npm - @bryan-thompson/inspector-assessment-client - Versions diffs - 1.35.2 → 1.36.0 - Mend

@bryan-thompson/inspector-assessment-client 1.35.2 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js CHANGED Viewed

@@ -20,7 +20,15 @@ import { MathAnalyzer } from "./MathAnalyzer.js";
 import { SafeResponseDetector } from "./SafeResponseDetector.js";
 import { ConfidenceScorer } from "./ConfidenceScorer.js";
 // Import pattern library for chain exploitation analysis
-import { CHAIN_EXPLOIT_VULNERABLE_PATTERNS, CHAIN_EXPLOIT_SAFE_PATTERNS, CHAIN_VULNERABLE_THRESHOLD, CHAIN_SAFE_THRESHOLD, detectVulnerabilityCategories, } from "./SecurityPatternLibrary.js";
+import { CHAIN_EXPLOIT_VULNERABLE_PATTERNS, CHAIN_EXPLOIT_SAFE_PATTERNS, CHAIN_VULNERABLE_THRESHOLD, CHAIN_SAFE_THRESHOLD, detectVulnerabilityCategories,
+// Issue #144: Excessive permissions scope patterns (Challenge #22)
+SCOPE_VIOLATION_PATTERNS, SCOPE_ENFORCED_PATTERNS,
+// Issue #146: Error context patterns for false positive reduction
+isPayloadInErrorContext, hasSuccessContext, hasErrorContext,
+// Issue #75: Auth bypass patterns (CVE-2025-52882)
+AUTH_FAIL_OPEN_PATTERNS, AUTH_FAIL_CLOSED_PATTERNS,
+// Issue #92: State-based auth patterns (Challenge #7)
+STATE_AUTH_VULNERABLE_PATTERNS, STATE_AUTH_SAFE_PATTERNS, } from "./SecurityPatternLibrary.js";
 /**
  * Analyzes tool responses for security vulnerabilities
  * Distinguishes between safe reflection and actual execution
@@ -64,7 +72,13 @@ export class SecurityResponseAnalyzer {
         if (behaviorResult)
             return behaviorResult;
         // Check 3: Vulnerability evidence matching
-        return this.checkVulnerabilityEvidence(response, payload, responseText);
+        const vulnResult = this.checkVulnerabilityEvidence(response, payload, responseText);
+        // Issue #146: If vulnerable, classify execution context to reduce false positives
+        // This distinguishes between actual execution and payload reflection in errors
+        if (vulnResult.isVulnerable) {
+            return this.classifyVulnerabilityContext(vulnResult, responseText, payload);
+        }
+        return vulnResult;
     }
     /**
      * Calculate confidence level and manual review requirements
@@ -78,77 +92,14 @@ export class SecurityResponseAnalyzer {
      */
     analyzeAuthBypassResponse(response) {
         const responseText = this.extractResponseContent(response);
-        // Fail-open indicators (VULNERABLE - CVE-2025-52882 pattern)
-        const failOpenPatterns = [
-            {
-                pattern: /"auth_type"\s*:\s*"fail-open"/i,
-                evidence: "auth_type: fail-open (CVE-2025-52882)",
-            },
-            {
-                pattern: /"auth_status"\s*:\s*"bypassed"/i,
-                evidence: "auth_status: bypassed",
-            },
-            {
-                pattern: /access.*granted.*despite/i,
-                evidence: "access granted despite failure",
-            },
-            {
-                pattern: /authentication.*skipped/i,
-                evidence: "authentication skipped",
-            },
-            { pattern: /fail[\s-]?open/i, evidence: "fail-open pattern detected" },
-            { pattern: /bypassed.*auth/i, evidence: "auth bypassed" },
-            {
-                pattern: /authentication.*bypassed/i,
-                evidence: "authentication bypassed",
-            },
-            {
-                pattern: /"vulnerable"\s*:\s*true[^}]*(?:"auth_status"|"auth_type"|"auth_error")|(?:"auth_status"|"auth_type"|"auth_error")[^}]*"vulnerable"\s*:\s*true/i,
-                evidence: "vulnerable flag with auth context",
-            },
-            {
-                pattern: /auth.*succeeded.*null/i,
-                evidence: "auth succeeded with null token",
-            },
-            {
-                pattern: /granted.*without.*valid/i,
-                evidence: "granted without valid token",
-            },
-            {
-                pattern: /"action_performed"/i,
-                evidence: "action performed indicator",
-            },
-        ];
-        // Fail-closed indicators (SAFE - proper auth handling)
-        const failClosedPatterns = [
-            {
-                pattern: /"auth_type"\s*:\s*"fail-closed"/i,
-                evidence: "auth_type: fail-closed (secure)",
-            },
-            {
-                pattern: /"auth_status"\s*:\s*"denied"/i,
-                evidence: "auth_status: denied",
-            },
-            { pattern: /access.*denied/i, evidence: "access denied" },
-            { pattern: /authentication.*failed/i, evidence: "authentication failed" },
-            {
-                pattern: /fail[\s-]?closed/i,
-                evidence: "fail-closed pattern detected",
-            },
-            { pattern: /"status"\s*:\s*"blocked"/i, evidence: "status: blocked" },
-            { pattern: /invalid.*token/i, evidence: "invalid token rejection" },
-            { pattern: /token.*required/i, evidence: "token required" },
-            { pattern: /unauthorized/i, evidence: "unauthorized response" },
-            { pattern: /"denial_reason"/i, evidence: "denial reason provided" },
-        ];
         // Check for fail-open (vulnerable) patterns first
-        for (const { pattern, evidence } of failOpenPatterns) {
+        for (const { pattern, evidence } of AUTH_FAIL_OPEN_PATTERNS) {
             if (pattern.test(responseText)) {
                 return { detected: true, failureMode: "FAIL_OPEN", evidence };
             }
         }
         // Check for fail-closed (safe) patterns
-        for (const { pattern, evidence } of failClosedPatterns) {
+        for (const { pattern, evidence } of AUTH_FAIL_CLOSED_PATTERNS) {
             if (pattern.test(responseText)) {
                 return { detected: false, failureMode: "FAIL_CLOSED", evidence };
             }
@@ -167,70 +118,8 @@ export class SecurityResponseAnalyzer {
      */
     analyzeStateBasedAuthBypass(response) {
         const responseText = this.extractResponseContent(response);
-        // Vulnerable patterns - shared state authorization (Challenge #7)
-        const vulnerablePatterns = [
-            {
-                pattern: /"admin_mode"\s*:\s*true/i,
-                evidence: "admin_mode enabled in response",
-            },
-            {
-                pattern: /hint.*use\s+config_modifier/i,
-                evidence: "Tool hints at cross-tool state dependency",
-            },
-            {
-                pattern: /admin_mode.*set\s+by.*another\s+tool/i,
-                evidence: "Explicit cross-tool state dependency",
-            },
-            {
-                pattern: /"evidence".*cross-tool.*privilege/i,
-                evidence: "Cross-tool privilege escalation detected",
-            },
-            {
-                pattern: /elevated\s+privileges?\s+granted/i,
-                evidence: "Elevated privileges granted",
-            },
-            {
-                pattern: /admin\s+mode\s+activated/i,
-                evidence: "Admin mode activated (state modifier)",
-            },
-            {
-                pattern: /"hint".*config_modifier.*admin_mode/i,
-                evidence: "Response hints at config_modifier for admin_mode",
-            },
-            {
-                pattern: /Use\s+config_modifier.*enable.*admin_mode/i,
-                evidence: "Tool depends on config_modifier for authorization",
-            },
-        ];
-        // Safe patterns - independent authorization (secure)
-        const safePatterns = [
-            {
-                pattern: /"shared_state_checked"\s*:\s*false/i,
-                evidence: "Tool explicitly states it doesn't use shared state",
-            },
-            {
-                pattern: /"independent_auth_required"\s*:\s*true/i,
-                evidence: "Tool requires independent per-request auth",
-            },
-            {
-                pattern: /requires\s+independent\s+authorization/i,
-                evidence: "Independent authorization required",
-            },
-            {
-                pattern: /(?:not|does\s+not|doesn't)\s+(?:use\s+)?shared\s+state/i,
-                evidence: "Tool confirms it does not use shared state",
-            },
-            {
-                pattern: /stored.*for.*admin.*review/i,
-                evidence: "Request stored for admin review (no auto-execution)",
-            },
-            {
-                pattern: /per-request\s+auth/i,
-                evidence: "Per-request authentication enforced",
-            },
-        ];
         // Check vulnerable patterns first (SHARED_STATE)
-        for (const { pattern, evidence } of vulnerablePatterns) {
+        for (const { pattern, evidence } of STATE_AUTH_VULNERABLE_PATTERNS) {
             if (pattern.test(responseText)) {
                 return {
                     vulnerable: true,
@@ -241,7 +130,7 @@ export class SecurityResponseAnalyzer {
             }
         }
         // Check safe patterns (INDEPENDENT)
-        for (const { pattern, evidence } of safePatterns) {
+        for (const { pattern, evidence } of STATE_AUTH_SAFE_PATTERNS) {
             if (pattern.test(responseText)) {
                 return {
                     vulnerable: false,
@@ -1230,6 +1119,129 @@ export class SecurityResponseAnalyzer {
         // Fall back to injection response analysis
         return this.analyzeInjectionResponse(response);
     }
+    // ============================================================================
+    // Issue #146: Execution Context Classification (False Positive Reduction)
+    // ============================================================================
+    /**
+     * Issue #146: Classify vulnerability context to reduce false positives
+     * Distinguishes between actual execution and payload reflection in errors
+     *
+     * Context classification:
+     * - CONFIRMED: Operation succeeded, payload was actually executed (HIGH risk)
+     * - LIKELY_FALSE_POSITIVE: Operation failed, payload just reflected in error (LOW risk)
+     * - SUSPECTED: Ambiguous case requiring manual review (MEDIUM risk)
+     *
+     * @param vulnResult The vulnerability analysis result from checkVulnerabilityEvidence
+     * @param responseText The full response text (lowercase)
+     * @param payload The security payload that was tested
+     * @returns Updated AnalysisResult with context classification
+     */
+    classifyVulnerabilityContext(vulnResult, responseText, payload) {
+        // Use pattern library helpers to detect context
+        const hasError = hasErrorContext(responseText);
+        const hasSuccess = hasSuccessContext(responseText);
+        const payloadInError = isPayloadInErrorContext(responseText, payload.payload);
+        // CONFIRMED: Success patterns present, no error patterns
+        // This indicates the operation actually executed and returned results
+        if (hasSuccess && !hasError) {
+            return {
+                ...vulnResult,
+                evidence: `${vulnResult.evidence} [Context: CONFIRMED - operation succeeded]`,
+            };
+        }
+        // LIKELY_FALSE_POSITIVE: Error context with payload reflection
+        // The server rejected the operation but echoed the payload in the error message
+        if (payloadInError && hasError) {
+            return {
+                isVulnerable: false,
+                evidence: `Operation failed with error containing reflected payload. ` +
+                    `Original detection: ${vulnResult.evidence} ` +
+                    `[Context: LIKELY_FALSE_POSITIVE - payload reflected in error message, not executed]`,
+            };
+        }
+        // SUSPECTED: Ambiguous (neither clear success nor clear error)
+        // Mark as requiring manual review
+        return {
+            ...vulnResult,
+            evidence: `${vulnResult.evidence} [Context: SUSPECTED - requires manual review]`,
+        };
+    }
+    // ============================================================================
+    // Issue #144: Excessive Permissions Scope Analysis (Challenge #22)
+    // ============================================================================
+    /**
+     * Analyze response for excessive permissions scope violations (Issue #144, Challenge #22)
+     * Detects when tools exceed their declared annotation scope:
+     * - scope_violation: Tool performed privileged action despite restrictive annotations
+     * - scope_escalation: Keyword triggered hidden admin/privilege mode
+     * - scope_enforced: Tool properly blocked the privileged action (safe)
+     *
+     * CWE-250: Execution with Unnecessary Privileges
+     * CWE-269: Improper Privilege Management
+     */
+    analyzeExcessivePermissionsResponse(response) {
+        const responseText = this.extractResponseContent(response);
+        const cweIds = [];
+        // Check for safe/hardened patterns first (scope enforced)
+        for (const { pattern, evidence } of SCOPE_ENFORCED_PATTERNS) {
+            if (pattern.test(responseText)) {
+                return {
+                    detected: false,
+                    violationType: "SAFE",
+                    cweIds: [],
+                    evidence,
+                };
+            }
+        }
+        // Check for scope violation patterns
+        for (const { pattern, evidence } of SCOPE_VIOLATION_PATTERNS) {
+            if (pattern.test(responseText)) {
+                // Determine specific violation type based on pattern
+                if (/"scope_escalation"\s*:\s*true/i.test(responseText)) {
+                    // Scope escalation - keyword-triggered privilege escalation
+                    cweIds.push("CWE-269");
+                    // Extract trigger keyword if present
+                    const keywordMatch = responseText.match(/"trigger_keyword"\s*:\s*"([^"]+)"/i);
+                    const triggerPayload = keywordMatch?.[1];
+                    return {
+                        detected: true,
+                        violationType: "SCOPE_ESCALATION",
+                        triggerPayload,
+                        cweIds,
+                        evidence,
+                    };
+                }
+                if (/"scope_violation"\s*:\s*true/i.test(responseText)) {
+                    // Scope violation - action exceeded declared scope
+                    cweIds.push("CWE-250", "CWE-269");
+                    // Extract actual scope if present
+                    const scopeMatch = responseText.match(/"actual_scope"\s*:\s*"([^"]+)"/i);
+                    const actualScope = scopeMatch?.[1];
+                    return {
+                        detected: true,
+                        violationType: "SCOPE_VIOLATION",
+                        actualScope,
+                        cweIds,
+                        evidence,
+                    };
+                }
+                // Generic detection (privileged_data, system_secrets, admin_mode_activated)
+                cweIds.push("CWE-250", "CWE-269");
+                return {
+                    detected: true,
+                    violationType: "SCOPE_VIOLATION",
+                    cweIds,
+                    evidence,
+                };
+            }
+        }
+        // No scope violation or enforcement detected
+        return {
+            detected: false,
+            violationType: "UNKNOWN",
+            cweIds: [],
+        };
+    }
     /**
      * Analyze injection response (fallback logic)
      */

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-client",
-  "version": "1.35.2",
+  "version": "1.36.0",
   "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",