security-mcp 1.1.0 → 1.1.2

package/dist/gate/checks/k8s.js

@@ -1,190 +1,238 @@
+/**
+ * Kubernetes manifest security checks.
+ */
+import { sanitizeErrorMessage } from "../result.js";
 import fg from "fast-glob";
 import { readFileSafe } from "../../repo/fs.js";
-export async function checkKubernetes(_opts) {
-    const findings = [];
-    try {
-        // 1. Glob YAML files and filter to K8s manifests
-        const yamlFiles = await fg(["**/*.yaml", "**/*.yml"], {
-            ignore: ["**/node_modules/**", "**/dist/**", "**/.git/**"]
-        });
-        const k8sFiles = [];
-        const k8sContents = new Map();
-        for (const file of yamlFiles) {
-            try {
-                const content = await readFileSafe(file);
-                if (/kind\s*:/.test(content)) {
-                    k8sFiles.push(file);
-                    k8sContents.set(file, content);
-                }
-            }
-            catch {
-                // skip unreadable files
+function matching(ctx, pattern) {
+    return ctx.files.filter((f) => pattern.test(ctx.contents.get(f) ?? "")).slice(0, 10);
+}
+function filterFiles(ctx, predicate) {
+    return ctx.files.filter((f) => predicate(ctx.contents.get(f) ?? "")).slice(0, 10);
+}
+async function loadK8sManifests() {
+    const yamlFiles = await fg(["**/*.yaml", "**/*.yml"], {
+        ignore: ["**/node_modules/**", "**/dist/**", "**/.git/**"]
+    });
+    const files = [];
+    const contents = new Map();
+    for (const file of yamlFiles) {
+        try {
+            const content = await readFileSafe(file);
+            if (/kind\s*:/.test(content)) {
+                files.push(file);
+                contents.set(file, content);
             }
         }
-        if (k8sFiles.length === 0) {
-            return [];
-        }
-        // Helper to collect files matching a pattern
-        function filesMatching(pattern) {
-            return k8sFiles.filter((f) => pattern.test(k8sContents.get(f) ?? "")).slice(0, 10);
-        }
-        // 3. Privileged containers
-        const privilegedFiles = filesMatching(/privileged:\s*true/);
-        if (privilegedFiles.length > 0) {
-            findings.push({
-                id: "K8S_PRIVILEGED_CONTAINER",
-                title: "Kubernetes manifests with privileged containers detected",
-                severity: "CRITICAL",
-                files: privilegedFiles,
-                requiredActions: [
-                    "Remove privileged: true from all container securityContexts.",
-                    "Use specific capability grants (e.g. NET_ADMIN) instead of full privileged mode."
-                ]
-            });
-        }
-        // 4. allowPrivilegeEscalation
-        const escFiles = filesMatching(/allowPrivilegeEscalation:\s*true/);
-        if (escFiles.length > 0) {
-            findings.push({
-                id: "K8S_PRIVILEGE_ESCALATION",
-                title: "Kubernetes manifests allow privilege escalation",
-                severity: "HIGH",
-                files: escFiles,
-                requiredActions: [
-                    "Set allowPrivilegeEscalation: false in all container securityContexts.",
-                    "This prevents child processes from gaining more privileges than their parent."
-                ]
-            });
-        }
-        // 5. Host namespaces
-        const hostNsFiles = filesMatching(/hostPID:\s*true|hostNetwork:\s*true|hostIPC:\s*true/);
-        if (hostNsFiles.length > 0) {
-            findings.push({
-                id: "K8S_HOST_NAMESPACE",
-                title: "Kubernetes manifests use host namespaces (hostPID/hostNetwork/hostIPC)",
-                severity: "HIGH",
-                files: hostNsFiles,
-                requiredActions: [
-                    "Remove hostPID, hostNetwork, and hostIPC settings from pod specs.",
-                    "Host namespace sharing breaks container isolation and exposes the host."
-                ]
-            });
-        }
-        // 6. Missing securityContext
-        const missingSecCtxFiles = k8sFiles.filter((f) => {
-            const c = k8sContents.get(f) ?? "";
-            return /containers:/.test(c) && !/securityContext:/.test(c);
-        }).slice(0, 10);
-        if (missingSecCtxFiles.length > 0) {
-            findings.push({
-                id: "K8S_NO_SECURITY_CONTEXT",
-                title: "Kubernetes manifests with containers but no securityContext",
-                severity: "MEDIUM",
-                files: missingSecCtxFiles,
-                requiredActions: [
-                    "Add securityContext to all containers with runAsNonRoot: true, readOnlyRootFilesystem: true.",
-                    "Set allowPrivilegeEscalation: false and drop all capabilities."
-                ]
-            });
-        }
-        // 7. Secrets in ConfigMap
-        const configMapFiles = k8sFiles.filter((f) => {
-            const c = k8sContents.get(f) ?? "";
-            return /kind:\s*ConfigMap/.test(c) && /password|secret|key|token/i.test(c);
-        }).slice(0, 10);
-        if (configMapFiles.length > 0) {
-            findings.push({
-                id: "K8S_SECRET_IN_CONFIGMAP",
-                title: "Sensitive data (password/secret/key/token) found in Kubernetes ConfigMap",
-                severity: "CRITICAL",
-                files: configMapFiles,
-                requiredActions: [
-                    "Move secrets to Kubernetes Secrets objects or a secrets manager (Vault, AWS SM).",
-                    "Never store plaintext credentials in ConfigMaps — they are not encrypted at rest by default."
-                ]
-            });
-        }
-        // 8. ClusterAdmin binding
-        const clusterAdminFiles = k8sFiles.filter((f) => {
-            const c = k8sContents.get(f) ?? "";
-            return /kind:\s*ClusterRoleBinding/.test(c) && /cluster-admin/.test(c);
-        }).slice(0, 10);
-        if (clusterAdminFiles.length > 0) {
-            findings.push({
-                id: "K8S_CLUSTER_ADMIN_BINDING",
-                title: "ClusterRoleBinding to cluster-admin detected",
-                severity: "CRITICAL",
-                files: clusterAdminFiles,
-                requiredActions: [
-                    "Remove cluster-admin bindings and apply least-privilege RBAC roles.",
-                    "Create scoped Roles/ClusterRoles with only the permissions actually needed."
-                ]
-            });
-        }
-        // 9. No resource limits
-        const noLimitsFiles = k8sFiles.filter((f) => {
-            const c = k8sContents.get(f) ?? "";
-            return /containers:/.test(c) && !/limits:/.test(c);
-        }).slice(0, 10);
-        if (noLimitsFiles.length > 0) {
-            findings.push({
-                id: "K8S_NO_RESOURCE_LIMITS",
-                title: "Kubernetes containers without resource limits detected",
-                severity: "MEDIUM",
-                files: noLimitsFiles,
-                requiredActions: [
-                    "Add resources.limits (cpu, memory) to all containers.",
-                    "Missing limits allow a single container to starve the entire node (DoS)."
-                ]
-            });
-        }
-        // 10. Default namespace
-        const defaultNsFiles = k8sFiles.filter((f) => {
-            const c = k8sContents.get(f) ?? "";
-            return /namespace:\s*default/.test(c) || (!/namespace:/.test(c) && /kind:\s*(?:Deployment|Service|Pod|StatefulSet)/.test(c));
-        }).slice(0, 10);
-        if (defaultNsFiles.length > 0) {
-            findings.push({
-                id: "K8S_DEFAULT_NAMESPACE",
-                title: "Kubernetes manifests use default namespace or have no namespace set",
-                severity: "LOW",
-                files: defaultNsFiles,
-                requiredActions: [
-                    "Create dedicated namespaces for each application/team.",
-                    "Apply RBAC and NetworkPolicies scoped to those namespaces."
-                ]
-            });
-        }
-        // 11. Latest image tag
-        const latestTagFiles = filesMatching(/:latest\b/);
-        if (latestTagFiles.length > 0) {
-            findings.push({
-                id: "K8S_LATEST_IMAGE_TAG",
-                title: "Kubernetes manifests use ':latest' image tag",
-                severity: "HIGH",
-                files: latestTagFiles,
-                requiredActions: [
-                    "Pin container images to an immutable digest (e.g. image@sha256:...).",
-                    "Never use :latest in production — it leads to unpredictable deployments."
-                ]
-            });
-        }
-        // 12. No network policy
-        const networkPolicyFiles = await fg(["**/NetworkPolicy*.yaml", "**/*network-policy*.yaml", "**/NetworkPolicy*.yml", "**/*network-policy*.yml"], { ignore: ["**/node_modules/**", "**/dist/**", "**/.git/**"] });
-        if (networkPolicyFiles.length === 0) {
-            findings.push({
-                id: "K8S_NO_NETWORK_POLICY",
-                title: "No Kubernetes NetworkPolicy found — all pod-to-pod traffic is allowed",
-                severity: "HIGH",
-                requiredActions: [
-                    "Create NetworkPolicy resources to restrict ingress and egress traffic.",
-                    "Default-deny all traffic and only allow explicitly required paths."
-                ]
-            });
+        catch {
+            // skip unreadable files
         }
     }
-    catch (err) {
-        console.warn("[checkKubernetes] Internal error:", err instanceof Error ? err.message : String(err));
+    return { files, contents };
+}
+function checkContainerSecurity(ctx) {
+    const findings = [];
+    const privilegedFiles = matching(ctx, /privileged:\s*true/);
+    if (privilegedFiles.length > 0) {
+        findings.push({
+            id: "K8S_PRIVILEGED_CONTAINER",
+            title: "Kubernetes manifests with privileged containers detected",
+            severity: "CRITICAL",
+            files: privilegedFiles,
+            requiredActions: [
+                "Remove privileged: true from all container securityContexts.",
+                "Use specific capability grants (e.g. NET_ADMIN) instead of full privileged mode."
+            ]
+        });
+    }
+    const escFiles = matching(ctx, /allowPrivilegeEscalation:\s*true/);
+    if (escFiles.length > 0) {
+        findings.push({
+            id: "K8S_PRIVILEGE_ESCALATION",
+            title: "Kubernetes manifests allow privilege escalation",
+            severity: "HIGH",
+            files: escFiles,
+            requiredActions: [
+                "Set allowPrivilegeEscalation: false in all container securityContexts.",
+                "This prevents child processes from gaining more privileges than their parent."
+            ]
+        });
+    }
+    const hostNsFiles = matching(ctx, /hostPID:\s*true|hostNetwork:\s*true|hostIPC:\s*true/);
+    if (hostNsFiles.length > 0) {
+        findings.push({
+            id: "K8S_HOST_NAMESPACE",
+            title: "Kubernetes manifests use host namespaces (hostPID/hostNetwork/hostIPC)",
+            severity: "HIGH",
+            files: hostNsFiles,
+            requiredActions: [
+                "Remove hostPID, hostNetwork, and hostIPC settings from pod specs.",
+                "Host namespace sharing breaks container isolation and exposes the host."
+            ]
+        });
+    }
+    const missingSecCtxFiles = filterFiles(ctx, (c) => /containers:/.test(c) && !/securityContext:/.test(c));
+    if (missingSecCtxFiles.length > 0) {
+        findings.push({
+            id: "K8S_NO_SECURITY_CONTEXT",
+            title: "Kubernetes manifests with containers but no securityContext",
+            severity: "MEDIUM",
+            files: missingSecCtxFiles,
+            requiredActions: [
+                "Add securityContext to all containers with runAsNonRoot: true, readOnlyRootFilesystem: true.",
+                "Set allowPrivilegeEscalation: false and drop all capabilities."
+            ]
+        });
+    }
+    const noReadOnlyRootFiles = filterFiles(ctx, (c) => /containers:/.test(c) && !/readOnlyRootFilesystem:\s*true/.test(c));
+    if (noReadOnlyRootFiles.length > 0) {
+        findings.push({
+            id: "K8S_NO_READONLY_ROOT",
+            title: "Kubernetes containers without readOnlyRootFilesystem: true",
+            severity: "MEDIUM",
+            files: noReadOnlyRootFiles,
+            requiredActions: [
+                "Set `readOnlyRootFilesystem: true` in all container securityContexts.",
+                "A writable root filesystem allows an attacker to modify binaries or write persistence mechanisms.",
+                "Mount writable paths explicitly via emptyDir volumes for directories that legitimately need writes."
+            ]
+        });
+    }
+    return findings;
+}
+function checkRbacAndConfig(ctx) {
+    const findings = [];
+    const configMapFiles = filterFiles(ctx, (c) => /kind:\s*ConfigMap/.test(c) && /password|secret|key|token/i.test(c));
+    if (configMapFiles.length > 0) {
+        findings.push({
+            id: "K8S_SECRET_IN_CONFIGMAP",
+            title: "Sensitive data (password/secret/key/token) found in Kubernetes ConfigMap",
+            severity: "CRITICAL",
+            files: configMapFiles,
+            requiredActions: [
+                "Move secrets to Kubernetes Secrets objects or a secrets manager (Vault, AWS SM).",
+                "Never store plaintext credentials in ConfigMaps — they are not encrypted at rest by default."
+            ]
+        });
+    }
+    const clusterAdminFiles = filterFiles(ctx, (c) => /kind:\s*ClusterRoleBinding/.test(c) && /cluster-admin/.test(c));
+    if (clusterAdminFiles.length > 0) {
+        findings.push({
+            id: "K8S_CLUSTER_ADMIN_BINDING",
+            title: "ClusterRoleBinding to cluster-admin detected",
+            severity: "CRITICAL",
+            files: clusterAdminFiles,
+            requiredActions: [
+                "Remove cluster-admin bindings and apply least-privilege RBAC roles.",
+                "Create scoped Roles/ClusterRoles with only the permissions actually needed."
+            ]
+        });
+    }
+    const noLimitsFiles = filterFiles(ctx, (c) => /containers:/.test(c) && !/limits:/.test(c));
+    if (noLimitsFiles.length > 0) {
+        findings.push({
+            id: "K8S_NO_RESOURCE_LIMITS",
+            title: "Kubernetes containers without resource limits detected",
+            severity: "MEDIUM",
+            files: noLimitsFiles,
+            requiredActions: [
+                "Add resources.limits (cpu, memory) to all containers.",
+                "Missing limits allow a single container to starve the entire node (DoS)."
+            ]
+        });
+    }
+    const defaultNsFiles = filterFiles(ctx, (c) => /namespace:\s*default/.test(c) ||
+        (!/namespace:/.test(c) && /kind:\s*(?:Deployment|Service|Pod|StatefulSet)/.test(c)));
+    if (defaultNsFiles.length > 0) {
+        findings.push({
+            id: "K8S_DEFAULT_NAMESPACE",
+            title: "Kubernetes manifests use default namespace or have no namespace set",
+            severity: "LOW",
+            files: defaultNsFiles,
+            requiredActions: [
+                "Create dedicated namespaces for each application/team.",
+                "Apply RBAC and NetworkPolicies scoped to those namespaces."
+            ]
+        });
+    }
+    const latestTagFiles = matching(ctx, /:latest\b/);
+    if (latestTagFiles.length > 0) {
+        findings.push({
+            id: "K8S_LATEST_IMAGE_TAG",
+            title: "Kubernetes manifests use ':latest' image tag",
+            severity: "HIGH",
+            files: latestTagFiles,
+            requiredActions: [
+                "Pin container images to an immutable digest (e.g. image@sha256:...).",
+                "Never use :latest in production — it leads to unpredictable deployments."
+            ]
+        });
+    }
+    return findings;
+}
+async function checkNetworkAndAdmission(ctx) {
+    const findings = [];
+    const networkPolicyFiles = await fg(["**/NetworkPolicy*.yaml", "**/*network-policy*.yaml", "**/NetworkPolicy*.yml", "**/*network-policy*.yml"], { ignore: ["**/node_modules/**", "**/dist/**", "**/.git/**"] });
+    if (networkPolicyFiles.length === 0) {
+        findings.push({
+            id: "K8S_NO_NETWORK_POLICY",
+            title: "No Kubernetes NetworkPolicy found — all pod-to-pod traffic is allowed",
+            severity: "HIGH",
+            requiredActions: [
+                "Create NetworkPolicy resources to restrict ingress and egress traffic.",
+                "Default-deny all traffic and only allow explicitly required paths."
+            ]
+        });
+    }
+    const nsWithoutPsa = ctx.files
+        .filter((f) => {
+        const c = ctx.contents.get(f) ?? "";
+        return /kind:\s*Namespace/.test(c) && !/pod-security\.kubernetes\.io\/enforce/.test(c);
+    })
+        .slice(0, 10);
+    if (nsWithoutPsa.length > 0) {
+        findings.push({
+            id: "K8S_NO_PSA_LABEL",
+            title: "Kubernetes Namespace missing PodSecurityAdmission enforce label",
+            severity: "HIGH",
+            files: nsWithoutPsa,
+            requiredActions: [
+                "Add `pod-security.kubernetes.io/enforce: restricted` label to all Namespace manifests.",
+                "PodSecurityAdmission (PSA) is the replacement for PodSecurityPolicy — without it, pod security rules are not enforced.",
+                "Enforce via OPA Gatekeeper ConstraintTemplate — run `security_generate_opa_rego` to generate policy."
+            ]
+        });
+    }
+    const hostPathFiles = matching(ctx, /hostPath\s*:/);
+    if (hostPathFiles.length > 0) {
+        findings.push({
+            id: "K8S_HOSTPATH_MOUNT",
+            title: "Kubernetes manifests mount host filesystem paths (hostPath)",
+            severity: "HIGH",
+            files: hostPathFiles,
+            requiredActions: [
+                "Remove hostPath volume mounts — they expose the node's filesystem to the container.",
+                "Use emptyDir, PersistentVolumeClaims, or ConfigMaps instead.",
+                "Enforce via OPA Gatekeeper ConstraintTemplate — run `security_generate_opa_rego` to generate policy."
+            ]
+        });
     }
     return findings;
 }
+export async function checkKubernetes(_opts) {
+    try {
+        const ctx = await loadK8sManifests();
+        if (ctx.files.length === 0)
+            return [];
+        const networkFindings = await checkNetworkAndAdmission(ctx);
+        return [
+            ...checkContainerSecurity(ctx),
+            ...checkRbacAndConfig(ctx),
+            ...networkFindings
+        ];
+    }
+    catch (err) {
+        console.warn("[checkKubernetes] Internal error:", sanitizeErrorMessage(err instanceof Error ? err.message : String(err)));
+        return [];
+    }
+}

package/dist/gate/checks/nuclei.js

@@ -0,0 +1,133 @@
+/**
+ * DAST integration via Nuclei (https://github.com/projectdiscovery/nuclei).
+ * Only runs when SECURITY_STAGING_URL is set — requires a live target.
+ * Gracefully skips if the nuclei binary is not installed.
+ */
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+import { sanitizeErrorMessage } from "../result.js";
+const execFileAsync = promisify(execFile);
+// Template categories focused on high-signal findings with low false-positive rates
+const NUCLEI_TEMPLATES = [
+    "network",
+    "http/misconfiguration",
+    "http/exposed-panels",
+    "http/default-logins",
+    "http/exposed-tokens",
+    "ssl"
+];
+function mapSeverity(nucleiSev) {
+    switch ((nucleiSev ?? "").toLowerCase()) {
+        case "critical": return "CRITICAL";
+        case "high": return "HIGH";
+        case "medium": return "MEDIUM";
+        default: return "LOW";
+    }
+}
+async function isNucleiAvailable() {
+    try {
+        await execFileAsync("nuclei", ["--version"], { timeout: 5000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function runNucleiChecks(_opts) {
+    const targetUrl = process.env["SECURITY_STAGING_URL"];
+    if (!targetUrl)
+        return [];
+    // Basic URL validation — block private/metadata ranges (CWE-918)
+    try {
+        const parsed = new URL(targetUrl);
+        if (parsed.protocol !== "https:" && parsed.protocol !== "http:")
+            return [];
+        const host = parsed.hostname;
+        if (host === "localhost" ||
+            host === "169.254.169.254" ||
+            host === "metadata.google.internal" ||
+            host.endsWith(".internal") ||
+            /^(?:10\.|172\.(?:1[6-9]|2\d|3[01])\.|192\.168\.|127\.)/.test(host)) {
+            console.warn("[runNucleiChecks] SECURITY_STAGING_URL resolves to private/metadata address — skipping DAST scan.");
+            return [];
+        }
+    }
+    catch {
+        return [];
+    }
+    if (!(await isNucleiAvailable())) {
+        // Silent skip — nuclei is optional. Scanner readiness check will flag missing tooling.
+        return [];
+    }
+    const findings = [];
+    try {
+        const templateArgs = NUCLEI_TEMPLATES.flatMap((t) => ["-t", t]);
+        let stdout = "";
+        try {
+            const result = await execFileAsync("nuclei", [
+                "-u", targetUrl,
+                ...templateArgs,
+                "-json",
+                "-silent",
+                "-timeout", "30",
+                "-max-host-error", "5",
+                "-rate-limit", "50"
+            ], {
+                timeout: 120_000, // 2 min hard cap
+                // CWE-526: pass only PATH — do not propagate secrets/tokens from parent env.
+                env: { PATH: process.env["PATH"] ?? "/usr/local/bin:/usr/bin:/bin" },
+                maxBuffer: 50 * 1024 * 1024 // 50 MB — nuclei output can be large in full-template scans
+            });
+            stdout = result.stdout;
+        }
+        catch (execErr) {
+            // nuclei exits non-zero when findings exist — that's expected
+            const err = execErr;
+            stdout = err.stdout ?? "";
+        }
+        if (!stdout.trim())
+            return [];
+        // nuclei -json outputs newline-delimited JSON (one object per line)
+        const seen = new Set();
+        for (const line of stdout.split("\n")) {
+            const trimmed = line.trim();
+            if (!trimmed || !trimmed.startsWith("{"))
+                continue;
+            let result;
+            try {
+                result = JSON.parse(trimmed);
+            }
+            catch {
+                continue;
+            }
+            const templateId = result["template-id"] ?? "unknown";
+            const host = result.host ?? targetUrl;
+            const dedupeKey = `${templateId}:${host}`;
+            if (seen.has(dedupeKey))
+                continue;
+            seen.add(dedupeKey);
+            const name = result.info?.name ?? templateId;
+            const severity = mapSeverity(result.info?.severity);
+            const matched = result.matched ?? host;
+            findings.push({
+                id: `NUCLEI_${templateId.toUpperCase().replace(/[^A-Z0-9]/g, "_")}`,
+                title: `[DAST] ${name}`,
+                severity,
+                evidence: [
+                    `Template: ${templateId}`,
+                    `Target: ${host}`,
+                    `Matched: ${matched}`
+                ],
+                requiredActions: [
+                    `Review the Nuclei finding for template "${templateId}" against ${host}.`,
+                    "Reproduce with: `nuclei -u " + targetUrl + " -t " + templateId + " -debug`",
+                    "Remediate before deploying to production — this was detected against a live staging environment."
+                ]
+            });
+        }
+    }
+    catch (err) {
+        console.warn("[runNucleiChecks] Internal error:", sanitizeErrorMessage(err instanceof Error ? err.message : String(err)));
+    }
+    return findings;
+}

package/dist/gate/checks/runtime.js

@@ -2,8 +2,62 @@
  * Runtime evidence verification.
  * Checks HTTP security headers and TLS configuration against a live target.
  */
+import * as dns from "node:dns/promises";
+import * as net from "node:net";
 import * as https from "node:https";
 import * as tls from "node:tls";
+// CWE-918: SSRF guard — block private/link-local/metadata IP ranges
+const PRIVATE_CIDR_PATTERNS = [
+    /^127\./, // loopback
+    /^10\./, // RFC-1918
+    /^172\.(1[6-9]|2\d|3[01])\./, // RFC-1918
+    /^192\.168\./, // RFC-1918
+    /^169\.254\./, // link-local / cloud metadata (169.254.169.254)
+    /^::1$/, // IPv6 loopback
+    /^fc/, // IPv6 ULA
+    /^fd/, // IPv6 ULA
+    /^0\./, // 0.0.0.0/8
+    /^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./, // RFC-6598 shared address space
+];
+function isPrivateIp(ip) {
+    return PRIVATE_CIDR_PATTERNS.some((re) => re.test(ip));
+}
+// CWE-367: return the resolved IP alongside safe/unsafe so callers can connect
+// directly to the IP (eliminating the TOCTOU race between DNS check and actual request).
+async function isSafeUrl(rawUrl) {
+    let parsed;
+    try {
+        parsed = new URL(rawUrl);
+    }
+    catch {
+        return { safe: false };
+    }
+    if (parsed.protocol !== "https:" && parsed.protocol !== "http:")
+        return { safe: false };
+    const host = parsed.hostname;
+    // Block bare IP references — "resolved" IP is the hostname itself
+    if (net.isIP(host)) {
+        return isPrivateIp(host) ? { safe: false } : { safe: true, resolvedIp: host };
+    }
+    // Block known metadata hostnames
+    if (host === "localhost" || host === "metadata.google.internal" ||
+        host === "169.254.169.254" || host.endsWith(".internal")) {
+        return { safe: false };
+    }
+    // Resolve DNS once — all returned IPs must be public; return the first for direct connection
+    try {
+        const resolved = await dns.lookup(host, { all: true });
+        for (const { address } of resolved) {
+            if (isPrivateIp(address))
+                return { safe: false };
+        }
+        const firstIp = resolved[0]?.address;
+        return firstIp ? { safe: true, resolvedIp: firstIp } : { safe: false };
+    }
+    catch {
+        return { safe: false }; // can't resolve → skip
+    }
+}
 const REQUIRED_HEADERS = [
     {
         name: "content-security-policy",
@@ -44,17 +98,20 @@ const REQUIRED_HEADERS = [
 const WEAK_CIPHERS = [
     "RC4", "DES", "3DES", "NULL", "EXPORT", "ADH", "AECDH", "aNULL", "eNULL"
 ];
-async function fetchHeaders(url, timeoutMs) {
+async function fetchHeaders(url, timeoutMs, resolvedIp // CWE-367: pass pre-validated IP to eliminate DNS TOCTOU race
+) {
     return new Promise((resolve) => {
         const timer = setTimeout(() => resolve(null), timeoutMs);
         try {
             const parsedUrl = new URL(url);
             const options = {
-                hostname: parsedUrl.hostname,
+                // Connect to the already-validated IP directly; use the original hostname for SNI
+                hostname: resolvedIp ?? parsedUrl.hostname,
+                servername: resolvedIp ? parsedUrl.hostname : undefined,
                 port: parsedUrl.port || 443,
                 path: parsedUrl.pathname || "/",
                 method: "HEAD",
-                rejectUnauthorized: false, // we verify cert separately
+                rejectUnauthorized: true, // CWE-295: always validate TLS certificates
                 timeout: timeoutMs
             };
             const req = https.request(options, (res) => {
@@ -129,12 +186,22 @@ export async function runRuntimeChecks(opts) {
     const findings = [];
     // Determine target URL
     const stagingUrl = process.env["SECURITY_STAGING_URL"];
-    const targets = stagingUrl ? [stagingUrl, ...opts.targets] : opts.targets;
-    const uniqueTargets = [...new Set(targets)].filter((t) => t.startsWith("http"));
-    if (uniqueTargets.length === 0)
+    const rawTargets = stagingUrl ? [stagingUrl, ...opts.targets] : opts.targets;
+    // CWE-918 / CWE-367: resolve hostnames once, reject private/metadata IPs, and
+    // carry the resolved IP forward so fetchHeaders connects to the validated IP
+    // directly — eliminating the TOCTOU race between DNS check and actual request.
+    const safeChecks = await Promise.all(rawTargets.map(async (t) => ({ t, ...(await isSafeUrl(t)) })));
+    // Deduplicate by URL, keeping the first resolved IP for each unique URL
+    const seen = new Map();
+    for (const c of safeChecks) {
+        if (c.safe && !seen.has(c.t))
+            seen.set(c.t, c);
+    }
+    const checkedTargets = [...seen.values()];
+    if (checkedTargets.length === 0)
         return findings;
     const timeoutMs = 15_000;
-    for (const targetUrl of uniqueTargets) {
+    for (const { t: targetUrl, resolvedIp } of checkedTargets) {
         let parsedUrl;
         try {
             parsedUrl = new URL(targetUrl);
@@ -143,7 +210,7 @@ export async function runRuntimeChecks(opts) {
             continue;
         }
         // --- HTTP Header checks ---
-        const headers = await fetchHeaders(targetUrl, timeoutMs);
+        const headers = await fetchHeaders(targetUrl, timeoutMs, resolvedIp);
         if (headers !== null) {
             for (const headerDef of REQUIRED_HEADERS) {
                 const value = headers[headerDef.name];