mcp-sanitizer

The project is explicitly focused on security, demonstrating a strong defense-in-depth approach. It actively mitigates various injection types (SQL, Command, NoSQL, Template, Prototype Pollution), path traversal, XSS, and advanced Unicode attacks (homographs, directional overrides, null bytes, multi-encoding). The codebase includes explicit fixes for CVE-TBD-XXX issues, robust ReDoS protection, and a unified parser to prevent differential attacks. It leverages well-known security libraries like `sqlstring`, `shell-quote`, and `sanitize-filename`. While no system is perfectly impenetrable, the design and implementation show a high level of security awareness and best practices. Production policies enforce strict rules, including blocking sensitive protocols and private IPs. There are no obvious hardcoded secrets in the provided truncated source code examples, and `eval` or similar dangerous functions are used in patterns to *detect* attacks, not for internal execution.