@bryan-thompson/inspector-assessment 1.36.5 → 1.38.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/build/lib/assessment-runner/assessment-executor.js +40 -0
- package/cli/build/lib/assessment-runner/source-loader.js +11 -0
- package/cli/package.json +1 -1
- package/client/dist/assets/{OAuthCallback-DJ1av7om.js → OAuthCallback-AngeBaCl.js} +1 -1
- package/client/dist/assets/{OAuthDebugCallback-lRXgX7wV.js → OAuthDebugCallback--FE6_fPs.js} +1 -1
- package/client/dist/assets/{index-DEdS99fp.js → index-BQC95Boo.js} +4 -4
- package/client/dist/index.html +1 -1
- package/client/lib/lib/assessment/coreTypes.d.ts +37 -0
- package/client/lib/lib/assessment/coreTypes.d.ts.map +1 -1
- package/client/lib/lib/assessment/resultTypes.d.ts +30 -1
- package/client/lib/lib/assessment/resultTypes.d.ts.map +1 -1
- package/client/lib/lib/assessment/sharedSchemas.d.ts +10 -0
- package/client/lib/lib/assessment/sharedSchemas.d.ts.map +1 -1
- package/client/lib/lib/assessment/sharedSchemas.js +4 -0
- package/client/lib/lib/securityPatterns/advancedExploitPatterns.d.ts +13 -0
- package/client/lib/lib/securityPatterns/advancedExploitPatterns.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/advancedExploitPatterns.js +504 -0
- package/client/lib/lib/securityPatterns/authSessionPatterns.d.ts +12 -0
- package/client/lib/lib/securityPatterns/authSessionPatterns.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/authSessionPatterns.js +357 -0
- package/client/lib/lib/securityPatterns/index.d.ts +18 -0
- package/client/lib/lib/securityPatterns/index.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/index.js +18 -0
- package/client/lib/lib/securityPatterns/injectionPatterns.d.ts +13 -0
- package/client/lib/lib/securityPatterns/injectionPatterns.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/injectionPatterns.js +356 -0
- package/client/lib/lib/securityPatterns/resourceExhaustionPatterns.d.ts +12 -0
- package/client/lib/lib/securityPatterns/resourceExhaustionPatterns.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/resourceExhaustionPatterns.js +215 -0
- package/client/lib/lib/securityPatterns/toolSpecificPatterns.d.ts +13 -0
- package/client/lib/lib/securityPatterns/toolSpecificPatterns.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/toolSpecificPatterns.js +373 -0
- package/client/lib/lib/securityPatterns/types.d.ts +20 -0
- package/client/lib/lib/securityPatterns/types.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/types.js +6 -0
- package/client/lib/lib/securityPatterns/utils.d.ts +56 -0
- package/client/lib/lib/securityPatterns/utils.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/utils.js +96 -0
- package/client/lib/lib/securityPatterns/validationPatterns.d.ts +13 -0
- package/client/lib/lib/securityPatterns/validationPatterns.d.ts.map +1 -0
- package/client/lib/lib/securityPatterns/validationPatterns.js +110 -0
- package/client/lib/lib/securityPatterns.d.ts +18 -69
- package/client/lib/lib/securityPatterns.d.ts.map +1 -1
- package/client/lib/lib/securityPatterns.js +18 -1946
- package/client/lib/services/assessment/AssessmentOrchestrator.d.ts +6 -1
- package/client/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
- package/client/lib/services/assessment/config/performanceConfig.d.ts +18 -0
- package/client/lib/services/assessment/config/performanceConfig.d.ts.map +1 -1
- package/client/lib/services/assessment/config/performanceConfig.js +6 -0
- package/client/lib/services/assessment/config/performanceConfigSchemas.d.ts +18 -0
- package/client/lib/services/assessment/config/performanceConfigSchemas.d.ts.map +1 -1
- package/client/lib/services/assessment/config/performanceConfigSchemas.js +20 -0
- package/client/lib/services/assessment/helpers/ExternalAPIDependencyDetector.d.ts +165 -0
- package/client/lib/services/assessment/helpers/ExternalAPIDependencyDetector.d.ts.map +1 -0
- package/client/lib/services/assessment/helpers/ExternalAPIDependencyDetector.js +317 -0
- package/client/lib/services/assessment/helpers/StdioTransportDetector.d.ts +137 -0
- package/client/lib/services/assessment/helpers/StdioTransportDetector.d.ts.map +1 -0
- package/client/lib/services/assessment/helpers/StdioTransportDetector.js +315 -0
- package/client/lib/services/assessment/helpers/ToolAnnotationExtractor.d.ts +34 -0
- package/client/lib/services/assessment/helpers/ToolAnnotationExtractor.d.ts.map +1 -0
- package/client/lib/services/assessment/helpers/ToolAnnotationExtractor.js +85 -0
- package/client/lib/services/assessment/modules/ErrorHandlingAssessor.d.ts +23 -0
- package/client/lib/services/assessment/modules/ErrorHandlingAssessor.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/ErrorHandlingAssessor.js +255 -20
- package/client/lib/services/assessment/modules/FunctionalityAssessor.d.ts +10 -0
- package/client/lib/services/assessment/modules/FunctionalityAssessor.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/FunctionalityAssessor.js +65 -3
- package/client/lib/services/assessment/modules/ProtocolComplianceAssessor.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/ProtocolComplianceAssessor.js +30 -0
- package/client/lib/services/assessment/modules/SecurityAssessor.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/SecurityAssessor.js +6 -0
- package/client/lib/services/assessment/modules/TemporalAssessor.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/TemporalAssessor.js +16 -3
- package/client/lib/services/assessment/modules/annotations/AlignmentChecker.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/annotations/AlignmentChecker.js +6 -2
- package/client/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.js +16 -7
- package/client/lib/services/assessment/modules/securityTests/AnnotationAwareSeverity.d.ts +55 -0
- package/client/lib/services/assessment/modules/securityTests/AnnotationAwareSeverity.d.ts.map +1 -0
- package/client/lib/services/assessment/modules/securityTests/AnnotationAwareSeverity.js +135 -0
- package/client/lib/services/assessment/modules/securityTests/ErrorClassifier.d.ts +14 -0
- package/client/lib/services/assessment/modules/securityTests/ErrorClassifier.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/securityTests/ErrorClassifier.js +24 -1
- package/client/lib/services/assessment/modules/securityTests/SafeResponseDetector.d.ts +6 -0
- package/client/lib/services/assessment/modules/securityTests/SafeResponseDetector.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/securityTests/SafeResponseDetector.js +9 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts +43 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.js +87 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts +39 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityPayloadTester.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityPayloadTester.js +93 -3
- package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts +1 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js +10 -1
- package/client/lib/services/assessment/modules/securityTests/index.d.ts +1 -0
- package/client/lib/services/assessment/modules/securityTests/index.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/securityTests/index.js +1 -0
- package/client/lib/services/assessment/modules/temporal/VarianceClassifier.d.ts +16 -1
- package/client/lib/services/assessment/modules/temporal/VarianceClassifier.d.ts.map +1 -1
- package/client/lib/services/assessment/modules/temporal/VarianceClassifier.js +43 -1
- package/client/package.json +1 -1
- package/package.json +1 -1
- package/server/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAiB9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,kBAAkB,CAAqB;IAG/C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAGjD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAK;gBAE5B,MAAM,EAAE,uBAAuB;IAQrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;
|
|
1
|
+
{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAiB9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,kBAAkB,CAAqB;IAG/C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAGjD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAK;gBAE5B,MAAM,EAAE,uBAAuB;IAQrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;IAwHxB,OAAO,CAAC,gBAAgB;IA2LxB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,uBAAuB;IAa/B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,mBAAmB;IA+C3B,OAAO,CAAC,uBAAuB;CA+DhC"}
|
|
@@ -144,7 +144,8 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
144
144
|
}
|
|
145
145
|
}
|
|
146
146
|
// Analyze responses for temporal behavior changes
|
|
147
|
-
|
|
147
|
+
// Issue #168: Pass context for external API dependency awareness
|
|
148
|
+
const result = this.analyzeResponses(tool, responses, context);
|
|
148
149
|
// Analyze definitions for mutation (rug pull via description change)
|
|
149
150
|
const definitionMutation = this.mutationDetector.detectDefinitionMutation(definitionSnapshots);
|
|
150
151
|
return {
|
|
@@ -167,7 +168,7 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
167
168
|
severity: definitionMutation !== null || result.vulnerable ? "HIGH" : "NONE",
|
|
168
169
|
};
|
|
169
170
|
}
|
|
170
|
-
analyzeResponses(tool, responses) {
|
|
171
|
+
analyzeResponses(tool, responses, context) {
|
|
171
172
|
if (responses.length === 0) {
|
|
172
173
|
return {
|
|
173
174
|
tool: tool.name,
|
|
@@ -205,6 +206,17 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
205
206
|
else if (isStateful) {
|
|
206
207
|
// Original stateful tool logic: schema comparison + behavioral content check
|
|
207
208
|
// Content variance is allowed as long as schema is consistent
|
|
209
|
+
// Issue #166: Check for isError variance first (external API behavior)
|
|
210
|
+
// For stateful tools, error vs success responses are expected from external APIs
|
|
211
|
+
const baselineIsError = responses[0].response?.isError === true;
|
|
212
|
+
const currentIsError = responses[i].response?.isError === true;
|
|
213
|
+
// Issue #168: Check context-based detection first, fall back to VarianceClassifier
|
|
214
|
+
const isExternalAPI = context.externalAPIDependencies?.toolsWithExternalAPIDependency.has(tool.name) ?? this.varianceClassifier.isExternalAPITool(tool);
|
|
215
|
+
if (baselineIsError !== currentIsError && isExternalAPI) {
|
|
216
|
+
// External API tool with error vs success variance - LEGITIMATE, not a deviation
|
|
217
|
+
this.logger.info(`${tool.name}: API error vs success variance at invocation ${i + 1} (expected for external API)`);
|
|
218
|
+
continue; // Skip to next invocation, don't count as deviation
|
|
219
|
+
}
|
|
208
220
|
let isDifferent = !this.varianceClassifier.compareSchemas(responses[0].response, responses[i].response);
|
|
209
221
|
// Secondary detection: Check for content semantic changes (rug pull patterns)
|
|
210
222
|
// This catches cases where schema is same but content shifts from helpful to harmful
|
|
@@ -222,7 +234,8 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
222
234
|
else if (isResourceCreating) {
|
|
223
235
|
// Issue #69: Use variance classification for resource-creating tools
|
|
224
236
|
// These need intelligent classification to distinguish ID variance from rug pulls
|
|
225
|
-
|
|
237
|
+
// Issue #166: Pass tool for external API error variance handling
|
|
238
|
+
const classification = this.varianceClassifier.classifyVariance(responses[0].response, responses[i].response, tool);
|
|
226
239
|
varianceDetails.push({
|
|
227
240
|
invocation: i + 1,
|
|
228
241
|
classification,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AlignmentChecker.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/AlignmentChecker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EACV,oBAAoB,EACpB,gBAAgB,EAEhB,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EACV,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,gCAAgC,CAAC;AAuFxC;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,kBAAkB,EAAE;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AA0CD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAE7D;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,OAAO,CAElD;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,oBAAoB,CAiNnE;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,IAAI,GACT,oBAAoB,CAAC,kBAAkB,CAAC,CA6D1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,iBAAiB,EAAE,CAqBtE;AAED;;;;;;GAMG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,IAAI,GAAG,mBAAmB,CAmD3E;AAqCD;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,IAAI,EACV,gBAAgB,EAAE,gBAAgB,EAClC,kBAAkB,CAAC,EAAE,wBAAwB,GAC5C,oBAAoB,CA0JtB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,oBAAoB,EAAE,EAC/B,UAAU,EAAE,MAAM,GACjB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"AlignmentChecker.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/AlignmentChecker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EACV,oBAAoB,EACpB,gBAAgB,EAEhB,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EACV,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,gCAAgC,CAAC;AAuFxC;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,kBAAkB,EAAE;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AA0CD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAE7D;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,OAAO,CAElD;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,oBAAoB,CAiNnE;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,IAAI,GACT,oBAAoB,CAAC,kBAAkB,CAAC,CA6D1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,iBAAiB,EAAE,CAqBtE;AAED;;;;;;GAMG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,IAAI,GAAG,mBAAmB,CAmD3E;AAqCD;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,IAAI,EACV,gBAAgB,EAAE,gBAAgB,EAClC,kBAAkB,CAAC,EAAE,wBAAwB,GAC5C,oBAAoB,CA0JtB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,oBAAoB,EAAE,EAC/B,UAAU,EAAE,MAAM,GACjB,gBAAgB,CAoClB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,oBAAoB,EAAE,EAC/B,UAAU,EAAE,MAAM,GACjB,sBAAsB,CA2BxB"}
|
|
@@ -433,8 +433,12 @@ export function determineAnnotationStatus(results, totalTools) {
|
|
|
433
433
|
if (totalTools === 0)
|
|
434
434
|
return "PASS";
|
|
435
435
|
const annotatedCount = results.filter((r) => r.hasAnnotations).length;
|
|
436
|
-
|
|
437
|
-
|
|
436
|
+
// Issue #167: Only fail for actionable poisoning (MEDIUM or HIGH risk)
|
|
437
|
+
// LOW risk (e.g., length-only) is informational and should not cause FAIL
|
|
438
|
+
const actionablePoisonedCount = results.filter((r) => r.descriptionPoisoning?.detected === true &&
|
|
439
|
+
(r.descriptionPoisoning.riskLevel === "MEDIUM" ||
|
|
440
|
+
r.descriptionPoisoning.riskLevel === "HIGH")).length;
|
|
441
|
+
if (actionablePoisonedCount > 0)
|
|
438
442
|
return "FAIL";
|
|
439
443
|
const misalignedCount = results.filter((r) => r.alignmentStatus === "MISALIGNED").length;
|
|
440
444
|
const destructiveWithoutHint = results.filter((r) => r.inferredBehavior?.expectedDestructive === true &&
|
package/client/lib/services/assessment/modules/annotations/DescriptionPoisoningDetector.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DescriptionPoisoningDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/DescriptionPoisoningDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,oFAAoF;IACpF,aAAa,CAAC,EAAE;QACd,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;CACH;AAED;;;;GAIG;AACH,eAAO,MAAM,8BAA8B,EAAE,gBAAgB,EAwT5D,CAAC;AASF,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,IAAI,GAAG,mBAAmB,
|
|
1
|
+
{"version":3,"file":"DescriptionPoisoningDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/annotations/DescriptionPoisoningDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC9C,oFAAoF;IACpF,aAAa,CAAC,EAAE;QACd,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;CACH;AAED;;;;GAIG;AACH,eAAO,MAAM,8BAA8B,EAAE,gBAAgB,EAwT5D,CAAC;AASF,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,IAAI,GAAG,mBAAmB,CA8E3E"}
|
|
@@ -318,6 +318,7 @@ export function scanDescriptionForPoisoning(tool) {
|
|
|
318
318
|
const matches = [];
|
|
319
319
|
// Length-based heuristic (Issue #119, Challenge #15)
|
|
320
320
|
// Excessively long descriptions may be used to hide malicious content
|
|
321
|
+
// Issue #167: Length check moved AFTER pattern scan - severity depends on other patterns
|
|
321
322
|
let lengthWarning;
|
|
322
323
|
if (description.length > DESCRIPTION_LENGTH_WARNING_THRESHOLD) {
|
|
323
324
|
lengthWarning = {
|
|
@@ -325,13 +326,7 @@ export function scanDescriptionForPoisoning(tool) {
|
|
|
325
326
|
threshold: DESCRIPTION_LENGTH_WARNING_THRESHOLD,
|
|
326
327
|
isExcessive: true,
|
|
327
328
|
};
|
|
328
|
-
matches.push(
|
|
329
|
-
name: "excessive_description_length",
|
|
330
|
-
pattern: `length > ${DESCRIPTION_LENGTH_WARNING_THRESHOLD}`,
|
|
331
|
-
severity: "MEDIUM",
|
|
332
|
-
category: "suspicious_length",
|
|
333
|
-
evidence: `Description is ${description.length} characters (threshold: ${DESCRIPTION_LENGTH_WARNING_THRESHOLD})`,
|
|
334
|
-
});
|
|
329
|
+
// NOTE: matches.push moved to after pattern loop (Issue #167)
|
|
335
330
|
}
|
|
336
331
|
for (const patternDef of DESCRIPTION_POISONING_PATTERNS) {
|
|
337
332
|
// Create a fresh regex to reset lastIndex
|
|
@@ -351,6 +346,20 @@ export function scanDescriptionForPoisoning(tool) {
|
|
|
351
346
|
break;
|
|
352
347
|
}
|
|
353
348
|
}
|
|
349
|
+
// Issue #167: Add length warning AFTER pattern scan with conditional severity
|
|
350
|
+
// Long descriptions alone are LOW (informational), but length + other patterns = MEDIUM
|
|
351
|
+
if (lengthWarning) {
|
|
352
|
+
const hasOtherPatterns = matches.length > 0;
|
|
353
|
+
matches.push({
|
|
354
|
+
name: "excessive_description_length",
|
|
355
|
+
pattern: `length > ${DESCRIPTION_LENGTH_WARNING_THRESHOLD}`,
|
|
356
|
+
severity: hasOtherPatterns ? "MEDIUM" : "LOW",
|
|
357
|
+
category: "suspicious_length",
|
|
358
|
+
evidence: hasOtherPatterns
|
|
359
|
+
? `Description is ${description.length} characters AND contains ${matches.length} suspicious pattern(s)`
|
|
360
|
+
: `Description is ${description.length} characters (informational - no suspicious patterns detected)`,
|
|
361
|
+
});
|
|
362
|
+
}
|
|
354
363
|
// Determine overall risk level based on highest severity match
|
|
355
364
|
let riskLevel = "NONE";
|
|
356
365
|
if (matches.some((m) => m.severity === "HIGH")) {
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Annotation-Aware Severity Adjustment
|
|
3
|
+
*
|
|
4
|
+
* Reduces false positives by considering tool annotations when scoring
|
|
5
|
+
* vulnerability severity.
|
|
6
|
+
*
|
|
7
|
+
* Issue #170: Security module should consider tool annotations to reduce
|
|
8
|
+
* false positives for read-only servers.
|
|
9
|
+
*
|
|
10
|
+
* @module securityTests/AnnotationAwareSeverity
|
|
11
|
+
*/
|
|
12
|
+
import type { SecurityAnnotations, SecurityRiskLevel } from "../../../../lib/assessment/coreTypes.js";
|
|
13
|
+
/**
|
|
14
|
+
* Result of annotation-aware severity adjustment.
|
|
15
|
+
*/
|
|
16
|
+
export interface SeverityAdjustment {
|
|
17
|
+
/** Adjusted risk level after considering annotations */
|
|
18
|
+
adjustedRiskLevel: SecurityRiskLevel;
|
|
19
|
+
/** Whether an adjustment was made */
|
|
20
|
+
wasAdjusted: boolean;
|
|
21
|
+
/** Reason for adjustment (human-readable) */
|
|
22
|
+
adjustmentReason?: string;
|
|
23
|
+
/** Original risk level before adjustment */
|
|
24
|
+
originalRiskLevel: SecurityRiskLevel;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Adjust vulnerability severity based on tool annotations.
|
|
28
|
+
*
|
|
29
|
+
* This function implements the false positive reduction logic from Issue #170.
|
|
30
|
+
* Read-only tools (readOnlyHint=true) have execution-type vulnerabilities
|
|
31
|
+
* downgraded to LOW, and closed-world tools (openWorldHint=false) have
|
|
32
|
+
* exfiltration-type vulnerabilities downgraded to LOW.
|
|
33
|
+
*
|
|
34
|
+
* @param attackName - Name of the attack pattern (e.g., "Command Injection")
|
|
35
|
+
* @param originalRiskLevel - Original risk level from payload definition
|
|
36
|
+
* @param toolAnnotations - Extracted annotations for this specific tool
|
|
37
|
+
* @param serverIsReadOnly - Whether ALL server tools are read-only
|
|
38
|
+
* @param serverIsClosed - Whether ALL server tools are closed-world
|
|
39
|
+
* @returns SeverityAdjustment with potentially adjusted risk level
|
|
40
|
+
*
|
|
41
|
+
* @example
|
|
42
|
+
* ```typescript
|
|
43
|
+
* const adjustment = adjustSeverityForAnnotations(
|
|
44
|
+
* "Command Injection",
|
|
45
|
+
* "HIGH",
|
|
46
|
+
* { readOnlyHint: true, source: "mcp" },
|
|
47
|
+
* true,
|
|
48
|
+
* false
|
|
49
|
+
* );
|
|
50
|
+
* // adjustment.wasAdjusted === true
|
|
51
|
+
* // adjustment.adjustedRiskLevel === "LOW"
|
|
52
|
+
* ```
|
|
53
|
+
*/
|
|
54
|
+
export declare function adjustSeverityForAnnotations(attackName: string, originalRiskLevel: SecurityRiskLevel, toolAnnotations: SecurityAnnotations | undefined, serverIsReadOnly: boolean, serverIsClosed: boolean): SeverityAdjustment;
|
|
55
|
+
//# sourceMappingURL=AnnotationAwareSeverity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AnnotationAwareSeverity.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/AnnotationAwareSeverity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EAClB,MAAM,4BAA4B,CAAC;AA+BpC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,wDAAwD;IACxD,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,qCAAqC;IACrC,WAAW,EAAE,OAAO,CAAC;IACrB,6CAA6C;IAC7C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,4CAA4C;IAC5C,iBAAiB,EAAE,iBAAiB,CAAC;CACtC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,4BAA4B,CAC1C,UAAU,EAAE,MAAM,EAClB,iBAAiB,EAAE,iBAAiB,EACpC,eAAe,EAAE,mBAAmB,GAAG,SAAS,EAChD,gBAAgB,EAAE,OAAO,EACzB,cAAc,EAAE,OAAO,GACtB,kBAAkB,CA0DpB"}
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Annotation-Aware Severity Adjustment
|
|
3
|
+
*
|
|
4
|
+
* Reduces false positives by considering tool annotations when scoring
|
|
5
|
+
* vulnerability severity.
|
|
6
|
+
*
|
|
7
|
+
* Issue #170: Security module should consider tool annotations to reduce
|
|
8
|
+
* false positives for read-only servers.
|
|
9
|
+
*
|
|
10
|
+
* @module securityTests/AnnotationAwareSeverity
|
|
11
|
+
*/
|
|
12
|
+
/**
|
|
13
|
+
* Attack patterns that should be downgraded for read-only tools.
|
|
14
|
+
* These involve code/command execution which read-only tools cannot perform.
|
|
15
|
+
*/
|
|
16
|
+
const EXECUTION_TYPE_ATTACKS = [
|
|
17
|
+
"Command Injection", // RCE via shell commands
|
|
18
|
+
"Calculator Injection", // Code evaluation via calculator
|
|
19
|
+
"Code Execution", // Direct code execution
|
|
20
|
+
"Path Traversal", // File system modification
|
|
21
|
+
"Cross-Tool State Bypass", // State manipulation attacks
|
|
22
|
+
"Chained Exploitation", // Multi-tool execution chains
|
|
23
|
+
"Tool Output Injection", // Output tampering
|
|
24
|
+
"Nested Injection", // Recursive injection attacks
|
|
25
|
+
"Auth Bypass", // Authentication manipulation
|
|
26
|
+
"Session Management", // Session state modification
|
|
27
|
+
];
|
|
28
|
+
/**
|
|
29
|
+
* Attack patterns that should be downgraded for closed-world tools.
|
|
30
|
+
* These involve external network access which closed-world tools don't have.
|
|
31
|
+
*/
|
|
32
|
+
const EXFILTRATION_TYPE_ATTACKS = [
|
|
33
|
+
"Indirect Prompt Injection", // External content injection
|
|
34
|
+
"Data Exfiltration", // Data leakage to external services
|
|
35
|
+
"Token Theft", // Credential exfiltration
|
|
36
|
+
"Secret Leakage", // Sensitive data exposure
|
|
37
|
+
"SSRF", // Server-side request forgery
|
|
38
|
+
];
|
|
39
|
+
/**
|
|
40
|
+
* Adjust vulnerability severity based on tool annotations.
|
|
41
|
+
*
|
|
42
|
+
* This function implements the false positive reduction logic from Issue #170.
|
|
43
|
+
* Read-only tools (readOnlyHint=true) have execution-type vulnerabilities
|
|
44
|
+
* downgraded to LOW, and closed-world tools (openWorldHint=false) have
|
|
45
|
+
* exfiltration-type vulnerabilities downgraded to LOW.
|
|
46
|
+
*
|
|
47
|
+
* @param attackName - Name of the attack pattern (e.g., "Command Injection")
|
|
48
|
+
* @param originalRiskLevel - Original risk level from payload definition
|
|
49
|
+
* @param toolAnnotations - Extracted annotations for this specific tool
|
|
50
|
+
* @param serverIsReadOnly - Whether ALL server tools are read-only
|
|
51
|
+
* @param serverIsClosed - Whether ALL server tools are closed-world
|
|
52
|
+
* @returns SeverityAdjustment with potentially adjusted risk level
|
|
53
|
+
*
|
|
54
|
+
* @example
|
|
55
|
+
* ```typescript
|
|
56
|
+
* const adjustment = adjustSeverityForAnnotations(
|
|
57
|
+
* "Command Injection",
|
|
58
|
+
* "HIGH",
|
|
59
|
+
* { readOnlyHint: true, source: "mcp" },
|
|
60
|
+
* true,
|
|
61
|
+
* false
|
|
62
|
+
* );
|
|
63
|
+
* // adjustment.wasAdjusted === true
|
|
64
|
+
* // adjustment.adjustedRiskLevel === "LOW"
|
|
65
|
+
* ```
|
|
66
|
+
*/
|
|
67
|
+
export function adjustSeverityForAnnotations(attackName, originalRiskLevel, toolAnnotations, serverIsReadOnly, serverIsClosed) {
|
|
68
|
+
// Check if we have valid per-tool annotations
|
|
69
|
+
const hasValidAnnotations = toolAnnotations && toolAnnotations.source !== "none";
|
|
70
|
+
// Check 1: Per-tool read-only for execution-type attacks
|
|
71
|
+
// If tool declares readOnlyHint=true, it cannot execute commands
|
|
72
|
+
if (hasValidAnnotations && toolAnnotations.readOnlyHint === true) {
|
|
73
|
+
if (isExecutionTypeAttack(attackName)) {
|
|
74
|
+
return {
|
|
75
|
+
adjustedRiskLevel: "LOW",
|
|
76
|
+
wasAdjusted: true,
|
|
77
|
+
adjustmentReason: `Tool has readOnlyHint=true; ${attackName} downgraded from ${originalRiskLevel} to LOW (cannot execute)`,
|
|
78
|
+
originalRiskLevel,
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
// Check 2: Per-tool closed-world for exfiltration-type attacks
|
|
83
|
+
// If tool declares openWorldHint=false, it cannot access external resources
|
|
84
|
+
if (hasValidAnnotations && toolAnnotations.openWorldHint === false) {
|
|
85
|
+
if (isExfiltrationType(attackName)) {
|
|
86
|
+
return {
|
|
87
|
+
adjustedRiskLevel: "LOW",
|
|
88
|
+
wasAdjusted: true,
|
|
89
|
+
adjustmentReason: `Tool has openWorldHint=false; ${attackName} downgraded from ${originalRiskLevel} to LOW (no external access)`,
|
|
90
|
+
originalRiskLevel,
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
// Check 3: Server-level read-only flag provides additional context
|
|
95
|
+
// Even if specific tool annotation is missing, server-level flag applies
|
|
96
|
+
if (serverIsReadOnly && isExecutionTypeAttack(attackName)) {
|
|
97
|
+
return {
|
|
98
|
+
adjustedRiskLevel: "LOW",
|
|
99
|
+
wasAdjusted: true,
|
|
100
|
+
adjustmentReason: `Server is 100% read-only; ${attackName} downgraded from ${originalRiskLevel} to LOW`,
|
|
101
|
+
originalRiskLevel,
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
// Check 4: Server-level closed flag
|
|
105
|
+
if (serverIsClosed && isExfiltrationType(attackName)) {
|
|
106
|
+
return {
|
|
107
|
+
adjustedRiskLevel: "LOW",
|
|
108
|
+
wasAdjusted: true,
|
|
109
|
+
adjustmentReason: `Server is 100% closed-world; ${attackName} downgraded from ${originalRiskLevel} to LOW`,
|
|
110
|
+
originalRiskLevel,
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
// No adjustment needed
|
|
114
|
+
return {
|
|
115
|
+
adjustedRiskLevel: originalRiskLevel,
|
|
116
|
+
wasAdjusted: false,
|
|
117
|
+
originalRiskLevel,
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Check if attack name matches execution-type patterns.
|
|
122
|
+
* Only checks if attackName contains the pattern (not bidirectional)
|
|
123
|
+
* to prevent security bypass (e.g., "command" matching "Command Injection").
|
|
124
|
+
*/
|
|
125
|
+
function isExecutionTypeAttack(attackName) {
|
|
126
|
+
return EXECUTION_TYPE_ATTACKS.some((pattern) => attackName.toLowerCase().includes(pattern.toLowerCase()));
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Check if attack name matches exfiltration-type patterns.
|
|
130
|
+
* Only checks if attackName contains the pattern (not bidirectional)
|
|
131
|
+
* to prevent security bypass.
|
|
132
|
+
*/
|
|
133
|
+
function isExfiltrationType(attackName) {
|
|
134
|
+
return EXFILTRATION_TYPE_ATTACKS.some((pattern) => attackName.toLowerCase().includes(pattern.toLowerCase()));
|
|
135
|
+
}
|
|
@@ -29,6 +29,20 @@ export declare class ErrorClassifier {
|
|
|
29
29
|
* Check if caught exception indicates connection/server failure
|
|
30
30
|
*/
|
|
31
31
|
isConnectionErrorFromException(error: unknown): boolean;
|
|
32
|
+
/**
|
|
33
|
+
* Check if response indicates transient error worth retrying.
|
|
34
|
+
* Transient errors (ECONNREFUSED, ETIMEDOUT, etc.) may resolve on retry.
|
|
35
|
+
* Permanent errors (unknown tool, unauthorized) will not.
|
|
36
|
+
*
|
|
37
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
38
|
+
*/
|
|
39
|
+
isTransientError(response: CompatibilityCallToolResult): boolean;
|
|
40
|
+
/**
|
|
41
|
+
* Check if caught exception indicates transient error worth retrying.
|
|
42
|
+
*
|
|
43
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
44
|
+
*/
|
|
45
|
+
isTransientErrorFromException(error: unknown): boolean;
|
|
32
46
|
/**
|
|
33
47
|
* Internal: Check if text indicates connection/server failure
|
|
34
48
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ErrorClassifier.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/ErrorClassifier.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"ErrorClassifier.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/ErrorClassifier.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AASjF;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAKjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAQvD;;;;;;OAMG;IACH,gBAAgB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAKhE;;;;OAIG;IACH,6BAA6B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAQtD;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAgBjC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAKzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAQ/D;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAgB7B;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,SAAS;IAsBlE;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;CAUtE"}
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Extracted from SecurityResponseAnalyzer.ts (Issue #53)
|
|
6
6
|
* Handles: connection error detection, error classification, error info extraction
|
|
7
7
|
*/
|
|
8
|
-
import { CONNECTION_ERROR_PATTERNS, ERROR_CLASSIFICATION_PATTERNS, matchesAny, hasMcpErrorPrefix, } from "./SecurityPatternLibrary.js";
|
|
8
|
+
import { CONNECTION_ERROR_PATTERNS, ERROR_CLASSIFICATION_PATTERNS, matchesAny, hasMcpErrorPrefix, isTransientErrorPattern, } from "./SecurityPatternLibrary.js";
|
|
9
9
|
/**
|
|
10
10
|
* Classifies errors from tool responses and exceptions
|
|
11
11
|
*/
|
|
@@ -27,6 +27,29 @@ export class ErrorClassifier {
|
|
|
27
27
|
}
|
|
28
28
|
return false;
|
|
29
29
|
}
|
|
30
|
+
/**
|
|
31
|
+
* Check if response indicates transient error worth retrying.
|
|
32
|
+
* Transient errors (ECONNREFUSED, ETIMEDOUT, etc.) may resolve on retry.
|
|
33
|
+
* Permanent errors (unknown tool, unauthorized) will not.
|
|
34
|
+
*
|
|
35
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
36
|
+
*/
|
|
37
|
+
isTransientError(response) {
|
|
38
|
+
const text = this.extractResponseContent(response).toLowerCase();
|
|
39
|
+
return isTransientErrorPattern(text);
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Check if caught exception indicates transient error worth retrying.
|
|
43
|
+
*
|
|
44
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
45
|
+
*/
|
|
46
|
+
isTransientErrorFromException(error) {
|
|
47
|
+
if (error instanceof Error) {
|
|
48
|
+
const message = error.message.toLowerCase();
|
|
49
|
+
return isTransientErrorPattern(message);
|
|
50
|
+
}
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
30
53
|
/**
|
|
31
54
|
* Internal: Check if text indicates connection/server failure
|
|
32
55
|
*/
|
|
@@ -34,6 +34,12 @@ export declare class SafeResponseDetector {
|
|
|
34
34
|
* Check if response is an HTTP error (Issue #26)
|
|
35
35
|
*/
|
|
36
36
|
isHttpErrorResponse(responseText: string): boolean;
|
|
37
|
+
/**
|
|
38
|
+
* Check if response is an AppleScript syntax error (Issue #175)
|
|
39
|
+
* These errors should not be flagged as XXE vulnerabilities even when
|
|
40
|
+
* the XXE payload is echoed back in the error message.
|
|
41
|
+
*/
|
|
42
|
+
isAppleScriptSyntaxError(responseText: string): boolean;
|
|
37
43
|
/**
|
|
38
44
|
* Check if response is just reflection (safe)
|
|
39
45
|
* Two-layer defense: Match reflection patterns, verify NO execution evidence
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SafeResponseDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SafeResponseDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"SafeResponseDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SafeResponseDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAiBjF;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,iBAAiB,CAA4B;;IAMrD;;OAEG;IACH,oBAAoB,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAQzE;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;;;OAIG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;;;;;OAMG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IA8EnD;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIjD;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IA0CrE;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;CAUtE"}
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Extracted from SecurityResponseAnalyzer.ts (Issue #53)
|
|
6
6
|
* Handles: MCP validation, HTTP errors, reflection detection, validation rejection
|
|
7
7
|
*/
|
|
8
|
-
import { VALIDATION_ERROR_PATTERNS, STATUS_PATTERNS, REFLECTION_PATTERNS, SEARCH_RESULT_PATTERNS, CREATION_PATTERNS, TEXT_REJECTION_PATTERNS, RESULT_REJECTION_PATTERNS, isHttpError, matchesAny, hasLLMInjectionMarkers, hasOutputInjectionVulnerability, } from "./SecurityPatternLibrary.js";
|
|
8
|
+
import { VALIDATION_ERROR_PATTERNS, STATUS_PATTERNS, REFLECTION_PATTERNS, SEARCH_RESULT_PATTERNS, CREATION_PATTERNS, TEXT_REJECTION_PATTERNS, RESULT_REJECTION_PATTERNS, isHttpError, matchesAny, hasLLMInjectionMarkers, hasOutputInjectionVulnerability, isAppleScriptSyntaxError as isAppleScriptSyntaxErrorPattern, } from "./SecurityPatternLibrary.js";
|
|
9
9
|
import { ExecutionArtifactDetector } from "./ExecutionArtifactDetector.js";
|
|
10
10
|
/**
|
|
11
11
|
* Detects safe response patterns indicating proper tool behavior
|
|
@@ -30,6 +30,14 @@ export class SafeResponseDetector {
|
|
|
30
30
|
isHttpErrorResponse(responseText) {
|
|
31
31
|
return isHttpError(responseText);
|
|
32
32
|
}
|
|
33
|
+
/**
|
|
34
|
+
* Check if response is an AppleScript syntax error (Issue #175)
|
|
35
|
+
* These errors should not be flagged as XXE vulnerabilities even when
|
|
36
|
+
* the XXE payload is echoed back in the error message.
|
|
37
|
+
*/
|
|
38
|
+
isAppleScriptSyntaxError(responseText) {
|
|
39
|
+
return isAppleScriptSyntaxErrorPattern(responseText);
|
|
40
|
+
}
|
|
33
41
|
/**
|
|
34
42
|
* Check if response is just reflection (safe)
|
|
35
43
|
* Two-layer defense: Match reflection patterns, verify NO execution evidence
|
|
@@ -96,7 +96,7 @@ export declare const OUTPUT_INJECTION_METADATA: {
|
|
|
96
96
|
*/
|
|
97
97
|
export declare const CONNECTION_ERROR_PATTERNS: {
|
|
98
98
|
/** Unambiguous connection errors */
|
|
99
|
-
readonly unambiguous: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
|
|
99
|
+
readonly unambiguous: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
|
|
100
100
|
/** Only apply when response starts with MCP error prefix */
|
|
101
101
|
readonly contextual: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
|
|
102
102
|
/** MCP error prefix pattern */
|
|
@@ -111,6 +111,48 @@ export declare const ERROR_CLASSIFICATION_PATTERNS: {
|
|
|
111
111
|
readonly server: RegExp;
|
|
112
112
|
readonly protocol: RegExp;
|
|
113
113
|
};
|
|
114
|
+
/**
|
|
115
|
+
* Transient error patterns that are worth retrying.
|
|
116
|
+
* These indicate temporary network/server issues that may resolve.
|
|
117
|
+
* Used by: isTransientError(), isTransientErrorFromException()
|
|
118
|
+
*
|
|
119
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
120
|
+
*/
|
|
121
|
+
export declare const TRANSIENT_ERROR_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
|
|
122
|
+
/**
|
|
123
|
+
* Permanent error patterns that should NOT be retried.
|
|
124
|
+
* These indicate issues that will not resolve with retry.
|
|
125
|
+
* Used by: isTransientError() to short-circuit retry logic
|
|
126
|
+
*
|
|
127
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
128
|
+
*/
|
|
129
|
+
export declare const PERMANENT_ERROR_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
|
|
130
|
+
/**
|
|
131
|
+
* Check if error text indicates a transient error worth retrying.
|
|
132
|
+
* @param text Error message or response text
|
|
133
|
+
* @returns true if error is transient and should be retried
|
|
134
|
+
*/
|
|
135
|
+
export declare function isTransientErrorPattern(text: string): boolean;
|
|
136
|
+
/**
|
|
137
|
+
* Issue #175: AppleScript syntax error patterns to exclude from XXE detection
|
|
138
|
+
*
|
|
139
|
+
* AppleScript errors can trigger false positives when:
|
|
140
|
+
* 1. The tool returns an AppleScript syntax error (e.g., -2750 duplicate parameter)
|
|
141
|
+
* 2. The XXE payload is echoed back in the error message
|
|
142
|
+
* 3. XXE evidence patterns match "parameter" + "entity" combination
|
|
143
|
+
*
|
|
144
|
+
* These patterns detect AppleScript-specific errors by:
|
|
145
|
+
* - Error code ranges (-27xx, -25xx are AppleScript domain)
|
|
146
|
+
* - AppleScript-specific syntax error messages
|
|
147
|
+
* - Common AppleScript error patterns
|
|
148
|
+
*/
|
|
149
|
+
export declare const APPLESCRIPT_SYNTAX_ERROR_PATTERNS: RegExp[];
|
|
150
|
+
/**
|
|
151
|
+
* Check if error text indicates an AppleScript syntax error (Issue #175)
|
|
152
|
+
* @param text Error message or response text
|
|
153
|
+
* @returns true if error is an AppleScript syntax error
|
|
154
|
+
*/
|
|
155
|
+
export declare function isAppleScriptSyntaxError(text: string): boolean;
|
|
114
156
|
/**
|
|
115
157
|
* Status patterns indicating safe response handling
|
|
116
158
|
* Used by: isReflectionResponse()
|
package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,2GAazB,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,GACd,OAAO,CAWT;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE7D;AAMD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;;;;;GAOG;AACH,eAAO,MAAM,qBAAqB,2KA4BxB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,uDAAuD;;IAOvD,oDAAoD;;CAO5C,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;
|
|
1
|
+
{"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,2GAazB,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,GACd,OAAO,CAWT;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE7D;AAMD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;;;;;GAOG;AACH,eAAO,MAAM,qBAAqB,2KA4BxB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,uDAAuD;;IAOvD,oDAAoD;;CAO5C,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAsBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mDAM3B,CAAC;AAEX;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAO7D;AAMD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,EAcrD,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAI9D;AAMD;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;EAiCjC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,EAAE,oBAAoB,EA0FnE,CAAC;AAEF;;;;;;;;GAQG;AAKH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,IAAM,CAAC;AAMxC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAC1C,MAAM,EACN;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CAgCxC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAiB5E;AAED,eAAO,MAAM,2BAA2B,EAAE,oBAAoB,EAuE7D,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;IAClC,iCAAiC;;IAQjC,mDAAmD;;IAInD,gDAAgD;;IAIhD,oCAAoC;;IAEpC,6CAA6C;;CAIrC,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;IACpC,oDAAoD;;IAOpD,wCAAwC;;CAEhC,CAAC;AAMX;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAyB1B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,kBAAkB,iLAarB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,mBAAmB,yEAOtB,CAAC;AAEX;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEzD;AAMD;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE5D;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAKrE"}
|
|
@@ -244,11 +244,12 @@ export const CONNECTION_ERROR_PATTERNS = {
|
|
|
244
244
|
/MCP error -32700/i,
|
|
245
245
|
/socket hang up/i,
|
|
246
246
|
/ECONNREFUSED/i,
|
|
247
|
+
/ECONNRESET/i, // Connection reset by peer (Node.js error code)
|
|
247
248
|
/ETIMEDOUT/i,
|
|
248
249
|
/network error/i,
|
|
249
250
|
/ERR_CONNECTION/i,
|
|
250
251
|
/fetch failed/i,
|
|
251
|
-
/connection reset/i,
|
|
252
|
+
/connection reset/i, // TCP reset (generic form)
|
|
252
253
|
/error POSTing to endpoint/i,
|
|
253
254
|
/error GETting.*endpoint/i,
|
|
254
255
|
/service unavailable/i,
|
|
@@ -279,6 +280,91 @@ export const ERROR_CLASSIFICATION_PATTERNS = {
|
|
|
279
280
|
protocol: /-32001/i,
|
|
280
281
|
};
|
|
281
282
|
// =============================================================================
|
|
283
|
+
// TRANSIENT ERROR PATTERNS (Issue #157: Connection retry logic)
|
|
284
|
+
// =============================================================================
|
|
285
|
+
/**
|
|
286
|
+
* Transient error patterns that are worth retrying.
|
|
287
|
+
* These indicate temporary network/server issues that may resolve.
|
|
288
|
+
* Used by: isTransientError(), isTransientErrorFromException()
|
|
289
|
+
*
|
|
290
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
291
|
+
*/
|
|
292
|
+
export const TRANSIENT_ERROR_PATTERNS = [
|
|
293
|
+
/ECONNREFUSED/i, // Server temporarily down
|
|
294
|
+
/ECONNRESET/i, // Connection reset by peer (Node.js error code)
|
|
295
|
+
/ETIMEDOUT/i, // Network timeout
|
|
296
|
+
/socket hang up/i, // Connection dropped
|
|
297
|
+
/fetch failed/i, // Network layer failure
|
|
298
|
+
/connection reset/i, // TCP reset (generic form)
|
|
299
|
+
/gateway timeout/i, // Proxy/load balancer timeout
|
|
300
|
+
/service unavailable/i, // 503 response
|
|
301
|
+
/ERR_CONNECTION/i, // Browser-style connection errors
|
|
302
|
+
];
|
|
303
|
+
/**
|
|
304
|
+
* Permanent error patterns that should NOT be retried.
|
|
305
|
+
* These indicate issues that will not resolve with retry.
|
|
306
|
+
* Used by: isTransientError() to short-circuit retry logic
|
|
307
|
+
*
|
|
308
|
+
* @see https://github.com/triepod-ai/inspector-assessment/issues/157
|
|
309
|
+
*/
|
|
310
|
+
export const PERMANENT_ERROR_PATTERNS = [
|
|
311
|
+
/unknown tool:/i, // Tool doesn't exist
|
|
312
|
+
/no such tool/i, // Tool doesn't exist
|
|
313
|
+
/unauthorized/i, // Auth failure (won't change on retry)
|
|
314
|
+
/forbidden/i, // Permission denied (won't change on retry)
|
|
315
|
+
/invalid.*token/i, // Bad credentials
|
|
316
|
+
];
|
|
317
|
+
/**
|
|
318
|
+
* Check if error text indicates a transient error worth retrying.
|
|
319
|
+
* @param text Error message or response text
|
|
320
|
+
* @returns true if error is transient and should be retried
|
|
321
|
+
*/
|
|
322
|
+
export function isTransientErrorPattern(text) {
|
|
323
|
+
// Check for permanent errors first (never retry these)
|
|
324
|
+
if (matchesAny(PERMANENT_ERROR_PATTERNS, text)) {
|
|
325
|
+
return false;
|
|
326
|
+
}
|
|
327
|
+
// Check for transient errors
|
|
328
|
+
return matchesAny(TRANSIENT_ERROR_PATTERNS, text);
|
|
329
|
+
}
|
|
330
|
+
// =============================================================================
|
|
331
|
+
// APPLESCRIPT SYNTAX ERROR PATTERNS (Issue #175)
|
|
332
|
+
// =============================================================================
|
|
333
|
+
/**
|
|
334
|
+
* Issue #175: AppleScript syntax error patterns to exclude from XXE detection
|
|
335
|
+
*
|
|
336
|
+
* AppleScript errors can trigger false positives when:
|
|
337
|
+
* 1. The tool returns an AppleScript syntax error (e.g., -2750 duplicate parameter)
|
|
338
|
+
* 2. The XXE payload is echoed back in the error message
|
|
339
|
+
* 3. XXE evidence patterns match "parameter" + "entity" combination
|
|
340
|
+
*
|
|
341
|
+
* These patterns detect AppleScript-specific errors by:
|
|
342
|
+
* - Error code ranges (-27xx, -25xx are AppleScript domain)
|
|
343
|
+
* - AppleScript-specific syntax error messages
|
|
344
|
+
* - Common AppleScript error patterns
|
|
345
|
+
*/
|
|
346
|
+
export const APPLESCRIPT_SYNTAX_ERROR_PATTERNS = [
|
|
347
|
+
// AppleScript error code ranges
|
|
348
|
+
/-27\d{2}/, // -2700 to -2799 (AppleScript errors)
|
|
349
|
+
/-25\d{2}/, // -2500 to -2599 (AppleScript/OSA errors)
|
|
350
|
+
// AppleScript-specific error messages
|
|
351
|
+
/syntax error:.*«class \d+»/i, // AppleScript class syntax error
|
|
352
|
+
/applescript.*syntax.*error/i, // Generic AppleScript syntax error
|
|
353
|
+
/osascript.*error/i, // osascript command errors
|
|
354
|
+
// Specific errors that might match XXE patterns
|
|
355
|
+
/parameter.*specified.*more than once/i, // -2750 duplicate parameter
|
|
356
|
+
/parameter.*is.*specified.*more/i, // Variant of above
|
|
357
|
+
/duplicate\s+parameter\s+specification/i, // Another variant
|
|
358
|
+
];
|
|
359
|
+
/**
|
|
360
|
+
* Check if error text indicates an AppleScript syntax error (Issue #175)
|
|
361
|
+
* @param text Error message or response text
|
|
362
|
+
* @returns true if error is an AppleScript syntax error
|
|
363
|
+
*/
|
|
364
|
+
export function isAppleScriptSyntaxError(text) {
|
|
365
|
+
return APPLESCRIPT_SYNTAX_ERROR_PATTERNS.some((pattern) => pattern.test(text));
|
|
366
|
+
}
|
|
367
|
+
// =============================================================================
|
|
282
368
|
// REFLECTION PATTERNS (safe response detection)
|
|
283
369
|
// =============================================================================
|
|
284
370
|
/**
|