MCP/mcilspy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10 Commits 1 Branch 0 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
Ryan Malloy
3b6afd0646 security: path validation, temp cleanup, output limits (S1-S4) 2026-02-08 11:31:00 -07:00
Ryan Malloy
fa71150ed5 docs: add taskmaster coordination files 2026-02-08 11:30:49 -07:00
Ryan Malloy
16854b77ee security: implement path validation, temp dir safety, and size limits (S1-S4) 
S1 - Path Traversal Prevention:
- Add _validate_assembly_path() helper in server.py
- Validates: non-empty path, file exists, is regular file, .dll/.exe extension
- Resolves to absolute path to prevent path traversal attacks
- Applied to all 12 tools that accept assembly_path

S2 - Temp Directory Race Condition Fix:
- Replace tempfile.mkdtemp() with TemporaryDirectory context manager
- Guarantees cleanup even on exceptions
- Refactor decompile() to use _decompile_to_dir() helper

S3 - Subprocess Output Size Limits:
- Add MAX_OUTPUT_BYTES constant (50MB)
- Truncate stdout/stderr if exceeded to prevent memory exhaustion
- Add truncation warning to output when limit is hit

S4 - Assembly File Size Limits:
- Add MAX_ASSEMBLY_SIZE_MB constant (500MB) in metadata_reader.py
- Check file size before loading with dnfile
- Add AssemblySizeError exception for clear error messages

Tests:
- Add tests/test_security.py with 18 unit tests covering all validations
- All 53 tests pass (security tests + existing tests)
 2026-02-08 11:28:39 -07:00
Ryan Malloy
4354408588 feat: add dnfile-based metadata tools and platform-aware installation 
Major update with new capabilities:

- Rename package from ilspy_mcp_server to mcilspy
- Add 6 new dnfile-based tools that work without ilspycmd:
  - search_methods, search_fields, search_properties
  - list_events, list_resources, get_metadata_summary
- Add installation/diagnostic tools:
  - check_ilspy_installation: verify toolchain status
  - install_ilspy: platform-aware installer with auto-detection
    for pacman, apt, dnf, zypper, homebrew, winget, chocolatey
- Fix metadata_reader bugs:
  - Use _get_row_index helper consistently for dnfile compatibility
  - Handle HeapItemBinary conversion for public key tokens
- Update documentation with all 14 tools
 2026-02-05 08:55:26 -07:00
Borealin
b6a09eabfe init: init version 2025-08-03 23:31:39 +08:00