npm - xploitscan-shared-rules - Versions diffs - 1.7.4 → 1.8.0 - Mend

xploitscan-shared-rules 1.7.4 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -315,6 +315,10 @@ declare const llmCallNoMaxTokens: CustomRule;
 declare const graphqlNoDepthLimit: CustomRule;
 declare const graphqlNoComplexityLimit: CustomRule;
 declare const graphqlCSRFDisabled: CustomRule;
+declare const llmOutputToSink: CustomRule;
+declare const secretInLLMPrompt: CustomRule;
+declare const webhookMissingIdempotency: CustomRule;
+declare const middlewareMatcherExcludesApi: CustomRule;
 declare const secretInURLParam: CustomRule;
 declare const secretLoggedToConsole: CustomRule;
 declare const secretInErrorResponse: CustomRule;
@@ -506,4 +510,4 @@ declare function getObjectProperty(node: ObjectExpression, key: string): {
 /** Does this CallExpression spread an expression `matcher` returns true for? */
 declare function callSpreads(call: CallExpression, matcher: (node: Node) => boolean): boolean;
-export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type Exposure, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, RULE_IMPACTS, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, classifyExposure, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, dockerfileADDInsteadOfCOPY, dockerfileMissingHealthcheck, dockerfileUnverifiedShellPipe, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, ghaExpressionInjection, ghaPermissionsWriteAll, ghaPullRequestTargetCheckout, ghaThirdPartyActionWithSecrets, githubActionsInjection, graphqlCSRFDisabled, graphqlIntrospection, graphqlNoComplexityLimit, graphqlNoDepthLimit, hardcodedAlgoliaAdminKey, hardcodedAnthropicKey, hardcodedCloudflareToken, hardcodedCohereKey, hardcodedDatadogKey, hardcodedDiscordToken, hardcodedEncryptionKey, hardcodedFastlyToken, hardcodedFireworksKey, hardcodedFlyToken, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedGroqKey, hardcodedHighlightKey, hardcodedIPAllowlist, hardcodedIntercomToken, hardcodedJWTSecret, hardcodedLinearKey, hardcodedLogtailToken, hardcodedLoopsKey, hardcodedMailgunKey, hardcodedMistralKey, hardcodedNetlifyToken, hardcodedNotionKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedPlivoToken, hardcodedPostmarkKey, hardcodedQdrantKey, hardcodedRailwayToken, hardcodedReplicateKey, hardcodedResendKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedSentryAuthToken, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTogetherKey, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hardcodedWeaviateKey, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, llmCallNoMaxTokens, llmOutputAsHTML, llmPromptInjection, llmSystemPromptInjection, logInjection, magicNumbers, massAssignment, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, pyDjangoAllowedHostsWildcard, pyDjangoMarkSafe, pyJWTDecodeWeakConfig, pyJinja2AutoescapeOff, pyParamikoAutoAdd, pyRequestsVerifyFalse, pyTempfileMktemp, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, vectorStoreQueryNoUserFilter, vectorStoreUpsertNoMetadata, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookSignatureVerification, xssVulnerability, xxeVulnerability };
+export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type Exposure, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, RULE_IMPACTS, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, classifyExposure, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, dockerfileADDInsteadOfCOPY, dockerfileMissingHealthcheck, dockerfileUnverifiedShellPipe, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, ghaExpressionInjection, ghaPermissionsWriteAll, ghaPullRequestTargetCheckout, ghaThirdPartyActionWithSecrets, githubActionsInjection, graphqlCSRFDisabled, graphqlIntrospection, graphqlNoComplexityLimit, graphqlNoDepthLimit, hardcodedAlgoliaAdminKey, hardcodedAnthropicKey, hardcodedCloudflareToken, hardcodedCohereKey, hardcodedDatadogKey, hardcodedDiscordToken, hardcodedEncryptionKey, hardcodedFastlyToken, hardcodedFireworksKey, hardcodedFlyToken, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedGroqKey, hardcodedHighlightKey, hardcodedIPAllowlist, hardcodedIntercomToken, hardcodedJWTSecret, hardcodedLinearKey, hardcodedLogtailToken, hardcodedLoopsKey, hardcodedMailgunKey, hardcodedMistralKey, hardcodedNetlifyToken, hardcodedNotionKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedPlivoToken, hardcodedPostmarkKey, hardcodedQdrantKey, hardcodedRailwayToken, hardcodedReplicateKey, hardcodedResendKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedSentryAuthToken, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTogetherKey, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hardcodedWeaviateKey, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, llmCallNoMaxTokens, llmOutputAsHTML, llmOutputToSink, llmPromptInjection, llmSystemPromptInjection, logInjection, magicNumbers, massAssignment, middlewareMatcherExcludesApi, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, pyDjangoAllowedHostsWildcard, pyDjangoMarkSafe, pyJWTDecodeWeakConfig, pyJinja2AutoescapeOff, pyParamikoAutoAdd, pyRequestsVerifyFalse, pyTempfileMktemp, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInLLMPrompt, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, vectorStoreQueryNoUserFilter, vectorStoreUpsertNoMetadata, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookMissingIdempotency, webhookSignatureVerification, xssVulnerability, xxeVulnerability };

package/dist/index.d.ts CHANGED Viewed

@@ -315,6 +315,10 @@ declare const llmCallNoMaxTokens: CustomRule;
 declare const graphqlNoDepthLimit: CustomRule;
 declare const graphqlNoComplexityLimit: CustomRule;
 declare const graphqlCSRFDisabled: CustomRule;
+declare const llmOutputToSink: CustomRule;
+declare const secretInLLMPrompt: CustomRule;
+declare const webhookMissingIdempotency: CustomRule;
+declare const middlewareMatcherExcludesApi: CustomRule;
 declare const secretInURLParam: CustomRule;
 declare const secretLoggedToConsole: CustomRule;
 declare const secretInErrorResponse: CustomRule;
@@ -506,4 +510,4 @@ declare function getObjectProperty(node: ObjectExpression, key: string): {
 /** Does this CallExpression spread an expression `matcher` returns true for? */
 declare function callSpreads(call: CallExpression, matcher: (node: Node) => boolean): boolean;
-export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type Exposure, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, RULE_IMPACTS, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, classifyExposure, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, dockerfileADDInsteadOfCOPY, dockerfileMissingHealthcheck, dockerfileUnverifiedShellPipe, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, ghaExpressionInjection, ghaPermissionsWriteAll, ghaPullRequestTargetCheckout, ghaThirdPartyActionWithSecrets, githubActionsInjection, graphqlCSRFDisabled, graphqlIntrospection, graphqlNoComplexityLimit, graphqlNoDepthLimit, hardcodedAlgoliaAdminKey, hardcodedAnthropicKey, hardcodedCloudflareToken, hardcodedCohereKey, hardcodedDatadogKey, hardcodedDiscordToken, hardcodedEncryptionKey, hardcodedFastlyToken, hardcodedFireworksKey, hardcodedFlyToken, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedGroqKey, hardcodedHighlightKey, hardcodedIPAllowlist, hardcodedIntercomToken, hardcodedJWTSecret, hardcodedLinearKey, hardcodedLogtailToken, hardcodedLoopsKey, hardcodedMailgunKey, hardcodedMistralKey, hardcodedNetlifyToken, hardcodedNotionKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedPlivoToken, hardcodedPostmarkKey, hardcodedQdrantKey, hardcodedRailwayToken, hardcodedReplicateKey, hardcodedResendKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedSentryAuthToken, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTogetherKey, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hardcodedWeaviateKey, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, llmCallNoMaxTokens, llmOutputAsHTML, llmPromptInjection, llmSystemPromptInjection, logInjection, magicNumbers, massAssignment, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, pyDjangoAllowedHostsWildcard, pyDjangoMarkSafe, pyJWTDecodeWeakConfig, pyJinja2AutoescapeOff, pyParamikoAutoAdd, pyRequestsVerifyFalse, pyTempfileMktemp, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, vectorStoreQueryNoUserFilter, vectorStoreUpsertNoMetadata, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookSignatureVerification, xssVulnerability, xxeVulnerability };
+export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type Exposure, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, RULE_IMPACTS, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, classifyExposure, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, dockerfileADDInsteadOfCOPY, dockerfileMissingHealthcheck, dockerfileUnverifiedShellPipe, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, ghaExpressionInjection, ghaPermissionsWriteAll, ghaPullRequestTargetCheckout, ghaThirdPartyActionWithSecrets, githubActionsInjection, graphqlCSRFDisabled, graphqlIntrospection, graphqlNoComplexityLimit, graphqlNoDepthLimit, hardcodedAlgoliaAdminKey, hardcodedAnthropicKey, hardcodedCloudflareToken, hardcodedCohereKey, hardcodedDatadogKey, hardcodedDiscordToken, hardcodedEncryptionKey, hardcodedFastlyToken, hardcodedFireworksKey, hardcodedFlyToken, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedGroqKey, hardcodedHighlightKey, hardcodedIPAllowlist, hardcodedIntercomToken, hardcodedJWTSecret, hardcodedLinearKey, hardcodedLogtailToken, hardcodedLoopsKey, hardcodedMailgunKey, hardcodedMistralKey, hardcodedNetlifyToken, hardcodedNotionKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedPlivoToken, hardcodedPostmarkKey, hardcodedQdrantKey, hardcodedRailwayToken, hardcodedReplicateKey, hardcodedResendKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedSentryAuthToken, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTogetherKey, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hardcodedWeaviateKey, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, llmCallNoMaxTokens, llmOutputAsHTML, llmOutputToSink, llmPromptInjection, llmSystemPromptInjection, logInjection, magicNumbers, massAssignment, middlewareMatcherExcludesApi, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, pyDjangoAllowedHostsWildcard, pyDjangoMarkSafe, pyJWTDecodeWeakConfig, pyJinja2AutoescapeOff, pyParamikoAutoAdd, pyRequestsVerifyFalse, pyTempfileMktemp, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInLLMPrompt, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, vectorStoreQueryNoUserFilter, vectorStoreUpsertNoMetadata, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookMissingIdempotency, webhookSignatureVerification, xssVulnerability, xxeVulnerability };

package/dist/index.js CHANGED Viewed

@@ -217,7 +217,11 @@ var RULE_IMPACTS = {
   VC203: "An LLM call without max_tokens lets attackers craft inputs that maximize output length, generating expensive responses on every request \u2014 denial-of-wallet that drains your monthly budget or trips rate limits for legitimate users.",
   VC204: "Without a query depth limit, attackers send 100-level-deep nested queries that explode in resolver and DB cost. The server walks every level, the database does too, and a single crafted query takes the service down.",
   VC205: "Even with a depth limit, queries like users(first:1000){posts(first:1000){comments(first:1000)}} are only three levels deep but resolve a billion items. Without complexity analysis, attackers DoS your GraphQL with a single request.",
-  VC206: "Apollo Server's csrfPrevention guards against cross-site form-style requests against GraphQL mutations. Disabling it lets any website trigger mutations in a logged-in user's browser \u2014 buying, deleting, or transferring on the victim's behalf."
+  VC206: "Apollo Server's csrfPrevention guards against cross-site form-style requests against GraphQL mutations. Disabling it lets any website trigger mutations in a logged-in user's browser \u2014 buying, deleting, or transferring on the victim's behalf.",
+  VC207: "Model output is attacker-influenceable via prompt injection. Feeding it into eval, new Function, a shell command, a raw SQL string, or a filesystem path turns a crafted or hallucinated response into remote code execution, command injection, SQL injection, or path traversal \u2014 your most dangerous sinks, driven by untrusted text.",
+  VC208: "Interpolating a secret into a prompt ships your API key, token, or password to a third-party model provider, where it persists in their request logs and training-eligible data. A credential that leaves your infrastructure in prompt text should be considered compromised and rotated.",
+  VC209: "Webhooks are delivered at-least-once. Without de-duplicating on the event id, a retried or replayed delivery re-runs the side effect \u2014 a customer is charged twice, a record is duplicated, or an entitlement is granted again. Stripe and Svix both retry on any non-2xx, so this fires in normal operation, not just under attack.",
+  VC210: "If your auth middleware skips /api, those routes run with no gate unless each one re-checks auth itself. It is the most common way a Next.js app ends up with publicly callable API routes that everyone assumed the middleware was protecting."
 };
 // src/exposure.ts
@@ -4402,8 +4406,18 @@ var complianceMap = {
   // no query depth limit
   VC205: { owasp: "A04:2021", cwe: "CWE-770" },
   // no query complexity limit
-  VC206: { owasp: "A01:2021", cwe: "CWE-352" }
+  VC206: { owasp: "A01:2021", cwe: "CWE-352" },
   // Apollo csrfPrevention: false
+  // VC207–VC208: AI/LLM data-flow
+  VC207: { owasp: "A03:2021", cwe: "CWE-94" },
+  // model output → code/cmd/query/fs sink
+  VC208: { owasp: "A09:2021", cwe: "CWE-532" },
+  // secret interpolated into LLM prompt
+  // VC209–VC210: advisory heuristics
+  VC209: { owasp: "A04:2021", cwe: "CWE-799" },
+  // webhook missing idempotency
+  VC210: { owasp: "A01:2021", cwe: "CWE-862" }
+  // middleware matcher excludes /api
 };
 var consoleLogProduction = {
   id: "VC097",
@@ -7098,6 +7112,127 @@ var graphqlCSRFDisabled = {
     return findings;
   }
 };
+var LLM_OUTPUT_SHAPE = "(?:choices\\s*\\[\\s*\\d*\\s*\\]?\\s*\\.\\s*message(?:\\s*\\.\\s*content)?|completion(?:\\.text|\\.content)?|message\\s*\\.\\s*content|content_block|delta\\s*\\.\\s*text|generated_text|output_text)";
+var llmOutputToSink = {
+  id: "VC207",
+  title: "AI/LLM: model output passed to a code, command, query, or file sink",
+  severity: "critical",
+  category: "Injection",
+  description: "Passing model output into eval(), new Function(), a shell command, a raw SQL string, or a filesystem path treats the model's response as trusted code. A prompt-injected or hallucinated response then becomes RCE, command injection, SQL injection, or path traversal \u2014 the model is an attacker-influenced input wired straight into your most dangerous sinks.",
+  check(content, filePath) {
+    if (!LLM_FILE_RE.test(filePath)) return [];
+    if (isTestFile(filePath)) return [];
+    if (!fileUsesLLMSDK(content)) return [];
+    const sinkGroups = [
+      "eval",
+      "new\\s+Function",
+      "(?:child_process\\s*\\.\\s*)?(?:exec|execSync|spawn|spawnSync|execFile|execFileSync)",
+      "(?:\\$queryRawUnsafe|\\$executeRawUnsafe|\\.\\s*(?:query|execute|raw))",
+      "(?:fs\\s*\\.\\s*)?(?:readFile|readFileSync|writeFile|writeFileSync|createReadStream|createWriteStream|unlink|unlinkSync|rm|rmSync)"
+    ];
+    const matches = [];
+    for (const sink of sinkGroups) {
+      const re = new RegExp(`\\b${sink}\\s*\\([^;\\n]{0,120}${LLM_OUTPUT_SHAPE}`, "g");
+      matches.push(...findMatches(
+        content,
+        re,
+        llmOutputToSink,
+        filePath,
+        () => "Never pass model output into eval / new Function / a shell command / a raw SQL string / a filesystem path. Treat it as untrusted input: constrain it to a JSON schema or an allowlist, and use parameterized queries and safe path APIs. If this is a reviewed, sandboxed use, add an inline `// VC207-OK: <reason>` comment to silence."
+      ));
+    }
+    return filterSilenced(matches, content, "VC207");
+  }
+};
+var secretInLLMPrompt = {
+  id: "VC208",
+  title: "AI/LLM: secret or credential interpolated into a model prompt",
+  severity: "high",
+  category: "Information Leakage",
+  description: "Interpolating an environment secret (API key, token, password) into a prompt sends your credential to a third-party model provider, where it can land in their request logs and training-eligible data. Secrets should never be part of prompt text \u2014 pass only the data the model needs to reason about.",
+  check(content, filePath) {
+    if (!LLM_FILE_RE.test(filePath)) return [];
+    if (isTestFile(filePath)) return [];
+    if (!fileUsesLLMSDK(content)) return [];
+    const SECRET_ENV = /\$\{\s*process\.env\.[A-Z0-9_]*(?:KEY|SECRET|TOKEN|PASSWORD|PASSWD|CREDENTIAL|PRIVATE)[A-Z0-9_]*\s*\}/;
+    const PROMPT_CTX = /\b(?:prompt|content|system|user|assistant|messages|instructions?|systemPrompt|userPrompt)\b/i;
+    const lines = content.split("\n");
+    const matches = [];
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      if (!SECRET_ENV.test(line)) continue;
+      const trimmed = line.trimStart();
+      if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("#")) continue;
+      const prev = i > 0 ? lines[i - 1] : "";
+      if (!PROMPT_CTX.test(line) && !PROMPT_CTX.test(prev)) continue;
+      matches.push({
+        rule: "VC208",
+        title: secretInLLMPrompt.title,
+        severity: "high",
+        category: "Information Leakage",
+        file: filePath,
+        line: i + 1,
+        snippet: getSnippet(content, i + 1),
+        fix: "Don't put credentials in prompt text \u2014 they get sent to (and logged by) the model provider. Pass only the data the model needs; keep secrets in headers/SDK config. If this env var is genuinely non-sensitive despite its name, add an inline `// VC208-OK: <reason>` comment."
+      });
+    }
+    return filterSilenced(matches, content, "VC208");
+  }
+};
+var webhookMissingIdempotency = {
+  id: "VC209",
+  title: "Webhook handler without idempotency / replay protection",
+  severity: "low",
+  category: "Logic",
+  description: "Payment and event webhooks (Stripe, Svix, GitHub, ...) are delivered at-least-once. A handler that performs a side effect (create / charge / grant) without de-duplicating on the event ID can double-process a retried or replayed delivery \u2014 double charges, duplicate records, repeated entitlement grants.",
+  check(content, filePath) {
+    if (!/\.(js|ts|jsx|tsx)$/.test(filePath)) return [];
+    if (isTestFile(filePath)) return [];
+    if (!/constructEvent|new\s+Webhook\s*\(|svix|verifyHeader|x-signature|stripe-signature/i.test(content)) return [];
+    if (!/\.(?:create|update|upsert|insert|delete)\s*\(|INSERT\s+INTO|charges?\.create|subscriptions?\.create|\bgrant|entitlement/i.test(content)) return [];
+    if (/idempoten|event\.id|evt\.id|delivery_?id|alreadyProcessed|processedEvents|ON\s+CONFLICT|INSERT\s+OR\s+IGNORE|\bseen\b|\bprocessed\b/i.test(content)) return [];
+    const m = content.match(/constructEvent|new\s+Webhook\s*\(|verifyHeader/i);
+    if (!m || m.index === void 0) return [];
+    const line = content.substring(0, m.index).split("\n").length;
+    return filterSilenced([{
+      rule: "VC209",
+      title: webhookMissingIdempotency.title,
+      severity: "low",
+      category: "Logic",
+      file: filePath,
+      line,
+      snippet: getSnippet(content, line),
+      fix: "De-duplicate webhook deliveries: persist each event id and skip if already seen, or use a DB unique constraint (INSERT ... ON CONFLICT DO NOTHING). Webhooks are at-least-once \u2014 assume retries. If dedup is handled elsewhere, add an inline `// VC209-OK: <reason>` comment."
+    }], content, "VC209");
+  }
+};
+var middlewareMatcherExcludesApi = {
+  id: "VC210",
+  title: "Auth middleware matcher excludes API routes",
+  severity: "info",
+  category: "Authorization",
+  description: "A Next.js middleware that performs authentication but whose config.matcher excludes /api means API routes bypass the middleware entirely. Unless each API route authenticates on its own, they're unprotected. This is an advisory to verify per-route auth \u2014 not a confirmed vulnerability.",
+  check(content, filePath) {
+    if (!/middleware\.(ts|js|mjs)$/.test(filePath)) return [];
+    if (isTestFile(filePath)) return [];
+    if (!/clerkMiddleware|authMiddleware|getToken|getServerSession|NextResponse\.redirect|withAuth|next-auth|\bauth\s*\(/i.test(content)) return [];
+    if (!/matcher\s*:/.test(content)) return [];
+    if (!/\(\?!\s*[^)]*\bapi\b/.test(content)) return [];
+    const m = content.match(/matcher\s*:/);
+    if (!m || m.index === void 0) return [];
+    const line = content.substring(0, m.index).split("\n").length;
+    return filterSilenced([{
+      rule: "VC210",
+      title: middlewareMatcherExcludesApi.title,
+      severity: "info",
+      category: "Authorization",
+      file: filePath,
+      line,
+      snippet: getSnippet(content, line),
+      fix: "Your middleware's matcher excludes /api, so API routes skip it. Either include /api in the matcher, or confirm every API route authenticates on its own (auth() / requireUser / getServerSession). If routes self-authenticate by design, add an inline `// VC210-OK: <reason>` comment."
+    }], content, "VC210");
+  }
+};
 var secretInURLParam = {
   id: "VC146",
   title: "Secret Passed in URL Query Parameter",
@@ -7817,6 +7952,12 @@ var allCustomRules = [
   vectorStoreQueryNoUserFilter,
   vectorStoreUpsertNoMetadata,
   llmCallNoMaxTokens,
+  // VC207–VC208: AI/LLM data-flow rules
+  llmOutputToSink,
+  secretInLLMPrompt,
+  // VC209–VC210: advisory heuristics
+  webhookMissingIdempotency,
+  middlewareMatcherExcludesApi,
   // VC204–VC206: GraphQL server hardening
   graphqlNoDepthLimit,
   graphqlNoComplexityLimit,
@@ -8302,11 +8443,13 @@ export {
   largeBundleImport,
   llmCallNoMaxTokens,
   llmOutputAsHTML,
+  llmOutputToSink,
   llmPromptInjection,
   llmSystemPromptInjection,
   logInjection,
   magicNumbers,
   massAssignment,
+  middlewareMatcherExcludesApi,
   missingAIRateLimit,
   missingAuthMiddleware,
   missingAuthRateLimit,
@@ -8357,6 +8500,7 @@ export {
   secretInCLIArgument,
   secretInErrorResponse,
   secretInHTMLAttribute,
+  secretInLLMPrompt,
   secretInURLParam,
   secretLoggedToConsole,
   secretsInCI,
@@ -8393,6 +8537,7 @@ export {
   weakHashing,
   weakPasswordRequirements,
   weakRSAKeySize,
+  webhookMissingIdempotency,
   webhookSignatureVerification,
   xssVulnerability,
   xxeVulnerability