mcp4openapi 0.2.3 → 0.2.4

package/dist/src/testing/mock-semgrep-server.js

@@ -0,0 +1,213 @@
+/**
+ * Mock Semgrep API server for integration testing
+ *
+ * Why: Enables end-to-end testing without real Semgrep instance.
+ * Tests actual HTTP flow, parameter handling, error scenarios.
+ */
+import { http, HttpResponse } from 'msw';
+import { setupServer } from 'msw/node';
+/** Default BASE_URL for Semgrep API (used by MSW interceptor) */
+export const DEFAULT_BASE_URL = 'https://semgrep.dev';
+const DEFAULT_CONFIG = {
+    baseUrl: DEFAULT_BASE_URL,
+    validToken: 'mock-semgrep-token-12345',
+    deploymentSlug: 'test-deployment',
+    deploymentId: 123,
+};
+/**
+ * Create Semgrep API handlers
+ */
+export function createSemgrepHandlers(config = {}) {
+    const cfg = { ...DEFAULT_CONFIG, ...config };
+    return [
+        // GET /api/v1/deployments - List deployments
+        http.get(`${cfg.baseUrl}/api/v1/deployments`, ({ request }) => {
+            const authHeader = request.headers.get('Authorization');
+            if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                return HttpResponse.json({ error: 'Unauthorized' }, { status: 401 });
+            }
+            const token = authHeader.replace('Bearer ', '');
+            if (token !== cfg.validToken) {
+                return HttpResponse.json({ error: 'Invalid token' }, { status: 401 });
+            }
+            return HttpResponse.json({
+                deployments: [
+                    {
+                        id: cfg.deploymentId,
+                        slug: cfg.deploymentSlug,
+                        name: 'Test Deployment',
+                        findings: {
+                            url: `${cfg.baseUrl}/api/v1/deployments/${cfg.deploymentSlug}/findings`,
+                        },
+                    },
+                ],
+            });
+        }),
+        // POST /api/v1/deployments/{deploymentSlug}/triage - Bulk triage
+        http.post(`${cfg.baseUrl}/api/v1/deployments/:deploymentSlug/triage`, async ({ request, params }) => {
+            const authHeader = request.headers.get('Authorization');
+            if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                return HttpResponse.json({ error: 'Unauthorized' }, { status: 401 });
+            }
+            const token = authHeader.replace('Bearer ', '');
+            if (token !== cfg.validToken) {
+                return HttpResponse.json({ error: 'Invalid token' }, { status: 401 });
+            }
+            const { deploymentSlug } = params;
+            if (deploymentSlug !== cfg.deploymentSlug) {
+                return HttpResponse.json({ error: 'Deployment not found' }, { status: 404 });
+            }
+            let body;
+            try {
+                body = await request.json();
+            }
+            catch (e) {
+                return HttpResponse.json({ error: 'Invalid JSON body' }, { status: 400 });
+            }
+            // Log the received request for debugging
+            console.log('[Mock Semgrep] Received triage request:', {
+                url: request.url,
+                params,
+                body,
+                headers: {
+                    'Content-Type': request.headers.get('Content-Type'),
+                    'Authorization': authHeader ? '***' : undefined,
+                },
+            });
+            // Validate required fields according to OpenAPI spec
+            if (!body.issue_type) {
+                return HttpResponse.json({
+                    error: 'Validation error',
+                    details: 'issue_type is required',
+                }, { status: 400 });
+            }
+            if (!['sast', 'sca', 'secrets'].includes(body.issue_type)) {
+                return HttpResponse.json({
+                    error: 'Validation error',
+                    details: 'issue_type must be one of: sast, sca, secrets',
+                }, { status: 400 });
+            }
+            // Check deploymentSlug in body (as per OpenAPI spec)
+            if (!body.deploymentSlug) {
+                return HttpResponse.json({
+                    error: 'Validation error',
+                    details: 'deploymentSlug is required in request body',
+                }, { status: 400 });
+            }
+            if (body.deploymentSlug !== cfg.deploymentSlug) {
+                return HttpResponse.json({
+                    error: 'Validation error',
+                    details: 'deploymentSlug in body does not match URL parameter',
+                }, { status: 400 });
+            }
+            // Validate limit is integer if provided
+            if (body.limit !== undefined) {
+                if (!Number.isInteger(body.limit)) {
+                    return HttpResponse.json({
+                        error: 'Validation error',
+                        details: 'limit must be an integer',
+                    }, { status: 400 });
+                }
+                if (body.limit < 1 || body.limit > 3000) {
+                    return HttpResponse.json({
+                        error: 'Validation error',
+                        details: 'limit must be between 1 and 3000',
+                    }, { status: 400 });
+                }
+            }
+            // Validate triage state and reason
+            if (body.new_triage_state) {
+                const validStates = ['ignored', 'reviewing', 'fixing', 'reopened'];
+                if (!validStates.includes(body.new_triage_state)) {
+                    return HttpResponse.json({
+                        error: 'Validation error',
+                        details: `new_triage_state must be one of: ${validStates.join(', ')}`,
+                    }, { status: 400 });
+                }
+                if (body.new_triage_state === 'ignored' && body.new_triage_reason) {
+                    const validReasons = ['acceptable_risk', 'false_positive', 'no_time', 'no_triage_reason'];
+                    if (!validReasons.includes(body.new_triage_reason)) {
+                        return HttpResponse.json({
+                            error: 'Validation error',
+                            details: `new_triage_reason must be one of: ${validReasons.join(', ')}`,
+                        }, { status: 400 });
+                    }
+                }
+            }
+            // Mock successful response
+            return HttpResponse.json({
+                num_triaged: 3,
+                triaged_issues: [123, 456, 789],
+            });
+        }),
+        // GET /api/v1/deployments/{deploymentSlug}/projects - List projects
+        http.get(`${cfg.baseUrl}/api/v1/deployments/:deploymentSlug/projects`, ({ request, params }) => {
+            const authHeader = request.headers.get('Authorization');
+            if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                return HttpResponse.json({ error: 'Unauthorized' }, { status: 401 });
+            }
+            const { deploymentSlug } = params;
+            if (deploymentSlug !== cfg.deploymentSlug) {
+                return HttpResponse.json({ error: 'Deployment not found' }, { status: 404 });
+            }
+            // Mock projects response
+            return HttpResponse.json({
+                projects: [
+                    {
+                        id: 1,
+                        name: 'test-org/test-repo',
+                        url: 'https://github.com/test-org/test-repo',
+                        default_branch: 'refs/heads/main',
+                        tags: ['test'],
+                        latest_scan_at: '2025-12-03T00:00:00Z',
+                    },
+                ],
+            });
+        }),
+        // GET /api/v1/deployments/{deploymentSlug}/findings - List findings
+        http.get(`${cfg.baseUrl}/api/v1/deployments/:deploymentSlug/findings`, ({ request, params }) => {
+            const authHeader = request.headers.get('Authorization');
+            if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                return HttpResponse.json({ error: 'Unauthorized' }, { status: 401 });
+            }
+            const { deploymentSlug } = params;
+            if (deploymentSlug !== cfg.deploymentSlug) {
+                return HttpResponse.json({ error: 'Deployment not found' }, { status: 404 });
+            }
+            const url = new URL(request.url);
+            const issueType = url.searchParams.get('issue_type') || 'sast';
+            const status = url.searchParams.get('status');
+            // Mock findings response
+            return HttpResponse.json({
+                sastFindings: {
+                    findings: [
+                        {
+                            id: 123,
+                            severity: 'high',
+                            status: status || 'open',
+                            rule: {
+                                name: 'test.rule.1',
+                                confidence: 'high',
+                            },
+                            repository: {
+                                name: 'test/repo',
+                            },
+                            location: {
+                                filePath: 'src/test.ts',
+                                line: 10,
+                            },
+                        },
+                    ],
+                },
+            });
+        }),
+    ];
+}
+/**
+ * Create and start mock Semgrep server
+ */
+export function createMockSemgrepServer(config = {}) {
+    const handlers = createSemgrepHandlers(config);
+    return setupServer(...handlers);
+}
+//# sourceMappingURL=mock-semgrep-server.js.map

package/dist/src/testing/mock-semgrep-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mock-semgrep-server.js","sourceRoot":"","sources":["../../../src/testing/mock-semgrep-server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,YAAY,EAAkB,MAAM,KAAK,CAAC;AACzD,OAAO,EAAE,WAAW,EAAkB,MAAM,UAAU,CAAC;AAEvD,iEAAiE;AACjE,MAAM,CAAC,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAgBtD,MAAM,cAAc,GAAkC;IACpD,OAAO,EAAE,gBAAgB;IACzB,UAAU,EAAE,0BAA0B;IACtC,cAAc,EAAE,iBAAiB;IACjC,YAAY,EAAE,GAAG;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAA8B,EAAE;IAEhC,MAAM,GAAG,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;IAE7C,OAAO;QACL,6CAA6C;QAC7C,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,OAAO,qBAAqB,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE;YAC5D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAExD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,cAAc,EAAE,EACzB,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAChD,IAAI,KAAK,KAAK,GAAG,CAAC,UAAU,EAAE,CAAC;gBAC7B,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,eAAe,EAAE,EAC1B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,OAAO,YAAY,CAAC,IAAI,CAAC;gBACvB,WAAW,EAAE;oBACX;wBACE,EAAE,EAAE,GAAG,CAAC,YAAY;wBACpB,IAAI,EAAE,GAAG,CAAC,cAAc;wBACxB,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE;4BACR,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,uBAAuB,GAAG,CAAC,cAAc,WAAW;yBACxE;qBACF;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,iEAAiE;QACjE,IAAI,CAAC,IAAI,CACP,GAAG,GAAG,CAAC,OAAO,4CAA4C,EAC1D,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;YAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAExD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,cAAc,EAAE,EACzB,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAChD,IAAI,KAAK,KAAK,GAAG,CAAC,UAAU,EAAE,CAAC;gBAC7B,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,eAAe,EAAE,EAC1B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;YAClC,IAAI,cAAc,KAAK,GAAG,CAAC,cAAc,EAAE,CAAC;gBAC1C,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,sBAAsB,EAAE,EACjC,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YAC9B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,yCAAyC;YACzC,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE;gBACrD,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,MAAM;gBACN,IAAI;gBACJ,OAAO,EAAE;oBACP,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;oBACnD,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBAChD;aACF,CAAC,CAAC;YAEH,qDAAqD;YACrD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,wBAAwB;iBAClC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1D,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,+CAA+C;iBACzD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,qDAAqD;YACrD,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzB,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,4CAA4C;iBACtD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,CAAC,cAAc,KAAK,GAAG,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,KAAK,EAAE,kBAAkB;oBACzB,OAAO,EAAE,qDAAqD;iBAC/D,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,wCAAwC;YACxC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBAClC,OAAO,YAAY,CAAC,IAAI,CACtB;wBACE,KAAK,EAAE,kBAAkB;wBACzB,OAAO,EAAE,0BAA0B;qBACpC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;gBACJ,CAAC;gBACD,IAAI,IAAI,CAAC,KAAK,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,EAAE,CAAC;oBACxC,OAAO,YAAY,CAAC,IAAI,CACtB;wBACE,KAAK,EAAE,kBAAkB;wBACzB,OAAO,EAAE,kCAAkC;qBAC5C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,WAAW,GAAG,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACnE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBACjD,OAAO,YAAY,CAAC,IAAI,CACtB;wBACE,KAAK,EAAE,kBAAkB;wBACzB,OAAO,EAAE,oCAAoC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBACtE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;gBACJ,CAAC;gBAED,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAClE,MAAM,YAAY,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;oBAC1F,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACnD,OAAO,YAAY,CAAC,IAAI,CACtB;4BACE,KAAK,EAAE,kBAAkB;4BACzB,OAAO,EAAE,qCAAqC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBACxE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2BAA2B;YAC3B,OAAO,YAAY,CAAC,IAAI,CAAC;gBACvB,WAAW,EAAE,CAAC;gBACd,cAAc,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;aAChC,CAAC,CAAC;QACL,CAAC,CACF;QAED,oEAAoE;QACpE,IAAI,CAAC,GAAG,CACN,GAAG,GAAG,CAAC,OAAO,8CAA8C,EAC5D,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;YACtB,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAExD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,cAAc,EAAE,EACzB,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;YAClC,IAAI,cAAc,KAAK,GAAG,CAAC,cAAc,EAAE,CAAC;gBAC1C,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,sBAAsB,EAAE,EACjC,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,OAAO,YAAY,CAAC,IAAI,CAAC;gBACvB,QAAQ,EAAE;oBACR;wBACE,EAAE,EAAE,CAAC;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,GAAG,EAAE,uCAAuC;wBAC5C,cAAc,EAAE,iBAAiB;wBACjC,IAAI,EAAE,CAAC,MAAM,CAAC;wBACd,cAAc,EAAE,sBAAsB;qBACvC;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CACF;QAED,oEAAoE;QACpE,IAAI,CAAC,GAAG,CACN,GAAG,GAAG,CAAC,OAAO,8CAA8C,EAC5D,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;YACtB,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAExD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,cAAc,EAAE,EACzB,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;YAClC,IAAI,cAAc,KAAK,GAAG,CAAC,cAAc,EAAE,CAAC;gBAC1C,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,sBAAsB,EAAE,EACjC,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC;YAC/D,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE9C,yBAAyB;YACzB,OAAO,YAAY,CAAC,IAAI,CAAC;gBACvB,YAAY,EAAE;oBACZ,QAAQ,EAAE;wBACR;4BACE,EAAE,EAAE,GAAG;4BACP,QAAQ,EAAE,MAAM;4BAChB,MAAM,EAAE,MAAM,IAAI,MAAM;4BACxB,IAAI,EAAE;gCACJ,IAAI,EAAE,aAAa;gCACnB,UAAU,EAAE,MAAM;6BACnB;4BACD,UAAU,EAAE;gCACV,IAAI,EAAE,WAAW;6BAClB;4BACD,QAAQ,EAAE;gCACR,QAAQ,EAAE,aAAa;gCACvB,IAAI,EAAE,EAAE;6BACT;yBACF;qBACF;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CACF;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,SAA8B,EAAE;IAEhC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC/C,OAAO,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC;AAClC,CAAC"}

package/dist/src/validation-utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validation-utils.d.ts","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqBH;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,MAAM,GACjB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAYzB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE,MAAM,GAChB,MAAM,CAaR;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,OAAO,EACf,SAAS,EAAE,MAAM,GAChB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE9C;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAO5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAGrE"}
+{"version":3,"file":"validation-utils.d.ts","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqBH;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAExD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,MAAM,GACjB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAYzB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE,MAAM,GAChB,MAAM,CAiCR;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,OAAO,EACf,SAAS,EAAE,MAAM,GAChB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE9C;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAO5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAGrE"}

package/dist/src/validation-utils.js

@@ -55,6 +55,10 @@ export function redactHeader(headers, headerName) {
 export function redactQueryParam(url, paramName) {
     if (!url)
         return '';
+    // Enforce safe paramName (alphanumeric, underscore, dash) length <= 64
+    if (!/^[A-Za-z0-9_-]{1,64}$/.test(paramName)) {
+        return url; // Unsafe param name; return original unmodified
+    }
     try {
         const urlObj = new URL(url);
         if (urlObj.searchParams.has(paramName)) {
@@ -63,8 +67,26 @@ export function redactQueryParam(url, paramName) {
         return urlObj.toString();
     }
     catch {
-        const regex = new RegExp(`([?&]${escapeRegExp(paramName)}=)[^&]+`, 'gi');
-        return url.replace(regex, `$1[REDACTED]`);
+        // Fallback: manual parsing without dynamic RegExp to avoid ReDoS concerns
+        // Split on '?' then process query string key-value pairs
+        const qIndex = url.indexOf('?');
+        if (qIndex === -1)
+            return url;
+        const base = url.substring(0, qIndex);
+        const query = url.substring(qIndex + 1);
+        const parts = query.split('&');
+        const redactedParts = parts.map(part => {
+            const eqIndex = part.indexOf('=');
+            if (eqIndex === -1)
+                return part; // skip malformed segment
+            const key = part.substring(0, eqIndex);
+            if (key === paramName) {
+                // Encode [REDACTED] for consistency with URLSearchParams behavior
+                return key + '=%5BREDACTED%5D';
+            }
+            return part;
+        });
+        return base + '?' + redactedParts.join('&');
     }
 }
 /**

package/dist/src/validation-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"validation-utils.js","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,oEAAoE;AACpE,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,WAAW;IACX,aAAa;IACb,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,eAAe;IACf,sBAAsB;IACtB,gBAAgB;IAChB,UAAU;IACV,SAAS;CACV,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAgB,EAChB,UAAkB;IAElB,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAAG,EAAE,GAAI,OAAmC,EAAE,CAAC;IAE7D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAuB,EACvB,SAAiB;IAEjB,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IAEpB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,YAAY,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACzE,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,MAAe,EACf,SAAiB;IAEjB,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAG,EAAE,GAAI,MAAkC,EAAE,CAAC;IAC5D,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,GAA8B;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC"}
+{"version":3,"file":"validation-utils.js","sourceRoot":"","sources":["../../src/validation-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,oEAAoE;AACpE,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,WAAW;IACX,aAAa;IACb,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,eAAe;IACf,sBAAsB;IACtB,gBAAgB;IAChB,UAAU;IACV,SAAS;CACV,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAgB,EAChB,UAAkB;IAElB,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAAG,EAAE,GAAI,OAAmC,EAAE,CAAC;IAE7D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAuB,EACvB,SAAiB;IAEjB,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,uEAAuE;IACvE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,OAAO,GAAG,CAAC,CAAC,gDAAgD;IAC9D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;QAC1E,yDAAyD;QACzD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,OAAO,KAAK,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;YAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YACvC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,kEAAkE;gBAClE,OAAO,GAAG,GAAG,iBAAiB,CAAC;YACjC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,GAAG,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,MAAe,EACf,SAAiB;IAEjB,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAG,EAAE,GAAI,MAAkC,EAAE,CAAC;IAC5D,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,GAA8B;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp4openapi",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "Universal MCP server that generates tools from any OpenAPI specification",
   "type": "module",
   "main": "dist/src/index.js",
@@ -56,10 +56,10 @@
     "url": "https://github.com/davidruzicka/mcp4openapi/issues"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.4",
+    "@modelcontextprotocol/sdk": "^1.24.0",
     "dotenv": "^17.2.3",
     "escape-html": "^1.0.3",
-    "express": "^5.1.0",
+    "express": "^5.2.1",
     "express-rate-limit": "^8.2.1",
     "openapi-types": "^12.1.3",
     "prom-client": "^15.1.3",