@berthojoris/mcp-mysql-server 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/dist/config/featureConfig.js +53 -0
  3. package/dist/security/securityLayer.js +9 -4
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -5,6 +5,23 @@ All notable changes to the MySQL MCP Server will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [1.6.3] - 2025-11-23
9
+
10
+ ### Fixed
11
+ - **Missing tools in toolCategoryMap** - Added 42 missing tools to the permission system
12
+ - View tools: listViews, getViewInfo, createView, alterView, dropView, showCreateView
13
+ - Trigger tools: listTriggers, getTriggerInfo, createTrigger, dropTrigger, showCreateTrigger
14
+ - Function tools: listFunctions, getFunctionInfo, createFunction, dropFunction, showCreateFunction, executeFunction
15
+ - Index tools: listIndexes, getIndexInfo, createIndex, dropIndex, analyzeIndex
16
+ - Constraint tools: listForeignKeys, listConstraints, addForeignKey, dropForeignKey, addUniqueConstraint, dropConstraint, addCheckConstraint
17
+ - Maintenance tools: analyzeTable, optimizeTable, checkTable, repairTable, truncateTable, getTableStatus, flushTable, getTableSize
18
+ - Server tools: showProcessList, killProcess, showStatus, showVariables, explainQuery, showEngineStatus, getServerInfo, showBinaryLogs, showReplicationStatus
19
+
20
+ - **Security keyword false positives in run_query** - Refined dangerous keywords to avoid blocking common table/column names
21
+ - Removed generic keywords: `USER`, `PASSWORD`, `MYSQL`, `SYS` that blocked legitimate queries
22
+ - Added specific security patterns: `MYSQL.USER`, `MYSQL.DB`, `CREATE USER`, `DROP USER`, `ALTER USER`, `SET PASSWORD`, `LOAD_FILE`, `INFORMATION_SCHEMA.USER_PRIVILEGES`
23
+ - Queries like `SELECT * FROM users` or `SELECT user, password FROM accounts` now work correctly
24
+
8
25
  ## [1.6.2] - 2025-11-22
9
26
 
10
27
  ### Fixed
package/dist/config/featureConfig.js CHANGED
@@ -76,6 +76,59 @@ exports.toolCategoryMap = {
76
76
  // Query optimization tools
77
77
  analyzeQuery: ToolCategory.UTILITY,
78
78
  getOptimizationHints: ToolCategory.UTILITY,
79
+ // View tools
80
+ listViews: ToolCategory.LIST,
81
+ getViewInfo: ToolCategory.LIST,
82
+ createView: ToolCategory.DDL,
83
+ alterView: ToolCategory.DDL,
84
+ dropView: ToolCategory.DDL,
85
+ showCreateView: ToolCategory.LIST,
86
+ // Trigger tools
87
+ listTriggers: ToolCategory.LIST,
88
+ getTriggerInfo: ToolCategory.LIST,
89
+ createTrigger: ToolCategory.DDL,
90
+ dropTrigger: ToolCategory.DDL,
91
+ showCreateTrigger: ToolCategory.LIST,
92
+ // Function tools
93
+ listFunctions: ToolCategory.LIST,
94
+ getFunctionInfo: ToolCategory.LIST,
95
+ createFunction: ToolCategory.PROCEDURE,
96
+ dropFunction: ToolCategory.PROCEDURE,
97
+ showCreateFunction: ToolCategory.LIST,
98
+ executeFunction: ToolCategory.PROCEDURE,
99
+ // Index tools
100
+ listIndexes: ToolCategory.LIST,
101
+ getIndexInfo: ToolCategory.LIST,
102
+ createIndex: ToolCategory.DDL,
103
+ dropIndex: ToolCategory.DDL,
104
+ analyzeIndex: ToolCategory.UTILITY,
105
+ // Constraint tools
106
+ listForeignKeys: ToolCategory.LIST,
107
+ listConstraints: ToolCategory.LIST,
108
+ addForeignKey: ToolCategory.DDL,
109
+ dropForeignKey: ToolCategory.DDL,
110
+ addUniqueConstraint: ToolCategory.DDL,
111
+ dropConstraint: ToolCategory.DDL,
112
+ addCheckConstraint: ToolCategory.DDL,
113
+ // Table maintenance tools
114
+ analyzeTable: ToolCategory.UTILITY,
115
+ optimizeTable: ToolCategory.UTILITY,
116
+ checkTable: ToolCategory.UTILITY,
117
+ repairTable: ToolCategory.UTILITY,
118
+ truncateTable: ToolCategory.DDL,
119
+ getTableStatus: ToolCategory.LIST,
120
+ flushTable: ToolCategory.UTILITY,
121
+ getTableSize: ToolCategory.LIST,
122
+ // Process and server management tools
123
+ showProcessList: ToolCategory.LIST,
124
+ killProcess: ToolCategory.EXECUTE,
125
+ showStatus: ToolCategory.LIST,
126
+ showVariables: ToolCategory.LIST,
127
+ explainQuery: ToolCategory.UTILITY,
128
+ showEngineStatus: ToolCategory.LIST,
129
+ getServerInfo: ToolCategory.LIST,
130
+ showBinaryLogs: ToolCategory.LIST,
131
+ showReplicationStatus: ToolCategory.LIST,
79
132
  };
80
133
  /**
81
134
  * Class to manage feature configuration based on runtime or environment variables
package/dist/security/securityLayer.js CHANGED
@@ -12,17 +12,22 @@ class SecurityLayer {
12
12
  this.featureConfig = featureConfig || new featureConfig_js_1.FeatureConfig();
13
13
  // Define dangerous SQL keywords that should ALWAYS be blocked (critical security threats)
14
14
  // These are blocked even with 'execute' permission
15
+ // Note: Avoid blocking common table/column names like "user" or "password"
15
16
  this.dangerousKeywords = [
16
17
  "GRANT",
17
18
  "REVOKE",
18
19
  "INTO OUTFILE",
19
20
  "INTO DUMPFILE",
20
21
  "LOAD DATA",
21
- "MYSQL",
22
+ "LOAD_FILE",
23
+ "INFORMATION_SCHEMA.USER_PRIVILEGES",
24
+ "MYSQL.USER",
25
+ "MYSQL.DB",
22
26
  "PERFORMANCE_SCHEMA",
23
- "SYS",
24
- "USER",
25
- "PASSWORD",
27
+ "CREATE USER",
28
+ "DROP USER",
29
+ "ALTER USER",
30
+ "SET PASSWORD",
26
31
  ];
27
32
  // Define basic allowed SQL operations
28
33
  this.allowedOperations = ["SELECT", "INSERT", "UPDATE", "DELETE"];
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@berthojoris/mcp-mysql-server",
3
- "version": "1.6.2",
3
+ "version": "1.6.3",
4
4
  "description": "Model Context Protocol server for MySQL database integration with dynamic per-project permissions and data export capabilities",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",