Chore/Custom MCP Validation (#4996)

- Updated `validateMCPServerSecurity` to only allow whitelisted commands, removing the extensive list of dangerous commands.
- Introduced `validateArgsForLocalFileAccess` to check for potential local file access patterns and null byte injections.
- Updated `Supergateway_MCP` to utilize the new argument validation function.
- Added a warning in `CustomMCP` regarding upcoming changes to Remote MCP support.

packages/components/nodes/tools/MCP/Supergateway/SupergatewayMCP.ts

@@ -1,7 +1,7 @@
 import { Tool } from '@langchain/core/tools'
 import { ICommonObject, INode, INodeData, INodeOptionsValue, INodeParams } from '../../../../src/Interface'
 import { getNodeModulesPackagePath } from '../../../../src/utils'
-import { MCPToolkit, validateMCPServerSecurity } from '../core'
+import { MCPToolkit, validateArgsForLocalFileAccess } from '../core'
 
 class Supergateway_MCP implements INode {
     label: string
@@ -108,7 +108,7 @@ class Supergateway_MCP implements INode {
 
         if (process.env.CUSTOM_MCP_SECURITY_CHECK === 'true') {
             try {
-                validateMCPServerSecurity(serverParams)
+                validateArgsForLocalFileAccess(processedArgs)
             } catch (error) {
                 throw new Error(`Security validation failed: ${error.message}`)
             }