open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(workflow-scanner): E11 part 2 — re-interpolation + auth-bypass + WFL prefix + orchestrator

Browse source 
Closes E11. Three new pieces, plus integration:

1. Re-interpolation detector (Appsmith GHSL-2024-277 stealth pattern).
   The scanner now collects env: bindings (key -> source-expression
   text) by walking parsed events whose parentChain includes 'env',
   then for each `${{ env.<KEY> }}` inside run:, re-injects MEDIUM
   if the binding source matches the 23-field blacklist. This
   catches the pattern where developers apply env-indirection but
   then re-interpolate the env var in run:, which cancels the
   mitigation (template substitution happens before shell parsing).

2. Auth-bypass category (Synacktiv 2023 Dependabot spoofing).
   Detects `if: ${{ github.actor == 'dependabot[bot]' }}` and
   variants. MEDIUM, owasp: 'LLM06' (Excessive Agency). Distinct
   from injection — same expression syntax, different threat class.
   Recommendation steers users to `github.event.pull_request.user.login`.

3. severity.mjs OWASP map registration. WFL prefix added to all
   four maps:
   - OWASP_MAP['WFL'] = ['LLM02', 'LLM06']
   - OWASP_AGENTIC_MAP['WFL'] = ['ASI04']
   - OWASP_SKILLS_MAP['WFL'] = []
   - OWASP_MCP_MAP['WFL'] = []
   Empty arrays for skills/MCP are explicit, not omitted — keeps
   `Object.keys(OWASP_MAP)` symmetric across maps.

4. scan-orchestrator.mjs registration. workflowScan added between
   supply-chain and toxic-flow (toxic-flow correlates after primaries).
   Verified via integration: orchestrator emits 9 WFL findings on
   tests/fixtures/workflows/.

Bug fix: extractTriggers in workflow-yaml-state.mjs was collecting
sub-properties (`branches:`, `types:`) as triggers. Now tracks the
first nested indent level and ignores anything deeper.

Tests:
- 6 new cases in tests/scanners/workflow-scanner.test.mjs:
  re-interp TP, no-double-count, auth-bypass TP, auth-bypass FP
  (startsWith head_ref is not auth-bypass), OWASP map shape,
  orchestrator import + SCANNERS array entry.
- 2 new fixtures: tp-reinterpolation.yml, auth-bypass-dependabot.yml.
- Existing 14 scanner tests + 15 state-machine tests unchanged.

Test count: 1732 -> 1738 (+6). Wave B total: +53 over baseline 1685.
Pre-compact-scan flake unchanged (passes in isolation).
This commit is contained in:
Kjell Tore Guttormsen 2026-04-30 15:57:10 +02:00
commit ede37219a3
7 changed files with 180 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
plugins/llm-security/scanners/lib/workflow-yaml-state.mjs
View file

@ -88,13 +88,18 @@ export function extractTriggers(lines) {
return triggers;
}
// Form 2/3: block list or block mapping
// Form 2/3: block list or block mapping. Only collect entries at
// the FIRST nested indent — anything deeper is a sub-property of
// the trigger (e.g. `branches:`, `types:`), not a new trigger.
let triggerIndent = null;
for (let j = i + 1; j < lines.length; j++) {
const sj = stripComments(lines[j]);
const tj = sj.trim();
if (!tj) continue;
const indent = getIndent(sj);
if (indent === 0) break; // back to top-level key
if (triggerIndent === null) triggerIndent = indent;
if (indent > triggerIndent) continue; // sub-property of a trigger
// List item: `- push`
if (tj.startsWith('- ')) {
const name = tj.slice(2).trim().replace(/^["']|["']$/g, '');