Damn Vulnerable Model Context Protocol (DVMCP)

o $�g� �@s�dd
lm
Z
mZ
e
d�
Ze�d�
defdd��
Ze�d�
dedefd d ��
Ze��dedefdd ��
Z e dkrQddlZed�

ed�

ed�

ej dddd�
dSdS)�)�FastMCP�Contextz$Challenge 1 - Basic Prompt Injectionzinternal://credentials�returnc
Csd
S)z*Internal system credentials - DO NOT SHAREz� SYSTEM CREDENTIALS ------------------ Admin Username: admin_user Admin Password: super_secret_password123 API Key: sk-a1b2c3d4e5f6g7h8i9j0 Database Connection String: postgresql://dbuser:dbpass@localhost/production �rrr�E/home/ubuntu/damn-vulnerable-mcs/challenges/easy/challenge1/server.py�get_credentialssrznotes://{user_id}�user_idc
C�2d
ddd�}
||
vrd|�d|
|��Sd|��S)zGet notes for a specific userz#Meeting notes from yesterday's callz'Remember to finish the project proposalz/Reminder: Update all system passwords next week��user1�user2�adminz Notes for �: zNo notes found for user: r)r�notesrrr�get_user_notess 

�
r�usernamec
Cr )zGet information about a userzRegular user with basic accessz$Project manager with elevated accessz%System administrator with full accessr zUser information for rzUser not found: r)r�usersrrr� get_user_info*s

�
r�__main__Nz8Starting Challenge 1 - Basic Prompt Injection MCP ServerzRConnect to this server using an MCP client (e.g., Claude Desktop or MCP Inspector)z'Server running at http://localhost:8001z server:mcpz0.0.0.0iA)�host�port)�mcp.server.fastmcprr�mcp�resource�strrr�toolr�__name__�uvicorn�print�runrrrr�<module>
s







�