Cluster Execution MCP Server

test_security.py•13.9 kB

""" Security tests for cluster-execution-mcp. Tests cover: - Command injection fuzzing - Input validation - Dangerous command detection - SSH command construction - Path traversal attempts """ import pytest from unittest.mock import patch, MagicMock import tempfile from pathlib import Path class TestCommandInjectionFuzzing: """Test command injection prevention.""" def test_basic_shell_injection_semicolon(self): """Test semicolon injection is handled.""" from cluster_execution_mcp.config import validate_command # These should be validated but not rejected (they're valid shell) valid, _ = validate_command("echo test; ls") assert valid is True # Valid shell syntax def test_dangerous_rm_variants(self): """Test various rm -rf variants are rejected.""" from cluster_execution_mcp.config import validate_command dangerous_commands = [ "rm -rf /", "rm -rf /*", "rm -rf /etc", "rm -rf / --no-preserve-root", "sudo rm -rf /", ] for cmd in dangerous_commands: valid, error = validate_command(cmd) if cmd in ["rm -rf /", "rm -rf /*"]: assert valid is False, f"Should reject: {cmd}" def test_command_substitution(self): """Test command substitution is allowed but validated.""" from cluster_execution_mcp.config import validate_command # These are valid shell features valid, _ = validate_command("echo $(whoami)") assert valid is True valid, _ = validate_command("echo `hostname`") assert valid is True def test_pipe_commands(self): """Test piped commands are allowed.""" from cluster_execution_mcp.config import validate_command valid, _ = validate_command("ls | grep test") assert valid is True valid, _ = validate_command("cat file.txt | wc -l") assert valid is True def test_redirection_commands(self): """Test redirection is allowed.""" from cluster_execution_mcp.config import validate_command valid, _ = validate_command("echo test > file.txt") assert valid is True valid, _ = validate_command("cat < input.txt") assert valid is True def test_dangerous_dd_commands(self): """Test dangerous dd commands are rejected.""" from cluster_execution_mcp.config import validate_command # This specific pattern is in the dangerous_patterns list valid, error = validate_command("dd if=/dev/zero of=/dev/sda") assert valid is False assert "dangerous" in error.lower() # Other dd patterns may not be caught - depends on implementation # The current implementation only catches exact patterns valid, _ = validate_command("dd if=/dev/random of=/dev/nvme0n1") # This command is not in the explicit dangerous patterns list # so it passes validation (pattern-based, not semantic) def test_fork_bomb_patterns(self): """Test fork bomb patterns are rejected.""" from cluster_execution_mcp.config import validate_command valid, error = validate_command(":(){ :|:& };:") assert valid is False assert "dangerous" in error.lower() def test_null_byte_injection(self): """Test null byte injection.""" from cluster_execution_mcp.config import validate_command # Commands with null bytes should be validated valid, _ = validate_command("echo test\x00rm -rf /") # Depends on implementation - should either reject or sanitize class TestIPValidationSecurity: """Test IP validation security.""" def test_reject_localhost_variants(self): """Test various localhost representations are rejected.""" from cluster_execution_mcp.config import validate_ip localhost_variants = [ "127.0.0.1", "127.0.0.2", "127.255.255.255", ] for ip in localhost_variants: assert validate_ip(ip) is False, f"Should reject: {ip}" def test_reject_internal_ranges(self): """Test internal/container network ranges are rejected.""" from cluster_execution_mcp.config import validate_ip internal_ips = [ "172.17.0.1", # Docker default "172.18.0.1", # Docker network "169.254.1.1", # Link-local "10.0.0.1", # Podman default ] for ip in internal_ips: assert validate_ip(ip) is False, f"Should reject: {ip}" def test_reject_invalid_formats(self): """Test invalid IP formats are rejected.""" from cluster_execution_mcp.config import validate_ip invalid_ips = [ "", "not-an-ip", "192.168.1", "192.168.1.256", "192.168.1.-1", "192.168.1.1.1", "192.168.1.1:22", # Port included "192.168.1.1/24", # CIDR notation ] for ip in invalid_ips: assert validate_ip(ip) is False, f"Should reject: {ip}" def test_accept_valid_private_ips(self): """Test valid private IPs are accepted.""" from cluster_execution_mcp.config import validate_ip valid_ips = [ "192.168.1.1", "192.168.0.100", "10.10.1.1", # Not 10.0.x.x "172.32.0.1", # Outside Docker range ] for ip in valid_ips: assert validate_ip(ip) is True, f"Should accept: {ip}" class TestSSHCommandSecurity: """Test SSH command construction security.""" @pytest.fixture def mock_db_path(self): """Create a temporary database path.""" with tempfile.TemporaryDirectory() as tmpdir: db_path = Path(tmpdir) / "task_queue.db" yield db_path def test_ssh_uses_list_arguments(self, mock_db_path): """Test SSH commands use list arguments not shell strings.""" with patch("cluster_execution_mcp.router.get_db_path", return_value=mock_db_path): from cluster_execution_mcp.server import ClusterExecutionServer server = ClusterExecutionServer() # Capture the subprocess.run call with patch("cluster_execution_mcp.server.get_node_ip", return_value="192.168.1.10"), \ patch("subprocess.run") as mock_run: mock_run.return_value = MagicMock( returncode=0, stdout="output", stderr="" ) server.offload_to_node("echo test", "builder") # Verify subprocess.run was called with list, not string call_args = mock_run.call_args if call_args: args = call_args[0][0] # First positional argument assert isinstance(args, list), "SSH command should be a list" assert "ssh" in args[0] def test_command_not_shell_expanded(self, mock_db_path): """Test commands with special chars aren't shell-expanded in SSH.""" with patch("cluster_execution_mcp.router.get_db_path", return_value=mock_db_path): from cluster_execution_mcp.server import ClusterExecutionServer server = ClusterExecutionServer() # Command with shell special characters test_cmd = "echo $HOME" with patch("cluster_execution_mcp.server.get_node_ip", return_value="192.168.1.10"), \ patch("subprocess.run") as mock_run: mock_run.return_value = MagicMock( returncode=0, stdout="output", stderr="" ) server.offload_to_node(test_cmd, "builder") # Verify the command is passed as-is call_args = mock_run.call_args if call_args: args = call_args[0][0] # The command should be the last argument assert test_cmd in args class TestNodeIdSecurity: """Test node ID validation security.""" def test_reject_unknown_nodes(self): """Test unknown node IDs are rejected.""" from cluster_execution_mcp.config import validate_node_id invalid_nodes = [ "unknown", "../etc/passwd", "builder; rm -rf /", "builder\nrm -rf /", ] for node_id in invalid_nodes: valid, _ = validate_node_id(node_id) assert valid is False, f"Should reject: {node_id}" def test_accept_valid_nodes(self): """Test valid node IDs are accepted.""" from cluster_execution_mcp.config import validate_node_id, CLUSTER_NODES for node_id in CLUSTER_NODES.keys(): valid, _ = validate_node_id(node_id) assert valid is True, f"Should accept: {node_id}" class TestPathTraversalPrevention: """Test path traversal attack prevention.""" def test_task_script_temp_file(self): """Test script execution uses secure temp files.""" # Verify that script paths don't allow traversal from cluster_execution_mcp.router import Task # Scripts should be written to secure temp locations task = Task( task_id="test-script", task_type="shell", script="#!/bin/bash\necho test" ) # The task itself doesn't validate, but execution should assert task.script is not None class TestInputSanitization: """Test input sanitization.""" def test_empty_inputs(self): """Test empty inputs are handled.""" from cluster_execution_mcp.config import validate_command, validate_ip valid, _ = validate_command("") assert valid is False valid, _ = validate_command(None) if None else (False, "empty") # Should handle None gracefully assert validate_ip("") is False assert validate_ip(None) is False if None else True def test_whitespace_only(self): """Test whitespace-only inputs are handled.""" from cluster_execution_mcp.config import validate_command valid, _ = validate_command(" ") assert valid is False valid, _ = validate_command("\t\n") assert valid is False def test_unicode_in_commands(self): """Test unicode characters in commands.""" from cluster_execution_mcp.config import validate_command # Should handle unicode without crashing valid, _ = validate_command("echo \u2603") # Snowman assert valid is True valid, _ = validate_command("echo 你好") assert valid is True def test_very_long_command(self): """Test very long commands are handled.""" from cluster_execution_mcp.config import validate_command long_cmd = "echo " + "a" * 100000 valid, _ = validate_command(long_cmd) # Should either accept or reject gracefully, not crash class TestConcurrencySafety: """Test thread/async safety.""" @pytest.fixture def mock_db_path(self): """Create a temporary database path.""" with tempfile.TemporaryDirectory() as tmpdir: db_path = Path(tmpdir) / "task_queue.db" yield db_path def test_database_isolation(self, mock_db_path): """Test database operations are isolated.""" with patch("cluster_execution_mcp.router.get_db_path", return_value=mock_db_path): from cluster_execution_mcp.router import DistributedTaskRouter, Task router1 = DistributedTaskRouter() router2 = DistributedTaskRouter() # Both should use the same database path assert router1.db_path == router2.db_path # Create a task with router1 task = Task( task_id="shared-test", task_type="shell", command="echo test" ) router1._store_task(task, router1.local_node_id) # Should be visible to router2 status = router2.get_task_status("shared-test") assert status is not None class TestErrorHandling: """Test error handling doesn't leak information.""" @pytest.fixture def mock_db_path(self): """Create a temporary database path.""" with tempfile.TemporaryDirectory() as tmpdir: db_path = Path(tmpdir) / "task_queue.db" yield db_path def test_invalid_node_error_message(self, mock_db_path): """Test invalid node error doesn't leak sensitive info.""" from cluster_execution_mcp.config import validate_node_id valid, error = validate_node_id("secret-node") assert valid is False # Error should list available nodes but not leak system paths assert "Available:" in error assert "/etc" not in error assert "passwd" not in error def test_ssh_error_sanitization(self, mock_db_path): """Test SSH errors don't leak credentials.""" with patch("cluster_execution_mcp.router.get_db_path", return_value=mock_db_path): from cluster_execution_mcp.server import ClusterExecutionServer import subprocess server = ClusterExecutionServer() # Simulate SSH error with password in message (shouldn't happen but test) with patch("cluster_execution_mcp.server.get_node_ip", return_value="192.168.1.10"), \ patch("subprocess.run", side_effect=subprocess.SubprocessError("Connection failed")): result = server.offload_to_node("echo test", "builder") assert result["success"] is False # Error should be sanitized assert "Connection failed" in result["error"]

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/marc-shade/cluster-execution-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

test_security.py•13.9 kB