mcp-wordpress 1.1.7 → 1.2.2

package/dist/security/InputValidator.js

@@ -0,0 +1,278 @@
+/**
+ * Comprehensive Input Validation and Sanitization System
+ * Provides security-focused validation for all MCP tool inputs
+ */
+import { z } from 'zod';
+// Common validation patterns
+const URL_PATTERN = /^https?:\/\/[^\s<>'"{}|\\^`\[\]]+$/;
+const EMAIL_PATTERN = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
+const SLUG_PATTERN = /^[a-z0-9-]+$/;
+const SCRIPT_PATTERN = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+const SQL_INJECTION_PATTERN = /('|(\\')|(;)|(\\x00)|(\\n)|(\\r)|(\\x1a)|(\\x22)|(\\x27)|(\\x5c)|(\\x60))/i;
+/**
+ * Security validation schemas
+ */
+export const SecuritySchemas = {
+    // Safe string with XSS protection
+    safeString: z.string()
+        .max(10000, 'String too long')
+        .refine(val => !SCRIPT_PATTERN.test(val), 'Script tags not allowed')
+        .refine(val => !val.includes('javascript:'), 'JavaScript URLs not allowed')
+        .refine(val => !val.includes('data:'), 'Data URLs not allowed')
+        .refine(val => !val.includes('onerror='), 'Event handlers not allowed')
+        .refine(val => !val.includes('onload='), 'Event handlers not allowed')
+        .refine(val => !val.includes('onfocus='), 'Event handlers not allowed'),
+    // HTML content with basic sanitization
+    htmlContent: z.string()
+        .max(100000, 'Content too long')
+        .refine(val => !SCRIPT_PATTERN.test(val), 'Script tags not allowed')
+        .refine(val => !val.includes('javascript:'), 'JavaScript URLs not allowed')
+        .refine(val => !val.includes('on[a-z]+='), 'Event handlers not allowed'),
+    // URL validation
+    url: z.string()
+        .url('Invalid URL format')
+        .regex(URL_PATTERN, 'URL contains invalid characters')
+        .refine(val => !val.includes('javascript:'), 'JavaScript URLs not allowed')
+        .refine(val => !val.includes('data:'), 'Data URLs not allowed'),
+    // Email validation
+    email: z.string()
+        .email('Invalid email format')
+        .regex(EMAIL_PATTERN, 'Email contains invalid characters')
+        .max(254, 'Email too long'),
+    // Slug validation (for URLs, usernames, etc.)
+    slug: z.string()
+        .min(1, 'Slug cannot be empty')
+        .max(100, 'Slug too long')
+        .regex(SLUG_PATTERN, 'Slug can only contain lowercase letters, numbers, and hyphens'),
+    // WordPress post/page content
+    wpContent: z.string()
+        .max(1000000, 'Content too long')
+        .refine(val => !SCRIPT_PATTERN.test(val), 'Script tags not allowed in content')
+        .refine(val => !val.includes('javascript:'), 'JavaScript URLs not allowed'),
+    // Site ID validation
+    siteId: z.string()
+        .min(1, 'Site ID cannot be empty')
+        .max(50, 'Site ID too long')
+        .regex(/^[a-zA-Z0-9\-_]+$/, 'Site ID can only contain letters, numbers, hyphens, and underscores'),
+    // WordPress ID (numeric)
+    wpId: z.number()
+        .int('ID must be an integer')
+        .positive('ID must be positive')
+        .max(999999999, 'ID too large'),
+    // Search query with SQL injection protection
+    searchQuery: z.string()
+        .max(500, 'Search query too long')
+        .refine(val => !SQL_INJECTION_PATTERN.test(val), 'Invalid characters in search query')
+        .refine(val => !val.includes('--'), 'SQL comments not allowed')
+        .refine(val => !val.includes('/*'), 'SQL comments not allowed'),
+    // File path validation
+    filePath: z.string()
+        .max(500, 'File path too long')
+        .refine(val => !val.includes('..'), 'Path traversal not allowed')
+        .refine(val => !val.includes('<'), 'Invalid characters in path')
+        .refine(val => !val.includes('>'), 'Invalid characters in path'),
+    // Password (for display/logging - never log actual passwords)
+    passwordMask: z.string()
+        .transform(() => '[REDACTED]'),
+    // WordPress application password format
+    appPassword: z.string()
+        .regex(/^[a-zA-Z0-9\s]{24}$/, 'Invalid application password format')
+        .transform(val => val.replace(/\s/g, ' ')) // Normalize spaces
+};
+/**
+ * Input sanitization functions
+ */
+export class InputSanitizer {
+    /**
+     * Sanitize HTML content by removing dangerous elements
+     */
+    static sanitizeHtml(input) {
+        return input
+            .replace(SCRIPT_PATTERN, '') // Remove script tags
+            .replace(/javascript:/gi, '') // Remove javascript: URLs
+            .replace(/data:/gi, '') // Remove data: URLs
+            .replace(/on[a-z]+\s*=/gi, '') // Remove event handlers
+            .replace(/<iframe[^>]*>/gi, '') // Remove iframes
+            .replace(/<object[^>]*>/gi, '') // Remove objects
+            .replace(/<embed[^>]*>/gi, ''); // Remove embeds
+    }
+    /**
+     * Sanitize search queries to prevent SQL injection
+     */
+    static sanitizeSearchQuery(query) {
+        return query
+            .replace(/['"\\;]/g, '') // Remove quotes and backslashes
+            .replace(/--/g, '') // Remove SQL comments
+            .replace(/\/\*/g, '') // Remove SQL comments
+            .replace(/\*/g, '') // Remove wildcards
+            .trim()
+            .substring(0, 500); // Limit length
+    }
+    /**
+     * Sanitize file paths to prevent directory traversal
+     */
+    static sanitizeFilePath(path) {
+        return path
+            .replace(/\.\./g, '') // Remove directory traversal
+            .replace(/[<>]/g, '') // Remove angle brackets
+            .replace(/[|&;$`\\]/g, '') // Remove shell metacharacters
+            .trim();
+    }
+    /**
+     * Encode output for safe display
+     */
+    static encodeOutput(input) {
+        return input
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#x27;');
+    }
+}
+/**
+ * Security validation decorator for tool methods
+ */
+export function validateSecurity(schema) {
+    return function (target, propertyName, descriptor) {
+        const method = descriptor.value;
+        descriptor.value = async function (...args) {
+            try {
+                // Validate input parameters
+                const params = args[0] || {};
+                const validatedParams = schema.parse(params);
+                // Log security validation (without sensitive data)
+                console.log(`Security validation passed for ${propertyName}`, {
+                    timestamp: new Date().toISOString(),
+                    method: propertyName,
+                    paramCount: Object.keys(validatedParams).length
+                });
+                // Call original method with validated params
+                return await method.call(this, validatedParams, ...args.slice(1));
+            }
+            catch (error) {
+                // Log security validation failure
+                console.error(`Security validation failed for ${propertyName}`, {
+                    timestamp: new Date().toISOString(),
+                    method: propertyName,
+                    error: error instanceof z.ZodError ? error.errors : (error instanceof Error ? error.message : String(error))
+                });
+                throw new SecurityValidationError(`Security validation failed for ${propertyName}`, error instanceof z.ZodError ? error.errors : [{ message: error instanceof Error ? error.message : String(error) }]);
+            }
+        };
+        return descriptor;
+    };
+}
+/**
+ * Custom security validation error
+ */
+export class SecurityValidationError extends Error {
+    errors;
+    constructor(message, errors = []) {
+        super(message);
+        this.name = 'SecurityValidationError';
+        this.errors = errors;
+    }
+}
+/**
+ * Tool-specific validation schemas
+ */
+export const ToolSchemas = {
+    // Post creation/update
+    postData: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        title: SecuritySchemas.safeString.optional(),
+        content: SecuritySchemas.wpContent.optional(),
+        excerpt: SecuritySchemas.safeString.optional(),
+        status: z.enum(['publish', 'draft', 'private', 'pending']).optional(),
+        slug: SecuritySchemas.slug.optional(),
+        categories: z.array(SecuritySchemas.wpId).optional(),
+        tags: z.array(SecuritySchemas.wpId).optional()
+    }),
+    // User creation/update
+    userData: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        username: SecuritySchemas.slug,
+        email: SecuritySchemas.email,
+        password: SecuritySchemas.safeString.optional(),
+        roles: z.array(z.string()).optional(),
+        firstName: SecuritySchemas.safeString.optional(),
+        lastName: SecuritySchemas.safeString.optional()
+    }),
+    // Search parameters
+    searchParams: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        query: SecuritySchemas.searchQuery,
+        type: z.enum(['post', 'page', 'any']).optional(),
+        limit: z.number().int().min(1).max(100).optional()
+    }),
+    // Media upload
+    mediaUpload: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        filename: SecuritySchemas.filePath,
+        title: SecuritySchemas.safeString.optional(),
+        caption: SecuritySchemas.safeString.optional(),
+        description: SecuritySchemas.safeString.optional()
+    }),
+    // Site settings
+    siteSettings: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        title: SecuritySchemas.safeString.optional(),
+        description: SecuritySchemas.safeString.optional(),
+        url: SecuritySchemas.url.optional(),
+        adminEmail: SecuritySchemas.email.optional()
+    }),
+    // Generic list parameters
+    listParams: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        page: z.number().int().min(1).max(1000).optional(),
+        perPage: z.number().int().min(1).max(100).optional(),
+        search: SecuritySchemas.searchQuery.optional(),
+        orderBy: z.string().max(50).optional(),
+        order: z.enum(['asc', 'desc']).optional()
+    }),
+    // ID-based operations
+    idParams: z.object({
+        site: SecuritySchemas.siteId.optional(),
+        id: SecuritySchemas.wpId
+    })
+};
+/**
+ * Rate limiting and DoS protection
+ */
+export class SecurityLimiter {
+    static requestCounts = new Map();
+    static RATE_LIMIT = 1000; // requests per window
+    static WINDOW_MS = 60 * 1000; // 1 minute
+    /**
+     * Check if request is within rate limits
+     */
+    static checkRateLimit(identifier) {
+        const now = Date.now();
+        const key = identifier;
+        const current = this.requestCounts.get(key);
+        if (!current || now > current.resetTime) {
+            this.requestCounts.set(key, { count: 1, resetTime: now + this.WINDOW_MS });
+            return true;
+        }
+        if (current.count >= this.RATE_LIMIT) {
+            return false;
+        }
+        current.count++;
+        return true;
+    }
+    /**
+     * Clean up expired rate limit entries
+     */
+    static cleanup() {
+        const now = Date.now();
+        for (const [key, data] of this.requestCounts.entries()) {
+            if (now > data.resetTime) {
+                this.requestCounts.delete(key);
+            }
+        }
+    }
+}
+// Start cleanup interval
+setInterval(() => SecurityLimiter.cleanup(), 60000); // Clean up every minute
+//# sourceMappingURL=InputValidator.js.map

package/dist/security/InputValidator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"InputValidator.js","sourceRoot":"","sources":["../../src/security/InputValidator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,6BAA6B;AAC7B,MAAM,WAAW,GAAG,oCAAoC,CAAC;AACzD,MAAM,aAAa,GAAG,kDAAkD,CAAC;AACzE,MAAM,YAAY,GAAG,cAAc,CAAC;AACpC,MAAM,cAAc,GAAG,qDAAqD,CAAC;AAC7E,MAAM,qBAAqB,GAAG,4EAA4E,CAAC;AAE3G;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,kCAAkC;IAClC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;SACnB,GAAG,CAAC,KAAK,EAAE,iBAAiB,CAAC;SAC7B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,yBAAyB,CAAC;SACnE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,6BAA6B,CAAC;SAC1E,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,uBAAuB,CAAC;SAC9D,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,4BAA4B,CAAC;SACtE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,4BAA4B,CAAC;SACrE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,4BAA4B,CAAC;IAEzE,uCAAuC;IACvC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;SACpB,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC;SAC/B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,yBAAyB,CAAC;SACnE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,6BAA6B,CAAC;SAC1E,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,4BAA4B,CAAC;IAE1E,iBAAiB;IACjB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;SACZ,GAAG,CAAC,oBAAoB,CAAC;SACzB,KAAK,CAAC,WAAW,EAAE,iCAAiC,CAAC;SACrD,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,6BAA6B,CAAC;SAC1E,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,uBAAuB,CAAC;IAEjE,mBAAmB;IACnB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;SACd,KAAK,CAAC,sBAAsB,CAAC;SAC7B,KAAK,CAAC,aAAa,EAAE,mCAAmC,CAAC;SACzD,GAAG,CAAC,GAAG,EAAE,gBAAgB,CAAC;IAE7B,8CAA8C;IAC9C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;SACb,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;SAC9B,GAAG,CAAC,GAAG,EAAE,eAAe,CAAC;SACzB,KAAK,CAAC,YAAY,EAAE,+DAA+D,CAAC;IAEvF,8BAA8B;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SAClB,GAAG,CAAC,OAAO,EAAE,kBAAkB,CAAC;SAChC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,oCAAoC,CAAC;SAC9E,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,6BAA6B,CAAC;IAE7E,qBAAqB;IACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;SACf,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;SACjC,GAAG,CAAC,EAAE,EAAE,kBAAkB,CAAC;SAC3B,KAAK,CAAC,mBAAmB,EAAE,qEAAqE,CAAC;IAEpG,yBAAyB;IACzB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;SACb,GAAG,CAAC,uBAAuB,CAAC;SAC5B,QAAQ,CAAC,qBAAqB,CAAC;SAC/B,GAAG,CAAC,SAAS,EAAE,cAAc,CAAC;IAEjC,6CAA6C;IAC7C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;SACpB,GAAG,CAAC,GAAG,EAAE,uBAAuB,CAAC;SACjC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,oCAAoC,CAAC;SACrF,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,0BAA0B,CAAC;SAC9D,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,0BAA0B,CAAC;IAEjE,uBAAuB;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;SACjB,GAAG,CAAC,GAAG,EAAE,oBAAoB,CAAC;SAC9B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,4BAA4B,CAAC;SAChE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,4BAA4B,CAAC;SAC/D,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,4BAA4B,CAAC;IAElE,8DAA8D;IAC9D,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;SACrB,SAAS,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC;IAEhC,wCAAwC;IACxC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;SACpB,KAAK,CAAC,qBAAqB,EAAE,qCAAqC,CAAC;SACnE,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,mBAAmB;CACjE,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,KAAa;QAC/B,OAAO,KAAK;aACT,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,qBAAqB;aACjD,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,0BAA0B;aACvD,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,oBAAoB;aAC3C,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,wBAAwB;aACtD,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,iBAAiB;aAChD,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,iBAAiB;aAChD,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB;IACpD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,KAAa;QACtC,OAAO,KAAK;aACT,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,gCAAgC;aACxD,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,sBAAsB;aACzC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,sBAAsB;aAC3C,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,mBAAmB;aACtC,IAAI,EAAE;aACN,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,eAAe;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,IAAY;QAClC,OAAO,IAAI;aACR,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,6BAA6B;aAClD,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,wBAAwB;aAC7C,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,8BAA8B;aACxD,IAAI,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,KAAa;QAC/B,OAAO,KAAK;aACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;aACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;aACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;aACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;aACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAmB;IAClD,OAAO,UAAU,MAAW,EAAE,YAAoB,EAAE,UAA8B;QAChF,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC;QAEhC,UAAU,CAAC,KAAK,GAAG,KAAK,WAAW,GAAG,IAAW;YAC/C,IAAI,CAAC;gBACH,4BAA4B;gBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE7C,mDAAmD;gBACnD,OAAO,CAAC,GAAG,CAAC,kCAAkC,YAAY,EAAE,EAAE;oBAC5D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,MAAM,EAAE,YAAY;oBACpB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM;iBAChD,CAAC,CAAC;gBAEH,6CAA6C;gBAC7C,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACpE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,kCAAkC;gBAClC,OAAO,CAAC,KAAK,CAAC,kCAAkC,YAAY,EAAE,EAAE;oBAC9D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,MAAM,EAAE,YAAY;oBACpB,KAAK,EAAE,KAAK,YAAY,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;iBAC7G,CAAC,CAAC;gBAEH,MAAM,IAAI,uBAAuB,CAC/B,kCAAkC,YAAY,EAAE,EAChD,KAAK,YAAY,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CACnH,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;QAEF,OAAO,UAAU,CAAC;IACpB,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChC,MAAM,CAAQ;IAE9B,YAAY,OAAe,EAAE,SAAgB,EAAE;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,uBAAuB;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,KAAK,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAC5C,OAAO,EAAE,eAAe,CAAC,SAAS,CAAC,QAAQ,EAAE;QAC7C,OAAO,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAC9C,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE;QACrE,IAAI,EAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE;QACrC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;QACpD,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;KAC/C,CAAC;IAEF,uBAAuB;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,QAAQ,EAAE,eAAe,CAAC,IAAI;QAC9B,KAAK,EAAE,eAAe,CAAC,KAAK;QAC5B,QAAQ,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAC/C,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACrC,SAAS,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAChD,QAAQ,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;KAChD,CAAC;IAEF,oBAAoB;IACpB,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,KAAK,EAAE,eAAe,CAAC,WAAW;QAClC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;QAChD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;KACnD,CAAC;IAEF,eAAe;IACf,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,KAAK,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAC5C,OAAO,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAC9C,WAAW,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;KACnD,CAAC;IAEF,gBAAgB;IAChB,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,KAAK,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAC5C,WAAW,EAAE,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE;QAClD,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE;QACnC,UAAU,EAAE,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE;KAC7C,CAAC;IAEF,0BAA0B;IAC1B,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC;QACnB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;QAClD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;QACpD,MAAM,EAAE,eAAe,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;QACtC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;KAC1C,CAAC;IAEF,sBAAsB;IACtB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;QACvC,EAAE,EAAE,eAAe,CAAC,IAAI;KACzB,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,MAAM,CAAC,aAAa,GAAG,IAAI,GAAG,EAAgD,CAAC;IAC/E,MAAM,CAAU,UAAU,GAAG,IAAI,CAAC,CAAC,sBAAsB;IACzD,MAAM,CAAU,SAAS,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;IAE1D;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,UAAkB;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,UAAU,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5C,IAAI,CAAC,OAAO,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,OAAO;QACZ,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;;AAGH,yBAAyB;AACzB,WAAW,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,wBAAwB"}

package/dist/security/SecurityConfig.d.ts

@@ -0,0 +1,129 @@
+/**
+ * Security configuration and constants for MCP WordPress
+ */
+export declare const SecurityConfig: {
+    rateLimiting: {
+        default: {
+            windowMs: number;
+            maxRequests: number;
+        };
+        authentication: {
+            windowMs: number;
+            maxAttempts: number;
+        };
+        upload: {
+            windowMs: number;
+            maxRequests: number;
+        };
+    };
+    fileUpload: {
+        maxSizeMB: number;
+        allowedMimeTypes: string[];
+        blockedExtensions: string[];
+    };
+    validation: {
+        maxStringLength: number;
+        maxTitleLength: number;
+        maxContentLength: number;
+        maxExcerptLength: number;
+        maxUrlLength: number;
+        maxUsernameLength: number;
+        minUsernameLength: number;
+        maxPasswordLength: number;
+        minPasswordLength: number;
+    };
+    timeouts: {
+        default: number;
+        upload: number;
+        auth: number;
+    };
+    headers: {
+        'X-Content-Type-Options': string;
+        'X-Frame-Options': string;
+        'X-XSS-Protection': string;
+        'Strict-Transport-Security': string;
+        'Content-Security-Policy': string;
+    };
+    errorMessages: {
+        authentication: string;
+        authorization: string;
+        validation: string;
+        rateLimit: string;
+        serverError: string;
+        notFound: string;
+    };
+    logging: {
+        excludeFields: string[];
+        redactPatterns: RegExp[];
+    };
+    cache: {
+        enabled: boolean;
+        maxSize: number;
+        defaultTTL: number;
+        enableLRU: boolean;
+        enableStats: boolean;
+        ttlPresets: {
+            static: number;
+            semiStatic: number;
+            dynamic: number;
+            session: number;
+            realtime: number;
+        };
+        cacheHeaders: {
+            static: string;
+            semiStatic: string;
+            dynamic: string;
+            session: string;
+            realtime: string;
+        };
+        invalidation: {
+            enabled: boolean;
+            batchSize: number;
+            queueTimeout: number;
+            enableCascading: boolean;
+        };
+        cleanup: {
+            interval: number;
+            maxMemoryMB: number;
+            evictionThreshold: number;
+        };
+    };
+};
+/**
+ * Security utility functions
+ */
+export declare class SecurityUtils {
+    /**
+     * Redact sensitive information from objects
+     */
+    static redactSensitiveData(obj: any): any;
+    /**
+     * Redact sensitive patterns from strings
+     */
+    static redactString(str: string): string;
+    /**
+     * Generate secure random strings
+     */
+    static generateSecureToken(length?: number): string;
+    /**
+     * Check if a file extension is allowed
+     */
+    static isFileExtensionAllowed(filename: string): boolean;
+    /**
+     * Sanitize log output
+     */
+    static sanitizeForLog(data: any): any;
+}
+/**
+ * Secure error handler that prevents information disclosure
+ */
+export declare function createSecureError(error: any, fallbackMessage?: string): Error;
+/**
+ * Environment-specific security settings
+ */
+export declare function getEnvironmentSecurity(): {
+    strictMode: boolean;
+    verboseErrors: boolean;
+    enforceHttps: boolean;
+};
+//# sourceMappingURL=SecurityConfig.d.ts.map

package/dist/security/SecurityConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityConfig.d.ts","sourceRoot":"","sources":["../../src/security/SecurityConfig.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwK1B,CAAC;AAEF;;GAEG;AACH,qBAAa,aAAa;IACxB;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG;IAsBzC;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAUxC;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM;IAgBvD;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAKxD;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG;CAStC;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,GAAG,EACV,eAAe,GAAE,MAAiD,GACjE,KAAK,CAeP;AAKD;;GAEG;AACH,wBAAgB,sBAAsB,IAAI;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,OAAO,CAAC;CACrB,CAQF"}