fields enable lightweight taint analysis:
|
|
98
|
+
* when a pattern matches a sink, the scanner checks whether a source (user input)
|
|
99
|
+
* is present in the same scope and whether a sanitizer intervenes. Without a source,
|
|
100
|
+
* the match confidence is downgraded. With a sanitizer, the match is suppressed.
|
|
96
101
|
*/
|
|
97
102
|
declare const DetectionPatternSchema: z.ZodObject<{
|
|
98
103
|
/** Unique identifier for this pattern */
|
|
@@ -111,6 +116,10 @@ declare const DetectionPatternSchema: z.ZodObject<{
|
|
|
111
116
|
negativePattern: z.ZodOptional<z.ZodString>;
|
|
112
117
|
/** Optional list of framework contexts where this pattern applies */
|
|
113
118
|
frameworks: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
119
|
+
/** Regex patterns identifying taint sources (user input entry points) in the same scope */
|
|
120
|
+
sources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
121
|
+
/** Regex patterns identifying sanitizers that neutralize tainted data */
|
|
122
|
+
sanitizers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
114
123
|
}, "strip", z.ZodTypeAny, {
|
|
115
124
|
id: string;
|
|
116
125
|
description: string;
|
|
@@ -120,6 +129,8 @@ declare const DetectionPatternSchema: z.ZodObject<{
|
|
|
120
129
|
confidence: "high" | "medium" | "low";
|
|
121
130
|
negativePattern?: string | undefined;
|
|
122
131
|
frameworks?: string[] | undefined;
|
|
132
|
+
sources?: string[] | undefined;
|
|
133
|
+
sanitizers?: string[] | undefined;
|
|
123
134
|
}, {
|
|
124
135
|
id: string;
|
|
125
136
|
description: string;
|
|
@@ -129,6 +140,8 @@ declare const DetectionPatternSchema: z.ZodObject<{
|
|
|
129
140
|
confidence: "high" | "medium" | "low";
|
|
130
141
|
negativePattern?: string | undefined;
|
|
131
142
|
frameworks?: string[] | undefined;
|
|
143
|
+
sources?: string[] | undefined;
|
|
144
|
+
sanitizers?: string[] | undefined;
|
|
132
145
|
}>;
|
|
133
146
|
/**
|
|
134
147
|
* Schema for a detection result (pattern match in code)
|
|
@@ -317,6 +330,8 @@ declare const CategorySchema: z.ZodObject<{
|
|
|
317
330
|
description: z.ZodString;
|
|
318
331
|
negativePattern: z.ZodOptional<z.ZodString>;
|
|
319
332
|
frameworks: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
333
|
+
sources: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
334
|
+
sanitizers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
320
335
|
}, "strip", z.ZodTypeAny, {
|
|
321
336
|
id: string;
|
|
322
337
|
description: string;
|
|
@@ -326,6 +341,8 @@ declare const CategorySchema: z.ZodObject<{
|
|
|
326
341
|
confidence: "high" | "medium" | "low";
|
|
327
342
|
negativePattern?: string | undefined;
|
|
328
343
|
frameworks?: string[] | undefined;
|
|
344
|
+
sources?: string[] | undefined;
|
|
345
|
+
sanitizers?: string[] | undefined;
|
|
329
346
|
}, {
|
|
330
347
|
id: string;
|
|
331
348
|
description: string;
|
|
@@ -335,6 +352,8 @@ declare const CategorySchema: z.ZodObject<{
|
|
|
335
352
|
confidence: "high" | "medium" | "low";
|
|
336
353
|
negativePattern?: string | undefined;
|
|
337
354
|
frameworks?: string[] | undefined;
|
|
355
|
+
sources?: string[] | undefined;
|
|
356
|
+
sanitizers?: string[] | undefined;
|
|
338
357
|
}>, "many">;
|
|
339
358
|
testTemplates: z.ZodArray<z.ZodObject<{
|
|
340
359
|
id: z.ZodString;
|
|
@@ -443,6 +462,8 @@ declare const CategorySchema: z.ZodObject<{
|
|
|
443
462
|
confidence: "high" | "medium" | "low";
|
|
444
463
|
negativePattern?: string | undefined;
|
|
445
464
|
frameworks?: string[] | undefined;
|
|
465
|
+
sources?: string[] | undefined;
|
|
466
|
+
sanitizers?: string[] | undefined;
|
|
446
467
|
}[];
|
|
447
468
|
testTemplates: {
|
|
448
469
|
id: string;
|
|
@@ -493,6 +514,8 @@ declare const CategorySchema: z.ZodObject<{
|
|
|
493
514
|
confidence: "high" | "medium" | "low";
|
|
494
515
|
negativePattern?: string | undefined;
|
|
495
516
|
frameworks?: string[] | undefined;
|
|
517
|
+
sources?: string[] | undefined;
|
|
518
|
+
sanitizers?: string[] | undefined;
|
|
496
519
|
}[];
|
|
497
520
|
testTemplates: {
|
|
498
521
|
id: string;
|
|
@@ -902,6 +925,16 @@ declare const logger: Logger;
|
|
|
902
925
|
* gap detection, coverage metrics, and Pinata Score calculation.
|
|
903
926
|
*/
|
|
904
927
|
|
|
928
|
+
/**
|
|
929
|
+
* Verification status of a gap.
|
|
930
|
+
*
|
|
931
|
+
* - pending: not yet tested
|
|
932
|
+
* - confirmed: a generated exploit test FAILS against the code (deterministic proof)
|
|
933
|
+
* - unconfirmed: a generated exploit test PASSES (could not exploit, but not proven safe)
|
|
934
|
+
* - unknown: could not generate a working test (manual review needed)
|
|
935
|
+
* - dismissed: AI pre-filter flagged as likely false positive (still testable)
|
|
936
|
+
*/
|
|
937
|
+
type GapStatus = "pending" | "confirmed" | "unconfirmed" | "unknown" | "dismissed";
|
|
905
938
|
/**
|
|
906
939
|
* A detected gap (missing test coverage)
|
|
907
940
|
*/
|
|
@@ -938,6 +971,12 @@ interface Gap {
|
|
|
938
971
|
patternType: "regex" | "ast" | "semantic";
|
|
939
972
|
/** Weighted score for prioritization (severity × confidence) */
|
|
940
973
|
priorityScore: number;
|
|
974
|
+
/** Verification status -- set by test execution, not AI opinion */
|
|
975
|
+
status?: GapStatus;
|
|
976
|
+
/** Mutation score of the generated test (0-100), if measured */
|
|
977
|
+
mutationScore?: number;
|
|
978
|
+
/** Evidence from test execution (e.g. error output proving exploit worked) */
|
|
979
|
+
evidence?: string;
|
|
941
980
|
}
|
|
942
981
|
|
|
943
982
|
/**
|
package/dist/index.js
CHANGED
|
@@ -98,7 +98,11 @@ var DetectionPatternSchema = z.object({
|
|
|
98
98
|
/** Optional pattern that indicates code is NOT vulnerable (false positive filter) */
|
|
99
99
|
negativePattern: z.string().optional(),
|
|
100
100
|
/** Optional list of framework contexts where this pattern applies */
|
|
101
|
-
frameworks: z.array(z.string()).optional()
|
|
101
|
+
frameworks: z.array(z.string()).optional(),
|
|
102
|
+
/** Regex patterns identifying taint sources (user input entry points) in the same scope */
|
|
103
|
+
sources: z.array(z.string()).optional(),
|
|
104
|
+
/** Regex patterns identifying sanitizers that neutralize tainted data */
|
|
105
|
+
sanitizers: z.array(z.string()).optional()
|
|
102
106
|
});
|
|
103
107
|
z.object({
|
|
104
108
|
/** ID of the pattern that matched */
|
|
@@ -833,6 +837,9 @@ var logger = new Logger();
|
|
|
833
837
|
var __filename$1 = fileURLToPath(import.meta.url);
|
|
834
838
|
dirname(__filename$1);
|
|
835
839
|
|
|
840
|
+
// src/core/discovery/attack-surface.ts
|
|
841
|
+
logger.child("AttackSurface");
|
|
842
|
+
|
|
836
843
|
// src/core/index.ts
|
|
837
844
|
var VERSION = "0.4.0";
|
|
838
845
|
|
|
@@ -840,13 +847,13 @@ var VERSION = "0.4.0";
|
|
|
840
847
|
var DEFAULT_CONFIG = {
|
|
841
848
|
provider: "anthropic",
|
|
842
849
|
apiKey: "",
|
|
843
|
-
model: "claude-
|
|
850
|
+
model: "claude-opus-4-8",
|
|
844
851
|
maxTokens: 1024,
|
|
845
852
|
temperature: 0.3,
|
|
846
853
|
timeoutMs: 3e4
|
|
847
854
|
};
|
|
848
855
|
var PROVIDER_MODELS = {
|
|
849
|
-
anthropic: "claude-
|
|
856
|
+
anthropic: "claude-opus-4-8",
|
|
850
857
|
openai: "gpt-4o",
|
|
851
858
|
mock: "mock-model"
|
|
852
859
|
};
|