npm - @solongate/proxy - Versions diffs - 0.26.3 → 0.27.0 - Mend

@solongate/proxy 0.26.3 → 0.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/hooks/guard.mjs CHANGED Viewed

@@ -7,9 +7,19 @@
  * Logs ALL decisions (ALLOW + DENY) to SolonGate Cloud.
  * Auto-installed by: npx @solongate/proxy init
  */
-import { readFileSync, existsSync } from 'node:fs';
+import { readFileSync, existsSync, statSync } from 'node:fs';
 import { resolve } from 'node:path';
+// Safe file read with size limit (1MB max) to prevent DoS via large files
+const MAX_FILE_READ = 1024 * 1024; // 1MB
+function safeReadFileSync(filePath, encoding = 'utf-8') {
+  try {
+    const stat = statSync(filePath);
+    if (stat.size > MAX_FILE_READ) return '';
+    return readFileSync(filePath, encoding);
+  } catch { return ''; }
+}
 // ── Load API key from .env file (Claude Code doesn't load .env into process.env) ──
 function loadEnvKey(dir) {
   try {
@@ -157,6 +167,32 @@ function matchPathGlob(path, pattern) {
   return matchGlob(p, g);
 }
+// ── Safe Webhook URL Validation (prevent SSRF) ──
+function isSafeWebhookUrl(urlStr) {
+  try {
+    const u = new URL(urlStr);
+    if (u.protocol !== 'https:') return false;
+    const host = u.hostname.toLowerCase();
+    // Block private/reserved IPs and metadata endpoints
+    if (host === 'localhost' || host === '127.0.0.1' || host === '0.0.0.0' || host === '::1') return false;
+    if (host.startsWith('10.') || host.startsWith('192.168.') || host.startsWith('172.')) return false;
+    if (host === '169.254.169.254' || host === 'metadata.google.internal') return false;
+    if (host.endsWith('.internal') || host.endsWith('.local')) return false;
+    return true;
+  } catch { return false; }
+}
+// ── Safe Regex Validation (prevent ReDoS from cloud-supplied patterns) ──
+function isSafeRegex(pattern) {
+  if (typeof pattern !== 'string' || pattern.length > 512) return false;
+  // Block nested quantifiers: (a+)+, (a*)+, (a{1,})+, etc.
+  if (/(\+|\*|\{[^}]+\})\s*(\+|\*|\{[^}]+\})/.test(pattern)) return false;
+  if (/\([^)]*(\+|\*|\{[^}]+\})[^)]*\)\s*(\+|\*|\{[^}]+\})/.test(pattern)) return false;
+  // Block excessive alternation groups (>10 alternatives)
+  if ((pattern.match(/\|/g) || []).length > 10) return false;
+  try { new RegExp(pattern); return true; } catch { return false; }
+}
 // ── Extract Functions (deep scan all string values) ──
 function scanStrings(obj) {
   const strings = [];
@@ -643,7 +679,7 @@ process.stdin.on('end', async () => {
                 try {
                   const targetPath = resolve(hookCwdForNpm, scriptFileMatch[1]);
                   if (existsSync(targetPath)) {
-                    const targetContent = readFileSync(targetPath, 'utf-8').toLowerCase();
+                    const targetContent = safeReadFileSync(targetPath).toLowerCase();
                     // Check target file for protected paths
                     for (const pp of [...protectedPaths, ...writeProtectedPaths]) {
                       if (targetContent.includes(pp)) {
@@ -670,7 +706,7 @@ process.stdin.on('end', async () => {
                         const candidates = [impAbs, impAbs + '.mjs', impAbs + '.js', impAbs + '.cjs'];
                         for (const c of candidates) {
                           if (existsSync(c)) {
-                            const impContent = readFileSync(c, 'utf-8').toLowerCase();
+                            const impContent = safeReadFileSync(c).toLowerCase();
                             const iDisc = /\breaddirsync\b|\breaddir\b|\bos\.listdir\b|\bglob\b/i.test(impContent);
                             const iDest = /\brmsync\b|\bunlinksync\b|\bfs\.\s*(?:rm|unlink|rmdir)/i.test(impContent);
                             if ((iDisc && tDest) || (tDisc && iDest)) {
@@ -756,7 +792,7 @@ process.stdin.on('end', async () => {
           ? scriptPath
           : resolve(hookCwdForScript, scriptPath);
         if (existsSync(absPath)) {
-          const scriptContent = readFileSync(absPath, 'utf-8').toLowerCase();
+          const scriptContent = safeReadFileSync(absPath).toLowerCase();
           // Check for discovery+destruction combo
           const hasDiscovery = /\breaddirsync\b|\breaddir\b|\bos\.listdir\b|\bscandir\b|\bglob(?:sync)?\b|\bls\s+-[adl]|\bls\s+\.\b|\bopendir\b|\bdir\.entries\b|\bwalkdir\b|\bls\b.*\.\[/.test(scriptContent);
           const hasDestruction = /\brmsync\b|\brm\s+-rf\b|\bunlinksync\b|\brmdirsync\b|\bunlink\b|\brimraf\b|\bremovesync\b|\bremove_tree\b|\bshutil\.rmtree\b|\bwritefilesync\b|\bexecsync\b.*\brm\b|\bchild_process\b|\bfs\.\s*(?:rm|unlink|rmdir|write)/.test(scriptContent);
@@ -778,7 +814,7 @@ process.stdin.on('end', async () => {
               const candidates = [importAbs, importAbs + '.mjs', importAbs + '.js', importAbs + '.cjs'];
               for (const candidate of candidates) {
                 if (existsSync(candidate)) {
-                  const importContent = readFileSync(candidate, 'utf-8').toLowerCase();
+                  const importContent = safeReadFileSync(candidate).toLowerCase();
                   // Cross-module: check if imported module has discovery/destruction/string construction
                   const importDisc = /\breaddirsync\b|\breaddir\b|\bos\.listdir\b|\bscandir\b|\bglob(?:sync)?\b/i.test(importContent);
                   const importDest = /\brmsync\b|\bunlinksync\b|\brmdirsync\b|\bunlink\b|\brimraf\b|\bfs\.\s*(?:rm|unlink|rmdir)/i.test(importContent);
@@ -890,6 +926,7 @@ process.stdin.on('end', async () => {
     if (piCfg.piEnabled !== false && Array.isArray(piCfg.piWhitelist) && piCfg.piWhitelist.length > 0) {
       for (const wlPattern of piCfg.piWhitelist) {
         try {
+          if (!isSafeRegex(wlPattern)) continue;
           if (new RegExp(wlPattern, 'i').test(allText)) {
             whitelisted = true;
             break;
@@ -902,7 +939,7 @@ process.stdin.on('end', async () => {
     const customCategories = [];
     if (piCfg.piEnabled !== false && Array.isArray(piCfg.piCustomPatterns)) {
       for (const cp of piCfg.piCustomPatterns) {
-        if (cp && cp.pattern) {
+        if (cp && cp.pattern && isSafeRegex(cp.pattern)) {
           try {
             customCategories.push({
               name: cp.name || 'custom_pattern',
@@ -950,8 +987,8 @@ process.stdin.on('end', async () => {
           });
         } catch {}
-        // Webhook notification
-        if (piCfg.piWebhookUrl) {
+        // Webhook notification (SSRF-safe: HTTPS only, no private IPs)
+        if (piCfg.piWebhookUrl && isSafeWebhookUrl(piCfg.piWebhookUrl)) {
           try {
             await fetch(piCfg.piWebhookUrl, {
               method: 'POST',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@solongate/proxy",
-  "version": "0.26.3",
+  "version": "0.27.0",
   "description": "MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.",
   "type": "module",
   "bin": {
@@ -8,9 +8,12 @@
     "solongate-init": "./dist/init.js",
     "proxy": "./dist/index.js"
   },
-  "main": "./dist/index.js",
+  "main": "./dist/lib.js",
   "exports": {
     ".": {
+      "import": "./dist/lib.js"
+    },
+    "./cli": {
       "import": "./dist/index.js"
     }
   },
@@ -61,7 +64,6 @@
   "devDependencies": {
     "@solongate/core": "workspace:*",
     "@solongate/policy-engine": "workspace:*",
-    "@solongate/sdk": "workspace:*",
     "@solongate/tsconfig": "workspace:*",
     "tsup": "^8.3.0",
     "tsx": "^4.19.0",