@bryan-thompson/inspector-assessment 1.42.0 → 1.42.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/cli/package.json +1 -1
  2. package/client/dist/assets/{OAuthCallback-Bbgu1k5Q.js → OAuthCallback-HA09kzUo.js} +1 -1
  3. package/client/dist/assets/{OAuthDebugCallback-BNMp3ajr.js → OAuthDebugCallback-DipYQsnU.js} +1 -1
  4. package/client/dist/assets/{index-DhZHooka.js → index-BHI0HzI3.js} +4 -4
  5. package/client/dist/index.html +1 -1
  6. package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts +16 -0
  7. package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map +1 -1
  8. package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.js +44 -4
  9. package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map +1 -1
  10. package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js +5 -3
  11. package/client/package.json +1 -1
  12. package/package.json +1 -1
  13. package/server/package.json +1 -1
package/cli/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment-cli",
3
- "version": "1.42.0",
3
+ "version": "1.42.1",
4
4
  "description": "CLI for the Enhanced MCP Inspector with assessment capabilities",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",
package/client/dist/assets/{OAuthCallback-Bbgu1k5Q.js → OAuthCallback-HA09kzUo.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-DhZHooka.js";
1
+ import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-BHI0HzI3.js";
2
2
  const OAuthCallback = ({ onConnect }) => {
3
3
  const { toast } = useToast();
4
4
  const hasProcessedRef = reactExports.useRef(false);
package/client/dist/assets/{OAuthDebugCallback-BNMp3ajr.js → OAuthDebugCallback-DipYQsnU.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-DhZHooka.js";
1
+ import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-BHI0HzI3.js";
2
2
  const OAuthDebugCallback = ({ onConnect }) => {
3
3
  reactExports.useEffect(() => {
4
4
  let isProcessed = false;
package/client/dist/assets/{index-DhZHooka.js → index-BHI0HzI3.js} RENAMED
@@ -16373,7 +16373,7 @@ object({
16373
16373
  token_type_hint: string().optional()
16374
16374
  }).strip();
16375
16375
  const name = "@bryan-thompson/inspector-assessment-client";
16376
- const version$1 = "1.42.0";
16376
+ const version$1 = "1.42.1";
16377
16377
  const packageJson = {
16378
16378
  name,
16379
16379
  version: version$1
@@ -49456,7 +49456,7 @@ const useTheme = () => {
49456
49456
  [theme, setThemeWithSideEffect]
49457
49457
  );
49458
49458
  };
49459
- const version = "1.42.0";
49459
+ const version = "1.42.1";
49460
49460
  var [createTooltipContext] = createContextScope("Tooltip", [
49461
49461
  createPopperScope
49462
49462
  ]);
@@ -52799,13 +52799,13 @@ const App = () => {
52799
52799
  };
52800
52800
  if (window.location.pathname === "/oauth/callback") {
52801
52801
  const OAuthCallback = React.lazy(
52802
- () => __vitePreload(() => import("./OAuthCallback-Bbgu1k5Q.js"), true ? [] : void 0)
52802
+ () => __vitePreload(() => import("./OAuthCallback-HA09kzUo.js"), true ? [] : void 0)
52803
52803
  );
52804
52804
  return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
52805
52805
  }
52806
52806
  if (window.location.pathname === "/oauth/callback/debug") {
52807
52807
  const OAuthDebugCallback = React.lazy(
52808
- () => __vitePreload(() => import("./OAuthDebugCallback-BNMp3ajr.js"), true ? [] : void 0)
52808
+ () => __vitePreload(() => import("./OAuthDebugCallback-DipYQsnU.js"), true ? [] : void 0)
52809
52809
  );
52810
52810
  return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
52811
52811
  }
package/client/dist/index.html CHANGED
@@ -5,7 +5,7 @@
5
5
  <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
6
6
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
7
7
  <title>MCP Inspector</title>
8
- <script type="module" crossorigin src="/assets/index-DhZHooka.js"></script>
8
+ <script type="module" crossorigin src="/assets/index-BHI0HzI3.js"></script>
9
9
  <link rel="stylesheet" crossorigin href="/assets/index-BoUA5OL1.css">
10
10
  </head>
11
11
  <body>
package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts CHANGED
@@ -44,6 +44,22 @@ export declare const SUCCESS_CONTEXT_PATTERNS: readonly [RegExp, RegExp, RegExp,
44
44
  * @returns true if payload is reflected in an error context
45
45
  */
46
46
  export declare function isPayloadInErrorContext(responseText: string, payload: string): boolean;
47
+ /**
48
+ * Issue #201: Check if payload is partially echoed in response
49
+ * Handles truncation and path prepending common in error messages
50
+ *
51
+ * False positives occur when servers echo payloads in error messages like:
52
+ * "File not found: /path/to/<?xml...xxe SYSTEM...>"
53
+ *
54
+ * The evidence regex matches the echoed payload, not actual exploitation.
55
+ * This function detects partial echoes that the simple includes() check misses.
56
+ *
57
+ * @param responseText The full response text from the tool
58
+ * @param payload The payload that was sent to the tool
59
+ * @param minPrefixLength Minimum prefix length to check (default: 30)
60
+ * @returns true if payload or significant portion is echoed in response
61
+ */
62
+ export declare function isPayloadPartiallyEchoed(responseText: string, payload: string, minPrefixLength?: number): boolean;
47
63
  /**
48
64
  * Issue #146: Check if response indicates successful operation (high confidence)
49
65
  * @param responseText The full response text from the tool
package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,2GAazB,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,GACd,OAAO,CAWT;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE7D;AAMD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EACJ,iBAAiB,GACjB,aAAa,GACb,oBAAoB,GACpB,sBAAsB,CAAC;CAC5B;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,mCAAmC,EAAE,kBAAkB,EAwEnE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,qBAAqB,UAEjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,uDAAuD;;IAOvD,oDAAoD;;CAO5C,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAsBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mDAM3B,CAAC;AAEX;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAO7D;AAMD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,EAcrD,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAI9D;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,sCAAsC,EAAE,MAAM,EAgB1D,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,+BAA+B,EAAE,MAAM,EAKnD,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAgB,6BAA6B,CAC3C,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CA0BT;AAMD;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;EAiCjC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,EAAE,oBAAoB,EA0FnE,CAAC;AAEF;;;;;;;;GAQG;AAKH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,IAAM,CAAC;AAMxC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAC1C,MAAM,EACN;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CAgCxC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAiB5E;AAED,eAAO,MAAM,2BAA2B,EAAE,oBAAoB,EAuE7D,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;IAClC,iCAAiC;;IAQjC,mDAAmD;;IAInD,gDAAgD;;IAIhD,oCAAoC;;IAEpC,6CAA6C;;CAIrC,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;IACpC,oDAAoD;;IAOpD,wCAAwC;;CAEhC,CAAC;AAMX;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAyB1B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,kBAAkB,iLAarB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,mBAAmB,yEAOtB,CAAC;AAEX;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEzD;AAMD;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE5D;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAKrE"}
1
+ {"version":3,"file":"SecurityPatternLibrary.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPatternLibrary.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;;GAGG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kEAAkE;;IAIlE,8DAA8D;;IAG9D,kCAAkC;;IAGlC,gCAAgC;;CAExB,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,2JAmB5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,2GAazB,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,GACd,OAAO,CAST;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CACtC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,EACf,eAAe,GAAE,MAAW,GAC3B,OAAO,CAiCT;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAE7D;AAMD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,2LAuBvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B;IACtC,iCAAiC;;IAejC,0DAA0D;;CAElD,CAAC;AAMX;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EACJ,iBAAiB,GACjB,aAAa,GACb,oBAAoB,GACpB,sBAAsB,CAAC;CAC5B;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,mCAAmC,EAAE,kBAAkB,EAwEnE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,qBAAqB,UAEjC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,uDAAuD;;IAOvD,oDAAoD;;CAO5C,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;IACpC,oCAAoC;;IAsBpC,4DAA4D;;IAW5D,+BAA+B;;CAEvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;;CAMhC,CAAC;AAMX;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mFAU3B,CAAC;AAEX;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mDAM3B,CAAC;AAEX;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAO7D;AAMD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,EAcrD,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAI9D;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,sCAAsC,EAAE,MAAM,EAgB1D,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,+BAA+B,EAAE,MAAM,EAKnD,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAgB,6BAA6B,CAC3C,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CA0BT;AAMD;;;GAGG;AACH,eAAO,MAAM,eAAe,mJAkBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB,2rBAwGtB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+B1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc5B,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;EAiCjC,CAAC;AAEX;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,EAAE,oBAAoB,EA0FnE,CAAC;AAEF;;;;;;;;GAQG;AAKH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,IAAM,CAAC;AAMxC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAC1C,MAAM,EACN;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,CAgCxC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAiB5E;AAED,eAAO,MAAM,2BAA2B,EAAE,oBAAoB,EAuE7D,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,2FAWzB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,iBAAiB,mHAcpB,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,mFAU1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,mDAM9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,2DAO1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,yBAAyB,2DAO5B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,6BAA6B,yKAWhC,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,kBAAkB,mGAYrB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QACO,CAAC;AAMhD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,QAC8B,CAAC;AAE/D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,2EAS3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,2BAA2B,oRA4B9B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAMX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;IAClC,iCAAiC;;IAQjC,mDAAmD;;IAInD,gDAAgD;;IAIhD,oCAAoC;;IAEpC,6CAA6C;;CAIrC,CAAC;AAMX;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;IACpC,oDAAoD;;IAOpD,wCAAwC;;CAEhC,CAAC;AAMX;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;EAyB3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAyB1B,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,kBAAkB,iLAarB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,mBAAmB,yEAOtB,CAAC;AAEX;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEzD;AAMD;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE5D;AAED;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAKrE"}
package/client/lib/services/assessment/modules/securityTests/SecurityPatternLibrary.js CHANGED
@@ -97,12 +97,52 @@ export const SUCCESS_CONTEXT_PATTERNS = [
97
97
  export function isPayloadInErrorContext(responseText, payload) {
98
98
  // Check if response contains error patterns
99
99
  const hasErrorContext = ERROR_CONTEXT_PATTERNS.some((p) => p.test(responseText));
100
- // Check if payload is reflected in the response
101
- const payloadReflected = responseText
102
- .toLowerCase()
103
- .includes(payload.toLowerCase());
100
+ // Issue #201: Use partial echo detection for truncated payloads
101
+ const payloadReflected = isPayloadPartiallyEchoed(responseText, payload);
104
102
  return hasErrorContext && payloadReflected;
105
103
  }
104
+ /**
105
+ * Issue #201: Check if payload is partially echoed in response
106
+ * Handles truncation and path prepending common in error messages
107
+ *
108
+ * False positives occur when servers echo payloads in error messages like:
109
+ * "File not found: /path/to/<?xml...xxe SYSTEM...>"
110
+ *
111
+ * The evidence regex matches the echoed payload, not actual exploitation.
112
+ * This function detects partial echoes that the simple includes() check misses.
113
+ *
114
+ * @param responseText The full response text from the tool
115
+ * @param payload The payload that was sent to the tool
116
+ * @param minPrefixLength Minimum prefix length to check (default: 30)
117
+ * @returns true if payload or significant portion is echoed in response
118
+ */
119
+ export function isPayloadPartiallyEchoed(responseText, payload, minPrefixLength = 30) {
120
+ const lowerResponse = responseText.toLowerCase();
121
+ const lowerPayload = payload.toLowerCase();
122
+ // First, check for exact match (original behavior)
123
+ if (lowerResponse.includes(lowerPayload)) {
124
+ return true;
125
+ }
126
+ // Check if significant prefix is present (handles path prepending)
127
+ const prefixLength = Math.min(minPrefixLength, lowerPayload.length);
128
+ const prefix = lowerPayload.substring(0, prefixLength);
129
+ if (prefix.length >= 10 && lowerResponse.includes(prefix)) {
130
+ return true;
131
+ }
132
+ // Check if multiple distinct segments of payload appear
133
+ // (handles modified/escaped payloads like URL encoding)
134
+ const segments = lowerPayload
135
+ .split(/[\s<>'"&;:\/\\]+/)
136
+ .filter((s) => s.length > 5);
137
+ if (segments.length > 0) {
138
+ const matchCount = segments.filter((seg) => lowerResponse.includes(seg)).length;
139
+ // If more than half of significant segments appear, likely echoed
140
+ if (matchCount >= Math.ceil(segments.length * 0.5)) {
141
+ return true;
142
+ }
143
+ }
144
+ return false;
145
+ }
106
146
  /**
107
147
  * Issue #146: Check if response indicates successful operation (high confidence)
108
148
  * @param responseText The full response text from the tool
package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAuBxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAGzD,YAAY,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AACvE,YAAY,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,YAAY,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAC7E,YAAY,EACV,yBAAyB,EACzB,kBAAkB,EAClB,0BAA0B,GAC3B,MAAM,uCAAuC,CAAC;AAC/C,YAAY,EAAE,+BAA+B,EAAE,MAAM,0CAA0C,CAAC;AAChG,YAAY,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,YAAY,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,YAAY,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AACrF,YAAY,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AAEpF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;IAG3C,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,sBAAsB,CAAyB;IACvD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,yBAAyB,CAA4B;IAC7D,OAAO,CAAC,4BAA4B,CAA+B;IACnE,OAAO,CAAC,uBAAuB,CAA0B;IACzD,OAAO,CAAC,uBAAuB,CAA0B;IACzD,OAAO,CAAC,yBAAyB,CAA4B;IAC7D,OAAO,CAAC,4BAA4B,CAA+B;;IA0BnE;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAwCjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAenB;;;OAGG;IACH,yBAAyB,CAAC,QAAQ,EAAE,2BAA2B;IAI/D;;;OAGG;IACH,2BAA2B,CAAC,QAAQ,EAAE,2BAA2B;IAIjE;;;OAGG;IACH,8BAA8B,CAAC,QAAQ,EAAE,2BAA2B;IAIpE;;;OAGG;IACH,8BAA8B,CAAC,QAAQ,EAAE,2BAA2B;IAIpE;;;OAGG;IACH,gCAAgC,CAAC,QAAQ,EAAE,2BAA2B;IAItE;;;OAGG;IACH,4BAA4B,CAAC,QAAQ,EAAE,2BAA2B;IAIlE;;;OAGG;IACH,wBAAwB,CAAC,QAAQ,EAAE,2BAA2B;IAI9D;;;OAGG;IACH,mCAAmC,CAAC,QAAQ,EAAE,2BAA2B;IAIzE;;;;;OAKG;IACH,kBAAkB,CAAC,QAAQ,EAAE,2BAA2B;IAQxD;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IA+C/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAoF7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAgFlC;;;OAGG;IACH,OAAO,CAAC,4BAA4B;IA+CpC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAmBjC"}
1
+ {"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAwBxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAGzD,YAAY,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AACvE,YAAY,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,YAAY,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAC7E,YAAY,EACV,yBAAyB,EACzB,kBAAkB,EAClB,0BAA0B,GAC3B,MAAM,uCAAuC,CAAC;AAC/C,YAAY,EAAE,+BAA+B,EAAE,MAAM,0CAA0C,CAAC;AAChG,YAAY,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,YAAY,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,YAAY,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AACrF,YAAY,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AAEpF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;IAG3C,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,sBAAsB,CAAyB;IACvD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,yBAAyB,CAA4B;IAC7D,OAAO,CAAC,4BAA4B,CAA+B;IACnE,OAAO,CAAC,uBAAuB,CAA0B;IACzD,OAAO,CAAC,uBAAuB,CAA0B;IACzD,OAAO,CAAC,yBAAyB,CAA4B;IAC7D,OAAO,CAAC,4BAA4B,CAA+B;;IA0BnE;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAwCjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAenB;;;OAGG;IACH,yBAAyB,CAAC,QAAQ,EAAE,2BAA2B;IAI/D;;;OAGG;IACH,2BAA2B,CAAC,QAAQ,EAAE,2BAA2B;IAIjE;;;OAGG;IACH,8BAA8B,CAAC,QAAQ,EAAE,2BAA2B;IAIpE;;;OAGG;IACH,8BAA8B,CAAC,QAAQ,EAAE,2BAA2B;IAIpE;;;OAGG;IACH,gCAAgC,CAAC,QAAQ,EAAE,2BAA2B;IAItE;;;OAGG;IACH,4BAA4B,CAAC,QAAQ,EAAE,2BAA2B;IAIlE;;;OAGG;IACH,wBAAwB,CAAC,QAAQ,EAAE,2BAA2B;IAI9D;;;OAGG;IACH,mCAAmC,CAAC,QAAQ,EAAE,2BAA2B;IAIzE;;;;;OAKG;IACH,kBAAkB,CAAC,QAAQ,EAAE,2BAA2B;IAQxD;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IA+C/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAoF7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAoFlC;;;OAGG;IACH,OAAO,CAAC,4BAA4B;IA+CpC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAmBjC"}
package/client/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.js CHANGED
@@ -35,8 +35,8 @@ import { SafeResponseDetector } from "./SafeResponseDetector.js";
35
35
  import { ConfidenceScorer } from "./ConfidenceScorer.js";
36
36
  // Import extracted analyzers (Issue #179)
37
37
  import { AuthBypassAnalyzer, StateBasedAuthAnalyzer, SecretLeakageDetector, ChainExploitationAnalyzer, ExcessivePermissionsAnalyzer, BlacklistBypassAnalyzer, OutputInjectionAnalyzer, SessionManagementAnalyzer, CryptographicFailureAnalyzer, } from "./analyzers/index.js";
38
- // Import pattern library for Issue #146 context classification
39
- import { isPayloadInErrorContext, hasSuccessContext, hasErrorContext, } from "./SecurityPatternLibrary.js";
38
+ // Import pattern library for Issue #146 context classification and Issue #201 partial echo detection
39
+ import { isPayloadInErrorContext, isPayloadPartiallyEchoed, hasSuccessContext, hasErrorContext, } from "./SecurityPatternLibrary.js";
40
40
  /**
41
41
  * Analyzes tool responses for security vulnerabilities
42
42
  * Distinguishes between safe reflection and actual execution
@@ -423,7 +423,9 @@ export class SecurityResponseAnalyzer {
423
423
  // Check for expected evidence of execution
424
424
  if (payload.evidence && payload.evidence.test(responseText)) {
425
425
  const evidenceMatchesInput = payload.evidence.test(payloadText);
426
- if (evidenceMatchesInput && responseText.includes(payloadText)) {
426
+ // Issue #201: Use partial echo detection for truncated/modified payloads in errors
427
+ if (evidenceMatchesInput &&
428
+ isPayloadPartiallyEchoed(responseText, payload.payload)) {
427
429
  // Issue #178: Don't dismiss as echoed input if AppleScript injection detected
428
430
  if (!this.safeDetector.isAppleScriptInjectionSuccess(responseText, payload.payload)) {
429
431
  return {
package/client/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment-client",
3
- "version": "1.42.0",
3
+ "version": "1.42.1",
4
4
  "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment",
3
- "version": "1.42.0",
3
+ "version": "1.42.1",
4
4
  "description": "Enhanced MCP Inspector with comprehensive assessment capabilities for server validation",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",
package/server/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment-server",
3
- "version": "1.42.0",
3
+ "version": "1.42.1",
4
4
  "description": "Server-side application for the Enhanced MCP Inspector with assessment capabilities",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",