ClaudeKit Blender MCP

Overview Schema Related Servers Score Discussions

claudekit-blender-mcp
plans
251130-2140-exhaustive-bug-investigation

phase-01-critical-security.md•13.8 kB

# Phase 1: Critical Security Fixes ## Path Traversal & Buffer Overflow Vulnerabilities **Duration:** 1 day **Priority:** CRITICAL **Bugs Fixed:** 2 **Risk Level:** High (active security vulnerabilities) --- ## Context Phase 1 addresses two critical security vulnerabilities with immediate exploitation potential: 1. Path traversal validation bypass allowing arbitrary file system access 2. Unbounded buffer accumulation enabling memory exhaustion DoS attacks Both bugs pose immediate security risks and must be fixed before any other work proceeds. --- ## Bugs Addressed ### BUG-001: Path Traversal Validation Bypass **File:** `src/utils/validators.ts:45-51` **Severity:** CRITICAL **CVSS Score:** 9.1 (Critical) **Current Vulnerability:** ```typescript export const filePathSchema = z.string() .min(1, 'File path required') .max(512, 'File path too long') .regex(/^[a-zA-Z0-9_\-./]+$/, 'Invalid characters in file path') .refine(path => !path.includes('..'), 'Path traversal not allowed') ``` **Attack Vectors:** - Double encoding: `..%2F..%2Fetc%2Fpasswd` - URL encoding bypass: `..%2f` - Dot-slash combinations: `.\./.\./` - Null byte injection: `file.txt\0../../etc/passwd` **Impact:** - Read/write arbitrary files outside project directory - Data exfiltration (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) - Code injection via file writes - File system integrity violations --- ### BUG-003: Unbounded Buffer Accumulation (DoS) **File:** `src/utils/socket-client.ts:101-147` **Severity:** CRITICAL **CVSS Score:** 7.5 (High) **Current Vulnerability:** ```typescript const onData = (chunk: Buffer) => { buffer += chunk.toString('utf-8'); // NO SIZE CHECK try { JSON.parse(buffer); cleanup(); resolve(buffer); } catch { // Continue accumulating - UNBOUNDED } }; ``` **Attack Scenario:** 1. Client sends valid request to Blender 2. Compromised/malicious Blender server sends infinite garbage data 3. Buffer grows: 1MB → 100MB → 1GB → OOM 4. Node.js process crashes 5. Service becomes unavailable **Impact:** - Denial of Service via memory exhaustion - Process crash with no recovery - Service interruption affecting all users - No protection if Blender addon compromised --- ## Requirements ### Functional Requirements 1. **Path Validation:** Reject all path traversal attempts with comprehensive normalization 2. **Buffer Limits:** Enforce maximum buffer size of 50MB for socket responses 3. **Error Handling:** Graceful degradation with clear error messages 4. **Backward Compatibility:** Existing valid paths continue to work ### Non-Functional Requirements 1. **Performance:** Path normalization overhead < 1ms 2. **Security:** Zero tolerance for bypass attempts 3. **Logging:** All validation failures logged with attack vector details 4. **Monitoring:** Metrics for rejected paths and buffer overflows --- ## Implementation Steps ### Step 1: Fix Path Traversal (BUG-001) **File:** `src/utils/validators.ts` **Implementation:** ```typescript import { resolve, normalize } from 'path'; export const filePathSchema = z.string() .min(1, 'File path required') .max(512, 'File path too long') .transform((path) => { // Step 1: Decode URL encoding (prevent double encoding) let decoded = decodeURIComponent(path); // Step 2: Remove null bytes decoded = decoded.replace(/\0/g, ''); // Step 3: Normalize path separators decoded = decoded.replace(/\\/g, '/'); // Step 4: Resolve to absolute path and canonicalize const projectRoot = process.cwd(); const absolutePath = resolve(projectRoot, decoded); // Step 5: Extract relative path from project root const relativePath = absolutePath.replace(projectRoot + '/', ''); return relativePath; }) .refine((path) => !path.includes('..'), 'Path traversal detected') .refine((path) => !path.startsWith('/'), 'Absolute paths not allowed') .refine((path) => !path.startsWith('.'), 'Hidden files not allowed') .refine((path) => { // Ensure path stays within project directory const projectRoot = process.cwd(); const absolutePath = resolve(projectRoot, path); return absolutePath.startsWith(projectRoot); }, 'Path escapes project directory') .regex(/^[a-zA-Z0-9_\-./]+$/, 'Invalid characters in file path'); ``` **Test Cases:** ```typescript // Valid paths filePathSchema.parse('assets/model.blend'); // ✓ filePathSchema.parse('output/render.png'); // ✓ // Invalid paths (should throw) filePathSchema.parse('../../../etc/passwd'); // ✗ Path traversal filePathSchema.parse('..%2F..%2Fetc%2Fpasswd'); // ✗ Encoded traversal filePathSchema.parse('.ssh/id_rsa'); // ✗ Hidden file filePathSchema.parse('/etc/passwd'); // ✗ Absolute path filePathSchema.parse('file.txt\0../../passwd'); // ✗ Null byte ``` --- ### Step 2: Fix Buffer Overflow (BUG-003) **File:** `src/utils/socket-client.ts` **Implementation:** ```typescript private async receiveFullResponse(socket: net.Socket): Promise<string> { const MAX_BUFFER_SIZE = 50 * 1024 * 1024; // 50MB limit const MAX_CHUNKS = 10000; // Prevent infinite accumulation return new Promise((resolve, reject) => { let buffer = ''; let totalBytes = 0; let chunkCount = 0; const cleanup = () => { socket.off('data', onData); socket.off('error', onError); socket.off('timeout', onTimeout); socket.off('close', onClose); }; const onData = (chunk: Buffer) => { chunkCount++; const chunkSize = chunk.length; totalBytes += chunkSize; // Check buffer size limit if (totalBytes > MAX_BUFFER_SIZE) { cleanup(); socket.destroy(); reject(new Error( `Buffer exceeded maximum size: ${MAX_BUFFER_SIZE} bytes ` + `(received ${totalBytes} bytes)` )); logger.error('Buffer overflow attack detected', { totalBytes, maxSize: MAX_BUFFER_SIZE, chunks: chunkCount }); return; } // Check chunk count limit if (chunkCount > MAX_CHUNKS) { cleanup(); socket.destroy(); reject(new Error( `Exceeded maximum chunk count: ${MAX_CHUNKS}` )); logger.error('Excessive chunk accumulation detected', { chunks: chunkCount }); return; } buffer += chunk.toString('utf-8'); try { const parsed = JSON.parse(buffer); cleanup(); resolve(buffer); } catch { // Incomplete JSON - continue accumulating logger.debug('Partial JSON received', { currentSize: totalBytes, chunks: chunkCount }); } }; const onError = (error: Error) => { cleanup(); reject(new Error(`Socket error: ${error.message}`)); }; const onTimeout = () => { cleanup(); socket.destroy(); reject(new Error('Socket timeout')); }; const onClose = () => { cleanup(); reject(new Error('Socket closed before complete response')); }; socket.on('data', onData); socket.on('error', onError); socket.on('timeout', onTimeout); socket.on('close', onClose); }); } ``` **Test Cases:** ```typescript // Valid responses await client.sendCommand('get_scene_info'); // ✓ Normal response // Attack scenarios (should fail gracefully) // - Malicious server sends 100MB of garbage // - Should reject at 50MB with clear error message // - Process should NOT crash ``` --- ## Todo List **BUG-001: Path Traversal Fix** - [ ] Implement path normalization with decoding - [ ] Add null byte removal - [ ] Add canonicalization with path.resolve() - [ ] Add project root boundary check - [ ] Add refine checks for traversal patterns - [ ] Write unit tests for attack vectors - [ ] Test with valid paths (backward compatibility) - [ ] Add logging for rejected paths - [ ] Update error messages - [ ] Code review **BUG-003: Buffer Overflow Fix** - [ ] Add MAX_BUFFER_SIZE constant (50MB) - [ ] Add MAX_CHUNKS limit (10000) - [ ] Implement byte counter - [ ] Implement chunk counter - [ ] Add buffer size check in onData handler - [ ] Add chunk count check - [ ] Destroy socket on overflow - [ ] Add comprehensive error messages - [ ] Add logging for attack detection - [ ] Write unit tests for overflow scenarios - [ ] Load test with large responses - [ ] Code review **Testing & Validation** - [ ] Unit tests: 100% coverage for validation logic - [ ] Integration tests: End-to-end attack simulations - [ ] Penetration testing: External security review - [ ] Performance testing: Validation overhead < 1ms - [ ] Regression testing: Existing functionality unaffected **Documentation** - [ ] Update security documentation - [ ] Document attack vectors mitigated - [ ] Update API docs with validation rules - [ ] Create incident response playbook --- ## Success Criteria ### Validation Criteria - [ ] All path traversal attack vectors blocked - [ ] Buffer overflow protection enforces 50MB limit - [ ] No false positives on valid paths - [ ] Error messages clear and actionable - [ ] Zero tolerance for security bypasses ### Testing Criteria - [ ] 100% test coverage on validation logic - [ ] Penetration testing shows no vulnerabilities - [ ] Load testing confirms performance impact < 1% - [ ] No regressions in existing test suite ### Performance Criteria - [ ] Path validation overhead < 1ms per request - [ ] Buffer checks add < 0.1% CPU overhead - [ ] Memory usage within normal bounds --- ## Risk Assessment ### Implementation Risks **Risk 1: False Positives** - **Description:** Overly strict validation rejects valid paths - **Probability:** Medium - **Impact:** High (breaks existing functionality) - **Mitigation:** Comprehensive test suite with real-world paths - **Contingency:** Feature flag for gradual rollout **Risk 2: Performance Degradation** - **Description:** Path normalization adds latency - **Probability:** Low - **Impact:** Medium - **Mitigation:** Benchmark before/after - **Contingency:** Optimize hot path with caching **Risk 3: Encoding Edge Cases** - **Description:** Missed encoding variation allows bypass - **Probability:** Low - **Impact:** Critical - **Mitigation:** External security review - **Contingency:** Additional validation layers ### Deployment Risks **Risk 1: Breaking Changes** - **Description:** Validation breaks existing integrations - **Probability:** Medium - **Impact:** High - **Mitigation:** Backward compatibility testing - **Contingency:** Phased rollout with feature flag **Risk 2: Buffer Size Too Small** - **Description:** Legitimate large responses rejected - **Probability:** Low - **Impact:** Medium - **Mitigation:** Monitor production response sizes - **Contingency:** Configurable MAX_BUFFER_SIZE --- ## Rollback Plan ### Immediate Rollback (< 5 minutes) 1. Revert commits for Phase 1 2. Redeploy previous stable version 3. Monitor for continued attacks 4. Incident investigation ### Partial Rollback 1. Feature flag to disable new validation 2. Collect telemetry on false positives 3. Fix validation logic 4. Re-enable with fixes ### Prevention 1. Staging environment validation 2. Canary deployment (5% traffic) 3. Gradual rollout to 100% 4. 24-hour monitoring period --- ## Monitoring & Alerting ### Metrics to Track - `security.path_traversal.blocked` - Count of blocked attempts - `security.buffer_overflow.blocked` - Count of buffer overflows - `validation.path.duration_ms` - Path validation latency - `validation.path.failures` - Failed validations (by reason) ### Alerts - **Critical:** > 10 path traversal attempts per minute - **Critical:** > 5 buffer overflow attempts per minute - **Warning:** Path validation latency > 5ms - **Info:** New attack pattern detected ### Logging ```typescript // Path traversal attempt logger.error('Path traversal blocked', { input: originalPath, normalized: normalizedPath, attack_vector: 'url_encoding', timestamp: Date.now() }); // Buffer overflow attempt logger.error('Buffer overflow attack detected', { totalBytes, maxSize: MAX_BUFFER_SIZE, chunks: chunkCount, source: socket.remoteAddress }); ``` --- ## Dependencies ### Technical Dependencies - `path` module (Node.js built-in) - `zod` schema validation library - Existing logger infrastructure ### Team Dependencies - Security team review required - QA team for penetration testing - DevOps team for monitoring setup ### External Dependencies - None (all fixes use built-in Node.js APIs) --- ## Unresolved Questions 1. **What is the maximum legitimate response size from Blender?** - Assumption: 50MB covers 99.9% of use cases - Action: Monitor production metrics post-deployment 2. **Should we add rate limiting on validation failures?** - Consideration: Prevent brute-force attack probing - Decision: Defer to Phase 3 (BUG-004 rate limiting fixes) 3. **Should hidden files (dotfiles) be allowed?** - Current: Blocked by default - Rationale: Prevents `.ssh/`, `.env` access - Review: Confirm with product team 4. **Should we emit security events to SIEM?** - Consideration: Enterprise security monitoring - Decision: Add integration point for future --- ## Post-Implementation Review ### Lessons Learned (to be filled post-deployment) - What worked well? - What could be improved? - Unexpected issues encountered? - Performance impact actual vs. expected? ### Metrics Review (to be filled after 7 days) - Attack attempts blocked: ___ - False positives reported: ___ - Performance overhead measured: ___ - User impact: ___ --- **Phase Owner:** Security Engineer **Status:** Ready for Implementation **Approval Required:** Security Lead, Engineering Director

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/olbboy/claudekit-blender-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

phase-01-critical-security.md•13.8 kB