@bryan-thompson/inspector-assessment 1.5.0 → 1.7.0

package/client/lib/lib/prohibitedLibraries.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Prohibited Libraries Detection
+ * Based on Anthropic MCP Directory Policy #28-30
+ *
+ * MCP servers should NOT include:
+ * - Financial transaction processing libraries (Policy #28)
+ * - Payment processing libraries (Policy #29)
+ * - Media processing libraries without justification (Policy #30)
+ *
+ * Reference: https://support.claude.com/en/articles/11697096-anthropic-mcp-directory-policy
+ */
+import type { ProhibitedLibraryCategory } from "./assessmentTypes.js";
+export interface ProhibitedLibrary {
+    name: string;
+    patterns: RegExp[];
+    category: ProhibitedLibraryCategory;
+    severity: "BLOCKING" | "HIGH" | "MEDIUM";
+    policyReference: string;
+    reason: string;
+    alternatives?: string;
+}
+/**
+ * Financial/Payment Processing Libraries - BLOCKING
+ * These libraries handle real money transactions and should not be in MCP servers
+ */
+export declare const FINANCIAL_LIBRARIES: ProhibitedLibrary[];
+/**
+ * Media Processing Libraries - HIGH (requires justification)
+ * These libraries should only be included with clear justification
+ */
+export declare const MEDIA_LIBRARIES: ProhibitedLibrary[];
+/**
+ * All prohibited libraries combined
+ */
+export declare const ALL_PROHIBITED_LIBRARIES: ProhibitedLibrary[];
+/**
+ * Check a dependency name against prohibited libraries
+ */
+export declare function checkDependency(depName: string): ProhibitedLibrary | null;
+/**
+ * Check source code imports for prohibited libraries
+ */
+export declare function checkSourceImports(sourceCode: string): Array<{
+    library: ProhibitedLibrary;
+    matchedText: string;
+    lineNumber?: number;
+}>;
+/**
+ * Check package.json dependencies for prohibited libraries
+ */
+export declare function checkPackageJsonDependencies(packageJson: {
+    dependencies?: Record<string, string>;
+    devDependencies?: Record<string, string>;
+    peerDependencies?: Record<string, string>;
+}): Array<{
+    library: ProhibitedLibrary;
+    dependencyType: "dependencies" | "devDependencies" | "peerDependencies";
+    version: string;
+}>;
+/**
+ * Check Python requirements.txt for prohibited libraries
+ */
+export declare function checkRequirementsTxt(content: string): Array<{
+    library: ProhibitedLibrary;
+    matchedText: string;
+    lineNumber: number;
+}>;
+/**
+ * Get libraries by severity level
+ */
+export declare function getLibrariesBySeverity(severity: "BLOCKING" | "HIGH" | "MEDIUM"): ProhibitedLibrary[];
+/**
+ * Get libraries by category
+ */
+export declare function getLibrariesByCategory(category: ProhibitedLibraryCategory): ProhibitedLibrary[];
+//# sourceMappingURL=prohibitedLibraries.d.ts.map

package/client/lib/lib/prohibitedLibraries.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prohibitedLibraries.d.ts","sourceRoot":"","sources":["../../src/lib/prohibitedLibraries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAEnE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,iBAAiB,EAqHlD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,iBAAiB,EAkH9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,iBAAiB,EAGvD,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CASzE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,KAAK,CAAC;IAC5D,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC,CAgDD;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,WAAW,EAAE;IACxD,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C,GAAG,KAAK,CAAC;IACR,OAAO,EAAE,iBAAiB,CAAC;IAC3B,cAAc,EAAE,cAAc,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;IACxE,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CA8BD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAAC;IAC3D,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC,CAgCD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GACvC,iBAAiB,EAAE,CAErB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,yBAAyB,GAClC,iBAAiB,EAAE,CAErB"}

package/client/lib/lib/prohibitedLibraries.js

@@ -0,0 +1,364 @@
+/**
+ * Prohibited Libraries Detection
+ * Based on Anthropic MCP Directory Policy #28-30
+ *
+ * MCP servers should NOT include:
+ * - Financial transaction processing libraries (Policy #28)
+ * - Payment processing libraries (Policy #29)
+ * - Media processing libraries without justification (Policy #30)
+ *
+ * Reference: https://support.claude.com/en/articles/11697096-anthropic-mcp-directory-policy
+ */
+/**
+ * Financial/Payment Processing Libraries - BLOCKING
+ * These libraries handle real money transactions and should not be in MCP servers
+ */
+export const FINANCIAL_LIBRARIES = [
+    // Payment Processors
+    {
+        name: "stripe",
+        patterns: [/\bstripe\b/i, /@stripe\//i],
+        category: "payments",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "Stripe SDK enables payment processing which violates directory policy",
+        alternatives: "Use Stripe's webhook-based approach outside of MCP context",
+    },
+    {
+        name: "paypal",
+        patterns: [/\bpaypal\b/i, /@paypal\//i, /paypal-rest-sdk/i],
+        category: "payments",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "PayPal SDK enables payment processing",
+        alternatives: "Process payments outside of MCP server",
+    },
+    {
+        name: "square",
+        patterns: [/\bsquare\b/i, /@square\//i, /square-connect/i],
+        category: "payments",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "Square SDK enables payment processing",
+    },
+    {
+        name: "braintree",
+        patterns: [/\bbraintree\b/i],
+        category: "payments",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "Braintree SDK enables payment processing",
+    },
+    {
+        name: "adyen",
+        patterns: [/\badyen\b/i, /@adyen\//i],
+        category: "payments",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "Adyen SDK enables payment processing",
+    },
+    // Banking/Financial Data
+    {
+        name: "plaid",
+        patterns: [/\bplaid\b/i, /plaid-node/i, /@plaid\//i],
+        category: "banking",
+        severity: "BLOCKING",
+        policyReference: "Policy #29",
+        reason: "Plaid connects to bank accounts which poses significant security risk",
+    },
+    {
+        name: "yodlee",
+        patterns: [/\byodlee\b/i],
+        category: "banking",
+        severity: "BLOCKING",
+        policyReference: "Policy #29",
+        reason: "Yodlee accesses financial account data",
+    },
+    {
+        name: "finicity",
+        patterns: [/\bfinicity\b/i],
+        category: "banking",
+        severity: "BLOCKING",
+        policyReference: "Policy #29",
+        reason: "Finicity accesses financial account data",
+    },
+    {
+        name: "mx",
+        patterns: [/\bmx-platform\b/i, /@mx\//i],
+        category: "banking",
+        severity: "BLOCKING",
+        policyReference: "Policy #29",
+        reason: "MX Platform accesses financial account data",
+    },
+    // Cryptocurrency
+    {
+        name: "coinbase",
+        patterns: [/\bcoinbase\b/i, /coinbase-commerce/i, /@coinbase\//i],
+        category: "financial",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "Coinbase SDK enables cryptocurrency transactions",
+    },
+    {
+        name: "binance",
+        patterns: [/\bbinance\b/i, /node-binance-api/i],
+        category: "financial",
+        severity: "BLOCKING",
+        policyReference: "Policy #28",
+        reason: "Binance SDK enables cryptocurrency trading",
+    },
+    {
+        name: "ethers",
+        patterns: [/\bethers\b/i, /ethers\.js/i],
+        category: "financial",
+        severity: "HIGH",
+        policyReference: "Policy #28",
+        reason: "Ethers.js enables Ethereum transactions (review blockchain read-only use)",
+        alternatives: "May be acceptable for read-only blockchain queries",
+    },
+    {
+        name: "web3",
+        patterns: [/\bweb3\b/i, /web3\.js/i],
+        category: "financial",
+        severity: "HIGH",
+        policyReference: "Policy #28",
+        reason: "Web3.js enables blockchain transactions (review read-only use)",
+        alternatives: "May be acceptable for read-only blockchain queries",
+    },
+];
+/**
+ * Media Processing Libraries - HIGH (requires justification)
+ * These libraries should only be included with clear justification
+ */
+export const MEDIA_LIBRARIES = [
+    // Image Processing
+    {
+        name: "pillow",
+        patterns: [/\bpillow\b/i, /\bpil\b/i, /from\s+PIL\s+import/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "PIL/Pillow enables image manipulation - requires justification for MCP server use",
+        alternatives: "Consider if image processing is necessary for MCP functionality",
+    },
+    {
+        name: "opencv",
+        patterns: [/\bopencv\b/i, /cv2/i, /opencv-python/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "OpenCV enables computer vision/image processing - requires justification",
+    },
+    {
+        name: "sharp",
+        patterns: [/\bsharp\b/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "Sharp enables image processing in Node.js - requires justification",
+        alternatives: "Consider if image transformation is core to MCP functionality",
+    },
+    {
+        name: "jimp",
+        patterns: [/\bjimp\b/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "Jimp enables image manipulation in JavaScript - requires justification",
+    },
+    {
+        name: "imagemagick",
+        patterns: [/\bimagemagick\b/i, /\bmagick\b/i, /gm\b/],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "ImageMagick enables image processing - requires justification",
+    },
+    {
+        name: "node-canvas",
+        patterns: [/\bnode-canvas\b/i, /\bcanvas\b/],
+        category: "media",
+        severity: "MEDIUM",
+        policyReference: "Policy #30",
+        reason: "Canvas enables image generation - may be acceptable for visualization",
+    },
+    // Video/Audio Processing
+    {
+        name: "ffmpeg",
+        patterns: [/\bffmpeg\b/i, /fluent-ffmpeg/i, /ffmpeg-static/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "FFmpeg enables video/audio processing - requires strong justification",
+    },
+    {
+        name: "moviepy",
+        patterns: [/\bmoviepy\b/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "MoviePy enables video editing - requires justification",
+    },
+    {
+        name: "pydub",
+        patterns: [/\bpydub\b/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "PyDub enables audio manipulation - requires justification",
+    },
+    {
+        name: "sox",
+        patterns: [/\bsox\b/i, /python-sox/i],
+        category: "media",
+        severity: "HIGH",
+        policyReference: "Policy #30",
+        reason: "SoX enables audio processing - requires justification",
+    },
+    // PDF Processing (often legitimate)
+    {
+        name: "pdf-lib",
+        patterns: [/\bpdf-lib\b/i],
+        category: "media",
+        severity: "MEDIUM",
+        policyReference: "Policy #30",
+        reason: "PDF-lib enables PDF manipulation - often legitimate for document tools",
+    },
+    {
+        name: "pypdf",
+        patterns: [/\bpypdf\b/i, /pypdf2/i],
+        category: "media",
+        severity: "MEDIUM",
+        policyReference: "Policy #30",
+        reason: "PyPDF enables PDF manipulation - often legitimate for document tools",
+    },
+];
+/**
+ * All prohibited libraries combined
+ */
+export const ALL_PROHIBITED_LIBRARIES = [
+    ...FINANCIAL_LIBRARIES,
+    ...MEDIA_LIBRARIES,
+];
+/**
+ * Check a dependency name against prohibited libraries
+ */
+export function checkDependency(depName) {
+    for (const lib of ALL_PROHIBITED_LIBRARIES) {
+        for (const pattern of lib.patterns) {
+            if (pattern.test(depName)) {
+                return lib;
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Check source code imports for prohibited libraries
+ */
+export function checkSourceImports(sourceCode) {
+    const matches = [];
+    const lines = sourceCode.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Check import statements
+        const importPatterns = [
+            /import\s+.*from\s+['"]([^'"]+)['"]/g, // ES6 import
+            /require\s*\(\s*['"]([^'"]+)['"]\s*\)/g, // CommonJS require
+            /from\s+([a-zA-Z_][a-zA-Z0-9_]*)\s+import/g, // Python import
+            /import\s+([a-zA-Z_][a-zA-Z0-9_]*)/g, // Python import
+        ];
+        for (const importPattern of importPatterns) {
+            let match;
+            while ((match = importPattern.exec(line)) !== null) {
+                const importedModule = match[1];
+                for (const lib of ALL_PROHIBITED_LIBRARIES) {
+                    for (const pattern of lib.patterns) {
+                        if (pattern.test(importedModule) || pattern.test(line)) {
+                            matches.push({
+                                library: lib,
+                                matchedText: match[0],
+                                lineNumber: i + 1,
+                            });
+                        }
+                    }
+                }
+            }
+        }
+    }
+    // De-duplicate matches by library name and line
+    const seen = new Set();
+    return matches.filter((m) => {
+        const key = `${m.library.name}:${m.lineNumber}`;
+        if (seen.has(key))
+            return false;
+        seen.add(key);
+        return true;
+    });
+}
+/**
+ * Check package.json dependencies for prohibited libraries
+ */
+export function checkPackageJsonDependencies(packageJson) {
+    const matches = [];
+    const depTypes = [
+        "dependencies",
+        "devDependencies",
+        "peerDependencies",
+    ];
+    for (const depType of depTypes) {
+        const deps = packageJson[depType];
+        if (!deps)
+            continue;
+        for (const [depName, version] of Object.entries(deps)) {
+            const prohibitedLib = checkDependency(depName);
+            if (prohibitedLib) {
+                matches.push({
+                    library: prohibitedLib,
+                    dependencyType: depType,
+                    version,
+                });
+            }
+        }
+    }
+    return matches;
+}
+/**
+ * Check Python requirements.txt for prohibited libraries
+ */
+export function checkRequirementsTxt(content) {
+    const matches = [];
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i].trim();
+        // Skip comments and empty lines
+        if (!line || line.startsWith("#"))
+            continue;
+        // Extract package name (before any version specifier)
+        const packageMatch = line.match(/^([a-zA-Z0-9_-]+)/);
+        if (!packageMatch)
+            continue;
+        const packageName = packageMatch[1];
+        const prohibitedLib = checkDependency(packageName);
+        if (prohibitedLib) {
+            matches.push({
+                library: prohibitedLib,
+                matchedText: line,
+                lineNumber: i + 1,
+            });
+        }
+    }
+    return matches;
+}
+/**
+ * Get libraries by severity level
+ */
+export function getLibrariesBySeverity(severity) {
+    return ALL_PROHIBITED_LIBRARIES.filter((lib) => lib.severity === severity);
+}
+/**
+ * Get libraries by category
+ */
+export function getLibrariesByCategory(category) {
+    return ALL_PROHIBITED_LIBRARIES.filter((lib) => lib.category === category);
+}

package/client/lib/lib/securityPatterns.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Backend API Security Patterns
+ * Tests MCP server API security with 13 focused patterns
+ *
+ * Architecture: Attack-Type with Specific Payloads
+ * - Critical Injection (4 patterns): Command, Calculator, SQL, Path Traversal
+ * - Input Validation (3 patterns): Type Safety, Boundary Testing, Required Fields
+ * - Protocol Compliance (2 patterns): MCP Error Format, Timeout Handling
+ * - Tool-Specific Vulnerabilities (4 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting
+ *
+ * Scope: Backend API Security ONLY
+ * - Tests structured data inputs to API endpoints
+ * - Validates server-side security controls
+ * - Tests MCP protocol compliance
+ * - Tests tool-specific vulnerability patterns with parameter-aware payloads
+ *
+ * Out of Scope: LLM Prompt Injection
+ * - MCP servers are APIs that receive structured data, not prompts
+ * - If a server uses an LLM internally, that's the LLM's responsibility
+ * - We test the MCP API layer, not the LLM behavior layer
+ */
+import { SecurityRiskLevel } from "./assessmentTypes.js";
+export interface SecurityPayload {
+    payload: string;
+    evidence: RegExp;
+    riskLevel: SecurityRiskLevel;
+    description: string;
+    payloadType: string;
+    parameterTypes?: string[];
+}
+export interface AttackPattern {
+    attackName: string;
+    description: string;
+    payloads: SecurityPayload[];
+}
+/**
+ * ========================================
+ * BACKEND API SECURITY PATTERNS
+ * ========================================
+ *
+ * 13 focused patterns for MCP server API security
+ */
+export declare const SECURITY_ATTACK_PATTERNS: AttackPattern[];
+/**
+ * Get all payloads for an attack type
+ */
+export declare function getPayloadsForAttack(attackName: string, limit?: number): SecurityPayload[];
+/**
+ * Get all attack patterns (for testing all tools)
+ */
+export declare function getAllAttackPatterns(): AttackPattern[];
+/**
+ * Get pattern statistics
+ */
+export declare function getPatternStatistics(): {
+    totalAttackTypes: number;
+    totalPayloads: number;
+    highRiskPayloads: number;
+    mediumRiskPayloads: number;
+    lowRiskPayloads: number;
+    payloadTypeBreakdown: Record<string, number>;
+    averagePayloadsPerAttack: number;
+};
+//# sourceMappingURL=securityPatterns.d.ts.map

package/client/lib/lib/securityPatterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,EAgZnD,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB;;;;;;;;EA8BnC"}