security-mcp 1.1.4 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (158) hide show
  1. package/README.md +341 -1018
  2. package/defaults/checklists/ai.json +20 -1
  3. package/defaults/checklists/api.json +35 -1
  4. package/defaults/checklists/infra.json +34 -1
  5. package/defaults/checklists/mobile.json +23 -1
  6. package/defaults/checklists/payments.json +15 -1
  7. package/defaults/checklists/web.json +11 -1
  8. package/defaults/cloud-controls/aws.json +10712 -0
  9. package/defaults/cloud-controls/azure.json +7201 -0
  10. package/defaults/cloud-controls/gcp.json +4061 -0
  11. package/defaults/control-catalog.json +24 -0
  12. package/defaults/security-policy.json +2 -2
  13. package/dist/ci/pr-gate.js +22 -5
  14. package/dist/cli/index.js +73 -2
  15. package/dist/cli/install.js +4 -55
  16. package/dist/cli/onboarding.js +18 -10
  17. package/dist/gate/baseline.js +82 -7
  18. package/dist/gate/catalog.js +10 -2
  19. package/dist/gate/checks/agentic-instructions.js +515 -0
  20. package/dist/gate/checks/ai-governance.js +132 -0
  21. package/dist/gate/checks/ai.js +757 -39
  22. package/dist/gate/checks/auth-deep.js +920 -216
  23. package/dist/gate/checks/business-logic.js +751 -0
  24. package/dist/gate/checks/ci-pipeline.js +399 -4
  25. package/dist/gate/checks/cloud-controls.js +69 -0
  26. package/dist/gate/checks/crypto.js +423 -2
  27. package/dist/gate/checks/data-platform.js +954 -0
  28. package/dist/gate/checks/dependencies.js +582 -15
  29. package/dist/gate/checks/docker-deep.js +1236 -0
  30. package/dist/gate/checks/gitops.js +724 -0
  31. package/dist/gate/checks/graphql.js +201 -19
  32. package/dist/gate/checks/iac.js +1230 -0
  33. package/dist/gate/checks/infra.js +246 -1
  34. package/dist/gate/checks/injection-deep.js +827 -184
  35. package/dist/gate/checks/k8s.js +955 -2
  36. package/dist/gate/checks/mobile-android.js +917 -3
  37. package/dist/gate/checks/mobile-ios.js +797 -5
  38. package/dist/gate/checks/required-artifacts.js +194 -0
  39. package/dist/gate/checks/runtime.js +178 -0
  40. package/dist/gate/checks/secrets.js +256 -13
  41. package/dist/gate/checks/supply-chain-deep.js +787 -0
  42. package/dist/gate/checks/web-nextjs.js +572 -48
  43. package/dist/gate/cloud-controls/apply.js +115 -0
  44. package/dist/gate/cloud-controls/bicep.js +36 -0
  45. package/dist/gate/cloud-controls/cfn.js +125 -0
  46. package/dist/gate/cloud-controls/detect.js +104 -0
  47. package/dist/gate/cloud-controls/hcl.js +140 -0
  48. package/dist/gate/cloud-controls/types.js +87 -0
  49. package/dist/gate/diff.js +17 -5
  50. package/dist/gate/evidence.js +8 -1
  51. package/dist/gate/exceptions.js +202 -9
  52. package/dist/gate/findings.js +15 -2
  53. package/dist/gate/policy.js +316 -130
  54. package/dist/gate/threat-intel.js +6 -0
  55. package/dist/mcp/audit-chain.js +131 -28
  56. package/dist/mcp/auth.js +169 -0
  57. package/dist/mcp/learning.js +129 -4
  58. package/dist/mcp/model-router.js +161 -24
  59. package/dist/mcp/orchestration.js +377 -89
  60. package/dist/mcp/server.js +460 -69
  61. package/dist/mcp/tool-audit.js +193 -0
  62. package/dist/repo/fs.js +37 -1
  63. package/dist/repo/search.js +31 -6
  64. package/dist/review/store.js +56 -3
  65. package/dist/tests/run.js +124 -1
  66. package/package.json +9 -9
  67. package/skills/_TEMPLATE/SKILL.md +99 -0
  68. package/skills/advanced-dos-tester/SKILL.md +118 -0
  69. package/skills/agentic-instruction-auditor/SKILL.md +111 -0
  70. package/skills/agentic-loop-exploiter/SKILL.md +377 -0
  71. package/skills/ai-llm-redteam/SKILL.md +113 -0
  72. package/skills/ai-model-supply-chain-agent/SKILL.md +112 -0
  73. package/skills/algorithm-implementation-reviewer/SKILL.md +107 -0
  74. package/skills/android-penetration-tester/SKILL.md +464 -46
  75. package/skills/anti-replay-tester/SKILL.md +115 -0
  76. package/skills/appsec-code-auditor/SKILL.md +94 -0
  77. package/skills/artifact-integrity-analyst/SKILL.md +450 -0
  78. package/skills/attack-navigator/SKILL.md +476 -8
  79. package/skills/auth-session-hacker/SKILL.md +111 -0
  80. package/skills/aws-penetration-tester/SKILL.md +510 -0
  81. package/skills/azure-penetration-tester/SKILL.md +542 -3
  82. package/skills/binary-auth-validator/SKILL.md +120 -0
  83. package/skills/bot-detection-specialist/SKILL.md +118 -0
  84. package/skills/business-logic-attacker/SKILL.md +240 -0
  85. package/skills/capec-code-mapper/SKILL.md +93 -0
  86. package/skills/cert-pin-rotation-specialist/SKILL.md +121 -0
  87. package/skills/cicd-pipeline-hijacker/SKILL.md +414 -0
  88. package/skills/ciso-orchestrator/SKILL.md +465 -43
  89. package/skills/cloud-infra-specialist/SKILL.md +127 -0
  90. package/skills/compliance-gap-analyst/SKILL.md +431 -0
  91. package/skills/compliance-grc/SKILL.md +94 -0
  92. package/skills/compliance-lifecycle-tracker/SKILL.md +93 -0
  93. package/skills/container-hardening-auditor/SKILL.md +125 -0
  94. package/skills/credential-stuffing-specialist/SKILL.md +111 -0
  95. package/skills/crypto-pki-specialist/SKILL.md +96 -0
  96. package/skills/csa-ccm-mapper/SKILL.md +93 -0
  97. package/skills/csf2-governance-mapper/SKILL.md +93 -0
  98. package/skills/data-platform-auditor/SKILL.md +125 -0
  99. package/skills/deep-link-fuzzer/SKILL.md +118 -0
  100. package/skills/dependency-confusion-attacker/SKILL.md +424 -0
  101. package/skills/device-integrity-aggregator/SKILL.md +117 -0
  102. package/skills/dos-resilience-tester/SKILL.md +106 -0
  103. package/skills/dread-scorer/SKILL.md +93 -0
  104. package/skills/egress-policy-enforcer/SKILL.md +108 -0
  105. package/skills/evidence-collector/SKILL.md +107 -0
  106. package/skills/file-upload-attacker/SKILL.md +118 -0
  107. package/skills/gcp-penetration-tester/SKILL.md +510 -2
  108. package/skills/git-history-secret-scanner/SKILL.md +115 -0
  109. package/skills/gitops-delivery-auditor/SKILL.md +120 -0
  110. package/skills/iac-security-auditor/SKILL.md +125 -0
  111. package/skills/iam-privesc-graph-builder/SKILL.md +161 -0
  112. package/skills/incident-responder/SKILL.md +120 -0
  113. package/skills/injection-specialist/SKILL.md +111 -0
  114. package/skills/ios-security-auditor/SKILL.md +291 -0
  115. package/skills/json-ambiguity-tester/SKILL.md +145 -0
  116. package/skills/k8s-container-escaper/SKILL.md +406 -0
  117. package/skills/key-management-lifecycle-analyst/SKILL.md +107 -0
  118. package/skills/kill-switch-engineer/SKILL.md +111 -0
  119. package/skills/linddun-privacy-analyst/SKILL.md +111 -0
  120. package/skills/logic-race-fuzzer/SKILL.md +452 -0
  121. package/skills/mobile-api-network-attacker/SKILL.md +430 -0
  122. package/skills/mobile-binary-hardener/SKILL.md +111 -0
  123. package/skills/mobile-security-specialist/SKILL.md +94 -0
  124. package/skills/mobile-webview-auditor/SKILL.md +105 -0
  125. package/skills/model-extraction-attacker/SKILL.md +228 -0
  126. package/skills/multipart-abuse-tester/SKILL.md +93 -0
  127. package/skills/oauth-pkce-specialist/SKILL.md +113 -0
  128. package/skills/parser-exhaustion-tester/SKILL.md +151 -0
  129. package/skills/pentest-infra/SKILL.md +107 -0
  130. package/skills/pentest-social/SKILL.md +210 -0
  131. package/skills/pentest-team/SKILL.md +96 -0
  132. package/skills/pentest-web-api/SKILL.md +107 -0
  133. package/skills/privacy-flow-analyst/SKILL.md +243 -0
  134. package/skills/prompt-injection-specialist/SKILL.md +403 -0
  135. package/skills/quantum-migration-planner/SKILL.md +105 -0
  136. package/skills/rag-poisoning-specialist/SKILL.md +367 -0
  137. package/skills/registry-mirror-enforcer/SKILL.md +93 -0
  138. package/skills/rotation-validation-agent/SKILL.md +121 -0
  139. package/skills/samm-assessor/SKILL.md +94 -0
  140. package/skills/secrets-mask-bypass-tester/SKILL.md +109 -0
  141. package/skills/senior-security-engineer/SKILL.md +178 -0
  142. package/skills/serialization-memory-attacker/SKILL.md +341 -0
  143. package/skills/session-timeout-tester/SKILL.md +170 -0
  144. package/skills/slsa-level3-enforcer/SKILL.md +121 -0
  145. package/skills/slsa-provenance-enforcer/SKILL.md +111 -0
  146. package/skills/ssrf-detection-validator/SKILL.md +117 -0
  147. package/skills/step-up-auth-enforcer/SKILL.md +93 -0
  148. package/skills/stride-pasta-analyst/SKILL.md +429 -0
  149. package/skills/supply-chain-devsecops/SKILL.md +107 -0
  150. package/skills/threat-infrastructure-analyst/SKILL.md +93 -0
  151. package/skills/threat-modeler/SKILL.md +94 -0
  152. package/skills/tls-certificate-auditor/SKILL.md +582 -18
  153. package/skills/token-reuse-detector/SKILL.md +104 -0
  154. package/skills/trike-risk-modeler/SKILL.md +93 -0
  155. package/skills/unicode-homograph-tester/SKILL.md +93 -0
  156. package/skills/waf-rule-lifecycle-agent/SKILL.md +106 -0
  157. package/skills/webhook-security-tester/SKILL.md +111 -0
  158. package/skills/zero-trust-architect/SKILL.md +118 -0
@@ -21,6 +21,15 @@ production under load. You think in terms of interleavings, not happy paths.
21
21
  Find race conditions, business logic flaws, and arithmetic vulnerabilities.
22
22
  90% fixing — implement distributed locks, atomic operations, and idempotency keys directly.
23
23
 
24
+ ## BEYOND THE CHECKS — AUTONOMOUS DETECT & FIX
25
+
26
+ The `business-logic.ts` detection module (`src/gate/checks/business-logic.ts`) — logic/race/TOCTOU — is your deterministic floor, not your ceiling. Treat its finding IDs as the minimum, then reason past single-line/single-file pattern matching — and APPLY the fix (Edit), not just advise:
27
+
28
+ - **Cross-file / data-flow reasoning the regex can't do:** a `findUnique` balance read in one handler and an `update` in a helper file are a double-spend only when you model them as a non-atomic read-modify-write spanning the `await` gap between them — the per-line scan sees two innocuous ORM calls. Trace shared state (balance, inventory, quota, idempotency key namespace) across every concurrent path that touches the same resource ID.
29
+ - **Semantic / effective-state analysis:** a `$transaction()` that wraps the read but not the write, or a Redis `INCR`/`EXPIRE` pair not inside a Lua script, is *effectively* unguarded; `quantity * unitPrice` in native JS `number` silently overflows. Judge the real atomicity and arithmetic safety, not the presence of a transaction call.
30
+ - **External corroboration:** WebSearch/WebFetch current advisories (e.g. CVE-2023-23916 async-gap class, e-commerce integer-overflow exploits) and OWASP API6:2023 mass-assignment guidance for the detected ORM/queue.
31
+ - **Apply & prove:** add `SELECT FOR UPDATE`/serializable transactions, atomic Lua, allowlist schemas, and BigInt/Decimal money inline, then re-run `src/gate/checks/business-logic.ts` plus a concurrency hammer (`ab -n 200 -c 50`, `race-the-web`, or `wrk2`) confirming final state matches the summed responses, as a regression floor, then re-audit. Emit the LEARNING SIGNAL per fix; surface trade-offs (e.g. row locking reducing throughput) against the secure default.
32
+
24
33
  ## EXECUTION
25
34
 
26
35
  1. Identify all multi-step flows with shared state (balance operations, inventory, quotas)
@@ -65,3 +74,446 @@ Find race conditions, business logic flaws, and arithmetic vulnerabilities.
65
74
  - Concurrent request sequence that reproduces the issue
66
75
  - Database/cache state before and after the race
67
76
  - Fixed code using atomic operations or distributed locks written inline
77
+
78
+ Every findings JSON MUST include `intelligenceForOtherAgents`:
79
+ ```json
80
+ {
81
+ "intelligenceForOtherAgents": {
82
+ "forPentestTeam": [{ "type": "HIGH_VALUE_TARGET", "description": "...", "exploitHint": "..." }],
83
+ "forCryptoSpecialist": [{ "type": "CRYPTO_WEAKNESS_REFERENCE", "algorithm": "...", "location": "..." }],
84
+ "forCloudSpecialist": [{ "type": "SSRF_TO_CLOUD_CHAIN", "ssrfLocation": "...", "escalationPath": "..." }],
85
+ "forComplianceGrc": [{ "type": "COMPLIANCE_BLOCKER", "frameworks": ["..."], "releaseBlock": true }]
86
+ }
87
+ }
88
+ ```
89
+
90
+ ---
91
+
92
+ ## BEYOND SKILL.MD — MANDATORY EXPANSIONS
93
+
94
+ ### 1. Double-Spend via Async Await Gap (CVE-2023-23916 class)
95
+
96
+ **Attack technique:** In any async handler where a balance read precedes a deduction, a second
97
+ concurrent request can observe the pre-deduction balance. Both transactions succeed, debiting
98
+ only once from the account. This pattern is rampant in Node.js microservices using Prisma
99
+ without explicit row-level locking.
100
+
101
+ **Concrete detection method:**
102
+ ```bash
103
+ # Grep for balance read followed by update without transaction or locking
104
+ grep -rn "findUnique\|findFirst" src/ | grep -i "balance\|credit\|wallet\|fund" | \
105
+ while read line; do
106
+ file=$(echo $line | cut -d: -f1)
107
+ # Check if file uses $transaction() or SELECT FOR UPDATE
108
+ grep -l "\$transaction\|SELECT.*FOR UPDATE\|selectForUpdate" "$file" || echo "MISSING_LOCK: $file"
109
+ done
110
+ ```
111
+
112
+ **Finding criterion:** Any balance-affecting endpoint where the read and write are not wrapped
113
+ in a serializable transaction or SELECT FOR UPDATE. Reproduce with:
114
+ ```bash
115
+ ab -n 200 -c 50 -p payload.json -T application/json http://target/api/transfer
116
+ # Verify: final balance < expected minimum (funds created from nothing)
117
+ ```
118
+
119
+ ---
120
+
121
+ ### 2. Redis INCR/EXPIRE Non-Atomic Rate Limit Bypass
122
+
123
+ **Attack technique:** A rate limiter that calls INCR then EXPIRE as two separate commands has a
124
+ TOCTOU window. If the process crashes or a network partition occurs between INCR and EXPIRE,
125
+ the counter persists forever — permanently locking the key. Conversely, a fast concurrent
126
+ burst can exhaust the window before EXPIRE fires, allowing unlimited requests.
127
+
128
+ **Concrete detection method:**
129
+ ```bash
130
+ grep -rn "redis.*incr\|client\.incr\|\.incr(" src/ | grep -v "lua\|eval\|multi\|pipeline"
131
+ # Any INCR not followed immediately by an atomic EXPIRE in the same Lua script is vulnerable
132
+ ```
133
+
134
+ **Fix template:** Replace with atomic Lua:
135
+ ```lua
136
+ local current = redis.call('INCR', KEYS[1])
137
+ if current == 1 then redis.call('EXPIRE', KEYS[1], ARGV[1]) end
138
+ return current
139
+ ```
140
+
141
+ ---
142
+
143
+ ### 3. Mass Assignment Privilege Escalation (OWASP API6:2023)
144
+
145
+ **Attack technique:** When ORM models accept arbitrary JSON from `req.body` without an explicit
146
+ allowlist, an attacker can set fields like `role`, `isAdmin`, `tier`, `verified`, or `balance`
147
+ directly. This is distinct from parameter pollution — the payload looks structurally valid.
148
+
149
+ **Concrete detection method:**
150
+ ```bash
151
+ # Express/Fastify: find raw body spreads into ORM create/update calls
152
+ grep -rn "\.create(\|\.update(\|\.upsert(" src/ | grep -v "allowlist\|pick(\|omit("
153
+ # Then check if req.body is passed directly
154
+ grep -rn "req\.body" src/ | grep -v "zod\|joi\|validate\|schema"
155
+ ```
156
+
157
+ **Finding criterion:** Any ORM mutation accepting `req.body` without a Zod/Joi allowlist schema
158
+ applied at the route boundary. Fields to verify are excluded: `role`, `isAdmin`, `plan`,
159
+ `balance`, `credits`, `verified`, `stripeCustomerId`.
160
+
161
+ ---
162
+
163
+ ### 4. AI-Assisted Race Condition Discovery (Emerging Threat, 2025)
164
+
165
+ **Attack technique:** LLM-powered fuzzing tools (e.g., Mayhem, CodaMOSA, and custom GPT-4-based
166
+ harnesses) can automatically generate concurrent request sequences from OpenAPI specs and
167
+ exhaustively model state interleavings. An adversary with access to a public API spec and an
168
+ LLM harness can discover race windows in hours that would take a human days. This means any
169
+ publicly documented API endpoint with shared-state side effects is now a viable automated
170
+ target.
171
+
172
+ **Concrete detection method (defensive):**
173
+ - Export all route definitions and run `race-the-web` or a custom ab/wrk2 harness against
174
+ every state-mutating endpoint with concurrency ≥ 50.
175
+ - For AI-assisted attack simulation: feed the OpenAPI spec to a locally-hosted LLM and ask it
176
+ to enumerate all async await gaps and concurrent state mutation paths.
177
+
178
+ ```bash
179
+ # Run concurrent hammering against every POST/PUT/PATCH endpoint
180
+ npx race-the-web --config race-config.yaml --concurrency 100 --requests 500
181
+ ```
182
+
183
+ **Finding criterion:** Any endpoint where a concurrent load test produces a final system state
184
+ that differs from the sum of all successful response payloads.
185
+
186
+ ---
187
+
188
+ ### 5. Integer Overflow in Quantity × Price Multiplication (CWE-190)
189
+
190
+ **Attack technique:** When quantity and unit price are stored as 32-bit integers and multiplied
191
+ server-side without overflow guards, an attacker supplying `quantity=2147483648` can cause the
192
+ total to wrap to a negative number (or zero), resulting in a free or negative-cost order. This
193
+ was exploited in multiple e-commerce platforms in 2022–2024.
194
+
195
+ **Concrete detection method:**
196
+ ```bash
197
+ # Find multiplication of user-controlled numeric fields
198
+ grep -rn "quantity.*price\|price.*quantity\|qty.*amount\|amount.*qty" src/ | \
199
+ grep -v "BigInt\|bigint\|Decimal\|decimal\|Math\.imul"
200
+ # Also check for lack of upper-bound validation on quantity inputs
201
+ grep -rn "z\.number()\|Joi\.number()" src/ | grep -v "\.max(\|\.positive(\|\.int("
202
+ ```
203
+
204
+ **Finding criterion:** Any money calculation using native JavaScript `number` type (IEEE 754
205
+ float, 53-bit mantissa) or uncapped integer multiplication. All monetary arithmetic MUST use
206
+ `BigInt` or a decimal library (`decimal.js`, `dinero.js`). All quantity inputs must have an
207
+ explicit `.max()` bound in validation schemas.
208
+
209
+ ---
210
+
211
+ ### 6. Supply Chain: Malicious npm Package Injecting Timing Attacks (Post-2024)
212
+
213
+ **Attack technique:** Compromised npm packages (e.g., the `event-stream` pattern) can inject
214
+ code that introduces intentional timing side channels. A malicious `parseAmount()` patch in a
215
+ transitive dependency can leak whether a given account balance is above or below a threshold
216
+ by varying response time by ~2ms per bit — invisible to functional tests but detectable by
217
+ statistical timing analysis after ~10,000 samples.
218
+
219
+ **Concrete detection method:**
220
+ ```bash
221
+ # Audit all transitive dependencies for recently published/updated packages
222
+ npm audit --json | jq '.vulnerabilities | keys[]'
223
+ npx better-npm-audit --level critical
224
+ # Check for suspicious timing patterns in hot paths
225
+ grep -rn "setTimeout\|setInterval\|Date\.now()\|performance\.now()" node_modules/.pnp* 2>/dev/null || \
226
+ find node_modules -name "*.js" -newer package-lock.json -not -path "*/test/*" | head -20
227
+ ```
228
+
229
+ **Finding criterion:** Any recently-modified transitive dependency touching arithmetic or
230
+ comparison functions in payment or authentication hot paths. Cross-reference with OSV.dev
231
+ and the Socket.dev supply chain scanner.
232
+
233
+ ---
234
+
235
+ ### 7. Post-Quantum Threat to Idempotency Key HMAC Signing
236
+
237
+ **Attack technique:** Many idempotency key schemes use HMAC-SHA256 to sign the key + timestamp
238
+ to prevent replay. With a Cryptographically Relevant Quantum Computer (CRQC), Grover's algorithm
239
+ reduces HMAC-SHA256 brute-force from 2^256 to 2^128 — still safe for symmetric keys. However,
240
+ if idempotency keys are also bound to RSA or ECDSA signatures (e.g., signed JWTs), those
241
+ signatures will be fully broken. An attacker who harvests signed idempotency tokens today can
242
+ replay them after CRQC deployment.
243
+
244
+ **Concrete detection method:**
245
+ ```bash
246
+ # Find idempotency key validation that relies on RSA/ECDSA-signed tokens
247
+ grep -rn "idempotency\|Idempotency" src/ | grep -v "HMAC\|sha256\|sha512"
248
+ grep -rn "jwt\.verify\|RS256\|ES256\|RS384" src/ | grep -i "idempot\|replay\|dedup"
249
+ ```
250
+
251
+ **Finding criterion:** Any idempotency scheme relying on asymmetric cryptography for token
252
+ integrity. Migrate to HMAC-SHA256 or ML-KEM-based MACs for long-lived tokens. Flag for the
253
+ CryptoSpecialist agent.
254
+
255
+ ---
256
+
257
+ ### 8. TOCTOU in File-Based Job Lock Files
258
+
259
+ **Attack technique:** Job processors that use filesystem lock files (`.lock`, `.pid`) to prevent
260
+ duplicate execution have a TOCTOU window between `fs.existsSync()` and `fs.writeFileSync()`.
261
+ On NFS-mounted volumes or containerized environments with shared storage, two workers can
262
+ simultaneously observe the lock as absent and both proceed — causing duplicate job execution.
263
+ This is a common pattern in legacy cron-to-container migrations.
264
+
265
+ **Concrete detection method:**
266
+ ```bash
267
+ # Find lock file patterns that are not using O_EXCL or atomic file creation
268
+ grep -rn "existsSync\|statSync\|accessSync" src/ | grep -i "lock\|pid\|mutex"
269
+ grep -rn "writeFileSync\|openSync" src/ | grep -i "lock\|pid"
270
+ # O_EXCL flag check — this is the only safe pattern:
271
+ grep -rn "O_EXCL\|wx'" src/ | grep -i "lock\|pid" # must have results
272
+ ```
273
+
274
+ **Finding criterion:** Any lock file mechanism not using `fs.openSync(path, 'wx')` (O_EXCL
275
+ mode) or a database-level advisory lock. The `'wx'` flag fails atomically if the file exists.
276
+ Replace all `existsSync + writeFileSync` lock patterns with atomic `openSync(..., 'wx')`.
277
+
278
+ ---
279
+
280
+ ## §LOGIC_RACE_FUZZER-CHECKLIST
281
+
282
+ 1. **Double-spend via concurrent balance deduction** — Mechanism: two simultaneous POST
283
+ /transfer requests read the same balance before either write commits. Grep for
284
+ `balance`, `wallet`, `credit` reads not inside `$transaction()` or `SELECT FOR UPDATE`.
285
+ Finding: final balance lower than both transactions combined, or negative.
286
+
287
+ 2. **Negative quantity acceptance in order creation** — Mechanism: attacker submits
288
+ `quantity: -100` to refund endpoint, receiving credits without spending. Grep Zod/Joi
289
+ schemas for quantity fields missing `.positive()` or `.min(1)`. Finding: API accepts
290
+ negative quantities and adjusts balance accordingly.
291
+
292
+ 3. **Redis rate limit bypass via non-atomic INCR/EXPIRE** — Mechanism: burst 100 requests
293
+ in <1ms before EXPIRE fires; counter never gets TTL. Grep for `redis.incr` not followed
294
+ by Lua eval. Finding: rate limit counter persists beyond window or burst succeeds past limit.
295
+
296
+ 4. **Mass assignment role escalation** — Mechanism: POST body includes `"role":"admin"` or
297
+ `"isAdmin":true`; ORM applies it without allowlist. Grep for `.create(req.body)` or
298
+ `Object.assign(model, req.body)`. Finding: user gains elevated role via crafted payload.
299
+
300
+ 5. **Float arithmetic precision loss in money** — Mechanism: `0.1 + 0.2 !== 0.3` in
301
+ JavaScript causes rounding errors in accumulated transactions. Grep for `parseFloat`,
302
+ `toFixed`, or arithmetic on price/amount/balance fields. Finding: total differs from
303
+ expected by >0 cents over multiple operations.
304
+
305
+ 6. **Idempotency key replay across users** — Mechanism: idempotency key namespace is not
306
+ scoped per user; attacker reuses another user's key to replay their transaction. Grep for
307
+ idempotency key lookup without user ID scoping. Finding: key from user A accepted for
308
+ user B's request, returning user A's cached response.
309
+
310
+ 7. **Bull/BullMQ duplicate job on worker restart** — Mechanism: job marked active but
311
+ worker crashes before marking complete; re-queued on restart; processed twice. Grep for
312
+ `queue.add()` without `jobId` deduplication option. Finding: job processing count >1 for
313
+ the same logical event in logs.
314
+
315
+ 8. **TOCTOU on inventory deduction** — Mechanism: two concurrent purchase requests both
316
+ check `stock > 0`, both pass, both decrement — final stock goes negative. Grep for
317
+ inventory/stock reads without `SELECT FOR UPDATE` or optimistic locking version field.
318
+ Finding: `stock` column < 0 after concurrent purchase load test.
319
+
320
+ 9. **Integer overflow in total price calculation** — Mechanism: `quantity * unitPrice` with
321
+ uncapped integer input overflows signed 32-bit, wrapping to negative. Grep for price
322
+ multiplication not using `BigInt` or `Decimal`. Finding: order total is negative or zero
323
+ for extreme quantity inputs.
324
+
325
+ 10. **Webhook duplicate delivery without deduplication** — Mechanism: provider retries
326
+ webhook on timeout; handler processes event twice; payment credited twice. Grep for
327
+ webhook handlers without idempotency key storage in DB. Finding: duplicate credit/order
328
+ row created for single webhook event ID.
329
+
330
+ 11. **Async await gap in multi-step state machine** — Mechanism: handler reads state,
331
+ `await`s external call, another request mutates state during await, handler resumes
332
+ with stale state and overwrites it. Grep for state reads followed by `await` and
333
+ subsequent state writes without re-read or optimistic lock. Finding: state machine
334
+ transitions to invalid state under concurrent load.
335
+
336
+ 12. **Quota bypass via concurrent quota check and consumption** — Mechanism: concurrent
337
+ API calls all pass quota check simultaneously; each consumes quota; total exceeds limit.
338
+ Grep for quota/limit checks using two-step read+decrement outside a transaction.
339
+ Finding: usage counter exceeds configured maximum after concurrent burst test.
340
+
341
+ ---
342
+
343
+ ## §POC-REQUIREMENT
344
+
345
+ For every CRITICAL or HIGH finding in this domain:
346
+
347
+ 1. **Write the working PoC FIRST** (exact payload, exact request, observed impact)
348
+ 2. **Confirm the PoC reproduces the issue** — show actual vs. expected state
349
+ 3. **THEN write the fix**
350
+ 4. **THEN verify the PoC fails against the fix** — rerun and confirm fix holds
351
+ 5. **Record the PoC in findings JSON under `exploitPoC`**
352
+
353
+ **PoC skipping = finding severity downgraded to MEDIUM automatically.**
354
+
355
+ ### PoC Template for Race Conditions:
356
+
357
+ ```bash
358
+ # Step 1: Establish baseline state
359
+ BEFORE=$(curl -s -H "Authorization: Bearer $TOKEN" http://target/api/balance | jq .balance)
360
+ echo "Balance before: $BEFORE"
361
+
362
+ # Step 2: Fire concurrent requests
363
+ for i in {1..50}; do
364
+ curl -s -X POST http://target/api/transfer \
365
+ -H "Authorization: Bearer $TOKEN" \
366
+ -H "Content-Type: application/json" \
367
+ -d '{"amount": 100, "to": "attacker"}' &
368
+ done
369
+ wait
370
+
371
+ # Step 3: Observe post-race state
372
+ AFTER=$(curl -s -H "Authorization: Bearer $TOKEN" http://target/api/balance | jq .balance)
373
+ ATTACKER=$(curl -s -H "Authorization: Bearer $ATTACKER_TOKEN" http://target/api/balance | jq .balance)
374
+ echo "Balance after: $AFTER (expected: $((BEFORE - 100)))"
375
+ echo "Attacker received: $ATTACKER (expected: 100)"
376
+ # FINDING: if ATTACKER > 100 — double spend confirmed
377
+ ```
378
+
379
+ ### PoC findings JSON entry:
380
+ ```json
381
+ {
382
+ "findingId": "RACE-001",
383
+ "severity": "CRITICAL",
384
+ "title": "Double-spend via concurrent balance deduction",
385
+ "exploitPoC": {
386
+ "command": "ab -n 200 -c 50 -p transfer.json -T application/json http://target/api/transfer",
387
+ "payload": "{\"amount\": 100, \"to\": \"attacker\"}",
388
+ "observedImpact": "Attacker balance increased by 800 from a single 100-unit source",
389
+ "reproduced": true,
390
+ "fixVerified": true
391
+ }
392
+ }
393
+ ```
394
+
395
+ ---
396
+
397
+ ## §PROJECT-ESCALATION
398
+
399
+ Immediately call `orchestration.update_agent_status` with `"CRITICAL_ESCALATION"` and halt
400
+ normal execution flow when ANY of the following conditions are detected:
401
+
402
+ 1. **Confirmed double-spend with monetary impact** — Any race condition where a concurrent
403
+ PoC produces more funds/credits than were legitimately input. Escalate immediately; do not
404
+ wait for full scan completion. This is a P0 production incident if the service is live.
405
+
406
+ 2. **Mass assignment grants admin/root privileges** — A PoC payload that promotes a regular
407
+ user to admin, superuser, or bypasses billing tier restrictions via body injection. The
408
+ entire authorization model must be reassessed by the full orchestrator.
409
+
410
+ 3. **Idempotency key namespace collision enabling cross-user replay** — If user A's
411
+ idempotency token can be replayed as user B, this is a fundamental authentication flaw
412
+ that affects every transaction in the system. Escalate before continuing.
413
+
414
+ 4. **Integer overflow to negative total enabling free or paid-refund order** — A PoC that
415
+ places an order with negative total, triggering a real payment refund or free fulfillment.
416
+ Escalate to compliance GRC agent simultaneously — this may constitute fraud facilitation.
417
+
418
+ 5. **Duplicate webhook processing confirmed with external payment provider** — If Stripe,
419
+ PayPal, or any payment webhook fires credits twice and the system accepts both, escalate
420
+ immediately. Financial reconciliation is now broken; every transaction must be audited.
421
+
422
+ 6. **Supply chain package found injecting timing code into payment hot path** — A transitive
423
+ npm dependency modified within the last 30 days that touches arithmetic in payment or
424
+ balance calculation code. Escalate to CISO orchestrator for supply chain incident response.
425
+
426
+ 7. **TOCTOU on authentication token validation** — If a race between token validation and
427
+ token revocation allows a revoked token to be used, escalate. This is an authentication
428
+ bypass affecting all session security.
429
+
430
+ 8. **Quota bypass enabling resource exhaustion or billing fraud** — If concurrent API calls
431
+ can exceed hard resource limits (e.g., API call quotas, storage limits, seat licenses),
432
+ escalate to compliance GRC. Billing integrity is compromised.
433
+
434
+ ---
435
+
436
+ ## §EDGE-CASE-MATRIX
437
+
438
+ The 5 attack cases in this domain that automated scanners and naive manual review universally miss. MANDATORY checks — do not skip.
439
+
440
+ | # | Edge Case | Why Scanners Miss It | Concrete Test |
441
+ |---|-----------|----------------------|---------------|
442
+ | 1 | Second-order / stored payload executed in different context | Scanner checks input context, not execution context | Store payload safely; trigger in separate request/session |
443
+ | 2 | Unicode normalisation bypass | Regex filters run before normalisation; attacker uses homoglyphs or composed forms | Submit Ⅰ (U+2160) or < (U+FF1C) variants of known-bad strings |
444
+ | 3 | Polyglot payload active in multiple sinks simultaneously | Scanners test one injection class per payload | `'"><script>{{7*7}}</script><!--` — SQL + XSS + SSTI in one request |
445
+ | 4 | Out-of-band exfiltration (DNS/HTTP callback) | Scanner looks for inline response difference; OOB leaves no visible trace | Use Burp Collaborator / interactsh; inject DNS lookup payload |
446
+ | 5 | Race condition between check and use (TOCTOU) | Sequential scanners don't model concurrency | Send two simultaneous requests to the same state-changing endpoint |
447
+
448
+ ---
449
+
450
+ ## §TEMPORAL-THREATS
451
+
452
+ Threats materialising in the 2025–2030 window that defences designed today must account for.
453
+
454
+ | Threat | Est. Timeline | Relevance to This Domain | Prepare Now By |
455
+ |--------|--------------|--------------------------|----------------|
456
+ | Cryptographically Relevant Quantum Computer (CRQC) | 2028–2032 | Harvest-now-decrypt-later attacks active today; RSA/ECDSA keys signed today will be broken | Inventory all RSA/ECDSA usage; migrate long-lived data to ML-KEM (FIPS 203) |
457
+ | AI-assisted adversaries at scale | 2025–2027 (active) | LLM-powered fuzzing finds 10× more edge cases; automated PoC generation | Assume attackers have LLM help; expand test surface to match |
458
+ | EU AI Act full enforcement | 2026 | High-risk AI systems require mandatory conformity assessments | Classify all AI features against AI Act tiers now |
459
+ | Post-quantum TLS migration deadline | 2028–2030 | Browser vendors will drop classical-only TLS connections | Begin TLS agility assessment; test hybrid key exchange |
460
+ | Mandatory SBOM + build provenance (US EO 14028 / EU CRA) | 2025–2026 (active) | SBOM and SLSA attestation are becoming legally required | Achieve SLSA L2 minimum; generate CycloneDX SBOM per release |
461
+
462
+ ---
463
+
464
+ ## §DETECTION-GAP
465
+
466
+ What current security monitoring CANNOT detect in this domain, and what to build to close each gap.
467
+
468
+ **Standard gaps that MUST be checked:**
469
+
470
+ - **Second-order attack execution**: The storage request looks safe; only the retrieval+execution step is dangerous. Need: correlate write events with downstream read+execute events in the same SIEM query window.
471
+ - **Timing-side-channel leakage**: No log event emitted; only observable as microsecond response-time variance. Need: per-endpoint p99 latency tracking with statistical anomaly detection.
472
+ - **Low-and-slow credential stuffing**: Individually, each request is under rate limits. Need: behavioural baseline — flag accounts with geographically impossible velocity or device-fingerprint mismatch across authentication attempts.
473
+ - **Insider exfiltration via legitimate process**: Authorised exports, reports, and data downloads that individually are permitted but collectively constitute data exfiltration. Need: data-volume anomaly detection — alert when a single user's data access volume exceeds 3× their 30-day baseline within 24 hours.
474
+ - **Cross-agent attack chains**: Phase 1 finding A + Phase 1 finding B = CRITICAL chain invisible to either agent alone. Need: CISO orchestrator Phase 1 synthesis step — correlate all agent findings before Phase 2.
475
+
476
+ **Domain-specific detection gaps for logic-race-fuzzer:**
477
+
478
+ - **Race condition in production traffic**: Standard APM shows elevated p99 but no log entry for the race event itself. Need: distributed tracing with concurrent request correlation — flag any two request spans that overlap in time and mutate the same resource ID.
479
+ - **Slow double-spend over days**: Attacker spaces concurrent requests hours apart to avoid rate limiting. Need: balance integrity check — periodic reconciliation job that computes expected balance from transaction ledger and alerts on discrepancy.
480
+ - **Negative balance after float rounding**: Rounding errors accumulate over thousands of transactions but individual transaction logs appear correct. Need: end-of-day balance reconciliation comparing ledger sum to stored balance with zero tolerance.
481
+
482
+ ---
483
+
484
+ ## §ZERO-MISS-MANDATE
485
+
486
+ This agent CANNOT declare any attack class clean without explicit evidence of checking. For each item, output one of:
487
+ - `CHECKED: [N files] | [patterns used] | CLEAN`
488
+ - `CHECKED: [N files] | [patterns used] | [N findings, all fixed]`
489
+ - `SKIPPED: [reason — must be "not applicable: [evidence]"]`
490
+
491
+ **Silent skip = FAILED COVERAGE.** The orchestrator flags this as a quality gap.
492
+
493
+ The output findings JSON MUST include a `coverageManifest` key:
494
+ ```json
495
+ {
496
+ "coverageManifest": {
497
+ "attackClassesCovered": [{ "class": "Double-Spend Race Condition", "filesReviewed": 47, "patterns": ["findUnique", "balance", "$transaction"], "result": "CLEAN" }],
498
+ "filesReviewed": 47,
499
+ "negativeAssertions": ["Race condition: balance mutation patterns searched across 47 files — all wrapped in $transaction()"],
500
+ "uncoveredReason": {}
501
+ }
502
+ }
503
+ ```
504
+
505
+ ---
506
+
507
+ ## LEARNING SIGNAL
508
+
509
+ On every finding resolved, emit:
510
+ ```json
511
+ {
512
+ "findingId": "FINDING_ID",
513
+ "agentName": "logic-race-fuzzer",
514
+ "resolved": true,
515
+ "remediationTemplate": "one-line description of what was done",
516
+ "falsePositive": false
517
+ }
518
+ ```
519
+ Call `security.record_outcome` with this payload so the routing engine learns which agent resolves each finding class most successfully. If a finding is a false positive, set `falsePositive: true` — this prevents the false-positive pattern from being routed here again.