workspace_security.py•1.46 kB
"""
Workspace security and path validation for IntelliDiff MCP Server
"""
import os
import sys
from pathlib import Path
# Workspace root - initialized by server
WORKSPACE_ROOT = None
def init_workspace_root(workspace_path: str = None) -> Path:
"""Initialize the workspace root from environment variable or passed path."""
global WORKSPACE_ROOT
# Try environment variable first, then passed parameter
root_path = os.getenv("WORKSPACE_ROOT") or workspace_path
if root_path is None:
raise ValueError("Workspace root must be provided via WORKSPACE_ROOT environment variable or function parameter")
WORKSPACE_ROOT = Path(root_path).resolve()
if not WORKSPACE_ROOT.exists():
raise ValueError(f"Workspace root does not exist: {WORKSPACE_ROOT}")
if not WORKSPACE_ROOT.is_dir():
raise ValueError(f"Workspace root is not a directory: {WORKSPACE_ROOT}")
return WORKSPACE_ROOT
def validate_path(path_str: str) -> Path:
"""Validate that a path is within the workspace root."""
if WORKSPACE_ROOT is None:
raise ValueError("Workspace root not initialized")
try:
path = Path(path_str).resolve()
# Check if the resolved path is within workspace root
path.relative_to(WORKSPACE_ROOT)
return path
except (ValueError, OSError):
raise ValueError(f"Path '{path_str}' is not within workspace root '{WORKSPACE_ROOT}'")