npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.26.4 → 1.26.6 - Mend

@bryan-thompson/inspector-assessment-client 1.26.4 → 1.26.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts ADDED Viewed

@@ -0,0 +1,229 @@
+/**
+ * Security Pattern Library
+ * Single source of truth for all regex patterns used in security analysis
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Consolidates 16 pattern collections, eliminates duplicates
+ */
+/**
+ * Patterns to detect HTTP error responses (4xx/5xx)
+ * Used by: isHttpErrorResponse(), analyzeComputedMathResult()
+ */
+export declare const HTTP_ERROR_PATTERNS: {
+    /** Full pattern: status code + context (e.g., "404 not found") */
+    readonly statusWithContext: RegExp;
+    /** Simple pattern: status code at start (e.g., "404: ...") */
+    readonly statusAtStart: RegExp;
+    /** Short "not found" responses */
+    readonly notFound: RegExp;
+    /** JSON status field pattern */
+    readonly jsonStatus: RegExp;
+};
+/**
+ * Patterns for MCP protocol validation errors
+ * These indicate proper input rejection (SAFE behavior)
+ * Used by: isMCPValidationError()
+ */
+export declare const VALIDATION_ERROR_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Patterns indicating actual code/command execution
+ * Used by: hasExecutionEvidence()
+ */
+export declare const EXECUTION_INDICATORS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Patterns for detecting execution artifacts in response
+ * Used by: detectExecutionArtifacts()
+ */
+export declare const EXECUTION_ARTIFACT_PATTERNS: {
+    /** Always indicates execution */
+    readonly alwaysExecution: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** Context-sensitive - only count if no echoed payload */
+    readonly contextSensitive: readonly [RegExp, RegExp, RegExp];
+};
+/**
+ * Patterns for connection/server errors
+ * Used by: isConnectionError(), isConnectionErrorFromException()
+ */
+export declare const CONNECTION_ERROR_PATTERNS: {
+    /** Unambiguous connection errors */
+    readonly unambiguous: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** Only apply when response starts with MCP error prefix */
+    readonly contextual: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** MCP error prefix pattern */
+    readonly mcpPrefix: RegExp;
+};
+/**
+ * Patterns for error classification
+ * Used by: classifyError(), classifyErrorFromException()
+ */
+export declare const ERROR_CLASSIFICATION_PATTERNS: {
+    readonly connection: RegExp;
+    readonly server: RegExp;
+    readonly protocol: RegExp;
+};
+/**
+ * Status patterns indicating safe response handling
+ * Used by: isReflectionResponse()
+ */
+export declare const STATUS_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Reflection patterns indicating safe data handling
+ * Used by: isReflectionResponse()
+ */
+export declare const REFLECTION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Fail-open authentication patterns (VULNERABLE)
+ * Used by: analyzeAuthBypassResponse()
+ */
+export declare const AUTH_FAIL_OPEN_PATTERNS: readonly [{
+    readonly pattern: RegExp;
+    readonly evidence: "auth_type: fail-open (CVE-2025-52882)";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "auth_status: bypassed";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "access granted despite failure";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "authentication skipped";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "fail-open pattern detected";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "auth bypassed";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "authentication bypassed";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "vulnerable flag with auth context";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "auth succeeded with null token";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "granted without valid token";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "action performed indicator";
+}];
+/**
+ * Fail-closed authentication patterns (SAFE)
+ * Used by: analyzeAuthBypassResponse()
+ */
+export declare const AUTH_FAIL_CLOSED_PATTERNS: readonly [{
+    readonly pattern: RegExp;
+    readonly evidence: "auth_type: fail-closed (secure)";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "auth_status: denied";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "access denied";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "authentication failed";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "fail-closed pattern detected";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "status: blocked";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "invalid token rejection";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "token required";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "unauthorized response";
+}, {
+    readonly pattern: RegExp;
+    readonly evidence: "denial reason provided";
+}];
+/**
+ * Patterns indicating search result responses
+ * Used by: isSearchResultResponse()
+ */
+export declare const SEARCH_RESULT_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Patterns indicating creation/modification responses
+ * Used by: isCreationResponse()
+ */
+export declare const CREATION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Patterns for echoed injection payloads
+ * Used by: containsEchoedInjectionPayload()
+ */
+export declare const ECHOED_PAYLOAD_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Fallback execution detection patterns
+ * Used by: analyzeInjectionResponse()
+ */
+export declare const FALLBACK_EXECUTION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Text-based validation rejection patterns
+ * Used by: isValidationRejection()
+ */
+export declare const TEXT_REJECTION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Result field rejection patterns (for JSON responses)
+ * Used by: isValidationRejection()
+ */
+export declare const RESULT_REJECTION_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Ambiguous validation pattern strings (for confidence calculation)
+ * Used by: isValidationPattern()
+ */
+export declare const AMBIGUOUS_VALIDATION_PATTERNS: readonly ["type.*error", "invalid.*type", "error", "invalid", "failed", "negative.*not.*allowed", "must.*be.*positive", "invalid.*value", "overflow", "out.*of.*range"];
+/**
+ * Patterns for identifying structured data tools
+ * Used by: isStructuredDataTool()
+ */
+export declare const DATA_TOOL_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Read-only tool name patterns
+ * Used by: analyzeComputedMathResult()
+ */
+export declare const READ_ONLY_TOOL_NAME_PATTERN: RegExp;
+/**
+ * Simple math expression pattern
+ * Used by: isComputedMathResult(), analyzeComputedMathResult()
+ */
+export declare const SIMPLE_MATH_PATTERN: RegExp;
+/**
+ * Computational language indicators
+ * Used by: analyzeComputedMathResult()
+ */
+export declare const COMPUTATIONAL_INDICATORS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+/**
+ * Common data field names that often contain numeric values
+ * Used by: isCoincidentalNumericInStructuredData()
+ */
+export declare const STRUCTURED_DATA_FIELD_NAMES: readonly ["count", "total", "records", "page", "limit", "offset", "id", "status", "code", "version", "index", "size", "employees", "items", "results", "entries", "length", "pages", "rows", "columns", "width", "height", "timestamp", "duration", "amount", "price", "quantity"];
+/**
+ * Structured data indicators for confidence calculation
+ * Used by: calculateConfidence()
+ */
+export declare const STRUCTURED_DATA_INDICATORS: {
+    readonly fieldPatterns: RegExp;
+    readonly bulletPattern: RegExp;
+    readonly jsonPattern: RegExp;
+    readonly numericMetadataPattern: RegExp;
+};
+/**
+ * Check if any pattern in array matches text
+ */
+export declare function matchesAny(patterns: readonly RegExp[], text: string): boolean;
+/**
+ * Check if HTTP error pattern matches
+ */
+export declare function isHttpError(text: string): boolean;
+/**
+ * Check if response has MCP error prefix
+ */
+export declare function hasMcpErrorPrefix(text: string): boolean;
+//# sourceMappingURL=SecurityPatternLibrary.d.ts.map

package/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAqBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD"}