defense-mcp-server 0.9.2 → 0.9.4

package/build/tools/network-defense.js

@@ -382,7 +382,7 @@ export function registerNetworkDefenseTools(server) {
                             findings.push({ check: sc.key, status: current === sc.expected ? "PASS" : "FAIL", value: current, description: `${sc.desc} (should be ${sc.expected})` });
                         }
                     }
-                    return { content: [createTextContent(JSON.stringify({ summary: { total: findings.length, pass: findings.filter(f => f.status === "PASS").length, fail: findings.filter(f => f.status === "FAIL").length }, ipv6Enabled: !disabled, findings }, null, 2))] };
+                    return { content: [createTextContent(JSON.stringify({ summary: { total: findings.length, pass: findings.filter(f => f.status === "PASS").length, fail: findings.filter(f => f.status === "FAIL").length }, ipv6Enabled: !disabled, findings }))] };
                 }
                 catch (error) {
                     return { content: [createErrorContent(error instanceof Error ? error.message : String(error))], isError: true };
@@ -557,7 +557,7 @@ export function registerNetworkDefenseTools(server) {
                     if (violations.length > 0) {
                         text += `--- Violations ---\n`;
                         for (const v of violations) {
-                            text += `  ⚠ ${v}\n`;
+                            text += `  WARNING: ${v}\n`;
                         }
                     }
                     if (natBypasses.length > 0) {
@@ -692,7 +692,7 @@ export function registerNetworkDefenseTools(server) {
                     if (concerns.length > 0) {
                         text += `--- Security Concerns ---\n`;
                         for (const c of concerns) {
-                            text += `  ⚠ ${c}\n`;
+                            text += `  WARNING: ${c}\n`;
                         }
                     }
                     return { content: [createTextContent(text)] };

package/build/tools/patch-management.js

@@ -183,7 +183,7 @@ export function registerPatchManagementTools(server) {
                                     status: packages.length === 0 ? "UP_TO_DATE" : securityPkgs.length > 0 ? "SECURITY_UPDATES_PENDING" : "UPDATES_AVAILABLE",
                                 },
                                 packages: displayPkgs.slice(0, 100),
-                            }, null, 2))],
+                            }))],
                     };
                 }
                 catch (error) {
@@ -206,7 +206,7 @@ export function registerPatchManagementTools(server) {
                                     supported: false,
                                     message: `Automatic updates are not natively supported on ${da.distro.name}.`,
                                     recommendation: au.installHint,
-                                }, null, 2))],
+                                }))],
                         };
                     }
                     const pkgCheckResult = await executeCommand({
@@ -325,8 +325,8 @@ export function registerPatchManagementTools(server) {
                                     ? `CRITICAL: Install auto-updates: ${au.installHint}`
                                     : failCount > 0
                                         ? "WARNING: Automatic security updates not fully configured"
-                                        : "PASS: Automatic security updates properly configured",
-                            }, null, 2))],
+                                        : "Automatic security updates properly configured",
+                            }))],
                     };
                 }
                 catch (error) {
@@ -347,7 +347,7 @@ export function registerPatchManagementTools(server) {
                                     distro: da.summary,
                                     error: "Package integrity checking not supported on this distribution",
                                     recommendation: ic.installHint,
-                                }, null, 2))],
+                                }))],
                         };
                     }
                     let cmd;
@@ -414,7 +414,7 @@ export function registerPatchManagementTools(server) {
                                 note: changed.length > 0
                                     ? "Modified files detected. Review if changes are legitimate (config edits) or suspicious (potential compromise)."
                                     : "All checked files match their package checksums.",
-                            }, null, 2))],
+                            }))],
                     };
                 }
                 catch (error) {
@@ -425,7 +425,7 @@ export function registerPatchManagementTools(server) {
                             content: [createTextContent(JSON.stringify({
                                     error: `${da?.integrity.toolName ?? "Integrity tool"} not available`,
                                     recommendation: da?.integrity.installHint ?? "Install the appropriate integrity checking tool",
-                                }, null, 2))],
+                                }))],
                         };
                     }
                     return {
@@ -560,7 +560,7 @@ export function registerPatchManagementTools(server) {
                                     ...(unmitigated.length > 0 ? [`${unmitigated.length} CPU vulnerabilities not fully mitigated`] : []),
                                     ...(installedKernels.length > 3 ? [`Multiple old kernels installed — consider removing unused: ${cleanupHint}`] : []),
                                 ],
-                            }, null, 2))],
+                            }))],
                     };
                 }
                 catch (error) {

package/build/tools/process-security.js

@@ -8,7 +8,7 @@
  * capability abuse, namespace isolation, anomalous behavior, and cgroup resource limits.
  */
 import { z } from "zod";
-import { spawnSafe } from "../core/spawn-safe.js";
+import { runCommand } from "../core/run-command.js";
 import { createTextContent, createErrorContent, } from "../core/parsers.js";
 // ── Constants ──────────────────────────────────────────────────────────────────
 /** Processes known to legitimately run as root */
@@ -27,53 +27,6 @@ const DANGEROUS_CAPABILITIES = new Set([
 ]);
 /** Maximum number of processes to inspect to avoid overwhelming output */
 const MAX_PROCESSES = 100;
-/**
- * Run a command via spawnSafe and collect output as a promise.
- * Handles errors gracefully — returns error info instead of throwing.
- */
-async function runCommand(command, args, timeoutMs = 30_000) {
-    return new Promise((resolve) => {
-        let child;
-        try {
-            child = spawnSafe(command, args);
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            resolve({ stdout: "", stderr: msg, exitCode: -1 });
-            return;
-        }
-        let stdout = "";
-        let stderr = "";
-        let resolved = false;
-        const timer = setTimeout(() => {
-            if (!resolved) {
-                resolved = true;
-                child.kill("SIGTERM");
-                resolve({ stdout, stderr: stderr + "\n[TIMEOUT]", exitCode: -1 });
-            }
-        }, timeoutMs);
-        child.stdout?.on("data", (data) => {
-            stdout += data.toString();
-        });
-        child.stderr?.on("data", (data) => {
-            stderr += data.toString();
-        });
-        child.on("close", (code) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr, exitCode: code ?? -1 });
-            }
-        });
-        child.on("error", (err) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr: err.message, exitCode: -1 });
-            }
-        });
-    });
-}
 /**
  * Parse `ps auxf` output into structured process info.
  */
@@ -133,12 +86,12 @@ function isUnusualPath(command) {
 async function auditRunning(pid, filter, showAll) {
     const sections = [];
     const findings = [];
-    sections.push("🔍 Process Security Audit");
-    sections.push("=".repeat(50));
+    sections.push("Process Security Audit");
+    sections.push("");
     // Get process list
     const psResult = await runCommand("ps", ["auxf"]);
     if (psResult.exitCode !== 0) {
-        sections.push(`\n⚠️ Failed to get process list: ${psResult.stderr}`);
+        sections.push(`\nWARNING: Failed to get process list: ${psResult.stderr}`);
         return { sections, findings };
     }
     let processes = parsePsOutput(psResult.stdout);
@@ -146,7 +99,7 @@ async function auditRunning(pid, filter, showAll) {
     if (pid !== undefined) {
         processes = processes.filter((p) => p.pid === pid);
         if (processes.length === 0) {
-            sections.push(`\n⚠️ No process found with PID ${pid}`);
+            sections.push(`\nWARNING: No process found with PID ${pid}`);
             return { sections, findings };
         }
     }
@@ -233,7 +186,7 @@ async function auditRunning(pid, filter, showAll) {
     if (deletedExe.length > 0) {
         sections.push("\n── Processes with Deleted Executables ──");
         for (const p of deletedExe) {
-            sections.push(`  ⛔ PID ${p.pid}: ${p.command}`);
+            sections.push(`  CRITICAL: PID ${p.pid}: ${p.command}`);
             findings.push({
                 severity: "CRITICAL",
                 category: "deleted_exe",
@@ -245,7 +198,7 @@ async function auditRunning(pid, filter, showAll) {
     }
     // Summary
     if (!showAll && findings.length === 0) {
-        sections.push("\n✅ No suspicious processes detected.");
+        sections.push("\nNo suspicious processes detected.");
     }
     else if (showAll) {
         sections.push("\n── All Processes ──");
@@ -258,13 +211,13 @@ async function auditRunning(pid, filter, showAll) {
 async function checkCapabilities(pid, filter) {
     const sections = [];
     const findings = [];
-    sections.push("🔐 Process Capabilities Check");
-    sections.push("=".repeat(50));
+    sections.push("Process Capabilities Check");
+    sections.push("");
     if (pid !== undefined) {
         // Check specific PID capabilities
         const capsResult = await runCommand("getpcaps", [String(pid)]);
         if (capsResult.exitCode !== 0) {
-            sections.push(`\n⚠️ Failed to get capabilities for PID ${pid}: ${capsResult.stderr}`);
+            sections.push(`\nWARNING: Failed to get capabilities for PID ${pid}: ${capsResult.stderr}`);
             return { sections, findings };
         }
         sections.push(`\nCapabilities for PID ${pid}:`);
@@ -286,7 +239,7 @@ async function checkCapabilities(pid, filter) {
         // Scan processes for elevated capabilities
         const psResult = await runCommand("ps", ["-eo", "pid"]);
         if (psResult.exitCode !== 0) {
-            sections.push("\n⚠️ Failed to list processes");
+            sections.push("\nWARNING: Failed to list processes");
             return { sections, findings };
         }
         const pids = psResult.stdout.trim().split("\n")
@@ -340,7 +293,7 @@ async function checkCapabilities(pid, filter) {
             }
         }
         else {
-            sections.push("\n✅ No processes with elevated capabilities found.");
+            sections.push("\nNo processes with elevated capabilities found.");
         }
     }
     return { sections, findings };
@@ -348,13 +301,13 @@ async function checkCapabilities(pid, filter) {
 async function checkNamespaces(pid, _filter) {
     const sections = [];
     const findings = [];
-    sections.push("📦 Process Namespace Analysis");
-    sections.push("=".repeat(50));
+    sections.push("Process Namespace Analysis");
+    sections.push("");
     if (pid !== undefined) {
         // Show namespace details for specific PID
         const nsResult = await runCommand("ls", ["-la", `/proc/${pid}/ns/`]);
         if (nsResult.exitCode !== 0) {
-            sections.push(`\n⚠️ Cannot read namespaces for PID ${pid}: ${nsResult.stderr}`);
+            sections.push(`\nCannot read namespaces for PID ${pid}: ${nsResult.stderr}`);
             return { sections, findings };
         }
         sections.push(`\nNamespace details for PID ${pid}:`);
@@ -380,7 +333,7 @@ async function checkNamespaces(pid, _filter) {
             for (const [nsType, nsId] of pidNsMap) {
                 const initId = initNsMap.get(nsType);
                 const inRootNs = initId === nsId;
-                const icon = inRootNs ? "⚠️" : "✅";
+                const icon = inRootNs ? "WARNING" : "PASS";
                 sections.push(`  ${icon} ${nsType}: ${inRootNs ? "in root namespace" : "isolated"} (${nsId})`);
                 if (inRootNs && !["user", "cgroup"].includes(nsType)) {
                     findings.push({
@@ -400,7 +353,7 @@ async function checkNamespaces(pid, _filter) {
             // Retry with sudo
             const sudoLsnsResult = await runCommand("sudo", ["lsns"]);
             if (sudoLsnsResult.exitCode !== 0) {
-                sections.push("\n⚠️ Cannot list namespaces (lsns not available or permission denied)");
+                sections.push("\nCannot list namespaces (lsns not available or permission denied)");
                 return { sections, findings };
             }
             sections.push("\n── Active Namespaces ──");
@@ -437,12 +390,12 @@ async function checkNamespaces(pid, _filter) {
 async function detectAnomalies(pid, filter) {
     const sections = [];
     const findings = [];
-    sections.push("🚨 Process Anomaly Detection");
-    sections.push("=".repeat(50));
+    sections.push("Process Anomaly Detection");
+    sections.push("");
     // Get process list for analysis
     const psResult = await runCommand("ps", ["-eo", "pid,ppid,user,comm"]);
     if (psResult.exitCode !== 0) {
-        sections.push("\n⚠️ Failed to get process list");
+        sections.push("\nWARNING: Failed to get process list");
         return { sections, findings };
     }
     const psLines = psResult.stdout.trim().split("\n").slice(1);
@@ -472,7 +425,7 @@ async function detectAnomalies(pid, filter) {
         const exeResult = await runCommand("ls", ["-la", `/proc/${proc.pid}/exe`]);
         if (exeResult.exitCode === 0 && exeResult.stdout.includes("(deleted)")) {
             deletedCount++;
-            sections.push(`  ⛔ PID ${proc.pid} (${proc.comm}): executable deleted`);
+            sections.push(`  CRITICAL: PID ${proc.pid} (${proc.comm}): executable deleted`);
             findings.push({
                 severity: "CRITICAL",
                 category: "deleted_binary",
@@ -483,7 +436,7 @@ async function detectAnomalies(pid, filter) {
         }
     }
     if (deletedCount === 0)
-        sections.push("  ✅ No processes with deleted binaries");
+        sections.push("  No processes with deleted binaries");
     // 2. Cross-reference network connections with expected services
     sections.push("\n── Unexpected Network Connections ──");
     const ssResult = await runCommand("ss", ["-tlnp"]);
@@ -493,11 +446,11 @@ async function detectAnomalies(pid, filter) {
             sections.push(`  ${line.trim()}`);
         }
         if (ssLines.length === 0) {
-            sections.push("  ✅ No listening TCP connections");
+            sections.push("  No listening TCP connections");
         }
     }
     else {
-        sections.push("  ⚠️ Could not check network connections");
+        sections.push("  Could not check network connections");
     }
     // 3. Check for shell spawning from non-shell parents
     sections.push("\n── Shell Spawning Analysis ──");
@@ -511,7 +464,7 @@ async function detectAnomalies(pid, filter) {
             parent.comm !== "screen" && parent.comm !== "tmux" && parent.comm !== "script" &&
             parent.comm !== "getty" && parent.comm !== "agetty" && parent.comm !== "systemd") {
             suspiciousShellCount++;
-            sections.push(`  ⚠️ PID ${shell.pid} (${shell.comm}) spawned by ${parent.comm} (PID ${parent.pid})`);
+            sections.push(`  WARNING: PID ${shell.pid} (${shell.comm}) spawned by ${parent.comm} (PID ${parent.pid})`);
             findings.push({
                 severity: "HIGH",
                 category: "suspicious_shell",
@@ -522,7 +475,7 @@ async function detectAnomalies(pid, filter) {
         }
     }
     if (suspiciousShellCount === 0)
-        sections.push("  ✅ No suspicious shell spawning detected");
+        sections.push("  No suspicious shell spawning detected");
     // 4. Check for open file descriptors to sensitive files
     sections.push("\n── Sensitive File Access ──");
     const sensitiveFiles = ["/etc/shadow", "/etc/passwd", ".ssh/id_rsa", ".ssh/id_ed25519", "private.key"];
@@ -535,7 +488,7 @@ async function detectAnomalies(pid, filter) {
         for (const sf of sensitiveFiles) {
             if (fdResult.stdout.includes(sf)) {
                 sensitiveAccessCount++;
-                sections.push(`  ⚠️ PID ${proc.pid} (${proc.comm}) has open fd to ${sf}`);
+                sections.push(`  WARNING: PID ${proc.pid} (${proc.comm}) has open fd to ${sf}`);
                 findings.push({
                     severity: "HIGH",
                     category: "sensitive_file_access",
@@ -547,7 +500,7 @@ async function detectAnomalies(pid, filter) {
         }
     }
     if (sensitiveAccessCount === 0)
-        sections.push("  ✅ No suspicious sensitive file access");
+        sections.push("  No suspicious sensitive file access");
     // 5. Check for suspicious environment variables
     sections.push("\n── Suspicious Environment Variables ──");
     let suspiciousEnvCount = 0;
@@ -561,7 +514,7 @@ async function detectAnomalies(pid, filter) {
             envStr.includes("nc -e") || envStr.includes("mkfifo") ||
             envStr.includes("PAYLOAD") || envStr.includes("SHELLCODE")) {
             suspiciousEnvCount++;
-            sections.push(`  ⛔ PID ${proc.pid} (${proc.comm}): suspicious environment variables detected`);
+            sections.push(`  CRITICAL: PID ${proc.pid} (${proc.comm}): suspicious environment variables detected`);
             findings.push({
                 severity: "CRITICAL",
                 category: "suspicious_env",
@@ -572,19 +525,19 @@ async function detectAnomalies(pid, filter) {
         }
     }
     if (suspiciousEnvCount === 0)
-        sections.push("  ✅ No suspicious environment variables detected");
+        sections.push("  No suspicious environment variables detected");
     return { sections, findings };
 }
 async function cgroupAudit(pid, _filter) {
     const sections = [];
     const findings = [];
-    sections.push("📊 Cgroup Resource Audit");
-    sections.push("=".repeat(50));
+    sections.push("Cgroup Resource Audit");
+    sections.push("");
     if (pid !== undefined) {
         // Inspect specific process cgroup membership
         const cgroupResult = await runCommand("cat", [`/proc/${pid}/cgroup`]);
         if (cgroupResult.exitCode !== 0) {
-            sections.push(`\n⚠️ Cannot read cgroup for PID ${pid}: ${cgroupResult.stderr}`);
+            sections.push(`\nCannot read cgroup for PID ${pid}: ${cgroupResult.stderr}`);
             return { sections, findings };
         }
         sections.push(`\nCgroup membership for PID ${pid}:`);
@@ -600,7 +553,7 @@ async function cgroupAudit(pid, _filter) {
                 const memMaxResult = await runCommand("cat", [`/sys/fs/cgroup${cgroupPath}/memory.max`]);
                 if (memMaxResult.exitCode === 0) {
                     const memMax = memMaxResult.stdout.trim();
-                    sections.push(`  Memory limit: ${memMax === "max" ? "unlimited ⚠️" : memMax}`);
+                    sections.push(`  Memory limit: ${memMax === "max" ? "unlimited WARNING" : memMax}`);
                     if (memMax === "max") {
                         findings.push({
                             severity: "LOW",
@@ -613,7 +566,7 @@ async function cgroupAudit(pid, _filter) {
                 const cpuMaxResult = await runCommand("cat", [`/sys/fs/cgroup${cgroupPath}/cpu.max`]);
                 if (cpuMaxResult.exitCode === 0) {
                     const cpuMax = cpuMaxResult.stdout.trim();
-                    sections.push(`  CPU limit: ${cpuMax === "max 100000" ? "unlimited ⚠️" : cpuMax}`);
+                    sections.push(`  CPU limit: ${cpuMax === "max 100000" ? "unlimited WARNING" : cpuMax}`);
                     if (cpuMax.startsWith("max")) {
                         findings.push({
                             severity: "LOW",
@@ -669,7 +622,7 @@ async function cgroupAudit(pid, _filter) {
 // ── Format helpers ─────────────────────────────────────────────────────────────
 function formatFindings(findings) {
     if (findings.length === 0)
-        return "\n✅ No security findings.";
+        return "\nNo security findings.";
     const lines = ["\n── Security Findings Summary ──"];
     const bySeverity = {};
     for (const f of findings) {
@@ -678,18 +631,11 @@ function formatFindings(findings) {
         bySeverity[f.severity].push(f);
     }
     const severityOrder = ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"];
-    const icons = {
-        CRITICAL: "⛔",
-        HIGH: "🔴",
-        MEDIUM: "🟠",
-        LOW: "🟡",
-        INFO: "ℹ️",
-    };
     for (const sev of severityOrder) {
         const items = bySeverity[sev];
         if (!items || items.length === 0)
             continue;
-        lines.push(`\n  ${icons[sev]} ${sev} (${items.length}):`);
+        lines.push(`\n  ${sev} (${items.length}):`);
         for (const f of items) {
             const pidStr = f.pid ? ` [PID ${f.pid}]` : "";
             lines.push(`    - ${f.message}${pidStr}`);
@@ -710,7 +656,7 @@ function formatAsJson(action, findings, rawSections) {
             process: f.process || null,
         })),
         rawOutput: rawSections.join("\n"),
-    }, null, 2);
+    });
 }
 // ── Registration entry point ───────────────────────────────────────────────
 export function registerProcessSecurityTools(server) {