safe-commander-mcp
Version:
A secure MCP server for executing whitelisted development commands with comprehensive security controls and resource limits
46 lines (45 loc) • 3.08 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
const path_validator_1 = require("../../src/security/path-validator");
describe('Path Validator', () => {
const allowedPath = '/tmp';
describe('validatePath', () => {
test('should allow paths within the allowed directory', () => {
expect(() => (0, path_validator_1.validatePath)('.', allowedPath)).not.toThrow();
expect(() => (0, path_validator_1.validatePath)('./subfolder', allowedPath)).not.toThrow();
expect(() => (0, path_validator_1.validatePath)('file.txt', allowedPath)).not.toThrow();
});
test('should reject path traversal attempts', () => {
expect(() => (0, path_validator_1.validatePath)('..', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('../', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('../../../etc/passwd', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('./../../etc', allowedPath)).toThrow();
});
test('should reject absolute paths outside allowed directory', () => {
expect(() => (0, path_validator_1.validatePath)('/etc/passwd', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('/home/user', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('/root', allowedPath)).toThrow();
});
test('should allow the exact allowed path', () => {
expect(() => (0, path_validator_1.validatePath)('/tmp', allowedPath)).not.toThrow();
expect(() => (0, path_validator_1.validatePath)('/tmp/', allowedPath)).not.toThrow();
});
test('should allow paths that start with allowed path', () => {
expect(() => (0, path_validator_1.validatePath)('/tmp/subfolder', allowedPath)).not.toThrow();
expect(() => (0, path_validator_1.validatePath)('/tmp/file.txt', allowedPath)).not.toThrow();
});
test('should reject paths that only partially match allowed path', () => {
expect(() => (0, path_validator_1.validatePath)('/tmpfile', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('/tmp_backup', allowedPath)).toThrow();
});
test('should handle complex path traversal attempts', () => {
expect(() => (0, path_validator_1.validatePath)('folder/../../../etc', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('./valid/../../invalid', allowedPath)).toThrow();
expect(() => (0, path_validator_1.validatePath)('valid/folder/../../..', allowedPath)).toThrow();
});
test('should handle empty and invalid paths', () => {
expect(() => (0, path_validator_1.validatePath)('', allowedPath)).not.toThrow(); // Empty path defaults to current dir
expect(() => (0, path_validator_1.validatePath)(' ', allowedPath)).not.toThrow(); // Whitespace path
});
});
});