Commit 0f585db

authored

fix: wrap more tool responses in untrusted-user-data tags (#465)

1 parent 99a9b6a commit 0f585dbCopy full SHA for 0f585db

File tree

35 files changed

+305

-290

lines changed

package.json
src/tools
- atlas
  - create
    - createDBUser.ts
  - read
- mongodb
- tool.ts
tests/integration
- helpers.ts
- tools
  - atlas
  - mongodb

35 files changed

+305

-290

lines changed

`‎package.json`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,8 @@`
`48`	`48`	`"check:lint": "eslint .",`
`49`	`49`	`"check:format": "prettier -c .",`
`50`	`50`	`"check:types": "tsc --noEmit --project tsconfig.json",`
	`51`	`+ "fix": "npm run fix:lint && npm run reformat",`
	`52`	`+ "fix:lint": "eslint . --fix",`
`51`	`53`	`"reformat": "prettier --write .",`
`52`	`54`	`"generate": "./scripts/generate.sh",`
`53`	`55`	`"test": "vitest --project unit-and-integration --coverage",`

`‎src/tools/atlas/create/createDBUser.ts`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ export class CreateDBUserTool extends AtlasToolBase {`
`21`	`21`	`.optional()`
`22`	`22`	`.nullable()`
`23`	`23`	`.describe(`
`24`		`- "Password for the new user. If the user hasn't supplied an explicit password, leave it unset and under no circumstances try to generate a random one. A secure password will be generated by the MCP server if necessary."`
	`24`	`+ "Password for the new user. IMPORTANT: If the user hasn't supplied an explicit password, leave it unset and under no circumstances try to generate a random one. A secure password will be generated by the MCP server if necessary."`
`25`	`25`	`),`
`26`	`26`	`roles: z`
`27`	`27`	`.array(`

`‎src/tools/atlas/read/inspectAccessList.ts`

Lines changed: 13 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ import { z } from "zod";`
`2`	`2`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`3`	`3`	`import { AtlasToolBase } from "../atlasTool.js";`
`4`	`4`	`import type { ToolArgs, OperationType } from "../../tool.js";`
	`5`	`+import { formatUntrustedData } from "../../tool.js";`
`5`	`6`
`6`	`7`	`export class InspectAccessListTool extends AtlasToolBase {`
`7`	`8`	`public name = "atlas-inspect-access-list";`
`@@ -20,23 +21,25 @@ export class InspectAccessListTool extends AtlasToolBase {`
`20`	`21`	`},`
`21`	`22`	`});`
`22`	`23`
`23`		`- if (!accessList?.results?.length) {`
`24`		`- throw new Error("No access list entries found.");`
	`24`	`+ const results = accessList.results ?? [];`
	`25`	`+`
	`26`	`+ if (!results.length) {`
	`27`	`+ return {`
	`28`	`+ content: [{ type: "text", text: "No access list entries found." }],`
	`29`	`+ };`
`25`	`30`	`}`
`26`	`31`
`27`	`32`	`return {`
`28`		`- content: [`
`29`		`- {`
`30`		`- type: "text",`
`31`		- text: `IP ADDRESS \| CIDR \| COMMENT
	`33`	`+ content: formatUntrustedData(`
	`34`	+ `Found ${results.length} access list entries`,
	`35`	+ `IP ADDRESS \| CIDR \| COMMENT
`32`	`36`	`------\|------\|------`
`33`		`-${(accessList.results\|\|[])`
	`37`	`+${results`
`34`	`38`	`.map((entry) => {`
`35`	`39`	return `${entry.ipAddress} \| ${entry.cidrBlock} \| ${entry.comment}`;
`36`	`40`	`})`
`37`		- .join("\n")}`,
`38`		`- },`
`39`		`- ],`
	`41`	+ .join("\n")}`
	`42`	`+ ),`
`40`	`43`	`};`
`41`	`44`	`}`
`42`	`45`	`}`

`‎src/tools/atlas/read/inspectCluster.ts`

Lines changed: 6 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ import { z } from "zod";`
`2`	`2`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`3`	`3`	`import { AtlasToolBase } from "../atlasTool.js";`
`4`	`4`	`import type { ToolArgs, OperationType } from "../../tool.js";`
	`5`	`+import { formatUntrustedData } from "../../tool.js";`
`5`	`6`	`import type { Cluster } from "../../../common/atlas/cluster.js";`
`6`	`7`	`import { inspectCluster } from "../../../common/atlas/cluster.js";`
`7`	`8`
`@@ -22,14 +23,12 @@ export class InspectClusterTool extends AtlasToolBase {`
`22`	`23`
`23`	`24`	`private formatOutput(formattedCluster: Cluster): CallToolResult {`
`24`	`25`	`return {`
`25`		`- content: [`
`26`		`- {`
`27`		`- type: "text",`
`28`		- text: `Cluster Name \| Cluster Type \| Tier \| State \| MongoDB Version \| Connection String
	`26`	`+ content: formatUntrustedData(`
	`27`	`+ "Cluster details:",`
	`28`	+ `Cluster Name \| Cluster Type \| Tier \| State \| MongoDB Version \| Connection String
`29`	`29`	`----------------\|----------------\|----------------\|----------------\|----------------\|----------------`
`30`		-${formattedCluster.name \|\| "Unknown"} \| ${formattedCluster.instanceType} \| ${formattedCluster.instanceSize \|\| "N/A"} \| ${formattedCluster.state \|\| "UNKNOWN"} \| ${formattedCluster.mongoDBVersion \|\| "N/A"} \| ${formattedCluster.connectionString \|\| "N/A"}`,
`31`		`- },`
`32`		`- ],`
	`30`	+${formattedCluster.name \|\| "Unknown"} \| ${formattedCluster.instanceType} \| ${formattedCluster.instanceSize \|\| "N/A"} \| ${formattedCluster.state \|\| "UNKNOWN"} \| ${formattedCluster.mongoDBVersion \|\| "N/A"} \| ${formattedCluster.connectionString \|\| "N/A"}`
	`31`	`+ ),`
`33`	`32`	`};`
`34`	`33`	`}`
`35`	`34`	`}`

`‎src/tools/atlas/read/listAlerts.ts`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ import { z } from "zod";`
`2`	`2`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`3`	`3`	`import { AtlasToolBase } from "../atlasTool.js";`
`4`	`4`	`import type { ToolArgs, OperationType } from "../../tool.js";`
	`5`	`+import { formatUntrustedData } from "../../tool.js";`
`5`	`6`
`6`	`7`	`export class ListAlertsTool extends AtlasToolBase {`
`7`	`8`	`public name = "atlas-list-alerts";`
`@@ -39,7 +40,7 @@ export class ListAlertsTool extends AtlasToolBase {`
`39`	`40`	`.join("\n");`
`40`	`41`
`41`	`42`	`return {`
`42`		`- content: [{type: "text",text: output}],`
	`43`	+ content: formatUntrustedData(`Found ${data.results.length} alerts in project ${projectId}`,output),
`43`	`44`	`};`
`44`	`45`	`}`
`45`	`46`	`}`

`‎src/tools/atlas/read/listClusters.ts`

Lines changed: 9 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ import { z } from "zod";`
`2`	`2`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`3`	`3`	`import { AtlasToolBase } from "../atlasTool.js";`
`4`	`4`	`import type { ToolArgs, OperationType } from "../../tool.js";`
	`5`	`+import { formatUntrustedData } from "../../tool.js";`
`5`	`6`	`import type {`
`6`	`7`	`PaginatedClusterDescription20240805,`
`7`	`8`	`PaginatedOrgGroupView,`
@@ -86,7 +87,9 @@ ${rows}`,
`86`	`87`	`): CallToolResult {`
`87`	`88`	`// Check if both traditional clusters and flex clusters are absent`
`88`	`89`	`if (!clusters?.results?.length && !flexClusters?.results?.length) {`
`89`		`- throw new Error("No clusters found.");`
	`90`	`+ return {`
	`91`	`+ content: [{ type: "text", text: "No clusters found." }],`
	`92`	`+ };`
`90`	`93`	`}`
`91`	`94`	`const formattedClusters = clusters?.results?.map((cluster) => formatCluster(cluster)) \|\| [];`
`92`	`95`	`const formattedFlexClusters = flexClusters?.results?.map((cluster) => formatFlexCluster(cluster)) \|\| [];`
@@ -96,18 +99,12 @@ ${rows}`,
`96`	`99`	`})`
`97`	`100`	`.join("\n");`
`98`	`101`	`return {`
`99`		`- content: [`
`100`		`- {`
`101`		`- type: "text",`
`102`		- text: `Here are your MongoDB Atlas clusters in project "${project.name}" (${project.id}):`,
`103`		`- },`
`104`		`- {`
`105`		`- type: "text",`
`106`		- text: `Cluster Name \| Cluster Type \| Tier \| State \| MongoDB Version \| Connection String
	`102`	`+ content: formatUntrustedData(`
	`103`	+ `Found ${rows.length} clusters in project "${project.name}" (${project.id}):`,
	`104`	+ `Cluster Name \| Cluster Type \| Tier \| State \| MongoDB Version \| Connection String
`107`	`105`	`----------------\|----------------\|----------------\|----------------\|----------------\|----------------`
`108`		-${rows}`,
`109`		`- },`
`110`		`- ],`
	`106`	+${rows}`
	`107`	`+ ),`
`111`	`108`	`};`
`112`	`109`	`}`
`113`	`110`	`}`

`‎src/tools/atlas/read/listDBUsers.ts`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ import { z } from "zod";`
`2`	`2`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`3`	`3`	`import { AtlasToolBase } from "../atlasTool.js";`
`4`	`4`	`import type { ToolArgs, OperationType } from "../../tool.js";`
	`5`	`+import { formatUntrustedData } from "../../tool.js";`
`5`	`6`	`import type { DatabaseUserRole, UserScope } from "../../../common/atlas/openapi.js";`
`6`	`7`
`7`	`8`	`export class ListDBUsersTool extends AtlasToolBase {`
`@@ -22,7 +23,9 @@ export class ListDBUsersTool extends AtlasToolBase {`
`22`	`23`	`});`
`23`	`24`
`24`	`25`	`if (!data?.results?.length) {`
`25`		`- throw new Error("No database users found.");`
	`26`	`+ return {`
	`27`	`+ content: [{ type: "text", text: " No database users found" }],`
	`28`	`+ };`
`26`	`29`	`}`
`27`	`30`
`28`	`31`	`const output =`
`@@ -35,7 +38,7 @@ export class ListDBUsersTool extends AtlasToolBase {`
`35`	`38`	`})`
`36`	`39`	`.join("\n");`
`37`	`40`	`return {`
`38`		`- content: [{type: "text",text: output}],`
	`41`	+ content: formatUntrustedData(`Found ${data.results.length} database users in project ${projectId}`,output),
`39`	`42`	`};`
`40`	`43`	`}`
`41`	`44`	`}`

`‎src/tools/atlas/read/listOrgs.ts`

Lines changed: 9 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`2`	`2`	`import { AtlasToolBase } from "../atlasTool.js";`
`3`	`3`	`import type { OperationType } from "../../tool.js";`
	`4`	`+import { formatUntrustedData } from "../../tool.js";`
`4`	`5`
`5`	`6`	`export class ListOrganizationsTool extends AtlasToolBase {`
`6`	`7`	`public name = "atlas-list-orgs";`
`@@ -12,10 +13,12 @@ export class ListOrganizationsTool extends AtlasToolBase {`
`12`	`13`	`const data = await this.session.apiClient.listOrganizations();`
`13`	`14`
`14`	`15`	`if (!data?.results?.length) {`
`15`		`- throw new Error("No projects found in your MongoDB Atlas account.");`
	`16`	`+ return {`
	`17`	`+ content: [{ type: "text", text: "No organizations found in your MongoDB Atlas account." }],`
	`18`	`+ };`
`16`	`19`	`}`
`17`	`20`
`18`		`- // Format projects as a table`
	`21`	`+ // Format organizations as a table`
`19`	`22`	`const output =`
`20`	`23`	`Organization Name \| Organization ID
`21`	`24`	`----------------\| ----------------`
`@@ -26,7 +29,10 @@ export class ListOrganizationsTool extends AtlasToolBase {`
`26`	`29`	`})`
`27`	`30`	`.join("\n");`
`28`	`31`	`return {`
`29`		`- content: [{ type: "text", text: output }],`
	`32`	`+ content: formatUntrustedData(`
	`33`	+ `Found ${data.results.length} organizations in your MongoDB Atlas account.`,
	`34`	`+ output`
	`35`	`+ ),`
`30`	`36`	`};`
`31`	`37`	`}`
`32`	`38`	`}`

`‎src/tools/atlas/read/listProjects.ts`

Lines changed: 8 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`2`	`2`	`import { AtlasToolBase } from "../atlasTool.js";`
`3`	`3`	`import type { OperationType } from "../../tool.js";`
	`4`	`+import { formatUntrustedData } from "../../tool.js";`
`4`	`5`	`import { z } from "zod";`
`5`	`6`	`import type { ToolArgs } from "../../tool.js";`
`6`	`7`
`@@ -16,7 +17,9 @@ export class ListProjectsTool extends AtlasToolBase {`
`16`	`17`	`const orgData = await this.session.apiClient.listOrganizations();`
`17`	`18`
`18`	`19`	`if (!orgData?.results?.length) {`
`19`		`- throw new Error("No organizations found in your MongoDB Atlas account.");`
	`20`	`+ return {`
	`21`	`+ content: [{ type: "text", text: "No organizations found in your MongoDB Atlas account." }],`
	`22`	`+ };`
`20`	`23`	`}`
`21`	`24`
`22`	`25`	`const orgs: Record<string, string> = orgData.results`
`@@ -35,7 +38,9 @@ export class ListProjectsTool extends AtlasToolBase {`
`35`	`38`	`: await this.session.apiClient.listProjects();`
`36`	`39`
`37`	`40`	`if (!data?.results?.length) {`
`38`		`- throw new Error("No projects found in your MongoDB Atlas account.");`
	`41`	`+ return {`
	`42`	+ content: [{ type: "text", text: `No projects found in organization ${orgId}.` }],
	`43`	`+ };`
`39`	`44`	`}`
`40`	`45`
`41`	`46`	`// Format projects as a table`
`@@ -50,7 +55,7 @@ export class ListProjectsTool extends AtlasToolBase {`
`50`	`55`	`----------------\| ----------------\| ----------------\| ----------------\| ----------------`
`51`	`56`	${rows}`;
`52`	`57`	`return {`
`53`		`- content: [{type: "text",text: formattedProjects}],`
	`58`	+ content: formatUntrustedData(`Found ${rows.length} projects`,formattedProjects),
`54`	`59`	`};`
`55`	`60`	`}`
`56`	`61`	`}`

`‎src/tools/mongodb/metadata/collectionSchema.ts`

Lines changed: 5 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";`
`2`	`2`	`import { DbOperationArgs, MongoDBToolBase } from "../mongodbTool.js";`
`3`	`3`	`import type { ToolArgs, OperationType } from "../../tool.js";`
	`4`	`+import { formatUntrustedData } from "../../tool.js";`
`4`	`5`	`import { getSimplifiedSchema } from "mongodb-schema";`
`5`	`6`
`6`	`7`	`export class CollectionSchemaTool extends MongoDBToolBase {`
`@@ -28,16 +29,10 @@ export class CollectionSchemaTool extends MongoDBToolBase {`
`28`	`29`	`}`
`29`	`30`
`30`	`31`	`return {`
`31`		`- content: [`
`32`		`- {`
`33`		- text: `Found ${fieldsCount} fields in the schema for "${database}.${collection}"`,
`34`		`- type: "text",`
`35`		`- },`
`36`		`- {`
`37`		`- text: JSON.stringify(schema),`
`38`		`- type: "text",`
`39`		`- },`
`40`		`- ],`
	`32`	`+ content: formatUntrustedData(`
	`33`	+ `Found ${fieldsCount} fields in the schema for "${database}.${collection}"`,
	`34`	`+ JSON.stringify(schema)`
	`35`	`+ ),`
`41`	`36`	`};`
`42`	`37`	`}`
`43`	`38`	`}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 0f585db

File tree

35 files changed

35 files changed

`‎package.json`

`‎src/tools/atlas/create/createDBUser.ts`

`‎src/tools/atlas/read/inspectAccessList.ts`

`‎src/tools/atlas/read/inspectCluster.ts`

`‎src/tools/atlas/read/listAlerts.ts`

`‎src/tools/atlas/read/listClusters.ts`

`‎src/tools/atlas/read/listDBUsers.ts`

`‎src/tools/atlas/read/listOrgs.ts`

`‎src/tools/atlas/read/listProjects.ts`

`‎src/tools/mongodb/metadata/collectionSchema.ts`

0 commit comments