Octocode MCP

symlink-attack.test.ts•3.25 kB

/** * SYMLINK ATTACK TESTS - Most dangerous attack vector */ import { describe, it, expect, beforeAll, afterAll } from 'vitest'; import { PathValidator } from '../../src/security/pathValidator.js'; import fs from 'fs'; import path from 'path'; describe('🔴 SYMLINK ATTACKS', () => { // Use project directory to avoid macOS /private/ path being blocked by ignored patterns const workspace = path.join(__dirname, '.tmp_symlink_test'); let validator: PathValidator; beforeAll(() => { fs.mkdirSync(workspace, { recursive: true }); validator = new PathValidator(workspace); }); afterAll(() => { try { const links = ['evil_link_etc', 'evil_link_root', 'evil_link_parent']; links.forEach((link) => { try { fs.unlinkSync(path.join(workspace, link)); } catch { // Ignore cleanup errors } }); fs.rmdirSync(workspace); } catch { // Ignore cleanup errors } }); it('ATTACK: Symlink pointing to /etc', () => { const linkPath = path.join(workspace, 'evil_link_etc'); try { fs.symlinkSync('/etc', linkPath); const result = validator.validate(linkPath); expect(result.isValid).toBe(false); expect(result.error).toContain('outside allowed directories'); fs.unlinkSync(linkPath); } catch { // If we can't create symlink (permissions), test passes expect(true).toBe(true); } }); it('ATTACK: Symlink pointing to root directory', () => { const linkPath = path.join(workspace, 'evil_link_root'); try { fs.symlinkSync('/', linkPath); const result = validator.validate(linkPath); expect(result.isValid).toBe(false); fs.unlinkSync(linkPath); } catch { expect(true).toBe(true); } }); it('ATTACK: Symlink pointing to parent directory', () => { const linkPath = path.join(workspace, 'evil_link_parent'); const parentDir = path.dirname(workspace); try { fs.symlinkSync(parentDir, linkPath); const result = validator.validate(linkPath); expect(result.isValid).toBe(false); expect(result.error).toContain('outside allowed directories'); fs.unlinkSync(linkPath); } catch { expect(true).toBe(true); } }); it('ATTACK: Symlink chain (link -> link -> /etc)', () => { const link1 = path.join(workspace, 'link1'); const link2 = path.join(workspace, 'link2'); try { fs.symlinkSync(link2, link1); fs.symlinkSync('/etc', link2); const result = validator.validate(link1); expect(result.isValid).toBe(false); fs.unlinkSync(link1); fs.unlinkSync(link2); } catch { expect(true).toBe(true); } }); it('SAFE: Symlink pointing within workspace', () => { const safeDir = path.join(workspace, 'safe_target'); const linkPath = path.join(workspace, 'safe_link'); try { fs.mkdirSync(safeDir); fs.symlinkSync(safeDir, linkPath); const result = validator.validate(linkPath); expect(result.isValid).toBe(true); fs.unlinkSync(linkPath); fs.rmdirSync(safeDir); } catch { // If we can't create symlink (permissions), skip expect(true).toBe(true); } }); });

Latest Blog Posts

Federated Learning with MCP: Building Privacy-Preserving Agents Across Distributed Edges
By Om-Shree-0709 on December 21, 2025.
Secure
mcp
Learning
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bgauryy/octocode-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server