@bryan-thompson/inspector-assessment-client 1.22.13 → 1.22.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/{OAuthCallback-CZrJlcLn.js → OAuthCallback-DNYBkA2C.js} +1 -1
- package/dist/assets/{OAuthDebugCallback-DjI-YxME.js → OAuthDebugCallback-EhdSHXee.js} +1 -1
- package/dist/assets/{index-_w0OL9Gt.js → index-BRiFDs-g.js} +21 -14
- package/dist/index.html +1 -1
- package/lib/lib/assessment/configTypes.d.ts +70 -0
- package/lib/lib/assessment/configTypes.d.ts.map +1 -0
- package/lib/lib/assessment/configTypes.js +194 -0
- package/lib/lib/assessment/constants.d.ts +10 -0
- package/lib/lib/assessment/constants.d.ts.map +1 -0
- package/lib/lib/assessment/constants.js +61 -0
- package/lib/lib/assessment/coreTypes.d.ts +159 -0
- package/lib/lib/assessment/coreTypes.d.ts.map +1 -0
- package/lib/lib/assessment/coreTypes.js +101 -0
- package/lib/lib/assessment/extendedTypes.d.ts +415 -0
- package/lib/lib/assessment/extendedTypes.d.ts.map +1 -0
- package/lib/lib/assessment/extendedTypes.js +9 -0
- package/lib/lib/assessment/index.d.ts +23 -0
- package/lib/lib/assessment/index.d.ts.map +1 -0
- package/lib/lib/assessment/index.js +48 -0
- package/lib/lib/assessment/progressTypes.d.ts +160 -0
- package/lib/lib/assessment/progressTypes.d.ts.map +1 -0
- package/lib/lib/assessment/progressTypes.js +9 -0
- package/lib/lib/assessment/resultTypes.d.ts +568 -0
- package/lib/lib/assessment/resultTypes.d.ts.map +1 -0
- package/lib/lib/assessment/resultTypes.js +9 -0
- package/lib/lib/assessmentTypes.d.ts +20 -1248
- package/lib/lib/assessmentTypes.d.ts.map +1 -1
- package/lib/lib/assessmentTypes.js +21 -287
- package/lib/services/assessment/AssessmentOrchestrator.d.ts +5 -0
- package/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
- package/lib/services/assessment/AssessmentOrchestrator.js +24 -6
- package/lib/services/assessment/lib/concurrencyLimit.d.ts +12 -0
- package/lib/services/assessment/lib/concurrencyLimit.d.ts.map +1 -1
- package/lib/services/assessment/lib/concurrencyLimit.js +22 -0
- package/lib/services/assessment/lib/logger.d.ts +98 -0
- package/lib/services/assessment/lib/logger.d.ts.map +1 -0
- package/lib/services/assessment/lib/logger.js +153 -0
- package/lib/services/assessment/modules/BaseAssessor.d.ts +2 -2
- package/lib/services/assessment/modules/BaseAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/SecurityAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/SecurityAssessor.js +10 -5
- package/lib/services/assessment/modules/ToolAnnotationAssessor.js +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/lib/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAEtE;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;OAOG;IACH,KAAK,EAAE,QAAQ,CAAC;IAEhB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB;;;OAGG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAEhE;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE/D;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE/D;;;OAGG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAEhE;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IAE5B;;;OAGG;IACH,cAAc,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,aAIpC,CAAC;AAiDF;;;;;;;;;;;;;GAaG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC9B,MAAM,CA0FR;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C"}
|
|
@@ -0,0 +1,153 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Structured Logger for Assessment Modules
|
|
3
|
+
*
|
|
4
|
+
* Provides configurable logging with level filtering, structured context,
|
|
5
|
+
* and consistent formatting across all assessment modules.
|
|
6
|
+
*
|
|
7
|
+
* IMPORTANT: This logger outputs to stdout. JSONL events (module_started,
|
|
8
|
+
* module_complete, etc.) use stderr via console.error() and should NOT
|
|
9
|
+
* be routed through this logger.
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Default configuration for logging.
|
|
13
|
+
*/
|
|
14
|
+
export const DEFAULT_LOGGING_CONFIG = {
|
|
15
|
+
level: "info",
|
|
16
|
+
format: "text",
|
|
17
|
+
includeTimestamp: false,
|
|
18
|
+
};
|
|
19
|
+
/**
|
|
20
|
+
* Log level priority mapping.
|
|
21
|
+
* Higher numbers are more verbose.
|
|
22
|
+
*/
|
|
23
|
+
const LOG_LEVEL_PRIORITY = {
|
|
24
|
+
silent: 0,
|
|
25
|
+
error: 1,
|
|
26
|
+
warn: 2,
|
|
27
|
+
info: 3,
|
|
28
|
+
debug: 4,
|
|
29
|
+
};
|
|
30
|
+
/**
|
|
31
|
+
* Safely serialize a value for logging.
|
|
32
|
+
* Handles circular references and error objects.
|
|
33
|
+
*/
|
|
34
|
+
function safeSerialize(value) {
|
|
35
|
+
if (value instanceof Error) {
|
|
36
|
+
return {
|
|
37
|
+
name: value.name,
|
|
38
|
+
message: value.message,
|
|
39
|
+
stack: value.stack,
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
return value;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Format context object for text output.
|
|
46
|
+
*/
|
|
47
|
+
function formatContext(context) {
|
|
48
|
+
if (!context || Object.keys(context).length === 0) {
|
|
49
|
+
return "";
|
|
50
|
+
}
|
|
51
|
+
try {
|
|
52
|
+
// Serialize with safe handling of special values
|
|
53
|
+
const serializable = {};
|
|
54
|
+
for (const [key, value] of Object.entries(context)) {
|
|
55
|
+
serializable[key] = safeSerialize(value);
|
|
56
|
+
}
|
|
57
|
+
return " " + JSON.stringify(serializable);
|
|
58
|
+
}
|
|
59
|
+
catch {
|
|
60
|
+
return " [context serialization failed]";
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Create a logger instance with the given prefix and configuration.
|
|
65
|
+
*
|
|
66
|
+
* @param prefix - Logger prefix (typically module name)
|
|
67
|
+
* @param config - Optional logging configuration
|
|
68
|
+
* @returns Logger instance
|
|
69
|
+
*
|
|
70
|
+
* @example
|
|
71
|
+
* ```typescript
|
|
72
|
+
* const logger = createLogger('SecurityAssessor', { level: 'debug' });
|
|
73
|
+
* logger.info('Starting assessment', { toolCount: 5 });
|
|
74
|
+
* // Output: [SecurityAssessor] Starting assessment {"toolCount":5}
|
|
75
|
+
* ```
|
|
76
|
+
*/
|
|
77
|
+
export function createLogger(prefix, config) {
|
|
78
|
+
const finalConfig = {
|
|
79
|
+
...DEFAULT_LOGGING_CONFIG,
|
|
80
|
+
...config,
|
|
81
|
+
};
|
|
82
|
+
const threshold = LOG_LEVEL_PRIORITY[finalConfig.level];
|
|
83
|
+
function shouldLog(level) {
|
|
84
|
+
return LOG_LEVEL_PRIORITY[level] <= threshold;
|
|
85
|
+
}
|
|
86
|
+
function emit(level, message, context) {
|
|
87
|
+
if (!shouldLog(level)) {
|
|
88
|
+
return;
|
|
89
|
+
}
|
|
90
|
+
const timestamp = finalConfig.includeTimestamp
|
|
91
|
+
? new Date().toISOString()
|
|
92
|
+
: null;
|
|
93
|
+
if (finalConfig.format === "json") {
|
|
94
|
+
// JSON format for machine parsing
|
|
95
|
+
const logEntry = {
|
|
96
|
+
level,
|
|
97
|
+
prefix,
|
|
98
|
+
message,
|
|
99
|
+
};
|
|
100
|
+
if (timestamp) {
|
|
101
|
+
logEntry.timestamp = timestamp;
|
|
102
|
+
}
|
|
103
|
+
if (context && Object.keys(context).length > 0) {
|
|
104
|
+
const serializable = {};
|
|
105
|
+
for (const [key, value] of Object.entries(context)) {
|
|
106
|
+
serializable[key] = safeSerialize(value);
|
|
107
|
+
}
|
|
108
|
+
logEntry.context = serializable;
|
|
109
|
+
}
|
|
110
|
+
// Output to stdout (NOT stderr - that's reserved for JSONL events)
|
|
111
|
+
console.log(JSON.stringify(logEntry));
|
|
112
|
+
}
|
|
113
|
+
else {
|
|
114
|
+
// Text format for human reading
|
|
115
|
+
let output = "";
|
|
116
|
+
if (timestamp) {
|
|
117
|
+
output += `[${timestamp}] `;
|
|
118
|
+
}
|
|
119
|
+
output += `[${prefix}] ${message}`;
|
|
120
|
+
output += formatContext(context);
|
|
121
|
+
// Output to stdout (NOT stderr - that's reserved for JSONL events)
|
|
122
|
+
console.log(output);
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
const logger = {
|
|
126
|
+
debug(message, context) {
|
|
127
|
+
emit("debug", message, context);
|
|
128
|
+
},
|
|
129
|
+
info(message, context) {
|
|
130
|
+
emit("info", message, context);
|
|
131
|
+
},
|
|
132
|
+
warn(message, context) {
|
|
133
|
+
emit("warn", message, context);
|
|
134
|
+
},
|
|
135
|
+
error(message, context) {
|
|
136
|
+
emit("error", message, context);
|
|
137
|
+
},
|
|
138
|
+
child(name) {
|
|
139
|
+
return createLogger(`${prefix}:${name}`, finalConfig);
|
|
140
|
+
},
|
|
141
|
+
isLevelEnabled(level) {
|
|
142
|
+
return shouldLog(level);
|
|
143
|
+
},
|
|
144
|
+
};
|
|
145
|
+
return logger;
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* Create a silent logger that produces no output.
|
|
149
|
+
* Useful for tests or when logging should be completely disabled.
|
|
150
|
+
*/
|
|
151
|
+
export function createSilentLogger() {
|
|
152
|
+
return createLogger("", { level: "silent" });
|
|
153
|
+
}
|
|
@@ -4,14 +4,14 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { AssessmentConfiguration, AssessmentStatus } from "../../../lib/assessmentTypes.js";
|
|
6
6
|
import { AssessmentContext } from "../AssessmentOrchestrator.js";
|
|
7
|
-
export declare abstract class BaseAssessor {
|
|
7
|
+
export declare abstract class BaseAssessor<T = unknown> {
|
|
8
8
|
protected config: AssessmentConfiguration;
|
|
9
9
|
protected testCount: number;
|
|
10
10
|
constructor(config: AssessmentConfiguration);
|
|
11
11
|
/**
|
|
12
12
|
* Abstract method that each assessor must implement
|
|
13
13
|
*/
|
|
14
|
-
abstract assess(context: AssessmentContext): Promise<
|
|
14
|
+
abstract assess(context: AssessmentContext): Promise<T>;
|
|
15
15
|
/**
|
|
16
16
|
* Common method to determine status based on pass rate
|
|
17
17
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BaseAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/BaseAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,8BAAsB,YAAY;
|
|
1
|
+
{"version":3,"file":"BaseAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/BaseAssessor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,8BAAsB,YAAY,CAAC,CAAC,GAAG,OAAO;IAC5C,SAAS,CAAC,MAAM,EAAE,uBAAuB,CAAC;IAC1C,SAAS,CAAC,SAAS,EAAE,MAAM,CAAK;gBAEpB,MAAM,EAAE,uBAAuB;IAI3C;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,CAAC,CAAC;IAEvD;;OAEG;IACH,SAAS,CAAC,eAAe,CACvB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,MAAY,GACtB,gBAAgB;IAUnB;;OAEG;IACH,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,GAAG,IAAI;IAItD;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACH,cAAc,IAAI,IAAI;IAItB;;OAEG;IACH,SAAS,CAAC,gBAAgB,CACxB,OAAO,EAAE,MAAM,uBAAuB,CAAC,sBAAsB,CAAC,GAC7D,OAAO;IAIV;;OAEG;cACa,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhD;;OAEG;cACa,kBAAkB,CAAC,CAAC,EAClC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EACnB,SAAS,GAAE,MAAgC,GAC1C,OAAO,CAAC,CAAC,CAAC;IAWb;;OAEG;IACH,SAAS,CAAC,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG;IAS1C;;OAEG;IACH,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,GAAG,MAAM;IAejD;;;;;;OAMG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,GAAG,EACb,UAAU,GAAE,OAAe,GAC1B,OAAO;IA8CV;;OAEG;IACH,SAAS,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,GAAG;QACzC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB;CAqBF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAc9D,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,iBAAiB,CAAuC;IAC1D,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;
|
|
1
|
+
{"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAc9D,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,iBAAiB,CAAuC;IAC1D,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;IA2KvC;;;;OAIG;YACW,qBAAqB;IA4JnC;;OAEG;YACW,WAAW;IA4HzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAgDzB;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAiDtC;;OAEG;IACH,OAAO,CAAC,aAAa;IA+BrB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAgClC;;;OAGG;IACH,OAAO,CAAC,eAAe;IAuIvB;;;;;;;OAOG;IACH,OAAO,CAAC,qBAAqB;IAiE7B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAqC5B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAsB3B;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IA8E5B;;OAEG;YACW,+BAA+B;IAiC7C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAkEnC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAuI3B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,oBAAoB;IAoN5B;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAwDhC;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAuBtC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAoH5B;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAmB3B"}
|
|
@@ -124,8 +124,12 @@ export class SecurityAssessor extends BaseAssessor {
|
|
|
124
124
|
// Parallel tool testing with concurrency limit
|
|
125
125
|
const concurrency = this.config.maxParallelTests ?? 5;
|
|
126
126
|
const limit = createConcurrencyLimit(concurrency);
|
|
127
|
-
// Progress tracking for batched events
|
|
128
|
-
|
|
127
|
+
// Progress tracking for batched events - pre-calculate exact payload count
|
|
128
|
+
let totalPayloads = 0;
|
|
129
|
+
for (const pattern of attackPatterns) {
|
|
130
|
+
totalPayloads += getPayloadsForAttack(pattern.attackName).length;
|
|
131
|
+
}
|
|
132
|
+
const totalEstimate = toolsToTest.length * totalPayloads;
|
|
129
133
|
let completedTests = 0;
|
|
130
134
|
let lastBatchTime = Date.now();
|
|
131
135
|
const startTime = Date.now();
|
|
@@ -377,8 +381,9 @@ export class SecurityAssessor extends BaseAssessor {
|
|
|
377
381
|
evidence: "No compatible parameters for testing",
|
|
378
382
|
};
|
|
379
383
|
}
|
|
380
|
-
// Execute tool call
|
|
381
|
-
const
|
|
384
|
+
// Execute tool call with configurable timeout (default 5000ms for fast payload testing)
|
|
385
|
+
const securityTimeout = this.config.securityTestTimeout ?? 5000;
|
|
386
|
+
const response = await this.executeWithTimeout(callTool(tool.name, params), securityTimeout);
|
|
382
387
|
// Check for connection errors FIRST (before vulnerability analysis)
|
|
383
388
|
if (this.isConnectionError(response)) {
|
|
384
389
|
return {
|
|
@@ -871,7 +876,7 @@ export class SecurityAssessor extends BaseAssessor {
|
|
|
871
876
|
isComputedMathResult(payload, responseText) {
|
|
872
877
|
// Check if payload looks like a simple math expression
|
|
873
878
|
// Matches: "2+2", "15*37+100", "10/2", "5-3", etc.
|
|
874
|
-
const simpleMathPattern = /^\s*(\d+)\s*([
|
|
879
|
+
const simpleMathPattern = /^\s*(\d+)\s*([+\-*/])\s*(\d+)(?:\s*([+\-*/])\s*(\d+))?\s*$/;
|
|
875
880
|
const match = payload.match(simpleMathPattern);
|
|
876
881
|
if (!match) {
|
|
877
882
|
return false; // Not a simple math expression
|
|
@@ -365,7 +365,7 @@ const DESCRIPTION_POISONING_PATTERNS = [
|
|
|
365
365
|
},
|
|
366
366
|
{
|
|
367
367
|
name: "internal_resource_uri",
|
|
368
|
-
pattern: /(?:internal|system|admin|secret|company|confidential):\/\/[a-z_
|
|
368
|
+
pattern: /(?:internal|system|admin|secret|company|confidential):\/\/[a-z_\-/]+/gi,
|
|
369
369
|
severity: "HIGH",
|
|
370
370
|
category: "resource_access",
|
|
371
371
|
},
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.22.
|
|
3
|
+
"version": "1.22.16",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|