mcp4openapi 0.2.1 → 0.2.3

package/dist/src/validation-utils.js

@@ -5,6 +5,80 @@
  * Centralizes validation logic and ensures consistency across the application
  */
 import escapeHtml from 'escape-html';
+/** Property names that must never be used as dynamic object keys */
+const FORBIDDEN_PROPERTY_NAMES = new Set([
+    '__proto__',
+    'constructor',
+    'prototype',
+    '__defineGetter__',
+    '__defineSetter__',
+    '__lookupGetter__',
+    '__lookupSetter__',
+    'hasOwnProperty',
+    'isPrototypeOf',
+    'propertyIsEnumerable',
+    'toLocaleString',
+    'toString',
+    'valueOf',
+]);
+/**
+ * Validates that a property name is safe to use as dynamic object key.
+ * Prevents prototype pollution attacks.
+ */
+export function isSafePropertyName(name) {
+    return !FORBIDDEN_PROPERTY_NAMES.has(name);
+}
+/**
+ * Escape special regex characters in a string.
+ * Prevents ReDoS attacks when using dynamic strings in RegExp.
+ */
+export function escapeRegExp(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/**
+ * Redact specific header from headers object (case-insensitive)
+ */
+export function redactHeader(headers, headerName) {
+    if (!headers || typeof headers !== 'object')
+        return {};
+    const redacted = { ...headers };
+    for (const key of Object.keys(redacted)) {
+        if (key.toLowerCase() === headerName.toLowerCase()) {
+            redacted[key] = '[REDACTED]';
+        }
+    }
+    return redacted;
+}
+/**
+ * Redact query parameter from URL string
+ */
+export function redactQueryParam(url, paramName) {
+    if (!url)
+        return '';
+    try {
+        const urlObj = new URL(url);
+        if (urlObj.searchParams.has(paramName)) {
+            urlObj.searchParams.set(paramName, '[REDACTED]');
+        }
+        return urlObj.toString();
+    }
+    catch {
+        const regex = new RegExp(`([?&]${escapeRegExp(paramName)}=)[^&]+`, 'gi');
+        return url.replace(regex, `$1[REDACTED]`);
+    }
+}
+/**
+ * Redact parameter from params object
+ */
+export function redactParam(params, paramName) {
+    if (!params || typeof params !== 'object')
+        return {};
+    const redacted = { ...params };
+    if (paramName in redacted) {
+        redacted[paramName] = '[REDACTED]';
+    }
+    return redacted;
+}
 /**
  * Validates if a string is a valid email address
  */

package/dist/src/validation-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"validation-utils.js","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,GAA8B;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC"}
+{"version":3,"file":"validation-utils.js","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,oEAAoE;AACpE,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,WAAW;IACX,aAAa;IACb,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,eAAe;IACf,sBAAsB;IACtB,gBAAgB;IAChB,UAAU;IACV,SAAS;CACV,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAgB,EAChB,UAAkB;IAElB,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAAG,EAAE,GAAI,OAAmC,EAAE,CAAC;IAE7D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAuB,EACvB,SAAiB;IAEjB,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IAEpB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,YAAY,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACzE,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,MAAe,EACf,SAAiB;IAEjB,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAG,EAAE,GAAI,MAAkC,EAAE,CAAC;IAC5D,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,GAA8B;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp4openapi",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "Universal MCP server that generates tools from any OpenAPI specification",
   "type": "module",
   "main": "dist/src/index.js",