UNPKG

@dollhousemcp/mcp-server

Version:

DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.

59 lines 2.1 kB
/** * RegexValidator - Provides protection against ReDoS attacks * * This module implements safe regex execution by: * 1. Pre-validating content length based on pattern complexity * 2. Analyzing patterns for known ReDoS vulnerabilities * 3. Limiting execution based on calculated risk */ export interface RegexValidationOptions { /** Maximum content length allowed */ maxLength?: number; /** Reject patterns with high ReDoS risk */ rejectDangerousPatterns?: boolean; /** Log security events */ logEvents?: boolean; } interface PatternAnalysis { safe: boolean; risks: string[]; complexity: 'low' | 'medium' | 'high'; maxSafeLength: number; } export declare class RegexValidator { private static readonly COMPLEXITY_LIMITS; /** * Validates content against a pattern with ReDoS protection * * Protection strategy: * 1. Analyze pattern complexity * 2. Enforce content length limits based on complexity * 3. Reject known dangerous patterns * 4. Execute regex only if safe */ static validate(content: string, pattern: RegExp, options?: RegexValidationOptions): boolean; /** * Validates multiple patterns with shared risk assessment */ static validateAny(content: string, patterns: RegExp[], options?: RegexValidationOptions): boolean; /** * Validates all patterns must match */ static validateAll(content: string, patterns: RegExp[], options?: RegexValidationOptions): boolean; /** * Analyzes a regex pattern for potential ReDoS vulnerabilities * * Detects patterns known to cause exponential backtracking: * - Nested quantifiers: (a+)+, (a*)* * - Alternation with overlap: (a|a)* * - Quantified groups with alternation: (a|b)+ * - Catastrophic patterns: (.+)+$ */ static analyzePattern(pattern: RegExp): PatternAnalysis; /** * Creates a regex pattern with safety analysis */ static createSafePattern(pattern: string, flags?: string): RegExp; } export {}; //# sourceMappingURL=regexValidator.d.ts.map