/** * Deterministic security test payloads. * * These are well-known test patterns used for security testing that don't * require LLM generation. Each payload is designed to test a specific * vulnerability class. * * IMPORTANT: These payloads are for defensive security testing only. * They help developers identify input validation gaps in their MCP servers. */ import type { SecurityPayload, SecurityCategory } from './types.js'; /** * SQL injection test payloads. * Tests for improper handling of SQL metacharacters in user input. * CWE-89: Improper Neutralization of Special Elements used in an SQL Command */ export declare const SQL_INJECTION_PAYLOADS: SecurityPayload[]; /** * Cross-Site Scripting (XSS) test payloads. * Tests for improper handling of HTML/JavaScript in user input. * CWE-79: Improper Neutralization of Input During Web Page Generation */ export declare const XSS_PAYLOADS: SecurityPayload[]; /** * Path traversal test payloads. * Tests for improper handling of file path inputs. * CWE-22: Improper Limitation of a Pathname to a Restricted Directory */ export declare const PATH_TRAVERSAL_PAYLOADS: SecurityPayload[]; /** * Command injection test payloads. * Tests for improper handling of shell metacharacters. * CWE-78: Improper Neutralization of Special Elements used in an OS Command */ export declare const COMMAND_INJECTION_PAYLOADS: SecurityPayload[]; /** * Server-Side Request Forgery (SSRF) test payloads. * Tests for improper URL validation allowing internal network access. * CWE-918: Server-Side Request Forgery (SSRF) */ export declare const SSRF_PAYLOADS: SecurityPayload[]; /** * Get payloads for a specific security category. * * @param category - The security category to get payloads for * @returns Array of payloads for that category */ export declare function getPayloadsForCategory(category: SecurityCategory): SecurityPayload[]; /** * Get all security payloads across all categories. * * @returns Array of all security payloads */ export declare function getAllSecurityPayloads(): SecurityPayload[]; /** * Get all available security categories. * * @returns Array of all security category identifiers */ export declare function getAllSecurityCategories(): SecurityCategory[]; //# sourceMappingURL=payloads.d.ts.map