vulcan-file-ops

MIT License

204

Overview InspectNew Endpoints Schema Related Servers Reviews Score

shell-command-path-validation.test.ts•11.9 kB

import { describe, test, expect, beforeEach } from "@jest/globals"; import { initializeShellTool, handleShellTool } from "../tools/shell-tool.js"; import { setAllowedDirectories } from "../utils/lib.js"; import os from "os"; import path from "path"; import fs from "fs/promises"; describe("Shell Command Path Validation", () => { let testDir: string; let allowedDir: string; beforeEach(async () => { // Create a temporary directory for testing testDir = await fs.mkdtemp(path.join(os.tmpdir(), "vulcan-test-")); allowedDir = path.join(testDir, "allowed"); await fs.mkdir(allowedDir, { recursive: true }); // Initialize with approved commands initializeShellTool([ "ls", "pwd", "echo", "cat", "type", "dir", "Get-Content", "ls", "pwd", ]); setAllowedDirectories([allowedDir]); }); describe("Windows Path Validation", () => { test("blocks command with absolute path outside allowed directories", async () => { if (os.platform() === "win32") { const command = `type C:\\Windows\\System32\\drivers\\etc\\hosts`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("blocks command with Windows UNC path outside allowed directories", async () => { if (os.platform() === "win32") { const command = `type \\\\server\\share\\file.txt`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("allows command with path within allowed directory", async () => { const testFile = path.join(allowedDir, "test.txt"); await fs.writeFile(testFile, "test content"); const command = os.platform() === "win32" ? `type "${testFile}"` : `cat "${testFile}"`; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); expect(result.content[0].text).toContain("test content"); }); test("blocks dir command listing unauthorized directory", async () => { if (os.platform() === "win32") { const command = `dir C:\\Windows\\System32`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("allows dir command listing allowed directory", async () => { if (os.platform() === "win32") { const command = `dir "${allowedDir}"`; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); } }, 10000); }); describe("Unix Path Validation", () => { test("blocks command with absolute path outside allowed directories", async () => { if (os.platform() !== "win32") { const command = `cat /etc/passwd`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("blocks ls command listing unauthorized directory", async () => { if (os.platform() !== "win32") { const command = `ls -la /root`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("allows command with path within allowed directory", async () => { if (os.platform() !== "win32") { const testFile = path.join(allowedDir, "test.txt"); await fs.writeFile(testFile, "test content"); const command = `cat "${testFile}"`; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); expect(result.content[0].text).toContain("test content"); } }); }); describe("Relative Path Handling", () => { test("allows relative path within workdir", async () => { const testFile = path.join(allowedDir, "test.txt"); await fs.writeFile(testFile, "test content"); const command = os.platform() === "win32" ? `type test.txt` : `cat test.txt`; const result = await handleShellTool("execute_shell", { command, workdir: allowedDir, }); expect(result.isError).toBe(false); expect(result.content[0].text).toContain("test content"); }); test("blocks relative path that resolves outside allowed directory", async () => { const command = os.platform() === "win32" ? `type ..\\..\\Windows\\System32\\drivers\\etc\\hosts` : `cat ../../etc/passwd`; await expect( handleShellTool("execute_shell", { command, workdir: allowedDir, }) ).rejects.toThrow("Access denied"); }); test("allows ./ relative path within allowed directory", async () => { const testFile = path.join(allowedDir, "test.txt"); await fs.writeFile(testFile, "test content"); const command = os.platform() === "win32" ? `type .\\test.txt` : `cat ./test.txt`; const result = await handleShellTool("execute_shell", { command, workdir: allowedDir, }); expect(result.isError).toBe(false); }); }); describe("Quoted Path Handling", () => { test("extracts and validates quoted paths with spaces", async () => { const testFile = path.join(allowedDir, "file with spaces.txt"); await fs.writeFile(testFile, "test content"); const command = os.platform() === "win32" ? `type "file with spaces.txt"` : `cat "file with spaces.txt"`; const result = await handleShellTool("execute_shell", { command, workdir: allowedDir, }); expect(result.isError).toBe(false); expect(result.content[0].text).toContain("test content"); }); test("blocks quoted path outside allowed directory", async () => { if (os.platform() === "win32") { const command = `type "C:\\Windows\\System32\\drivers\\etc\\hosts"`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } else { const command = `cat "/etc/passwd"`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); }); describe("Commands Without Paths", () => { test("allows echo command without paths", async () => { const result = await handleShellTool("execute_shell", { command: "echo hello world", }); expect(result.isError).toBe(false); expect(result.content[0].text).toContain("hello world"); }); test("allows date command without paths", async () => { const command = os.platform() === "win32" ? "Get-Date" : "date"; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); }); test("allows whoami command without paths", async () => { const command = os.platform() === "win32" ? "$env:USERNAME" : "whoami"; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); }); test("allows pwd command without paths", async () => { const command = os.platform() === "win32" ? "pwd" : "pwd"; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); }); }); describe("Commands with Flags", () => { test("extracts path after flags", async () => { if (os.platform() !== "win32") { const testFile = path.join(allowedDir, "test.txt"); await fs.writeFile(testFile, "test content"); const command = `ls -la "${allowedDir}"`; const result = await handleShellTool("execute_shell", { command, }); expect(result.isError).toBe(false); } }); test("blocks path after flags if outside allowed directory", async () => { if (os.platform() !== "win32") { const command = `ls -la /root`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); }); describe("Error Messages", () => { test("provides clear error message with blocked paths", async () => { if (os.platform() === "win32") { const command = `type C:\\Windows\\System32\\drivers\\etc\\hosts`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } else { const command = `cat /etc/passwd`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("error message includes allowed directories", async () => { if (os.platform() === "win32") { const command = `type C:\\Windows\\System32\\drivers\\etc\\hosts`; try { await handleShellTool("execute_shell", { command, }); } catch (error: any) { expect(error.message).toContain("Allowed directories"); expect(error.message).toContain(allowedDir); } } else { const command = `cat /etc/passwd`; try { await handleShellTool("execute_shell", { command, }); } catch (error: any) { expect(error.message).toContain("Allowed directories"); expect(error.message).toContain(allowedDir); } } }); }); describe("Edge Cases", () => { test("handles multiple paths in command", async () => { const testFile1 = path.join(allowedDir, "file1.txt"); const testFile2 = path.join(allowedDir, "file2.txt"); await fs.writeFile(testFile1, "content1"); await fs.writeFile(testFile2, "content2"); // Test with a simpler command that won't fail - just verify paths are validated // Use separate commands to avoid command chaining issues const command1 = os.platform() === "win32" ? `type "${testFile1}"` : `cat "${testFile1}"`; const result1 = await handleShellTool("execute_shell", { command: command1, }); expect(result1.isError).toBe(false); const command2 = os.platform() === "win32" ? `type "${testFile2}"` : `cat "${testFile2}"`; const result2 = await handleShellTool("execute_shell", { command: command2, }); expect(result2.isError).toBe(false); }); test("blocks if any path in command is outside allowed directory", async () => { const testFile = path.join(allowedDir, "test.txt"); await fs.writeFile(testFile, "test content"); if (os.platform() === "win32") { const command = `type "${testFile}" & type C:\\Windows\\System32\\drivers\\etc\\hosts`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } else { const command = `cat "${testFile}" && cat /etc/passwd`; await expect( handleShellTool("execute_shell", { command, }) ).rejects.toThrow("Access denied"); } }); test("handles empty command gracefully", async () => { await expect( handleShellTool("execute_shell", { command: "", }) ).rejects.toThrow(); }); }); });

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/n0zer0d4y/vulcan-file-ops'

If you have feedback or need assistance with the MCP directory API, please join our Discord server