UNPKG

mcp-sanitizer

Version:

Comprehensive security sanitization library for Model Context Protocol (MCP) servers with trusted security libraries

github.com/starman69/mcp-sanitizer

starman69/mcp-sanitizer

60 lines (51 loc) 2.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
/** * Utility modules index file for MCP Sanitizer * * This file exports all utility modules for easy importing. */ const stringUtils = require('./string-utils'); const objectUtils = require('./object-utils'); const validationUtils = require('./validation-utils'); const securityEnhancements = require('./security-enhancements'); const securityDecoder = require('./security-decoder'); // CVE-TBD-001 FIX: Import unified parser const unifiedParser = require('./unified-parser'); // DoS protection removed - handled at infrastructure layer module.exports = { stringUtils, objectUtils, validationUtils, securityEnhancements, securityDecoder, unifiedParser, // Re-export common functions for convenience htmlEncode: stringUtils.htmlEncode, validateStringLength: stringUtils.validateStringLength, validateAgainstBlockedPatterns: stringUtils.validateAgainstBlockedPatterns, enhancedStringValidation: stringUtils.enhancedStringValidation, isDangerousKey: objectUtils.isDangerousKey, validateObjectKey: objectUtils.validateObjectKey, validateObjectDepth: objectUtils.validateObjectDepth, validateNonEmptyString: validationUtils.validateNonEmptyString, validateFilePath: validationUtils.validateFilePath, validateURL: validationUtils.validateURL, validateCommand: validationUtils.validateCommand, // Security enhancement functions detectDirectionalOverrides: securityEnhancements.detectDirectionalOverrides, detectNullBytes: securityEnhancements.detectNullBytes, detectMultipleUrlEncoding: securityEnhancements.detectMultipleUrlEncoding, detectPostgresDollarQuotes: securityEnhancements.detectPostgresDollarQuotes, detectCyrillicHomographs: securityEnhancements.detectCyrillicHomographs, handleEmptyStrings: securityEnhancements.handleEmptyStrings, // Timing attack prevention removed - not applicable for sanitization comprehensiveSecurityAnalysis: securityEnhancements.comprehensiveSecurityAnalysis, // Security decoder functions enhancedSecurityDecode: securityDecoder.enhancedSecurityDecode, securityDecode: securityDecoder.securityDecode, // CVE-TBD-001 FIX: Unified parser functions parseUnified: unifiedParser.parseUnified, extractNormalized: unifiedParser.extractNormalized, isNormalizedString: unifiedParser.isNormalizedString, wrapValidator: unifiedParser.wrapValidator // DoS protection removed - infrastructure concern };