Feat/Enhance security validation for MCP configurations (#5232)

feat: enhance security validation for MCP configurations - Added environment variable checks for CUSTOM_MCP_SECURITY_CHECK, CUSTOM_MCP_PROTOCOL, and HTTP_DENY_LIST across various Docker and application files. - Implemented validation functions in MCP core to prevent command injection and ensure safe environment variable usage
2026-06-28 07:00:49 +03:00 · 2025-09-18 14:37:31 +01:00
parent 42152dd036
commit 41131dfac3
10 changed files with 130 additions and 9 deletions
@@ -139,6 +139,11 @@ services:
            - REDIS_CA=${REDIS_CA}
            - REDIS_KEEP_ALIVE=${REDIS_KEEP_ALIVE}
            - ENABLE_BULLMQ_DASHBOARD=${ENABLE_BULLMQ_DASHBOARD}
+
+              # SECURITY
+            - CUSTOM_MCP_SECURITY_CHECK=${CUSTOM_MCP_SECURITY_CHECK}
+            - CUSTOM_MCP_PROTOCOL=${CUSTOM_MCP_PROTOCOL}
+            - HTTP_DENY_LIST=${HTTP_DENY_LIST}
        healthcheck:
            test: ['CMD', 'curl', '-f', 'http://localhost:${PORT:-3000}/api/v1/ping']
            interval: 10s
@@ -276,6 +281,11 @@ services:
            - REDIS_CA=${REDIS_CA}
            - REDIS_KEEP_ALIVE=${REDIS_KEEP_ALIVE}
            - ENABLE_BULLMQ_DASHBOARD=${ENABLE_BULLMQ_DASHBOARD}
+
+              # SECURITY
+            - CUSTOM_MCP_SECURITY_CHECK=${CUSTOM_MCP_SECURITY_CHECK}
+            - CUSTOM_MCP_PROTOCOL=${CUSTOM_MCP_PROTOCOL}
+            - HTTP_DENY_LIST=${HTTP_DENY_LIST}
        healthcheck:
            test: ['CMD', 'curl', '-f', 'http://localhost:${WORKER_PORT:-5566}/healthz']
            interval: 10s