visus-mcp 0.6.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (203) hide show
  1. package/.claude/settings.local.json +15 -1
  2. package/.env.status +7 -0
  3. package/CHANGELOG.md +110 -0
  4. package/CLAUDE.md +3 -0
  5. package/README.md +29 -19
  6. package/SECURITY.md +2 -0
  7. package/STATUS.md +320 -12
  8. package/dist/browser/playwright-renderer.d.ts.map +1 -1
  9. package/dist/browser/playwright-renderer.js +27 -5
  10. package/dist/browser/playwright-renderer.js.map +1 -1
  11. package/dist/content-handlers/index.d.ts +36 -0
  12. package/dist/content-handlers/index.d.ts.map +1 -0
  13. package/dist/content-handlers/index.js +59 -0
  14. package/dist/content-handlers/index.js.map +1 -0
  15. package/dist/content-handlers/json-handler.d.ts +28 -0
  16. package/dist/content-handlers/json-handler.d.ts.map +1 -0
  17. package/dist/content-handlers/json-handler.js +116 -0
  18. package/dist/content-handlers/json-handler.js.map +1 -0
  19. package/dist/content-handlers/pdf-handler.d.ts +29 -0
  20. package/dist/content-handlers/pdf-handler.d.ts.map +1 -0
  21. package/dist/content-handlers/pdf-handler.js +77 -0
  22. package/dist/content-handlers/pdf-handler.js.map +1 -0
  23. package/dist/content-handlers/svg-handler.d.ts +35 -0
  24. package/dist/content-handlers/svg-handler.d.ts.map +1 -0
  25. package/dist/content-handlers/svg-handler.js +206 -0
  26. package/dist/content-handlers/svg-handler.js.map +1 -0
  27. package/dist/content-handlers/types.d.ts +42 -0
  28. package/dist/content-handlers/types.d.ts.map +1 -0
  29. package/dist/content-handlers/types.js +7 -0
  30. package/dist/content-handlers/types.js.map +1 -0
  31. package/dist/sanitizer/framework-mapper.d.ts +4 -0
  32. package/dist/sanitizer/framework-mapper.d.ts.map +1 -1
  33. package/dist/sanitizer/framework-mapper.js +92 -0
  34. package/dist/sanitizer/framework-mapper.js.map +1 -1
  35. package/dist/sanitizer/threat-reporter.d.ts +5 -0
  36. package/dist/sanitizer/threat-reporter.d.ts.map +1 -1
  37. package/dist/sanitizer/threat-reporter.js +15 -6
  38. package/dist/sanitizer/threat-reporter.js.map +1 -1
  39. package/dist/tools/fetch-structured.d.ts.map +1 -1
  40. package/dist/tools/fetch-structured.js +4 -0
  41. package/dist/tools/fetch-structured.js.map +1 -1
  42. package/dist/tools/fetch.d.ts.map +1 -1
  43. package/dist/tools/fetch.js +68 -4
  44. package/dist/tools/fetch.js.map +1 -1
  45. package/dist/tools/read.d.ts.map +1 -1
  46. package/dist/tools/read.js +4 -0
  47. package/dist/tools/read.js.map +1 -1
  48. package/dist/types.d.ts +9 -1
  49. package/dist/types.d.ts.map +1 -1
  50. package/dist/types.js.map +1 -1
  51. package/package.json +2 -1
  52. package/server.json +25 -14
  53. package/src/browser/playwright-renderer.ts +29 -6
  54. package/src/content-handlers/index.ts +72 -0
  55. package/src/content-handlers/json-handler.ts +137 -0
  56. package/src/content-handlers/pdf-handler.ts +91 -0
  57. package/src/content-handlers/svg-handler.ts +243 -0
  58. package/src/content-handlers/types.ts +44 -0
  59. package/src/sanitizer/framework-mapper.ts +94 -0
  60. package/src/sanitizer/threat-reporter.ts +17 -6
  61. package/src/tools/fetch-structured.ts +5 -0
  62. package/src/tools/fetch.ts +76 -4
  63. package/src/tools/read.ts +5 -0
  64. package/src/types.ts +9 -1
  65. package/.github/ISSUE_TEMPLATE/bug_report.md +0 -47
  66. package/.github/ISSUE_TEMPLATE/false_positive.md +0 -43
  67. package/.github/ISSUE_TEMPLATE/new_pattern.md +0 -49
  68. package/.github/ISSUE_TEMPLATE/security_report.md +0 -31
  69. package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
  70. package/.mcpregistry_github_token +0 -1
  71. package/.mcpregistry_registry_token +0 -1
  72. package/CONTRIBUTING.md +0 -329
  73. package/LINKEDIN-STRATEGY.md +0 -367
  74. package/ROADMAP.md +0 -221
  75. package/SECURITY-AUDIT-v1.md +0 -277
  76. package/SUBMISSION.md +0 -66
  77. package/TROUBLESHOOT-AUTH-20260322-2019.md +0 -291
  78. package/TROUBLESHOOT-BUILD-20260319-1450.md +0 -546
  79. package/TROUBLESHOOT-COGNITO-AUTH-20260324-2029.md +0 -415
  80. package/TROUBLESHOOT-COGNITO-JWT-20260324.md +0 -592
  81. package/TROUBLESHOOT-FETCH-20260320-1150.md +0 -168
  82. package/TROUBLESHOOT-JEST-20260323-1357.md +0 -139
  83. package/TROUBLESHOOT-LAMBDA-20260322-1945.md +0 -183
  84. package/TROUBLESHOOT-PLAYWRIGHT-20260321-1549.md +0 -217
  85. package/TROUBLESHOOT-SSL-20260320-1138.md +0 -171
  86. package/TROUBLESHOOT-STRUCTURED-20260320-1200.md +0 -246
  87. package/TROUBLESHOOT-TEST-20260320-0942.md +0 -281
  88. package/VISUS-CLAUDE-CODE-PROMPT.md +0 -324
  89. package/VISUS-PROJECT-PLAN.md +0 -205
  90. package/cdk.json +0 -73
  91. package/infrastructure/app.ts +0 -39
  92. package/infrastructure/stack.ts +0 -298
  93. package/jest.config.js +0 -33
  94. package/jest.setup.js +0 -9
  95. package/lambda-deploy/index.js +0 -81512
  96. package/lambda-deploy/index.js.map +0 -7
  97. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts +0 -25
  98. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts.map +0 -1
  99. package/lambda-package/browser/__mocks__/playwright-renderer.js +0 -119
  100. package/lambda-package/browser/__mocks__/playwright-renderer.js.map +0 -1
  101. package/lambda-package/browser/playwright-renderer.d.ts +0 -40
  102. package/lambda-package/browser/playwright-renderer.d.ts.map +0 -1
  103. package/lambda-package/browser/playwright-renderer.js +0 -214
  104. package/lambda-package/browser/playwright-renderer.js.map +0 -1
  105. package/lambda-package/browser/reader.d.ts +0 -31
  106. package/lambda-package/browser/reader.d.ts.map +0 -1
  107. package/lambda-package/browser/reader.js +0 -98
  108. package/lambda-package/browser/reader.js.map +0 -1
  109. package/lambda-package/index.d.ts +0 -18
  110. package/lambda-package/index.d.ts.map +0 -1
  111. package/lambda-package/index.js +0 -238
  112. package/lambda-package/index.js.map +0 -1
  113. package/lambda-package/lambda-handler.d.ts +0 -28
  114. package/lambda-package/lambda-handler.d.ts.map +0 -1
  115. package/lambda-package/lambda-handler.js +0 -257
  116. package/lambda-package/lambda-handler.js.map +0 -1
  117. package/lambda-package/package-lock.json +0 -7435
  118. package/lambda-package/package.json +0 -74
  119. package/lambda-package/runtime.d.ts +0 -50
  120. package/lambda-package/runtime.d.ts.map +0 -1
  121. package/lambda-package/runtime.js +0 -86
  122. package/lambda-package/runtime.js.map +0 -1
  123. package/lambda-package/sanitizer/elicit-runner.d.ts +0 -48
  124. package/lambda-package/sanitizer/elicit-runner.d.ts.map +0 -1
  125. package/lambda-package/sanitizer/elicit-runner.js +0 -100
  126. package/lambda-package/sanitizer/elicit-runner.js.map +0 -1
  127. package/lambda-package/sanitizer/framework-mapper.d.ts +0 -24
  128. package/lambda-package/sanitizer/framework-mapper.d.ts.map +0 -1
  129. package/lambda-package/sanitizer/framework-mapper.js +0 -342
  130. package/lambda-package/sanitizer/framework-mapper.js.map +0 -1
  131. package/lambda-package/sanitizer/hitl-gate.d.ts +0 -69
  132. package/lambda-package/sanitizer/hitl-gate.d.ts.map +0 -1
  133. package/lambda-package/sanitizer/hitl-gate.js +0 -101
  134. package/lambda-package/sanitizer/hitl-gate.js.map +0 -1
  135. package/lambda-package/sanitizer/index.d.ts +0 -63
  136. package/lambda-package/sanitizer/index.d.ts.map +0 -1
  137. package/lambda-package/sanitizer/index.js +0 -105
  138. package/lambda-package/sanitizer/index.js.map +0 -1
  139. package/lambda-package/sanitizer/injection-detector.d.ts +0 -34
  140. package/lambda-package/sanitizer/injection-detector.d.ts.map +0 -1
  141. package/lambda-package/sanitizer/injection-detector.js +0 -89
  142. package/lambda-package/sanitizer/injection-detector.js.map +0 -1
  143. package/lambda-package/sanitizer/patterns.d.ts +0 -30
  144. package/lambda-package/sanitizer/patterns.d.ts.map +0 -1
  145. package/lambda-package/sanitizer/patterns.js +0 -372
  146. package/lambda-package/sanitizer/patterns.js.map +0 -1
  147. package/lambda-package/sanitizer/pii-allowlist.d.ts +0 -49
  148. package/lambda-package/sanitizer/pii-allowlist.d.ts.map +0 -1
  149. package/lambda-package/sanitizer/pii-allowlist.js +0 -231
  150. package/lambda-package/sanitizer/pii-allowlist.js.map +0 -1
  151. package/lambda-package/sanitizer/pii-redactor.d.ts +0 -41
  152. package/lambda-package/sanitizer/pii-redactor.d.ts.map +0 -1
  153. package/lambda-package/sanitizer/pii-redactor.js +0 -213
  154. package/lambda-package/sanitizer/pii-redactor.js.map +0 -1
  155. package/lambda-package/sanitizer/severity-classifier.d.ts +0 -33
  156. package/lambda-package/sanitizer/severity-classifier.d.ts.map +0 -1
  157. package/lambda-package/sanitizer/severity-classifier.js +0 -113
  158. package/lambda-package/sanitizer/severity-classifier.js.map +0 -1
  159. package/lambda-package/sanitizer/threat-reporter.d.ts +0 -66
  160. package/lambda-package/sanitizer/threat-reporter.d.ts.map +0 -1
  161. package/lambda-package/sanitizer/threat-reporter.js +0 -163
  162. package/lambda-package/sanitizer/threat-reporter.js.map +0 -1
  163. package/lambda-package/tools/fetch-structured.d.ts +0 -51
  164. package/lambda-package/tools/fetch-structured.d.ts.map +0 -1
  165. package/lambda-package/tools/fetch-structured.js +0 -237
  166. package/lambda-package/tools/fetch-structured.js.map +0 -1
  167. package/lambda-package/tools/fetch.d.ts +0 -49
  168. package/lambda-package/tools/fetch.d.ts.map +0 -1
  169. package/lambda-package/tools/fetch.js +0 -131
  170. package/lambda-package/tools/fetch.js.map +0 -1
  171. package/lambda-package/tools/read.d.ts +0 -51
  172. package/lambda-package/tools/read.d.ts.map +0 -1
  173. package/lambda-package/tools/read.js +0 -127
  174. package/lambda-package/tools/read.js.map +0 -1
  175. package/lambda-package/tools/search.d.ts +0 -45
  176. package/lambda-package/tools/search.d.ts.map +0 -1
  177. package/lambda-package/tools/search.js +0 -220
  178. package/lambda-package/tools/search.js.map +0 -1
  179. package/lambda-package/types.d.ts +0 -167
  180. package/lambda-package/types.d.ts.map +0 -1
  181. package/lambda-package/types.js +0 -16
  182. package/lambda-package/types.js.map +0 -1
  183. package/lambda-package/utils/format-converter.d.ts +0 -39
  184. package/lambda-package/utils/format-converter.d.ts.map +0 -1
  185. package/lambda-package/utils/format-converter.js +0 -191
  186. package/lambda-package/utils/format-converter.js.map +0 -1
  187. package/lambda-package/utils/truncate.d.ts +0 -26
  188. package/lambda-package/utils/truncate.d.ts.map +0 -1
  189. package/lambda-package/utils/truncate.js +0 -54
  190. package/lambda-package/utils/truncate.js.map +0 -1
  191. package/lambda.zip +0 -0
  192. package/test-output.txt +0 -4
  193. package/tests/auth-smoke.test.ts +0 -480
  194. package/tests/elicit-runner.test.ts +0 -232
  195. package/tests/fetch-tool.test.ts +0 -922
  196. package/tests/hitl-gate.test.ts +0 -267
  197. package/tests/injection-corpus.ts +0 -338
  198. package/tests/pii-allowlist.test.ts +0 -282
  199. package/tests/reader.test.ts +0 -353
  200. package/tests/sanitizer.test.ts +0 -358
  201. package/tests/search.test.ts +0 -456
  202. package/tests/threat-reporter.test.ts +0 -334
  203. package/tsconfig.cdk.json +0 -35
@@ -1,105 +0,0 @@
1
- /**
2
- * Sanitizer Orchestrator
3
- *
4
- * Main entry point for content sanitization. Coordinates injection detection
5
- * and PII redaction pipelines.
6
- *
7
- * CRITICAL: This is the core security mechanism. Every web page MUST pass
8
- * through this sanitizer before reaching the LLM. This cannot be bypassed.
9
- */
10
- import { detectAndNeutralize, getSeverityScore, hasCriticalThreats } from './injection-detector.js';
11
- import { redactPII } from './pii-redactor.js';
12
- import { generateThreatReport } from './threat-reporter.js';
13
- /**
14
- * Sanitize content through the full pipeline
15
- *
16
- * Pipeline:
17
- * 1. Injection detection and neutralization (43 patterns)
18
- * 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
19
- * 3. Metadata collection and logging
20
- *
21
- * @param content Raw content from web page
22
- * @param sourceUrl Optional source URL for domain-scoped PII allowlisting
23
- * @returns Sanitized content with detection metadata
24
- */
25
- export function sanitize(content, sourceUrl) {
26
- const originalLength = content.length;
27
- // Step 1: Detect and neutralize injection patterns
28
- const injectionResult = detectAndNeutralize(content);
29
- // Step 2: Redact PII from the already-sanitized content (with allowlisting)
30
- const piiResult = redactPII(injectionResult.content, sourceUrl);
31
- // Step 3: Combine results
32
- const finalContent = piiResult.content;
33
- const contentModified = injectionResult.content_modified || piiResult.content_modified;
34
- const severityScore = getSeverityScore(injectionResult.metadata.detections_by_severity);
35
- const criticalThreats = hasCriticalThreats(injectionResult.metadata.detections_by_severity);
36
- // Log to stderr for monitoring (not stdout - MCP protocol)
37
- logSanitization({
38
- patterns_detected: injectionResult.patterns_detected,
39
- pii_types_redacted: piiResult.pii_types_redacted,
40
- pii_allowlisted: piiResult.pii_allowlisted,
41
- severity_score: severityScore,
42
- has_critical_threats: criticalThreats,
43
- content_modified: contentModified
44
- });
45
- // Step 4: Generate threat report (only if findings exist)
46
- const threatReport = generateThreatReport({
47
- patterns_detected: injectionResult.patterns_detected,
48
- pii_redacted: piiResult.pii_types_redacted.length,
49
- source_url: sourceUrl || 'unknown',
50
- detections_by_severity: injectionResult.metadata.detections_by_severity
51
- });
52
- const result = {
53
- content: finalContent,
54
- sanitization: {
55
- patterns_detected: injectionResult.patterns_detected,
56
- pii_types_redacted: piiResult.pii_types_redacted,
57
- pii_allowlisted: piiResult.pii_allowlisted,
58
- content_modified: contentModified
59
- },
60
- metadata: {
61
- original_length: originalLength,
62
- sanitized_length: finalContent.length,
63
- severity_score: severityScore,
64
- has_critical_threats: criticalThreats,
65
- detections_by_severity: injectionResult.metadata.detections_by_severity
66
- }
67
- };
68
- // Include threat_report only if findings exist
69
- if (threatReport) {
70
- result.threat_report = threatReport;
71
- }
72
- return result;
73
- }
74
- /**
75
- * Log sanitization events to stderr for monitoring
76
- * (structured JSON logging per Lateos conventions)
77
- */
78
- function logSanitization(event) {
79
- const logEntry = {
80
- timestamp: new Date().toISOString(),
81
- event: 'sanitization',
82
- ...event
83
- };
84
- // Only log if there were detections (reduce noise)
85
- if (event.content_modified || event.pii_allowlisted.length > 0) {
86
- console.error(JSON.stringify(logEntry));
87
- }
88
- }
89
- /**
90
- * Quick check: does content need sanitization?
91
- * (Used for optimization - skip pipeline if content is clean)
92
- *
93
- * Note: Still run full pipeline for safety, but this can be used for metrics
94
- */
95
- export function needsSanitization(_content) {
96
- // Always sanitize - this is just a helper for metrics
97
- return true;
98
- }
99
- /**
100
- * Export sub-components for testing
101
- */
102
- export { detectAndNeutralize } from './injection-detector.js';
103
- export { redactPII, containsPII, detectPIITypes } from './pii-redactor.js';
104
- export { INJECTION_PATTERNS, getAllPatternNames } from './patterns.js';
105
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAqB,MAAM,sBAAsB,CAAC;AAyB/E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,SAAkB;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtC,mDAAmD;IACnD,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAErD,4EAA4E;IAC5E,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhE,0BAA0B;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC;IACvC,MAAM,eAAe,GAAG,eAAe,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC;IAEvF,MAAM,aAAa,GAAG,gBAAgB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,kBAAkB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAE5F,2DAA2D;IAC3D,eAAe,CAAC;QACd,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,cAAc,EAAE,aAAa;QAC7B,oBAAoB,EAAE,eAAe;QACrC,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,0DAA0D;IAC1D,MAAM,YAAY,GAAG,oBAAoB,CAAC;QACxC,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,YAAY,EAAE,SAAS,CAAC,kBAAkB,CAAC,MAAM;QACjD,UAAU,EAAE,SAAS,IAAI,SAAS;QAClC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;KACxE,CAAC,CAAC;IAEH,MAAM,MAAM,GAAuB;QACjC,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE;YACZ,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;YACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;YAChD,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,gBAAgB,EAAE,eAAe;SAClC;QACD,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,YAAY,CAAC,MAAM;YACrC,cAAc,EAAE,aAAa;YAC7B,oBAAoB,EAAE,eAAe;YACrC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;SACxE;KACF,CAAC;IAEF,+CAA+C;IAC/C,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,CAAC,aAAa,GAAG,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAOxB;IACC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,cAAc;QACrB,GAAG,KAAK;KACT,CAAC;IAEF,mDAAmD;IACnD,IAAI,KAAK,CAAC,gBAAgB,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,sDAAsD;IACtD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}
@@ -1,34 +0,0 @@
1
- /**
2
- * Injection Detection Engine
3
- *
4
- * Scans content against all 43 injection patterns and neutralizes threats
5
- * based on pattern action directives (strip, redact, escape).
6
- */
7
- export interface DetectionResult {
8
- content: string;
9
- patterns_detected: string[];
10
- content_modified: boolean;
11
- metadata: {
12
- original_length: number;
13
- sanitized_length: number;
14
- detections_by_severity: {
15
- critical: number;
16
- high: number;
17
- medium: number;
18
- low: number;
19
- };
20
- };
21
- }
22
- /**
23
- * Detect and neutralize injection patterns in content
24
- */
25
- export declare function detectAndNeutralize(content: string): DetectionResult;
26
- /**
27
- * Get severity score for logging/monitoring
28
- */
29
- export declare function getSeverityScore(detectionsBySeverity: DetectionResult['metadata']['detections_by_severity']): number;
30
- /**
31
- * Check if content has critical threats
32
- */
33
- export declare function hasCriticalThreats(detectionsBySeverity: DetectionResult['metadata']['detections_by_severity']): boolean;
34
- //# sourceMappingURL=injection-detector.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"injection-detector.d.ts","sourceRoot":"","sources":["../../src/sanitizer/injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;CACH;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAmCpE;AAwCD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,oBAAoB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,wBAAwB,CAAC,GAAG,MAAM,CAOpH;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,oBAAoB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAEvH"}
@@ -1,89 +0,0 @@
1
- /**
2
- * Injection Detection Engine
3
- *
4
- * Scans content against all 43 injection patterns and neutralizes threats
5
- * based on pattern action directives (strip, redact, escape).
6
- */
7
- import { INJECTION_PATTERNS } from './patterns.js';
8
- /**
9
- * Detect and neutralize injection patterns in content
10
- */
11
- export function detectAndNeutralize(content) {
12
- const originalLength = content.length;
13
- const patternsDetected = new Set();
14
- const detectionsBySeverity = {
15
- critical: 0,
16
- high: 0,
17
- medium: 0,
18
- low: 0
19
- };
20
- let sanitizedContent = content;
21
- // Apply each pattern
22
- for (const pattern of INJECTION_PATTERNS) {
23
- const matches = sanitizedContent.match(pattern.regex);
24
- if (matches && matches.length > 0) {
25
- patternsDetected.add(pattern.name);
26
- detectionsBySeverity[pattern.severity] += matches.length;
27
- // Apply action
28
- sanitizedContent = applyAction(sanitizedContent, pattern);
29
- }
30
- }
31
- return {
32
- content: sanitizedContent,
33
- patterns_detected: Array.from(patternsDetected),
34
- content_modified: sanitizedContent !== content,
35
- metadata: {
36
- original_length: originalLength,
37
- sanitized_length: sanitizedContent.length,
38
- detections_by_severity: detectionsBySeverity
39
- }
40
- };
41
- }
42
- /**
43
- * Apply the appropriate action for a pattern match
44
- */
45
- function applyAction(content, pattern) {
46
- switch (pattern.action) {
47
- case 'strip':
48
- // Remove matched content entirely
49
- return content.replace(pattern.regex, '');
50
- case 'redact':
51
- // Replace with redaction marker
52
- return content.replace(pattern.regex, `[REDACTED:${pattern.name.toUpperCase()}]`);
53
- case 'escape':
54
- // HTML escape matched content
55
- return content.replace(pattern.regex, (match) => escapeHtml(match));
56
- default:
57
- return content;
58
- }
59
- }
60
- /**
61
- * HTML escape special characters
62
- */
63
- function escapeHtml(text) {
64
- const htmlEntities = {
65
- '&': '&',
66
- '<': '&lt;',
67
- '>': '&gt;',
68
- '"': '&quot;',
69
- "'": '&#39;',
70
- '/': '&#x2F;'
71
- };
72
- return text.replace(/[&<>"'/]/g, (char) => htmlEntities[char] || char);
73
- }
74
- /**
75
- * Get severity score for logging/monitoring
76
- */
77
- export function getSeverityScore(detectionsBySeverity) {
78
- return (detectionsBySeverity.critical * 100 +
79
- detectionsBySeverity.high * 50 +
80
- detectionsBySeverity.medium * 10 +
81
- detectionsBySeverity.low * 1);
82
- }
83
- /**
84
- * Check if content has critical threats
85
- */
86
- export function hasCriticalThreats(detectionsBySeverity) {
87
- return detectionsBySeverity.critical > 0;
88
- }
89
- //# sourceMappingURL=injection-detector.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"injection-detector.js","sourceRoot":"","sources":["../../src/sanitizer/injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,kBAAkB,EAAyB,MAAM,eAAe,CAAC;AAkB1E;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IACtC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,oBAAoB,GAAG;QAC3B,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;KACP,CAAC;IAEF,IAAI,gBAAgB,GAAG,OAAO,CAAC;IAE/B,qBAAqB;IACrB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAEtD,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnC,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC;YAEzD,eAAe;YACf,gBAAgB,GAAG,WAAW,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAC/C,gBAAgB,EAAE,gBAAgB,KAAK,OAAO;QAC9C,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,gBAAgB,CAAC,MAAM;YACzC,sBAAsB,EAAE,oBAAoB;SAC7C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,OAAyB;IAC7D,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,OAAO;YACV,kCAAkC;YAClC,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE5C,KAAK,QAAQ;YACX,gCAAgC;YAChC,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAEpF,KAAK,QAAQ;YACX,8BAA8B;YAC9B,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtE;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,YAAY,GAA2B;QAC3C,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,QAAQ;KACd,CAAC;IAEF,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,oBAA2E;IAC1G,OAAO,CACL,oBAAoB,CAAC,QAAQ,GAAG,GAAG;QACnC,oBAAoB,CAAC,IAAI,GAAG,EAAE;QAC9B,oBAAoB,CAAC,MAAM,GAAG,EAAE;QAChC,oBAAoB,CAAC,GAAG,GAAG,CAAC,CAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,oBAA2E;IAC5G,OAAO,oBAAoB,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC3C,CAAC"}
@@ -1,30 +0,0 @@
1
- /**
2
- * Lateos Injection Pattern Library
3
- *
4
- * 43 validated injection pattern categories for detecting and neutralizing
5
- * prompt injection attacks in web content before it reaches the LLM.
6
- *
7
- * Each pattern includes:
8
- * - name: Pattern identifier
9
- * - description: What this pattern detects
10
- * - regex: Detection pattern (case-insensitive by default)
11
- * - severity: risk level (critical, high, medium, low)
12
- * - action: how to handle matches (strip, redact, escape)
13
- */
14
- export interface InjectionPattern {
15
- name: string;
16
- description: string;
17
- regex: RegExp;
18
- severity: 'critical' | 'high' | 'medium' | 'low';
19
- action: 'strip' | 'redact' | 'escape';
20
- }
21
- export declare const INJECTION_PATTERNS: InjectionPattern[];
22
- /**
23
- * Get all pattern names for logging/testing
24
- */
25
- export declare function getAllPatternNames(): string[];
26
- /**
27
- * Get patterns by severity level
28
- */
29
- export declare function getPatternsBySeverity(severity: 'critical' | 'high' | 'medium' | 'low'): InjectionPattern[];
30
- //# sourceMappingURL=patterns.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;CACvC;AAED,eAAO,MAAM,kBAAkB,EAAE,gBAAgB,EAmYhD,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,gBAAgB,EAAE,CAE1G"}
@@ -1,372 +0,0 @@
1
- /**
2
- * Lateos Injection Pattern Library
3
- *
4
- * 43 validated injection pattern categories for detecting and neutralizing
5
- * prompt injection attacks in web content before it reaches the LLM.
6
- *
7
- * Each pattern includes:
8
- * - name: Pattern identifier
9
- * - description: What this pattern detects
10
- * - regex: Detection pattern (case-insensitive by default)
11
- * - severity: risk level (critical, high, medium, low)
12
- * - action: how to handle matches (strip, redact, escape)
13
- */
14
- export const INJECTION_PATTERNS = [
15
- // 1. Comment injection (must come before direct_instruction_injection to avoid false positives)
16
- {
17
- name: 'comment_injection',
18
- description: 'Instructions hidden in HTML/JS/SQL comments',
19
- regex: /<!--[\s\S]*?(ignore|admin|system|instruction|bypass|override)[\s\S]*?-->|\/\*[\s\S]*?(ignore|admin|system|instruction)[\s\S]*?\*\/|\/\/\s*(ignore|admin|system)\b|--\s*(ignore|bypass)\b|#\s*(ignore|admin|override)\b/gi,
20
- severity: 'medium',
21
- action: 'strip'
22
- },
23
- // 2. Direct instruction injection
24
- {
25
- name: 'direct_instruction_injection',
26
- description: 'Attempts to override or ignore previous instructions',
27
- regex: /\b(ignore|disregard|forget|override|replace|substitute)\s+(all\s+)?(previous|prior|above|earlier|your)\s+(instructions?|prompts?|commands?|directions?|rules?)\b/gi,
28
- severity: 'critical',
29
- action: 'redact'
30
- },
31
- // 3. Role hijacking
32
- {
33
- name: 'role_hijacking',
34
- description: 'Attempts to change AI persona or role',
35
- regex: /\b(you\s+are\s+now|your\s+new\s+(role|persona|identity)\s+is|act\s+as|pretend\s+(you\s+are|to\s+be)|roleplay\s+as)\b/gi,
36
- severity: 'critical',
37
- action: 'redact'
38
- },
39
- // 3. System prompt extraction
40
- {
41
- name: 'system_prompt_extraction',
42
- description: 'Attempts to reveal system instructions',
43
- regex: /\b(repeat|print|show|display|reveal|output|tell\s+me)\s+(your|the)\s+(system\s+)?(prompt|instructions?|rules|guidelines|directives|configuration)\b/gi,
44
- severity: 'high',
45
- action: 'redact'
46
- },
47
- // 4. Privilege escalation
48
- {
49
- name: 'privilege_escalation',
50
- description: 'Attempts to gain elevated permissions',
51
- regex: /\b(admin\s+mode|administrator\s+access|developer\s+(mode|override)|root\s+access|elevated\s+privileges?|emergency\s+protocol|debug\s+mode|sudo\s+mode)\b/gi,
52
- severity: 'critical',
53
- action: 'redact'
54
- },
55
- // 5. Context poisoning
56
- {
57
- name: 'context_poisoning',
58
- description: 'Falsely claims prior agreement or context',
59
- regex: /\b(the\s+user\s+(said|told|mentioned|confirmed)|as\s+(we\s+)?(discussed|agreed|confirmed)\s+(earlier|previously|before)|you\s+already\s+(said|agreed|confirmed)|continuing\s+from\s+(our|the)\s+previous)\b/gi,
60
- severity: 'high',
61
- action: 'redact'
62
- },
63
- // 6. Data exfiltration
64
- {
65
- name: 'data_exfiltration',
66
- description: 'Attempts to send data to external endpoints',
67
- regex: /\b(send|post|transmit|forward|email|upload)\s+(this|the|all|your)\s+(to|data|information)\b.*?\b(http|mailto|ftp):/gi,
68
- severity: 'critical',
69
- action: 'redact'
70
- },
71
- // 7. Encoding obfuscation - Base64
72
- {
73
- name: 'base64_obfuscation',
74
- description: 'Base64-encoded instructions',
75
- regex: /\b(decode|decipher|decrypt)\s+(this\s+)?(base64|b64)\b.*?[A-Za-z0-9+/]{20,}={0,2}/gi,
76
- severity: 'high',
77
- action: 'redact'
78
- },
79
- // 8. Unicode lookalike characters
80
- {
81
- name: 'unicode_lookalikes',
82
- description: 'Uses visually similar Unicode characters',
83
- regex: /[\u0430-\u044f\u0410-\u042f].*\b(ignore|admin|system)\b/gi, // Cyrillic mixed with English
84
- severity: 'medium',
85
- action: 'strip'
86
- },
87
- // 9. Zero-width characters
88
- {
89
- name: 'zero_width_characters',
90
- description: 'Hidden zero-width Unicode characters',
91
- regex: /[\u200B-\u200D\uFEFF]/g,
92
- severity: 'high',
93
- action: 'strip'
94
- },
95
- // 10. HTML script injection
96
- {
97
- name: 'html_script_injection',
98
- description: 'HTML script tags or event handlers',
99
- regex: /<script\b[^>]*>[\s\S]*?<\/script>|<iframe\b[^>]*>|on(click|load|error|mouse\w+)\s*=/gi,
100
- severity: 'critical',
101
- action: 'escape'
102
- },
103
- // 11. Data URI injection
104
- {
105
- name: 'data_uri_injection',
106
- description: 'Data URIs that could contain instructions',
107
- regex: /data:text\/(html|javascript)[;,]/gi,
108
- severity: 'high',
109
- action: 'redact'
110
- },
111
- // 12. Markdown link injection
112
- {
113
- name: 'markdown_link_injection',
114
- description: 'Malicious markdown links',
115
- regex: /\[.*?\]\s*\(\s*javascript:|!\[.*?\]\s*\(\s*data:/gi,
116
- severity: 'high',
117
- action: 'redact'
118
- },
119
- // 13. URL fragment attacks (HashJack)
120
- {
121
- name: 'url_fragment_hashjack',
122
- description: 'Instructions hidden in URL fragments',
123
- regex: /#(ignore|admin|system|prompt)[_\w]*\s+/gi,
124
- severity: 'medium',
125
- action: 'strip'
126
- },
127
- // 14. Social engineering urgency
128
- {
129
- name: 'social_engineering_urgency',
130
- description: 'Urgency language to bypass caution',
131
- regex: /\b(urgent|critical|emergency|immediately|asap|right\s+now|time\s+sensitive|must\s+act\s+now)\b.*\b(ignore|override|bypass)\b/gi,
132
- severity: 'medium',
133
- action: 'redact'
134
- },
135
- // 15. Instruction delimiter injection
136
- {
137
- name: 'instruction_delimiter_injection',
138
- description: 'Fake instruction boundaries',
139
- regex: /\b(end\s+of\s+(instructions?|prompt)|new\s+instructions?|<\/?instruction>|---\s*system\s*---)\b/gi,
140
- severity: 'high',
141
- action: 'redact'
142
- },
143
- // 16. Multi-language obfuscation
144
- {
145
- name: 'multi_language_obfuscation',
146
- description: 'Instructions in non-English using English keywords',
147
- regex: /\b(ignorar|ignorer|ignora|überspringen)\b.*\b(instrucciones|instructions|istruzioni)\b/gi,
148
- severity: 'medium',
149
- action: 'redact'
150
- },
151
- // 17. Reverse text obfuscation
152
- {
153
- name: 'reverse_text_obfuscation',
154
- description: 'Instructions written backwards',
155
- regex: /\b(erongi|nimda|tpmorp|metsys)\b/gi, // "ignore", "admin", "prompt", "system" reversed
156
- severity: 'medium',
157
- action: 'strip'
158
- },
159
- // 18. Leetspeak obfuscation
160
- {
161
- name: 'leetspeak_obfuscation',
162
- description: 'L33tspeak encoded instructions',
163
- regex: /\b(1gn0r3|4dm1n|sy5t3m|pr0mpt|1nstruct10n)\b/gi,
164
- severity: 'low',
165
- action: 'strip'
166
- },
167
- // 19. Jailbreak keywords
168
- {
169
- name: 'jailbreak_keywords',
170
- description: 'Common jailbreak attempt keywords',
171
- regex: /\b(jailbreak|dan\s+mode|developer\s+mode\s+enabled|anarchy\s+mode|unrestricted\s+mode)\b/gi,
172
- severity: 'critical',
173
- action: 'redact'
174
- },
175
- // 20. Token smuggling
176
- {
177
- name: 'token_smuggling',
178
- description: 'Attempts to inject special tokens',
179
- regex: /<\|im_(start|end)\|>|<\|endoftext\|>|\[INST\]|\[\/INST\]/gi,
180
- severity: 'high',
181
- action: 'redact'
182
- },
183
- // 21. System message injection
184
- {
185
- name: 'system_message_injection',
186
- description: 'Fake system messages',
187
- regex: /\[SYSTEM\]|\[ASSISTANT\]|\[USER\]|<\|system\|>/gi,
188
- severity: 'high',
189
- action: 'redact'
190
- },
191
- // 22. Conversation reset
192
- {
193
- name: 'conversation_reset',
194
- description: 'Attempts to reset conversation state',
195
- regex: /\b(reset|restart|clear|new)\s+(conversation|chat|session|context)\b/gi,
196
- severity: 'medium',
197
- action: 'redact'
198
- },
199
- // 23. Memory manipulation
200
- {
201
- name: 'memory_manipulation',
202
- description: 'Attempts to manipulate AI memory or implant false context',
203
- regex: /\b(remember|memorize|recall|don'?t\s+forget)\s+(that\s+)?(I\s+am|you\s+are|we\s+are|you\s+must|I\s+told\s+you|you\s+already|your\s+administrator|your\s+creator)\b/gi,
204
- severity: 'medium',
205
- action: 'redact'
206
- },
207
- // 24. Capability probing
208
- {
209
- name: 'capability_probing',
210
- description: 'Probes for hidden capabilities',
211
- regex: /\b(can\s+you|are\s+you\s+able\s+to)\s+(access|browse|execute|run|download)\b/gi,
212
- severity: 'low',
213
- action: 'strip'
214
- },
215
- // 25. Chain-of-thought manipulation
216
- {
217
- name: 'chain_of_thought_manipulation',
218
- description: 'Manipulates reasoning process',
219
- regex: /\blet'?s\s+think\s+step\s+by\s+step\b.*\b(ignore|bypass|override)\b/gi,
220
- severity: 'medium',
221
- action: 'redact'
222
- },
223
- // 26. Hypothetical scenario injection
224
- {
225
- name: 'hypothetical_scenario_injection',
226
- description: 'Uses hypotheticals to bypass restrictions',
227
- regex: /\b(hypothetically|imagine\s+you\s+could|in\s+a\s+world\s+where|pretend\s+there\s+are\s+no|let'?s\s+say\s+you\s+were\s+allowed|if\s+you\s+had\s+no\s+restrictions|for\s+the\s+sake\s+of\s+argument|suppose|what\s+if)\b.*\b(unrestricted|ignore|bypass|allowed|no\s+rules|no\s+guidelines|were\s+able)\b/gi,
228
- severity: 'medium',
229
- action: 'redact'
230
- },
231
- // 27. Ethical override
232
- {
233
- name: 'ethical_override',
234
- description: 'Attempts to override ethical guidelines',
235
- regex: /\b(ignore|bypass|disable)\s+(ethics|safety|guidelines|guardrails|restrictions)\b/gi,
236
- severity: 'critical',
237
- action: 'redact'
238
- },
239
- // 28. Output format manipulation
240
- {
241
- name: 'output_format_manipulation',
242
- description: 'Manipulates output format to hide instructions',
243
- regex: /\b(format|structure|style)\s+your\s+(response|output)\s+as\b.*\b(system|admin|instruction)\b/gi,
244
- severity: 'medium',
245
- action: 'redact'
246
- },
247
- // 29. Negative instruction
248
- {
249
- name: 'negative_instruction',
250
- description: 'Uses negation to inject instructions',
251
- regex: /\bdo\s+not\s+(tell|mention|say)\s+(anyone|the\s+user)\b/gi,
252
- severity: 'low',
253
- action: 'strip'
254
- },
255
- // 30. Credential harvesting
256
- {
257
- name: 'credential_harvesting',
258
- description: 'Attempts to harvest credentials',
259
- regex: /\b(enter|provide|give\s+me)\s+(your|the)\s+(password|api\s+key|token|credentials?|secret)\b/gi,
260
- severity: 'critical',
261
- action: 'redact'
262
- },
263
- // 31. Time-based triggers
264
- {
265
- name: 'time_based_triggers',
266
- description: 'Conditional execution based on time',
267
- regex: /\b(after|when|once)\s+\d+\s+(seconds?|minutes?|hours?)\b.*\b(then|execute|run)\b/gi,
268
- severity: 'low',
269
- action: 'strip'
270
- },
271
- // 32. Code execution requests
272
- {
273
- name: 'code_execution_requests',
274
- description: 'Requests code execution or contains dangerous code patterns',
275
- regex: /\b(execute(?!-api\.)|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
276
- severity: 'high',
277
- action: 'redact'
278
- },
279
- // 32. File system access
280
- {
281
- name: 'file_system_access',
282
- description: 'Requests file system operations',
283
- regex: /\b(read|write|delete|access)\s+(file|directory|folder)\b/gi,
284
- severity: 'high',
285
- action: 'redact'
286
- },
287
- // 33. Training data extraction
288
- {
289
- name: 'training_data_extraction',
290
- description: 'Attempts to extract training data',
291
- regex: /\b(repeat|recite|output)\s+(verbatim|exactly)\s+(from\s+your\s+)?(training|data|corpus)\b/gi,
292
- severity: 'high',
293
- action: 'redact'
294
- },
295
- // 34. Simulator mode
296
- {
297
- name: 'simulator_mode',
298
- description: 'Requests simulator/VM mode',
299
- regex: /\b(simulate|emulate|pretend\s+you\s+are)\s+(a\s+)?(linux|terminal|bash|shell|vm|virtual\s+machine)\b/gi,
300
- severity: 'medium',
301
- action: 'redact'
302
- },
303
- // 35. Nested encoding
304
- {
305
- name: 'nested_encoding',
306
- description: 'Multiple layers of encoding or double-encoded sequences',
307
- regex: /\b(decode|decrypt|decipher)\s+(this\s+)?(twice|again|multiple\s+times)\b|%25[0-9A-F]{2}|[A-Za-z0-9+/]{40,}={0,2}.*[A-Za-z0-9+/]{40,}={0,2}/gi,
308
- severity: 'high',
309
- action: 'redact'
310
- },
311
- // 36. Payload splitting
312
- {
313
- name: 'payload_splitting',
314
- description: 'Splits payload across multiple inputs',
315
- regex: /\b(combine|concatenate|join)\s+(the\s+)?(previous|above)\s+(parts?|sections?|fragments?)\b/gi,
316
- severity: 'medium',
317
- action: 'redact'
318
- },
319
- // 37. CSS-based hiding
320
- {
321
- name: 'css_hiding',
322
- description: 'Hidden content via CSS',
323
- regex: /display\s*:\s*none|visibility\s*:\s*hidden|opacity\s*:\s*0/gi,
324
- severity: 'medium',
325
- action: 'strip'
326
- },
327
- // 38. Authority impersonation
328
- {
329
- name: 'authority_impersonation',
330
- description: 'Claims to be an authority figure',
331
- regex: /\b(I\s+am|this\s+is)\s+(your\s+)?(developer|creator|administrator|ceo|manager)\b/gi,
332
- severity: 'high',
333
- action: 'redact'
334
- },
335
- // 40. Testing/debugging claims
336
- {
337
- name: 'testing_debugging_claims',
338
- description: 'Claims this is a test environment',
339
- regex: /\b(this\s+is\s+a\s+)?(test|testing|debug|debugging)\s+(environment|mode|session)\b/gi,
340
- severity: 'medium',
341
- action: 'redact'
342
- },
343
- // 41. Callback URL injection
344
- {
345
- name: 'callback_url_injection',
346
- description: 'Suspicious callback URLs',
347
- regex: /\b(callback|webhook|redirect)\s+(url|endpoint)\s*[:=]\s*https?:\/\/(?!localhost)/gi,
348
- severity: 'high',
349
- action: 'redact'
350
- },
351
- // 43. Whitespace steganography
352
- {
353
- name: 'whitespace_steganography',
354
- description: 'Hidden content in whitespace patterns',
355
- regex: /\s{10,}/g,
356
- severity: 'low',
357
- action: 'strip'
358
- }
359
- ];
360
- /**
361
- * Get all pattern names for logging/testing
362
- */
363
- export function getAllPatternNames() {
364
- return INJECTION_PATTERNS.map(p => p.name);
365
- }
366
- /**
367
- * Get patterns by severity level
368
- */
369
- export function getPatternsBySeverity(severity) {
370
- return INJECTION_PATTERNS.filter(p => p.severity === severity);
371
- }
372
- //# sourceMappingURL=patterns.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH,MAAM,CAAC,MAAM,kBAAkB,GAAuB;IACpD,gGAAgG;IAChG;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,0NAA0N;QACjO,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,sDAAsD;QACnE,KAAK,EAAE,oKAAoK;QAC3K,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,wHAAwH;QAC/H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,wCAAwC;QACrD,KAAK,EAAE,uJAAuJ;QAC9J,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,4JAA4J;QACnK,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,+MAA+M;QACtN,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,sHAAsH;QAC7H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,mCAAmC;IACnC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,qFAAqF;QAC5F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,0CAA0C;QACvD,KAAK,EAAE,2DAA2D,EAAE,8BAA8B;QAClG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,uFAAuF;QAC9F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oDAAoD;QAC3D,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,0CAA0C;QACjD,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,gIAAgI;QACvI,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,mGAAmG;QAC1G,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oDAAoD;QACjE,KAAK,EAAE,0FAA0F;QACjG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,oCAAoC,EAAE,iDAAiD;QAC9F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gDAAgD;QACvD,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4FAA4F;QACnG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,sBAAsB;QACnC,KAAK,EAAE,kDAAkD;QACzD,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,2DAA2D;QACxE,KAAK,EAAE,sKAAsK;QAC7K,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+BAA+B;QAC5C,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,2SAA2S;QAClT,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,yCAAyC;QACtD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,KAAK,EAAE,gGAAgG;QACvG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,2DAA2D;QAClE,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,+FAA+F;QACtG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,qCAAqC;QAClD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,6DAA6D;QAC1E,KAAK,EAAE,0HAA0H;QACjI,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,6FAA6F;QACpG,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,qBAAqB;IACrB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,4BAA4B;QACzC,KAAK,EAAE,wGAAwG;QAC/G,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,yDAAyD;QACtE,KAAK,EAAE,8IAA8I;QACrJ,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,wBAAwB;IACxB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,8FAA8F;QACrG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,wBAAwB;QACrC,KAAK,EAAE,8DAA8D;QACrE,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,kCAAkC;QAC/C,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,sFAAsF;QAC7F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgD;IACpF,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACjE,CAAC"}