context-bridge-mcp/test/integration/security.test.ts at master · Bantarus/context-bridge-mcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { describe, it, expect, beforeAll, afterAll, beforeEach } from "vitest";
import {
  startBridge,
  type BridgeHandle,
} from "../helpers/bridge-server.js";

describe("security — path traversal across tools", () => {
  let bridge: BridgeHandle;

  beforeAll(async () => {
    bridge = await startBridge();
  });

  afterAll(async () => {
    await bridge.close();
  });

  beforeEach(() => {
    bridge.resetState();
  });

  it("bridge_get rejects a domain that escapes the context root", async () => {
    await expect(
      bridge.client.callTool({
        name: "bridge_get",
        arguments: { domain: "../../etc", component: "passwd" },
      })
    ).rejects.toThrow(/escapes allowed roots|path/i);
  });

  it("bridge_update rejects a component that escapes the domain", async () => {
    await expect(
      bridge.client.callTool({
        name: "bridge_update",
        arguments: {
          domain: "api",
          component: "../../../../../etc/evil",
          content: "x",
        },
      })
    ).rejects.toThrow(/escapes allowed roots|path/i);
  });

  it("bridge_get_contract rejects a domain with traversal segments", async () => {
    await expect(
      bridge.client.callTool({
        name: "bridge_get_contract",
        arguments: { domain: "../../etc/passwd" },
      })
    ).rejects.toThrow(/escapes allowed roots|path/i);
  });

  it("bridge_get_from rejects a domain/component that escapes the target repo", async () => {
    await expect(
      bridge.client.callTool({
        name: "bridge_get_from",
        arguments: {
          repo: bridge.cwd,
          domain: "../../..",
          component: "etc/passwd",
        },
      })
    ).rejects.toThrow(/escapes allowed roots|path/i);
  });
});