add more strict validations

nayanakto · nayanakto · commit 4b06a3375422 · 2025-08-25T18:33:51.000+05:30
diff --git a/MCP-LT/MCPBrowserOrDriverVersionDisclosure.yml b/MCP-LT/MCPBrowserOrDriverVersionDisclosure.yml
@@ -45,5 +45,8 @@ execute:
   - req: []
 validate:
   response_payload:
-  - not_magic_validate: "Analyze the response and check whether the response indicates that the request failed due to isError: true or any other error (like requested data nbot found, error processing request, server error, not accessible, etc)."
-  - magic_validate: "\"Analyze the response and check whether it contains any data related to web browser version (chromedriverVersion, geckodriverVersion, edgedriverVersion, safaridriverVersion, driverVersion) or any value that contains a broswwer software version (digits with dots). Ignore all other types of versions."
+    or:
+      - regex: (?i)\b(?:chrome|firefox|safari|edge|opera|brave|vivaldi|ie|internet explorer)[\/\s]?([0-9]+(?:\.[0-9]+){0,3})
+      - and:
+        - not_magic_validate: "Analyze the response and check whether the response indicates that the request failed due to isError: true or any other error (like requested data nbot found, error processing request, server error, not accessible, etc)."
+        - magic_validate: "\"Analyze the response and check whether it contains any data related to web browser version (chromedriverVersion, geckodriverVersion, edgedriverVersion, safaridriverVersion, driverVersion) or any value that contains a broswwer software version (digits with dots). Ignore all other types of versions."
diff --git a/MCP-LT/MCPFilePathDisclosure.yml b/MCP-LT/MCPFilePathDisclosure.yml
@@ -43,5 +43,13 @@ execute:
   - req: []
 validate:
   response_payload:
-  - not_magic_validate: "Analyze the response and check whether the response indicates that the request failed due to isError: true or any other error (like requested data nbot found, error processing request, server error, not accessible, etc)."
-  - magic_validate: "Check the response body strictly for literal absolute file system paths only. Unix-style paths must start with '/' followed by at least one valid directory or file name (e.g., /etc/passwd, /var/log/file.txt). Windows-style paths must start with a drive letter, colon, and backslash, followed by at least one directory or file name (e.g., C:\\Windows\\System32\\). Do NOT flag JSON keys, array names, or plain text that mention directories, logs, or file types unless they contain a literal absolute path. Do NOT flag empty arrays, placeholders (e.g., /path/to/file), relative paths (./file.txt, ../logs/debug.log), or strings that only look like paths but are not literal. Flag only actual paths that exist literally in the response."
+    or: 
+    - contains_either:
+      - "Program Files (x86)"
+      - "/etc/passwd"
+      - "/etc/shadow"
+      - "C:\\Windows\\System32"
+      - "C:\\Users\\Administrator"
+    - and:
+      - not_magic_validate: "Analyze the response and check whether the response indicates that the request failed due to isError: true or any other error (like requested data nbot found, error processing request, server error, not accessible, etc)."
+      - magic_validate: "Check the response body strictly for literal absolute file system paths only. Unix-style paths must start with '/' followed by at least one valid directory or file name (e.g., /etc/passwd, /var/log/file.txt). Windows-style paths must start with a drive letter, colon, and backslash, followed by at least one directory or file name (e.g., C:\\Windows\\System32\\). Do NOT flag JSON keys, array names, or plain text that mention directories, logs, or file types unless they contain a literal absolute path. Do NOT flag empty arrays, placeholders (e.g., /path/to/file), relative paths (./file.txt, ../logs/debug.log), or strings that only look like paths but are not literal. Flag only actual paths that exist literally in the response."
diff --git a/MCP-LT/MCPWebdriverSessionExpose.yml b/MCP-LT/MCPWebdriverSessionExpose.yml
@@ -55,8 +55,14 @@ api_selection_filters:
 execute:
   type: single
   requests:
-  - req: []
+  - req:
+      modify_body_param:
+        testId: DA-WIN-466203-1756104789390435861FMZ
+      delete_body_param: pageNumber
 validate:
   response_payload:
-  - not_magic_validate: "Analyze the response and check whether the response indicates that the request failed due to isError: true or any other error (like requested data nbot found, error processing request, server error, not accessible, etc)."
-  - magic_validate: "Whenever WebDriver sessionIds are exposed in the response body then it is a serious vulnerability. check for any such data in the given response. IGNORE errors, ids, sessionIds, etc that are not related to webDrivers."
+    or:
+    - regex: (?i)\bwd\/hub\/session\/(?:[0-9a-f]{32}|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b
+    # - and:
+    #   - not_magic_validate: "Analyze the response and check whether the response indicates that the request failed due to isError: true or any other error (like requested data nbot found, error processing request, server error, not accessible, etc)."
+    #   - magic_validate: "Whenever WebDriver sessionIds are exposed in the response body then it is a serious vulnerability. check for data like `wd/hub/session/{sessionId}` or any selenium related sessionIds. IGNORE errors, ids, sessionIds, etc that are not related to webDrivers."
