@bryan-thompson/inspector-assessment-client 1.25.1 → 1.25.5

package/lib/services/assessment/modules/securityTests/SanitizationDetector.d.ts

@@ -0,0 +1,125 @@
+/**
+ * Sanitization Detector
+ *
+ * Detects sanitization libraries and practices from tool metadata/descriptions.
+ * Used to reduce false positives when tools have proper input sanitization in place.
+ *
+ * @see Issue #56: Improve security analysis granularity
+ */
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+import { SanitizationCategory } from "../../config/sanitizationPatterns.js";
+/**
+ * Result of sanitization detection analysis
+ */
+export interface SanitizationDetectionResult {
+    /** Whether any sanitization was detected */
+    detected: boolean;
+    /** Specific libraries detected by name */
+    libraries: string[];
+    /** Categories of sanitization detected */
+    categories: SanitizationCategory[];
+    /** Generic sanitization keywords found */
+    genericPatterns: string[];
+    /** Total confidence adjustment (0-50 capped) */
+    totalConfidenceAdjustment: number;
+    /** Evidence strings for what was detected */
+    evidence: string[];
+}
+/**
+ * Result of input reflection analysis
+ */
+export interface ReflectionAnalysis {
+    /** Whether the input was reflected in the response */
+    reflected: boolean;
+    /** Type of reflection detected */
+    reflectionType: "exact" | "partial" | "transformed" | "none";
+    /** Specific parts that were matched (for partial reflection) */
+    partialMatches: string[];
+    /** Confidence reduction based on reflection analysis */
+    confidenceReduction: number;
+}
+/**
+ * Detects sanitization patterns in tool descriptions, metadata, and responses.
+ * Uses pattern matching to identify known security libraries and generic
+ * sanitization practices.
+ */
+export declare class SanitizationDetector {
+    /**
+     * Detect sanitization from tool description and metadata
+     *
+     * @param tool - MCP Tool object with name, description, and inputSchema
+     * @returns Detection result with libraries, categories, and confidence adjustment
+     */
+    detect(tool: Tool): SanitizationDetectionResult;
+    /**
+     * Detect sanitization from arbitrary text (e.g., prompt descriptions)
+     *
+     * @param text - Text content to analyze
+     * @returns Detection result
+     */
+    detectFromText(text: string): SanitizationDetectionResult;
+    /**
+     * Detect sanitization indicators in tool response content
+     *
+     * @param responseText - Response text from tool execution
+     * @returns Detection result focusing on response-time evidence
+     */
+    detectInResponse(responseText: string): SanitizationDetectionResult;
+    /**
+     * Merge multiple detection results into one
+     *
+     * @param results - Array of detection results to merge
+     * @returns Combined result with deduplicated values
+     */
+    mergeResults(...results: SanitizationDetectionResult[]): SanitizationDetectionResult;
+    /**
+     * Analyze whether input payload was reflected in the response
+     *
+     * @param payload - Original payload that was sent
+     * @param responseText - Response text to check for reflection
+     * @returns Reflection analysis with type and confidence reduction
+     */
+    detectInputReflection(payload: string, responseText: string): ReflectionAnalysis;
+    /**
+     * Extract all analyzable text from a tool definition
+     */
+    private extractToolText;
+    /**
+     * Recursively extract text from JSON schema
+     */
+    private extractSchemaText;
+    /**
+     * Analyze text for sanitization patterns
+     */
+    private analyzeText;
+    /**
+     * Check if text matches a library pattern
+     */
+    private matchesLibrary;
+    /**
+     * Check if a generic keyword match is part of an already-detected library name
+     */
+    private isPartOfLibraryMatch;
+    /**
+     * Calculate total confidence adjustment from detection results
+     */
+    private calculateTotalAdjustment;
+    /**
+     * Extract key parts of a payload for partial matching
+     *
+     * Extracts significant portions that would indicate reflection:
+     * - Command keywords (SELECT, DROP, rm, etc.)
+     * - Injection markers (', ", --, etc.)
+     * - Common payload strings
+     */
+    private extractKeyPayloadParts;
+    /**
+     * Check if payload appears in transformed form (encoded/escaped)
+     */
+    private checkTransformedReflection;
+    /**
+     * Create an empty detection result
+     */
+    private createEmptyResult;
+}
+//# sourceMappingURL=SanitizationDetector.d.ts.map

package/lib/services/assessment/modules/securityTests/SanitizationDetector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SanitizationDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SanitizationDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAKL,oBAAoB,EAErB,MAAM,mCAAmC,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,4CAA4C;IAC5C,QAAQ,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,0CAA0C;IAC1C,UAAU,EAAE,oBAAoB,EAAE,CAAC;IACnC,0CAA0C;IAC1C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gDAAgD;IAChD,yBAAyB,EAAE,MAAM,CAAC;IAClC,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,sDAAsD;IACtD,SAAS,EAAE,OAAO,CAAC;IACnB,kCAAkC;IAClC,cAAc,EAAE,OAAO,GAAG,SAAS,GAAG,aAAa,GAAG,MAAM,CAAC;IAC7D,gEAAgE;IAChE,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wDAAwD;IACxD,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;;;GAIG;AACH,qBAAa,oBAAoB;IAC/B;;;;;OAKG;IACH,MAAM,CAAC,IAAI,EAAE,IAAI,GAAG,2BAA2B;IAQ/C;;;;;OAKG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,2BAA2B;IAIzD;;;;;OAKG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,2BAA2B;IA4BnE;;;;;OAKG;IACH,YAAY,CACV,GAAG,OAAO,EAAE,2BAA2B,EAAE,GACxC,2BAA2B;IAwC9B;;;;;;OAMG;IACH,qBAAqB,CACnB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,kBAAkB;IAwDrB;;OAEG;IACH,OAAO,CAAC,eAAe;IAqBvB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAoCzB;;OAEG;IACH,OAAO,CAAC,WAAW;IAqCnB;;OAEG;IACH,OAAO,CAAC,cAAc;IAOtB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAU5B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAuBhC;;;;;;;OAOG;IACH,OAAO,CAAC,sBAAsB;IAqC9B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA4ClC;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAU1B"}

package/lib/services/assessment/modules/securityTests/SanitizationDetector.js

@@ -0,0 +1,345 @@
+/**
+ * Sanitization Detector
+ *
+ * Detects sanitization libraries and practices from tool metadata/descriptions.
+ * Used to reduce false positives when tools have proper input sanitization in place.
+ *
+ * @see Issue #56: Improve security analysis granularity
+ */
+import { SANITIZATION_LIBRARY_PATTERNS, GENERIC_SANITIZATION_KEYWORDS, RESPONSE_SANITIZATION_INDICATORS, CONFIDENCE_BOOSTS, } from "../../config/sanitizationPatterns.js";
+/**
+ * Detects sanitization patterns in tool descriptions, metadata, and responses.
+ * Uses pattern matching to identify known security libraries and generic
+ * sanitization practices.
+ */
+export class SanitizationDetector {
+    /**
+     * Detect sanitization from tool description and metadata
+     *
+     * @param tool - MCP Tool object with name, description, and inputSchema
+     * @returns Detection result with libraries, categories, and confidence adjustment
+     */
+    detect(tool) {
+        // Gather all text to analyze from the tool
+        const textSources = this.extractToolText(tool);
+        const fullText = textSources.join(" ");
+        return this.analyzeText(fullText);
+    }
+    /**
+     * Detect sanitization from arbitrary text (e.g., prompt descriptions)
+     *
+     * @param text - Text content to analyze
+     * @returns Detection result
+     */
+    detectFromText(text) {
+        return this.analyzeText(text);
+    }
+    /**
+     * Detect sanitization indicators in tool response content
+     *
+     * @param responseText - Response text from tool execution
+     * @returns Detection result focusing on response-time evidence
+     */
+    detectInResponse(responseText) {
+        const result = this.createEmptyResult();
+        // Check for response-time sanitization indicators
+        for (const pattern of RESPONSE_SANITIZATION_INDICATORS) {
+            if (pattern.test(responseText)) {
+                result.detected = true;
+                const match = responseText.match(pattern);
+                if (match) {
+                    result.genericPatterns.push(match[0]);
+                    result.evidence.push(`Response contains sanitization indicator: "${match[0]}"`);
+                }
+            }
+        }
+        // Calculate adjustment for response evidence
+        if (result.genericPatterns.length > 0) {
+            result.totalConfidenceAdjustment = Math.min(result.genericPatterns.length * CONFIDENCE_BOOSTS.RESPONSE_EVIDENCE, CONFIDENCE_BOOSTS.MAX_ADJUSTMENT);
+        }
+        return result;
+    }
+    /**
+     * Merge multiple detection results into one
+     *
+     * @param results - Array of detection results to merge
+     * @returns Combined result with deduplicated values
+     */
+    mergeResults(...results) {
+        const merged = this.createEmptyResult();
+        for (const result of results) {
+            if (result.detected) {
+                merged.detected = true;
+            }
+            // Deduplicate arrays
+            for (const lib of result.libraries) {
+                if (!merged.libraries.includes(lib)) {
+                    merged.libraries.push(lib);
+                }
+            }
+            for (const cat of result.categories) {
+                if (!merged.categories.includes(cat)) {
+                    merged.categories.push(cat);
+                }
+            }
+            for (const pattern of result.genericPatterns) {
+                if (!merged.genericPatterns.includes(pattern)) {
+                    merged.genericPatterns.push(pattern);
+                }
+            }
+            for (const ev of result.evidence) {
+                if (!merged.evidence.includes(ev)) {
+                    merged.evidence.push(ev);
+                }
+            }
+        }
+        // Recalculate total adjustment
+        merged.totalConfidenceAdjustment = this.calculateTotalAdjustment(merged);
+        return merged;
+    }
+    /**
+     * Analyze whether input payload was reflected in the response
+     *
+     * @param payload - Original payload that was sent
+     * @param responseText - Response text to check for reflection
+     * @returns Reflection analysis with type and confidence reduction
+     */
+    detectInputReflection(payload, responseText) {
+        const payloadLower = payload.toLowerCase();
+        const responseLower = responseText.toLowerCase();
+        // Check for exact match (case insensitive)
+        const exactMatch = responseLower.includes(payloadLower);
+        if (exactMatch) {
+            return {
+                reflected: true,
+                reflectionType: "exact",
+                partialMatches: [payload],
+                confidenceReduction: 0, // Exact reflection doesn't reduce confidence
+            };
+        }
+        // Check for partial matches on key payload parts
+        const keyParts = this.extractKeyPayloadParts(payload);
+        const partialMatches = keyParts.filter((part) => responseLower.includes(part.toLowerCase()));
+        if (partialMatches.length > 0) {
+            return {
+                reflected: true,
+                reflectionType: "partial",
+                partialMatches,
+                confidenceReduction: 10, // Partial reflection has some reduction
+            };
+        }
+        // Check for transformed reflection (encoded/escaped)
+        const transformedMatch = this.checkTransformedReflection(payload, responseText);
+        if (transformedMatch) {
+            return {
+                reflected: true,
+                reflectionType: "transformed",
+                partialMatches: [],
+                confidenceReduction: 15, // Transformed suggests sanitization applied
+            };
+        }
+        // No reflection detected - tool likely blocked/processed input safely
+        return {
+            reflected: false,
+            reflectionType: "none",
+            partialMatches: [],
+            confidenceReduction: 20, // No reflection = highest confidence reduction
+        };
+    }
+    // ========== Private Helper Methods ==========
+    /**
+     * Extract all analyzable text from a tool definition
+     */
+    extractToolText(tool) {
+        const texts = [];
+        // Tool name (less useful but might contain library names)
+        if (tool.name) {
+            texts.push(tool.name);
+        }
+        // Tool description (primary source)
+        if (tool.description) {
+            texts.push(tool.description);
+        }
+        // Input schema descriptions
+        if (tool.inputSchema) {
+            texts.push(...this.extractSchemaText(tool.inputSchema));
+        }
+        return texts;
+    }
+    /**
+     * Recursively extract text from JSON schema
+     */
+    extractSchemaText(schema) {
+        const texts = [];
+        if (!schema || typeof schema !== "object") {
+            return texts;
+        }
+        const obj = schema;
+        // Extract description
+        if (typeof obj.description === "string") {
+            texts.push(obj.description);
+        }
+        // Extract title
+        if (typeof obj.title === "string") {
+            texts.push(obj.title);
+        }
+        // Recurse into properties
+        if (obj.properties && typeof obj.properties === "object") {
+            for (const prop of Object.values(obj.properties)) {
+                texts.push(...this.extractSchemaText(prop));
+            }
+        }
+        // Recurse into items (for arrays)
+        if (obj.items) {
+            texts.push(...this.extractSchemaText(obj.items));
+        }
+        return texts;
+    }
+    /**
+     * Analyze text for sanitization patterns
+     */
+    analyzeText(text) {
+        const result = this.createEmptyResult();
+        // Check for specific library patterns
+        for (const libPattern of SANITIZATION_LIBRARY_PATTERNS) {
+            if (this.matchesLibrary(text, libPattern)) {
+                result.detected = true;
+                result.libraries.push(libPattern.name);
+                if (!result.categories.includes(libPattern.category)) {
+                    result.categories.push(libPattern.category);
+                }
+                result.evidence.push(`Library detected: ${libPattern.name}`);
+            }
+        }
+        // Check for generic sanitization keywords (only if no specific library found)
+        // This prevents double-counting when a library name includes generic terms
+        for (const pattern of GENERIC_SANITIZATION_KEYWORDS) {
+            if (pattern.test(text)) {
+                const match = text.match(pattern);
+                if (match && !this.isPartOfLibraryMatch(match[0], result.libraries)) {
+                    result.detected = true;
+                    const keyword = match[0].toLowerCase();
+                    if (!result.genericPatterns.includes(keyword)) {
+                        result.genericPatterns.push(keyword);
+                        result.evidence.push(`Sanitization keyword: "${keyword}"`);
+                    }
+                }
+            }
+        }
+        // Calculate total adjustment
+        result.totalConfidenceAdjustment = this.calculateTotalAdjustment(result);
+        return result;
+    }
+    /**
+     * Check if text matches a library pattern
+     */
+    matchesLibrary(text, libPattern) {
+        return libPattern.patterns.some((pattern) => pattern.test(text));
+    }
+    /**
+     * Check if a generic keyword match is part of an already-detected library name
+     */
+    isPartOfLibraryMatch(keyword, detectedLibraries) {
+        const keywordLower = keyword.toLowerCase();
+        return detectedLibraries.some((lib) => lib.toLowerCase().includes(keywordLower));
+    }
+    /**
+     * Calculate total confidence adjustment from detection results
+     */
+    calculateTotalAdjustment(result) {
+        let adjustment = 0;
+        // Add library-specific boosts
+        for (const libName of result.libraries) {
+            const libPattern = SANITIZATION_LIBRARY_PATTERNS.find((p) => p.name === libName);
+            if (libPattern) {
+                adjustment += libPattern.confidenceBoost;
+            }
+        }
+        // Add generic keyword boosts
+        adjustment +=
+            result.genericPatterns.length * CONFIDENCE_BOOSTS.GENERIC_KEYWORD;
+        // Cap at maximum
+        return Math.min(adjustment, CONFIDENCE_BOOSTS.MAX_ADJUSTMENT);
+    }
+    /**
+     * Extract key parts of a payload for partial matching
+     *
+     * Extracts significant portions that would indicate reflection:
+     * - Command keywords (SELECT, DROP, rm, etc.)
+     * - Injection markers (', ", --, etc.)
+     * - Common payload strings
+     */
+    extractKeyPayloadParts(payload) {
+        const parts = [];
+        // SQL keywords
+        const sqlKeywords = payload.match(/\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|OR|AND)\b/gi);
+        if (sqlKeywords) {
+            parts.push(...sqlKeywords);
+        }
+        // Command injection keywords
+        const cmdKeywords = payload.match(/\b(rm|cat|ls|wget|curl|bash|sh|cmd|powershell)\b/gi);
+        if (cmdKeywords) {
+            parts.push(...cmdKeywords);
+        }
+        // Prompt injection markers
+        const promptMarkers = payload.match(/(ignore|previous|instructions|system|override|admin|root)/gi);
+        if (promptMarkers) {
+            parts.push(...promptMarkers);
+        }
+        // Path traversal patterns
+        const pathPatterns = payload.match(/\.\.\/|\.\.\\|\/etc\/|\/passwd/gi);
+        if (pathPatterns) {
+            parts.push(...pathPatterns);
+        }
+        // Deduplicate
+        return [...new Set(parts)];
+    }
+    /**
+     * Check if payload appears in transformed form (encoded/escaped)
+     */
+    checkTransformedReflection(payload, responseText) {
+        // Check for URL encoding
+        const urlEncoded = encodeURIComponent(payload);
+        if (responseText.includes(urlEncoded)) {
+            return true;
+        }
+        // Check for HTML entity encoding - basic (only < and >, most common)
+        const htmlBasicEscaped = payload
+            .replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;");
+        if (responseText.includes(htmlBasicEscaped) &&
+            htmlBasicEscaped !== payload) {
+            return true;
+        }
+        // Check for HTML entity encoding - full (all special characters)
+        const htmlFullEscaped = payload
+            .replace(/&/g, "&amp;")
+            .replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;")
+            .replace(/"/g, "&quot;")
+            .replace(/'/g, "&#x27;");
+        if (responseText.includes(htmlFullEscaped) && htmlFullEscaped !== payload) {
+            return true;
+        }
+        // Check for backslash escaping
+        const backslashEscaped = payload.replace(/['"`]/g, "\\$&");
+        if (responseText.includes(backslashEscaped) &&
+            backslashEscaped !== payload) {
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Create an empty detection result
+     */
+    createEmptyResult() {
+        return {
+            detected: false,
+            libraries: [],
+            categories: [],
+            genericPatterns: [],
+            totalConfidenceAdjustment: 0,
+            evidence: [],
+        };
+    }
+}

package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Security Payload Generator
+ * Creates test parameters for security payload injection
+ *
+ * Extracted from SecurityAssessor.ts for maintainability.
+ * Handles parameter creation, tool classification, and language-aware payloads.
+ */
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+import { SecurityPayload } from "../../../../lib/securityPatterns.js";
+/**
+ * Creates test parameters for security payload injection
+ */
+export declare class SecurityPayloadGenerator {
+    private languageGenerator;
+    /**
+     * Check if tool has input parameters
+     */
+    hasInputParameters(tool: Tool): boolean;
+    /**
+     * Create test parameters using payload
+     */
+    createTestParameters(payload: SecurityPayload, tool: Tool): Record<string, unknown>;
+    /**
+     * Check if tool is an API wrapper (safe data-passing tool)
+     */
+    isApiWrapper(tool: Tool): boolean;
+    /**
+     * Check if attack is an execution-based test
+     * These tests assume the tool executes input as code
+     */
+    isExecutionTest(attackName: string): boolean;
+}
+//# sourceMappingURL=SecurityPayloadGenerator.d.ts.map

package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityPayloadGenerator.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadGenerator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAIzD;;GAEG;AACH,qBAAa,wBAAwB;IACnC,OAAO,CAAC,iBAAiB,CAAuC;IAEhE;;OAEG;IACH,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAUvC;;OAEG;IACH,oBAAoB,CAClB,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAwG1B;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IASjC;;;OAGG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;CAQ7C"}

package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.js

@@ -0,0 +1,128 @@
+/**
+ * Security Payload Generator
+ * Creates test parameters for security payload injection
+ *
+ * Extracted from SecurityAssessor.ts for maintainability.
+ * Handles parameter creation, tool classification, and language-aware payloads.
+ */
+import { ToolClassifier, ToolCategory } from "../../ToolClassifier.js";
+import { LanguageAwarePayloadGenerator } from "../../LanguageAwarePayloadGenerator.js";
+/**
+ * Creates test parameters for security payload injection
+ */
+export class SecurityPayloadGenerator {
+    languageGenerator = new LanguageAwarePayloadGenerator();
+    /**
+     * Check if tool has input parameters
+     */
+    hasInputParameters(tool) {
+        const schema = tool.inputSchema?.type === "object" ? tool.inputSchema : tool.inputSchema;
+        return (schema?.properties !== undefined &&
+            Object.keys(schema.properties).length > 0);
+    }
+    /**
+     * Create test parameters using payload
+     */
+    createTestParameters(payload, tool) {
+        const schema = tool.inputSchema?.type === "object" ? tool.inputSchema : tool.inputSchema;
+        if (!schema?.properties) {
+            return {};
+        }
+        const params = {};
+        const targetParamTypes = payload.parameterTypes || [];
+        let payloadInjected = false;
+        // Check for language-specific code execution parameters first
+        for (const [key, prop] of Object.entries(schema.properties)) {
+            const propSchema = prop;
+            if (propSchema.type !== "string")
+                continue;
+            const detectedLanguage = this.languageGenerator.detectLanguage(key, tool.name, tool.description);
+            if (detectedLanguage !== "generic" && !payloadInjected) {
+                const languagePayloads = this.languageGenerator.getPayloadsForLanguage(detectedLanguage);
+                if (languagePayloads.length > 0) {
+                    const payloadLower = payload.payload.toLowerCase();
+                    const isCommandTest = payloadLower.includes("whoami") ||
+                        payloadLower.includes("passwd") ||
+                        payloadLower.includes("id");
+                    let selectedPayload = languagePayloads[0];
+                    if (isCommandTest) {
+                        const cmdPayload = languagePayloads.find((lp) => lp.payload.includes("whoami") ||
+                            lp.payload.includes("subprocess") ||
+                            lp.payload.includes("execSync"));
+                        if (cmdPayload)
+                            selectedPayload = cmdPayload;
+                    }
+                    params[key] = selectedPayload.payload;
+                    payloadInjected = true;
+                    break;
+                }
+            }
+        }
+        // Fall back to parameterTypes matching
+        if (!payloadInjected && targetParamTypes.length > 0) {
+            for (const [key, prop] of Object.entries(schema.properties)) {
+                const propSchema = prop;
+                const paramNameLower = key.toLowerCase();
+                if (propSchema.type === "string" &&
+                    targetParamTypes.some((type) => paramNameLower.includes(type))) {
+                    params[key] = payload.payload;
+                    payloadInjected = true;
+                    break;
+                }
+            }
+        }
+        // Fall back to generic payload - inject into first string parameter
+        if (!payloadInjected) {
+            for (const [key, prop] of Object.entries(schema.properties)) {
+                const propSchema = prop;
+                if (propSchema.type === "string" && !payloadInjected) {
+                    params[key] = payload.payload;
+                    payloadInjected = true;
+                    break;
+                }
+            }
+        }
+        // Fill required parameters with safe defaults
+        for (const [key, prop] of Object.entries(schema.properties)) {
+            const propSchema = prop;
+            if (schema.required?.includes(key) && !(key in params)) {
+                if (propSchema.type === "string") {
+                    params[key] = "test";
+                }
+                else if (propSchema.type === "number") {
+                    params[key] = 1;
+                }
+                else if (propSchema.type === "boolean") {
+                    params[key] = true;
+                }
+                else if (propSchema.type === "object") {
+                    params[key] = {};
+                }
+                else if (propSchema.type === "array") {
+                    params[key] = [];
+                }
+            }
+        }
+        return params;
+    }
+    /**
+     * Check if tool is an API wrapper (safe data-passing tool)
+     */
+    isApiWrapper(tool) {
+        const classifier = new ToolClassifier();
+        const classification = classifier.classify(tool.name, tool.description || "");
+        return classification.categories.includes(ToolCategory.API_WRAPPER);
+    }
+    /**
+     * Check if attack is an execution-based test
+     * These tests assume the tool executes input as code
+     */
+    isExecutionTest(attackName) {
+        const executionTests = [
+            "Command Injection",
+            "SQL Injection",
+            "Path Traversal",
+        ];
+        return executionTests.includes(attackName);
+    }
+}