Windows CLI MCP Server

by s2005

Overview Inspect Schema Related Servers Score Discussions

pathTraversal.md•1.05 kB

# Path Traversal Protection Tests These tests verify the security mechanisms in `LogStorageManager` that prevent path traversal attacks via the `logDirectory` configuration. ## Tests Summary - **`sanitizeLogDirectory - direct traversal patterns`**: - Rejects `..` at the start, middle, and end of the path. - Rejects standalone `..`. - Rejects Windows-style backslashes `\..\`. - **`sanitizeLogDirectory - env var expansion attacks`**: - Rejects environment variables containing traversal sequences (e.g., `$EVIL_PATH` set to `/../../../etc`). - Rejects env vars that are pure traversal `..`. - **`sanitizeLogDirectory - valid paths`**: - Accepts valid absolute Unix and Windows paths. - Accepts path with tilde expansion `~/.mcp-logs`. - Allows paths containing `..` as part of a directory name (e.g., `my..folder`). - **`sanitizeLogDirectory - edge cases`**: - Handles URL-encoded segments literally (no decoding). - Rejects multiple consecutive `..` segments. - Handles whitespace in paths correctly.

Loading blob content...

Latest Blog Posts

What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/s2005/wcli0'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

pathTraversal.md•1.05 kB