npm - @cainli/mcp-server-mysql - Versions diffs - 2.0.14 → 2.0.17 - Mend

@cainli/mcp-server-mysql 2.0.14 → 2.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -617,6 +617,7 @@ When `MYSQL_CONNECTION_STRING` is provided, it takes precedence over individual
 - `ALLOW_UPDATE_OPERATION`: Enable UPDATE operations (default: "false")
 - `ALLOW_DELETE_OPERATION`: Enable DELETE operations (default: "false")
 - `ALLOW_DDL_OPERATION`: Enable DDL operations (default: "false")
+- `REQUIRE_DB_FILTER_FOR_INFO_SCHEMA`: **[NEW]** Require database filter for `information_schema.tables` queries (default: "false"). When enabled in single-DB mode, queries against `information_schema.tables` must include a `WHERE table_schema = '<database_name>'` clause. This prevents full table scans on databases with many tables (4500+) which can cause high CPU usage.
 - `MYSQL_DISABLE_READ_ONLY_TRANSACTIONS`: **[NEW]** Disable read-only transaction enforcement (default: "false") ⚠️ **Security Warning:** Only enable this if you need full write capabilities and trust the LLM with your database
 - `SCHEMA_INSERT_PERMISSIONS`: Schema-specific INSERT permissions
 - `SCHEMA_UPDATE_PERMISSIONS`: Schema-specific UPDATE permissions

package/dist/index.js CHANGED Viewed

@@ -113,6 +113,7 @@ export default function createMcpServer({ sessionId, config, }) {
                 ? `socket: ${process.env.MYSQL_SOCKET_PATH}`
                 : `host: ${process.env.MYSQL_HOST || "localhost"}, port: ${process.env.MYSQL_PORT || 3306}`;
             log("info", `Connection info: ${connectionInfo}`);
+            log("info", `isMultiDbMode: ${isMultiDbMode}, configured database: ${mcpConfig.mysql.database || 'none'}`);
             const tablesQuery = `
       SELECT
         table_name as name,
@@ -172,13 +173,19 @@ export default function createMcpServer({ sessionId, config, }) {
             }
             let columnsQuery = "SELECT column_name, data_type FROM information_schema.columns WHERE table_name = ?";
             let queryParams = [tableName];
-            const schemaName = dbName || (!isMultiDbMode ? mcpConfig.mysql.database : null);
+            let schemaName = dbName;
+            if (!schemaName && !isMultiDbMode && mcpConfig.mysql.database) {
+                schemaName = mcpConfig.mysql.database;
+            }
             if (!/^[a-zA-Z0-9_]+$/.test(tableName)) {
                 throw new Error(`Invalid table name: ${tableName}`);
             }
             if (schemaName && !/^[a-zA-Z0-9_]+$/.test(schemaName)) {
                 throw new Error(`Invalid schema name: ${schemaName}`);
             }
+            if (!isMultiDbMode && !schemaName) {
+                throw new Error(`In single-DB mode, a schema/database must be specified. Configured database: ${mcpConfig.mysql.database || 'none'}`);
+            }
             if (schemaName) {
                 columnsQuery += " AND table_schema = ?";
                 queryParams.push(schemaName);

package/dist/src/config/index.js CHANGED Viewed

@@ -47,6 +47,7 @@ export const REMOTE_SECRET_KEY = process.env.REMOTE_SECRET_KEY || "";
 export const PORT = process.env.PORT || 3000;
 const dbFromEnvOrConnString = connectionStringConfig.database || process.env.MYSQL_DB;
 export const isMultiDbMode = !dbFromEnvOrConnString || dbFromEnvOrConnString.trim() === "";
+export const REQUIRE_DB_FILTER_FOR_INFO_SCHEMA = process.env.REQUIRE_DB_FILTER_FOR_INFO_SCHEMA === "true";
 export const mcpConfig = {
     server: {
         name: "@benborla29/mcp-server-mysql",

package/dist/src/db/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { performance } from "perf_hooks";
-import { isMultiDbMode } from "./../config/index.js";
+import { isMultiDbMode, REQUIRE_DB_FILTER_FOR_INFO_SCHEMA, } from "./../config/index.js";
 import { isDDLAllowedForSchema, isInsertAllowedForSchema, isUpdateAllowedForSchema, isDeleteAllowedForSchema, } from "./permissions.js";
-import { extractSchemaFromQuery, getQueryTypes } from "./utils.js";
+import { extractSchemaFromQuery, getQueryTypes, validateInfoSchemaQuery, } from "./utils.js";
 import * as mysql2 from "mysql2/promise";
 import { log } from "./../utils/index.js";
 import { mcpConfig as config, MYSQL_DISABLE_READ_ONLY_TRANSACTIONS } from "./../config/index.js";
@@ -142,6 +142,23 @@ async function executeWriteQuery(sql) {
 async function executeReadOnlyQuery(sql) {
     let connection;
     try {
+        if (REQUIRE_DB_FILTER_FOR_INFO_SCHEMA &&
+            !isMultiDbMode &&
+            config.mysql.database) {
+            const validation = validateInfoSchemaQuery(sql, config.mysql.database);
+            if (!validation.valid) {
+                log("error", `information_schema.tables query validation failed: ${validation.reason}`);
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: `Error: ${validation.reason}`,
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+        }
         const queryTypes = await getQueryTypes(sql);
         const schema = extractSchemaFromQuery(sql);
         const isUpdateOperation = queryTypes.some((type) => ["update"].includes(type));

package/dist/src/db/utils.js CHANGED Viewed

@@ -31,4 +31,31 @@ async function getQueryTypes(query) {
         throw new Error(`Parsing failed: ${err.message}`);
     }
 }
-export { extractSchemaFromQuery, getQueryTypes };
+function validateInfoSchemaQuery(sql, requiredDb) {
+    if (!requiredDb) {
+        return { valid: true };
+    }
+    const normalizedSql = sql.replace(/\s+/g, " ").trim().toLowerCase();
+    const infoSchemaPatterns = [
+        /from\s+information_schema\.tables\b/,
+        /from\s+information_schema\.`tables`\b/,
+        /from\s+`information_schema`\.tables\b/,
+        /from\s+`information_schema`\.`tables`\b/,
+    ];
+    const targetsInfoSchemaTables = infoSchemaPatterns.some((pattern) => pattern.test(normalizedSql));
+    if (!targetsInfoSchemaTables) {
+        return { valid: true };
+    }
+    const hasTableSchemaFilter = normalizedSql.includes("table_schema") &&
+        (normalizedSql.includes("=") ||
+            normalizedSql.includes("in") ||
+            normalizedSql.includes("?"));
+    if (hasTableSchemaFilter) {
+        return { valid: true };
+    }
+    return {
+        valid: false,
+        reason: `Querying information_schema.tables requires a database filter. Please add 'WHERE table_schema = '${requiredDb}'' to your query. Required database: ${requiredDb}`,
+    };
+}
+export { extractSchemaFromQuery, getQueryTypes, validateInfoSchemaQuery };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cainli/mcp-server-mysql",
-  "version": "2.0.14",
+  "version": "2.0.17",
   "description": "MCP server for interacting with MySQL databases with write operations support",
   "license": "MIT",
   "author": "cainli (https://github.com/cainli)",