mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-05-04 16:52:37 +00:00
52c4e4a309
Add an optional allowed_commands parameter to StdioTransport that validates the command basename against an allowlist before spawning a subprocess. This provides defense-in-depth against configuration- driven command injection as MCP server discovery becomes more dynamic. - DEFAULT_ALLOWED_COMMANDS includes common runtimes: python, python3, node, npx, uvx, uv, deno, docker - Validation checks os.path.basename(command) for cross-platform support - Users can extend the allowlist, pass a custom set, or set allowed_commands=None to disable the check entirely - No breaking change: all currently documented MCP server examples use commands in the default allowlist - MCPServerStdio config model updated with allowed_commands field - tool_resolver passes allowed_commands through to StdioTransport Closes #5080
31 lines
1.1 KiB
Python
31 lines
1.1 KiB
Python
"""Tests for MCPServerStdio allowed_commands config integration."""
|
|
|
|
import pytest
|
|
|
|
from crewai.mcp.config import MCPServerStdio
|
|
from crewai.mcp.transports.stdio import DEFAULT_ALLOWED_COMMANDS
|
|
|
|
|
|
class TestMCPServerStdioConfig:
|
|
"""Tests for the allowed_commands field on MCPServerStdio."""
|
|
|
|
def test_default_allowed_commands(self):
|
|
"""MCPServerStdio should default to DEFAULT_ALLOWED_COMMANDS."""
|
|
config = MCPServerStdio(command="python", args=["server.py"])
|
|
assert config.allowed_commands == DEFAULT_ALLOWED_COMMANDS
|
|
|
|
def test_custom_allowed_commands(self):
|
|
"""Users can override allowed_commands in config."""
|
|
custom = frozenset({"my-runtime"})
|
|
config = MCPServerStdio(
|
|
command="my-runtime", args=[], allowed_commands=custom
|
|
)
|
|
assert config.allowed_commands == custom
|
|
|
|
def test_none_allowed_commands(self):
|
|
"""Users can disable the allowlist via config."""
|
|
config = MCPServerStdio(
|
|
command="anything", args=[], allowed_commands=None
|
|
)
|
|
assert config.allowed_commands is None
|