@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
59 lines • 2.57 kB
TypeScript
/**
* Security utility functions for preventing prototype pollution and other vulnerabilities
*/
/**
* List of property names that should never be used as object keys
* to prevent prototype pollution attacks
*/
export declare const FORBIDDEN_KEYS: readonly ["__proto__", "constructor", "prototype"];
/**
* Validates that a property key is safe to use (not a prototype pollution vector)
* @param key The property key to validate
* @param context Optional context for the error message (e.g., "path" or "section")
* @throws Error if the key is forbidden
*/
export declare function validatePropertyKey(key: string, context?: string): void;
/**
* Validates all keys in a dot-notation path
* @param path Dot-notation path (e.g., "user.settings.theme")
* @param context Optional context for the error message (e.g., "path" or "section")
* @throws Error if any key in the path is forbidden
*/
export declare function validatePropertyPath(path: string, context?: string): void;
/**
* Safely sets a property on an object using Object.defineProperty
* to prevent prototype pollution
* @param target The target object
* @param key The property key
* @param value The value to set
*/
export declare function safeSetProperty(target: any, key: string, value: any): void;
/**
* Creates a new object without prototype chain (using Object.create(null))
* This prevents prototype pollution attacks on newly created objects
* @returns A new object with no prototype
*/
export declare function createSafeObject(): Record<string, any>;
/**
* Safely checks if an object has a property without traversing the prototype chain
* @param target The target object
* @param key The property key to check
* @returns true if the object has the property, false otherwise
*/
export declare function safeHasOwnProperty(target: any, key: string): boolean;
/**
* Safely navigates an object path, creating intermediate objects as needed
* All created objects are prototype-less to prevent pollution
* @param root The root object to navigate
* @param path Dot-notation path (e.g., "user.settings.theme")
* @returns The final object in the path where the value should be set
*/
export declare function safeNavigateObject(root: any, path: string): any;
/**
* Safely sets a value at a dot-notation path in an object
* @param root The root object
* @param path Dot-notation path (e.g., "user.settings.theme")
* @param value The value to set
*/
export declare function safeSetPath(root: any, path: string, value: any): void;
//# sourceMappingURL=securityUtils.d.ts.map