gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

fix(mcp): tighten api request validation

Browse Source
This commit is contained in:
dotta
2026-04-06 21:56:13 -05:00
parent 85ca675311
commit 669e5c87cc
4 changed files with 171 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/mcp-server/src/tools.ts
+2 -2
View File
@@ -415,8 +415,8 @@ export function createToolDefinitions(client: PaperclipApiClient): ToolDefinitio
"Make a JSON request to an existing Paperclip /api endpoint for unsupported operations",
apiRequestSchema,
async ({ method, path, jsonBody }) => {
if (!path.startsWith("/")) {
throw new Error("path must start with / and be relative to /api");
if (!path.startsWith("/") || path.includes("..")) {
throw new Error("path must start with / and be relative to /api, and must not contain '..'");
}
return client.requestJson(method, path, {
body: parseOptionalJson(jsonBody),