ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-17 03:10:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix(mcp): tighten api request validation

Browse source
This commit is contained in:
dotta 2026-04-06 21:56:13 -05:00
parent 85ca675311
commit 669e5c87cc
4 changed files with 171 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/mcp-server/src/tools.ts
View file

@ -415,8 +415,8 @@ export function createToolDefinitions(client: PaperclipApiClient): ToolDefinitio
"Make a JSON request to an existing Paperclip /api endpoint for unsupported operations",
apiRequestSchema,
async ({ method, path, jsonBody }) => {
if (!path.startsWith("/")) {
throw new Error("path must start with / and be relative to /api");
if (!path.startsWith("/") || path.includes("..")) {
throw new Error("path must start with / and be relative to /api, and must not contain '..'");
}
return client.requestJson(method, path, {
body: parseOptionalJson(jsonBody),