websec-validator 0.4.0__tar.gz → 0.4.1__tar.gz

{websec_validator-0.4.0/src/websec_validator.egg-info → websec_validator-0.4.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: websec-validator
-Version: 0.4.0
+Version: 0.4.1
 Summary: Local-first security recon that briefs your AI coding agent: facts + tailored probe scripts, code-in / artifacts-out. No LLM, no server, no running app.
 Author: Ricardo Accioly
 License: MIT

{websec_validator-0.4.0 → websec_validator-0.4.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "websec-validator"
-version = "0.4.0"
+version = "0.4.1"
 description = "Local-first security recon that briefs your AI coding agent: facts + tailored probe scripts, code-in / artifacts-out. No LLM, no server, no running app."
 readme = "README.md"
 requires-python = ">=3.11"

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/__init__.py

@@ -1,11 +1,15 @@
 """websec-validator — local-first security recon that briefs an AI coding agent.
 
 The tool does the deterministic half (read the repo, run the scanners it finds,
-stage the probe library tailored to what it discovered) and emits three artifacts:
+stage the probe library tailored to what it discovered) and emits, per immutable run:
 
-  1. findings.json    — de-duplicated static scanner results
-  2. FACTS.json       — stack, routes, auth-model candidates, attack surface
-  3. AGENT-BRIEFING.md — marching orders + staged probe scripts for your AI agent
+  1. FACTS.json          — stack, routes, auth-model candidates, attack surface
+  2. findings.json       — de-duplicated static scanner results (when --scan)
+  3. findings-ledger.json — ranked, standards-cited, calibrated findings (recon + static + dynamic)
+  4. AGENT-BRIEFING.md   — marching orders + the per-attack-class targeting
+  5. REPORT.md           — the human-readable historical record
+  6. CONSTITUTION.md     — the app's security invariants as checkable Given/When/Then
+  7. probes/             — the probe library staged against THIS app's real surface
 
 It never calls an LLM, never runs a server, and never needs a running instance of
 the target app. Running the probes and applying fixes is the agent + human's job.

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/briefing.py

@@ -127,6 +127,12 @@ def render(facts: dict, scanners: dict, scan_results: list, probe_manifest: list
     endpoints = routes.get("endpoints", [])
     inventory = _bullets([f"`{e['method']:6}` {e['path']}" for e in endpoints], cap=80)
 
+    partial_banner = (
+        f"\n> ⚠️ **PARTIAL SCAN** — the walker stopped at the {facts.get('file_cap','?')}-file cap "
+        f"({facts.get('files_scanned','?')} files read, filesystem order), so recon may be INCOMPLETE on "
+        "this repo. Re-run scoped to a subdirectory or with `--exclude` to cover the rest before trusting "
+        "an absence of findings.\n" if facts.get("files_truncated") else "")
+
     return f"""# AGENT BRIEFING — security pass for `{facts.get('target','')}`
 
 > Generated by **websec-validator v{facts.get('version','')}** — deterministic recon, no LLM.
@@ -141,7 +147,7 @@ def render(facts: dict, scanners: dict, scan_results: list, probe_manifest: list
 
 ⚠️ Static findings + recon need **no running app**. The probes need a **live test instance + test
 credentials** — ask the human, never fabricate, never hit production.
-
+{partial_banner}
 ---
 
 ## 1. What this app is (detected)

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/cli.py

@@ -134,9 +134,11 @@ def cmd_run(args) -> int:
     # 5. briefing + comprehensive REPORT.md (immutable run record)
     (out / "AGENT-BRIEFING.md").write_text(briefing.render(facts, det, scan_results, manifest, unified))
     (out / "REPORT.md").write_text(report.render(facts, det, scan_results, unified, manifest, ts, ledger))
+    # drop the full `all` finding list from the manifest — it's a duplicate of findings.json
+    manifest_summary = {k: v for k, v in unified.items() if k != "all"} if unified else None
     (out / "manifest.json").write_text(json.dumps(
         {"facts": "FACTS.json", "scanners": det, "scan_results": scan_results,
-         "findings_summary": unified, "ledger": {"total": ledger["total"], "by_severity": ledger["by_severity"]},
+         "findings_summary": manifest_summary, "ledger": {"total": ledger["total"], "by_severity": ledger["by_severity"]},
          "probes": manifest, "timestamp": ts}, indent=2))
 
     print(f"\n✓ run {ts} saved (immutable — nothing overwritten):\n    {out}")
@@ -327,6 +329,9 @@ def _which(b):
 
 
 def _print_facts_summary(facts: dict) -> None:
+    if facts.get("files_truncated"):
+        print(f"  ⚠ PARTIAL SCAN — hit the {facts.get('file_cap', '?')}-file cap; recon may be incomplete. "
+              "Narrow with --exclude or scan a subdirectory.")
     st = facts.get("stack", {})
     rt = facts.get("routes", {})
     tg = rt.get("targeting", {})

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/dynamic.py

@@ -106,7 +106,9 @@ def cross_tenant_bola(cfg: dict, facts: dict) -> dict:
     for path in endpoints:
         # attacker A tries to read B's tenant data, and vice-versa
         for atk, vic, direction in ((a, b, "A→B"), (b, a, "B→A")):
-            url = cfg["target"] + path.replace("{" + param + "}", vic["tenant"])
+            # str(): a tenant id is often numeric (auto-increment) — str.replace's 2nd arg must be a
+            # str, so a JSON int would crash this (uncaught) authenticated path.
+            url = cfg["target"] + path.replace("{" + param + "}", str(vic["tenant"]))
             code, body = _request("GET", url, atk["token"])
             if code in (401, 403, 404):
                 verdict = "blocked"
@@ -164,7 +166,9 @@ def unauth_reachability(target: str, facts: dict, max_endpoints: int = 50) -> di
         if e.get("method") != "GET" or "{" in p or SIDE_EFFECTING.search(p):
             continue
         eps.append(p)
-    eps = sorted(set(eps))[:max_endpoints]
+    _all_eps = sorted(set(eps))
+    eps = _all_eps[:max_endpoints]
+    over_cap = max(0, len(_all_eps) - max_endpoints)   # disclose, don't silently drop (a missed endpoint = a missed lead)
 
     results, skipped = [], [e.get("path") for e in (facts.get("routes") or {}).get("endpoints", [])
                             if e.get("method") == "GET" and SIDE_EFFECTING.search(e.get("path", ""))]
@@ -195,11 +199,13 @@ def unauth_reachability(target: str, facts: dict, max_endpoints: int = 50) -> di
         "skipped_side_effecting": sorted(set(skipped)),
         "open_no_auth": openish,
         "results": results,
+        "endpoints_over_cap": over_cap,
         "fail_open_suspected": fail_open,
         "authn_trustworthy": not fail_open,
         "warning": FAIL_OPEN_WARNING if fail_open else "",
         "summary": f"{len(openish)}/{len(results)} data-read GET endpoints reachable WITHOUT auth"
                    + (" — review whether these should be public" if openish else " — all gated")
+                   + (f"  ·  ⚠ {over_cap} more over the {max_endpoints}-endpoint cap NOT tested" if over_cap else "")
                    + ("  ·  ⚠ FAIL-OPEN SUSPECTED (nothing enforced auth — results untrustworthy)" if fail_open else ""),
     }
 
@@ -219,7 +225,9 @@ def write_auth_enforcement(target: str, facts: dict, max_endpoints: int = 80) ->
         p = e.get("path", "")
         if e.get("method") in WRITE_VERBS and not SIDE_EFFECTING.search(p):
             eps.append((e["method"], p))
-    eps = sorted(set(eps))[:max_endpoints]
+    _all_eps = sorted(set(eps))
+    eps = _all_eps[:max_endpoints]
+    over_cap = max(0, len(_all_eps) - max_endpoints)
 
     results = []
     for method, path in eps:
@@ -229,9 +237,14 @@ def write_auth_enforcement(target: str, facts: dict, max_endpoints: int = 80) ->
             verdict = "auth-enforced"
         elif code in (200, 201, 204):
             verdict = "EXECUTED-UNAUTH"
-        elif code in (400, 422, 404, 405, 409, 415, 500):
+        elif code in (400, 422, 404, 405, 409, 415):
             verdict = "no-auth-gate (reached handler/validation)"
         else:
+            # 500 (and any other code) is INCONCLUSIVE: a 500 may be the auth layer itself throwing,
+            # not the handler running unauthenticated — so it must NOT become a no-auth-gate verdict
+            # (which would escalate to a HIGH missing-auth finding AND poison the calibration oracle
+            # with a confirmed-real sample). Matches the forged-token engine, which also excludes 500
+            # from "reached handler".
             verdict = f"http-{code}"
         results.append({"method": method, "path": path, "status": code, "verdict": verdict})
 
@@ -248,11 +261,13 @@ def write_auth_enforcement(target: str, facts: dict, max_endpoints: int = 80) ->
         "no_auth_gate": missing,
         "executed_unauth": executed,
         "results": results,
+        "endpoints_over_cap": over_cap,
         "fail_open_suspected": fail_open,
         "authn_trustworthy": not fail_open,
         "warning": FAIL_OPEN_WARNING if fail_open else "",
         "summary": f"{enforced}/{len(results)} write endpoints enforce auth · "
                    f"{len(missing)} reached with no auth gate · {len(executed)} executed unauthenticated"
+                   + (f"  ·  ⚠ {over_cap} more over the {max_endpoints}-endpoint cap NOT tested" if over_cap else "")
                    + ("  ·  ⚠ FAIL-OPEN SUSPECTED — results untrustworthy" if fail_open else ""),
     }
 
@@ -299,7 +314,9 @@ def forged_token_bypass(target: str, facts: dict, cookie_names=None,
         targets += [(e.get("method"), e.get("path", "")) for e in (facts.get("routes") or {}).get("endpoints", [])
                     if e.get("method") in WRITE_VERBS and "{" not in e.get("path", "")
                     and not SIDE_EFFECTING.search(e.get("path", ""))]
-    targets = sorted(set(targets))[:max_endpoints]
+    _all_targets = sorted(set(targets))
+    targets = _all_targets[:max_endpoints]
+    over_cap = max(0, len(_all_targets) - max_endpoints)
 
     results, bypassed = [], []
     for method, path in targets:
@@ -335,9 +352,11 @@ def forged_token_bypass(target: str, facts: dict, cookie_names=None,
         "tested": len(results),
         "bypassed": bypassed,
         "results": results,
+        "endpoints_over_cap": over_cap,
         "summary": f"{len(bypassed)}/{len(results)} gated route(s) accepted a forged unsigned token"
                    + (" — ⚠ SIGNATURE NOT VERIFIED (CWE-347 auth bypass)" if bypassed
-                      else " — all rejected the forged token"),
+                      else " — all rejected the forged token")
+                   + (f"  ·  ⚠ {over_cap} more over the {max_endpoints}-endpoint cap NOT tested" if over_cap else ""),
     }
 
 

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/extractors/__init__.py

@@ -11,7 +11,7 @@ from pathlib import Path
 
 from .auth import AuthExtractor
 from .authz import AuthzExtractor
-from .base import Extractor, RepoContext
+from .base import MAX_FILES, Extractor, RepoContext
 from .client_exposure import ClientExposureExtractor
 from .client_integrity import ClientIntegrityExtractor
 from .graphql import GraphQLExtractor
@@ -55,6 +55,10 @@ def run_all(root: Path, version: str, excludes: list | None = None) -> dict:
         "version": version,
         "target": str(root.resolve()),
         "files_scanned": len(ctx.code_files),
+        # PARTIAL-scan guard: the walker stops at MAX_FILES (filesystem order), so on a very large
+        # monorepo recon may miss files. Surface it loudly rather than implying full coverage.
+        "files_truncated": bool(getattr(ctx, "truncated", False)),
+        "file_cap": MAX_FILES,
     }
     for ext in REGISTRY:
         try:

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/extractors/authz.py

@@ -21,6 +21,12 @@ from .base import Extractor, RepoContext
 
 WRITE_VERBS = {"POST", "PUT", "PATCH", "DELETE"}
 
+# endpoint_guards feeds the missing-auth ledger (findings.build_ledger), so capping it low was a
+# silent coverage cliff: a big monorepo's unguarded write #401 never became a finding. Raised to
+# cover realistic monorepos; truncation beyond this is DISCLOSED (endpoint_guards_truncated), never
+# silent — mirrors constitution.py's "…and N more" pattern.
+_MAX_ENDPOINT_GUARDS = 5000
+
 GUARD = re.compile(
     r"requireAuth|requirePermission|requireRole|requireGroupAccess|isAuthenticated|"
     r"@login_required|@jwt_required|@permission_required|@roles_required|ensureAuth|"
@@ -181,7 +187,8 @@ class AuthzExtractor(Extractor):
             "roles_detected": sorted(r for r in roles if r),
             "guard_summary": {"with_visible_guard": protected,
                               "no_visible_guard": no_guard, "unknown": unknown},
-            "endpoint_guards": egs[:400],
+            "endpoint_guards": egs[:_MAX_ENDPOINT_GUARDS],
+            "endpoint_guards_truncated": max(0, len(egs) - _MAX_ENDPOINT_GUARDS),
             "write_endpoints_without_visible_guard": sorted(set(no_guard_writes))[:60],
             "unsafe_auth_decoders": unsafe_decoders[:30],
             "unverified_signature_routes": unverified_routes,

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/extractors/base.py

@@ -31,6 +31,31 @@ MAX_FILES = 12000
 MAX_BYTES = 2_000_000
 
 
+def path_in_skip_dir(path: str, root: "Path | str | None" = None) -> bool:
+    """True if `path` lies under a SKIP_DIR segment, measured RELATIVE to the scan root.
+
+    Checking the ABSOLUTE path's segments is the bug-005/bug-066 trap: when the scanned repo
+    itself lives under a skip-named ancestor (e.g. `.claude/worktrees/<id>`, `vendor/`,
+    `target/`, `~/.cache`), a segment ABOVE the root matches and the WHOLE tree — every route,
+    every finding — is silently dropped. Noir + the static scanners emit ABSOLUTE paths, so any
+    traversal that post-filters their output MUST strip the root prefix first (the walker already
+    does, via relative_to). Fail OPEN (keep the item) when the path can't be made relative — a
+    silent drop is the dangerous direction for a security tool. `root=None` preserves the legacy
+    raw-segment behavior for already-relative inputs.
+    """
+    p = (path or "").replace("\\", "/")
+    if not p:
+        return False
+    if root is not None:
+        try:
+            p = Path(path).resolve().relative_to(Path(root).resolve()).as_posix()
+        except (ValueError, OSError):
+            if Path(p).is_absolute():
+                return False  # absolute but outside the root → don't risk a false drop
+            # else: already a root-relative path → check its segments as-is below
+    return any(part in SKIP_DIRS for part in p.split("/"))
+
+
 class RepoContext:
     """Walk the tree once; cache file text; serve cheap queries to every extractor."""
 
@@ -47,9 +72,11 @@ class RepoContext:
 
     def _walk(self) -> None:
         n = 0
+        self.truncated = False          # set when MAX_FILES is hit → recon is PARTIAL, surface it
         for p in self.root.rglob("*"):
             if n >= MAX_FILES:
-                break
+                self.truncated = True   # rglob order is filesystem-dependent → which files drop is
+                break                   # nondeterministic; the consumer MUST know coverage is partial
             # match SKIP_DIRS against parts RELATIVE to the scan root — otherwise a
             # repo located under e.g. ~/.cache or any dir named like a skip-dir would
             # have its whole tree skipped.

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/extractors/integrations.py

@@ -14,10 +14,16 @@ from pathlib import Path
 from .base import Extractor, RepoContext
 
 WEBHOOK_PATH = re.compile(r"webhook|/hook|/callback|/inbound", re.I)
+# Signals that a handler ACTUALLY verifies an inbound signature. The bare word `signature` used to
+# be here and was over-broad: a comment like "no signature verification" — or any stray mention —
+# SUPPRESSED the finding (a false negative, the worst failure for a security tool). Keep crypto
+# primitives, known signature HEADER names (reading one implies verification intent), webhook
+# libraries, and VERB-prefixed signature idioms (verify/check/validate/compute…Signature) — drop
+# the standalone word. Erring toward MORE flagging is the safe direction; the human verifies.
 SIG_VERIFY = re.compile(
-    r"createHmac|\bhmac\b|timingSafeEqual|verif\w*[Ss]ignature|X-Hub-Signature|"
-    r"X-Signature|Stripe-Signature|\bsvix\b|constant_time_compare|compare_digest|"
-    r"verifyWebhook|signature", re.I)
+    r"createHmac|\bhmac\b|timingSafeEqual|X-Hub-Signature|X-Signature|Stripe-Signature|"
+    r"\bsvix\b|constant_time_compare|compare_digest|verifyWebhook|webhookSecret|"
+    r"(?:verif|check|validate|assert|compute|expected|valid)\w*[_-]?[Ss]ignature", re.I)
 
 SDKS = {"stripe": "Stripe", "twilio": "Twilio", "@sendgrid": "SendGrid", "messagebird": "MessageBird/Bird",
         "@slack": "Slack", "openai": "OpenAI", "@anthropic": "Anthropic", "octokit": "GitHub",

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/extractors/routes.py

@@ -25,7 +25,7 @@ import subprocess
 import tempfile
 from pathlib import Path
 
-from .base import SKIP_DIRS, Extractor, RepoContext
+from .base import SKIP_DIRS, Extractor, RepoContext, path_in_skip_dir
 
 # Noir is a subprocess that scans the raw tree — it does NOT know the walker's SKIP_DIRS,
 # so without this it grinds through (and emits routes from) build output (.next, cdk.out,
@@ -35,8 +35,11 @@ from .base import SKIP_DIRS, Extractor, RepoContext
 _NOIR_SKIP_GLOBS = ",".join(f"**/{d}/**" for d in sorted(SKIP_DIRS))
 
 
-def _in_skip_dir(code_path: str) -> bool:
-    return any(part in SKIP_DIRS for part in (code_path or "").replace("\\", "/").split("/"))
+def _in_skip_dir(code_path: str, root=None) -> bool:
+    # Delegates to the shared, root-relative helper. Noir emits ABSOLUTE code_paths, so we MUST
+    # pass the scan root — otherwise a repo under a skip-named ancestor (e.g. .claude/worktrees,
+    # vendor/, target/) has EVERY route dropped (bug-005 recurrence; proven on a `target/` path).
+    return path_in_skip_dir(code_path, root)
 
 WRITE_VERBS = {"POST", "PUT", "PATCH", "DELETE"}
 EXCLUDE_GLOBS = "*.test.ts,*.test.tsx,*.spec.ts,*.test.js,*.spec.js,*_test.go,*_test.py,test_*.py,*.stories.tsx"
@@ -223,10 +226,14 @@ class RoutesExtractor(Extractor):
 
     def extract(self, ctx: RepoContext, facts: dict) -> dict:
         eps = _noir_scan(ctx.root, getattr(ctx, "excludes", None))
-        if eps is not None:
+        if eps:                                    # noir ran AND found routes
             routes, spec_derived = _normalize_noir(eps)
             engine = "noir"
-        else:
+        elif eps is not None:                      # noir ran but found ZERO — back it up with the regex
+            fb = _fallback(ctx)                     # pass so a framework noir can't parse doesn't become a
+            routes, spec_derived = fb, []           # silent blind spot (0 routes → no authz, no probes)
+            engine = "noir (0 routes) → regex-fallback backstop" if fb else "noir (0 routes)"
+        else:                                      # noir absent
             routes, spec_derived = _fallback(ctx), []
             engine = "regex-fallback (install OWASP Noir for full coverage: brew install noir)"
         # honor user --exclude against route code_paths too (Noir's own --exclude-path glob is
@@ -234,8 +241,10 @@ class RoutesExtractor(Extractor):
         if getattr(ctx, "excludes", None):
             routes = [r for r in routes if not ctx._excluded(r.get("code_path", ""))]
         # Noir doesn't honor SKIP_DIRS — drop any route it found under build output / deps /
-        # nested worktrees (e.g. .claude/worktrees/* doubling the whole app).
-        routes = [r for r in routes if not _in_skip_dir(r.get("code_path", ""))]
+        # nested worktrees (e.g. .claude/worktrees/* doubling the whole app). Pass ctx.root so
+        # SKIP_DIRS is matched RELATIVE to the scan root (a skip-named ANCESTOR must not nuke
+        # the whole route list).
+        routes = [r for r in routes if not _in_skip_dir(r.get("code_path", ""), ctx.root)]
         by_method: dict = {}
         by_tech: dict = {}
         for r in routes:

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/findings.py

@@ -33,6 +33,9 @@ STANDARDS = {
     "ssrf": (["CWE-918 SSRF"], "ASVS V12.6", ["API7:2023 SSRF"]),
     "secret": (["CWE-798 Hard-coded Credentials"], "ASVS V2.10", ["API8:2023 Misconfiguration"]),
     "sqli": (["CWE-89 SQL Injection"], "ASVS V5.3.4", ["API8:2023"]),
+    "nosql-injection": (["CWE-943 Improper Neutralization of Data within a Query"], "ASVS V5.3.4", ["API8:2023"]),
+    "redos": (["CWE-1333 Inefficient Regular Expression Complexity (ReDoS)"], "ASVS V5.2.4", []),
+    "eval-injection": (["CWE-95 Eval Injection", "CWE-94 Code Injection"], "ASVS V5.2.4", []),
     "command-injection": (["CWE-78 OS Command Injection"], "ASVS V5.3.8", []),
     "path-traversal": (["CWE-22 Path Traversal"], "ASVS V12.3", []),
     "ssti": (["CWE-1336 SSTI"], "ASVS V5.2.5", []),
@@ -41,6 +44,9 @@ STANDARDS = {
     "xxe": (["CWE-611 XXE"], "ASVS V5.5.2", []),
     "prototype-pollution": (["CWE-1321 Prototype Pollution"], "ASVS V5.1", []),
     "mass-assignment": (["CWE-915 Mass Assignment"], "ASVS V5.1.2", ["API3:2023 BOPLA"]),
+    "webhook-forgery": (["CWE-345 Insufficient Verification of Data Authenticity",
+                         "CWE-347 Improper Verification of Cryptographic Signature"],
+                        "ASVS V13.4", ["API8:2023 Misconfiguration"]),
     "cve": (["CWE-1395 Vulnerable Dependency"], "ASVS V14.2.1", ["API8:2023"]),
     "iac": (["CWE-1188 Insecure Default"], "ASVS V14.1", []),
     "client-exposure": (["CWE-200 Information Exposure"], "ASVS V14.3", []),
@@ -69,10 +75,19 @@ REMEDIATION = {
     "missing-auth": "Add an auth guard to the handler (e.g. requireAuth()/getServerSession()), or a "
                     "middleware matcher over /api/(.*) with an explicit public allowlist so it can't be forgotten.",
     "bola": "Enforce object ownership: verify the authenticated principal owns/can access the resource id (tenant scope).",
+    "webhook-forgery": "Verify the provider's signature (HMAC over the RAW body, constant-time compare) before "
+                       "processing, reject stale timestamps / replays, and fail closed when the signature header "
+                       "is absent — don't trust an unsigned inbound webhook.",
     "unsafe-auth-decoder": "Verify the token/signature before trusting it for an auth/identity decision — use a "
                            "verifying decode (e.g. jwt.verify with the key / a checked session), never an *Unsafe* "
                            "or decode-only path whose output then feeds requireAuth/requireAdmin.",
     "ssrf": "Validate + allowlist outbound URLs; block RFC1918/IMDS/file://; never fetch a raw user-supplied URL.",
+    "nosql-injection": "Never pass raw req.body into a query/operator position; reject $-prefixed keys, use a typed "
+                       "query builder or schema validation, and cast expected types before querying.",
+    "redos": "Bound the regex (no nested/ambiguous quantifiers), cap input length, or use a linear-time engine "
+             "(RE2) — and never build a pattern from unsanitized user input.",
+    "eval-injection": "Remove eval()/new Function()/exec on user input; use a safe parser, a typed dispatch table, "
+                      "or an explicit allowlist of operations instead.",
     "secret": "Rotate the credential, remove from code/history, load from a secrets manager.",
     "cve": "Upgrade the dependency to the fixed version.",
     "iac": "Apply the hardening (non-root user, pin actions to a SHA, enforce TLS, etc.).",
@@ -105,6 +120,12 @@ SEV_RANK = {"CRITICAL": 4, "HIGH": 3, "MEDIUM": 2, "LOW": 1, "INFO": 0}
 CONF_RANK = {"HIGH": 2, "MEDIUM": 1, "LOW": 0}
 WRITE_VERBS = {"POST", "PUT", "PATCH", "DELETE"}
 
+# surface.py sink keys → STANDARDS/attack-class keys where they differ, so a sink cites its SPECIFIC
+# CWE instead of falling back to the generic "sast" (CWE-710). sql-injection is the high-value case
+# (surface.py emits `sql-injection`; STANDARDS keys it `sqli`). nosql-injection/redos/eval-injection
+# now have their own STANDARDS entries, so they resolve directly.
+_SINK_ATTACK = {"sql-injection": "sqli"}
+
 
 def _cite(cls):
     cwe, asvs, api = STANDARDS.get(cls, ([], "", []))
@@ -241,8 +262,11 @@ def build_ledger(facts: dict, unified: dict | None, dynamic: dict | None = None,
                         + " Confirm reachability with the forged-token / hs256 probe (it seeds this literal)."}]))
 
     # ---- 2. Static scanner findings (de-duplicated `unified`) ----
+    # Consume the FULL ranked set (`all`), not the briefing's short `top` slice — else a
+    # HIGH/CRITICAL CVE/secret ranked #16+ never reaches the ledger/REPORT/calibration. Falls
+    # back to `top` for older callers/tests that only pass that key.
     cat_to_class = {"sca": "cve", "secret": "secret", "iac": "iac", "sast": "sast"}
-    for t in (unified or {}).get("top", []):
+    for t in ((unified or {}).get("all") or (unified or {}).get("top", [])):
         cat = t.get("category", "")
         cls = cat_to_class.get(cat, "sast")
         sev = t.get("severity", "MEDIUM")
@@ -257,8 +281,13 @@ def build_ledger(facts: dict, unified: dict | None, dynamic: dict | None = None,
     # down-rank them (the inflation the field test flagged) rather than ranking them MEDIUM.
     _ds = {d.lower() for d in (facts.get("stack", {}).get("datastores") or [])}
     _nosql = {"dynamodb", "dynamo", "mongodb", "mongo", "firestore", "cosmos", "cosmosdb", "couchdb", "cassandra"}
-    _sql = {"postgres", "postgresql", "mysql", "mariadb", "sqlite", "mssql", "sqlserver", "aurora", "oracle", "cockroach"}
-    is_nosql_only = bool(_ds & _nosql) and not (_ds & _sql)
+    # Include the ORM-ish labels stack.py actually emits (prisma(sql)/sql-orm) — and treat any label
+    # CONTAINING "sql" (but not "nosql") as SQL — so a SQL-ORM app + Mongo isn't misread as nosql-only
+    # and its SQLi findings wrongly down-ranked.
+    _sql = {"postgres", "postgresql", "mysql", "mariadb", "sqlite", "mssql", "sqlserver", "aurora",
+            "oracle", "cockroach", "prisma(sql)", "sql-orm"}
+    has_sql = bool(_ds & _sql) or any("sql" in d and "nosql" not in d for d in _ds)
+    is_nosql_only = bool(_ds & _nosql) and not has_sql
     for cls, info in (facts.get("surface", {}).get("sinks", {}) or {}).items():
         sev = "MEDIUM"
         if cls == "error-disclosure":
@@ -275,7 +304,8 @@ def build_ledger(facts: dict, unified: dict | None, dynamic: dict | None = None,
             if cls == "ssrf-outbound-http":
                 sev = "LOW"               # var-arg only — weaker than the user-gated `ssrf` class
         else:
-            attack = cls if cls in STANDARDS else "sast"
+            _acls = _SINK_ATTACK.get(cls, cls)
+            attack = _acls if _acls in STANDARDS else "sast"
             ev = [{"layer": "recon", "detail": f"user-input-gated {cls} in {info.get('count')} file(s)"}]
         if cls in ("sqli", "sql-injection") and is_nosql_only:
             sev = "LOW"
@@ -348,7 +378,19 @@ def build_ledger(facts: dict, unified: dict | None, dynamic: dict | None = None,
                       (_ci.get("sensitive_display") or ["client"])[0],
                       [{"layer": "recon", "detail": fnd.get("detail", "")}]))
 
-    # ---- 9. Upload security — polyglot / MIME-spoof / serve-side stored XSS (PTREQ0013000 #2b) ----
+    # ---- 9. Inbound webhooks with no signature verification (forgery / replay) ----
+    # Recon found webhook handlers with no HMAC/signature check. This was surfaced in the briefing
+    # but — alone among the recon signals — never entered the ranked, calibrated ledger. Wire it in
+    # for parity (MEDIUM: heuristic — the check may live in middleware, so verify).
+    for wh in (facts.get("integrations", {}) or {}).get("webhooks_without_sig_verification", []):
+        out.append(_f(f"Webhook without signature verification: {wh}", "integrations",
+                      "webhook-forgery", "MEDIUM", "MEDIUM", wh,
+                      [{"layer": "recon", "detail": "no signature-verification code (HMAC / timingSafeEqual / "
+                        "Stripe-Signature / svix / compare_digest) found in this webhook handler — a forged or "
+                        "replayed request could be processed as authentic. Confirm it isn't handled in middleware, "
+                        "then run the webhook-forgery probe."}]))
+
+    # ---- 10. Upload security — polyglot / MIME-spoof / serve-side stored XSS (PTREQ0013000 #2b) ----
     for fnd in (facts.get("upload_security", {}) or {}).get("findings", []):
         kind = fnd.get("kind", "")
         cls = "content-sniffing" if kind == "serve-no-nosniff" else "unrestricted-upload"
@@ -356,7 +398,7 @@ def build_ledger(facts: dict, unified: dict | None, dynamic: dict | None = None,
                       fnd.get("severity", "MEDIUM"), "MEDIUM", fnd.get("file", ""),
                       [{"layer": "recon", "detail": fnd.get("detail", "")}]))
 
-    # ---- 10. PII output-boundary — unmasked customer data + dead masking controls (#8) ----
+    # ---- 11. PII output-boundary — unmasked customer data + dead masking controls (#8) ----
     for fnd in (facts.get("pii_exposure", {}) or {}).get("findings", []):
         out.append(_f(f"{fnd.get('kind')}: {fnd.get('file')}", "pii", "pii-exposure",
                       fnd.get("severity", "MEDIUM"), "MEDIUM", fnd.get("file", ""),

{websec_validator-0.4.0 → websec_validator-0.4.1}/src/websec_validator/scanners.py

@@ -20,7 +20,7 @@ import subprocess
 from dataclasses import dataclass
 from pathlib import Path
 
-from .extractors.base import SKIP_DIRS
+from .extractors.base import SKIP_DIRS, path_in_skip_dir
 
 
 @dataclass(frozen=True)
@@ -45,9 +45,14 @@ class Scanner:
 EXCLUDE_DIRS = tuple(sorted(SKIP_DIRS))
 
 
-def _in_skip_dir(path: str) -> bool:
-    """True if any path segment is a SKIP_DIR — mirrors the walker's per-segment rule."""
-    return any(part in SKIP_DIRS for part in (path or "").replace("\\", "/").split("/"))
+def _in_skip_dir(path: str, root=None) -> bool:
+    """True if `path` is under a SKIP_DIR, measured RELATIVE to the scan `root` when given.
+
+    Delegates to the shared helper. Trivy/Semgrep can emit ABSOLUTE paths, so pass `target`
+    (the scanned repo) or a repo living under a skip-named ancestor has its real findings
+    dropped as 'contamination' (bug-005/066 recurrence). `root=None` keeps the legacy
+    raw-segment behavior for relative inputs (and the existing single-arg unit test)."""
+    return path_in_skip_dir(path, root)
 
 
 def _trivy(target: Path, out: Path, excludes=()) -> list:
@@ -355,7 +360,7 @@ def normalize_findings(scan_results: list, outdir: Path, target: Path | None = N
     # build output, the tool's own websec-out) → drop anything under a SKIP_DIR. The
     # correctness guarantee behind the best-effort flags; also catches gitleaks (no skip flag).
     before = len(raw)
-    raw = [f for f in raw if not _in_skip_dir(f.get("file", ""))]
+    raw = [f for f in raw if not _in_skip_dir(f.get("file", ""), target)]
     contamination_dropped = before - len(raw)
 
     # bug-066 (b): working-tree secrets (trivy fs) in GITIGNORED files are local-only / never
@@ -392,11 +397,18 @@ def normalize_findings(scan_results: list, outdir: Path, target: Path | None = N
     for f in deduped:
         by_sev[f["severity"]] = by_sev.get(f["severity"], 0) + 1
         by_cat[f["category"]] = by_cat.get(f["category"], 0) + 1
+    summaries = [{"severity": f["severity"], "category": f["category"], "title": f["title"],
+                  "file": f["file"], "tools": f["tools"]} for f in deduped]
     return {"total_raw": len(raw), "total": len(deduped),
             "cross_tool_or_dup_merged": len(raw) - len(deduped),
             "contamination_dropped": contamination_dropped,
             "local_only_downgraded": local_only_downgraded,
             "by_severity": by_sev, "by_category": by_cat,
-            "top": [{"severity": f["severity"], "category": f["category"], "title": f["title"],
-                     "file": f["file"], "tools": f["tools"]} for f in deduped[:15]]}
+            # `top` = a short slice for the human briefing; `all` = the FULL ranked set the
+            # findings ledger consumes. The ledger must NOT silently drop a HIGH/CRITICAL static
+            # finding ranked #16+ — that undercounted the ledger + calibration on scan-heavy repos
+            # while the CLI printed ledger.total as if complete. (cli excludes `all` from manifest
+            # to avoid duplicating findings.json.)
+            "top": summaries[:15],
+            "all": summaries}
 

{websec_validator-0.4.0 → websec_validator-0.4.1/src/websec_validator.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: websec-validator
-Version: 0.4.0
+Version: 0.4.1
 Summary: Local-first security recon that briefs your AI coding agent: facts + tailored probe scripts, code-in / artifacts-out. No LLM, no server, no running app.
 Author: Ricardo Accioly
 License: MIT

{websec_validator-0.4.0 → websec_validator-0.4.1}/tests/test_hardening.py

@@ -16,7 +16,7 @@ from unittest import mock
 ROOT = Path(__file__).resolve().parents[1]
 sys.path.insert(0, str(ROOT / "src"))
 
-from websec_validator import dynamic, findings, probes, scanners  # noqa: E402
+from websec_validator import calibration, dynamic, findings, probes, scanners  # noqa: E402
 from websec_validator.extractors.auth import AuthExtractor  # noqa: E402
 from websec_validator.extractors.authz import AuthzExtractor  # noqa: E402
 from websec_validator.extractors.base import RepoContext  # noqa: E402
@@ -79,6 +79,45 @@ class ScannerHygieneTests(unittest.TestCase):
         self.assertTrue(scanners._in_skip_dir("node_modules/dep/a.js"))
         self.assertFalse(scanners._in_skip_dir("src/app/api/route.ts"))
 
+    def test_skipdir_matched_relative_to_root_not_absolute(self):
+        # Regression: a repo living UNDER a skip-named ANCESTOR (.claude/worktrees, vendor/,
+        # target/) had every absolute-path route/finding silently dropped, because SKIP_DIRS
+        # was matched against the ABSOLUTE path's segments (bug-005 recurrence). Match relative
+        # to the scan root instead. Proven empirically: identical fixture → 2 routes at a clean
+        # path, 0 routes under a `target/` ancestor.
+        from websec_validator.extractors.base import path_in_skip_dir
+        with tempfile.TemporaryDirectory() as d:
+            root = Path(d) / "target" / "app"        # 'target' is a SKIP_DIR — but it's an ANCESTOR
+            (root / "src").mkdir(parents=True)
+            real = root / "src" / "routes.js"
+            real.write_text("x")
+            self.assertIn("target", str(real).split("/"))          # the trap segment is present...
+            self.assertFalse(path_in_skip_dir(str(real), root))    # ...but NOT below the root → keep it
+            nm = root / "node_modules" / "dep.js"                  # a genuine skip-dir BELOW the root
+            nm.parent.mkdir(parents=True)
+            nm.write_text("x")
+            self.assertTrue(path_in_skip_dir(str(nm), root))       # still correctly skipped
+        # backward-compat: no root → legacy raw-segment behavior (single-arg call sites/tests)
+        self.assertTrue(path_in_skip_dir("node_modules/dep/a.js"))
+        self.assertFalse(path_in_skip_dir("src/app/api/route.ts"))
+
+    def test_normalize_keeps_findings_when_repo_under_skipdir_ancestor(self):
+        # End-to-end consequence: a trivy finding with an ABSOLUTE path under a skip-named
+        # ancestor must SURVIVE when `target` is that repo root (else real secrets vanish on
+        # anyone whose repo lives under e.g. ~/dev/vendor-portal/ or a .claude worktree).
+        with tempfile.TemporaryDirectory() as d:
+            root = Path(d) / "vendor" / "app"        # 'vendor' ancestor
+            (root / "src").mkdir(parents=True)
+            abs_file = str(root / "src" / "config.ts")
+            trivy = {"Results": [{"Target": abs_file, "Secrets": [
+                {"RuleID": "private-key", "Title": "k", "Match": "-----BEGIN", "StartLine": 1}]}]}
+            (root / "trivy.json").write_text(json.dumps(trivy))
+            res = [{"key": "trivy", "output": str(root / "trivy.json"), "name": "Trivy", "category": "sca"}]
+            summary = scanners.normalize_findings(res, root, target=root)
+            files = [f["file"] for f in json.loads((root / "findings.json").read_text())]
+        self.assertIn(abs_file, files)               # NOT dropped despite the 'vendor' ancestor
+        self.assertEqual(summary["contamination_dropped"], 0)
+
     def test_exclude_dirs_includes_agent_tooling(self):
         self.assertIn(".claude", scanners.EXCLUDE_DIRS)
         self.assertIn(".worktrees", scanners.EXCLUDE_DIRS)
@@ -124,6 +163,51 @@ class ScannerHygieneTests(unittest.TestCase):
         self.assertEqual(summary["local_only_downgraded"], 1)
 
 
+class CrossTenantNumericIdTests(unittest.TestCase):
+    def test_numeric_tenant_id_does_not_crash(self):
+        # fix #6: tenant ids are often numeric (auto-increment); str.replace's 2nd arg must be a str,
+        # so an int tenant would crash this authenticated path uncaught. Coerce with str().
+        cfg = {"target": "http://t", "tenant_path_param": "groupId", "roles": {}}
+        facts = {"routes": {"endpoints": [{"method": "GET", "path": "/api/groups/{groupId}/items"}]}}
+        captured = []
+
+        def fake_mint(c, role):
+            return {"token": f"tok-{role}", "tenant": 1 if role == "agentA" else 2, "email": f"{role}@x"}
+
+        def fake_request(method, url, token=None, timeout=20, data=None, cookie=None):
+            captured.append(url)
+            return 403, "x"
+        with mock.patch.object(dynamic, "mint", fake_mint), mock.patch.object(dynamic, "_request", fake_request):
+            r = dynamic.cross_tenant_bola(cfg, facts)
+        self.assertNotIn("error", r)                                  # numeric ids didn't crash the replace
+        self.assertTrue(any(u.endswith("/api/groups/2/items") for u in captured))  # int coerced into the path
+
+
+class WriteAuthEnforcement500Tests(unittest.TestCase):
+    def test_500_is_inconclusive_not_no_auth_gate(self):
+        # a 500 may be the AUTH layer throwing, not the handler running unauth — must NOT become a
+        # no-auth-gate verdict (would escalate to a HIGH missing-auth finding AND poison the
+        # calibration oracle with a confirmed-real sample). Matches the forged-token engine.
+        facts = {"routes": {"endpoints": [{"method": "POST", "path": "/api/x"}]}}
+
+        def fake(method, url, token=None, timeout=20, data=None, cookie=None):
+            return 500, "err"
+        with mock.patch.object(dynamic, "_request", fake):
+            r = dynamic.write_auth_enforcement("http://t", facts)
+        self.assertEqual(r["results"][0]["verdict"], "http-500")     # inconclusive, not no-auth-gate
+        self.assertEqual(r["no_auth_gate"], [])                       # so it feeds no missing-auth finding
+        self.assertEqual(calibration.samples_from_dynamic({"write_auth_enforcement": r}), [])  # oracle clean
+
+    def test_400_still_no_auth_gate(self):  # regression guard: real reached-handler codes unaffected
+        facts = {"routes": {"endpoints": [{"method": "POST", "path": "/api/y"}]}}
+
+        def fake(method, url, token=None, timeout=20, data=None, cookie=None):
+            return 400, "bad"
+        with mock.patch.object(dynamic, "_request", fake):
+            r = dynamic.write_auth_enforcement("http://t", facts)
+        self.assertTrue(r["results"][0]["verdict"].startswith("no-auth-gate"))
+
+
 class ProbeRegistrationTests(unittest.TestCase):
     def test_forged_token_always_staged(self):
         self.assertIn("forged-token", probes.ALWAYS)

{websec_validator-0.4.0 → websec_validator-0.4.1}/tests/test_recon.py

@@ -22,6 +22,7 @@ from websec_validator.extractors.authz import AuthzExtractor           # noqa: E
 from websec_validator.extractors.base import RepoContext               # noqa: E402
 from websec_validator.extractors.stack import StackExtractor           # noqa: E402
 from websec_validator.extractors.schemas import SchemasExtractor       # noqa: E402
+from websec_validator.extractors.integrations import IntegrationsExtractor  # noqa: E402
 from websec_validator.extractors.surface import SINKS, SurfaceExtractor  # noqa: E402
 from websec_validator.extractors.tenant import TenantExtractor         # noqa: E402
 
@@ -95,6 +96,29 @@ class SchemasTests(unittest.TestCase):
         self.assertEqual(out["orms"], [])
 
 
+class IntegrationsTests(unittest.TestCase):
+    def _run(self, handler_src):
+        d = Path(tempfile.mkdtemp())
+        (d / "h.js").write_text(handler_src)
+        facts = {"routes": {"endpoints": [
+            {"method": "POST", "path": "/webhooks/stripe", "code_path": str(d / "h.js")}]}}
+        return IntegrationsExtractor().extract(RepoContext(d), facts)
+
+    def test_unverified_webhook_flagged_despite_signature_word_in_comment(self):
+        # the bare-word `signature` SIG_VERIFY alternative used to SUPPRESS the finding when a
+        # comment merely mentioned signatures — a false negative. Only real verification counts now.
+        out = self._run("// no signature verification here\n"
+                        "router.post('/webhooks/stripe', (req,res)=>res.json({ok:1}));\n")
+        self.assertEqual(len(out["webhooks_without_sig_verification"]), 1)
+
+    def test_genuinely_verified_webhook_not_flagged(self):
+        out = self._run("const crypto=require('crypto');\n"
+                        "router.post('/webhooks/stripe', (req,res)=>{\n"
+                        "  const h=crypto.createHmac('sha256',k).update(req.body).digest('hex');\n"
+                        "  if(h!==req.headers['stripe-signature']) return res.status(401).end();\n});\n")
+        self.assertEqual(out["webhooks_without_sig_verification"], [])
+
+
 class CalibrationTests(unittest.TestCase):
     def test_wilson_interval(self):
         self.assertEqual(calibration.wilson(0, 0), (0.0, 1.0))      # no data → full ignorance
@@ -392,6 +416,54 @@ class LedgerTests(unittest.TestCase):
         self.assertEqual(led["total"], 0)
         self.assertEqual(led["suppressed"], 1)
 
+    def test_webhook_without_sig_enters_ledger(self):
+        # parity fix: unverified webhooks were surfaced in the briefing but never ranked/calibrated.
+        facts = {"integrations": {"webhooks_without_sig_verification": ["POST /webhooks/stripe  (h.ts)"]}}
+        led = findings.build_ledger(facts, None, None, [])
+        hit = [f for f in led["findings"] if f["attack_class"] == "webhook-forgery"]
+        self.assertEqual(len(hit), 1)
+        self.assertEqual(hit[0]["severity"], "MEDIUM")
+        self.assertIn("CWE-345 Insufficient Verification of Data Authenticity", hit[0]["standards"]["cwe"])
+        self.assertTrue(hit[0]["remediation"])
+
+    def test_sink_attack_class_maps_to_specific_cwe(self):
+        # surface.py emits `sql-injection`/`nosql-injection`/`redos`/`eval-injection`; each must cite
+        # its SPECIFIC CWE, not fall back to the generic "sast" (CWE-710).
+        facts = {"surface": {"sinks": {
+            "sql-injection": {"count": 1, "files": ["a.ts"]},
+            "nosql-injection": {"count": 1, "files": ["b.ts"]},
+            "redos": {"count": 1, "files": ["c.ts"]},
+            "eval-injection": {"count": 1, "files": ["d.ts"]}}},
+            "stack": {"datastores": ["postgres"]}}
+        by = {f["title"]: f for f in findings.build_ledger(facts, None, None, [])["findings"]}
+        self.assertEqual(by["sql-injection sink (1 site(s))"]["attack_class"], "sqli")
+        self.assertIn("CWE-89 SQL Injection", by["sql-injection sink (1 site(s))"]["standards"]["cwe"])
+        self.assertEqual(by["nosql-injection sink (1 site(s))"]["attack_class"], "nosql-injection")
+        self.assertTrue(by["nosql-injection sink (1 site(s))"]["standards"]["cwe"][0].startswith("CWE-943"))
+        self.assertEqual(by["eval-injection sink (1 site(s))"]["attack_class"], "eval-injection")
+        # a specific remediation, not the generic default
+        self.assertNotEqual(by["redos sink (1 site(s))"]["remediation"], "Review and remediate per the cited standard.")
+
+    def test_sqli_not_downranked_when_sql_orm_present(self):
+        # fix #9: stack.py emits `sql-orm`/`prisma(sql)` labels; findings._sql must count them as SQL
+        # so a SQL-ORM + Mongo app isn't misread as nosql-only and its SQLi wrongly cut to LOW.
+        sinks = {"surface": {"sinks": {"sql-injection": {"count": 1, "files": ["db.ts"]}}}}
+        led = findings.build_ledger({**sinks, "stack": {"datastores": ["sql-orm", "mongo"]}}, None, None, [])
+        self.assertEqual([f for f in led["findings"] if "sql-injection" in f["title"]][0]["severity"], "MEDIUM")
+        led2 = findings.build_ledger({**sinks, "stack": {"datastores": ["mongo"]}}, None, None, [])
+        self.assertEqual([f for f in led2["findings"] if "sql-injection" in f["title"]][0]["severity"], "LOW")
+
+    def test_ledger_consumes_full_static_set_not_just_top15(self):
+        # 20 HIGH static findings → all 20 must reach the ledger (was silently capped at top-15,
+        # dropping HIGH/CRITICAL CVEs/secrets ranked #16+ from the ledger + calibration).
+        allf = [{"severity": "HIGH", "category": "sca", "title": f"CVE-{i}", "file": f"p{i}", "tools": ["trivy"]}
+                for i in range(20)]
+        led = findings.build_ledger({}, {"top": allf[:15], "all": allf}, None, [])
+        self.assertEqual(len([f for f in led["findings"] if f["attack_class"] == "cve"]), 20)
+        # back-compat: a caller passing only `top` still works
+        led2 = findings.build_ledger({}, {"top": allf[:15]}, None, [])
+        self.assertEqual(len([f for f in led2["findings"] if f["attack_class"] == "cve"]), 15)
+
 
 if __name__ == "__main__":
     unittest.main()