npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.26.6 → 1.27.0 - Mend

@bryan-thompson/inspector-assessment-client 1.26.6 → 1.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js CHANGED Viewed

@@ -19,6 +19,8 @@ import { ExecutionArtifactDetector } from "./ExecutionArtifactDetector.js";
 import { MathAnalyzer } from "./MathAnalyzer.js";
 import { SafeResponseDetector } from "./SafeResponseDetector.js";
 import { ConfidenceScorer } from "./ConfidenceScorer.js";
+// Import pattern library for chain exploitation analysis
+import { CHAIN_EXPLOIT_VULNERABLE_PATTERNS, CHAIN_EXPLOIT_SAFE_PATTERNS, CHAIN_VULNERABLE_THRESHOLD, CHAIN_SAFE_THRESHOLD, detectVulnerabilityCategories, } from "./SecurityPatternLibrary.js";
 /**
  * Analyzes tool responses for security vulnerabilities
  * Distinguishes between safe reflection and actual execution
@@ -153,6 +155,172 @@ export class SecurityResponseAnalyzer {
         }
         return { detected: false, failureMode: "UNKNOWN" };
     }
+    /**
+     * Analyze response for cross-tool state-based authorization bypass (Issue #92)
+     * Detects Challenge #7: Privilege escalation via shared mutable state
+     *
+     * Vulnerable pattern: Tool checks shared state (e.g., config_state["admin_mode"])
+     * that can be modified by another tool (e.g., config_modifier)
+     *
+     * Safe pattern: Tool uses independent per-request authorization,
+     * indicated by shared_state_checked: false or independent_auth_required: true
+     */
+    analyzeStateBasedAuthBypass(response) {
+        const responseText = this.extractResponseContent(response);
+        // Vulnerable patterns - shared state authorization (Challenge #7)
+        const vulnerablePatterns = [
+            {
+                pattern: /"admin_mode"\s*:\s*true/i,
+                evidence: "admin_mode enabled in response",
+            },
+            {
+                pattern: /hint.*use\s+config_modifier/i,
+                evidence: "Tool hints at cross-tool state dependency",
+            },
+            {
+                pattern: /admin_mode.*set\s+by.*another\s+tool/i,
+                evidence: "Explicit cross-tool state dependency",
+            },
+            {
+                pattern: /"evidence".*cross-tool.*privilege/i,
+                evidence: "Cross-tool privilege escalation detected",
+            },
+            {
+                pattern: /elevated\s+privileges?\s+granted/i,
+                evidence: "Elevated privileges granted",
+            },
+            {
+                pattern: /admin\s+mode\s+activated/i,
+                evidence: "Admin mode activated (state modifier)",
+            },
+            {
+                pattern: /"hint".*config_modifier.*admin_mode/i,
+                evidence: "Response hints at config_modifier for admin_mode",
+            },
+            {
+                pattern: /Use\s+config_modifier.*enable.*admin_mode/i,
+                evidence: "Tool depends on config_modifier for authorization",
+            },
+        ];
+        // Safe patterns - independent authorization (secure)
+        const safePatterns = [
+            {
+                pattern: /"shared_state_checked"\s*:\s*false/i,
+                evidence: "Tool explicitly states it doesn't use shared state",
+            },
+            {
+                pattern: /"independent_auth_required"\s*:\s*true/i,
+                evidence: "Tool requires independent per-request auth",
+            },
+            {
+                pattern: /requires\s+independent\s+authorization/i,
+                evidence: "Independent authorization required",
+            },
+            {
+                pattern: /(?:not|does\s+not|doesn't)\s+(?:use\s+)?shared\s+state/i,
+                evidence: "Tool confirms it does not use shared state",
+            },
+            {
+                pattern: /stored.*for.*admin.*review/i,
+                evidence: "Request stored for admin review (no auto-execution)",
+            },
+            {
+                pattern: /per-request\s+auth/i,
+                evidence: "Per-request authentication enforced",
+            },
+        ];
+        // Check vulnerable patterns first (SHARED_STATE)
+        for (const { pattern, evidence } of vulnerablePatterns) {
+            if (pattern.test(responseText)) {
+                return {
+                    vulnerable: true,
+                    safe: false,
+                    stateDependency: "SHARED_STATE",
+                    evidence: `Cross-tool state dependency detected: ${evidence}`,
+                };
+            }
+        }
+        // Check safe patterns (INDEPENDENT)
+        for (const { pattern, evidence } of safePatterns) {
+            if (pattern.test(responseText)) {
+                return {
+                    vulnerable: false,
+                    safe: true,
+                    stateDependency: "INDEPENDENT",
+                    evidence: `Independent authorization confirmed: ${evidence}`,
+                };
+            }
+        }
+        return {
+            vulnerable: false,
+            safe: false,
+            stateDependency: "UNKNOWN",
+            evidence: "",
+        };
+    }
+    /**
+     * Analyze response for chain exploitation vulnerabilities (Issue #93, Challenge #6)
+     * Detects multi-tool chained exploitation attacks including:
+     * - Arbitrary tool invocation without allowlist
+     * - Output injection via {{output}} template substitution
+     * - Recursive/circular chain execution (DoS potential)
+     * - State poisoning between chain steps
+     * - Tool shadowing in chains
+     * - Missing depth/size limits
+     *
+     * @param response The tool response to analyze
+     * @returns Analysis result with vulnerability status and evidence
+     */
+    analyzeChainExploitation(response) {
+        const responseText = this.extractResponseContent(response);
+        let vulnerableScore = 0;
+        let safeScore = 0;
+        const matchedVulnPatterns = [];
+        const matchedSafePatterns = [];
+        // Check vulnerable patterns
+        for (const patternDef of CHAIN_EXPLOIT_VULNERABLE_PATTERNS) {
+            if (patternDef.pattern.test(responseText)) {
+                vulnerableScore += patternDef.weight;
+                matchedVulnPatterns.push(patternDef.description);
+            }
+        }
+        // Check safe patterns
+        for (const patternDef of CHAIN_EXPLOIT_SAFE_PATTERNS) {
+            if (patternDef.pattern.test(responseText)) {
+                safeScore += patternDef.weight;
+                matchedSafePatterns.push(patternDef.description);
+            }
+        }
+        // Determine chain execution type using documented thresholds
+        let chainType = "UNKNOWN";
+        if (vulnerableScore > CHAIN_VULNERABLE_THRESHOLD &&
+            vulnerableScore > safeScore) {
+            chainType = "VULNERABLE_EXECUTION";
+        }
+        else if (safeScore > CHAIN_SAFE_THRESHOLD &&
+            safeScore > vulnerableScore) {
+            chainType = "SAFE_VALIDATION";
+        }
+        else if (vulnerableScore > 0 || safeScore > 0) {
+            chainType = "PARTIAL";
+        }
+        // Detect specific vulnerability categories using centralized pattern library
+        const detectedCategories = detectVulnerabilityCategories(responseText);
+        const vulnerabilityCategories = detectedCategories;
+        return {
+            vulnerable: vulnerableScore > CHAIN_VULNERABLE_THRESHOLD &&
+                vulnerableScore > safeScore,
+            safe: safeScore > CHAIN_SAFE_THRESHOLD && safeScore > vulnerableScore,
+            chainType,
+            vulnerabilityCategories,
+            evidence: {
+                vulnerablePatterns: matchedVulnPatterns,
+                safePatterns: matchedSafePatterns,
+                vulnerableScore,
+                safeScore,
+            },
+        };
+    }
     /**
      * Check if response indicates connection/server failure
      */

package/lib/services/assessment/modules/securityTests/index.d.ts CHANGED Viewed

@@ -2,7 +2,9 @@
  * Security Assessment Module
  * Exports all security-related components
  */
-export { SecurityResponseAnalyzer, type ConfidenceResult, type AnalysisResult, type ErrorClassification, } from "./SecurityResponseAnalyzer.js";
+export { SecurityResponseAnalyzer, type ConfidenceResult, type AnalysisResult, type ErrorClassification, type StateBasedAuthResult, type ChainExploitationAnalysis, type ChainExecutionType, type ChainVulnerabilityCategory, } from "./SecurityResponseAnalyzer.js";
 export { SecurityPayloadTester, type TestProgressCallback, type PayloadTestConfig, type TestLogger, } from "./SecurityPayloadTester.js";
 export { SecurityPayloadGenerator } from "./SecurityPayloadGenerator.js";
+export { CrossToolStateTester, type CrossToolTestResult, type ToolPair, type CallToolFunction, type CrossToolTestConfig, } from "./CrossToolStateTester.js";
+export { ChainExecutionTester, type ChainExecutionTestResult, type ChainExploitationSummary, type ChainExecutionTesterConfig, type ChainTestReason, } from "./ChainExecutionTester.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/services/assessment/modules/securityTests/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,wBAAwB,EACxB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,~~GACzB~~,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,qBAAqB,EACrB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,UAAU,GAChB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,wBAAwB,EACxB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,yBAAyB,EAC9B,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,GAChC,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,qBAAqB,EACrB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,KAAK,UAAU,GAChB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AAEtE,OAAO,EACL,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,oBAAoB,EACpB,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,EAC/B,KAAK,eAAe,GACrB,MAAM,wBAAwB,CAAC"}

package/lib/services/assessment/modules/securityTests/index.js CHANGED Viewed

@@ -5,3 +5,5 @@
 export { SecurityResponseAnalyzer, } from "./SecurityResponseAnalyzer.js";
 export { SecurityPayloadTester, } from "./SecurityPayloadTester.js";
 export { SecurityPayloadGenerator } from "./SecurityPayloadGenerator.js";
+export { CrossToolStateTester, } from "./CrossToolStateTester.js";
+export { ChainExecutionTester, } from "./ChainExecutionTester.js";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.26.6",
+  "version": "1.27.0",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",