mcp-sanitizer 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/.eslintrc.js +32 -0
  2. package/.github/ISSUE_TEMPLATE/bug_report.md +33 -0
  3. package/.github/ISSUE_TEMPLATE/config.yml +8 -0
  4. package/.github/ISSUE_TEMPLATE/feature_request.md +26 -0
  5. package/.github/ISSUE_TEMPLATE/security_report.md +23 -0
  6. package/.github/PULL_REQUEST_TEMPLATE.md +28 -0
  7. package/.github/workflows/ci.yml +59 -0
  8. package/.github/workflows/security.yml +43 -0
  9. package/.nvmrc +1 -0
  10. package/.prettierrc +8 -0
  11. package/API.md +713 -0
  12. package/LICENSE +21 -0
  13. package/PROJECT_STATUS.md +79 -0
  14. package/README.md +411 -0
  15. package/benchmark/library-performance.js +153 -0
  16. package/examples/configuration-examples.js +233 -0
  17. package/jest.config.js +29 -0
  18. package/package.json +60 -0
  19. package/src/config/README.md +358 -0
  20. package/src/config/default-config.js +392 -0
  21. package/src/config/index.js +335 -0
  22. package/src/config/security-policies.js +640 -0
  23. package/src/index.js +242 -0
  24. package/src/middleware/express.js +619 -0
  25. package/src/middleware/fastify.js +637 -0
  26. package/src/middleware/index.js +412 -0
  27. package/src/middleware/koa.js +619 -0
  28. package/src/middleware/types.d.ts +330 -0
  29. package/src/patterns/command-injection.js +308 -0
  30. package/src/patterns/index.js +309 -0
  31. package/src/patterns/prototype-pollution.js +463 -0
  32. package/src/patterns/sql-injection.js +395 -0
  33. package/src/patterns/template-injection.js +457 -0
  34. package/src/sanitizer/mcp-sanitizer.js +599 -0
  35. package/src/sanitizer/validators/command.js +798 -0
  36. package/src/sanitizer/validators/file-path.js +555 -0
  37. package/src/sanitizer/validators/index.js +410 -0
  38. package/src/sanitizer/validators/sql.js +950 -0
  39. package/src/sanitizer/validators/url.js +891 -0
  40. package/src/utils/index.js +29 -0
  41. package/src/utils/object-utils.js +343 -0
  42. package/src/utils/string-utils.js +246 -0
  43. package/src/utils/validation-utils.js +334 -0
  44. package/test/mcp-sanitizer.test.js +348 -0
  45. package/test/middleware/middleware.test.js +407 -0
  46. package/test/unit/config/config.test.js +294 -0
  47. package/test/unit/library-integration.test.js +260 -0
  48. package/test/unit/validation-libraries.test.js +279 -0
  49. package/tsconfig.json +27 -0
package/.eslintrc.js ADDED
@@ -0,0 +1,32 @@
1
+ module.exports = {
2
+ env: {
3
+ browser: false,
4
+ es2021: true,
5
+ node: true,
6
+ jest: true
7
+ },
8
+ extends: [
9
+ 'standard'
10
+ ],
11
+ parserOptions: {
12
+ ecmaVersion: 12,
13
+ sourceType: 'module'
14
+ },
15
+ rules: {
16
+ 'no-console': 'warn',
17
+ 'no-eval': 'error',
18
+ 'no-implied-eval': 'error',
19
+ 'no-new-func': 'error',
20
+ 'no-script-url': 'error',
21
+ 'prefer-const': 'error',
22
+ 'no-var': 'error'
23
+ },
24
+ overrides: [
25
+ {
26
+ files: ['test/**/*.js', '**/*.test.js'],
27
+ rules: {
28
+ 'no-console': 'off'
29
+ }
30
+ }
31
+ ]
32
+ };
package/.github/ISSUE_TEMPLATE/bug_report.md ADDED
@@ -0,0 +1,33 @@
1
+ ---
2
+ name: Bug report
3
+ about: Report a bug in MCP Sanitizer
4
+ title: '[BUG] '
5
+ labels: bug
6
+ assignees: ''
7
+ ---
8
+
9
+ **Describe the bug**
10
+ <!-- Clear description of the issue -->
11
+
12
+ **To Reproduce**
13
+ ```javascript
14
+ // Minimal code example that reproduces the issue
15
+ const MCPSanitizer = require('mcp-sanitizer');
16
+ const sanitizer = new MCPSanitizer();
17
+
18
+ // Your code here...
19
+ ```
20
+
21
+ **Expected behavior**
22
+ <!-- What should happen instead -->
23
+
24
+ **Actual behavior**
25
+ <!-- What actually happens -->
26
+
27
+ **Environment:**
28
+ - Node.js version: [e.g. 18.19.0]
29
+ - MCP Sanitizer version: [e.g. 1.0.0]
30
+ - OS: [e.g. Ubuntu 22.04]
31
+
32
+ **Additional context**
33
+ <!-- Any other relevant information -->
package/.github/ISSUE_TEMPLATE/config.yml ADDED
@@ -0,0 +1,8 @@
1
+ blank_issues_enabled: false
2
+ contact_links:
3
+ - name: Security Issue
4
+ url: mailto:dave@pattens.org
5
+ about: Please report security vulnerabilities via email
6
+ - name: Questions & Discussions
7
+ url: https://github.com/starman69/mcp-sanitizer/discussions
8
+ about: Ask questions and discuss ideas
package/.github/ISSUE_TEMPLATE/feature_request.md ADDED
@@ -0,0 +1,26 @@
1
+ ---
2
+ name: Feature request
3
+ about: Suggest an idea for MCP Sanitizer
4
+ title: '[FEATURE] '
5
+ labels: enhancement
6
+ assignees: ''
7
+ ---
8
+
9
+ **Is your feature request related to a problem?**
10
+ <!-- Describe the problem you're trying to solve -->
11
+
12
+ **Describe the solution you'd like**
13
+ <!-- Clear description of what you want to happen -->
14
+
15
+ **Describe alternatives you've considered**
16
+ <!-- Other solutions or workarounds you've tried -->
17
+
18
+ **Example usage**
19
+ ```javascript
20
+ // Show how the feature would be used
21
+ const sanitizer = new MCPSanitizer();
22
+ // Your proposed API...
23
+ ```
24
+
25
+ **Additional context**
26
+ <!-- Any other context, mockups, or examples -->
package/.github/ISSUE_TEMPLATE/security_report.md ADDED
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: Security vulnerability
3
+ about: Report a security issue
4
+ title: '[SECURITY] DO NOT USE - Email instead'
5
+ labels: security
6
+ assignees: ''
7
+ ---
8
+
9
+ ## ⚠️ STOP! Security issues should NOT be reported here
10
+
11
+ **Please DO NOT report security vulnerabilities in public GitHub issues.**
12
+
13
+ Instead, please email us directly at: **security@example.com**
14
+
15
+ ### What to include in your email:
16
+ - Description of the vulnerability
17
+ - Steps to reproduce
18
+ - Potential impact
19
+ - Suggested fix (if any)
20
+
21
+ We take security seriously and will respond within 48 hours.
22
+
23
+ Thank you for helping keep MCP Sanitizer secure!
package/.github/PULL_REQUEST_TEMPLATE.md ADDED
@@ -0,0 +1,28 @@
1
+ ## Description
2
+ <!-- Describe your changes in detail -->
3
+
4
+ ## Type of Change
5
+ <!-- Mark relevant items with an 'x' -->
6
+ - [ ] Bug fix
7
+ - [ ] New feature
8
+ - [ ] Security improvement
9
+ - [ ] Documentation update
10
+ - [ ] Performance improvement
11
+
12
+ ## Testing
13
+ <!-- Describe the tests you ran -->
14
+ - [ ] All tests pass locally (`npm test`)
15
+ - [ ] New tests added for changes
16
+ - [ ] No ESLint errors (`npm run lint`)
17
+
18
+ ## Security Impact
19
+ <!-- Consider security implications -->
20
+ - [ ] No new attack vectors introduced
21
+ - [ ] Input validation properly implemented
22
+ - [ ] No sensitive data exposed
23
+
24
+ ## Checklist
25
+ - [ ] My code follows the project style
26
+ - [ ] I've updated documentation as needed
27
+ - [ ] I've added tests for new functionality
28
+ - [ ] All tests pass
package/.github/workflows/ci.yml ADDED
@@ -0,0 +1,59 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+ branches: [ main ]
6
+ pull_request:
7
+ branches: [ main ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+
13
+ strategy:
14
+ matrix:
15
+ node-version: [18.x, 20.x]
16
+
17
+ steps:
18
+ - uses: actions/checkout@v4
19
+
20
+ - name: Use Node.js ${{ matrix.node-version }}
21
+ uses: actions/setup-node@v4
22
+ with:
23
+ node-version: ${{ matrix.node-version }}
24
+ cache: 'npm'
25
+
26
+ - name: Install dependencies
27
+ run: npm ci
28
+
29
+ - name: Run linter
30
+ run: npm run lint
31
+
32
+ - name: Run tests with coverage
33
+ run: npm run test:coverage
34
+
35
+ - name: Upload coverage to Codecov
36
+ if: matrix.node-version == '18.x'
37
+ uses: codecov/codecov-action@v3
38
+ with:
39
+ file: ./coverage/lcov.info
40
+ fail_ci_if_error: false
41
+
42
+ security:
43
+ runs-on: ubuntu-latest
44
+
45
+ steps:
46
+ - uses: actions/checkout@v4
47
+
48
+ - name: Use Node.js 18
49
+ uses: actions/setup-node@v4
50
+ with:
51
+ node-version: 18
52
+ cache: 'npm'
53
+
54
+ - name: Install dependencies
55
+ run: npm ci
56
+
57
+ - name: Run npm audit
58
+ run: npm audit --audit-level=moderate
59
+ continue-on-error: true
package/.github/workflows/security.yml ADDED
@@ -0,0 +1,43 @@
1
+ name: Security Scan
2
+
3
+ on:
4
+ schedule:
5
+ - cron: '0 0 * * 1' # Weekly on Monday
6
+ workflow_dispatch:
7
+
8
+ jobs:
9
+ analyze:
10
+ runs-on: ubuntu-latest
11
+ permissions:
12
+ actions: read
13
+ contents: read
14
+ security-events: write
15
+
16
+ steps:
17
+ - uses: actions/checkout@v4
18
+
19
+ - name: Initialize CodeQL
20
+ uses: github/codeql-action/init@v2
21
+ with:
22
+ languages: javascript
23
+
24
+ - name: Perform CodeQL Analysis
25
+ uses: github/codeql-action/analyze@v2
26
+
27
+ dependency-check:
28
+ runs-on: ubuntu-latest
29
+
30
+ steps:
31
+ - uses: actions/checkout@v4
32
+
33
+ - name: Use Node.js 18
34
+ uses: actions/setup-node@v4
35
+ with:
36
+ node-version: 18
37
+ cache: 'npm'
38
+
39
+ - name: Install dependencies
40
+ run: npm ci
41
+
42
+ - name: Check for vulnerabilities
43
+ run: npm audit --audit-level=moderate
package/.nvmrc ADDED
@@ -0,0 +1 @@
1
+ 18.19.0
package/.prettierrc ADDED
@@ -0,0 +1,8 @@
1
+ {
2
+ "semi": true,
3
+ "trailingComma": "es5",
4
+ "singleQuote": true,
5
+ "printWidth": 80,
6
+ "tabWidth": 2,
7
+ "useTabs": false
8
+ }