@wardnmesh/sdk-node 0.2.1

package/dist/utils/safe-regex.js

@@ -0,0 +1,220 @@
+"use strict";
+/**
+ * Safe Regex Utilities - ReDoS Prevention
+ *
+ * Provides regex validation and safe execution with timeout protection.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertPCREModifiers = convertPCREModifiers;
+exports.validateRegexPattern = validateRegexPattern;
+exports.getPatternErrorMetrics = getPatternErrorMetrics;
+exports.resetPatternErrorMetrics = resetPatternErrorMetrics;
+exports.getCachedRegex = getCachedRegex;
+exports.safeRegexExec = safeRegexExec;
+exports.safeRegexTest = safeRegexTest;
+const logger_1 = require("./logger");
+// Patterns that are known to cause catastrophic backtracking
+const DANGEROUS_PATTERNS = [
+    /\(\?[^)]*\+[^)]*\)\+/, // Nested quantifiers with +
+    /\(\?[^)]*\*[^)]*\)\+/, // Nested quantifiers with *
+    /\(\?[^)]*\+[^)]*\)\*/, // Nested quantifiers
+    /\(\?[^)]*\*[^)]*\)\*/, // Nested quantifiers
+    /\([^)]+\)\{[0-9]+,\}/, // Unbounded repetition of groups
+    /\.\*\.\*/, // Multiple greedy wildcards
+    /\.\+\.\+/, // Multiple greedy wildcards
+    /\([^)]*\|[^)]*\)\+/, // Alternation with quantifier
+    /\([^)]*\|[^)]*\)\*/, // Alternation with quantifier
+];
+// Maximum allowed regex pattern length
+const MAX_PATTERN_LENGTH = 1000;
+// Maximum allowed quantifier value
+const MAX_QUANTIFIER = 100;
+/**
+ * Convert PCRE inline modifiers to JavaScript flags
+ * Handles: (?i), (?m), (?s), (?x), and combinations like (?im)
+ */
+function convertPCREModifiers(pattern) {
+    let convertedPattern = pattern;
+    let flags = "";
+    let converted = false;
+    // Match PCRE inline modifiers: (?i), (?m), (?s), (?im), etc.
+    const pcreModifierRegex = /\(\?([imsx]+)\)/g;
+    const matches = [...pattern.matchAll(pcreModifierRegex)];
+    if (matches.length === 0) {
+        return { pattern, flags: "", converted: false };
+    }
+    const unsupportedModifiers = [];
+    const flagSet = new Set();
+    for (const match of matches) {
+        const modifiers = match[1];
+        for (const modifier of modifiers) {
+            switch (modifier) {
+                case "i": // Case insensitive - supported
+                    flagSet.add("i");
+                    break;
+                case "m": // Multiline - supported
+                    flagSet.add("m");
+                    break;
+                case "s": // Dotall - supported in ES2018+
+                    flagSet.add("s");
+                    break;
+                case "x": // Extended/verbose - NOT supported in JavaScript
+                    unsupportedModifiers.push("x (extended/verbose)");
+                    break;
+                default:
+                    unsupportedModifiers.push(modifier);
+            }
+        }
+        // Remove the PCRE modifier from pattern
+        convertedPattern = convertedPattern.replace(match[0], "");
+        converted = true;
+    }
+    if (unsupportedModifiers.length > 0) {
+        return {
+            pattern: convertedPattern,
+            flags: "",
+            converted: false,
+            error: `Unsupported PCRE modifiers: ${unsupportedModifiers.join(", ")}`,
+        };
+    }
+    flags = Array.from(flagSet).join("");
+    return {
+        pattern: convertedPattern,
+        flags,
+        converted: true,
+    };
+}
+/**
+ * Validate a regex pattern for potential ReDoS vulnerabilities
+ */
+function validateRegexPattern(pattern) {
+    // Check pattern length
+    if (pattern.length > MAX_PATTERN_LENGTH) {
+        return {
+            valid: false,
+            error: `Pattern exceeds maximum length of ${MAX_PATTERN_LENGTH} characters`,
+        };
+    }
+    // Check for dangerous patterns
+    for (const dangerous of DANGEROUS_PATTERNS) {
+        if (dangerous.test(pattern)) {
+            return {
+                valid: false,
+                error: "Pattern contains potentially dangerous nested quantifiers",
+            };
+        }
+    }
+    // Check for large quantifiers like {1000,}
+    const quantifierMatch = pattern.match(/\{(\d+)(,(\d*))?\}/g);
+    if (quantifierMatch) {
+        for (const q of quantifierMatch) {
+            const nums = q.match(/\d+/g);
+            if (nums) {
+                for (const num of nums) {
+                    if (parseInt(num, 10) > MAX_QUANTIFIER) {
+                        return {
+                            valid: false,
+                            error: `Quantifier value ${num} exceeds maximum of ${MAX_QUANTIFIER}`,
+                        };
+                    }
+                }
+            }
+        }
+    }
+    // Try to compile the regex to catch syntax errors
+    try {
+        new RegExp(pattern);
+    }
+    catch (e) {
+        return {
+            valid: false,
+            error: `Invalid regex syntax: ${e instanceof Error ? e.message : "Unknown error"}`,
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Cached regex instances to avoid recompilation
+ */
+const regexCache = new Map();
+const MAX_CACHE_SIZE = 100;
+const errorMetrics = {
+    pcreConversionFailures: 0,
+    validationFailures: 0,
+    regexCompilationFailures: 0,
+    totalPatternsProcessed: 0,
+};
+/**
+ * Get current pattern error metrics
+ */
+function getPatternErrorMetrics() {
+    return { ...errorMetrics };
+}
+/**
+ * Reset pattern error metrics (useful for testing)
+ */
+function resetPatternErrorMetrics() {
+    errorMetrics.pcreConversionFailures = 0;
+    errorMetrics.validationFailures = 0;
+    errorMetrics.regexCompilationFailures = 0;
+    errorMetrics.totalPatternsProcessed = 0;
+}
+/**
+ * Get a cached regex instance or create a new one
+ */
+function getCachedRegex(pattern, flags = "") {
+    errorMetrics.totalPatternsProcessed++;
+    // Convert PCRE modifiers first
+    const pcreResult = convertPCREModifiers(pattern);
+    if (pcreResult.converted && pcreResult.error) {
+        // Unsupported PCRE modifiers - skip this pattern
+        errorMetrics.pcreConversionFailures++;
+        logger_1.logger.warn(`Skipping pattern with unsupported PCRE modifiers: ${pcreResult.error}`);
+        return null;
+    }
+    // Use converted pattern and merge flags
+    const finalPattern = pcreResult.pattern;
+    const finalFlags = pcreResult.converted
+        ? pcreResult.flags + flags // PCRE flags + explicit flags
+        : flags;
+    const cacheKey = `${finalPattern}:${finalFlags}`;
+    if (regexCache.has(cacheKey)) {
+        return regexCache.get(cacheKey);
+    }
+    const validation = validateRegexPattern(finalPattern);
+    if (!validation.valid) {
+        errorMetrics.validationFailures++;
+        logger_1.logger.warn(`Unsafe regex pattern rejected: ${validation.error}`);
+        return null;
+    }
+    try {
+        const regex = new RegExp(finalPattern, finalFlags);
+        // Evict oldest entries if cache is full
+        if (regexCache.size >= MAX_CACHE_SIZE) {
+            const firstKey = regexCache.keys().next().value;
+            if (firstKey)
+                regexCache.delete(firstKey);
+        }
+        regexCache.set(cacheKey, regex);
+        return regex;
+    }
+    catch {
+        errorMetrics.regexCompilationFailures++;
+        return null;
+    }
+}
+/**
+ * Execute regex with content length limit
+ */
+function safeRegexExec(regex, content, maxLength = 50000) {
+    // Truncate content if too long
+    const safeContent = content.length > maxLength ? content.substring(0, maxLength) : content;
+    return regex.exec(safeContent);
+}
+/**
+ * Safe regex test with content length limit
+ */
+function safeRegexTest(regex, content, maxLength = 50000) {
+    const safeContent = content.length > maxLength ? content.substring(0, maxLength) : content;
+    return regex.test(safeContent);
+}

package/dist/wardn.d.ts

@@ -0,0 +1,67 @@
+import { WardnConfig, ScanResult, WardnRequest, Rule } from "./types";
+import { PatternErrorMetrics } from "./utils/safe-regex";
+import { SessionStateProvider } from "./state/session-manager";
+export declare class Wardn {
+    private static instance;
+    private config;
+    private stateProvider;
+    private telemetry;
+    private patternDetector;
+    private sequenceDetector;
+    private stateDetector;
+    private semanticDetector;
+    private pollTimer;
+    private isShutdown;
+    private lastRuleUpdate;
+    private updateCount;
+    private updateCountResetTime;
+    private constructor();
+    private initTelemetry;
+    static getInstance(): Wardn;
+    static init(config: WardnConfig, stateProvider?: SessionStateProvider): Wardn;
+    /**
+     * Reset the singleton instance (useful for testing)
+     */
+    static reset(): void;
+    /**
+     * Shutdown the Wardn instance, cleaning up resources
+     */
+    shutdown(): void;
+    /**
+     * Scan a request for security violations
+     * @param request The agent request context (prompt, tools, etc.)
+     * @returns ScanResult with allowed/blocked status and violations
+     */
+    scan(request: WardnRequest): Promise<ScanResult>;
+    /** Normalize request to ToolData format */
+    private normalizeRequest;
+    /** Run detector for a single rule */
+    private detectViolation;
+    /** Handle semantic detection */
+    private detectSemanticViolation;
+    /** Report violation to telemetry */
+    private reportViolation;
+    /** Report scan completion to telemetry */
+    private reportScanComplete;
+    /**
+     * Update rules dynamically
+     * This allows external systems (like MCP server with Supabase threat rules)
+     * to update the rule set without restarting
+     *
+     * @param rules New rule set to use
+     * @returns void
+     */
+    updateRules(rules: Rule[]): void;
+    /**
+     * Get current rules
+     * @returns Current rule set
+     */
+    getRules(): readonly Rule[];
+    /**
+     * Get pattern error metrics for monitoring
+     * @returns Pattern error statistics
+     */
+    getPatternErrorMetrics(): Readonly<PatternErrorMetrics>;
+    /** Poll remote rules for updates with validation */
+    private pollRemoteRules;
+}