MCPcopy
hub / github.com/KeygraphHQ/shannon / validateRulesSecurity

Function validateRulesSecurity

apps/worker/src/config-parser.ts:503–530  ·  view source on GitHub ↗
(rules: Rule[] | undefined, ruleType: string)

Source from the content-addressed store, hash-verified

501};
502
503const validateRulesSecurity = (rules: Rule[] | undefined, ruleType: string): void => {
504 if (!rules) return;
505
506 rules.forEach((rule, index) => {
507 for (const pattern of DANGEROUS_PATTERNS) {
508 if (pattern.test(rule.value)) {
509 throw new PentestError(
510 `rules.${ruleType}[${index}].value contains potentially dangerous pattern: ${pattern.source}`,
511 'config',
512 false,
513 { field: `rules.${ruleType}[${index}].value`, pattern: pattern.source },
514 ErrorCode.CONFIG_VALIDATION_FAILED,
515 );
516 }
517 if (pattern.test(rule.description)) {
518 throw new PentestError(
519 `rules.${ruleType}[${index}].description contains potentially dangerous pattern: ${pattern.source}`,
520 'config',
521 false,
522 { field: `rules.${ruleType}[${index}].description`, pattern: pattern.source },
523 ErrorCode.CONFIG_VALIDATION_FAILED,
524 );
525 }
526 }
527
528 validateRuleTypeSpecific(rule, ruleType, index);
529 });
530};
531
532const validateRuleTypeSpecific = (rule: Rule, ruleType: string, index: number): void => {
533 const field = `rules.${ruleType}[${index}].value`;

Callers 1

Calls 1

validateRuleTypeSpecificFunction · 0.85

Tested by

no test coverage detected