Feature-221 : Gateway-Level Input Validation & Output Sanitization

[nmveeresh]

Gateway-Level Input Validation & Output Sanitization

Closes #221

🔒 Security Enhancement

This PR introduces a comprehensive security layer for input validation and output sanitization within the MCP Gateway, significantly reducing the attack surface for path traversal, command injection, and control-character exploits.

---

🎯 Key Features

1. Path Traversal Defense

• Normalizes all paths using secure resolvers.
• Enforces confinement to declared root directories.
• Blocks attempts like:
  • ../../../etc/passwd
  • ......\windows\system32

2. Parameter Validation

• Detects and rejects:
• Shell metacharacters
• SQL injection patterns
• XSS-oriented strings
• Unsafe URLs (javascript:)
• Control characters (0x00–0x1F, 0x7F–0x9F)

3. Output Sanitization

• Removes unsafe control characters before delivering responses.
• Validates MIME types and prevents malicious payloads.

4. Configurable Security Modes

• Fully feature-flagged via:
• EXPERIMENTAL_VALIDATE_IO
• Strict vs warn mode
• Sanitization toggle

5. System-Wide Coverage

• New validation middleware applied early in request lifecycle.
• Safe wrapper for subprocess execution.
• Updated resource service path normalization.
• Sanitization pipeline for responses.

---

🛠️ Implementation Details

New Components

• Request validation middleware
• Secure path normalization utility
• Sanitized response generator
• Safe subprocess command executor

Updated Components

• Resource service
• Tool execution pipeline
• Global configuration manager

---

🔧 Configuration Added (in .env)

EXPERIMENTAL_VALIDATE_IO=false
VALIDATION_MIDDLEWARE_ENABLED=false
VALIDATION_STRICT=false
SANITIZE_OUTPUT=false
ALLOWED_ROOTS=[]
MAX_PATH_DEPTH=10
MAX_PARAM_LENGTH=10000
DANGEROUS_PATTERNS=[
"[;&|`$(){}\\[\\]<>]",
"\\.\\.[/\\\\]",
"[\\x00-\\x1f\\x7f-\\x9f]"
]

🎯 Security Impact

---

Prevents:

• Directory traversal
• Shell/command injection
• SQL injection attempts
• XSS injection into tool metadata
• Malicious binary/control-character output

Benefits:

• Stronger baseline security posture
• Consistent validation across the entire gateway
• Clean and predictable output guarantees
  -Foundation for future MCP spec hardening

🛡️ Quick Security Validation Tests

Essential attack patterns that MUST be blocked by the Gateway.

---

Export the environment variables

Run this in your terminal:

export EXPERIMENTAL_VALIDATE_IO=false
export VALIDATION_MIDDLEWARE_ENABLED=false
export VALIDATION_STRICT=false
export SANITIZE_OUTPUT=false

If false → validation disabled, tests will execute normally
If true → validation enabled, tests will block invalid inputs

🧪 Test Script

#!/bin/bash
# Quick security validation tests - Essential attacks that MUST be blocked

BASE_URL="http://localhost:4444"
TOKEN="Paste your token here"

check_blocked() {
    if echo "$1" | grep -Eq "Parameter .* contains dangerous characters"; then
        echo "✔️  BLOCKED as expected"
    else
        echo "❌  ERROR: Should have been BLOCKED"
    fi
}

check_allowed() {
    # Check for "id" in response, which indicates successful tool creation
    if echo "$1" | grep -q "\"id\""; then
        echo "✔️  ALLOWED as expected"
    else
        echo "❌  ERROR: Should have been ALLOWED"
    fi
}

echo "🛡️  Quick Security Test - Essential Validations"
echo "==============================================="

# Test 1: Path Traversal
echo "🔒 Test 1: Path Traversal Attack"
resp=$(curl -s -X POST "$BASE_URL/resources" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"uri": "../../../etc/passwd", "name": "test_traversal"}')
echo "$resp" | jq .
check_blocked "$resp"
echo ""

# Test 2: Shell Injection
echo "🔒 Test 2: Shell Injection Attack"
resp=$(curl -s -X POST "$BASE_URL/tools" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "test_shell", "command": "ls && cat /etc/passwd"}')
echo "$resp" | jq .
check_blocked "$resp"
echo ""

# Test 3: SQL Injection
echo "🔒 Test 3: SQL Injection Attack"
resp=$(curl -s -X POST "$BASE_URL/tools" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "test_sql", "description": "'"'"'; DROP TABLE users; --"}')
echo "$resp" | jq .
check_blocked "$resp"
echo ""

# Test 4: XSS
echo "🔒 Test 4: XSS Attack"
resp=$(curl -s -X POST "$BASE_URL/tools" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "test_xss", "description": "<script>alert(1)</script>"}')
echo "$resp" | jq .
check_blocked "$resp"
echo ""

# Test 5: Dangerous URL
echo "🔒 Test 5: Dangerous URL"
resp=$(curl -s -X POST "$BASE_URL/tools" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "test_url", "url": "javascript:alert(1)"}')
echo "$resp" | jq .
check_blocked "$resp"
echo ""

# Test 6: Safe Command
echo "✅ Test 6: Safe Command (should work)"
resp=$(curl -s -X POST "$BASE_URL/tools" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tool": {"name": "acss-tool232", "command": "echo hello world"}}')
echo "$resp" | jq .
check_allowed "$resp"
echo ""

echo "🏁 Quick tests completed!"
echo "Expected: Tests 1-5 should be BLOCKED, Test 6 should PASS"