Iris MCP

validation.test.ts•5.16 kB

/** * Integration tests for Session Validation * Tests core validation functions for UUIDs, team names, and paths * * NEW ARCHITECTURE CHANGES: * - All sessions require fromTeam (no null/external allowed) * - Team name validation is stricter * - Path validation remains unchanged */ import { describe, it, expect } from "vitest"; import { validateUUID, validateSessionId, validateTeamName, validateSecureProjectPath, generateSecureUUID, } from "../../../src/session/validation.js"; import { mkdirSync, rmSync } from "fs"; describe("Session Validation Integration", () => { describe("UUID validation", () => { it("should validate correct UUID v4", () => { const validUUID = "550e8400-e29b-41d4-a716-446655440000"; expect(validateUUID(validUUID)).toBe(true); }); it("should reject invalid UUID format", () => { expect(validateUUID("not-a-uuid")).toBe(false); expect(validateUUID("")).toBe(false); }); it("should generate valid UUID", () => { const uuid = generateSecureUUID(); expect(validateUUID(uuid)).toBe(true); }); it("should generate unique UUIDs", () => { const uuid1 = generateSecureUUID(); const uuid2 = generateSecureUUID(); expect(uuid1).not.toBe(uuid2); }); }); describe("Session ID validation", () => { it("should accept valid session ID", () => { const validId = generateSecureUUID(); expect(() => validateSessionId(validId)).not.toThrow(); }); it("should reject empty session ID", () => { expect(() => validateSessionId("")).toThrow("Session ID cannot be empty"); }); it("should reject invalid UUID format", () => { expect(() => validateSessionId("invalid-id")).toThrow( "Invalid session ID format", ); }); it("should reject null or undefined session ID", () => { expect(() => validateSessionId(null as any)).toThrow(); expect(() => validateSessionId(undefined as any)).toThrow(); }); }); describe("Team name validation", () => { it("should accept valid team names", () => { expect(() => validateTeamName("frontend")).not.toThrow(); expect(() => validateTeamName("team-alpha")).not.toThrow(); expect(() => validateTeamName("team_beta")).not.toThrow(); expect(() => validateTeamName("team@example")).not.toThrow(); expect(() => validateTeamName("team-iris")).not.toThrow(); }); it("should reject empty team name", () => { expect(() => validateTeamName("")).toThrow("Team name cannot be empty"); }); it("should reject dangerous characters", () => { expect(() => validateTeamName("team/../etc")).toThrow( "dangerous character", ); expect(() => validateTeamName("team;rm -rf")).toThrow( "dangerous character", ); expect(() => validateTeamName("team\x00null")).toThrow( "dangerous character", ); }); it("should reject path traversal attempts", () => { expect(() => validateTeamName("../../../etc")).toThrow( "dangerous character", ); expect(() => validateTeamName("team/../../passwd")).toThrow( "dangerous character", ); }); it("should reject shell injection attempts", () => { expect(() => validateTeamName("team; cat /etc/passwd")).toThrow( "dangerous character", ); expect(() => validateTeamName("team && echo bad")).toThrow( "dangerous character", ); expect(() => validateTeamName("team | nc evil.com")).toThrow( "dangerous character", ); }); it("should reject null or undefined team name", () => { expect(() => validateTeamName(null as any)).toThrow(); expect(() => validateTeamName(undefined as any)).toThrow(); }); }); describe("Project path validation", () => { const testDir = "/tmp/iris-test-project"; it("should accept valid project path", () => { // Create test directory mkdirSync(testDir, { recursive: true }); expect(() => validateSecureProjectPath(testDir)).not.toThrow(); // Cleanup rmSync(testDir, { recursive: true }); }); it("should reject non-existent path", () => { expect(() => validateSecureProjectPath("/tmp/does-not-exist-12345"), ).toThrow("does not exist"); }); it("should reject relative paths", () => { // Relative paths will fail the existence check first expect(() => validateSecureProjectPath("relative/path")).toThrow( "does not exist", ); }); it("should handle path traversal that resolves to valid path", () => { // Path traversal that resolves to an existing directory is allowed // The function resolves symlinks and checks the final path // /tmp/../etc resolves to /etc which exists on most systems expect(() => validateSecureProjectPath("/tmp/../etc")).not.toThrow(); }); it("should reject null or undefined project path", () => { expect(() => validateSecureProjectPath(null as any)).toThrow(); expect(() => validateSecureProjectPath(undefined as any)).toThrow(); }); }); });

Loading blob content...

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jenova-marie/iris-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

validation.test.ts•5.16 kB