farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-28 21:00:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Chore/Custom MCP Validation (#4996)

Browse Source 
- Updated `validateMCPServerSecurity` to only allow whitelisted commands, removing the extensive list of dangerous commands.
- Introduced `validateArgsForLocalFileAccess` to check for potential local file access patterns and null byte injections.
- Updated `Supergateway_MCP` to utilize the new argument validation function.
- Added a warning in `CustomMCP` regarding upcoming changes to Remote MCP support.
This commit is contained in:
Henry Heng
2025-07-31 23:15:11 +01:00
committed by GitHub
parent 28fec16873
commit d29db16bfc
4 changed files with 60 additions and 380 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts
+5 -1
View File
@@ -72,7 +72,11 @@ class Custom_MCP implements INode {
label: 'How to use',
value: howToUseCode
},
placeholder: mcpServerConfig
placeholder: mcpServerConfig,
warning:
process.env.CUSTOM_MCP_SECURITY_CHECK === 'true'
? 'In next release, only Remote MCP with url is supported. Read more <a href="https://docs.flowiseai.com/tutorials/tools-and-mcp#streamable-http-recommended" target="_blank">here</a>'
: undefined
},
{
label: 'Available Actions',