labmcp

torjus/labmcp

Archived

Fork 0

Commit Graph

Author	SHA1	Message	Date
Torjus Håkestad	f0adc9efbe	security: improve path validation in get_file handler The previous check only looked for ".." substring, which missed: - Absolute paths (/etc/passwd) - URL-encoded traversal patterns - Paths that clean to traversal (./../../etc) Now uses filepath.Clean() and filepath.IsAbs() for robust validation: - Rejects absolute paths - Cleans paths before checking for traversal - Uses cleaned path for database lookup Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-03 19:12:25 +01:00
Torjus Håkestad	939abc8d8e	test: MCP server tests, benchmarks, and nix build fix - Add MCP server protocol tests (initialize, tools/list, errors) - Add database benchmarks (batch inserts, search, children) - Add sample options.json test fixture - Fix flake.nix vendor hash for nix build Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-03 17:54:42 +01:00

Author

SHA1

Message

Date

Torjus Håkestad

f0adc9efbe

security: improve path validation in get_file handler

The previous check only looked for ".." substring, which missed:
- Absolute paths (/etc/passwd)
- URL-encoded traversal patterns
- Paths that clean to traversal (./../../etc)

Now uses filepath.Clean() and filepath.IsAbs() for robust validation:
- Rejects absolute paths
- Cleans paths before checking for traversal
- Uses cleaned path for database lookup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-03 19:12:25 +01:00

Torjus Håkestad

939abc8d8e

test: MCP server tests, benchmarks, and nix build fix

- Add MCP server protocol tests (initialize, tools/list, errors)
- Add database benchmarks (batch inserts, search, children)
- Add sample options.json test fixture
- Fix flake.nix vendor hash for nix build

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-03 17:54:42 +01:00

2 Commits