Skip to content

fix[security]: path traversal vulnerability in MCP server resource loading#1499

Merged
yifancong merged 4 commits intomainfrom
copilot/fix-security-vulnerability-hono
Feb 10, 2026
Merged

fix[security]: path traversal vulnerability in MCP server resource loading#1499
yifancong merged 4 commits intomainfrom
copilot/fix-security-vulnerability-hono

Conversation

Copy link
Contributor

Copilot AI commented Jan 19, 2026
edited
Loading

The readMarkdownResource function accepted unvalidated URI pathnames, enabling path traversal attacks to read arbitrary files outside the resources directory (e.g., file://rsdoctor/../../etc/passwd).

Changes

Security validation in packages/ai/src/server/resource.ts

  • Extract filename using path.basename() to strip directory components
  • Reject paths containing .. sequences
  • Verify resolved path remains within resources directory using path.relative() and checking for upward traversal or absolute paths

Before:

const contents = await readFileAsync(
  path.join(__dirname, './resources', uri.pathname),
  'utf-8',
);

After:

const filename = path.basename(uri.pathname);
if (!filename || filename !== uri.pathname.replace(/^\//, '') || /\.\./.test(uri.pathname)) {
  throw new Error('Invalid resource path: path traversal detected');
}

const resourcesDir = path.join(__dirname, './resources');
const filePath = path.join(resourcesDir, filename);
const relativePath = path.relative(path.resolve(resourcesDir), path.resolve(filePath));

if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) {
  throw new Error('Invalid resource path: access denied');
}

Test coverage

Added packages/ai/tests/resource.test.ts covering legitimate access and blocking path traversal attempts via ../, subdirectories, and absolute paths.

Original prompt

Fix security vulnerability in hono related to Improper Authorization, ensuring proper validation of access controls and permissions.

This pull request was created from Copilot chat.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@netlify
Copy link

netlify bot commented Jan 19, 2026
edited
Loading

Deploy Preview for rsdoctor ready!

Name Link
🔨 Latest commit 0c9d76b
🔍 Latest deploy log https://app.netlify.com/projects/rsdoctor/deploys/696e184fd65e28000834d9e7
😎 Deploy Preview https://deploy-preview-1499--rsdoctor.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@yifancong yifancong marked this pull request as ready for review January 19, 2026 11:20
Copilot AI review requested due to automatic review settings January 19, 2026 11:20
Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI and others added 2 commits January 19, 2026 11:37
@yifancong
Fix path traversal vulnerability in resource loading with proper vali…
e0ba9a8 
…dation

Co-authored-by: yifancong <18437716+yifancong@users.noreply.github.com>
@yifancong
Improve path traversal validation with path.relative for cross-platfo…
0c9d76b 
…rm security

Co-authored-by: yifancong <18437716+yifancong@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix security vulnerability in hono related to improper authorization Fix path traversal vulnerability in MCP server resource loading Jan 19, 2026
Copilot AI requested a review from yifancong January 19, 2026 11:48
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Feb 10, 2026
edited
Loading

Deploying rsdoctor with  Cloudflare Pages  Cloudflare Pages

Latest commit: e8595f4
Status: ✅  Deploy successful!
Preview URL: https://41778a47.rsdoctor.pages.dev
Branch Preview URL: https://copilot-fix-security-vulnera.rsdoctor.pages.dev

View logs

@yifancong yifancong changed the title Fix path traversal vulnerability in MCP server resource loading fix[security]: path traversal vulnerability in MCP server resource loading Feb 10, 2026
@yifancong yifancong requested a review from 9aoy February 10, 2026 08:52
@yifancong yifancong enabled auto-merge (squash) February 10, 2026 08:55
@yifancong yifancong merged commit 9c29be6 into main Feb 10, 2026
6 of 7 checks passed
@yifancong yifancong deleted the copilot/fix-security-vulnerability-hono branch February 10, 2026 08:58
@yifancong yifancong mentioned this pull request Mar 4, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@9aoy 9aoy 9aoy approved these changes

+1 more reviewer

@yifancong yifancong yifancong approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@yifancong yifancong

Copilot code review Copilot

Labels

change: fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yifancong @9aoy