0xray 2.1.1 → 2.1.3

package/src/mcps/security-scan.server.ts

@@ -4,12 +4,6 @@
  * Automated security vulnerability scanning with dependency and code analysis
  */
 
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import {
-  CallToolRequestSchema,
-  ListToolsRequestSchema,
-} from "@modelcontextprotocol/sdk/types.js";
 import { execFileSync } from "child_process";
 import fs from "fs";
 import path from "path";
@@ -19,6 +13,7 @@ import {
   type LanguageConfig,
 } from "../utils/language-detector.js";
 import { frameworkLogger } from "../core/framework-logger.js";
+import { XrayKnowledgeSkillBase } from "./shared/knowledge-skill-base.js";
 
 interface SecurityScanArgs {
   scope?: string;
@@ -39,107 +34,68 @@ interface SecuritySummaryResults {
   summary: string;
 }
 
-class XraySecurityScanServer {
-  private server: Server;
-
+class XraySecurityScanServer extends XrayKnowledgeSkillBase {
   constructor() {
-    this.server = new Server(
-      {
-        name: "security-scan", version: "2.0.1",
-      },
+    super("security-scan", "2.0.1");
+
+    this.tools = [
       {
-        capabilities: {
-          tools: {},
+        name: "security-scan",
+        description:
+          "Comprehensive security vulnerability scanning with dependency and code analysis",
+        inputSchema: {
+          type: "object",
+          properties: {
+            scope: {
+              type: "string",
+              enum: ["dependencies", "code", "full"],
+              default: "full",
+              description: "Scope of security scan",
+            },
+            auditLevel: {
+              type: "string",
+              enum: ["info", "low", "moderate", "high", "critical"],
+              default: "moderate",
+              description: "Audit level for vulnerability detection",
+            },
+            includeOutdated: {
+              type: "boolean",
+              default: true,
+              description: "Include outdated package analysis",
+            },
+          },
         },
       },
-    );
-
-    this.setupToolHandlers();
-    frameworkLogger.log("mcps/security-scan", "initialize", "info");
-  }
-
-  private setupToolHandlers() {
-    // List available tools
-    this.server.setRequestHandler(ListToolsRequestSchema, async () => {
-      return {
-        tools: [
-          {
-            name: "security-scan",
-            description:
-              "Comprehensive security vulnerability scanning with dependency and code analysis",
-            inputSchema: {
-              type: "object",
-              properties: {
-                scope: {
-                  type: "string",
-                  enum: ["dependencies", "code", "full"],
-                  default: "full",
-                  description: "Scope of security scan",
-                },
-                auditLevel: {
-                  type: "string",
-                  enum: ["info", "low", "moderate", "high", "critical"],
-                  default: "moderate",
-                  description: "Audit level for vulnerability detection",
-                },
-                includeOutdated: {
-                  type: "boolean",
-                  default: true,
-                  description: "Include outdated package analysis",
-                },
-              },
+      {
+        name: "dependency-audit",
+        description:
+          "Audit third-party dependencies for security vulnerabilities",
+        inputSchema: {
+          type: "object",
+          properties: {
+            packageManager: {
+              type: "string",
+              enum: ["npm", "yarn", "pnpm", "auto"],
+              default: "auto",
+              description: "Package manager to use",
             },
-          },
-          {
-            name: "dependency-audit",
-            description:
-              "Audit third-party dependencies for security vulnerabilities",
-            inputSchema: {
-              type: "object",
-              properties: {
-                packageManager: {
-                  type: "string",
-                  enum: ["npm", "yarn", "pnpm", "auto"],
-                  default: "auto",
-                  description: "Package manager to use",
-                },
-                auditLevel: {
-                  type: "string",
-                  enum: ["info", "low", "moderate", "high", "critical"],
-                  default: "moderate",
-                },
-              },
+            auditLevel: {
+              type: "string",
+              enum: ["info", "low", "moderate", "high", "critical"],
+              default: "moderate",
             },
           },
-        ],
-      };
-    });
+        },
+      },
+    ];
 
-    // Handle tool calls
-    this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
-      const { name, arguments: args } = request.params;
+    this.handlers = {
+      "security-scan": async (args) => this.handleSecurityScan(args),
+      "dependency-audit": async (args) => this.handleDependencyAudit(args),
+    };
 
-      try {
-        switch (name) {
-          case "security-scan":
-            return await this.handleSecurityScan(args);
-          case "dependency-audit":
-            return await this.handleDependencyAudit(args);
-          default:
-            throw new Error(`Unknown tool: ${name}`);
-        }
-      } catch (error) {
-        frameworkLogger.log("mcps/security-scan", "tool-handler", "error", { tool: name, error: String(error) });
-        return {
-          content: [
-            {
-              type: "text",
-              text: `Error executing tool "${name}": ${error instanceof Error ? error.message : String(error)}`,
-            },
-          ],
-        };
-      }
-    });
+    this.setupToolHandlers();
+    frameworkLogger.log("mcps/security-scan", "initialize", "info");
   }
 
   private async handleSecurityScan(args: unknown) {
@@ -635,17 +591,12 @@ ${results.recommendations.map((r) => `• ${r}`).join("\n") || "No recommendatio
 - Recommendations: ${recCount}`;
   }
 
-  async run() {
-    const transport = new StdioServerTransport();
-    await this.server.connect(transport);
-    frameworkLogger.log("mcps/security-scan", "start", "info");
-  }
 }
 
 // Start the server if run directly
 if (import.meta.url === `file://${process.argv[1]}`) {
   const server = new XraySecurityScanServer();
-  server.run().catch((error) => frameworkLogger.log("mcps/security-scan", "run", "error", { error: String(error) }));
+  server.run("security-scan").catch((error) => frameworkLogger.log("mcps/security-scan", "run", "error", { error: String(error) }));
 }
 
 export { XraySecurityScanServer };

package/src/mcps/shared/knowledge-skill-base.ts

@@ -0,0 +1,62 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+} from "@modelcontextprotocol/sdk/types.js";
+import { frameworkLogger } from "../../core/framework-logger.js";
+import { createGracefulShutdown } from "../../utils/shutdown-handler.js";
+
+export interface ToolDefinition {
+  name: string;
+  description: string;
+  inputSchema: object;
+}
+
+export class XrayKnowledgeSkillBase {
+  protected tools: ToolDefinition[] = [];
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  protected handlers: Record<string, (args: unknown) => Promise<any>> = {};
+
+  protected server: Server;
+
+  constructor(serverName: string, version = "2.0.1") {
+    this.server = new Server(
+      { name: serverName, version },
+      { capabilities: { tools: {} } },
+    );
+  }
+
+  protected setupToolHandlers(): void {
+    this.server.setRequestHandler(ListToolsRequestSchema, async () => ({
+      tools: this.tools.map((t) => ({
+        name: t.name,
+        description: t.description,
+        inputSchema: t.inputSchema,
+      })),
+    }));
+
+    this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
+      const { name, arguments: args } = request.params;
+      const handler = this.handlers[name];
+      if (!handler) {
+        throw new Error(`Unknown tool: ${name}`);
+      }
+      try {
+        return await handler(args);
+      } catch (error) {
+        return {
+          content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+          isError: true,
+        };
+      }
+    });
+  }
+
+  async run(serverName: string): Promise<void> {
+    const transport = new StdioServerTransport();
+    await this.server.connect(transport);
+    createGracefulShutdown({ serverName, server: this.server });
+    await frameworkLogger.log(serverName, "server-started", "success");
+  }
+}

package/src/mcps/shared/prompt-security-validator.ts

@@ -0,0 +1,199 @@
+/**
+ * 0xRay Framework - AI Prompt Security Validator
+ *
+ * Specialized security validation for AI agent prompts and responses
+ * Prevents prompt injection, system prompt override, and malicious inputs
+ */
+
+export interface PromptSecurityConfig {
+  enabled: boolean;
+  maxPromptLength: number;
+  allowedPatterns: RegExp[];
+  blockedPatterns: RegExp[];
+  sanitizeLevel: "basic" | "strict" | "paranoid";
+}
+
+export interface SecurityValidationResult {
+  isSafe: boolean;
+  violations: string[];
+  sanitizedPrompt?: string | undefined;
+  riskLevel: "low" | "medium" | "high" | "critical";
+}
+
+export class PromptSecurityValidator {
+  private config: PromptSecurityConfig;
+
+  constructor(config: Partial<PromptSecurityConfig> = {}) {
+    this.config = {
+      enabled: true,
+      maxPromptLength: 10000,
+      allowedPatterns: [],
+      blockedPatterns: [
+        /system\s+prompt\s*[:=]/gi,
+        /ignore\s+previous\s+instructions/gi,
+        /you\s+are\s+now\s+/gi,
+        /forget\s+your\s+previous\s+/gi,
+        /override\s+(your\s+)?instructions/gi,
+        /jailbreak/gi,
+        /dan.*mode/gi,
+      ],
+      sanitizeLevel: "strict",
+      ...config,
+    };
+  }
+
+  /**
+   * Validate AI prompt for security issues
+   */
+  validatePrompt(prompt: string): SecurityValidationResult {
+    if (!this.config.enabled) {
+      return { isSafe: true, violations: [], riskLevel: "low" };
+    }
+
+    const violations: string[] = [];
+    let riskLevel: SecurityValidationResult["riskLevel"] = "low";
+
+    // Length check
+    if (prompt.length > this.config.maxPromptLength) {
+      violations.push(
+        `Prompt too long: ${prompt.length} > ${this.config.maxPromptLength}`,
+      );
+      riskLevel = "medium";
+    }
+
+    // Blocked pattern check
+    for (const pattern of this.config.blockedPatterns) {
+      if (pattern.test(prompt)) {
+        violations.push(`Blocked pattern detected: ${pattern.source}`);
+        riskLevel = "high";
+      }
+    }
+
+    // Advanced pattern analysis
+    if (this.containsSystemPromptOverride(prompt)) {
+      violations.push("Potential system prompt override attempt");
+      riskLevel = "critical";
+    }
+
+    if (this.containsInjectionAttempts(prompt)) {
+      violations.push("Potential prompt injection detected");
+      riskLevel = "high";
+    }
+
+    const isSafe = violations.length === 0;
+    const sanitizedPrompt = isSafe ? undefined : this.sanitizePrompt(prompt);
+
+    return {
+      isSafe,
+      violations,
+      sanitizedPrompt,
+      riskLevel,
+    };
+  }
+
+  /**
+   * Check for system prompt override attempts
+   */
+  private containsSystemPromptOverride(prompt: string): boolean {
+    const overrideIndicators = [
+      "you are now",
+      "act as if",
+      "pretend to be",
+      "role-play as",
+      "from now on you are",
+      "ignore your system",
+      "override your",
+      "new personality",
+      "different role",
+    ];
+
+    const lowerPrompt = prompt.toLowerCase();
+    return overrideIndicators.some((indicator) =>
+      lowerPrompt.includes(indicator),
+    );
+  }
+
+  /**
+   * Check for prompt injection attempts
+   */
+  private containsInjectionAttempts(prompt: string): boolean {
+    const injectionIndicators = [
+      "ignore previous",
+      "forget instructions",
+      "start over",
+      "new conversation",
+      "reset context",
+      "clear memory",
+      "delete history",
+    ];
+
+    const lowerPrompt = prompt.toLowerCase();
+    return injectionIndicators.some((indicator) =>
+      lowerPrompt.includes(indicator),
+    );
+  }
+
+  /**
+   * Sanitize prompt by removing dangerous patterns
+   */
+  private sanitizePrompt(prompt: string): string {
+    let sanitized = prompt;
+
+    // Remove blocked patterns
+    for (const pattern of this.config.blockedPatterns) {
+      sanitized = sanitized.replace(pattern, "[REDACTED]");
+    }
+
+    // Additional sanitization based on level
+    if (
+      this.config.sanitizeLevel === "strict" ||
+      this.config.sanitizeLevel === "paranoid"
+    ) {
+      // Remove potential code execution
+      sanitized = sanitized.replace(/```[\s\S]*?```/g, "[CODE_BLOCK_REMOVED]");
+
+      // Remove potential file system access
+      sanitized = sanitized.replace(/(?:\/|\\)\.\.(?:\/|\\)/g, "/");
+
+      // Remove potential command injection
+      sanitized = sanitized.replace(/[;&|`$()]/g, "");
+    }
+
+    if (this.config.sanitizeLevel === "paranoid") {
+      // Extreme sanitization - only allow alphanumeric, spaces, and basic punctuation
+      sanitized = sanitized.replace(/[^a-zA-Z0-9\s.,!?-]/g, "");
+    }
+
+    return sanitized;
+  }
+
+  /**
+   * Validate agent response for safety
+   */
+  validateResponse(response: string): SecurityValidationResult {
+    // Similar validation but focused on response safety
+    const violations: string[] = [];
+
+    // Check for potentially harmful content
+    if (
+      response.includes("system prompt") ||
+      response.includes("internal instructions")
+    ) {
+      violations.push("Response contains sensitive system information");
+    }
+
+    // Check for code execution attempts
+    if (/eval\s*\(|Function\s*\(/.test(response)) {
+      violations.push("Response contains potential code execution");
+    }
+
+    return {
+      isSafe: violations.length === 0,
+      violations,
+      riskLevel: violations.length > 0 ? "medium" : "low",
+    };
+  }
+}
+
+// Export singleton instance
+export const promptSecurityValidator = new PromptSecurityValidator();