Skip to content

feat: v2 security rules - 5 new rules, SARIF export, 50+ tests#5

Open
NeuZhou wants to merge 2 commits intomasterfrom
feat/security-rules-v2
Open

feat: v2 security rules - 5 new rules, SARIF export, 50+ tests#5
NeuZhou wants to merge 2 commits intomasterfrom
feat/security-rules-v2

Conversation

@NeuZhou
Copy link
Owner

@NeuZhou NeuZhou commented Mar 16, 2026

What's New

  • API Key Exposure detection rule
  • Memory Poisoning detection rule
  • Permission Escalation detection rule
  • Enhanced MCP security tests
  • Enhanced supply chain tests
  • SARIF export support
  • 50+ new tests

Kang Zhou added 2 commits March 16, 2026 18:28
feat: add 5 new security rules + SARIF export + enhanced CI + 50+ tests
b245e05 
- MCP security: file/exec/network access detection
- Memory poisoning: encoded payloads, trust escalation
- Supply chain: remote code execution, eval, obfuscation
- API key exposure: 10+ key patterns with masked evidence
- Permission escalation: system config modification detection
- SARIF output for GitHub Security tab
- Severity scoring per finding
- README updates with new rule categories
docs: add SKILL.md generated by repo2skill v2.3.0
4fa3562
NeuZhou pushed a commit that referenced this pull request Mar 18, 2026
feat: v2 security rules - 5 new rules with tests (#5)
a63d516 
- privilege-escalation: sudo, chmod 777, capability manipulation
- rug-pull: MCP server re-registration, tool definition switching
- resource-abuse: crypto mining, infinite loops, fork bombs
- cross-agent-contamination: cross-session data leaks
- compliance-frameworks: SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS
- Comprehensive test coverage for each rule
NeuZhou pushed a commit that referenced this pull request Mar 18, 2026
feat: register v2 rules, export YARA engine, support custom rules API (
1554c22 
…#5, #2, #8)

- Register 5 new security rules in rules/index.ts
- Export YARA engine types and functions from index.ts
- Export registerCustomRule/clearCustomRules from index.ts
- Update DEFAULT_CONFIG with new rule IDs
- Update index-exports tests for new exports
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NeuZhou