vbguard 0.1.0

package/src/scanners/dangerous-functions.js

@@ -0,0 +1,172 @@
+// AI tools commonly use dangerous functions that "work" but are insecure
+// These are the exact patterns found in real AI-generated vulnerabilities
+
+const JS_DANGEROUS = [
+  {
+    regex: /eval\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.|input|data|user)/gi,
+    name: 'eval() with user input',
+    severity: 'critical',
+    message: 'eval() called with user-controlled input. This allows arbitrary code execution.',
+    fix: 'Never use eval() with user input. Use JSON.parse() for data or a sandboxed interpreter.',
+  },
+  {
+    regex: /new\s+Function\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.|input|data|user)/gi,
+    name: 'new Function() with user input',
+    severity: 'critical',
+    message: 'new Function() with user input is equivalent to eval() — allows code execution.',
+    fix: 'Avoid dynamic function creation with user input entirely.',
+  },
+  {
+    regex: /child_process.*exec\s*\(\s*[`'"].*\$\{/gi,
+    name: 'Command injection via template literal',
+    severity: 'critical',
+    message: 'Shell command built with string interpolation. This enables command injection.',
+    fix: 'Use execFile() with an array of arguments instead of exec() with string interpolation.',
+  },
+  {
+    regex: /\.(?:query|execute)\s*\(\s*[`'"](?:SELECT|INSERT|UPDATE|DELETE|DROP)\s+.*\$\{/gi,
+    name: 'SQL injection via template literal',
+    severity: 'critical',
+    message: 'SQL query built with string interpolation. AI tools frequently build queries this way instead of using parameterized queries.',
+    fix: 'Use parameterized queries: db.query("SELECT * FROM users WHERE id = $1", [userId])',
+  },
+  {
+    regex: /\.(?:query|execute)\s*\(\s*['"`](?:SELECT|INSERT|UPDATE|DELETE)\s+.*['"]\s*\+/gi,
+    name: 'SQL injection via string concatenation',
+    severity: 'critical',
+    message: 'SQL query built with string concatenation. This is a classic SQL injection vector.',
+    fix: 'Use parameterized queries instead of string concatenation.',
+  },
+  {
+    regex: /innerHTML\s*=\s*(?:(?!['"`]<).)*(?:req\.|request\.|params\.|query\.|body\.|input|data|user|\$\{)/gi,
+    name: 'XSS via innerHTML',
+    severity: 'high',
+    message: 'User-controlled data assigned to innerHTML. This enables Cross-Site Scripting (XSS).',
+    fix: 'Use textContent instead of innerHTML, or sanitize with DOMPurify.',
+  },
+  {
+    regex: /dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html\s*:\s*(?!.*(?:sanitize|purify|DOMPurify))/gi,
+    name: 'React dangerouslySetInnerHTML',
+    severity: 'high',
+    message: 'dangerouslySetInnerHTML used without sanitization. AI tools use this when they can\'t figure out proper rendering.',
+    fix: 'Sanitize HTML with DOMPurify before using dangerouslySetInnerHTML.',
+  },
+  {
+    regex: /document\.write\s*\(/g,
+    name: 'document.write()',
+    severity: 'medium',
+    message: 'document.write() can enable XSS and breaks streaming parsers.',
+    fix: 'Use DOM manipulation methods (createElement, appendChild) instead.',
+  },
+];
+
+const PY_DANGEROUS = [
+  {
+    regex: /pickle\.(?:loads?|Unpickler)\s*\(/g,
+    name: 'pickle deserialization',
+    severity: 'critical',
+    message: 'pickle.load() allows arbitrary code execution when deserializing untrusted data. This is the exact vulnerability found in AI-generated multiplayer game code.',
+    fix: 'Use json.loads() for data exchange. Never unpickle data from untrusted sources.',
+  },
+  {
+    regex: /yaml\.load\s*\([^)]*(?!Loader\s*=\s*yaml\.SafeLoader)/g,
+    name: 'Unsafe YAML loading',
+    severity: 'high',
+    message: 'yaml.load() without SafeLoader allows arbitrary code execution.',
+    fix: 'Use yaml.safe_load() or yaml.load(data, Loader=yaml.SafeLoader).',
+  },
+  {
+    regex: /eval\s*\(\s*(?:request\.|input\(|data|user|form)/gi,
+    name: 'eval() with user input',
+    severity: 'critical',
+    message: 'eval() with user-controlled input allows arbitrary Python code execution.',
+    fix: 'Use ast.literal_eval() for safe evaluation of data, or avoid eval entirely.',
+  },
+  {
+    regex: /exec\s*\(\s*(?:request\.|input\(|data|user|form)/gi,
+    name: 'exec() with user input',
+    severity: 'critical',
+    message: 'exec() with user input allows arbitrary code execution.',
+    fix: 'Remove exec() entirely. Find a safe alternative for the specific operation.',
+  },
+  {
+    regex: /os\.system\s*\(\s*(?:f['"`]|['"`].*(?:\+|%|\.format))/gi,
+    name: 'Command injection via os.system',
+    severity: 'critical',
+    message: 'os.system() with string formatting enables command injection.',
+    fix: 'Use subprocess.run() with a list of arguments: subprocess.run(["cmd", arg], shell=False)',
+  },
+  {
+    regex: /subprocess\.(?:call|run|Popen)\s*\([^)]*shell\s*=\s*True/gi,
+    name: 'subprocess with shell=True',
+    severity: 'high',
+    message: 'subprocess with shell=True enables command injection when combined with user input.',
+    fix: 'Use shell=False (default) and pass arguments as a list.',
+  },
+  {
+    regex: /(?:cursor|db|conn)\.execute\s*\(\s*(?:f['"`]|['"`].*(?:%s|%d|\+|\.format|\{))/gi,
+    name: 'SQL injection in Python',
+    severity: 'critical',
+    message: 'SQL query built with string formatting. Use parameterized queries.',
+    fix: 'Use parameterized queries: cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))',
+  },
+  {
+    regex: /marshal\.loads?\s*\(/g,
+    name: 'marshal deserialization',
+    severity: 'high',
+    message: 'marshal.loads() can execute arbitrary code. Similar risk to pickle.',
+    fix: 'Use json.loads() for data serialization.',
+  },
+  {
+    regex: /shelve\.open\s*\(/g,
+    name: 'shelve (uses pickle internally)',
+    severity: 'high',
+    message: 'shelve uses pickle internally — same arbitrary code execution risk.',
+    fix: 'Use a proper database (SQLite, PostgreSQL) or JSON files instead.',
+  },
+];
+
+function scanDangerousFunctions(ctx) {
+  const { content, relativePath, ext } = ctx;
+  const findings = [];
+  const lines = content.split('\n');
+
+  const isJS = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'].includes(ext);
+  const isPy = ['.py', '.pyw'].includes(ext);
+
+  const patterns = isJS ? JS_DANGEROUS : isPy ? PY_DANGEROUS : [];
+
+  for (const pattern of patterns) {
+    pattern.regex.lastIndex = 0;
+    let match;
+
+    while ((match = pattern.regex.exec(content)) !== null) {
+      const upToMatch = content.substring(0, match.index);
+      const lineNum = upToMatch.split('\n').length;
+      const line = lines[lineNum - 1] || '';
+      const trimmedLine = line.trim();
+
+      // Skip comments
+      if (trimmedLine.startsWith('//') || trimmedLine.startsWith('#') || trimmedLine.startsWith('*')) {
+        continue;
+      }
+
+      findings.push({
+        rule: `dangerous/${pattern.name.toLowerCase().replace(/[\s()]+/g, '-')}`,
+        severity: pattern.severity,
+        file: relativePath,
+        line: lineNum,
+        message: pattern.message,
+        fix: pattern.fix,
+        snippet: trimmedLine.substring(0, 120),
+      });
+
+      // One match per pattern per file
+      break;
+    }
+  }
+
+  return findings;
+}
+
+module.exports = { scanDangerousFunctions };

package/src/scanners/dependencies.js

@@ -0,0 +1,162 @@
+const fs = require('fs');
+const path = require('path');
+
+// Known vulnerable or dangerous packages that AI tools commonly suggest
+const DANGEROUS_PACKAGES_JS = {
+  // Packages with known security issues AI still recommends
+  'event-stream': { severity: 'critical', reason: 'Compromised package — contained malicious code targeting cryptocurrency wallets.' },
+  'flatmap-stream': { severity: 'critical', reason: 'Malicious package used in the event-stream attack.' },
+  'ua-parser-js': { severity: 'high', reason: 'Was compromised in 2021. Ensure you\'re on a patched version.' },
+  'colors': { severity: 'medium', reason: 'Maintainer intentionally corrupted v1.4.1+. Pin to 1.4.0.' },
+  'faker': { severity: 'medium', reason: 'Maintainer intentionally corrupted v6.6.6+. Use @faker-js/faker instead.' },
+  'request': { severity: 'low', reason: 'Deprecated since 2020. AI tools still suggest it. Use node-fetch, axios, or undici.' },
+  'node-uuid': { severity: 'low', reason: 'Renamed to uuid years ago. AI tools reference the old name.' },
+  'crypto': { severity: 'low', reason: 'Node.js built-in. If listed as an npm dependency, it\'s a potentially malicious package.' },
+  'http': { severity: 'medium', reason: 'Node.js built-in. npm package is suspicious — possible typosquat.' },
+  'fs': { severity: 'medium', reason: 'Node.js built-in. npm package is suspicious — possible typosquat.' },
+};
+
+const DANGEROUS_PACKAGES_PY = {
+  'python-dotenv': { severity: 'low', reason: 'Safe package but AI often hardcodes secrets instead of using it. If present, good sign.' },
+  'pyyaml': { severity: 'medium', reason: 'Use yaml.safe_load() not yaml.load(). AI tools always use the unsafe version.' },
+  'django': { severity: 'low', reason: 'Ensure DEBUG=False in production. AI always sets DEBUG=True.' },
+  'flask': { severity: 'low', reason: 'Ensure debug mode is off in production.' },
+  'pickle5': { severity: 'high', reason: 'Pickle is unsafe for untrusted data. AI uses pickle for data exchange instead of JSON.' },
+  'jinja2': { severity: 'medium', reason: 'If using |safe filter with user input, XSS is likely. Check templates.' },
+};
+
+async function scanDependencies(dir) {
+  const findings = [];
+
+  // Check package.json
+  const pkgPath = path.join(dir, 'package.json');
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+      const allDeps = {
+        ...(pkg.dependencies || {}),
+        ...(pkg.devDependencies || {}),
+      };
+
+      for (const [name, version] of Object.entries(allDeps)) {
+        if (DANGEROUS_PACKAGES_JS[name]) {
+          const info = DANGEROUS_PACKAGES_JS[name];
+          findings.push({
+            rule: `deps/dangerous-package-${name}`,
+            severity: info.severity,
+            file: 'package.json',
+            line: null,
+            message: `Package "${name}" flagged: ${info.reason}`,
+            fix: `Review whether "${name}" is necessary and check for alternatives.`,
+          });
+        }
+
+        // Check for wildcard versions
+        if (version === '*' || version === 'latest') {
+          findings.push({
+            rule: `deps/unpinned-version`,
+            severity: 'medium',
+            file: 'package.json',
+            line: null,
+            message: `Package "${name}" has unpinned version "${version}". AI tools often use * or latest, which can pull in breaking changes or compromised versions.`,
+            fix: `Pin to a specific version: npm install ${name}@latest --save-exact`,
+          });
+        }
+      }
+
+      // Check for missing security-related dependencies in a server project
+      if (allDeps['express'] || allDeps['fastify'] || allDeps['koa']) {
+        const missingSecurity = [];
+        if (!allDeps['helmet'] && !allDeps['fastify-helmet']) missingSecurity.push('helmet (security headers)');
+        if (!allDeps['express-rate-limit'] && !allDeps['@fastify/rate-limit'] && !allDeps['koa-ratelimit']) {
+          missingSecurity.push('rate limiting');
+        }
+
+        if (missingSecurity.length > 0) {
+          findings.push({
+            rule: 'deps/missing-security-packages',
+            severity: 'medium',
+            file: 'package.json',
+            line: null,
+            message: `Server project missing security packages: ${missingSecurity.join(', ')}. AI-generated servers rarely include security middleware.`,
+            fix: `Install missing packages: npm install ${missingSecurity.includes('helmet') ? 'helmet ' : ''}${missingSecurity.includes('rate limiting') ? 'express-rate-limit' : ''}`,
+          });
+        }
+      }
+
+    } catch (e) {
+      // Invalid JSON — could be an issue itself
+    }
+  }
+
+  // Check requirements.txt
+  const reqPath = path.join(dir, 'requirements.txt');
+  if (fs.existsSync(reqPath)) {
+    try {
+      const content = fs.readFileSync(reqPath, 'utf-8');
+      const lines = content.split('\n');
+
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#')) continue;
+
+        const match = trimmed.match(/^([a-zA-Z0-9_-]+)/);
+        if (!match) continue;
+
+        const pkgName = match[1].toLowerCase();
+
+        if (DANGEROUS_PACKAGES_PY[pkgName]) {
+          const info = DANGEROUS_PACKAGES_PY[pkgName];
+          findings.push({
+            rule: `deps/dangerous-package-${pkgName}`,
+            severity: info.severity,
+            file: 'requirements.txt',
+            line: null,
+            message: `Package "${pkgName}" flagged: ${info.reason}`,
+            fix: `Review usage of "${pkgName}" for security implications.`,
+          });
+        }
+
+        // Unpinned Python packages
+        if (!trimmed.includes('==') && !trimmed.includes('>=') && !trimmed.includes('~=')) {
+          findings.push({
+            rule: 'deps/unpinned-python-package',
+            severity: 'low',
+            file: 'requirements.txt',
+            line: null,
+            message: `Package "${pkgName}" has no version pin. Could install a compromised future version.`,
+            fix: `Pin version: ${pkgName}==<version>. Use pip freeze to get current versions.`,
+          });
+        }
+      }
+
+    } catch (e) {
+      // Can't read file
+    }
+  }
+
+  // Check pyproject.toml
+  const pyprojectPath = path.join(dir, 'pyproject.toml');
+  if (fs.existsSync(pyprojectPath)) {
+    try {
+      const content = fs.readFileSync(pyprojectPath, 'utf-8');
+
+      for (const [pkgName, info] of Object.entries(DANGEROUS_PACKAGES_PY)) {
+        if (content.includes(pkgName)) {
+          findings.push({
+            rule: `deps/dangerous-package-${pkgName}`,
+            severity: info.severity,
+            file: 'pyproject.toml',
+            line: null,
+            message: `Package "${pkgName}" flagged: ${info.reason}`,
+            fix: `Review usage of "${pkgName}" for security implications.`,
+          });
+        }
+      }
+    } catch (e) {}
+  }
+
+  return findings;
+}
+
+module.exports = { scanDependencies };

package/src/scanners/exposed-frontend.js

@@ -0,0 +1,134 @@
+// AI tools frequently put server-side secrets in frontend/client code
+// This scanner detects secrets in files that will be shipped to the browser
+
+function isClientFile(relativePath, ext) {
+  const clientPatterns = [
+    /^src\/(?:pages|components|views|app|routes)\//i,
+    /^(?:pages|components|views|app)\//i,
+    /^public\//i,
+    /^static\//i,
+    /^client\//i,
+    /^frontend\//i,
+    /^web\//i,
+  ];
+
+  // React/Next/Vue/Svelte component files
+  if (['.jsx', '.tsx', '.vue', '.svelte'].includes(ext)) return true;
+
+  // HTML files
+  if (['.html', '.htm'].includes(ext)) return true;
+
+  return clientPatterns.some((p) => p.test(relativePath));
+}
+
+const BACKEND_ONLY_PATTERNS = [
+  {
+    name: 'Supabase Service Role Key',
+    regex: /(?:supabase|SUPABASE)[\s_]*(?:SERVICE[\s_]*ROLE|service[\s_]*role)[\s_]*(?:KEY|key)?\s*[:=]\s*['"`]([^'"`]+)['"`]/gi,
+    severity: 'critical',
+    fix: 'The service_role key bypasses Row Level Security. It must NEVER be in client-side code. Use it only on the server.',
+  },
+  {
+    name: 'Supabase Service Role JWT in Client',
+    regex: /(?:supabaseKey|supabase_key|SUPABASE_KEY)\s*[:=]\s*['"`](eyJ[^'"`]{50,})['"`]/gi,
+    severity: 'critical',
+    check: (match, content) => {
+      // Check if the JWT payload contains "role":"service_role"
+      try {
+        const parts = match.split('.');
+        if (parts.length === 3) {
+          const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
+          return payload.role === 'service_role';
+        }
+      } catch {}
+      return false;
+    },
+    fix: 'This appears to be a Supabase service_role JWT. Use the anon key for client-side code instead.',
+  },
+  {
+    name: 'Database URL in Client Code',
+    regex: /(?:mongodb|postgres(?:ql)?|mysql|redis):\/\/[^\s'"`,}{)]+/gi,
+    severity: 'critical',
+    fix: 'Database connection strings must never be in client-side code. Move to server-side only.',
+  },
+  {
+    name: 'Server Secret in Client',
+    regex: /(?:SECRET_KEY|JWT_SECRET|API_SECRET|AUTH_SECRET|SESSION_SECRET)\s*[:=]\s*['"`]([^'"`]{4,})['"`]/gi,
+    severity: 'critical',
+    fix: 'Server secrets in client code are visible to anyone. Move to server-side environment variables.',
+  },
+  {
+    name: 'Stripe Secret Key in Client',
+    regex: /sk_(?:live|test)_[0-9a-zA-Z]{24,}/g,
+    severity: 'critical',
+    fix: 'Stripe secret keys must NEVER be in frontend code. Only the publishable key (pk_) belongs client-side.',
+  },
+  {
+    name: 'AWS Credentials in Client',
+    regex: /(?:AKIA|ASIA)[0-9A-Z]{16}/g,
+    severity: 'critical',
+    fix: 'AWS access keys in frontend code give anyone access to your AWS account. Use presigned URLs or a backend proxy.',
+  },
+  {
+    name: 'OpenAI/Anthropic Key in Client',
+    regex: /(?:sk-(?:proj-)?[a-zA-Z0-9_-]{20,}|sk-ant-[a-zA-Z0-9_-]{20,})/g,
+    severity: 'critical',
+    fix: 'AI API keys in frontend code let anyone use your account. Proxy requests through your backend.',
+  },
+];
+
+function scanExposedFrontend(ctx) {
+  const { content, relativePath, ext } = ctx;
+  const findings = [];
+
+  if (!isClientFile(relativePath, ext)) return findings;
+
+  const lines = content.split('\n');
+
+  for (const pattern of BACKEND_ONLY_PATTERNS) {
+    pattern.regex.lastIndex = 0;
+    let match;
+
+    while ((match = pattern.regex.exec(content)) !== null) {
+      // Skip if env var reference
+      const upToMatch = content.substring(0, match.index);
+      const lineNum = upToMatch.split('\n').length;
+      const line = lines[lineNum - 1] || '';
+
+      if (/process\.env|import\.meta\.env|NEXT_PUBLIC|VITE_|REACT_APP_/i.test(line)) {
+        // It's using an env var — but check if it's a server secret env var name
+        if (/SERVICE_ROLE|SECRET|PRIVATE/i.test(line) && /NEXT_PUBLIC|VITE_|REACT_APP_/i.test(line)) {
+          findings.push({
+            rule: `frontend/server-secret-in-public-env`,
+            severity: 'critical',
+            file: relativePath,
+            line: lineNum,
+            message: 'Server secret exposed via public environment variable (NEXT_PUBLIC_/VITE_/REACT_APP_). These are embedded in the client bundle at build time.',
+            fix: 'Remove the NEXT_PUBLIC_/VITE_/REACT_APP_ prefix. Access this secret only on the server side.',
+          });
+        }
+        continue;
+      }
+
+      if (pattern.check && !pattern.check(match[0], content)) continue;
+
+      // Skip examples/placeholders
+      if (/example|placeholder|your|xxx|test|dummy|fake|sample/i.test(match[0])) continue;
+
+      findings.push({
+        rule: `frontend/${pattern.name.toLowerCase().replace(/\s+/g, '-')}`,
+        severity: pattern.severity,
+        file: relativePath,
+        line: lineNum,
+        message: `${pattern.name} found in client-side code. This will be visible to anyone who opens browser DevTools.`,
+        fix: pattern.fix,
+      });
+
+      break;
+    }
+  }
+
+  return findings;
+}
+
+module.exports = { scanExposedFrontend };

package/src/scanners/gitignore.js

@@ -0,0 +1,88 @@
+const fs = require('fs');
+const path = require('path');
+
+function scanMissingGitignore(dir) {
+  const findings = [];
+  const gitignorePath = path.join(dir, '.gitignore');
+
+  // Check if .gitignore exists
+  if (!fs.existsSync(gitignorePath)) {
+    // Only flag if there are files that should be ignored
+    const hasEnv = fs.existsSync(path.join(dir, '.env'));
+    const hasNodeModules = fs.existsSync(path.join(dir, 'node_modules'));
+
+    if (hasEnv || hasNodeModules) {
+      findings.push({
+        rule: 'config/no-gitignore',
+        severity: 'high',
+        file: '.gitignore',
+        line: null,
+        message: 'No .gitignore file found but .env or node_modules exist. Secrets and dependencies may be committed to git.',
+        fix: 'Create a .gitignore file. At minimum add: .env, node_modules/, __pycache__/, .venv/',
+      });
+    }
+    return findings;
+  }
+
+  const content = fs.readFileSync(gitignorePath, 'utf-8');
+  const lines = content.split('\n').map((l) => l.trim());
+
+  // Check for .env exclusion
+  const envPatterns = ['.env', '.env.*', '.env.local', '*.env'];
+  const hasEnvIgnore = lines.some((line) => {
+    if (line.startsWith('#')) return false;
+    return envPatterns.some(
+      (p) => line === p || line === `/${p}` || line.includes('.env')
+    );
+  });
+
+  if (!hasEnvIgnore) {
+    // Check if .env files actually exist
+    const envFiles = [];
+    try {
+      const entries = fs.readdirSync(dir);
+      for (const e of entries) {
+        if (e.startsWith('.env') && e !== '.env.example' && e !== '.env.sample') {
+          envFiles.push(e);
+        }
+      }
+    } catch {}
+
+    if (envFiles.length > 0) {
+      findings.push({
+        rule: 'config/env-not-gitignored',
+        severity: 'critical',
+        file: '.gitignore',
+        line: null,
+        message: `.env files found (${envFiles.join(', ')}) but .env is not in .gitignore. Your secrets WILL be committed to git.`,
+        fix: 'Add .env to your .gitignore immediately. If already committed, rotate all secrets — git history preserves them.',
+      });
+    }
+  }
+
+  // Check for common AI-generated files that should be ignored
+  const shouldIgnore = [
+    { pattern: '.env.local', file: '.env.local' },
+    { pattern: '.env.production', file: '.env.production' },
+  ];
+
+  for (const { pattern, file } of shouldIgnore) {
+    if (
+      fs.existsSync(path.join(dir, file)) &&
+      !lines.some((l) => !l.startsWith('#') && l.includes(pattern))
+    ) {
+      findings.push({
+        rule: 'config/env-variant-not-gitignored',
+        severity: 'high',
+        file: '.gitignore',
+        line: null,
+        message: `${file} exists but is not in .gitignore. This file likely contains environment-specific secrets.`,
+        fix: `Add ${file} to .gitignore.`,
+      });
+    }
+  }
+
+  return findings;
+}
+
+module.exports = { scanMissingGitignore };