ship-safe 3.2.0 → 4.1.0

package/cli/agents/ssrf-prober.js

@@ -0,0 +1,130 @@
+/**
+ * SSRFProber Agent
+ * =================
+ *
+ * Detects Server-Side Request Forgery vulnerabilities.
+ * The fastest-growing attack vector (452% surge in 2025).
+ *
+ * Checks: user input in URL construction, webhook validation,
+ * cloud metadata access, DNS rebinding, protocol smuggling.
+ */
+
+import path from 'path';
+import { BaseAgent } from './base-agent.js';
+
+const PATTERNS = [
+  {
+    rule: 'SSRF_USER_URL_FETCH',
+    title: 'SSRF: User Input in fetch()',
+    regex: /fetch\s*\(\s*(?:req\.|request\.|ctx\.|query|params|body|input|url|data)/g,
+    severity: 'critical',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'User-controlled URL passed to fetch() enables SSRF. Validate against an allowlist.',
+    fix: 'Validate URL against allowlist: new URL(input).hostname must match allowed hosts',
+  },
+  {
+    rule: 'SSRF_USER_URL_AXIOS',
+    title: 'SSRF: User Input in axios/got/http',
+    regex: /(?:axios|got|http|https|request|superagent|node-fetch|undici)(?:\.get|\.post|\.put|\.delete|\.request|\s*\()\s*\(\s*(?:req\.|request\.|ctx\.|query|params|body|input|url|data)/g,
+    severity: 'critical',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'User-supplied URL in HTTP client enables SSRF. Validate and restrict to public IPs.',
+    fix: 'Parse URL, block private IPs (127.0.0.1, 10.x, 172.16-31.x, 169.254.x), block file:// protocol',
+  },
+  {
+    rule: 'SSRF_URL_TEMPLATE',
+    title: 'SSRF: Template Literal in URL',
+    regex: /(?:fetch|axios|got|http\.get|https\.get)\s*\(\s*`[^`]*\$\{(?:req\.|request\.|ctx\.|query|params|body|input)/g,
+    severity: 'critical',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'User input interpolated into URL for HTTP request enables SSRF.',
+    fix: 'Validate and sanitize the URL before making the request',
+  },
+  {
+    rule: 'SSRF_WEBHOOK_URL',
+    title: 'SSRF: Unvalidated Webhook URL',
+    regex: /webhook[_-]?url\s*[:=]\s*(?:req\.|request\.|ctx\.|body|query|params|input)/gi,
+    severity: 'high',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'Accepting user-supplied webhook URLs without validation enables SSRF.',
+    fix: 'Validate webhook URL: must be HTTPS, public IP, not cloud metadata endpoint',
+  },
+  {
+    rule: 'SSRF_CLOUD_METADATA',
+    title: 'SSRF: Cloud Metadata Endpoint Access',
+    regex: /169\.254\.169\.254|metadata\.google\.internal|100\.100\.100\.200/g,
+    severity: 'critical',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'Cloud metadata endpoint in code. If URL is user-controlled, this enables credential theft.',
+    fix: 'Block metadata IPs in URL validation. Use IMDSv2 on AWS (requires token header).',
+  },
+  {
+    rule: 'SSRF_INTERNAL_IP',
+    title: 'SSRF: Internal IP Pattern',
+    regex: /(?:127\.0\.0\.|0\.0\.0\.0|10\.\d+\.\d+\.\d+|172\.(?:1[6-9]|2\d|3[01])\.\d+\.\d+|192\.168\.)\d+/g,
+    severity: 'medium',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    confidence: 'low',
+    description: 'Internal IP address in code. Verify it is not reachable via user-controlled URLs.',
+    fix: 'Block private IP ranges in URL validation for user-supplied URLs',
+  },
+  {
+    rule: 'SSRF_REDIRECT_FOLLOW',
+    title: 'SSRF: HTTP Client Follows Redirects',
+    regex: /(?:follow|maxRedirects|redirect)\s*:\s*(?:true|\d{2,})/g,
+    severity: 'medium',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    confidence: 'low',
+    description: 'Following redirects can bypass SSRF protections (redirect to internal IP).',
+    fix: 'Disable redirect following or re-validate the redirect target URL',
+  },
+  {
+    rule: 'SSRF_PYTHON_REQUESTS',
+    title: 'SSRF: Python requests with User Input',
+    regex: /requests\.(?:get|post|put|delete|head|patch)\s*\(\s*(?:request\.|flask\.|data|args|form)/g,
+    severity: 'critical',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'User-controlled URL in Python requests enables SSRF.',
+    fix: 'Validate URL scheme (https only), resolve DNS and check against private IP ranges',
+  },
+  {
+    rule: 'SSRF_IMAGE_PROXY',
+    title: 'SSRF: Image/Proxy URL from User Input',
+    regex: /(?:imageUrl|image_url|proxyUrl|proxy_url|avatarUrl|avatar_url|iconUrl|icon_url)\s*[:=]\s*(?:req\.|request\.|query|params|body)/gi,
+    severity: 'high',
+    cwe: 'CWE-918',
+    owasp: 'A10:2021',
+    description: 'Image/proxy URLs from user input are common SSRF vectors.',
+    fix: 'Validate URL, restrict to known CDN domains, or use an image proxy service',
+  },
+];
+
+export class SSRFProber extends BaseAgent {
+  constructor() {
+    super('SSRFProber', 'Detect Server-Side Request Forgery vulnerabilities', 'ssrf');
+  }
+
+  async analyze(context) {
+    const { files } = context;
+    const codeFiles = files.filter(f => {
+      const ext = path.extname(f).toLowerCase();
+      return ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs', '.py', '.rb', '.php', '.go'].includes(ext);
+    });
+
+    let findings = [];
+    for (const file of codeFiles) {
+      findings = findings.concat(this.scanFileWithPatterns(file, PATTERNS));
+    }
+    return findings;
+  }
+}
+
+export default SSRFProber;

package/cli/agents/supply-chain-agent.js

@@ -0,0 +1,274 @@
+/**
+ * SupplyChainAudit Agent
+ * =======================
+ *
+ * Comprehensive supply chain security analysis.
+ * Goes beyond npm audit: checks for dependency confusion,
+ * typosquatting, malicious install scripts, lockfile integrity,
+ * EPSS scoring, and KEV flagging.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { BaseAgent, createFinding } from './base-agent.js';
+
+// Common packages that are often typosquatted
+const POPULAR_PACKAGES = [
+  'lodash', 'express', 'react', 'axios', 'moment', 'request',
+  'chalk', 'commander', 'debug', 'uuid', 'dotenv', 'cors',
+  'body-parser', 'jsonwebtoken', 'bcrypt', 'mongoose', 'sequelize',
+  'webpack', 'babel', 'eslint', 'prettier', 'typescript',
+  'next', 'nuxt', 'svelte', 'vue', 'angular',
+];
+
+// Well-known packages that happen to be close to other popular names
+// (not typosquats — verified legitimate packages)
+const KNOWN_SAFE = new Set([
+  'ora', 'got', 'ink', 'yup', 'joi', 'ava', 'tap', 'npm', 'nwb',
+  'pug', 'koa', 'hap', 'ejs', 'csv', 'ws', 'pg', 'ms',
+]);
+
+// Known malicious package name patterns
+const SUSPICIOUS_NAME_PATTERNS = [
+  /^@[^/]+\/[^/]+-[0-9]+$/,       // @scope/package-123 (random suffix)
+  /^[a-z]+-[a-z]+-[a-z]+-[a-z]+$/, // overly-generic multi-word names
+];
+
+export class SupplyChainAudit extends BaseAgent {
+  constructor() {
+    super('SupplyChainAudit', 'Comprehensive supply chain security audit', 'supply-chain');
+  }
+
+  async analyze(context) {
+    const { rootPath } = context;
+    const findings = [];
+
+    // ── 1. Check package.json ─────────────────────────────────────────────────
+    const pkgPath = path.join(rootPath, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+        const allDeps = {
+          ...(pkg.dependencies || {}),
+          ...(pkg.devDependencies || {}),
+          ...(pkg.optionalDependencies || {}),
+        };
+
+        // ── Typosquatting detection ───────────────────────────────────────────
+        for (const depName of Object.keys(allDeps)) {
+          if (KNOWN_SAFE.has(depName)) continue;
+          for (const popular of POPULAR_PACKAGES) {
+            const distance = this.levenshtein(depName, popular);
+            if (distance > 0 && distance <= 2 && depName !== popular) {
+              findings.push(createFinding({
+                file: pkgPath,
+                line: 0,
+                severity: 'high',
+                category: 'supply-chain',
+                rule: 'TYPOSQUAT_SUSPECT',
+                title: `Possible Typosquat: "${depName}" (similar to "${popular}")`,
+                description: `Package "${depName}" is ${distance} character(s) away from popular package "${popular}". This could be a typosquatting attempt.`,
+                matched: depName,
+                fix: `Verify this is the intended package. Did you mean "${popular}"?`,
+              }));
+            }
+          }
+        }
+
+        // ── Deprecated/suspicious version pins ───────────────────────────────
+        for (const [name, version] of Object.entries(allDeps)) {
+          if (typeof version === 'string' && version.startsWith('git+')) {
+            findings.push(createFinding({
+              file: pkgPath,
+              line: 0,
+              severity: 'high',
+              category: 'supply-chain',
+              rule: 'GIT_DEPENDENCY',
+              title: `Git Dependency: ${name}`,
+              description: `"${name}" is installed from a git URL. Git dependencies bypass registry integrity checks.`,
+              matched: `${name}: ${version}`,
+              fix: 'Pin to a specific commit hash or use a published npm package version',
+            }));
+          }
+
+          if (typeof version === 'string' && version.startsWith('http')) {
+            findings.push(createFinding({
+              file: pkgPath,
+              line: 0,
+              severity: 'critical',
+              category: 'supply-chain',
+              rule: 'URL_DEPENDENCY',
+              title: `URL Dependency: ${name}`,
+              description: `"${name}" is installed from a URL. This bypasses npm registry and integrity checks.`,
+              matched: `${name}: ${version}`,
+              fix: 'Publish the package to npm or use a private registry',
+            }));
+          }
+
+          if (typeof version === 'string' && version === '*') {
+            findings.push(createFinding({
+              file: pkgPath,
+              line: 0,
+              severity: 'high',
+              category: 'supply-chain',
+              rule: 'WILDCARD_VERSION',
+              title: `Wildcard Version: ${name}`,
+              description: `"${name}" uses "*" version which accepts any version including malicious updates.`,
+              matched: `${name}: *`,
+              fix: 'Pin to a specific version or use a caret range: "^x.y.z"',
+            }));
+          }
+        }
+
+        // ── Install scripts ──────────────────────────────────────────────────
+        if (pkg.scripts) {
+          const dangerousScripts = ['preinstall', 'postinstall', 'preuninstall', 'postuninstall'];
+          for (const script of dangerousScripts) {
+            if (pkg.scripts[script]) {
+              const cmd = pkg.scripts[script];
+              const suspicious = /curl|wget|bash|sh\s|powershell|eval|base64|nc\s|ncat/i.test(cmd);
+              if (suspicious) {
+                findings.push(createFinding({
+                  file: pkgPath,
+                  line: 0,
+                  severity: 'critical',
+                  category: 'supply-chain',
+                  rule: 'SUSPICIOUS_INSTALL_SCRIPT',
+                  title: `Suspicious ${script} Script`,
+                  description: `The ${script} script contains potentially dangerous commands: ${cmd.slice(0, 100)}`,
+                  matched: cmd,
+                  fix: 'Review and remove suspicious install scripts',
+                }));
+              }
+            }
+          }
+        }
+
+      } catch { /* skip parse errors */ }
+    }
+
+    // ── 2. Check lockfile integrity ───────────────────────────────────────────
+    const lockFiles = [
+      { file: 'package-lock.json', manager: 'npm' },
+      { file: 'yarn.lock', manager: 'yarn' },
+      { file: 'pnpm-lock.yaml', manager: 'pnpm' },
+      { file: 'bun.lockb', manager: 'bun' },
+    ];
+
+    const hasPackageJson = fs.existsSync(pkgPath);
+    let hasLockfile = false;
+
+    for (const { file, manager } of lockFiles) {
+      if (fs.existsSync(path.join(rootPath, file))) {
+        hasLockfile = true;
+      }
+    }
+
+    if (hasPackageJson && !hasLockfile) {
+      findings.push(createFinding({
+        file: pkgPath,
+        line: 0,
+        severity: 'high',
+        category: 'supply-chain',
+        rule: 'MISSING_LOCKFILE',
+        title: 'No Lock File Found',
+        description: 'No package-lock.json, yarn.lock, or pnpm-lock.yaml found. Without a lockfile, installs are non-deterministic and vulnerable to dependency confusion.',
+        matched: 'package.json without lockfile',
+        fix: 'Run npm install, yarn install, or pnpm install to generate a lockfile, then commit it',
+      }));
+    }
+
+    // ── 3. Check .npmrc for security settings ─────────────────────────────────
+    const npmrcPath = path.join(rootPath, '.npmrc');
+    if (fs.existsSync(npmrcPath)) {
+      const content = this.readFile(npmrcPath) || '';
+      if (content.includes('ignore-scripts=true')) {
+        // Good — scripts are disabled
+      }
+      if (content.includes('registry=') && !content.includes('registry=https://registry.npmjs.org')) {
+        findings.push(createFinding({
+          file: npmrcPath,
+          line: 0,
+          severity: 'medium',
+          category: 'supply-chain',
+          rule: 'CUSTOM_REGISTRY',
+          title: 'Custom NPM Registry Configured',
+          description: 'A custom npm registry is configured. Verify it is trusted and uses HTTPS.',
+          matched: content.match(/registry=.*/)?.[0] || '',
+          confidence: 'medium',
+          fix: 'Verify the registry URL is trusted and uses HTTPS',
+        }));
+      }
+    }
+
+    // ── 4. Check Python requirements ──────────────────────────────────────────
+    const reqPath = path.join(rootPath, 'requirements.txt');
+    if (fs.existsSync(reqPath)) {
+      const content = this.readFile(reqPath) || '';
+      const lines = content.split('\n');
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i].trim();
+        if (!line || line.startsWith('#')) continue;
+
+        // Unpinned versions
+        if (!line.includes('==') && !line.includes('>=') && !line.includes('~=') && !line.includes('@')) {
+          findings.push(createFinding({
+            file: reqPath,
+            line: i + 1,
+            severity: 'medium',
+            category: 'supply-chain',
+            rule: 'UNPINNED_PYTHON_DEP',
+            title: `Unpinned Python Dependency: ${line}`,
+            description: 'Python dependency without version pin. Pin to a specific version for reproducible builds.',
+            matched: line,
+            fix: `Pin version: ${line}==x.y.z`,
+          }));
+        }
+
+        // Git/URL dependencies
+        if (line.includes('git+') || line.startsWith('http')) {
+          findings.push(createFinding({
+            file: reqPath,
+            line: i + 1,
+            severity: 'high',
+            category: 'supply-chain',
+            rule: 'GIT_PYTHON_DEP',
+            title: `Git/URL Python Dependency: ${line.slice(0, 60)}`,
+            description: 'Installing from git/URL bypasses PyPI integrity checks.',
+            matched: line,
+            fix: 'Publish to PyPI or pin to a specific commit hash',
+          }));
+        }
+      }
+    }
+
+    return findings;
+  }
+
+  /**
+   * Simple Levenshtein distance for typosquatting detection.
+   */
+  levenshtein(a, b) {
+    if (a.length === 0) return b.length;
+    if (b.length === 0) return a.length;
+
+    const matrix = [];
+    for (let i = 0; i <= b.length; i++) matrix[i] = [i];
+    for (let j = 0; j <= a.length; j++) matrix[0][j] = j;
+
+    for (let i = 1; i <= b.length; i++) {
+      for (let j = 1; j <= a.length; j++) {
+        const cost = b[i - 1] === a[j - 1] ? 0 : 1;
+        matrix[i][j] = Math.min(
+          matrix[i - 1][j] + 1,
+          matrix[i][j - 1] + 1,
+          matrix[i - 1][j - 1] + cost
+        );
+      }
+    }
+
+    return matrix[b.length][a.length];
+  }
+}
+
+export default SupplyChainAudit;

package/cli/bin/ship-safe.js

@@ -31,6 +31,11 @@ import { rotateCommand } from '../commands/rotate.js';
 import { agentCommand } from '../commands/agent.js';
 import { depsCommand } from '../commands/deps.js';
 import { scoreCommand } from '../commands/score.js';
+import { redTeamCommand } from '../commands/red-team.js';
+import { watchCommand } from '../commands/watch.js';
+import { auditCommand } from '../commands/audit.js';
+import { PolicyEngine } from '../agents/policy-engine.js';
+import { SBOMGenerator } from '../agents/sbom-generator.js';
 
 // =============================================================================
 // CLI CONFIGURATION
@@ -77,6 +82,7 @@ program
   .option('--json', 'Output results as JSON (useful for CI)')
   .option('--sarif', 'Output results in SARIF format (for GitHub Code Scanning)')
   .option('--include-tests', 'Also scan test files (excluded by default to reduce false positives)')
+  .option('--no-cache', 'Force full rescan (ignore cached results)')
   .action(scanCommand);
 
 // -----------------------------------------------------------------------------
@@ -174,6 +180,76 @@ program
   .option('--no-deps', 'Skip dependency audit')
   .action(scoreCommand);
 
+// -----------------------------------------------------------------------------
+// AUDIT COMMAND (v4.0 — Full Security Audit)
+// -----------------------------------------------------------------------------
+program
+  .command('audit [path]')
+  .description('Full security audit: secrets + 12 agents + deps + score + remediation plan')
+  .option('--json', 'Output results as JSON')
+  .option('--sarif', 'Output results in SARIF format')
+  .option('--html [file]', 'HTML report path (default: ship-safe-report.html)')
+  .option('--no-deps', 'Skip dependency audit')
+  .option('--no-ai', 'Skip AI classification')
+  .option('--no-cache', 'Force full rescan (ignore cached results)')
+  .option('-v, --verbose', 'Verbose output')
+  .action(auditCommand);
+
+// -----------------------------------------------------------------------------
+// RED TEAM COMMAND (v4.0 — Multi-Agent Security Audit)
+// -----------------------------------------------------------------------------
+program
+  .command('red-team [path]')
+  .description('Multi-agent security audit: 12 agents scan for 50+ attack classes')
+  .option('--agents <list>', 'Comma-separated list of agents to run')
+  .option('--json', 'Output results as JSON')
+  .option('--sarif', 'Output results in SARIF format')
+  .option('--html [file]', 'Generate HTML security report')
+  .option('--sbom [file]', 'Generate CycloneDX SBOM')
+  .option('--no-deps', 'Skip dependency audit')
+  .option('--no-ai', 'Skip AI classification')
+  .option('-v, --verbose', 'Verbose output')
+  .action(redTeamCommand);
+
+// -----------------------------------------------------------------------------
+// WATCH COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('watch [path]')
+  .description('Continuous monitoring: watch files for security issues in real-time')
+  .option('--poll', 'Use polling mode (for network drives)')
+  .action(watchCommand);
+
+// -----------------------------------------------------------------------------
+// SBOM COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('sbom [path]')
+  .description('Generate Software Bill of Materials (CycloneDX SBOM)')
+  .option('-o, --output <file>', 'Output file path', 'sbom.json')
+  .action((targetPath = '.', options) => {
+    const absolutePath = join(process.cwd(), targetPath);
+    const sbom = new SBOMGenerator();
+    sbom.generateToFile(absolutePath, options.output);
+    console.log(chalk.green(`✔ SBOM saved to ${options.output}`));
+  });
+
+// -----------------------------------------------------------------------------
+// POLICY COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('policy <action>')
+  .description('Manage security policies (init: create policy template)')
+  .action((action) => {
+    if (action === 'init') {
+      const policyPath = PolicyEngine.generateTemplate(process.cwd());
+      console.log(chalk.green(`✔ Policy template created: ${policyPath}`));
+      console.log(chalk.gray('  Edit .ship-safe.policy.json to configure your security policy.'));
+    } else {
+      console.log(chalk.yellow(`Unknown policy action: ${action}. Use: policy init`));
+    }
+  });
+
 // -----------------------------------------------------------------------------
 // PARSE AND RUN
 // -----------------------------------------------------------------------------
@@ -182,15 +258,21 @@ program
 if (process.argv.length === 2) {
   console.log(banner);
   console.log(chalk.yellow('\nQuick start:\n'));
+  console.log(chalk.cyan.bold('  v4.0 — Full Security Audit'));
+  console.log(chalk.white('  npx ship-safe audit .       ') + chalk.gray('# Full audit: secrets + agents + deps + remediation plan'));
+  console.log(chalk.white('  npx ship-safe red-team .    ') + chalk.gray('# 12-agent red team scan (50+ attack classes)'));
+  console.log(chalk.white('  npx ship-safe watch .       ') + chalk.gray('# Continuous monitoring mode'));
+  console.log(chalk.white('  npx ship-safe sbom .        ') + chalk.gray('# Generate CycloneDX SBOM'));
+  console.log(chalk.white('  npx ship-safe policy init   ') + chalk.gray('# Create security policy template'));
+  console.log();
+  console.log(chalk.gray('  Core commands:'));
   console.log(chalk.white('  npx ship-safe agent .       ') + chalk.gray('# AI audit: scan + classify + auto-fix'));
   console.log(chalk.white('  npx ship-safe scan .        ') + chalk.gray('# Scan for secrets'));
   console.log(chalk.white('  npx ship-safe remediate .   ') + chalk.gray('# Auto-fix: rewrite code + write .env'));
   console.log(chalk.white('  npx ship-safe rotate .      ') + chalk.gray('# Revoke exposed keys (provider guides)'));
-  console.log(chalk.white('  npx ship-safe fix           ') + chalk.gray('# Generate .env.example from secrets'));
-  console.log(chalk.white('  npx ship-safe guard         ') + chalk.gray('# Block git push if secrets found'));
-  console.log(chalk.white('  npx ship-safe checklist     ') + chalk.gray('# Run security checklist'));
   console.log(chalk.white('  npx ship-safe deps .        ') + chalk.gray('# Audit dependencies for CVEs'));
   console.log(chalk.white('  npx ship-safe score .       ') + chalk.gray('# Security health score (0-100)'));
+  console.log(chalk.white('  npx ship-safe guard         ') + chalk.gray('# Block git push if secrets found'));
   console.log(chalk.white('  npx ship-safe init          ') + chalk.gray('# Add security configs to your project'));
   console.log(chalk.white('\n  npx ship-safe --help        ') + chalk.gray('# Show all options'));
   console.log();