Skip to main content
Glama
dsgarage

ReviewMCP

by dsgarage
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Local

review.security.validate-mapfile

Validate mapfile path and content against security policies to ensure compliance and prevent unauthorized access in document processing workflows.

Instructions

Validate mapfile path and content against security policy

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
cwdYes
filepathYes

Implementation Reference

  • src/index.ts:380-391 (registration)
    Tool registration in the MCP tools list, defining name, description, and input schema (cwd and filepath).
    { name: "review.security.validate-mapfile", description: "Validate mapfile path and content against security policy", inputSchema: { type: "object", properties: { cwd: { type: "string" }, filepath: { type: "string" } }, required: ["cwd", "filepath"] } },
  • src/index.ts:643-715 (handler)
    Main handler function in the MCP request switch that orchestrates config loading, path validation, size check, file reading, and content sanitization.
    case "review.security.validate-mapfile": { const config = await loadSecurityConfig(args.cwd as string); const pathValidation = validateMapfilePath(args.filepath as string, config); if (!pathValidation.valid) { return { content: [ { type: "text", text: JSON.stringify({ valid: false, reason: pathValidation.reason, config: { source: config.source } }) } ] }; } const sizeValidation = await validateMapfileSize( args.filepath as string, args.cwd as string, config ); if (!sizeValidation.valid) { return { content: [ { type: "text", text: JSON.stringify({ valid: false, reason: sizeValidation.reason, size: sizeValidation.size, config: { source: config.source, maxFileSize: config.maxFileSize } }) } ] }; } const fullPath = path.join(args.cwd as string, args.filepath as string); try { const content = await fs.readFile(fullPath, "utf-8"); const sanitization = await sanitizeMapfile(content, args.filepath as string, config); return { content: [ { type: "text", text: JSON.stringify({ valid: sanitization.safe, size: sizeValidation.size, issues: sanitization.issues, config: { source: config.source } }) } ] }; } catch (error: any) { return { content: [ { type: "text", text: JSON.stringify({ valid: false, error: error.message }) } ] }; } }
  • src/config/security.ts:147-180 (helper)
    Validates mapfile filepath: checks absolute paths, traversal attempts, file extension, and if path is within allowed directories.
    export function validateMapfilePath( filepath: string, config: SecurityConfig ): { valid: boolean; reason?: string } { if (config.blockAbsolutePaths && path.isAbsolute(filepath)) { return { valid: false, reason: "Absolute paths are not allowed" }; } if (config.blockTraversal && (filepath.includes("../") || filepath.includes("..\\"))) { return { valid: false, reason: "Path traversal is not allowed" }; } const ext = path.extname(filepath).toLowerCase(); if (config.allowedExtensions.length > 0 && !config.allowedExtensions.includes(ext)) { return { valid: false, reason: `File extension '${ext}' is not allowed. Allowed: ${config.allowedExtensions.join(", ")}` }; } const normalizedPath = filepath.replace(/\\/g, "/"); const isInAllowedPath = config.allowedPaths.length === 0 || config.allowedPaths.some(allowed => normalizedPath.startsWith(allowed)); if (!isInAllowedPath) { return { valid: false, reason: `Path must be within allowed directories: ${config.allowedPaths.join(", ")}` }; } return { valid: true }; }
  • src/config/security.ts:182-208 (helper)
    Checks if the mapfile size is within the configured maximum limit by stat-ing the full path.
    export async function validateMapfileSize( filepath: string, cwd: string, config: SecurityConfig ): Promise<{ valid: boolean; reason?: string; size?: number }> { const fullPath = path.join(cwd, filepath); try { const stats = await fs.stat(fullPath); if (stats.size > config.maxFileSize) { return { valid: false, reason: `File size (${stats.size} bytes) exceeds maximum allowed size (${config.maxFileSize} bytes)`, size: stats.size }; } return { valid: true, size: stats.size }; } catch (error: any) { return { valid: false, reason: `Cannot access file: ${error.message}` }; } }
  • src/config/security.ts:210-239 (helper)
    Scans mapfile content for suspicious patterns (eval, require, etc.) indicating potential code injection risks.
    export async function sanitizeMapfile( content: string, filepath: string, config: SecurityConfig ): Promise<{ safe: boolean; sanitized?: string; issues: string[] }> { const issues: string[] = []; const suspiciousPatterns = [ /eval\s*\(/gi, /require\s*\(/gi, /import\s+/gi, /__import__/gi, /exec\s*\(/gi, /system\s*\(/gi, /`[^`]*`/g ]; for (const pattern of suspiciousPatterns) { if (pattern.test(content)) { issues.push(`Suspicious pattern detected: ${pattern.source}`); } } if (issues.length > 0) { return { safe: false, issues }; } return { safe: true, sanitized: content, issues: [] }; }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dsgarage/ReviewMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server