UNPKG

safe-commander-mcp

Version:

A secure MCP server for executing whitelisted development commands with comprehensive security controls and resource limits

46 lines (45 loc) 3.08 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const path_validator_1 = require("../../src/security/path-validator"); describe('Path Validator', () => { const allowedPath = '/tmp'; describe('validatePath', () => { test('should allow paths within the allowed directory', () => { expect(() => (0, path_validator_1.validatePath)('.', allowedPath)).not.toThrow(); expect(() => (0, path_validator_1.validatePath)('./subfolder', allowedPath)).not.toThrow(); expect(() => (0, path_validator_1.validatePath)('file.txt', allowedPath)).not.toThrow(); }); test('should reject path traversal attempts', () => { expect(() => (0, path_validator_1.validatePath)('..', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('../', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('../../../etc/passwd', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('./../../etc', allowedPath)).toThrow(); }); test('should reject absolute paths outside allowed directory', () => { expect(() => (0, path_validator_1.validatePath)('/etc/passwd', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('/home/user', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('/root', allowedPath)).toThrow(); }); test('should allow the exact allowed path', () => { expect(() => (0, path_validator_1.validatePath)('/tmp', allowedPath)).not.toThrow(); expect(() => (0, path_validator_1.validatePath)('/tmp/', allowedPath)).not.toThrow(); }); test('should allow paths that start with allowed path', () => { expect(() => (0, path_validator_1.validatePath)('/tmp/subfolder', allowedPath)).not.toThrow(); expect(() => (0, path_validator_1.validatePath)('/tmp/file.txt', allowedPath)).not.toThrow(); }); test('should reject paths that only partially match allowed path', () => { expect(() => (0, path_validator_1.validatePath)('/tmpfile', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('/tmp_backup', allowedPath)).toThrow(); }); test('should handle complex path traversal attempts', () => { expect(() => (0, path_validator_1.validatePath)('folder/../../../etc', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('./valid/../../invalid', allowedPath)).toThrow(); expect(() => (0, path_validator_1.validatePath)('valid/folder/../../..', allowedPath)).toThrow(); }); test('should handle empty and invalid paths', () => { expect(() => (0, path_validator_1.validatePath)('', allowedPath)).not.toThrow(); // Empty path defaults to current dir expect(() => (0, path_validator_1.validatePath)(' ', allowedPath)).not.toThrow(); // Whitespace path }); }); });