@solongate/proxy 0.2.7 → 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +7 -1
- package/dist/init.js +7 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -451,6 +451,12 @@ const SSRF = [
|
|
|
451
451
|
/^https?:\\/\\/192\\.168\\./, /^https?:\\/\\/169\\.254\\./,
|
|
452
452
|
/metadata\\.google\\.internal/i,
|
|
453
453
|
];
|
|
454
|
+
const SSRF_IN_CMD = [
|
|
455
|
+
/https?:\\/\\/localhost\\b/i, /https?:\\/\\/127\\./, /https?:\\/\\/0\\.0\\.0\\.0/,
|
|
456
|
+
/https?:\\/\\/10\\./, /https?:\\/\\/172\\.(1[6-9]|2\\d|3[01])\\./,
|
|
457
|
+
/https?:\\/\\/192\\.168\\./, /https?:\\/\\/169\\.254\\./,
|
|
458
|
+
/metadata\\.google\\.internal/i,
|
|
459
|
+
];
|
|
454
460
|
const SQL_INJECTION = [
|
|
455
461
|
/'\\s{0,20}(OR|AND)\\s{0,20}'.{0,200}'/i,
|
|
456
462
|
/'\\s{0,10};\\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
|
|
@@ -493,7 +499,7 @@ const PATH_ARGS = ['file_path', 'path', 'pattern', 'directory', 'url', 'uri', 'n
|
|
|
493
499
|
function checkBashCommand(cmd) {
|
|
494
500
|
if (typeof cmd !== 'string') return null;
|
|
495
501
|
for (const p of DANGEROUS_COMMANDS) if (p.test(cmd)) return 'Dangerous command blocked: ' + cmd.slice(0, 80);
|
|
496
|
-
for (const p of
|
|
502
|
+
for (const p of SSRF_IN_CMD) if (p.test(cmd)) return 'SSRF attempt blocked in command: ' + cmd.slice(0, 80);
|
|
497
503
|
return null;
|
|
498
504
|
}
|
|
499
505
|
|
package/dist/init.js
CHANGED
|
@@ -170,6 +170,12 @@ const SSRF = [
|
|
|
170
170
|
/^https?:\\/\\/192\\.168\\./, /^https?:\\/\\/169\\.254\\./,
|
|
171
171
|
/metadata\\.google\\.internal/i,
|
|
172
172
|
];
|
|
173
|
+
const SSRF_IN_CMD = [
|
|
174
|
+
/https?:\\/\\/localhost\\b/i, /https?:\\/\\/127\\./, /https?:\\/\\/0\\.0\\.0\\.0/,
|
|
175
|
+
/https?:\\/\\/10\\./, /https?:\\/\\/172\\.(1[6-9]|2\\d|3[01])\\./,
|
|
176
|
+
/https?:\\/\\/192\\.168\\./, /https?:\\/\\/169\\.254\\./,
|
|
177
|
+
/metadata\\.google\\.internal/i,
|
|
178
|
+
];
|
|
173
179
|
const SQL_INJECTION = [
|
|
174
180
|
/'\\s{0,20}(OR|AND)\\s{0,20}'.{0,200}'/i,
|
|
175
181
|
/'\\s{0,10};\\s{0,10}(DROP|DELETE|UPDATE|INSERT|ALTER|CREATE|EXEC)/i,
|
|
@@ -212,7 +218,7 @@ const PATH_ARGS = ['file_path', 'path', 'pattern', 'directory', 'url', 'uri', 'n
|
|
|
212
218
|
function checkBashCommand(cmd) {
|
|
213
219
|
if (typeof cmd !== 'string') return null;
|
|
214
220
|
for (const p of DANGEROUS_COMMANDS) if (p.test(cmd)) return 'Dangerous command blocked: ' + cmd.slice(0, 80);
|
|
215
|
-
for (const p of
|
|
221
|
+
for (const p of SSRF_IN_CMD) if (p.test(cmd)) return 'SSRF attempt blocked in command: ' + cmd.slice(0, 80);
|
|
216
222
|
return null;
|
|
217
223
|
}
|
|
218
224
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@solongate/proxy",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.8",
|
|
4
4
|
"description": "MCP security proxy \u00e2\u20ac\u201d protect any MCP server with policies, input validation, rate limiting, and audit logging. Zero code changes required.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|