safe-commander-mcp
Version:
A secure MCP server for executing whitelisted development commands with comprehensive security controls and resource limits
81 lines (80 loc) • 5.07 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
const command_validator_1 = require("../../src/commands/command-validator");
describe('Command Validator', () => {
describe('getBaseCommand', () => {
test('should extract command name from simple commands', () => {
expect((0, command_validator_1.getBaseCommand)('npm')).toBe('npm');
expect((0, command_validator_1.getBaseCommand)('git')).toBe('git');
expect((0, command_validator_1.getBaseCommand)('ls')).toBe('ls');
});
test('should extract command name from commands with arguments', () => {
expect((0, command_validator_1.getBaseCommand)('npm install')).toBe('npm');
expect((0, command_validator_1.getBaseCommand)('git status')).toBe('git');
expect((0, command_validator_1.getBaseCommand)('ls -la')).toBe('ls');
});
test('should handle commands with flags', () => {
expect((0, command_validator_1.getBaseCommand)('npm install --save-dev')).toBe('npm');
expect((0, command_validator_1.getBaseCommand)('git commit -m "message"')).toBe('git');
});
test('should handle empty and whitespace commands', () => {
expect((0, command_validator_1.getBaseCommand)('')).toBe('');
expect((0, command_validator_1.getBaseCommand)(' ')).toBe('');
expect((0, command_validator_1.getBaseCommand)('\t\n')).toBe('');
});
});
describe('isCommandValid', () => {
test('should return valid: true for allowed commands', () => {
expect((0, command_validator_1.isCommandValid)('npm')).toEqual({ valid: true });
expect((0, command_validator_1.isCommandValid)('git')).toEqual({ valid: true });
expect((0, command_validator_1.isCommandValid)('ls')).toEqual({ valid: true });
expect((0, command_validator_1.isCommandValid)('cat')).toEqual({ valid: true });
expect((0, command_validator_1.isCommandValid)('pwd')).toEqual({ valid: true });
expect((0, command_validator_1.isCommandValid)('node')).toEqual({ valid: true });
});
test('should return valid: false for disallowed commands', () => {
const result1 = (0, command_validator_1.isCommandValid)('rm');
const result2 = (0, command_validator_1.isCommandValid)('sudo');
const result3 = (0, command_validator_1.isCommandValid)('chmod');
expect(result1.valid).toBe(false);
expect(result1.error).toBeDefined();
expect(result2.valid).toBe(false);
expect(result2.error).toBeDefined();
expect(result3.valid).toBe(false);
expect(result3.error).toBeDefined();
});
test('should handle complex commands', () => {
expect((0, command_validator_1.isCommandValid)('npm install --save-dev')).toEqual({ valid: true });
expect((0, command_validator_1.isCommandValid)('git status')).toEqual({ valid: true });
});
});
describe('validateCommand', () => {
test('should allow valid commands with allowed base commands', () => {
expect(() => (0, command_validator_1.validateCommand)('npm install')).not.toThrow();
expect(() => (0, command_validator_1.validateCommand)('git status')).not.toThrow();
expect(() => (0, command_validator_1.validateCommand)('ls -la')).not.toThrow();
});
test('should reject commands with disallowed base commands', () => {
expect(() => (0, command_validator_1.validateCommand)('rm -rf /')).toThrow();
expect(() => (0, command_validator_1.validateCommand)('sudo rm')).toThrow();
expect(() => (0, command_validator_1.validateCommand)('chmod +x file')).toThrow();
});
test('should reject empty commands', () => {
expect(() => (0, command_validator_1.validateCommand)('')).toThrow();
expect(() => (0, command_validator_1.validateCommand)(' ')).toThrow();
});
test('should handle commands with complex arguments', () => {
expect(() => (0, command_validator_1.validateCommand)('npm install --save-dev @types/jest')).not.toThrow();
expect(() => (0, command_validator_1.validateCommand)('git commit -m "Add tests"')).not.toThrow();
});
test('should provide secure error messages', () => {
expect(() => (0, command_validator_1.validateCommand)('dangerous_cmd')).toThrow(/not permitted/);
expect(() => (0, command_validator_1.validateCommand)('')).toThrow(/non-empty string/);
});
test('should handle path validation for path-sensitive commands', () => {
expect(() => (0, command_validator_1.validateCommand)('cat file.txt')).not.toThrow();
expect(() => (0, command_validator_1.validateCommand)('ls .')).not.toThrow();
expect(() => (0, command_validator_1.validateCommand)('cat ../../../etc/passwd')).toThrow();
});
});
});