torjus/labmcp
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: improve path validation in get_file handler

Browse Source 
The previous check only looked for ".." substring, which missed:
- Absolute paths (/etc/passwd)
- URL-encoded traversal patterns
- Paths that clean to traversal (./../../etc)

Now uses filepath.Clean() and filepath.IsAbs() for robust validation:
- Rejects absolute paths
- Cleans paths before checking for traversal
- Uses cleaned path for database lookup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-03 19:12:25 +01:00
parent be1ff4839b
commit f0adc9efbe
2 changed files with 106 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/mcp/handlers.go
View File

@@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"path/filepath"
"strings" "strings"
"time" "time"
@@ -177,10 +178,17 @@ func (s *Server) handleGetFile(ctx context.Context, args map[string]interface{})
return ErrorContent(fmt.Errorf("path is required")), nil return ErrorContent(fmt.Errorf("path is required")), nil
} }
// Security: validate path // Security: validate path to prevent traversal attacks
if strings.Contains(path, "..") { // Clean the path and check for dangerous patterns
cleanPath := filepath.Clean(path)
if filepath.IsAbs(cleanPath) {
return ErrorContent(fmt.Errorf("invalid path: absolute paths not allowed")), nil
}
if strings.HasPrefix(cleanPath, "..") {
return ErrorContent(fmt.Errorf("invalid path: directory traversal not allowed")), nil return ErrorContent(fmt.Errorf("invalid path: directory traversal not allowed")), nil
} }
// Use the cleaned path for lookup
path = cleanPath
revision, _ := args["revision"].(string) revision, _ := args["revision"].(string)
rev, err := s.resolveRevision(ctx, revision) rev, err := s.resolveRevision(ctx, revision)

96
internal/mcp/server_test.go
View File

@@ -9,6 +9,7 @@ import (
"testing" "testing"
"git.t-juice.club/torjus/labmcp/internal/database" "git.t-juice.club/torjus/labmcp/internal/database"
"git.t-juice.club/torjus/labmcp/internal/nixos"
) )
func TestServerInitialize(t *testing.T) { func TestServerInitialize(t *testing.T) {
@@ -144,6 +145,91 @@ func TestServerNotification(t *testing.T) {
} }
} }
func TestGetFilePathValidation(t *testing.T) {
store := setupTestStore(t)
server := setupTestServer(t, store)
// Create a test revision and file
ctx := context.Background()
rev := &database.Revision{
GitHash: "abc123",
OptionCount: 0,
}
if err := store.CreateRevision(ctx, rev); err != nil {
t.Fatalf("Failed to create revision: %v", err)
}
file := &database.File{
RevisionID: rev.ID,
FilePath: "nixos/modules/test.nix",
Extension: ".nix",
Content: "{ }",
}
if err := store.CreateFile(ctx, file); err != nil {
t.Fatalf("Failed to create file: %v", err)
}
tests := []struct {
name string
path string
wantError bool
errorMsg string
}{
// Valid paths
{"valid relative path", "nixos/modules/test.nix", false, ""},
{"valid simple path", "test.nix", false, ""},
// Path traversal attempts
{"dotdot traversal", "../etc/passwd", true, "directory traversal"},
{"dotdot in middle", "nixos/../../../etc/passwd", true, "directory traversal"},
{"multiple dotdot", "../../etc/passwd", true, "directory traversal"},
// Absolute paths
{"absolute unix path", "/etc/passwd", true, "absolute paths"},
// Cleaned paths that become traversal
{"dot slash dotdot", "./../../etc/passwd", true, "directory traversal"},
// Paths that clean to valid (no error expected, but file won't exist)
{"dotdot at end cleans to valid", "nixos/modules/..", false, ""}, // Cleans to "nixos", which is safe
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
input := `{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_file","arguments":{"path":"` + tt.path + `","revision":"abc123"}}}`
resp := runRequest(t, server, input)
result, ok := resp.Result.(map[string]interface{})
if !ok {
t.Fatalf("Expected map result, got %T", resp.Result)
}
isError, _ := result["isError"].(bool)
if tt.wantError {
if !isError {
t.Errorf("Expected error for path %q, got success", tt.path)
} else {
content := result["content"].([]interface{})
text := content[0].(map[string]interface{})["text"].(string)
if tt.errorMsg != "" && !strings.Contains(text, tt.errorMsg) {
t.Errorf("Error message %q doesn't contain %q", text, tt.errorMsg)
}
}
} else {
// For valid paths that don't exist, we expect a "not found" error, not a security error
if isError {
content := result["content"].([]interface{})
text := content[0].(map[string]interface{})["text"].(string)
if strings.Contains(text, "traversal") || strings.Contains(text, "absolute") {
t.Errorf("Got security error for valid path %q: %s", tt.path, text)
}
}
}
})
}
}
// Helper functions // Helper functions
func setupTestStore(t *testing.T) database.Store { func setupTestStore(t *testing.T) database.Store {
@@ -165,6 +251,16 @@ func setupTestStore(t *testing.T) database.Store {
return store return store
} }
func setupTestServer(t *testing.T, store database.Store) *Server {
t.Helper()
server := NewServer(store, nil)
indexer := nixos.NewIndexer(store)
server.RegisterHandlers(indexer)
return server
}
func runRequest(t *testing.T, server *Server, input string) *Response { func runRequest(t *testing.T, server *Server, input string) *Response {
t.Helper() t.Helper()