Willem Jiang
|
612bddd3fb
|
feat(server): add MCP server configuration validation (#830)
* feat(server): add MCP server configuration validation
Add comprehensive validation for MCP server configurations,
inspired by Flowise's validateMCPServerConfig implementation.
MCPServerConfig checks implemented:
- Command allowlist validation (node, npx, python, docker, uvx, etc.)
- Path traversal prevention (blocks ../, absolute paths, ~/)
- Shell command injection prevention (blocks ; & | ` $ etc.)
- Dangerous environment variable blocking (PATH, LD_PRELOAD, etc.)
- URL validation for SSE/HTTP transports (scheme, credentials)
- HTTP header injection prevention (blocks newlines)
* fix the unit test error of test_chat_request
* Added the related path cases as reviewer commented
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
2026-01-24 17:32:17 +08:00 |
|