torjus/labmcp
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: cap log query limit and validate direction parameter

Browse Source 
Prevent unbounded memory usage by capping the limit parameter to 5000.
Validate direction against allowed values instead of passing through
to Loki unchecked.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-05 20:58:35 +01:00
parent 859e35ab5c
commit d97e554dfc
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/monitoring/handlers.go
View File

@@ -589,9 +589,15 @@ func makeQueryLogsHandler(loki *LokiClient) mcp.ToolHandler {
if l, ok := args["limit"].(float64); ok && l > 0 { if l, ok := args["limit"].(float64); ok && l > 0 {
limit = int(l) limit = int(l)
} }
if limit > 5000 {
limit = 5000
}
direction := "backward" direction := "backward"
if d, ok := args["direction"].(string); ok && d != "" { if d, ok := args["direction"].(string); ok && d != "" {
if d != "backward" && d != "forward" {
return mcp.ErrorContent(fmt.Errorf("direction must be 'backward' or 'forward'")), nil
}
direction = d direction = d
} }