visus-mcp 0.6.2 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +15 -1
- package/.env.status +7 -0
- package/CHANGELOG.md +110 -0
- package/CLAUDE.md +3 -0
- package/README.md +29 -19
- package/SECURITY.md +2 -0
- package/STATUS.md +320 -12
- package/dist/browser/playwright-renderer.d.ts.map +1 -1
- package/dist/browser/playwright-renderer.js +27 -5
- package/dist/browser/playwright-renderer.js.map +1 -1
- package/dist/content-handlers/index.d.ts +36 -0
- package/dist/content-handlers/index.d.ts.map +1 -0
- package/dist/content-handlers/index.js +59 -0
- package/dist/content-handlers/index.js.map +1 -0
- package/dist/content-handlers/json-handler.d.ts +28 -0
- package/dist/content-handlers/json-handler.d.ts.map +1 -0
- package/dist/content-handlers/json-handler.js +116 -0
- package/dist/content-handlers/json-handler.js.map +1 -0
- package/dist/content-handlers/pdf-handler.d.ts +29 -0
- package/dist/content-handlers/pdf-handler.d.ts.map +1 -0
- package/dist/content-handlers/pdf-handler.js +77 -0
- package/dist/content-handlers/pdf-handler.js.map +1 -0
- package/dist/content-handlers/svg-handler.d.ts +35 -0
- package/dist/content-handlers/svg-handler.d.ts.map +1 -0
- package/dist/content-handlers/svg-handler.js +206 -0
- package/dist/content-handlers/svg-handler.js.map +1 -0
- package/dist/content-handlers/types.d.ts +42 -0
- package/dist/content-handlers/types.d.ts.map +1 -0
- package/dist/content-handlers/types.js +7 -0
- package/dist/content-handlers/types.js.map +1 -0
- package/dist/sanitizer/framework-mapper.d.ts +4 -0
- package/dist/sanitizer/framework-mapper.d.ts.map +1 -1
- package/dist/sanitizer/framework-mapper.js +92 -0
- package/dist/sanitizer/framework-mapper.js.map +1 -1
- package/dist/sanitizer/threat-reporter.d.ts +5 -0
- package/dist/sanitizer/threat-reporter.d.ts.map +1 -1
- package/dist/sanitizer/threat-reporter.js +15 -6
- package/dist/sanitizer/threat-reporter.js.map +1 -1
- package/dist/tools/fetch-structured.d.ts.map +1 -1
- package/dist/tools/fetch-structured.js +4 -0
- package/dist/tools/fetch-structured.js.map +1 -1
- package/dist/tools/fetch.d.ts.map +1 -1
- package/dist/tools/fetch.js +68 -4
- package/dist/tools/fetch.js.map +1 -1
- package/dist/tools/read.d.ts.map +1 -1
- package/dist/tools/read.js +4 -0
- package/dist/tools/read.js.map +1 -1
- package/dist/types.d.ts +9 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +2 -1
- package/server.json +25 -14
- package/src/browser/playwright-renderer.ts +29 -6
- package/src/content-handlers/index.ts +72 -0
- package/src/content-handlers/json-handler.ts +137 -0
- package/src/content-handlers/pdf-handler.ts +91 -0
- package/src/content-handlers/svg-handler.ts +243 -0
- package/src/content-handlers/types.ts +44 -0
- package/src/sanitizer/framework-mapper.ts +94 -0
- package/src/sanitizer/threat-reporter.ts +17 -6
- package/src/tools/fetch-structured.ts +5 -0
- package/src/tools/fetch.ts +76 -4
- package/src/tools/read.ts +5 -0
- package/src/types.ts +9 -1
- package/.github/ISSUE_TEMPLATE/bug_report.md +0 -47
- package/.github/ISSUE_TEMPLATE/false_positive.md +0 -43
- package/.github/ISSUE_TEMPLATE/new_pattern.md +0 -49
- package/.github/ISSUE_TEMPLATE/security_report.md +0 -31
- package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
- package/.mcpregistry_github_token +0 -1
- package/.mcpregistry_registry_token +0 -1
- package/CONTRIBUTING.md +0 -329
- package/LINKEDIN-STRATEGY.md +0 -367
- package/ROADMAP.md +0 -221
- package/SECURITY-AUDIT-v1.md +0 -277
- package/SUBMISSION.md +0 -66
- package/TROUBLESHOOT-AUTH-20260322-2019.md +0 -291
- package/TROUBLESHOOT-BUILD-20260319-1450.md +0 -546
- package/TROUBLESHOOT-COGNITO-AUTH-20260324-2029.md +0 -415
- package/TROUBLESHOOT-COGNITO-JWT-20260324.md +0 -592
- package/TROUBLESHOOT-FETCH-20260320-1150.md +0 -168
- package/TROUBLESHOOT-JEST-20260323-1357.md +0 -139
- package/TROUBLESHOOT-LAMBDA-20260322-1945.md +0 -183
- package/TROUBLESHOOT-PLAYWRIGHT-20260321-1549.md +0 -217
- package/TROUBLESHOOT-SSL-20260320-1138.md +0 -171
- package/TROUBLESHOOT-STRUCTURED-20260320-1200.md +0 -246
- package/TROUBLESHOOT-TEST-20260320-0942.md +0 -281
- package/VISUS-CLAUDE-CODE-PROMPT.md +0 -324
- package/VISUS-PROJECT-PLAN.md +0 -205
- package/cdk.json +0 -73
- package/infrastructure/app.ts +0 -39
- package/infrastructure/stack.ts +0 -298
- package/jest.config.js +0 -33
- package/jest.setup.js +0 -9
- package/lambda-deploy/index.js +0 -81512
- package/lambda-deploy/index.js.map +0 -7
- package/lambda-package/browser/__mocks__/playwright-renderer.d.ts +0 -25
- package/lambda-package/browser/__mocks__/playwright-renderer.d.ts.map +0 -1
- package/lambda-package/browser/__mocks__/playwright-renderer.js +0 -119
- package/lambda-package/browser/__mocks__/playwright-renderer.js.map +0 -1
- package/lambda-package/browser/playwright-renderer.d.ts +0 -40
- package/lambda-package/browser/playwright-renderer.d.ts.map +0 -1
- package/lambda-package/browser/playwright-renderer.js +0 -214
- package/lambda-package/browser/playwright-renderer.js.map +0 -1
- package/lambda-package/browser/reader.d.ts +0 -31
- package/lambda-package/browser/reader.d.ts.map +0 -1
- package/lambda-package/browser/reader.js +0 -98
- package/lambda-package/browser/reader.js.map +0 -1
- package/lambda-package/index.d.ts +0 -18
- package/lambda-package/index.d.ts.map +0 -1
- package/lambda-package/index.js +0 -238
- package/lambda-package/index.js.map +0 -1
- package/lambda-package/lambda-handler.d.ts +0 -28
- package/lambda-package/lambda-handler.d.ts.map +0 -1
- package/lambda-package/lambda-handler.js +0 -257
- package/lambda-package/lambda-handler.js.map +0 -1
- package/lambda-package/package-lock.json +0 -7435
- package/lambda-package/package.json +0 -74
- package/lambda-package/runtime.d.ts +0 -50
- package/lambda-package/runtime.d.ts.map +0 -1
- package/lambda-package/runtime.js +0 -86
- package/lambda-package/runtime.js.map +0 -1
- package/lambda-package/sanitizer/elicit-runner.d.ts +0 -48
- package/lambda-package/sanitizer/elicit-runner.d.ts.map +0 -1
- package/lambda-package/sanitizer/elicit-runner.js +0 -100
- package/lambda-package/sanitizer/elicit-runner.js.map +0 -1
- package/lambda-package/sanitizer/framework-mapper.d.ts +0 -24
- package/lambda-package/sanitizer/framework-mapper.d.ts.map +0 -1
- package/lambda-package/sanitizer/framework-mapper.js +0 -342
- package/lambda-package/sanitizer/framework-mapper.js.map +0 -1
- package/lambda-package/sanitizer/hitl-gate.d.ts +0 -69
- package/lambda-package/sanitizer/hitl-gate.d.ts.map +0 -1
- package/lambda-package/sanitizer/hitl-gate.js +0 -101
- package/lambda-package/sanitizer/hitl-gate.js.map +0 -1
- package/lambda-package/sanitizer/index.d.ts +0 -63
- package/lambda-package/sanitizer/index.d.ts.map +0 -1
- package/lambda-package/sanitizer/index.js +0 -105
- package/lambda-package/sanitizer/index.js.map +0 -1
- package/lambda-package/sanitizer/injection-detector.d.ts +0 -34
- package/lambda-package/sanitizer/injection-detector.d.ts.map +0 -1
- package/lambda-package/sanitizer/injection-detector.js +0 -89
- package/lambda-package/sanitizer/injection-detector.js.map +0 -1
- package/lambda-package/sanitizer/patterns.d.ts +0 -30
- package/lambda-package/sanitizer/patterns.d.ts.map +0 -1
- package/lambda-package/sanitizer/patterns.js +0 -372
- package/lambda-package/sanitizer/patterns.js.map +0 -1
- package/lambda-package/sanitizer/pii-allowlist.d.ts +0 -49
- package/lambda-package/sanitizer/pii-allowlist.d.ts.map +0 -1
- package/lambda-package/sanitizer/pii-allowlist.js +0 -231
- package/lambda-package/sanitizer/pii-allowlist.js.map +0 -1
- package/lambda-package/sanitizer/pii-redactor.d.ts +0 -41
- package/lambda-package/sanitizer/pii-redactor.d.ts.map +0 -1
- package/lambda-package/sanitizer/pii-redactor.js +0 -213
- package/lambda-package/sanitizer/pii-redactor.js.map +0 -1
- package/lambda-package/sanitizer/severity-classifier.d.ts +0 -33
- package/lambda-package/sanitizer/severity-classifier.d.ts.map +0 -1
- package/lambda-package/sanitizer/severity-classifier.js +0 -113
- package/lambda-package/sanitizer/severity-classifier.js.map +0 -1
- package/lambda-package/sanitizer/threat-reporter.d.ts +0 -66
- package/lambda-package/sanitizer/threat-reporter.d.ts.map +0 -1
- package/lambda-package/sanitizer/threat-reporter.js +0 -163
- package/lambda-package/sanitizer/threat-reporter.js.map +0 -1
- package/lambda-package/tools/fetch-structured.d.ts +0 -51
- package/lambda-package/tools/fetch-structured.d.ts.map +0 -1
- package/lambda-package/tools/fetch-structured.js +0 -237
- package/lambda-package/tools/fetch-structured.js.map +0 -1
- package/lambda-package/tools/fetch.d.ts +0 -49
- package/lambda-package/tools/fetch.d.ts.map +0 -1
- package/lambda-package/tools/fetch.js +0 -131
- package/lambda-package/tools/fetch.js.map +0 -1
- package/lambda-package/tools/read.d.ts +0 -51
- package/lambda-package/tools/read.d.ts.map +0 -1
- package/lambda-package/tools/read.js +0 -127
- package/lambda-package/tools/read.js.map +0 -1
- package/lambda-package/tools/search.d.ts +0 -45
- package/lambda-package/tools/search.d.ts.map +0 -1
- package/lambda-package/tools/search.js +0 -220
- package/lambda-package/tools/search.js.map +0 -1
- package/lambda-package/types.d.ts +0 -167
- package/lambda-package/types.d.ts.map +0 -1
- package/lambda-package/types.js +0 -16
- package/lambda-package/types.js.map +0 -1
- package/lambda-package/utils/format-converter.d.ts +0 -39
- package/lambda-package/utils/format-converter.d.ts.map +0 -1
- package/lambda-package/utils/format-converter.js +0 -191
- package/lambda-package/utils/format-converter.js.map +0 -1
- package/lambda-package/utils/truncate.d.ts +0 -26
- package/lambda-package/utils/truncate.d.ts.map +0 -1
- package/lambda-package/utils/truncate.js +0 -54
- package/lambda-package/utils/truncate.js.map +0 -1
- package/lambda.zip +0 -0
- package/test-output.txt +0 -4
- package/tests/auth-smoke.test.ts +0 -480
- package/tests/elicit-runner.test.ts +0 -232
- package/tests/fetch-tool.test.ts +0 -922
- package/tests/hitl-gate.test.ts +0 -267
- package/tests/injection-corpus.ts +0 -338
- package/tests/pii-allowlist.test.ts +0 -282
- package/tests/reader.test.ts +0 -353
- package/tests/sanitizer.test.ts +0 -358
- package/tests/search.test.ts +0 -456
- package/tests/threat-reporter.test.ts +0 -334
- package/tsconfig.cdk.json +0 -35
|
@@ -0,0 +1,243 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SVG Content Handler
|
|
3
|
+
*
|
|
4
|
+
* Handles image/svg+xml content type. SVG is XML, not a binary image, and can contain
|
|
5
|
+
* executable code and external references. This handler strips dangerous elements and
|
|
6
|
+
* attributes unconditionally, then sanitizes remaining text content.
|
|
7
|
+
*
|
|
8
|
+
* What it handles:
|
|
9
|
+
* - All text content in SVG elements after stripping dangerous parts
|
|
10
|
+
*
|
|
11
|
+
* What it strips (unconditionally, no attempt to sanitize):
|
|
12
|
+
* - <script> elements and all children
|
|
13
|
+
* - <use> elements with external href or xlink:href attributes
|
|
14
|
+
* - <foreignObject> elements and all children
|
|
15
|
+
* - All event handler attributes (onload, onclick, onerror, etc.)
|
|
16
|
+
* - <set> and <animate> elements that reference external resources
|
|
17
|
+
* - data: URI attributes
|
|
18
|
+
*
|
|
19
|
+
* What it passes through (after injection scan):
|
|
20
|
+
* - Path data (d attribute)
|
|
21
|
+
* - Text elements and their content
|
|
22
|
+
* - <title> and <desc> elements
|
|
23
|
+
* - Presentation attributes (fill, stroke, transform, etc.)
|
|
24
|
+
* - viewBox, width, height attributes
|
|
25
|
+
*/
|
|
26
|
+
|
|
27
|
+
import { XMLParser, XMLBuilder } from 'fast-xml-parser';
|
|
28
|
+
import { sanitize } from '../sanitizer/index.js';
|
|
29
|
+
import type { HandlerResult } from './types.js';
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Handle SVG content
|
|
33
|
+
*
|
|
34
|
+
* @param content - Raw SVG XML string or Buffer
|
|
35
|
+
* @param mimeType - Original MIME type
|
|
36
|
+
* @returns Sanitized handler result
|
|
37
|
+
*/
|
|
38
|
+
export function handleSvg(
|
|
39
|
+
content: string | Buffer,
|
|
40
|
+
mimeType: string
|
|
41
|
+
): HandlerResult {
|
|
42
|
+
const startTime = Date.now();
|
|
43
|
+
|
|
44
|
+
// Convert Buffer to string if needed
|
|
45
|
+
const svgString = Buffer.isBuffer(content) ? content.toString('utf-8') : content;
|
|
46
|
+
|
|
47
|
+
try {
|
|
48
|
+
// Parse SVG XML
|
|
49
|
+
const parser = new XMLParser({
|
|
50
|
+
ignoreAttributes: false,
|
|
51
|
+
attributeNamePrefix: '@_',
|
|
52
|
+
textNodeName: '#text',
|
|
53
|
+
preserveOrder: false,
|
|
54
|
+
removeNSPrefix: true,
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
const parsed = parser.parse(svgString);
|
|
58
|
+
|
|
59
|
+
// Track sanitized field count
|
|
60
|
+
let sanitizedFieldCount = 0;
|
|
61
|
+
|
|
62
|
+
// Strip dangerous elements and attributes
|
|
63
|
+
const stripped = stripDangerousContent(parsed);
|
|
64
|
+
|
|
65
|
+
// Extract all text content for injection scanning
|
|
66
|
+
const textContent = extractTextContent(stripped);
|
|
67
|
+
|
|
68
|
+
// Run text through injection detection
|
|
69
|
+
let sanitizationResult;
|
|
70
|
+
if (textContent.length > 0) {
|
|
71
|
+
sanitizationResult = sanitize(textContent);
|
|
72
|
+
if (sanitizationResult.sanitization.content_modified) {
|
|
73
|
+
sanitizedFieldCount = sanitizationResult.sanitization.patterns_detected.length;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// Rebuild SVG
|
|
78
|
+
const builder = new XMLBuilder({
|
|
79
|
+
ignoreAttributes: false,
|
|
80
|
+
attributeNamePrefix: '@_',
|
|
81
|
+
textNodeName: '#text',
|
|
82
|
+
format: true,
|
|
83
|
+
suppressEmptyNode: true,
|
|
84
|
+
});
|
|
85
|
+
|
|
86
|
+
const sanitizedSvg = builder.build(stripped);
|
|
87
|
+
|
|
88
|
+
const processingTime = Date.now() - startTime;
|
|
89
|
+
|
|
90
|
+
return {
|
|
91
|
+
status: 'sanitized',
|
|
92
|
+
content_type: mimeType,
|
|
93
|
+
sanitized_content: sanitizedSvg,
|
|
94
|
+
sanitization: {
|
|
95
|
+
patterns_detected: sanitizationResult?.sanitization.patterns_detected || [],
|
|
96
|
+
pii_types_redacted: sanitizationResult?.sanitization.pii_types_redacted || [],
|
|
97
|
+
pii_allowlisted: sanitizationResult?.sanitization.pii_allowlisted || [],
|
|
98
|
+
sanitized_fields: sanitizedFieldCount
|
|
99
|
+
},
|
|
100
|
+
processing_time_ms: processingTime
|
|
101
|
+
};
|
|
102
|
+
|
|
103
|
+
} catch (error) {
|
|
104
|
+
return {
|
|
105
|
+
status: 'error',
|
|
106
|
+
reason: 'SVG_PARSE_FAILED',
|
|
107
|
+
mime: mimeType,
|
|
108
|
+
message: error instanceof Error ? error.message : String(error)
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
/**
|
|
114
|
+
* Strip dangerous content from parsed SVG
|
|
115
|
+
*
|
|
116
|
+
* Removes:
|
|
117
|
+
* - <script> elements
|
|
118
|
+
* - <foreignObject> elements
|
|
119
|
+
* - <use> with external href
|
|
120
|
+
* - Event handler attributes
|
|
121
|
+
* - <set> and <animate> with external references
|
|
122
|
+
* - data: URIs
|
|
123
|
+
*/
|
|
124
|
+
function stripDangerousContent(node: any): any {
|
|
125
|
+
if (typeof node !== 'object' || node === null) {
|
|
126
|
+
return node;
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
// Handle arrays
|
|
130
|
+
if (Array.isArray(node)) {
|
|
131
|
+
return node
|
|
132
|
+
.filter((item) => !shouldRemoveElement(item))
|
|
133
|
+
.map((item) => stripDangerousContent(item));
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
// Handle objects
|
|
137
|
+
const result: any = {};
|
|
138
|
+
|
|
139
|
+
for (const [key, value] of Object.entries(node)) {
|
|
140
|
+
// Skip dangerous elements
|
|
141
|
+
if (key === 'script' || key === 'foreignObject') {
|
|
142
|
+
continue;
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
// Handle <use> with external href
|
|
146
|
+
if (key === 'use' && typeof value === 'object' && value !== null) {
|
|
147
|
+
const href = (value as any)['@_href'] || (value as any)['@_xlink:href'];
|
|
148
|
+
if (href && (href.startsWith('http://') || href.startsWith('https://') || href.startsWith('//'))) {
|
|
149
|
+
continue;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
// Handle <set> and <animate> with external references
|
|
154
|
+
if ((key === 'set' || key === 'animate') && typeof value === 'object' && value !== null) {
|
|
155
|
+
const href = (value as any)['@_href'] || (value as any)['@_xlink:href'];
|
|
156
|
+
if (href && (href.startsWith('http://') || href.startsWith('https://') || href.startsWith('//'))) {
|
|
157
|
+
continue;
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
// Strip event handler attributes
|
|
162
|
+
if (key.startsWith('@_on')) {
|
|
163
|
+
continue;
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
// Strip data: URIs
|
|
167
|
+
if (typeof value === 'string' && value.startsWith('data:')) {
|
|
168
|
+
result[key] = '';
|
|
169
|
+
continue;
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
// Strip attributes with data: URIs
|
|
173
|
+
if (key.startsWith('@_') && typeof value === 'string' && value.startsWith('data:')) {
|
|
174
|
+
continue;
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
// Recursively process
|
|
178
|
+
result[key] = stripDangerousContent(value);
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
return result;
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
/**
|
|
185
|
+
* Check if element should be removed entirely
|
|
186
|
+
*/
|
|
187
|
+
function shouldRemoveElement(element: any): boolean {
|
|
188
|
+
if (typeof element !== 'object' || element === null) {
|
|
189
|
+
return false;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
// Check for dangerous element types
|
|
193
|
+
const dangerousElements = ['script', 'foreignObject'];
|
|
194
|
+
for (const dangerous of dangerousElements) {
|
|
195
|
+
if (dangerous in element) {
|
|
196
|
+
return true;
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
return false;
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
/**
|
|
204
|
+
* Extract all text content from SVG for injection scanning
|
|
205
|
+
*/
|
|
206
|
+
function extractTextContent(node: any): string {
|
|
207
|
+
if (typeof node !== 'object' || node === null) {
|
|
208
|
+
return '';
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
if (typeof node === 'string') {
|
|
212
|
+
return node;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
if (Array.isArray(node)) {
|
|
216
|
+
return node.map((item) => extractTextContent(item)).join(' ');
|
|
217
|
+
}
|
|
218
|
+
|
|
219
|
+
let text = '';
|
|
220
|
+
|
|
221
|
+
for (const [key, value] of Object.entries(node)) {
|
|
222
|
+
// Extract text from text nodes
|
|
223
|
+
if (key === '#text' && typeof value === 'string') {
|
|
224
|
+
text += value + ' ';
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
// Extract from title and desc elements (can be string or object)
|
|
228
|
+
if (key === 'title' || key === 'desc') {
|
|
229
|
+
if (typeof value === 'string') {
|
|
230
|
+
text += value + ' ';
|
|
231
|
+
} else if (typeof value === 'object') {
|
|
232
|
+
text += extractTextContent(value) + ' ';
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
// Recursively extract from other children
|
|
237
|
+
if (key !== 'title' && key !== 'desc' && typeof value === 'object') {
|
|
238
|
+
text += extractTextContent(value) + ' ';
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
return text.trim();
|
|
243
|
+
}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Content Handler Types
|
|
3
|
+
*
|
|
4
|
+
* Shared interfaces for content-type specific handlers.
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Success result from a content handler
|
|
9
|
+
*/
|
|
10
|
+
export interface HandlerSuccessResult {
|
|
11
|
+
status: 'sanitized';
|
|
12
|
+
content_type: string;
|
|
13
|
+
sanitized_content: string;
|
|
14
|
+
sanitization: {
|
|
15
|
+
patterns_detected: string[];
|
|
16
|
+
pii_types_redacted: string[];
|
|
17
|
+
pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
|
|
18
|
+
sanitized_fields: number;
|
|
19
|
+
};
|
|
20
|
+
processing_time_ms: number;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* Error result from a content handler
|
|
25
|
+
*/
|
|
26
|
+
export interface HandlerErrorResult {
|
|
27
|
+
status: 'error' | 'rejected';
|
|
28
|
+
reason: string;
|
|
29
|
+
mime: string;
|
|
30
|
+
message: string;
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
/**
|
|
34
|
+
* Union type for all handler results
|
|
35
|
+
*/
|
|
36
|
+
export type HandlerResult = HandlerSuccessResult | HandlerErrorResult;
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Content handler function signature
|
|
40
|
+
*/
|
|
41
|
+
export type ContentHandler = (
|
|
42
|
+
content: string | Buffer,
|
|
43
|
+
mimeType: string
|
|
44
|
+
) => Promise<HandlerResult> | HandlerResult;
|
|
@@ -4,6 +4,8 @@
|
|
|
4
4
|
* Maps injection pattern categories to compliance framework identifiers:
|
|
5
5
|
* - OWASP LLM Top 10 (2025)
|
|
6
6
|
* - NIST AI 600-1 (Generative AI Profile)
|
|
7
|
+
* - NIST AI RMF (AI Risk Management Framework - AI 100-1)
|
|
8
|
+
* - NIST CSF 2.0 (Cybersecurity Framework 2.0)
|
|
7
9
|
* - MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
|
|
8
10
|
* - ISO/IEC 42001:2023 (AI Management System - Annex A Controls)
|
|
9
11
|
*/
|
|
@@ -11,6 +13,8 @@
|
|
|
11
13
|
export interface FrameworkMappings {
|
|
12
14
|
owasp_llm: string;
|
|
13
15
|
nist_ai_600_1: string;
|
|
16
|
+
nist_ai_rmf: string;
|
|
17
|
+
nist_csf_2_0: string;
|
|
14
18
|
mitre_atlas: string;
|
|
15
19
|
iso_42001: string;
|
|
16
20
|
}
|
|
@@ -23,6 +27,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
23
27
|
direct_instruction_injection: {
|
|
24
28
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
25
29
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
30
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
31
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
26
32
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
27
33
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
28
34
|
},
|
|
@@ -31,6 +37,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
31
37
|
role_hijacking: {
|
|
32
38
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
33
39
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
40
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
41
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
34
42
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
35
43
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
36
44
|
},
|
|
@@ -39,6 +47,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
39
47
|
system_prompt_extraction: {
|
|
40
48
|
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
41
49
|
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
50
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
51
|
+
nist_csf_2_0: 'PR.DS-01 - Data at Rest Protection',
|
|
42
52
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
43
53
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
44
54
|
},
|
|
@@ -47,6 +57,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
47
57
|
privilege_escalation: {
|
|
48
58
|
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
49
59
|
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
60
|
+
nist_ai_rmf: 'GOVERN-1.1 - Legal and Regulatory Requirements',
|
|
61
|
+
nist_csf_2_0: 'PR.AC-04 - Access Control Enforcement',
|
|
50
62
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
51
63
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
52
64
|
},
|
|
@@ -55,6 +67,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
55
67
|
context_poisoning: {
|
|
56
68
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
57
69
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
70
|
+
nist_ai_rmf: 'MAP-5.1 - Impact Likelihood and Magnitude',
|
|
71
|
+
nist_csf_2_0: 'PR.DS-06 - Integrity Verification',
|
|
58
72
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
59
73
|
iso_42001: 'A.7.2 - Data Quality'
|
|
60
74
|
},
|
|
@@ -63,6 +77,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
63
77
|
data_exfiltration: {
|
|
64
78
|
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
65
79
|
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
80
|
+
nist_ai_rmf: 'MANAGE-2.3 - Respond to Unknown Risks',
|
|
81
|
+
nist_csf_2_0: 'DE.AE-02 - Anomaly Detection',
|
|
66
82
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
67
83
|
iso_42001: 'A.7.5 - Data Provenance / A.8.2 - Information to Users'
|
|
68
84
|
},
|
|
@@ -71,6 +87,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
71
87
|
base64_obfuscation: {
|
|
72
88
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
73
89
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
90
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
91
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
74
92
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
75
93
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
76
94
|
},
|
|
@@ -79,6 +97,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
79
97
|
unicode_lookalikes: {
|
|
80
98
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
81
99
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
100
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
101
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
82
102
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
83
103
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
84
104
|
},
|
|
@@ -87,6 +107,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
87
107
|
zero_width_characters: {
|
|
88
108
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
89
109
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
110
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
111
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
90
112
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
91
113
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
92
114
|
},
|
|
@@ -95,6 +117,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
95
117
|
html_script_injection: {
|
|
96
118
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
97
119
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
120
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
121
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
98
122
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
99
123
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
100
124
|
},
|
|
@@ -103,6 +127,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
103
127
|
data_uri_injection: {
|
|
104
128
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
105
129
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
130
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
131
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
106
132
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
107
133
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
108
134
|
},
|
|
@@ -111,6 +137,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
111
137
|
markdown_link_injection: {
|
|
112
138
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
113
139
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
140
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
141
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
114
142
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
115
143
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
116
144
|
},
|
|
@@ -119,6 +147,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
119
147
|
url_fragment_hashjack: {
|
|
120
148
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
121
149
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
150
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
151
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
122
152
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
123
153
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
124
154
|
},
|
|
@@ -127,6 +157,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
127
157
|
social_engineering_urgency: {
|
|
128
158
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
129
159
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
160
|
+
nist_ai_rmf: 'GOVERN-2.2 - Personnel Training',
|
|
161
|
+
nist_csf_2_0: 'PR.AT-01 - Awareness Training',
|
|
130
162
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
131
163
|
iso_42001: 'A.5.3 - AI Awareness and Training'
|
|
132
164
|
},
|
|
@@ -135,6 +167,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
135
167
|
instruction_delimiter_injection: {
|
|
136
168
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
137
169
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
170
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
171
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
138
172
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
139
173
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
140
174
|
},
|
|
@@ -143,6 +177,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
143
177
|
multi_language_obfuscation: {
|
|
144
178
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
145
179
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
180
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
181
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
146
182
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
147
183
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
148
184
|
},
|
|
@@ -151,6 +187,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
151
187
|
reverse_text_obfuscation: {
|
|
152
188
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
153
189
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
190
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
191
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
154
192
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
155
193
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
156
194
|
},
|
|
@@ -159,6 +197,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
159
197
|
leetspeak_obfuscation: {
|
|
160
198
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
161
199
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
200
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
201
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
162
202
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
163
203
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
164
204
|
},
|
|
@@ -167,6 +207,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
167
207
|
jailbreak_keywords: {
|
|
168
208
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
169
209
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
210
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
211
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
170
212
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
171
213
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
172
214
|
},
|
|
@@ -175,6 +217,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
175
217
|
token_smuggling: {
|
|
176
218
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
177
219
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
220
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
221
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
178
222
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
179
223
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
180
224
|
},
|
|
@@ -183,6 +227,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
183
227
|
system_message_injection: {
|
|
184
228
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
185
229
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
230
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
231
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
186
232
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
187
233
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
188
234
|
},
|
|
@@ -191,6 +237,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
191
237
|
conversation_reset: {
|
|
192
238
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
193
239
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
240
|
+
nist_ai_rmf: 'MANAGE-4.3 - Incident Communication',
|
|
241
|
+
nist_csf_2_0: 'DE.AE-01 - Baseline Establishment',
|
|
194
242
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
195
243
|
iso_42001: 'A.6.2.6 - Logging and Monitoring'
|
|
196
244
|
},
|
|
@@ -199,6 +247,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
199
247
|
memory_manipulation: {
|
|
200
248
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
201
249
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
250
|
+
nist_ai_rmf: 'MAP-5.1 - Impact Likelihood and Magnitude',
|
|
251
|
+
nist_csf_2_0: 'PR.DS-06 - Integrity Verification',
|
|
202
252
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
203
253
|
iso_42001: 'A.6.2.6 - Logging and Monitoring'
|
|
204
254
|
},
|
|
@@ -207,6 +257,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
207
257
|
capability_probing: {
|
|
208
258
|
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
209
259
|
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
260
|
+
nist_ai_rmf: 'GOVERN-1.1 - Legal and Regulatory Requirements',
|
|
261
|
+
nist_csf_2_0: 'ID.AM-01 - Asset Inventory',
|
|
210
262
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
211
263
|
iso_42001: 'A.6.1.2 - AI System Operational Procedures'
|
|
212
264
|
},
|
|
@@ -215,6 +267,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
215
267
|
chain_of_thought_manipulation: {
|
|
216
268
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
217
269
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
270
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
271
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
218
272
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
219
273
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
220
274
|
},
|
|
@@ -223,6 +277,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
223
277
|
hypothetical_scenario_injection: {
|
|
224
278
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
225
279
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
280
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
281
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
226
282
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
227
283
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
228
284
|
},
|
|
@@ -231,6 +287,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
231
287
|
ethical_override: {
|
|
232
288
|
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
233
289
|
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
290
|
+
nist_ai_rmf: 'GOVERN-1.1 - Legal and Regulatory Requirements',
|
|
291
|
+
nist_csf_2_0: 'GV.PO-01 - Policy Establishment',
|
|
234
292
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
235
293
|
iso_42001: 'A.2.2 - Responsible AI Policies'
|
|
236
294
|
},
|
|
@@ -239,6 +297,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
239
297
|
output_format_manipulation: {
|
|
240
298
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
241
299
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
300
|
+
nist_ai_rmf: 'MAP-4.2 - Internal Controls Identification',
|
|
301
|
+
nist_csf_2_0: 'PR.DS-06 - Integrity Verification',
|
|
242
302
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
243
303
|
iso_42001: 'A.6.1.2 - AI System Operational Procedures'
|
|
244
304
|
},
|
|
@@ -247,6 +307,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
247
307
|
negative_instruction: {
|
|
248
308
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
249
309
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
310
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
311
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
250
312
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
251
313
|
iso_42001: 'A.6.1.2 - AI System Operational Procedures'
|
|
252
314
|
},
|
|
@@ -255,6 +317,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
255
317
|
credential_harvesting: {
|
|
256
318
|
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
257
319
|
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
320
|
+
nist_ai_rmf: 'MANAGE-2.3 - Respond to Unknown Risks',
|
|
321
|
+
nist_csf_2_0: 'PR.AC-01 - Identity Management',
|
|
258
322
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
259
323
|
iso_42001: 'A.7.5 - Data Provenance / A.6.1.5 - AI System Security'
|
|
260
324
|
},
|
|
@@ -263,6 +327,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
263
327
|
time_based_triggers: {
|
|
264
328
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
265
329
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
330
|
+
nist_ai_rmf: 'MEASURE-3.1 - Risk Monitoring',
|
|
331
|
+
nist_csf_2_0: 'DE.CM-03 - User Activity Monitoring',
|
|
266
332
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
267
333
|
iso_42001: 'A.6.2.6 - Logging and Monitoring'
|
|
268
334
|
},
|
|
@@ -271,6 +337,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
271
337
|
code_execution_requests: {
|
|
272
338
|
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
273
339
|
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
340
|
+
nist_ai_rmf: 'GOVERN-1.3 - Risk Tolerance',
|
|
341
|
+
nist_csf_2_0: 'PR.AC-04 - Access Control Enforcement',
|
|
274
342
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
275
343
|
iso_42001: 'A.9.3 - Intended Use Boundaries'
|
|
276
344
|
},
|
|
@@ -279,6 +347,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
279
347
|
file_system_access: {
|
|
280
348
|
owasp_llm: 'LLM08:2025 - Excessive Agency',
|
|
281
349
|
nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
|
|
350
|
+
nist_ai_rmf: 'GOVERN-1.3 - Risk Tolerance',
|
|
351
|
+
nist_csf_2_0: 'PR.AC-03 - Remote Access Management',
|
|
282
352
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
283
353
|
iso_42001: 'A.9.3 - Intended Use Boundaries'
|
|
284
354
|
},
|
|
@@ -287,6 +357,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
287
357
|
training_data_extraction: {
|
|
288
358
|
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
289
359
|
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
360
|
+
nist_ai_rmf: 'MAP-1.1 - Negative Impact Documentation',
|
|
361
|
+
nist_csf_2_0: 'PR.DS-01 - Data at Rest Protection',
|
|
290
362
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
291
363
|
iso_42001: 'A.7.5 - Data Provenance'
|
|
292
364
|
},
|
|
@@ -295,6 +367,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
295
367
|
simulator_mode: {
|
|
296
368
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
297
369
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
370
|
+
nist_ai_rmf: 'MEASURE-2.6 - AI System Safety',
|
|
371
|
+
nist_csf_2_0: 'ID.AM-02 - Platform Management',
|
|
298
372
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
299
373
|
iso_42001: 'A.9.3 - Intended Use Boundaries'
|
|
300
374
|
},
|
|
@@ -303,6 +377,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
303
377
|
nested_encoding: {
|
|
304
378
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
305
379
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
380
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
381
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
306
382
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
307
383
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
308
384
|
},
|
|
@@ -311,6 +387,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
311
387
|
payload_splitting: {
|
|
312
388
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
313
389
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
390
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
391
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
314
392
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
315
393
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
316
394
|
},
|
|
@@ -319,6 +397,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
319
397
|
css_hiding: {
|
|
320
398
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
321
399
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
400
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
401
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
322
402
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
323
403
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
324
404
|
},
|
|
@@ -327,6 +407,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
327
407
|
authority_impersonation: {
|
|
328
408
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
329
409
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
410
|
+
nist_ai_rmf: 'GOVERN-2.2 - Personnel Training',
|
|
411
|
+
nist_csf_2_0: 'PR.AT-01 - Awareness Training',
|
|
330
412
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
331
413
|
iso_42001: 'A.2.2 - Responsible AI Policies'
|
|
332
414
|
},
|
|
@@ -335,6 +417,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
335
417
|
testing_debugging_claims: {
|
|
336
418
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
337
419
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
420
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
|
|
421
|
+
nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
|
|
338
422
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
339
423
|
iso_42001: 'A.6.1.2 - AI System Operational Procedures'
|
|
340
424
|
},
|
|
@@ -343,6 +427,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
343
427
|
callback_url_injection: {
|
|
344
428
|
owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
|
|
345
429
|
nist_ai_600_1: 'MS-2.6 - Data Disclosure',
|
|
430
|
+
nist_ai_rmf: 'MANAGE-2.3 - Respond to Unknown Risks',
|
|
431
|
+
nist_csf_2_0: 'DE.AE-02 - Anomaly Detection',
|
|
346
432
|
mitre_atlas: 'AML.T0048 - External Harms',
|
|
347
433
|
iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
|
|
348
434
|
},
|
|
@@ -351,6 +437,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
351
437
|
whitespace_steganography: {
|
|
352
438
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
353
439
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
440
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
441
|
+
nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
|
|
354
442
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
355
443
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
356
444
|
},
|
|
@@ -359,6 +447,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
359
447
|
comment_injection: {
|
|
360
448
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
361
449
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
450
|
+
nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
|
|
451
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
362
452
|
mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
|
|
363
453
|
iso_42001: 'A.7.4 - Data Preparation'
|
|
364
454
|
}
|
|
@@ -370,6 +460,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
|
|
|
370
460
|
const DEFAULT_MAPPINGS: FrameworkMappings = {
|
|
371
461
|
owasp_llm: 'LLM01:2025 - Prompt Injection',
|
|
372
462
|
nist_ai_600_1: 'MS-2.5 - Prompt Injection',
|
|
463
|
+
nist_ai_rmf: 'MEASURE-2.7 - AI System Security',
|
|
464
|
+
nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
|
|
373
465
|
mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
|
|
374
466
|
iso_42001: 'A.6.1.5 - AI System Security'
|
|
375
467
|
};
|
|
@@ -388,6 +480,8 @@ export function getSupportedFrameworks(): string[] {
|
|
|
388
480
|
return [
|
|
389
481
|
'OWASP LLM Top 10 (2025)',
|
|
390
482
|
'NIST AI 600-1 (Generative AI Profile)',
|
|
483
|
+
'NIST AI RMF (AI Risk Management Framework)',
|
|
484
|
+
'NIST CSF 2.0 (Cybersecurity Framework)',
|
|
391
485
|
'MITRE ATLAS (Adversarial Threat Landscape)',
|
|
392
486
|
'ISO/IEC 42001:2023 (AI Management System)'
|
|
393
487
|
];
|