Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
100 lines
3.9 KiB
Markdown
100 lines
3.9 KiB
Markdown
# Scan Diff Against Baseline
|
|
|
|
---
|
|
|
|
## Header
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| **Report type** | diff |
|
|
| **Target** | ~/repos/dft-marketplace |
|
|
| **Date** | 2026-05-05 |
|
|
| **Baseline** | 2026-04-29 |
|
|
| **Version** | llm-security v7.4.0 |
|
|
| **Scope** | scan + posture diff |
|
|
| **Triggered by** | /security diff . |
|
|
|
|
---
|
|
|
|
## Risk Dashboard
|
|
|
|
| Metric | Value |
|
|
|--------|-------|
|
|
| **Current Grade** | B |
|
|
| **Baseline Grade** | C |
|
|
| **Risk Score** | 28/100 |
|
|
| **Risk Band** | Medium |
|
|
| **Verdict** | WARNING |
|
|
|
|
| Severity | New | Resolved | Unchanged |
|
|
|----------|----:|---------:|----------:|
|
|
| Critical | 0 | 1 | 0 |
|
|
| High | 1 | 2 | 1 |
|
|
| Medium | 2 | 3 | 4 |
|
|
| Low | 0 | 1 | 2 |
|
|
| Info | 1 | 0 | 5 |
|
|
| **Total** | **4** | **7** | **12** |
|
|
|
|
**Verdict rationale:** Net improvement (7 resolved, 4 new). Baseline had 1 CRITICAL (resolved), 2 HIGH (resolved). Grade C → B. One new HIGH on permission scope warrants review before celebrating.
|
|
|
|
---
|
|
|
|
## New (4)
|
|
|
|
| ID | Severity | Category | File | Description | OWASP |
|
|
|----|----------|----------|------|-------------|-------|
|
|
| DIF-001 | high | Permissions | .claude/settings.json | New `Edit(*)` wildcard added in commit 4a8c1f | ASI04 |
|
|
| DIF-002 | medium | Injection | commands/research-v2.md | New command introduced indirect-injection vector | LLM01 |
|
|
| DIF-003 | medium | Supply Chain | package-lock.json | New dependency `husky@9.0.11` (no prior baseline) | LLM03 |
|
|
| DIF-004 | info | Documentation | docs/CHANGELOG.md | Changelog gained sensitive path reference (not exploitable) | — |
|
|
|
|
---
|
|
|
|
## Resolved (7)
|
|
|
|
| ID | Severity | Category | File | Resolution |
|
|
|----|----------|----------|------|-----------|
|
|
| BAS-001 | critical | Secrets | agents/data-analyst.md | API key removed, env-var reference added |
|
|
| BAS-002 | high | Excessive Agency | agents/web-helper.md | Hook policy added blocking [Bash, Read, WebFetch] trifecta |
|
|
| BAS-003 | high | MCP Trust | .mcp.json | airbnb-mcp removed |
|
|
| BAS-004 | medium | Output Handling | agents/notes.md | Markdown link-title sink sanitized |
|
|
| BAS-005 | medium | Memory | CLAUDE.md | Encoded base64 imperative removed |
|
|
| BAS-006 | medium | Injection | commands/summarize.md | Indirect-injection wrapped in Trust-Bus |
|
|
| BAS-007 | low | Documentation | README.md | Suspicious URL pattern in example removed |
|
|
|
|
---
|
|
|
|
## Unchanged (12)
|
|
|
|
| ID | Severity | Category | File | Notes |
|
|
|----|----------|----------|------|-------|
|
|
| BAS-008 | high | Permissions | .claude/settings.json | Bash wildcard remains — pending grant-narrowing |
|
|
| BAS-009 | medium | Permissions | agents/test-runner.md | Tool list still includes Edit |
|
|
| BAS-010 | medium | MCP Trust | .mcp.json | Per-update drift on `postgres-readonly` (12.3% > 10%) |
|
|
| BAS-011 | medium | Other | scripts/setup.sh | curl|sh pattern in install hint |
|
|
| BAS-012 | medium | Other | tests/fixtures/poisoned.md | Test fixture flagged (intentional) |
|
|
| BAS-013 | low | Documentation | docs/setup.md | Outdated security-advisory link |
|
|
| BAS-014 | low | Documentation | LICENSE | License file present but old SPDX format |
|
|
| BAS-015 | info | Other | .gitignore | Still missing `.env*` exclusion rule |
|
|
| BAS-016 | info | Other | LICENSE | (info-level note) |
|
|
| BAS-017 | info | Other | CHANGELOG.md | Format compliance note |
|
|
| BAS-018 | info | Other | SECURITY.md | Still missing |
|
|
| BAS-019 | info | Other | CONTRIBUTING.md | Still missing |
|
|
|
|
---
|
|
|
|
## Moved (0)
|
|
|
|
No findings shifted file-locations between baseline and current.
|
|
|
|
---
|
|
|
|
## Recommendations
|
|
|
|
1. **High:** Audit DIF-001 — `Edit(*)` wildcard adds Edit-to-anywhere capability. Replace with explicit allow-list.
|
|
2. **Medium:** Review DIF-002 (commands/research-v2.md) and DIF-003 (husky pin) before merge.
|
|
3. **Medium:** Continue working on the 12 unchanged findings — BAS-008 (Bash wildcard) is the highest-impact remaining item.
|
|
|
|
---
|
|
|
|
*Diff complete. Net improvement: -3 findings (4 new, 7 resolved). Grade C → B.*
|