Skip to content

refactor(mcp,core): extract shared injection-detection patterns to avoid drift#1761

Merged
bug-ops merged 2 commits intomainfrom
refactor-mcp-extract-shared-inj
Mar 14, 2026
Merged

refactor(mcp,core): extract shared injection-detection patterns to avoid drift#1761
bug-ops merged 2 commits intomainfrom
refactor-mcp-extract-shared-inj

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 14, 2026

Summary

  • Extracts the 17 injection-detection regex patterns from an inline slice in zeph-mcp/src/sanitize.rs into a pub const RAW_INJECTION_PATTERNS: &[(&str, &str)]
  • zeph-core's ContentSanitizer now builds its INJECTION_PATTERNS LazyLock from this shared constant instead of maintaining a duplicate list
  • Fixes two zeph-core patterns that had drifted: xml_tag_injection and markdown_image_exfil were missing (?i) case-insensitive flags present in the zeph-mcp copy

Motivation

Both sanitization layers had independent copies of the same pattern list. Any new pattern added to one would silently not apply to the other. Now there is a single source of truth.

No new crate required — zeph-core already depends on zeph-mcp, so the shared constant is reachable without new dependency edges.

Test plan

  • cargo +nightly fmt --check — clean
  • cargo clippy --workspace --features full -- -D warnings — clean
  • cargo nextest run --config-file .github/nextest.toml --workspace --features full --lib --bins — 5508 passed

Closes #1747

@bug-ops
refactor(mcp,core): extract shared injection-detection patterns to av…
178f3c2 
…oid drift

Extract the 17 injection-detection regex patterns from an inline slice
inside zeph-mcp's INJECTION_PATTERNS LazyLock into a pub const
RAW_INJECTION_PATTERNS. zeph-core's ContentSanitizer now builds its
INJECTION_PATTERNS from that shared const instead of maintaining a
separate copy.

This eliminates the maintenance risk where patterns added to one
sanitization layer would silently not apply to the other.

Also fixes two patterns in zeph-core that were missing the (?i) flag
(xml_tag_injection, markdown_image_exfil) — these had drifted from
the zeph-mcp versions which carried the flag.

Closes #1747
@github-actions github-actions bot added documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate refactor Code refactoring without functional changes size/M Medium PR (51-200 lines) labels Mar 14, 2026
@bug-ops bug-ops enabled auto-merge (squash) March 14, 2026 16:52
@bug-ops bug-ops merged commit 7f8b27f into main Mar 14, 2026
15 checks passed
@bug-ops bug-ops deleted the refactor-mcp-extract-shared-inj branch March 14, 2026 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core zeph-core crate documentation Improvements or additions to documentation refactor Code refactoring without functional changes rust Rust code changes size/M Medium PR (51-200 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

refactor(mcp): extract shared injection-detection patterns to avoid drift between zeph-mcp and zeph-core

1 participant

@bug-ops