Critical Security Gaps: SSRF & Auth Bypass Checks in 'wast mcpscan' Lack Unit Tests

A critical testing gap has been identified within the `wast mcpscan` security subsystem. The two highest-severity vulnerability check modules—responsible for detecting Server-Side Request Forgery (SSRF) and authentication bypass flaws—currently operate with zero unit test coverage. This means changes to the `SSRFChecker` and related authentication logic can silently regress without triggering any test failures, potentially allowing Critical and High-severity vulnerabilities to slip through undetected.

The missing test files are `pkg/mcpscan/checks/ssrf_test.go` and `pkg/mcpscan/checks/auth_test.go`. In stark contrast, all six other security check modules in the same package—covering injection, data exposure, permissions, prompt injection, schema validation, and shadowing—already have established `*_test.go` files. This inconsistency creates a high-risk blind spot in the project's security validation pipeline, leaving its most sensitive defensive code untested.

The absence of tests for these specific modules represents a significant quality assurance failure. It undermines confidence in the scanner's ability to reliably flag SSRF (rated `SeverityCritical`) and auth bypass issues, which are foundational attack vectors. For any team or project relying on `wast mcpscan` for security auditing, this gap necessitates immediate remediation to prevent silent regressions that could compromise the integrity of the entire scanning process.