DollhouseMCP

{ "suppressions": [ { "rule": "DMCP-SEC-004", "file": "**/src/elements/memories/constants.ts", "reason": "False positive - This file only contains constants and type definitions, no user input processing" }, { "rule": "DMCP-SEC-004", "file": "**/test-full-validation.js", "reason": "Test file - Not production code" }, { "rule": "OWASP-A03-002", "file": "**/test-full-validation.js", "reason": "Test file - Docker spawn is for testing purposes only" }, { "rule": "DMCP-SEC-006", "file": "**/test-version-validation.js", "reason": "Test file - Audit logging not required in test utilities" }, { "rule": "DMCP-SEC-004", "file": "**/test-memory-deletion.js", "reason": "Test file - No user input processed, all test data is internally generated" }, { "rule": "DMCP-SEC-006", "file": "**/test-memory-deletion.js", "reason": "Test file - Audit logging happens in the server's deleteElement method, not in test" }, { "rule": "CWE-89-001", "file": "**/test-memory-deletion.js", "reason": "False positive - Template literals in error messages are not SQL queries" }, { "rule": "DMCP-SEC-006", "file": "**/scripts/lib/gh-command.js", "reason": "CLI utility - SecurityMonitor not available in standalone scripts. Security ensured via input validation and secure command execution patterns (DMCP-SEC-001, DMCP-SEC-002)" } ], "_comment": "Paths use glob patterns to match in both local and CI environments" }