MCP/mcilspy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23 Commits 1 Branch 0 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Ryan Malloy
3c21b9d640 test: fix test compatibility with security and architecture changes 
- Add bypass_path_validation fixture for tests using mock paths
- Update find_ilspycmd_path references to use mcilspy.utils
- Fix wrapper fixture patches in timeout tests
- Update assertions for new output formats (pagination, etc.)
- Mark all taskmaster domains as merged in status.json

All 165 tests passing.
 2026-02-08 11:47:14 -07:00
Ryan Malloy
cf2c5159b3 chore: update status.json to mark testing domain as ready 2026-02-08 11:41:15 -07:00
Ryan Malloy
8f119b72c2 chore: mark performance domain as ready 2026-02-08 11:40:42 -07:00
Ryan Malloy
4bd9ce19af refactor: consolidate utils, constants, models (A1-A8) 2026-02-08 11:34:07 -07:00
Ryan Malloy
3b6afd0646 security: path validation, temp cleanup, output limits (S1-S4) 2026-02-08 11:31:00 -07:00
Ryan Malloy
fa71150ed5 docs: add taskmaster coordination files 2026-02-08 11:30:49 -07:00
Ryan Malloy
16854b77ee security: implement path validation, temp dir safety, and size limits (S1-S4) 
S1 - Path Traversal Prevention:
- Add _validate_assembly_path() helper in server.py
- Validates: non-empty path, file exists, is regular file, .dll/.exe extension
- Resolves to absolute path to prevent path traversal attacks
- Applied to all 12 tools that accept assembly_path

S2 - Temp Directory Race Condition Fix:
- Replace tempfile.mkdtemp() with TemporaryDirectory context manager
- Guarantees cleanup even on exceptions
- Refactor decompile() to use _decompile_to_dir() helper

S3 - Subprocess Output Size Limits:
- Add MAX_OUTPUT_BYTES constant (50MB)
- Truncate stdout/stderr if exceeded to prevent memory exhaustion
- Add truncation warning to output when limit is hit

S4 - Assembly File Size Limits:
- Add MAX_ASSEMBLY_SIZE_MB constant (500MB) in metadata_reader.py
- Check file size before loading with dnfile
- Add AssemblySizeError exception for clear error messages

Tests:
- Add tests/test_security.py with 18 unit tests covering all validations
- All 53 tests pass (security tests + existing tests)
 2026-02-08 11:28:39 -07:00
Ryan Malloy
8901752ae3 refactor: consolidate architecture across 8 issues (A1-A8) 
- A1: Extract duplicated PATH discovery to utils.py (single source of truth)
- A2: Convert metadata_reader dataclasses to Pydantic models in models.py
- A3: Simplify get_wrapper() with module-level caching (removed fragile lifespan context)
- A4: Document ILSpyWrapper design rationale (why class exists despite being stateless)
- A5: Document MetadataReader as CPU-bound sync code with thread pool suggestion
- A6: Create constants.py for all timeouts/limits (DECOMPILE_TIMEOUT_SECONDS, etc.)
- A7: Add _compile_search_pattern() helper to deduplicate regex compilation
- A8: Add LanguageVersion validation with helpful error listing valid options

Tests pass, ruff clean.
 2026-02-08 11:25:43 -07:00