insite-mcp
Version:
MCP server for browser automation with 52 tools using Playwright
161 lines • 5.19 kB
JavaScript
/**
* Security & Validation Tools for Browser MCP Server
*
* Provides security-focused capabilities including CSP handling,
* certificate management, and security validation.
*/
/**
* Handle Content Security Policy Tool
* Configure Content Security Policy handling and compliance checking
*/
export const handleCSPTool = {
name: 'handle_csp',
description: 'Configure Content Security Policy handling and compliance checking',
inputSchema: {
type: 'object',
properties: {
action: {
type: 'string',
enum: ['bypass', 'enforce', 'report', 'check'],
description: 'CSP action to take',
default: 'check'
},
policies: {
type: 'array',
description: 'CSP policies to check or enforce',
items: {
type: 'string'
}
},
bypassUnsafe: {
type: 'boolean',
description: 'Allow bypassing unsafe CSP directives (use with caution)',
default: false
},
reportOnly: {
type: 'boolean',
description: 'Enable CSP report-only mode',
default: false
},
violationCallback: {
type: 'string',
description: 'JavaScript callback for CSP violations (optional)'
}
},
required: ['action']
}
};
/**
* Manage Certificates Tool
* Certificate validation and custom certificate handling
*/
export const manageCertificatesTool = {
name: 'manage_certificates',
description: 'Certificate validation and custom certificate handling',
inputSchema: {
type: 'object',
properties: {
action: {
type: 'string',
enum: ['validate', 'ignore', 'add_trusted', 'check_chain', 'get_info'],
description: 'Certificate management action',
default: 'validate'
},
url: {
type: 'string',
description: 'URL to check certificate for (required for validate, check_chain, get_info)'
},
certificatePath: {
type: 'string',
description: 'Path to certificate file (for add_trusted action)'
},
ignoreHTTPSErrors: {
type: 'boolean',
description: 'Ignore HTTPS certificate errors',
default: false
},
checkExpiry: {
type: 'boolean',
description: 'Check certificate expiry date',
default: true
},
validateChain: {
type: 'boolean',
description: 'Validate certificate chain',
default: true
}
},
required: ['action']
}
};
/**
* Validate Security Tool
* Security validation and vulnerability scanning
*/
export const validateSecurityTool = {
name: 'validate_security',
description: 'Security validation and vulnerability scanning for web pages',
inputSchema: {
type: 'object',
properties: {
checks: {
type: 'array',
description: 'Security checks to perform',
items: {
type: 'string',
enum: [
'https_usage',
'mixed_content',
'insecure_forms',
'csp_presence',
'hsts_headers',
'xss_protection',
'clickjacking_protection',
'content_type_options',
'referrer_policy',
'permissions_policy'
]
},
default: [
'https_usage',
'mixed_content',
'csp_presence',
'hsts_headers',
'xss_protection'
]
},
level: {
type: 'string',
enum: ['basic', 'intermediate', 'advanced'],
description: 'Security validation level',
default: 'intermediate'
},
includeHeaders: {
type: 'boolean',
description: 'Include security header analysis',
default: true
},
scanContent: {
type: 'boolean',
description: 'Scan page content for security issues',
default: true
},
reportFormat: {
type: 'string',
enum: ['summary', 'detailed', 'json'],
description: 'Security report format',
default: 'detailed'
}
},
required: []
}
};
/**
* All security tools export
*/
export const securityTools = [
handleCSPTool,
manageCertificatesTool,
validateSecurityTool
];
//# sourceMappingURL=security-tools.js.map