npm - @solongate/proxy - Versions diffs - 0.17.3 → 0.18.0 - Mend

@solongate/proxy 0.17.3 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/hooks/guard.mjs +32 -42
package/package.json +1 -1

package/hooks/guard.mjs CHANGED Viewed

@@ -452,64 +452,54 @@ process.stdin.on('end', async () => {
       }
     }
-    // ── Layer 7: Dangerous execution pattern detection ──
-    // These can construct ANY string at runtime — block when touching protected dirs
+    // ── Layer 7: Block ALL inline code execution & dangerous patterns ──
+    // Runtime string construction (atob, Buffer.from, fromCharCode, array.join)
+    // makes static analysis impossible. Blanket-block these patterns.
     const fullCmd = rawStrings.join(' ');
-    // 7a. Inline interpreter execution: node -e, python -c, perl -e, ruby -e
-    // Extract the -e/-c argument and scan it
-    const interpreterPatterns = [
-      /\bnode\s+(?:-e|--eval)\s+["']([^"']+)["']/gi,
-      /\bnode\s+(?:-e|--eval)\s+([^;&|"']+)/gi,
-      /\bpython[23]?\s+-c\s+["']([^"']+)["']/gi,
-      /\bperl\s+-e\s+["']([^"']+)["']/gi,
-      /\bruby\s+-e\s+["']([^"']+)["']/gi,
+    // 7a. Inline interpreter execution — TOTAL BLOCK (no content scan needed)
+    // These can construct ANY string at runtime, bypassing all static analysis
+    const blockedInterpreters = [
+      [/\bnode\s+(?:-e|--eval)\b/i, 'node -e/--eval'],
+      [/\bnode\s+-p\b/i, 'node -p'],
+      [/\bpython[23]?\s+-c\b/i, 'python -c'],
+      [/\bperl\s+-e\b/i, 'perl -e'],
+      [/\bruby\s+-e\b/i, 'ruby -e'],
+      [/\bpowershell(?:\.exe)?\s+.*-(?:EncodedCommand|e|ec)\b/i, 'powershell -EncodedCommand'],
+      [/\bpwsh(?:\.exe)?\s+.*-(?:EncodedCommand|e|ec)\b/i, 'pwsh -EncodedCommand'],
+      [/\bpowershell(?:\.exe)?\s+-c(?:ommand)?\b/i, 'powershell -Command'],
+      [/\bpwsh(?:\.exe)?\s+-c(?:ommand)?\b/i, 'pwsh -Command'],
     ];
-    for (const pat of interpreterPatterns) {
-      for (const m of fullCmd.matchAll(pat)) {
-        const code = m[1].toLowerCase();
-        for (const p of protectedPaths) {
-          if (code.includes(p)) {
-            await blockSelfProtection('SOLONGATE: Interpreter code targets "' + p + '" — blocked');
-          }
-        }
-        // Also check the normalized version
-        const normCode = normalizeShell(code);
-        for (const p of protectedPaths) {
-          if (normCode.includes(p)) {
-            await blockSelfProtection('SOLONGATE: Interpreter code targets "' + p + '" — blocked');
-          }
-        }
+    for (const [pat, name] of blockedInterpreters) {
+      if (pat.test(fullCmd)) {
+        await blockSelfProtection('SOLONGATE: Inline code execution blocked (' + name + ')');
       }
     }
-    // 7b. Base64 decode piped to execution — always block
-    if (/\bbase64\s+-d\b.*\|\s*(?:bash|sh|node|python|perl|ruby)\b/i.test(fullCmd) ||
-        /\bbase64\s+--decode\b.*\|\s*(?:bash|sh|node|python|perl|ruby)\b/i.test(fullCmd)) {
-      await blockSelfProtection('SOLONGATE: base64 decode piped to interpreter — blocked');
+    // 7b. Base64 decode in ANY context — block when piped to anything
+    if (/\bbase64\s+(?:-d|--decode)\b/i.test(fullCmd) && /\|/i.test(fullCmd)) {
+      await blockSelfProtection('SOLONGATE: base64 decode in pipe chain — blocked');
     }
-    // 7c. Temp script file execution: bash /path/file, sh /path/file
-    // If "bash <file>" or "sh <file>" and the file is not a well-known script
-    if (/\b(?:bash|sh)\s+(?:\/tmp\/|\/var\/tmp\/|~\/\.|\.\/[^.s])/i.test(fullCmd)) {
-      await blockSelfProtection('SOLONGATE: Temp script execution detected — blocked');
+    // 7c. Temp/arbitrary script file execution
+    if (/\b(?:bash|sh)\s+(?:\/tmp\/|\/var\/tmp\/|~\/|\/dev\/)/i.test(fullCmd)) {
+      await blockSelfProtection('SOLONGATE: Script execution from temp path — blocked');
     }
-    // 7d. Process substitution and here-strings that could construct protected paths
-    if (/>\s*\(\s*(?:rm|mv|cp|cat)\b/i.test(fullCmd) || /<<<.*(?:rm|mv|cp|cat)\b/i.test(fullCmd)) {
+    // 7d. xargs with destructive operations
+    if (/\bxargs\b.*\b(?:rm|mv|cp|rmdir|unlink|del)\b/i.test(fullCmd)) {
       for (const p of protectedPaths) {
-        const prefix = p.slice(0, 4); // e.g. ".sol", ".cla"
-        if (fullCmd.includes(prefix)) {
-          await blockSelfProtection('SOLONGATE: Process substitution near protected path "' + p + '" — blocked');
+        if (fullCmd.includes(p.slice(0, 4))) {
+          await blockSelfProtection('SOLONGATE: xargs with destructive op near "' + p + '" — blocked');
         }
       }
     }
-    // 7e. xargs with destructive operations
-    if (/\bxargs\b.*\b(?:rm|mv|cp|rmdir|unlink)\b/i.test(fullCmd)) {
+    // 7e. cmd.exe /c with encoded/constructed commands
+    if (/\bcmd(?:\.exe)?\s+\/c\b/i.test(fullCmd)) {
       for (const p of protectedPaths) {
-        if (fullCmd.includes(p.slice(0, 4))) {
-          await blockSelfProtection('SOLONGATE: xargs with destructive op near "' + p + '" — blocked');
+        if (fullCmd.includes(p) || fullCmd.includes(p.slice(0, 4))) {
+          await blockSelfProtection('SOLONGATE: cmd.exe /c near protected path — blocked');
         }
       }
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.17.3",
+  "version": "0.18.0",
   "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {