@dollhousemcp/mcp-server 1.7.2 → 1.7.4

package/dist/scripts/src/security/contentValidator.js

@@ -0,0 +1,415 @@
+"use strict";
+/**
+ * Content Validator for DollhouseMCP
+ *
+ * Protects against prompt injection attacks in collection personas
+ * by detecting and sanitizing malicious content patterns.
+ *
+ * Security: SEC-001 - Critical vulnerability protection
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContentValidator = void 0;
+const errors_js_1 = require("./errors.js");
+const securityMonitor_js_1 = require("./securityMonitor.js");
+const regexValidator_js_1 = require("./regexValidator.js");
+const constants_js_1 = require("./constants.js");
+const unicodeValidator_js_1 = require("./validators/unicodeValidator.js");
+class ContentValidator {
+    /**
+     * Validates and sanitizes persona content for security threats
+     */
+    static validateAndSanitize(content) {
+        // Length validation before pattern matching
+        if (content.length > constants_js_1.SECURITY_LIMITS.MAX_CONTENT_LENGTH) {
+            throw new errors_js_1.SecurityError(`Content exceeds maximum length of ${constants_js_1.SECURITY_LIMITS.MAX_CONTENT_LENGTH} characters (${content.length} provided)`);
+        }
+        const detectedPatterns = [];
+        let sanitized = content;
+        let highestSeverity = 'low';
+        // Unicode normalization preprocessing to prevent bypass attacks
+        const unicodeResult = unicodeValidator_js_1.UnicodeValidator.normalize(sanitized);
+        sanitized = unicodeResult.normalizedContent;
+        if (!unicodeResult.isValid && unicodeResult.detectedIssues) {
+            detectedPatterns.push(...unicodeResult.detectedIssues.map(issue => `Unicode: ${issue}`));
+            if (unicodeResult.severity) {
+                highestSeverity = unicodeResult.severity;
+            }
+        }
+        // Check for injection patterns
+        for (const { pattern, severity, description } of this.INJECTION_PATTERNS) {
+            // These are trusted internal patterns, so we disable ReDoS rejection
+            if (regexValidator_js_1.RegexValidator.validate(content, pattern, {
+                maxLength: 50000,
+                rejectDangerousPatterns: false,
+                logEvents: false // Don't log our own security patterns as dangerous
+            })) {
+                detectedPatterns.push(description);
+                // Update highest severity
+                if (severity === 'critical' || (severity === 'high' && highestSeverity !== 'critical')) {
+                    highestSeverity = severity;
+                }
+                // Log security event
+                securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                    type: 'CONTENT_INJECTION_ATTEMPT',
+                    severity: severity.toUpperCase(),
+                    source: 'content_validation',
+                    details: `Detected pattern: ${description}`,
+                });
+                // Sanitize by replacing with safe placeholder
+                sanitized = sanitized.replace(pattern, '[CONTENT_BLOCKED]');
+            }
+        }
+        return {
+            isValid: detectedPatterns.length === 0,
+            sanitizedContent: sanitized,
+            detectedPatterns,
+            severity: highestSeverity
+        };
+    }
+    /**
+     * Validates YAML frontmatter for malicious content
+     * SECURITY FIX #364: Added YAML bomb detection to prevent denial of service
+     */
+    static validateYamlContent(yamlContent) {
+        // Length validation before pattern matching
+        if (yamlContent.length > constants_js_1.SECURITY_LIMITS.MAX_YAML_LENGTH) {
+            securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                type: 'YAML_INJECTION_ATTEMPT',
+                severity: 'HIGH',
+                source: 'yaml_validation',
+                details: `YAML content exceeds maximum length: ${yamlContent.length} > ${constants_js_1.SECURITY_LIMITS.MAX_YAML_LENGTH}`
+            });
+            return false;
+        }
+        // SECURITY FIX #364: Check for YAML bombs before other validation
+        // SECURITY FIX (PR #552 review): Use RegexValidator for ReDoS protection
+        for (const pattern of this.YAML_BOMB_PATTERNS) {
+            // Use RegexValidator to safely check patterns with timeout protection
+            // This prevents ReDoS attacks from maliciously crafted YAML
+            const isMatch = regexValidator_js_1.RegexValidator.validate(yamlContent, pattern, {
+                maxLength: constants_js_1.SECURITY_LIMITS.MAX_YAML_LENGTH,
+                rejectDangerousPatterns: false, // Our patterns are trusted
+                logEvents: false // We handle logging ourselves
+            });
+            if (isMatch) {
+                securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                    type: 'YAML_INJECTION_ATTEMPT',
+                    severity: 'CRITICAL',
+                    source: 'yaml_bomb_detection',
+                    details: `YAML bomb pattern detected: ${pattern.source}`,
+                    metadata: {
+                        patternType: 'YAML_BOMB',
+                        contentLength: yamlContent.length
+                    }
+                });
+                return false;
+            }
+        }
+        // SECURITY FIX #364: Count anchor/alias ratio for amplification detection
+        const anchorMatches = yamlContent.match(/&\w+/g) || [];
+        const aliasMatches = yamlContent.match(/\*\w+/g) || [];
+        const amplificationRatio = anchorMatches.length > 0 ? aliasMatches.length / anchorMatches.length : 0;
+        if (amplificationRatio > 10) { // More than 10 aliases per anchor is suspicious
+            securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                type: 'YAML_INJECTION_ATTEMPT',
+                severity: 'HIGH',
+                source: 'yaml_amplification_detection',
+                details: `Excessive alias amplification detected: ${aliasMatches.length} aliases for ${anchorMatches.length} anchors (ratio: ${amplificationRatio.toFixed(2)})`,
+                metadata: {
+                    anchors: anchorMatches.length,
+                    aliases: aliasMatches.length,
+                    ratio: amplificationRatio
+                }
+            });
+            return false;
+        }
+        // SECURITY FIX #364: Detect circular reference chains
+        // SECURITY FIX (PR #552 review): Optimized from O(n²) to O(n) using Set-based lookups
+        const anchorRefs = new Map();
+        const lines = yamlContent.split('\n');
+        // First pass: Build reference map efficiently
+        for (let i = 0; i < lines.length; i++) {
+            const anchorMatch = lines[i].match(/&(\w+)/);
+            if (anchorMatch) {
+                const anchorName = anchorMatch[1];
+                // Get references in next 5 lines
+                const contextEnd = Math.min(i + 5, lines.length);
+                const references = new Set();
+                for (let j = i; j < contextEnd; j++) {
+                    const aliasMatches = lines[j].match(/\*(\w+)/g);
+                    if (aliasMatches) {
+                        aliasMatches.forEach(alias => {
+                            references.add(alias.substring(1)); // Remove * prefix
+                        });
+                    }
+                }
+                anchorRefs.set(anchorName, references);
+            }
+        }
+        // Second pass: Check for circular references (O(n) with Set lookups)
+        for (const [anchor1, refs1] of anchorRefs) {
+            for (const refAnchor of refs1) {
+                const refs2 = anchorRefs.get(refAnchor);
+                // Check if the referenced anchor references back to the original
+                if (refs2 && refs2.has(anchor1)) {
+                    securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                        type: 'YAML_INJECTION_ATTEMPT',
+                        severity: 'CRITICAL',
+                        source: 'yaml_bomb_detection',
+                        details: `Circular reference chain detected between anchors: &${anchor1} and &${refAnchor}`,
+                        metadata: {
+                            patternType: 'CIRCULAR_REFERENCE',
+                            anchors: [anchor1, refAnchor]
+                        }
+                    });
+                    return false;
+                }
+            }
+        }
+        // Unicode normalization preprocessing for YAML content
+        const unicodeResult = unicodeValidator_js_1.UnicodeValidator.normalize(yamlContent);
+        const normalizedYaml = unicodeResult.normalizedContent;
+        if (!unicodeResult.isValid && unicodeResult.detectedIssues) {
+            securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                type: 'YAML_UNICODE_ATTACK',
+                severity: (unicodeResult.severity?.toUpperCase() || 'MEDIUM'),
+                source: 'yaml_validation',
+                details: `Unicode attack detected in YAML: ${unicodeResult.detectedIssues.join(', ')}`
+            });
+            return false;
+        }
+        for (const pattern of this.MALICIOUS_YAML_PATTERNS) {
+            // These are trusted internal patterns, so we disable ReDoS rejection
+            if (regexValidator_js_1.RegexValidator.validate(normalizedYaml, pattern, {
+                maxLength: 10000,
+                rejectDangerousPatterns: false,
+                logEvents: false // Don't log our own security patterns as dangerous
+            })) {
+                securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                    type: 'YAML_INJECTION_ATTEMPT',
+                    severity: 'CRITICAL',
+                    source: 'yaml_validation',
+                    details: `Malicious YAML pattern detected: ${pattern}`,
+                });
+                // Early exit on first match for performance
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Validates persona metadata fields
+     */
+    static validateMetadata(metadata) {
+        const detectedPatterns = [];
+        // Check all string fields in metadata
+        const checkField = (fieldName, value) => {
+            if (typeof value === 'string') {
+                // Check field length first
+                if (value.length > constants_js_1.SECURITY_LIMITS.MAX_METADATA_FIELD_LENGTH) {
+                    detectedPatterns.push(`${fieldName}: Field exceeds maximum length of ${constants_js_1.SECURITY_LIMITS.MAX_METADATA_FIELD_LENGTH} characters`);
+                    return;
+                }
+                const result = this.validateAndSanitize(value);
+                if (!result.isValid || result.detectedPatterns?.length) {
+                    detectedPatterns.push(`${fieldName}: ${result.detectedPatterns?.join(', ')}`);
+                }
+            }
+        };
+        // Validate standard persona fields
+        checkField('name', metadata.name);
+        checkField('description', metadata.description);
+        checkField('category', metadata.category);
+        checkField('author', metadata.author);
+        // Check any custom fields
+        for (const [key, value] of Object.entries(metadata)) {
+            if (!['name', 'description', 'category', 'author'].includes(key)) {
+                checkField(key, value);
+            }
+        }
+        return {
+            isValid: detectedPatterns.length === 0,
+            detectedPatterns,
+            severity: detectedPatterns.length > 0 ? 'high' : 'low'
+        };
+    }
+    /**
+     * Sanitizes a complete persona file (frontmatter + content)
+     */
+    static sanitizePersonaContent(content) {
+        // Extract frontmatter
+        const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---/);
+        if (!frontmatterMatch) {
+            // No frontmatter, just validate content
+            const result = this.validateAndSanitize(content);
+            if (!result.isValid && result.severity === 'critical') {
+                // FIX: Include specific patterns that triggered the rejection for debugging
+                const patterns = result.detectedPatterns?.join(', ') || 'unknown patterns';
+                throw new errors_js_1.SecurityError(`Critical security threat detected in persona content: ${patterns}`);
+            }
+            return result.sanitizedContent || content;
+        }
+        const yamlContent = frontmatterMatch[1];
+        const markdownContent = content.substring(frontmatterMatch[0].length);
+        // Validate YAML
+        if (!this.validateYamlContent(yamlContent)) {
+            throw new errors_js_1.SecurityError('Malicious YAML detected in persona frontmatter');
+        }
+        // Validate markdown content
+        const contentResult = this.validateAndSanitize(markdownContent);
+        if (!contentResult.isValid && contentResult.severity === 'critical') {
+            // FIX: Include specific patterns that triggered the rejection for debugging
+            const patterns = contentResult.detectedPatterns?.join(', ') || 'unknown patterns';
+            throw new errors_js_1.SecurityError(`Critical security threat detected in persona content: ${patterns}`);
+        }
+        // Return sanitized content
+        return `---\n${yamlContent}\n---${contentResult.sanitizedContent || markdownContent}`;
+    }
+}
+exports.ContentValidator = ContentValidator;
+/**
+ * Pattern-based detection system for prompt injection attacks.
+ *
+ * This approach was chosen over AI-based detection because:
+ * 1. Pattern matching cannot be socially engineered or confused
+ * 2. Deterministic results ensure consistent security
+ * 3. No additional API calls or latency
+ * 4. Can't be bypassed by clever prompt engineering
+ *
+ * The patterns below represent known attack vectors from security research
+ * and real-world exploit attempts against AI systems.
+ */
+// Prompt injection patterns that could compromise AI assistants
+ContentValidator.INJECTION_PATTERNS = [
+    // System prompt override attempts
+    { pattern: /\[SYSTEM:\s*.*?\]/gi, severity: 'critical', description: 'System prompt override' },
+    { pattern: /\[ADMIN:\s*.*?\]/gi, severity: 'critical', description: 'Admin prompt override' },
+    { pattern: /\[ASSISTANT:\s*.*?\]/gi, severity: 'critical', description: 'Assistant prompt override' },
+    { pattern: /\[USER:\s*.*?\]/gi, severity: 'high', description: 'User prompt override' },
+    // Instruction manipulation
+    { pattern: /ignore\s+(all\s+)?previous\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+    { pattern: /ignore\s+(all\s+)?prior\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+    { pattern: /disregard\s+(all\s+)?previous\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+    { pattern: /forget\s+(all\s+)?previous\s+instructions/gi, severity: 'critical', description: 'Instruction override' },
+    { pattern: /you\s+are\s+now\s+(admin|root|system|sudo)/gi, severity: 'critical', description: 'Role elevation attempt' },
+    { pattern: /act\s+as\s+(admin|root|system|sudo)/gi, severity: 'critical', description: 'Role elevation attempt' },
+    // Data exfiltration attempts
+    { pattern: /export\s+all\s+(files|data|personas|tokens|credentials)/gi, severity: 'critical', description: 'Data exfiltration' },
+    { pattern: /send\s+all\s+(files|data|personas|tokens|credentials)\s+to/gi, severity: 'critical', description: 'Data exfiltration' },
+    { pattern: /list\s+all\s+(files|tokens|credentials|secrets)/gi, severity: 'high', description: 'Information disclosure' },
+    { pattern: /show\s+me\s+all\s+(tokens|credentials|secrets|api\s+keys)/gi, severity: 'high', description: 'Credential disclosure' },
+    // Command execution patterns
+    { pattern: /curl\s+[^\s]+\.(com|net|org|io|dev)/gi, severity: 'critical', description: 'External command execution' },
+    { pattern: /wget\s+[^\s]+\.(com|net|org|io|dev)/gi, severity: 'critical', description: 'External command execution' },
+    { pattern: /\$\([^)]+\)/g, severity: 'critical', description: 'Command substitution' },
+    // SECURITY: More refined backtick pattern - distinguishes between dangerous commands and documentation
+    // Only block truly dangerous shell commands, not educational examples
+    { pattern: /`[^`]*(?:rm\s+-r[f]?|cat\s+\/etc\/|ls\s+\/etc\/|chmod\s+777|chown\s+root|bash\s+-c\s+[\"']|sh\s+-c\s+[\"']|sudo\s+rm|sudo\s+chmod|passwd\s+|shadow\s+|nc\s+-l|netcat\s+-l|ssh\s+root@)[^`]*`/gi, severity: 'critical', description: 'Dangerous shell command in backticks' },
+    // Block actual malicious file operations and network commands with pipes/redirects
+    { pattern: /`[^`]*(?:rm\s+-rf\s+\/|\/etc\/passwd|\/etc\/shadow|\.ssh\/id_|sudo\s+su|>\s*\/dev\/null.*\||curl\s+.*\|\s*sh|wget\s+.*\|\s*bash|bash\s+.*\.sh\s*\|)[^`]*`/gi, severity: 'critical', description: 'Malicious backtick command' },
+    // Only block actual script execution, not documentation showing syntax
+    { pattern: /`[^`]*(?:python|perl|ruby|php|node)\s+(?:-e|-c)\s+[\"'](?:import\s+os|exec|eval|system|subprocess)[^`]+`/gi, severity: 'critical', description: 'Malicious script evaluation in backticks' },
+    { pattern: /eval\s*\(/gi, severity: 'critical', description: 'Code evaluation' },
+    { pattern: /exec\s*\(/gi, severity: 'critical', description: 'Code execution' },
+    { pattern: /os\.system\s*\(/gi, severity: 'critical', description: 'System command execution' },
+    { pattern: /subprocess\.(call|run|Popen)/gi, severity: 'critical', description: 'Subprocess execution' },
+    // Token/credential patterns
+    { pattern: /GITHUB_TOKEN/gi, severity: 'high', description: 'Token reference' },
+    { pattern: /ghp_[a-zA-Z0-9]{36}/g, severity: 'critical', description: 'GitHub token exposure' },
+    { pattern: /gho_[a-zA-Z0-9]{36}/g, severity: 'critical', description: 'GitHub OAuth token exposure' },
+    // Path traversal in content
+    { pattern: /\.\.\/\.\.\/\.\.\//g, severity: 'high', description: 'Path traversal attempt' },
+    { pattern: /\/etc\/passwd/gi, severity: 'high', description: 'Sensitive file access' },
+    { pattern: /\/\.ssh\//gi, severity: 'high', description: 'SSH key access attempt' },
+];
+// Malicious YAML patterns
+// SECURITY FIX #364: YAML bomb detection patterns
+// SECURITY FIX (PR #552 review): Simplified patterns to reduce ReDoS risk
+ContentValidator.YAML_BOMB_PATTERNS = [
+    // Detects recursive anchor references that could cause exponential expansion
+    // Example: &a [*a] or &bomb ["test", *bomb]
+    /&(\w+)\s*\[[^\]]*\*\1[^\]]*\]/, // Direct recursion in array
+    /&(\w+)\s*\{[^}]*\*\1[^}]*\}/, // Direct recursion in object
+    /^\s*\w+:\s*&(\w+)\s*\n\s*\w+:\s*\*\1/m, // Multi-line value recursion (data: &ref / value: *ref)
+    // Simplified pattern to detect deeply nested anchors (less ReDoS risk)
+    // Looks for 3+ anchor definitions in close proximity
+    /&\w+[^&]*&\w+[^&]*&\w+/, // 3+ anchors (simplified, less backtracking)
+    // Detects excessive aliases in close proximity (potential amplification)
+    // Example: [*a, *b, *c, *d, *e, *f, *g, *h, *i, *j]
+    /\*\w+(?:[,\s]+\*\w+){9,}/, // 10+ aliases in sequence (non-capturing group)
+];
+ContentValidator.MALICIOUS_YAML_PATTERNS = [
+    // Language-specific deserialization attacks
+    /!!python\/object/,
+    /!!python\/module/,
+    /!!python\/name/,
+    /!!ruby\/object/,
+    /!!ruby\/hash/,
+    /!!ruby\/struct/,
+    /!!ruby\/marshal/,
+    /!!java/,
+    /!!javax/,
+    /!!com\.sun/,
+    /!!perl\/hash/,
+    /!!perl\/code/,
+    /!!php\/object/,
+    // Constructor/function injection
+    /!!exec/,
+    /!!eval/,
+    /!!new/,
+    /!!construct/,
+    /!!apply/,
+    /!!call/,
+    /!!invoke/,
+    // Code execution patterns - more specific to avoid false positives
+    /subprocess\./,
+    /os\.system/,
+    /eval\s*\(/,
+    /exec\s*\(/,
+    /__import__\s*\(/,
+    /require\s*\(/,
+    /import\s+(?:os|sys|subprocess|eval|exec)/,
+    /include\s+["'].*\.(?:php|sh|py|js|rb)["']/,
+    // Command execution variants - more specific patterns
+    /popen\s*\(/,
+    /spawn\s*\(/,
+    /system\s*\(/,
+    /backtick\s*\(/,
+    /shell_exec\s*\(/,
+    /passthru\s*\(/,
+    /proc_open\s*\(/,
+    // Network operations - require suspicious context
+    /socket\.connect/, // Detects socket connection attempts
+    /urllib\.request/, // Python HTTP library usage
+    /requests\.(?:get|post|put|delete)\s*\(/, // Detects HTTP requests with method calls
+    /fetch\s*\(\s*["']https?:\/\//, // Detects fetch calls to external URLs
+    /new\s+XMLHttpRequest/, // JavaScript AJAX object creation
+    /\.(?:get|post|put|delete)\s*\(\s*["']https?:\/\//, // Method chaining with HTTP requests
+    // File system operations - require suspicious context
+    /(?:fs\.|file\.|)\s*open\s*\(\s*["'](?:\/etc\/|\/bin\/|\.\.\/)/, // File open with suspicious paths
+    /file_get_contents\s*\(/, // PHP file reading function
+    /file_put_contents\s*\(/, // PHP file writing function
+    /fopen\s*\(\s*["'](?:\/etc\/|\/bin\/|\.\.\/)/, // File open with dangerous system paths
+    /(?:fs\.)?\s*readFile\s*\(\s*["'](?:\/etc\/|\/bin\/|\.\.\/)/, // Node.js file read with path traversal
+    /(?:fs\.)?\s*writeFile\s*\(\s*["'](?:\/(?:bin|etc|tmp)\/|\.\.\/)/, // Node.js file write to system dirs
+    // Protocol handlers
+    /file:\/\//,
+    /data:\/\//,
+    /expect:\/\//,
+    /php:\/\//,
+    /phar:\/\//,
+    /zip:\/\//,
+    /ssh2:\/\//,
+    /ogg:\/\//,
+    // YAML-specific dangerous features
+    /&[a-zA-Z0-9_]+\s*!!/, // Anchor with tag combination
+    /\*[a-zA-Z0-9_]+\s*!!/, // Alias with tag combination
+    /!!merge/,
+    /!!binary/,
+    /!!timestamp/,
+    // Unicode/encoding bypass attempts - prevent visual spoofing attacks
+    /\\[uU]0*(?:22|27|60|3[cC])/, // Unicode escapes for quotes (") and brackets (<>)
+    /[\u202A-\u202E\u2066-\u2069]/, // Direction override chars (RLO, LRO, isolates)
+    /[\u200B-\u200F\u2028-\u202F]/, // Zero-width spaces, line/paragraph separators
+    /[\uFEFF\uFFFE\uFFFF]/, // BOM, non-characters for payload hiding
+];

package/dist/scripts/src/security/errors.js

@@ -0,0 +1,32 @@
+"use strict";
+/**
+ * Security-related error classes
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TimeoutError = exports.ValidationError = exports.SecurityError = void 0;
+class SecurityError extends Error {
+    constructor(message, code) {
+        super(message);
+        this.name = 'SecurityError';
+        this.code = code;
+        // Maintains proper prototype chain for instanceof checks
+        Object.setPrototypeOf(this, SecurityError.prototype);
+    }
+}
+exports.SecurityError = SecurityError;
+class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+        Object.setPrototypeOf(this, ValidationError.prototype);
+    }
+}
+exports.ValidationError = ValidationError;
+class TimeoutError extends SecurityError {
+    constructor(message = 'Operation timed out') {
+        super(message);
+        this.name = 'TimeoutError';
+        Object.setPrototypeOf(this, TimeoutError.prototype);
+    }
+}
+exports.TimeoutError = TimeoutError;

package/dist/scripts/src/security/regexValidator.js

@@ -0,0 +1,217 @@
+"use strict";
+/**
+ * RegexValidator - Provides protection against ReDoS attacks
+ *
+ * This module implements safe regex execution by:
+ * 1. Pre-validating content length based on pattern complexity
+ * 2. Analyzing patterns for known ReDoS vulnerabilities
+ * 3. Limiting execution based on calculated risk
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RegexValidator = void 0;
+const errors_js_1 = require("./errors.js");
+const securityMonitor_js_1 = require("./securityMonitor.js");
+class RegexValidator {
+    /**
+     * Validates content against a pattern with ReDoS protection
+     *
+     * Protection strategy:
+     * 1. Analyze pattern complexity
+     * 2. Enforce content length limits based on complexity
+     * 3. Reject known dangerous patterns
+     * 4. Execute regex only if safe
+     */
+    static validate(content, pattern, options = {}) {
+        const { maxLength, rejectDangerousPatterns = true, logEvents = true } = options;
+        // Analyze pattern for ReDoS risks
+        const analysis = this.analyzePattern(pattern);
+        // Reject dangerous patterns if configured
+        if (rejectDangerousPatterns && !analysis.safe) {
+            if (logEvents) {
+                securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                    type: 'UPDATE_SECURITY_VIOLATION',
+                    severity: 'HIGH',
+                    source: 'RegexValidator',
+                    details: 'Dangerous regex pattern rejected',
+                    additionalData: {
+                        pattern: pattern.source,
+                        risks: analysis.risks
+                    }
+                });
+            }
+            throw new errors_js_1.SecurityError(`Pattern rejected due to ReDoS risk: ${analysis.risks.join(', ')}`);
+        }
+        // Determine effective max length
+        const effectiveMaxLength = maxLength ?? analysis.maxSafeLength;
+        // Check content length
+        if (content.length > effectiveMaxLength) {
+            throw new errors_js_1.SecurityError(`Content too large for validation: ${content.length} bytes (max: ${effectiveMaxLength} for ${analysis.complexity} complexity pattern)`);
+        }
+        // Create a copy of the regex to avoid modifying the original
+        const safeCopy = new RegExp(pattern.source, pattern.flags);
+        try {
+            // Track execution time for monitoring
+            const startTime = performance.now();
+            const result = safeCopy.test(content);
+            const elapsed = performance.now() - startTime;
+            // Log slow patterns
+            if (elapsed > 50 && logEvents) {
+                securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                    type: 'RATE_LIMIT_WARNING',
+                    severity: 'MEDIUM',
+                    source: 'RegexValidator',
+                    details: `Slow regex execution: ${elapsed.toFixed(2)}ms`,
+                    additionalData: {
+                        pattern: pattern.source,
+                        contentLength: content.length,
+                        elapsed
+                    }
+                });
+            }
+            return result;
+        }
+        catch (error) {
+            // Handle any regex errors
+            if (logEvents) {
+                securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                    type: 'UPDATE_SECURITY_VIOLATION',
+                    severity: 'HIGH',
+                    source: 'RegexValidator',
+                    details: 'Regex execution error',
+                    additionalData: {
+                        error: error instanceof Error ? error.message : 'Unknown error'
+                    }
+                });
+            }
+            return false;
+        }
+    }
+    /**
+     * Validates multiple patterns with shared risk assessment
+     */
+    static validateAny(content, patterns, options = {}) {
+        for (const pattern of patterns) {
+            if (this.validate(content, pattern, options)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Validates all patterns must match
+     */
+    static validateAll(content, patterns, options = {}) {
+        for (const pattern of patterns) {
+            if (!this.validate(content, pattern, options)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Analyzes a regex pattern for potential ReDoS vulnerabilities
+     *
+     * Detects patterns known to cause exponential backtracking:
+     * - Nested quantifiers: (a+)+, (a*)*
+     * - Alternation with overlap: (a|a)*
+     * - Quantified groups with alternation: (a|b)+
+     * - Catastrophic patterns: (.+)+$
+     */
+    static analyzePattern(pattern) {
+        const source = pattern.source;
+        const risks = [];
+        // Nested quantifiers - extremely dangerous
+        if (/\([^)]+[+*]\)[+*]/.test(source) ||
+            /\([^)]+\{[^}]+\}\)[+*]/.test(source) ||
+            /\(\w+[+*]\)[+*]/.test(source)) {
+            risks.push('Nested quantifiers detected');
+        }
+        // Alternation with repetition
+        if (/\([^)]*\|[^)]*\)[+*]/.test(source)) {
+            risks.push('Quantified alternation detected');
+        }
+        // Alternation with overlap (e.g., (a|a)*)
+        const alternationMatch = source.match(/\(([^|)]+)\|([^)]+)\)/g);
+        if (alternationMatch) {
+            for (const match of alternationMatch) {
+                const parts = match.slice(1, -1).split('|');
+                if (parts.some((part, i) => parts.slice(i + 1).includes(part))) {
+                    risks.push('Overlapping alternation detected');
+                    break;
+                }
+            }
+        }
+        // Catastrophic backtracking patterns
+        // Check for patterns like (.+)+, (.*)+, etc. that can cause exponential backtracking
+        if (/\([^)]*\.\+[^)]*\)\+/.test(source) || /\([^)]*\.\*[^)]*\)\+/.test(source) || /\([^)]*\\w\+[^)]*\)\+/.test(source)) {
+            risks.push('Potential catastrophic backtracking');
+        }
+        // Unbounded lookahead/lookbehind with quantifiers
+        if (/\(\?[=!<].*[+*]/.test(source)) {
+            risks.push('Unbounded lookahead/lookbehind');
+        }
+        // Polynomial patterns (multiple quantifiers in sequence)
+        const quantifierCount = (source.match(/[+*?]|\{\d*,?\d*\}/g) || []).length;
+        if (quantifierCount > 3) {
+            risks.push('Multiple quantifiers detected');
+        }
+        // Determine complexity and safe content length
+        let complexity;
+        let maxSafeLength;
+        if (risks.length === 0) {
+            if (quantifierCount === 0) {
+                complexity = 'low';
+                maxSafeLength = this.COMPLEXITY_LIMITS.low;
+            }
+            else if (quantifierCount <= 3) {
+                complexity = 'medium';
+                maxSafeLength = this.COMPLEXITY_LIMITS.medium;
+            }
+            else {
+                complexity = 'high';
+                maxSafeLength = this.COMPLEXITY_LIMITS.high;
+            }
+        }
+        else if (risks.length === 1) {
+            complexity = 'high';
+            maxSafeLength = this.COMPLEXITY_LIMITS.high;
+        }
+        else {
+            complexity = 'high';
+            maxSafeLength = this.COMPLEXITY_LIMITS.high;
+        }
+        return {
+            safe: risks.length === 0,
+            risks,
+            complexity,
+            maxSafeLength
+        };
+    }
+    /**
+     * Creates a regex pattern with safety analysis
+     */
+    static createSafePattern(pattern, flags) {
+        const regex = new RegExp(pattern, flags);
+        const analysis = this.analyzePattern(regex);
+        if (!analysis.safe) {
+            securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                type: 'UPDATE_SECURITY_VIOLATION',
+                severity: 'MEDIUM',
+                source: 'RegexValidator',
+                details: 'Potentially dangerous regex pattern created',
+                additionalData: {
+                    pattern,
+                    risks: analysis.risks
+                }
+            });
+        }
+        return regex;
+    }
+}
+exports.RegexValidator = RegexValidator;
+// Default limits based on pattern complexity
+RegexValidator.COMPLEXITY_LIMITS = {
+    low: 100000, // 100KB for simple patterns
+    medium: 10000, // 10KB for moderate patterns
+    high: 1000 // 1KB for complex patterns
+};