Improve efficiency #7
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
This commit introduces several improvements to the ssh-mcp-server: 1. **On-Demand SSH Connections:** The connection strategy has been changed from connecting to all servers on startup to connecting on-demand. This improves startup time and reduces resource consumption, especially when many servers are configured. 2. **Fix Resource Leaks:** The file upload and download methods have been updated to properly close SFTP sessions and file streams. This prevents resource leaks that could lead to performance degradation over time. 3. **Robust Server Info Listing:** The `getAllServerInfos` method has been refactored to ensure it correctly maps server configurations to their connection status, making it more reliable.
This commit introduces several security enhancements to the ssh-mcp-server: 1. **Prevent Path Traversal:** Added input sanitization to the `upload` and `download` methods to prevent path traversal attacks on the local filesystem. 2. **Disallow Command Chaining:** The command validation logic has been improved to reject commands containing shell metacharacters like `;`, `&`, and `|`, preventing command injection through command chaining. 3. **Add Security Warning:** The server now logs a warning on startup if no command whitelist is configured, advising you to set one up. 4. **Document Security Risks:** A new "Security Considerations" section has been added to the README to inform you about potential risks and best practices.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
No description provided.