Code Executor MCP Server

pyodide-security.test.ts•8.14 kB

/** * Pyodide Executor Security Tests * * Comprehensive test suite to verify Pyodide WebAssembly sandbox isolation. * Tests validate that Python code execution is properly sandboxed. * * Issue #59: Pyodide WebAssembly sandbox implementation */ import { describe, it, expect, beforeAll, afterAll, vi } from 'vitest'; import { executePythonInSandbox } from '../src/executors/pyodide-executor.js'; import { MCPClientPool } from '../src/mcp-client-pool.js'; describe('Pyodide Executor Security', () => { let mcpClientPool: MCPClientPool; beforeAll(async () => { // Create a minimal MCP client pool for security tests // Tests don't require actual MCP servers mcpClientPool = new MCPClientPool(); }); describe('Basic Execution', () => { it('should execute simple Python code', async () => { const result = await executePythonInSandbox( { code: 'print("Hello from Pyodide"); 2 + 2', allowedTools: [], timeoutMs: 10000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('Hello from Pyodide'); expect(result.output).toContain('4'); }, 60000); // 60s timeout for Pyodide initialization it('should capture print() output', async () => { const result = await executePythonInSandbox( { code: ` for i in range(3): print(f"Line {i}") `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('Line 0'); expect(result.output).toContain('Line 1'); expect(result.output).toContain('Line 2'); }, 15000); it('should handle Python errors gracefully', async () => { const result = await executePythonInSandbox( { code: '1 / 0', // Division by zero allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(false); expect(result.error).toContain('ZeroDivisionError'); }, 15000); }); describe('Timeout Enforcement', () => { it('should enforce timeout on infinite loops', async () => { const result = await executePythonInSandbox( { code: ` # Use top-level await (Pyodide already runs in async context) import asyncio await asyncio.sleep(10) # Sleep longer than timeout `, allowedTools: [], timeoutMs: 1000, // 1 second timeout }, mcpClientPool ); expect(result.success).toBe(false); expect(result.error).toContain('timeout'); expect(result.executionTimeMs).toBeLessThan(2000); // Should fail quickly }, 15000); }); describe('Filesystem Isolation', () => { it('should block access to host filesystem (/etc/passwd)', async () => { const result = await executePythonInSandbox( { code: ` import os # Pyodide has virtual FS, / should be empty or not contain /etc try: with open('/etc/passwd', 'r') as f: content = f.read() print(f'SECURITY BREACH: Read /etc/passwd with {len(content)} bytes') except FileNotFoundError: print('SUCCESS: /etc/passwd not accessible (expected in Pyodide)') except Exception as e: print(f'SUCCESS: Access blocked - {type(e).__name__}') `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('SUCCESS'); expect(result.output).not.toContain('SECURITY BREACH'); }, 15000); it('should block access to user home directory', async () => { const result = await executePythonInSandbox( { code: ` import os # Try to access home directory try: home_path = os.path.expanduser('~') files = os.listdir(home_path) if files: print(f'SECURITY BREACH: Listed {len(files)} files in home') else: print('SUCCESS: Home directory empty (virtual FS)') except FileNotFoundError: print('SUCCESS: Home directory not accessible') except Exception as e: print(f'SUCCESS: Access blocked - {type(e).__name__}') `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('SUCCESS'); expect(result.output).not.toContain('SECURITY BREACH'); }, 15000); it('should provide virtual filesystem for temporary files', async () => { const result = await executePythonInSandbox( { code: ` # Write to virtual FS (should work) with open('/tmp/test.txt', 'w') as f: f.write('Virtual FS test') # Read back with open('/tmp/test.txt', 'r') as f: content = f.read() print(f'Virtual FS works: {content}') `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('Virtual FS works: Virtual FS test'); }, 15000); }); describe('Network Isolation', () => { it('should block external network access', async () => { const result = await executePythonInSandbox( { code: ` from pyodide.http import pyfetch # Try to access external website try: response = await pyfetch('https://www.google.com') print(f'SECURITY BREACH: External access succeeded - {response.status}') except Exception as e: # Network access should fail or be restricted print(f'SUCCESS: External access blocked - {type(e).__name__}') `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); // Note: Pyodide may allow network access via fetch API // This test documents behavior rather than enforcing restriction // Real network isolation requires CSP headers in browser or Node fetch restrictions expect(result.success).toBe(true); // We accept either outcome but document it }, 15000); it('should allow localhost MCP proxy access', async () => { // This test would require actual MCP proxy server // Skipped in unit tests, covered by integration tests expect(true).toBe(true); }); }); describe('Async/Await Support', () => { it('should support async/await patterns', async () => { const result = await executePythonInSandbox( { code: ` # Use top-level await (Pyodide already runs in async context) import asyncio async def slow_function(): await asyncio.sleep(0.1) return 'Done' result = await slow_function() print(result) `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('Done'); }, 15000); }); describe('Memory Safety', () => { it('should handle large data structures without crashing', async () => { const result = await executePythonInSandbox( { code: ` # Allocate reasonable amount of memory data = [i for i in range(10000)] print(f'Created list with {len(data)} elements') `, allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.success).toBe(true); expect(result.output).toContain('Created list with 10000 elements'); }, 15000); // Memory bomb test would require actual memory limits // Pyodide inherits Node.js V8 heap limits }); describe('Execution Result Metadata', () => { it('should return execution time', async () => { const result = await executePythonInSandbox( { code: 'print("test")', allowedTools: [], timeoutMs: 5000, }, mcpClientPool ); expect(result.executionTimeMs).toBeGreaterThan(0); expect(result.executionTimeMs).toBeLessThan(5000); }, 15000); it('should track tool calls when MCP tools are used', async () => { // This test requires actual MCP proxy // Covered by integration tests expect(true).toBe(true); }); }); });

Loading blob content...

Latest Blog Posts

What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/aberemia24/code-executor-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

pyodide-security.test.ts•8.14 kB