davidruzicka · davidruzicka · May 17, 2026
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
@@ -126,3 +126,14 @@ Error messages should never include raw values from sensitive sources like envir
 **Prevention:**
 1.  Avoid including raw values in error messages when the source is potentially sensitive (env vars, auth headers).
 2.  Use generic error messages for validation failures of sensitive data.
+## 2026-05-17 - [HIGH] Path Traversal By Missing Dot Encoding
+
+**Vulnerability:**
+The `CompositeExecutor` and `MCPServer` were using `encodeURIComponent` to encode path segments, but `encodeURIComponent` does not encode dot (`.`) characters. This left the system vulnerable to path traversal attacks if an attacker injected `..` into a path segment.
+
+**Learning:**
+`encodeURIComponent` is insufficient for preventing path traversal in path segments if the underlying HTTP client or server parses the injected dots before forwarding or resolving the path. In URL specifications, unencoded dots can still traverse directory structures.
+
+**Prevention:**
+1. Always replace `.` with `%2E` after calling `encodeURIComponent` when substituting user input into path segments.
+2. Ensure test cases explicitly check for the encoded dot characters (`%2E%2E`) rather than just checking that the payload passed through.
diff --git a/src/mcp/mcp-server.ts b/src/mcp/mcp-server.ts
@@ -1205,7 +1205,7 @@ export class MCPServer {
    */
   private encodePathSegment(value: unknown): string {
     const val = String(value);
-    return val.includes('/') ? encodeURIComponent(val) : val;
+    return val.includes('/') ? encodeURIComponent(val).replace(/\./g, '%2E') : val.replace(/\./g, '%2E');
   }
 
   /**

diff --git a/src/tooling/composite-executor-security.test.ts b/src/tooling/composite-executor-security.test.ts
@@ -67,7 +67,7 @@ describe('CompositeExecutor Security', () => {
     // Fixed behavior: path contains encoded "%2E%2E"
     // Note: encodeURIComponent('../admin/secrets') => ..%2Fadmin%2Fsecrets
     // The slashes inside the injected value are encoded, preventing directory traversal
-    const expectedFixedPath = '/users/..%2Fadmin%2Fsecrets/profile';
+    const expectedFixedPath = '/users/%2E%2E%2Fadmin%2Fsecrets/profile';
 
     expect(capturedPaths[0]).toBe(expectedFixedPath);
   });

diff --git a/src/tooling/composite-executor.ts b/src/tooling/composite-executor.ts
@@ -171,14 +171,14 @@ export class CompositeExecutor {
     return template.replace(/\{(\w+)\}/g, (_, key) => {
       // Try direct match first
       if (args[key] !== undefined) {
-        return encodeURIComponent(String(args[key]));
+        return encodeURIComponent(String(args[key])).replace(/\./g, '%2E');
       }
 
       // Try aliases from profile
       const possibleAliases = this.parameterAliases[key] || [];
       for (const alias of possibleAliases) {
         if (args[alias] !== undefined) {
-          return encodeURIComponent(String(args[alias]));
+          return encodeURIComponent(String(args[alias])).replace(/\./g, '%2E');
         }
       }