Add testing documentation#4
Merged
crivetimihai merged 1 commit intomainfrom May 27, 2025
Merged
Conversation
Merged
vk-playground
pushed a commit
to vk-playground/mcp-context-forge
that referenced
this pull request
Sep 14, 2025
Add testing documentation Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vk-playground
pushed a commit
to vk-playground/mcp-context-forge
that referenced
this pull request
Sep 14, 2025
Add testing documentation
vk-playground
pushed a commit
to vk-playground/mcp-context-forge
that referenced
this pull request
Sep 16, 2025
Add testing documentation Signed-off-by: Vicky Kuo <vicky.kuo@ibm.com>
hughhennelly
added a commit
to hughhennelly/mcp-context-forge
that referenced
this pull request
Feb 12, 2026
1. Fix broken imports (Issue #1): - Change from ..database to ..db - Fix unified_pdp imports to use plugins.unified_pdp - Update in routes, services, schemas, and tests 2. Register sandbox router in main.py (Issue IBM#2): - Add import and app.include_router call 3. Fix XSS vulnerability (Issue IBM#3): - Replace f-string HTML with Jinja2 template - Create sandbox_simulate_results.html template - Add Request parameter for template access 4. Add authentication (Issue IBM#4): - Add Depends(get_current_user) to simulate endpoint 5. Remove scratch files (Issue IBM#5): - Delete sandbox_header.txt and sandbox_new_header.txt 6. Resolve schemas conflict (Issue IBM#6): - Merge schemas/sandbox.py into schemas.py - Remove conflicting schemas/ directory - Update imports in routes and services All changes tested and ready for review. Related to IBM#2226 Signed-off-by: hughhennelly <hughhennelly06@gmail.com>
crivetimihai
pushed a commit
that referenced
this pull request
Feb 24, 2026
1. Fix broken imports (Issue #1): - Change from ..database to ..db - Fix unified_pdp imports to use plugins.unified_pdp - Update in routes, services, schemas, and tests 2. Register sandbox router in main.py (Issue #2): - Add import and app.include_router call 3. Fix XSS vulnerability (Issue #3): - Replace f-string HTML with Jinja2 template - Create sandbox_simulate_results.html template - Add Request parameter for template access 4. Add authentication (Issue #4): - Add Depends(get_current_user) to simulate endpoint 5. Remove scratch files (Issue #5): - Delete sandbox_header.txt and sandbox_new_header.txt 6. Resolve schemas conflict (Issue #6): - Merge schemas/sandbox.py into schemas.py - Remove conflicting schemas/ directory - Update imports in routes and services All changes tested and ready for review. Related to #2226 Signed-off-by: hughhennelly <hughhennelly06@gmail.com>
Merged
6 tasks
12 tasks
aidbutlr
referenced
this pull request
in aidbutlr/mcp-context-forge
Mar 3, 2026
CYFR-280 merge from public repo 2026 01 07
2 tasks
MohanLaksh
added a commit
that referenced
this pull request
Apr 11, 2026
This commit fixes 5 issues identified in code review: **Issue #1 - Default config inconsistency (CRITICAL):** - Changed SSRF_ALLOW_LOCALHOST default from false to true - Fixes immediate failure on fresh installs where backend_rpc_url defaults to 127.0.0.1 - Updated README.md to reflect new defaults and clarify production vs development modes - Location: tools_rust/mcp_runtime/src/config.rs:208 **Issue #2 - SSRF bypass in two functions (CRITICAL):** - Added URL validation to backend_authenticate_url() before HTTP call - Added URL validation to backend_tools_call_resolve_url() before HTTP call - Both functions now use url_validator.validate_url() with SSRF protection - Locations: tools_rust/mcp_runtime/src/lib.rs:2564, 8158 **Issue #3 - Malformed CIDR fails open (HIGH):** - Changed CIDR parsing from fail-open (warn + continue) to fail-closed (return error) - Invalid CIDR in SSRF_BLOCKED_NETWORKS now fails runtime startup - Invalid CIDR in SSRF_ALLOWED_NETWORKS now fails runtime startup - Location: tools_rust/mcp_runtime/src/url_validator.rs:186-210 **Issue #4 - DNS re-resolution overhead (MEDIUM):** - Implemented DNS result caching with 5-minute TTL - Added Arc<RwLock<HashMap<String, (Vec<IpAddr>, Instant)>>> cache - Reduces DNS lookups on hot paths while maintaining security - Cache prevents DNS rebinding attacks with short TTL - Location: tools_rust/mcp_runtime/src/url_validator.rs:58-68, 486-530 **Issue #5 - Missing body-size limit test (LOW):** - Added integration test: request_body_size_limit_rejects_large_payloads() - Verifies 413 Payload Too Large response for >10MB request bodies - Tests the DefaultBodyLimit middleware enforcement - Location: tools_rust/mcp_runtime/src/lib.rs:13309-13338 All changes maintain backward compatibility except for stricter CIDR validation (fail-closed is more secure). Addresses reviewer feedback from lucarlig on PR #4111 Signed-off-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
6 tasks
MohanLaksh
added a commit
that referenced
this pull request
Apr 11, 2026
This commit fixes 5 issues identified in code review: **Issue #1 - Default config inconsistency (CRITICAL):** - Changed SSRF_ALLOW_LOCALHOST default from false to true - Fixes immediate failure on fresh installs where backend_rpc_url defaults to 127.0.0.1 - Updated README.md to reflect new defaults and clarify production vs development modes - Location: tools_rust/mcp_runtime/src/config.rs:208 **Issue #2 - SSRF bypass in two functions (CRITICAL):** - Added URL validation to backend_authenticate_url() before HTTP call - Added URL validation to backend_tools_call_resolve_url() before HTTP call - Both functions now use url_validator.validate_url() with SSRF protection - Locations: tools_rust/mcp_runtime/src/lib.rs:2564, 8158 **Issue #3 - Malformed CIDR fails open (HIGH):** - Changed CIDR parsing from fail-open (warn + continue) to fail-closed (return error) - Invalid CIDR in SSRF_BLOCKED_NETWORKS now fails runtime startup - Invalid CIDR in SSRF_ALLOWED_NETWORKS now fails runtime startup - Location: tools_rust/mcp_runtime/src/url_validator.rs:186-210 **Issue #4 - DNS re-resolution overhead (MEDIUM):** - Implemented DNS result caching with 5-minute TTL - Added Arc<RwLock<HashMap<String, (Vec<IpAddr>, Instant)>>> cache - Reduces DNS lookups on hot paths while maintaining security - Cache prevents DNS rebinding attacks with short TTL - Location: tools_rust/mcp_runtime/src/url_validator.rs:58-68, 486-530 **Issue #5 - Missing body-size limit test (LOW):** - Added integration test: request_body_size_limit_rejects_large_payloads() - Verifies 413 Payload Too Large response for >10MB request bodies - Tests the DefaultBodyLimit middleware enforcement - Location: tools_rust/mcp_runtime/src/lib.rs:13309-13338 All changes maintain backward compatibility except for stricter CIDR validation (fail-closed is more secure). Addresses reviewer feedback from lucarlig on PR #4111 Signed-off-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
MohanLaksh
added a commit
that referenced
this pull request
Apr 14, 2026
This commit fixes 5 issues identified in code review: **Issue #1 - Default config inconsistency (CRITICAL):** - Changed SSRF_ALLOW_LOCALHOST default from false to true - Fixes immediate failure on fresh installs where backend_rpc_url defaults to 127.0.0.1 - Updated README.md to reflect new defaults and clarify production vs development modes - Location: tools_rust/mcp_runtime/src/config.rs:208 **Issue #2 - SSRF bypass in two functions (CRITICAL):** - Added URL validation to backend_authenticate_url() before HTTP call - Added URL validation to backend_tools_call_resolve_url() before HTTP call - Both functions now use url_validator.validate_url() with SSRF protection - Locations: tools_rust/mcp_runtime/src/lib.rs:2564, 8158 **Issue #3 - Malformed CIDR fails open (HIGH):** - Changed CIDR parsing from fail-open (warn + continue) to fail-closed (return error) - Invalid CIDR in SSRF_BLOCKED_NETWORKS now fails runtime startup - Invalid CIDR in SSRF_ALLOWED_NETWORKS now fails runtime startup - Location: tools_rust/mcp_runtime/src/url_validator.rs:186-210 **Issue #4 - DNS re-resolution overhead (MEDIUM):** - Implemented DNS result caching with 5-minute TTL - Added Arc<RwLock<HashMap<String, (Vec<IpAddr>, Instant)>>> cache - Reduces DNS lookups on hot paths while maintaining security - Cache prevents DNS rebinding attacks with short TTL - Location: tools_rust/mcp_runtime/src/url_validator.rs:58-68, 486-530 **Issue #5 - Missing body-size limit test (LOW):** - Added integration test: request_body_size_limit_rejects_large_payloads() - Verifies 413 Payload Too Large response for >10MB request bodies - Tests the DefaultBodyLimit middleware enforcement - Location: tools_rust/mcp_runtime/src/lib.rs:13309-13338 All changes maintain backward compatibility except for stricter CIDR validation (fail-closed is more secure). Addresses reviewer feedback from lucarlig on PR #4111 Signed-off-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
MohanLaksh
added a commit
that referenced
this pull request
Apr 21, 2026
This commit fixes 5 issues identified in code review: **Issue #1 - Default config inconsistency (CRITICAL):** - Changed SSRF_ALLOW_LOCALHOST default from false to true - Fixes immediate failure on fresh installs where backend_rpc_url defaults to 127.0.0.1 - Updated README.md to reflect new defaults and clarify production vs development modes - Location: tools_rust/mcp_runtime/src/config.rs:208 **Issue #2 - SSRF bypass in two functions (CRITICAL):** - Added URL validation to backend_authenticate_url() before HTTP call - Added URL validation to backend_tools_call_resolve_url() before HTTP call - Both functions now use url_validator.validate_url() with SSRF protection - Locations: tools_rust/mcp_runtime/src/lib.rs:2564, 8158 **Issue #3 - Malformed CIDR fails open (HIGH):** - Changed CIDR parsing from fail-open (warn + continue) to fail-closed (return error) - Invalid CIDR in SSRF_BLOCKED_NETWORKS now fails runtime startup - Invalid CIDR in SSRF_ALLOWED_NETWORKS now fails runtime startup - Location: tools_rust/mcp_runtime/src/url_validator.rs:186-210 **Issue #4 - DNS re-resolution overhead (MEDIUM):** - Implemented DNS result caching with 5-minute TTL - Added Arc<RwLock<HashMap<String, (Vec<IpAddr>, Instant)>>> cache - Reduces DNS lookups on hot paths while maintaining security - Cache prevents DNS rebinding attacks with short TTL - Location: tools_rust/mcp_runtime/src/url_validator.rs:58-68, 486-530 **Issue #5 - Missing body-size limit test (LOW):** - Added integration test: request_body_size_limit_rejects_large_payloads() - Verifies 413 Payload Too Large response for >10MB request bodies - Tests the DefaultBodyLimit middleware enforcement - Location: tools_rust/mcp_runtime/src/lib.rs:13309-13338 All changes maintain backward compatibility except for stricter CIDR validation (fail-closed is more secure). Addresses reviewer feedback from lucarlig on PR #4111 Signed-off-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
MohanLaksh
added a commit
that referenced
this pull request
Apr 21, 2026
This commit fixes 5 issues identified in code review: **Issue #1 - Default config inconsistency (CRITICAL):** - Changed SSRF_ALLOW_LOCALHOST default from false to true - Fixes immediate failure on fresh installs where backend_rpc_url defaults to 127.0.0.1 - Updated README.md to reflect new defaults and clarify production vs development modes - Location: tools_rust/mcp_runtime/src/config.rs:208 **Issue #2 - SSRF bypass in two functions (CRITICAL):** - Added URL validation to backend_authenticate_url() before HTTP call - Added URL validation to backend_tools_call_resolve_url() before HTTP call - Both functions now use url_validator.validate_url() with SSRF protection - Locations: tools_rust/mcp_runtime/src/lib.rs:2564, 8158 **Issue #3 - Malformed CIDR fails open (HIGH):** - Changed CIDR parsing from fail-open (warn + continue) to fail-closed (return error) - Invalid CIDR in SSRF_BLOCKED_NETWORKS now fails runtime startup - Invalid CIDR in SSRF_ALLOWED_NETWORKS now fails runtime startup - Location: tools_rust/mcp_runtime/src/url_validator.rs:186-210 **Issue #4 - DNS re-resolution overhead (MEDIUM):** - Implemented DNS result caching with 5-minute TTL - Added Arc<RwLock<HashMap<String, (Vec<IpAddr>, Instant)>>> cache - Reduces DNS lookups on hot paths while maintaining security - Cache prevents DNS rebinding attacks with short TTL - Location: tools_rust/mcp_runtime/src/url_validator.rs:58-68, 486-530 **Issue #5 - Missing body-size limit test (LOW):** - Added integration test: request_body_size_limit_rejects_large_payloads() - Verifies 413 Payload Too Large response for >10MB request bodies - Tests the DefaultBodyLimit middleware enforcement - Location: tools_rust/mcp_runtime/src/lib.rs:13309-13338 All changes maintain backward compatibility except for stricter CIDR validation (fail-closed is more secure). Addresses reviewer feedback from lucarlig on PR #4111 Signed-off-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.