@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
123 lines • 4.11 kB
TypeScript
/**
* DOS Protection Utilities
*
* Centralized protection against Denial of Service attacks, particularly ReDoS
* (Regular Expression Denial of Service) vulnerabilities.
*
* SECURITY: This module provides comprehensive protection mechanisms for all
* regex operations in the codebase to prevent catastrophic backtracking.
*/
export interface RegexExecutionOptions {
/**
* Maximum time allowed for regex execution (milliseconds)
* Default: 100ms for user input, 1000ms for system operations
*/
timeout?: number;
/**
* Maximum input length to process
* Default: 10000 characters
*/
maxLength?: number;
/**
* Whether to cache compiled regex patterns
* Default: true for static patterns, false for dynamic
*/
cache?: boolean;
/**
* Context for logging/monitoring
*/
context?: string;
}
/**
* Safe regex execution with timeout protection
* Prevents ReDoS attacks by limiting execution time
*/
export declare class SafeRegex {
private static readonly patternCache;
/**
* Safely test a regex pattern against input with timeout protection
*/
static test(pattern: string | RegExp, input: string, options?: RegexExecutionOptions): boolean;
/**
* Safely execute regex match with timeout protection
*/
static match(input: string, pattern: string | RegExp, options?: RegexExecutionOptions): RegExpMatchArray | null;
/**
* Escape user input for safe use in regex patterns
* Prevents injection of regex special characters
*/
static escape(input: string): string;
/**
* Convert glob pattern to safe regex pattern
* Prevents ReDoS from malicious glob patterns
*/
static globToRegex(glob: string): RegExp | null;
/**
* Compile and validate a regex pattern
*/
private static compilePattern;
/**
* Check for nested quantifiers in pattern
* Reviewer recommendation: Break down complex functions
*/
private static hasNestedQuantifiers;
/**
* Check for complex alternation patterns that can cause backtracking
*/
private static hasComplexAlternation;
/**
* Check if pattern complexity exceeds safe thresholds
*/
private static exceedsComplexityThreshold;
/**
* Check if a regex pattern is potentially dangerous (ReDoS)
* Based on OWASP recommendations
* Refactored for clarity (Reviewer recommendation)
*/
private static isDangerous;
/**
* Clear the pattern cache
*/
static clearCache(): void;
}
/**
* DOS Protection middleware for various operations
*/
export declare class DOSProtection {
/**
* Split with regex separator using SafeRegex protection
* Extracted to reduce cognitive complexity
*/
private static splitWithRegex;
/**
* Split with string separator preserving remainder
* Extracted to reduce cognitive complexity
*/
private static splitWithString;
/**
* Protect string split operations from ReDoS
* REFACTORED: Reduced cognitive complexity by extracting helpers
*/
static safeSplit(input: string, separator: string | RegExp, limit?: number): string[];
/**
* Protect replace operations from ReDoS
*/
static safeReplace(input: string, pattern: string | RegExp, replacement: string | ((match: string, ...args: any[]) => string)): string;
/**
* Rate limiting for expensive operations
*/
private static readonly operationCounts;
private static resetInterval;
static rateLimit(operation: string, maxPerMinute?: number): boolean;
/**
* Cleanup resources
*/
static cleanup(): void;
}
export declare const safeTest: typeof SafeRegex.test;
export declare const safeMatch: typeof SafeRegex.match;
export declare const escapeRegex: typeof SafeRegex.escape;
export declare const globToRegex: typeof SafeRegex.globToRegex;
export declare const safeSplit: typeof DOSProtection.safeSplit;
export declare const safeReplace: typeof DOSProtection.safeReplace;
//# sourceMappingURL=dosProtection.d.ts.map