ollama

Commit Graph

Author	SHA1	Message	Date
code4me2	fc05536d52	server: add MCP security layer for command validation Add security infrastructure to validate and restrict MCP server commands before execution. MCPValidator (server/mcp_validator.go): - Command allowlist/blocklist validation - Argument sanitization (blocks shell metacharacters) - Environment variable name validation - Per-server security policy enforcement MCPSecurityConfig (server/mcp_security_config.go): - Configurable security rules per server - Default blocklist: bash, sh, sudo, rm, curl, wget, eval - Blocked metacharacters: ; \| & $( ` > < = etc. - SECURITY REVIEW markers for critical sections MCPCommandResolver (server/mcp_command_resolver.go): - Resolves command paths across different environments - npx/npm detection and path resolution MCPCodeAPI (server/mcp_code_api.go): - Programmatic API for MCP server management Relates to #7865	2025-12-28 15:06:47 -08:00

Author

SHA1

Message

Date

code4me2

fc05536d52

server: add MCP security layer for command validation

Add security infrastructure to validate and restrict MCP server commands
before execution.

MCPValidator (server/mcp_validator.go):
- Command allowlist/blocklist validation
- Argument sanitization (blocks shell metacharacters)
- Environment variable name validation
- Per-server security policy enforcement

MCPSecurityConfig (server/mcp_security_config.go):
- Configurable security rules per server
- Default blocklist: bash, sh, sudo, rm, curl, wget, eval
- Blocked metacharacters: ; | & $( ` > < = etc.
- SECURITY REVIEW markers for critical sections

MCPCommandResolver (server/mcp_command_resolver.go):
- Resolves command paths across different environments
- npx/npm detection and path resolution

MCPCodeAPI (server/mcp_code_api.go):
- Programmatic API for MCP server management

Relates to #7865

2025-12-28 15:06:47 -08:00

1 Commits