@dollhousemcp/mcp-server 1.7.3 → 1.7.4

package/dist/scripts/src/security/secureYamlParser.js

@@ -0,0 +1,272 @@
+"use strict";
+/**
+ * Secure YAML Parser for DollhouseMCP - For Markdown Files with YAML Frontmatter
+ *
+ * IMPORTANT: This parser is specifically designed for Markdown files with YAML frontmatter
+ * (the format used by personas, skills, templates, and other elements).
+ *
+ * USE THIS FOR:
+ * - Persona files (e.g., creative-writer.md)
+ * - Skill files (e.g., code-review.md)
+ * - Template files (e.g., meeting-notes.md)
+ * - Any Markdown file with YAML frontmatter between --- markers
+ *
+ * DO NOT USE THIS FOR:
+ * - Pure YAML configuration files (use js-yaml directly with FAILSAFE_SCHEMA)
+ * - JSON files
+ * - Plain text files without frontmatter
+ *
+ * FILE FORMAT EXPECTED:
+ * ```
+ * ---
+ * name: Element Name
+ * description: Element description
+ * version: 1.0.0
+ * ---
+ *
+ * # Markdown content here
+ * The actual content/instructions go here...
+ * ```
+ *
+ * Provides safe YAML parsing that prevents deserialization attacks
+ * by using a restricted schema and pre-validation.
+ *
+ * Security: SEC-003 - YAML parsing vulnerability protection
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecureYamlParser = void 0;
+const yaml = require("js-yaml");
+const gray_matter_1 = require("gray-matter");
+const SecurityError_js_1 = require("../errors/SecurityError.js");
+const contentValidator_js_1 = require("./contentValidator.js");
+const securityMonitor_js_1 = require("./securityMonitor.js");
+class SecureYamlParser {
+    /**
+     * Parse a Markdown file with YAML frontmatter (Securely)
+     *
+     * @param input - The full content of a Markdown file with YAML frontmatter
+     * @param options - Parsing options for security and validation
+     * @returns ParsedContent with separated YAML data and Markdown content
+     *
+     * @example
+     * ```typescript
+     * // For a persona file:
+     * const personaFile = `---
+     * name: Creative Writer
+     * description: A creative writing assistant
+     * ---
+     * You are a creative writer...`;
+     *
+     * const result = SecureYamlParser.parse(personaFile);
+     * // result.data = { name: 'Creative Writer', description: '...' }
+     * // result.content = 'You are a creative writer...'
+     * ```
+     */
+    static parse(input, options = {}) {
+        const opts = { ...this.DEFAULT_OPTIONS, ...options };
+        // 1. Size validation
+        if (input.length > (opts.maxContentSize || this.DEFAULT_OPTIONS.maxContentSize)) {
+            throw new SecurityError_js_1.SecurityError('Content exceeds maximum allowed size', 'medium');
+        }
+        // 2. Extract frontmatter boundaries
+        const frontmatterMatch = input.match(/^---\n([\s\S]*?)\n---/);
+        if (!frontmatterMatch) {
+            // No frontmatter, return empty data
+            return {
+                data: {},
+                content: input
+            };
+        }
+        const yamlContent = frontmatterMatch[1];
+        const markdownContent = input.substring(frontmatterMatch[0].length);
+        // 3. Validate YAML size
+        if (yamlContent.length > (opts.maxYamlSize || this.DEFAULT_OPTIONS.maxYamlSize)) {
+            throw new SecurityError_js_1.SecurityError('YAML frontmatter exceeds maximum allowed size', 'medium');
+        }
+        // 4. Pre-parse security validation
+        if (!contentValidator_js_1.ContentValidator.validateYamlContent(yamlContent)) {
+            securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                type: 'YAML_INJECTION_ATTEMPT',
+                severity: 'CRITICAL',
+                source: 'secure_yaml_parser',
+                details: 'Malicious YAML pattern detected during parsing'
+            });
+            throw new SecurityError_js_1.SecurityError('Malicious YAML content detected', 'critical');
+        }
+        // 5. Parse with safe schema
+        let data;
+        try {
+            data = yaml.load(yamlContent, {
+                schema: this.SAFE_SCHEMA,
+                json: false, // Don't allow JSON-specific types
+                onWarning: (warning) => {
+                    securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+                        type: 'YAML_PARSING_WARNING',
+                        severity: 'LOW',
+                        source: 'secure_yaml_parser',
+                        details: `YAML warning: ${warning.message}`
+                    });
+                }
+            });
+        }
+        catch (error) {
+            throw new SecurityError_js_1.SecurityError(`YAML parsing failed: ${error instanceof Error ? error.message : 'Unknown error'}`, 'high');
+        }
+        // 6. Ensure data is an object
+        if (typeof data !== 'object' || data === null || Array.isArray(data)) {
+            throw new SecurityError_js_1.SecurityError('YAML must contain an object at root level', 'medium');
+        }
+        // 7. Validate allowed keys if specified
+        if (opts.allowedKeys) {
+            const invalidKeys = Object.keys(data).filter(key => !opts.allowedKeys.includes(key));
+            if (invalidKeys.length > 0) {
+                throw new SecurityError_js_1.SecurityError(`Invalid YAML keys detected: ${invalidKeys.join(', ')}`, 'medium');
+            }
+        }
+        // 8. Validate field types and content
+        for (const [key, value] of Object.entries(data)) {
+            // Check field-specific validators only if field validation is enabled
+            if (opts.validateFields && this.FIELD_VALIDATORS[key] && !this.FIELD_VALIDATORS[key](value)) {
+                throw new SecurityError_js_1.SecurityError(`Invalid value for field '${key}'`, 'medium');
+            }
+            // Validate string fields for injection patterns
+            if (typeof value === 'string' && opts.validateContent) {
+                const validation = contentValidator_js_1.ContentValidator.validateAndSanitize(value);
+                if (!validation.isValid && validation.severity === 'critical') {
+                    throw new SecurityError_js_1.SecurityError(`Security threat detected in field '${key}'`, 'critical');
+                }
+                // Replace with sanitized content
+                data[key] = validation.sanitizedContent;
+            }
+        }
+        // 9. Validate markdown content if requested
+        let finalContent = markdownContent;
+        if (opts.validateContent) {
+            const contentValidation = contentValidator_js_1.ContentValidator.validateAndSanitize(markdownContent);
+            if (!contentValidation.isValid && contentValidation.severity === 'critical') {
+                throw new SecurityError_js_1.SecurityError('Security threat detected in content', 'critical');
+            }
+            finalContent = contentValidation.sanitizedContent || markdownContent;
+        }
+        securityMonitor_js_1.SecurityMonitor.logSecurityEvent({
+            type: 'YAML_PARSE_SUCCESS',
+            severity: 'LOW',
+            source: 'secure_yaml_parser',
+            details: `Successfully parsed YAML with ${Object.keys(data).length} fields`
+        });
+        return {
+            data,
+            content: finalContent
+        };
+    }
+    /**
+     * Create a secure gray-matter compatible parser
+     */
+    static createSecureMatterParser() {
+        return {
+            parse: (input) => {
+                const result = this.parse(input);
+                return {
+                    data: result.data,
+                    content: result.content,
+                    excerpt: result.excerpt,
+                    orig: input
+                };
+            },
+            stringify: (content, data) => {
+                // Validate data before stringifying
+                const validation = contentValidator_js_1.ContentValidator.validateMetadata(data);
+                if (!validation.isValid) {
+                    throw new SecurityError_js_1.SecurityError('Cannot stringify content with security threats', 'high');
+                }
+                // Use safe YAML dump
+                const yamlStr = yaml.dump(data, {
+                    schema: this.SAFE_SCHEMA,
+                    skipInvalid: true,
+                    noRefs: true,
+                    noCompatMode: true
+                });
+                return `---\n${yamlStr}---\n${content}`;
+            }
+        };
+    }
+    /**
+     * Safe wrapper for gray-matter with security validations
+     */
+    static safeMatter(input, options) {
+        // First, use our secure parser
+        const secureParsed = this.parse(input);
+        // Then use gray-matter with custom engines
+        return (0, gray_matter_1.default)(input, {
+            ...options,
+            engines: {
+                yaml: {
+                    parse: (str) => {
+                        // Use our secure YAML parsing
+                        const parsed = yaml.load(str, {
+                            schema: this.SAFE_SCHEMA,
+                            json: false
+                        });
+                        // Ensure it's an object
+                        if (typeof parsed !== 'object' || parsed === null) {
+                            return {};
+                        }
+                        return parsed;
+                    },
+                    stringify: (obj) => {
+                        return yaml.dump(obj, {
+                            schema: this.SAFE_SCHEMA,
+                            skipInvalid: true,
+                            noRefs: true
+                        });
+                    }
+                }
+            }
+        });
+    }
+}
+exports.SecureYamlParser = SecureYamlParser;
+SecureYamlParser.DEFAULT_OPTIONS = {
+    maxYamlSize: 64 * 1024, // 64KB for YAML
+    maxContentSize: 1024 * 1024, // 1MB for content
+    validateContent: true,
+    validateFields: true // By default, apply field validators
+};
+// Allowed YAML types - using CORE_SCHEMA (safe subset with basic types like booleans and integers)
+SecureYamlParser.SAFE_SCHEMA = yaml.CORE_SCHEMA;
+// Additional validation for specific persona fields
+SecureYamlParser.FIELD_VALIDATORS = {
+    name: (v) => typeof v === 'string' && v.length <= 100,
+    description: (v) => typeof v === 'string' && v.length <= 500,
+    author: (v) => typeof v === 'string' && v.length <= 100,
+    version: (v) => typeof v === 'string' && /^\d+\.\d+(\.\d+)?(-[a-zA-Z0-9.-]+)?$/.test(v),
+    category: (v) => typeof v === 'string' && v.length <= 50,
+    age_rating: (v) => ['all', '13+', '18+'].includes(v),
+    price: (v) => typeof v === 'string' && (v === 'free' || /^\$\d+\.\d{2}$/.test(v)),
+    ai_generated: (v) => typeof v === 'boolean' || v === 'true' || v === 'false',
+    generation_method: (v) => ['human', 'ChatGPT', 'Claude', 'hybrid'].includes(v),
+    created_date: (v) => {
+        if (typeof v !== 'string')
+            return false;
+        // More flexible date validation - accept common formats
+        // ISO8601, US format, European format, simple dates
+        const datePatterns = [
+            /^\d{4}-\d{2}-\d{2}$/, // YYYY-MM-DD
+            /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/, // ISO8601 with time
+            /^\d{1,2}\/\d{1,2}\/\d{4}$/, // MM/DD/YYYY or M/D/YYYY
+            /^\d{1,2}-\d{1,2}-\d{4}$/, // MM-DD-YYYY or M-D-YYYY
+            /^\d{1,2}\.\d{1,2}\.\d{4}$/, // DD.MM.YYYY (European)
+            /^(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d{1,2},?\s+\d{4}$/i // Month DD, YYYY
+        ];
+        // Check if it matches common patterns first
+        const matchesPattern = datePatterns.some(pattern => pattern.test(v.trim()));
+        if (!matchesPattern) {
+            // Fall back to Date.parse for other formats, but be more lenient
+            const parsed = Date.parse(v);
+            return !isNaN(parsed) && parsed > 0; // Ensure it's a valid positive timestamp
+        }
+        return true;
+    },
+    triggers: (v) => Array.isArray(v) && v.every(t => typeof t === 'string' && t.length <= 50),
+    content_flags: (v) => Array.isArray(v) && v.every(f => typeof f === 'string' && f.length <= 50)
+};

package/dist/scripts/src/security/securityMonitor.js

@@ -0,0 +1,111 @@
+"use strict";
+/**
+ * Security Monitor for DollhouseMCP
+ *
+ * Centralized security event logging and monitoring system
+ * for tracking and alerting on security-related events.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityMonitor = void 0;
+const logger_js_1 = require("../utils/logger.js");
+class SecurityMonitor {
+    /**
+     * Logs a security event
+     */
+    static logSecurityEvent(event) {
+        const logEntry = {
+            ...event,
+            timestamp: new Date().toISOString(),
+            id: `SEC-${Date.now()}-${++this.eventCount}`,
+        };
+        // Store in memory (circular buffer)
+        this.events.push(logEntry);
+        if (this.events.length > this.MAX_EVENTS) {
+            this.events.shift();
+        }
+        // In MCP servers, we cannot write to stderr/stdout as it breaks the JSON-RPC protocol
+        // Security events are stored in memory and can be retrieved via API
+        // Only send critical alerts via the proper channel
+        if (event.severity === 'CRITICAL') {
+            this.sendSecurityAlert(logEntry);
+        }
+    }
+    /**
+     * Sends security alerts for critical events
+     */
+    static sendSecurityAlert(event) {
+        // In a production environment, this would integrate with:
+        // - Slack webhooks
+        // - Email alerts
+        // - PagerDuty
+        // - Security Information and Event Management (SIEM) systems
+        // Log critical security alerts with structured data
+        // DO NOT use console.error in MCP servers as it breaks the JSON-RPC protocol
+        logger_js_1.logger.error('🚨 CRITICAL SECURITY ALERT 🚨', {
+            type: event.type,
+            details: event.details,
+            timestamp: event.timestamp,
+            id: event.id
+        });
+        // If in production mode with proper config, send actual alerts
+        if (process.env.DOLLHOUSE_SECURITY_ALERTS === 'true') {
+            // TODO: Implement actual alert mechanisms
+        }
+    }
+    /**
+     * Gets recent security events for analysis
+     */
+    static getRecentEvents(count = 100) {
+        return this.events.slice(-count);
+    }
+    /**
+     * Gets events by severity
+     */
+    static getEventsBySeverity(severity) {
+        return this.events.filter(event => event.severity === severity);
+    }
+    /**
+     * Gets events by type
+     */
+    static getEventsByType(type) {
+        return this.events.filter(event => event.type === type);
+    }
+    /**
+     * Generates a security report
+     */
+    static generateSecurityReport() {
+        const eventsBySeverity = {
+            CRITICAL: 0,
+            HIGH: 0,
+            MEDIUM: 0,
+            LOW: 0,
+        };
+        const eventsByType = {};
+        for (const event of this.events) {
+            eventsBySeverity[event.severity]++;
+            eventsByType[event.type] = (eventsByType[event.type] || 0) + 1;
+        }
+        return {
+            totalEvents: this.events.length,
+            eventsBySeverity,
+            eventsByType,
+            recentCriticalEvents: this.getEventsBySeverity('CRITICAL').slice(-10),
+        };
+    }
+    /**
+     * Clears old events (for memory management)
+     */
+    static clearOldEvents(daysToKeep = 7) {
+        const cutoffDate = new Date();
+        cutoffDate.setDate(cutoffDate.getDate() - daysToKeep);
+        const cutoffTimestamp = cutoffDate.toISOString();
+        const index = this.events.findIndex(event => event.timestamp >= cutoffTimestamp);
+        if (index > 0) {
+            this.events.splice(0, index);
+        }
+    }
+}
+exports.SecurityMonitor = SecurityMonitor;
+SecurityMonitor.eventCount = 0;
+SecurityMonitor.events = [];
+SecurityMonitor.MAX_EVENTS = 1000; // Keep last 1000 events in memory