Skip to content

Add MCP client command validation and security documentation #309

New issue
New issue
Closed
#323
Closed
Add MCP client command validation and security documentation#309
#323
Labels
documentationImprovements or additions to documentationsecuritySecurity hardeningtoolsTool execution and MCP integration
@bug-ops

Description

@bug-ops
bug-ops
opened on Feb 15, 2026

Context

Security audit (2026-02-15) found that zeph-mcp/src/client.rs:38-69 spawns child processes from user config without command validation. Also lacks SSRF protection for URL-based MCP connections.

Severity

Low — config is admin-controlled, not externally modifiable.

Tasks

  1. Documentation: Add docs/src/security/mcp.md covering:

    • Safe MCP server configuration
    • SSRF risks with URL-based connections
    • Recommended command allowlists

  2. Optional validation: Consider command allowlist for MCP binaries:

const ALLOWED_MCP_BINARIES: &[&str] = &["node", "python", "python3", "npx"];
  1. SSRF protection for URL-based connections:
    • Block private IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x)
    • Block link-local and metadata endpoints (169.254.x)

Acceptance criteria

  • MCP security documentation page exists in mdBook
  • SUMMARY.md updated
  • SSRF protection implemented for URL-based MCP connections

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationsecuritySecurity hardeningtoolsTool execution and MCP integration

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions