npm - it-tools-mcp - Versions diffs - 5.2.2 → 5.2.4 - Mend

it-tools-mcp 5.2.2 → 5.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/build/index.js +1 -1
package/build/tools/development/convert_list/index.js +5 -1
package/build/tools/encoding/decode_html/index.js +3 -2
package/build/tools/encoding/encode_html_entities/index.js +3 -2
package/build/tools/forensic/decode_safelink/index.js +10 -3
package/package.json +3 -3

package/build/index.js CHANGED Viewed

@@ -684,7 +684,7 @@ async function getManifestContent(type) {
 function extractToolFromReadme(readmeContent, toolName) {
     // Look for the tool in the Available Tools table
     const lines = readmeContent.split('\n');
-    const toolRegex = new RegExp(`\\|\s*\`${toolName}\`\\s*\\|`, 'i');
+    const toolRegex = new RegExp(`\\|\\s*\`${toolName}\`\\s*\\|`, 'i');
     for (let i = 0; i < lines.length; i++) {
         const line = lines[i];
         if (toolRegex.test(line)) {

package/build/tools/development/convert_list/index.js CHANGED Viewed

@@ -36,7 +36,11 @@ export function registerConvertList(server) {
                     result = JSON.stringify(items, null, 2);
                     break;
                 case 'quoted':
-                    result = items.map(item => `"${item.replace(/"/g, '\\"')}"`).join(', ');
+                    // Proper escaping: backslashes first, then quotes
+                    result = items.map(item => {
+                        const escaped = item.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+                        return `"${escaped}"`;
+                    }).join(', ');
                     break;
                 default:
                     const outputSeparator = separators[outputFormat];

package/build/tools/encoding/decode_html/index.js CHANGED Viewed

@@ -12,12 +12,13 @@ export function registerDecodeHtml(server) {
             readOnlyHint: false
         }
     }, async ({ text }) => {
+        // Proper HTML decoding order: decode &amp; LAST to prevent double-unescaping
         const decoded = text
-            .replace(/&amp;/g, '&')
             .replace(/&lt;/g, '<')
             .replace(/&gt;/g, '>')
             .replace(/&quot;/g, '"')
-            .replace(/&#39;/g, "'");
+            .replace(/&#39;/g, "'")
+            .replace(/&amp;/g, '&'); // Decode ampersand LAST
         return {
             content: [
                 {

package/build/tools/encoding/encode_html_entities/index.js CHANGED Viewed

@@ -41,8 +41,8 @@ export function registerEncodeHtmlEntities(server) {
                 };
             }
             else {
+                // Proper HTML decoding order: decode &amp; LAST to prevent double-unescaping
                 const decoded = text
-                    .replace(/&amp;/g, '&')
                     .replace(/&lt;/g, '<')
                     .replace(/&gt;/g, '>')
                     .replace(/&quot;/g, '"')
@@ -56,7 +56,8 @@ export function registerEncodeHtmlEntities(server) {
                     .replace(/&sect;/g, '§')
                     .replace(/&para;/g, '¶')
                     .replace(/&dagger;/g, '†')
-                    .replace(/&Dagger;/g, '‡');
+                    .replace(/&Dagger;/g, '‡')
+                    .replace(/&amp;/g, '&'); // Decode ampersand LAST
                 return {
                     content: [
                         {

package/build/tools/forensic/decode_safelink/index.js CHANGED Viewed

@@ -14,12 +14,19 @@ export function registerDecodeSafelink(server) {
     }, async ({ safelink }) => {
         try {
             const url = new URL(safelink);
-            // Check if it's a SafeLink URL
-            if (!url.hostname.includes('safelinks.protection.outlook.com')) {
+            // Check if it's a SafeLink URL - use secure hostname validation
+            const allowedSafeLinkHosts = [
+                'safelinks.protection.outlook.com',
+                'nam11.safelinks.protection.outlook.com',
+                'eur01.safelinks.protection.outlook.com',
+                'apc01.safelinks.protection.outlook.com',
+                'gcc02.safelinks.protection.outlook.com'
+            ];
+            if (!allowedSafeLinkHosts.includes(url.hostname.toLowerCase())) {
                 return {
                     content: [{
                             type: "text",
-                            text: "This doesn't appear to be a SafeLink URL."
+                            text: "This doesn't appear to be a legitimate SafeLink URL from Microsoft Outlook."
                         }]
                 };
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "it-tools-mcp",
-  "version": "5.2.2",
+  "version": "5.2.4",
   "description": "Full MCP 2025-06-18 compliant server with 121+ IT tools, logging, ping, progress tracking, cancellation, and sampling utilities",
   "type": "module",
   "main": "./build/index.js",
@@ -108,7 +108,7 @@
     "@types/speakeasy": "^2.0.10",
     "@types/ssh2": "^1.15.5",
     "@types/turndown": "^5.0.5",
-    "@types/validator": "^13.15.2",
+    "@types/validator": "^13.15.3",
     "@types/xml-formatter": "^1.2.0",
     "typescript": "^5.8.3"
   },
@@ -144,7 +144,7 @@
     "telnet-client": "^2.2.5",
     "turndown": "^7.2.0",
     "ulid": "^3.0.1",
-    "validator": "^13.15.15",
+    "validator": "^13.15.20",
     "xml-formatter": "^3.6.6",
     "zod": "^3.25.67"
   }