ship-safe 4.3.0 → 5.0.0

package/cli/agents/supply-chain-agent.js

@@ -283,7 +283,158 @@ export class SupplyChainAudit extends BaseAgent {
       }
     }
 
-    // ── 5. Check Python requirements ──────────────────────────────────────────
+    // ── 5. Package behavioral signals (Socket-style) ─────────────────────────
+    if (fs.existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+        const allDeps = {
+          ...(pkg.dependencies || {}),
+          ...(pkg.devDependencies || {}),
+        };
+
+        // Scan node_modules for behavioral red flags
+        const nodeModulesPath = path.join(rootPath, 'node_modules');
+        if (fs.existsSync(nodeModulesPath)) {
+          for (const depName of Object.keys(allDeps).slice(0, 50)) {
+            const depDir = path.join(nodeModulesPath, depName);
+            const depPkgPath = path.join(depDir, 'package.json');
+            if (!fs.existsSync(depPkgPath)) continue;
+            try {
+              const depPkg = JSON.parse(fs.readFileSync(depPkgPath, 'utf-8'));
+
+              // Check for postinstall scripts with network/eval calls
+              const scripts = depPkg.scripts || {};
+              for (const hook of ['preinstall', 'install', 'postinstall']) {
+                const cmd = scripts[hook];
+                if (!cmd) continue;
+                if (/node\s+-e|node\s+--eval/.test(cmd)) {
+                  findings.push(createFinding({
+                    file: depPkgPath,
+                    line: 0,
+                    severity: 'high',
+                    category: 'supply-chain',
+                    rule: 'BEHAVIORAL_INLINE_EVAL',
+                    title: `Inline Code Execution in ${hook}: ${depName}`,
+                    description: `Dependency "${depName}" runs inline Node.js code during ${hook}. This is a common pattern in malicious packages.`,
+                    matched: cmd.slice(0, 200),
+                    fix: 'Review the inline code. Consider using --ignore-scripts or removing the dependency.',
+                  }));
+                }
+              }
+            } catch { /* skip */ }
+          }
+        }
+
+        // Detect obfuscated code patterns in dependencies
+        const codeFiles = (context.files || []).filter(f =>
+          f.includes('node_modules') &&
+          !f.includes('node_modules/.cache') &&
+          path.extname(f).toLowerCase() === '.js' &&
+          !path.basename(f).endsWith('.min.js')
+        ).slice(0, 30); // Sample up to 30 files
+
+        for (const file of codeFiles) {
+          const content = this.readFile(file);
+          if (!content || content.length < 100) continue;
+
+          // Excessive hex encoding
+          const hexMatches = (content.match(/\\x[0-9a-fA-F]{2}/g) || []).length;
+          if (hexMatches > 20) {
+            findings.push(createFinding({
+              file,
+              line: 1,
+              severity: 'high',
+              category: 'supply-chain',
+              rule: 'BEHAVIORAL_HEX_OBFUSCATION',
+              title: 'Obfuscated Code: Excessive Hex Encoding',
+              description: `File contains ${hexMatches} hex-encoded sequences. Common in malicious packages trying to hide payload.`,
+              matched: `${hexMatches} hex sequences detected`,
+              fix: 'Inspect the deobfuscated code. Consider removing this dependency.',
+            }));
+          }
+
+          // Excessive String.fromCharCode
+          const charCodeMatches = (content.match(/String\.fromCharCode/g) || []).length;
+          if (charCodeMatches > 5) {
+            findings.push(createFinding({
+              file,
+              line: 1,
+              severity: 'high',
+              category: 'supply-chain',
+              rule: 'BEHAVIORAL_CHARCODE_OBFUSCATION',
+              title: 'Obfuscated Code: Excessive String.fromCharCode',
+              description: `File contains ${charCodeMatches} String.fromCharCode calls. Common obfuscation technique in malicious packages.`,
+              matched: `${charCodeMatches} String.fromCharCode calls`,
+              fix: 'Inspect the deobfuscated code. Consider removing this dependency.',
+            }));
+          }
+
+          // Base64 decode chains
+          const base64Matches = (content.match(/Buffer\.from\s*\([^,]+,\s*['"]base64['"]\)/g) || []).length;
+          if (base64Matches > 3) {
+            findings.push(createFinding({
+              file,
+              line: 1,
+              severity: 'medium',
+              category: 'supply-chain',
+              rule: 'BEHAVIORAL_BASE64_DECODE',
+              title: 'Suspicious: Multiple Base64 Decode Operations',
+              description: `File contains ${base64Matches} base64 decode operations. May indicate hidden payload.`,
+              matched: `${base64Matches} base64 decode operations`,
+              confidence: 'medium',
+              fix: 'Review what data is being decoded. Legitimate use is possible but warrants inspection.',
+            }));
+          }
+        }
+
+        // Detect unused dependencies (in package.json but never imported)
+        const projectFiles = (context.files || []).filter(f =>
+          !f.includes('node_modules') &&
+          ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'].includes(path.extname(f).toLowerCase())
+        );
+
+        if (projectFiles.length > 0 && projectFiles.length < 500) {
+          const allImports = new Set();
+          for (const file of projectFiles) {
+            const content = this.readFile(file);
+            if (!content) continue;
+            // Capture import/require module names
+            const importMatches = content.matchAll(/(?:from\s+['"]([^'"]+)['"]|require\s*\(\s*['"]([^'"]+)['"]\s*\))/g);
+            for (const m of importMatches) {
+              const mod = (m[1] || m[2] || '').split('/')[0]; // Get package name (not subpath)
+              if (mod && !mod.startsWith('.')) allImports.add(mod);
+              // Handle scoped packages
+              const fullMod = m[1] || m[2] || '';
+              if (fullMod.startsWith('@')) {
+                const scopedPkg = fullMod.split('/').slice(0, 2).join('/');
+                allImports.add(scopedPkg);
+              }
+            }
+          }
+
+          const prodDeps = Object.keys(pkg.dependencies || {});
+          for (const dep of prodDeps) {
+            if (!allImports.has(dep) && !dep.startsWith('@types/')) {
+              findings.push(createFinding({
+                file: pkgPath,
+                line: 0,
+                severity: 'low',
+                category: 'supply-chain',
+                rule: 'UNUSED_DEPENDENCY',
+                title: `Unused Dependency: ${dep}`,
+                description: `"${dep}" is in dependencies but never imported in project code. Unused dependencies increase attack surface.`,
+                matched: dep,
+                confidence: 'low',
+                fix: `Remove if unused: npm uninstall ${dep}`,
+              }));
+            }
+          }
+        }
+
+      } catch { /* skip */ }
+    }
+
+    // ── 6. Check Python requirements ──────────────────────────────────────────
     const reqPath = path.join(rootPath, 'requirements.txt');
     if (fs.existsSync(reqPath)) {
       const content = this.readFile(reqPath) || '';

package/cli/agents/verifier-agent.js

@@ -0,0 +1,292 @@
+/**
+ * VerifierAgent — Second-Pass Finding Confirmation
+ * ==================================================
+ *
+ * Runs after all agents complete. Takes high-confidence findings
+ * and attempts to confirm or downgrade them by analyzing surrounding
+ * code context.
+ *
+ * Checks:
+ *   - Is the flagged value static/hardcoded or dynamic (from user input)?
+ *   - Is there upstream sanitization or validation?
+ *   - Is the code inside error handling that neutralizes it?
+ *   - Is the finding in dead/unreachable code?
+ *
+ * Impact: Unverified findings get downgraded one confidence level.
+ */
+
+import fs from 'fs';
+import path from 'path';
+
+// =============================================================================
+// HEURISTIC PATTERNS
+// =============================================================================
+
+/** Sources of user input — if a finding's matched code references these, it's more likely real */
+const USER_INPUT_SOURCES = [
+  /req\.body/,
+  /req\.query/,
+  /req\.params/,
+  /req\.headers/,
+  /request\.body/,
+  /request\.query/,
+  /request\.params/,
+  /request\.form/,
+  /request\.args/,
+  /request\.json/,
+  /ctx\.request/,
+  /ctx\.query/,
+  /ctx\.params/,
+  /event\.body/,
+  /event\.queryStringParameters/,
+  /searchParams/,
+  /formData/,
+  /userinput/i,
+  /user_input/i,
+  /input\s*\(/,
+  /argv/,
+  /process\.env/,
+  /getenv/,
+];
+
+/** Sanitization/validation indicators — presence near a finding suggests it's protected */
+const SANITIZATION_PATTERNS = [
+  /sanitize/i,
+  /validate/i,
+  /escape/i,
+  /purify/i,
+  /DOMPurify/,
+  /xss\s*\(/i,
+  /htmlencode/i,
+  /encodeURI/,
+  /encodeURIComponent/,
+  /parameterized/i,
+  /prepared\s*statement/i,
+  /placeholder/i,
+  /\?\s*,/,
+  /\$\d+/,
+  /bindParam/i,
+  /bindValue/i,
+  /zod/i,
+  /yup/i,
+  /joi\./i,
+  /ajv/i,
+  /schema\.parse/i,
+  /safeParse/i,
+  /validator\./i,
+  /parseInt\s*\(/,
+  /parseFloat\s*\(/,
+  /Number\s*\(/,
+  /\.trim\s*\(/,
+  /\.replace\s*\(/,
+  /allowlist/i,
+  /whitelist/i,
+  /blocklist/i,
+  /blacklist/i,
+];
+
+/** Error handling wrappers — findings inside these are less exploitable */
+const ERROR_HANDLING_PATTERNS = [
+  /}\s*catch\s*\(/,
+  /\.catch\s*\(/,
+  /try\s*\{/,
+  /if\s*\(\s*err/,
+  /on\s*\(\s*['"]error['"]/,
+  /\.on\s*\(\s*['"]error['"]/,
+];
+
+/** Static/hardcoded value indicators — finding uses a constant, not user input */
+const STATIC_VALUE_PATTERNS = [
+  /['"][^'"]{0,200}['"]/,
+  /const\s+\w+\s*=\s*['"][^'"]*['"]/,
+  /^\s*\/\//,
+  /^\s*\*/,
+  /^\s*#/,
+  /TODO|FIXME|HACK|NOTE/,
+];
+
+/** Dead code indicators */
+const DEAD_CODE_PATTERNS = [
+  /return\s+/,
+  /throw\s+/,
+  /process\.exit/,
+  /^\s*\/\//,
+];
+
+// =============================================================================
+// VERIFIER AGENT
+// =============================================================================
+
+export class VerifierAgent {
+  constructor() {
+    this.name = 'VerifierAgent';
+    this.description = 'Second-pass verification of findings';
+  }
+
+  /**
+   * Verify an array of findings by analyzing surrounding code context.
+   * Returns findings with added `verified` and `verifierNote` fields.
+   *
+   * @param {object[]} findings — Findings from all agents (post-dedup)
+   * @param {object}   options  — { verbose }
+   * @returns {object[]} — Findings with verification metadata
+   */
+  verify(findings, options = {}) {
+    const fileCache = new Map();
+
+    for (const finding of findings) {
+      // Only verify critical and high severity findings
+      if (finding.severity !== 'critical' && finding.severity !== 'high') {
+        finding.verified = null; // not checked
+        continue;
+      }
+
+      const result = this._verifyFinding(finding, fileCache);
+      finding.verified = result.verified;
+      finding.verifierNote = result.note;
+
+      // Downgrade unverified findings one confidence level
+      if (!result.verified) {
+        if (finding.confidence === 'high') finding.confidence = 'medium';
+        else if (finding.confidence === 'medium') finding.confidence = 'low';
+      }
+    }
+
+    return findings;
+  }
+
+  /**
+   * Verify a single finding by reading surrounding code.
+   */
+  _verifyFinding(finding, fileCache) {
+    const { file, line, matched } = finding;
+    if (!file || !line) {
+      return { verified: null, note: 'Missing file or line info' };
+    }
+
+    // Read the file (cached)
+    let lines;
+    if (fileCache.has(file)) {
+      lines = fileCache.get(file);
+    } else {
+      try {
+        const content = fs.readFileSync(file, 'utf-8');
+        lines = content.split('\n');
+        fileCache.set(file, lines);
+      } catch {
+        return { verified: null, note: 'Could not read file' };
+      }
+    }
+
+    // Get a 30-line window around the finding (15 before, 15 after)
+    const windowStart = Math.max(0, line - 16);
+    const windowEnd = Math.min(lines.length, line + 15);
+    const window = lines.slice(windowStart, windowEnd);
+    const windowText = window.join('\n');
+
+    // Get lines BEFORE the finding (for upstream checks)
+    const beforeStart = Math.max(0, line - 16);
+    const beforeEnd = Math.max(0, line - 1);
+    const beforeText = lines.slice(beforeStart, beforeEnd).join('\n');
+
+    // Get the finding line itself
+    const findingLine = lines[line - 1] || '';
+
+    // ── Check 1: Is user input involved? ──────────────────────────
+    const hasUserInput = USER_INPUT_SOURCES.some(p => p.test(windowText));
+
+    // ── Check 2: Is there sanitization/validation upstream? ───────
+    const hasSanitization = SANITIZATION_PATTERNS.some(p => p.test(beforeText));
+
+    // ── Check 3: Is the value static/hardcoded? ───────────────────
+    const isStatic = this._isStaticValue(findingLine, matched);
+
+    // ── Check 4: Is it inside error handling? ─────────────────────
+    const inErrorHandler = ERROR_HANDLING_PATTERNS.some(p => p.test(beforeText));
+
+    // ── Check 5: Is it in dead/unreachable code? ──────────────────
+    const isDeadCode = this._isDeadCode(lines, line);
+
+    // ── Decision logic ────────────────────────────────────────────
+    if (isDeadCode) {
+      return {
+        verified: false,
+        note: 'Finding appears to be in unreachable code (after return/throw)',
+      };
+    }
+
+    if (isStatic && !hasUserInput) {
+      return {
+        verified: false,
+        note: 'Value appears to be static/hardcoded, not user-controlled',
+      };
+    }
+
+    if (hasSanitization) {
+      return {
+        verified: false,
+        note: 'Sanitization or validation detected upstream of finding',
+      };
+    }
+
+    if (hasUserInput && !hasSanitization) {
+      return {
+        verified: true,
+        note: 'User input flows to this sink without visible sanitization',
+      };
+    }
+
+    if (inErrorHandler) {
+      return {
+        verified: false,
+        note: 'Finding is inside error handling context, reducing exploitability',
+      };
+    }
+
+    // Default: cannot determine, keep as-is
+    return {
+      verified: null,
+      note: 'Could not determine verification status from code context',
+    };
+  }
+
+  /**
+   * Check if the matched code is using a static/hardcoded value.
+   */
+  _isStaticValue(line, matched) {
+    // If the finding line is a comment, it's static
+    if (/^\s*(?:\/\/|#|\*|\/\*)/.test(line)) return true;
+
+    // If the matched text is just a string literal with no interpolation
+    if (/^['"][^'"]*['"]$/.test(matched)) return true;
+
+    // If the line is a const assignment to a string literal
+    if (/const\s+\w+\s*=\s*['"][^'"]*['"]/.test(line)) return true;
+
+    // If it looks like a TODO/placeholder comment
+    if (/TODO|FIXME|EXAMPLE|PLACEHOLDER|SAMPLE/i.test(line)) return true;
+
+    return false;
+  }
+
+  /**
+   * Check if a line is after a return/throw (dead code).
+   */
+  _isDeadCode(lines, lineNum) {
+    // Check the 5 lines before the finding for return/throw
+    for (let i = Math.max(0, lineNum - 6); i < lineNum - 1; i++) {
+      const l = lines[i]?.trim() || '';
+      // If a return/throw is found and there's no conditional/block opener after
+      if (/^(?:return\s|throw\s|process\.exit)/.test(l)) {
+        // Check if there's a } or else between the return and our line
+        const between = lines.slice(i + 1, lineNum - 1).join('\n');
+        if (!/[{}]|else|case/.test(between)) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+}
+
+export default VerifierAgent;

package/cli/bin/ship-safe.js

@@ -36,6 +36,7 @@ import { watchCommand } from '../commands/watch.js';
 import { auditCommand } from '../commands/audit.js';
 import { doctorCommand } from '../commands/doctor.js';
 import { baselineCommand } from '../commands/baseline.js';
+import { ciCommand } from '../commands/ci.js';
 import { PolicyEngine } from '../agents/policy-engine.js';
 import { SBOMGenerator } from '../agents/sbom-generator.js';
 
@@ -188,7 +189,7 @@ program
 // -----------------------------------------------------------------------------
 program
   .command('audit [path]')
-  .description('Full security audit: secrets + 12 agents + deps + score + remediation plan')
+  .description('Full security audit: secrets + 16 agents + deps + score + deep analysis + remediation plan')
   .option('--json', 'Output results as JSON')
   .option('--sarif', 'Output results in SARIF format')
   .option('--csv', 'Output results as CSV')
@@ -201,6 +202,11 @@ program
   .option('--no-cache', 'Force full rescan (ignore cached results)')
   .option('--baseline', 'Only show findings not in the baseline')
   .option('--pdf [file]', 'Generate PDF report (requires Chrome/Chromium)')
+  .option('--deep', 'LLM-powered taint analysis for critical/high findings')
+  .option('--local', 'Use local Ollama model for deep analysis (default: llama3.2)')
+  .option('--model <model>', 'LLM model to use for deep/AI analysis')
+  .option('--budget <cents>', 'Max spend in cents for deep analysis (default: 50)', parseInt)
+  .option('--verify', 'Check if leaked secrets are still active (probes provider APIs)')
   .option('-v, --verbose', 'Verbose output')
   .action(auditCommand);
 
@@ -209,7 +215,7 @@ program
 // -----------------------------------------------------------------------------
 program
   .command('red-team [path]')
-  .description('Multi-agent security audit: 12 agents scan for 50+ attack classes')
+  .description('Multi-agent security audit: 16 agents scan for 80+ attack classes')
   .option('--agents <list>', 'Comma-separated list of agents to run')
   .option('--json', 'Output results as JSON')
   .option('--sarif', 'Output results in SARIF format')
@@ -217,6 +223,10 @@ program
   .option('--sbom [file]', 'Generate CycloneDX SBOM')
   .option('--no-deps', 'Skip dependency audit')
   .option('--no-ai', 'Skip AI classification')
+  .option('--deep', 'LLM-powered taint analysis for critical/high findings')
+  .option('--local', 'Use local Ollama model for deep analysis (default: llama3.2)')
+  .option('--model <model>', 'LLM model for deep analysis')
+  .option('--budget <cents>', 'Max spend in cents for deep analysis (default: 50)', parseInt)
   .option('-v, --verbose', 'Verbose output')
   .action(redTeamCommand);
 
@@ -269,6 +279,20 @@ program
   .option('--clear', 'Remove the baseline')
   .action(baselineCommand);
 
+// -----------------------------------------------------------------------------
+// CI COMMAND (v5.0 — CI/CD Pipeline Integration)
+// -----------------------------------------------------------------------------
+program
+  .command('ci [path]')
+  .description('CI/CD pipeline mode: scan, score, exit 1 on failure — optimized for automation')
+  .option('--threshold <score>', 'Minimum passing score (default: 75)', parseInt)
+  .option('--fail-on <severity>', 'Fail on findings at this severity or above (critical, high, medium)')
+  .option('--sarif <file>', 'Write SARIF output for GitHub Code Scanning')
+  .option('--json', 'JSON output')
+  .option('--no-deps', 'Skip dependency audit')
+  .option('--baseline', 'Only check new findings (not in baseline)')
+  .action(ciCommand);
+
 // -----------------------------------------------------------------------------
 // DOCTOR COMMAND
 // -----------------------------------------------------------------------------
@@ -285,11 +309,13 @@ program
 if (process.argv.length === 2) {
   console.log(banner);
   console.log(chalk.yellow('\nQuick start:\n'));
-  console.log(chalk.cyan.bold('  v4.3 — Full Security Audit'));
-  console.log(chalk.white('  npx ship-safe audit .       ') + chalk.gray('# Full audit: secrets + agents + deps + remediation plan'));
-  console.log(chalk.white('  npx ship-safe red-team .    ') + chalk.gray('# 12-agent red team scan (50+ attack classes)'));
+  console.log(chalk.cyan.bold('  v5.0 — Full Security Audit'));
+  console.log(chalk.white('  npx ship-safe audit .       ') + chalk.gray('# Full audit: secrets + 16 agents + deps + remediation'));
+  console.log(chalk.white('  npx ship-safe audit . --deep') + chalk.gray('# LLM-powered taint analysis (Anthropic/Ollama)'));
+  console.log(chalk.white('  npx ship-safe red-team .    ') + chalk.gray('# 16-agent red team scan (80+ attack classes)'));
+  console.log(chalk.white('  npx ship-safe ci .          ') + chalk.gray('# CI/CD mode: scan, score, exit code'));
   console.log(chalk.white('  npx ship-safe watch .       ') + chalk.gray('# Continuous monitoring mode'));
-  console.log(chalk.white('  npx ship-safe sbom .        ') + chalk.gray('# Generate CycloneDX SBOM'));
+  console.log(chalk.white('  npx ship-safe sbom .        ') + chalk.gray('# Generate CycloneDX SBOM (CRA-ready)'));
   console.log(chalk.white('  npx ship-safe policy init   ') + chalk.gray('# Create security policy template'));
   console.log(chalk.white('  npx ship-safe doctor        ') + chalk.gray('# Check environment and configuration'));
   console.log();

package/cli/commands/audit.js

@@ -36,6 +36,7 @@ import { isHighEntropyMatch, getConfidence } from '../utils/entropy.js';
 import { CacheManager } from '../utils/cache-manager.js';
 import { filterBaseline } from './baseline.js';
 import { generatePDF, generatePrintHTML, isChromeAvailable } from '../utils/pdf-generator.js';
+import { SecretsVerifier } from '../utils/secrets-verifier.js';
 
 // =============================================================================
 // CONSTANTS
@@ -163,6 +164,11 @@ export async function auditCommand(targetPath = '.', options = {}) {
     // Suppress individual agent spinners by using quiet mode
     // Pass changedFiles for incremental scanning if cache is valid
     const orchestratorOpts = { quiet: true };
+    if (options.deep) orchestratorOpts.deep = true;
+    if (options.local) orchestratorOpts.local = true;
+    if (options.model) orchestratorOpts.model = options.model;
+    if (options.budget) orchestratorOpts.budget = options.budget;
+    if (options.verbose) orchestratorOpts.verbose = true;
     if (cacheDiff && cacheDiff.changedFiles.length < allFiles.length) {
       orchestratorOpts.changedFiles = cacheDiff.changedFiles;
     }
@@ -287,6 +293,32 @@ export async function auditCommand(targetPath = '.', options = {}) {
     }
   }
 
+  // ── Secrets Verification (optional, --verify flag) ─────────────────────
+  if (options.verify) {
+    const verifySpinner = machineOutput ? null : ora({ text: 'Verifying leaked secrets against provider APIs...', color: 'cyan' }).start();
+    try {
+      const verifier = new SecretsVerifier();
+      const verifyResults = await verifier.verify(filteredFindings);
+      const activeCount = verifyResults.filter(r => r.result.active === true).length;
+      const inactiveCount = verifyResults.filter(r => r.result.active === false).length;
+      if (verifySpinner) {
+        verifySpinner.succeed(chalk.green(
+          `Secrets verified: ${activeCount} active, ${inactiveCount} inactive, ${verifyResults.length - activeCount - inactiveCount} unknown`
+        ));
+      }
+      // Show active secrets warning
+      if (activeCount > 0 && !machineOutput) {
+        console.log(chalk.red.bold('  ⚠ ACTIVE SECRETS DETECTED — rotate immediately:'));
+        for (const r of verifyResults.filter(r => r.result.active === true)) {
+          const rel = path.relative(absolutePath, r.finding.file).replace(/\\/g, '/');
+          console.log(chalk.red(`    ${r.result.provider}: ${rel}:${r.finding.line} — ${r.result.info}`));
+        }
+      }
+    } catch (err) {
+      if (verifySpinner) verifySpinner.fail(chalk.yellow(`Secrets verification failed: ${err.message}`));
+    }
+  }
+
   // ── Save Cache ──────────────────────────────────────────────────────────
   if (useCache) {
     try {