npm - @bryan-thompson/inspector-assessment - Versions diffs - 1.15.2 → 1.15.3 - Mend

@bryan-thompson/inspector-assessment 1.15.2 → 1.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/client/dist/assets/{OAuthCallback-B2W3bBou.js → OAuthCallback-BmlQdPya.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-Css2Fvxh.js";
+import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-Clvld8oY.js";
 const OAuthCallback = ({ onConnect }) => {
   const { toast } = useToast();
   const hasProcessedRef = reactExports.useRef(false);

package/client/dist/assets/{OAuthDebugCallback-BL3_Hknj.js → OAuthDebugCallback-B3VPMxiJ.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-Css2Fvxh.js";
+import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-Clvld8oY.js";
 const OAuthDebugCallback = ({ onConnect }) => {
   reactExports.useEffect(() => {
     let isProcessed = false;

package/client/dist/assets/{index-Css2Fvxh.js → index-Clvld8oY.js} RENAMED Viewed

@@ -16320,7 +16320,7 @@ object({
   token_type_hint: string().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.15.2";
+const version$1 = "1.15.3";
 const packageJson = {
   name,
   version: version$1
@@ -45294,7 +45294,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.15.2";
+const version = "1.15.3";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -51843,8 +51843,9 @@ const SECURITY_ATTACK_PATTERNS = [
         parameterTypes: ["url", "uri", "link", "endpoint"]
       },
       {
-        payload: "http://metadata.google.internal/computeMetadata/v1/",
-        evidence: /(SSRF.*fetched|SSRF.*attempted|project-id|instance|google.*metadata|computeMetadata|fetched.*internal)/i,
+        // GCP metadata via IP (more reliable than metadata.google.internal which requires GCP DNS)
+        payload: "http://169.254.169.254/computeMetadata/v1/project/project-id",
+        evidence: /(SSRF.*attempted.*169\.254|SSRF.*fetched.*169\.254|HTTPConnectionPool.*169\.254|attempted.*SSRF.*metadata|google.*project|gcp.*metadata)/i,
         riskLevel: "HIGH",
         description: "SSRF - GCP metadata endpoint",
         payloadType: "injection",
@@ -58420,13 +58421,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-B2W3bBou.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-BmlQdPya.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-BL3_Hknj.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-B3VPMxiJ.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/client/dist/index.html CHANGED Viewed

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-Css2Fvxh.js"></script>
+    <script type="module" crossorigin src="/assets/index-Clvld8oY.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-BdXNC65t.css">
   </head>
   <body>

package/client/lib/lib/securityPatterns.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,~~EAqnBnD~~,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB;;;;;;;;EA8BnC"}
1	+ {"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,EAsnBnD,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB;;;;;;;;EA8BnC"}

package/client/lib/lib/securityPatterns.js CHANGED Viewed

@@ -365,8 +365,9 @@ export const SECURITY_ATTACK_PATTERNS = [
                 parameterTypes: ["url", "uri", "link", "endpoint"],
             },
             {
-                payload: "http://metadata.google.internal/computeMetadata/v1/",
-                evidence: /(SSRF.*fetched|SSRF.*attempted|project-id|instance|google.*metadata|computeMetadata|fetched.*internal)/i,
+                // GCP metadata via IP (more reliable than metadata.google.internal which requires GCP DNS)
+                payload: "http://169.254.169.254/computeMetadata/v1/project/project-id",
+                evidence: /(SSRF.*attempted.*169\.254|SSRF.*fetched.*169\.254|HTTPConnectionPool.*169\.254|attempted.*SSRF.*metadata|google.*project|gcp.*metadata)/i,
                 riskLevel: "HIGH",
                 description: "SSRF - GCP metadata endpoint",
                 payloadType: "injection",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment",
-  "version": "1.15.2",
+  "version": "1.15.3",
   "description": "Enhanced MCP Inspector with comprehensive assessment capabilities for server validation",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",