UNPKG

safe-commander-mcp

Version:

A secure MCP server for executing whitelisted development commands with comprehensive security controls and resource limits

24 lines (23 loc) 900 B
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.sanitizeCommand = sanitizeCommand; /** * Security: Command injection prevention * * @param command - The command string to sanitize * @returns The sanitized command string * @throws Error if command contains dangerous characters */ function sanitizeCommand(command) { if (!command || typeof command !== 'string') { throw new Error('Command must be a non-empty string'); } // Remove dangerous characters that could lead to command injection const dangerousChars = /[;&|`$(){}[\]<>]/g; const sanitized = command.replace(dangerousChars, ''); // Check if command was modified (potential injection attempt) if (sanitized !== command) { throw new Error('Command contains potentially dangerous characters: ; & | ` $ ( ) { } [ ] < >'); } return sanitized.trim(); }