@n0zer0d4y/vulcan-file-ops 1.1.4 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +41 -0
- package/README.md +37 -4
- package/dist/tools/write-tools.js +30 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,47 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.1.5] - 2025-11-15
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
|
|
12
|
+
- Comprehensive security audit documentation suite:
|
|
13
|
+
- `docs/SNYK_VULNERABILITY_AUDIT_2025.md` - Static analysis audit report from Snyk platform
|
|
14
|
+
- Validated 5/6 Snyk findings as false positives
|
|
15
|
+
- Fixed 1 finding (defense-in-depth path validation in rollback function)
|
|
16
|
+
- Created `.snyk` policy file to suppress false positives with justifications
|
|
17
|
+
- `docs/CVE_MANUAL_AUDIT_2025-11-04.md` - Manual CVE pattern analysis audit
|
|
18
|
+
- CVE-2025-54794/54795 pattern research and mitigation validation
|
|
19
|
+
- Identified and fixed critical `make_directory` vulnerability
|
|
20
|
+
- `docs/SHELL_COMMAND_AUDIT_2025-11-04.md` - Shell command directory bypass audit (retrospective)
|
|
21
|
+
- Documents November 2024 security fix for path validation in shell command arguments
|
|
22
|
+
- 419 lines of comprehensive test coverage
|
|
23
|
+
- `docs/SECURITY_TEST_SUMMARY.md` - Security test coverage documentation
|
|
24
|
+
- 2000+ lines of security-focused tests in `src/tests/`
|
|
25
|
+
- Explicit CVE tests for CVE-2025-54794, CVE-2025-54795, CVE-2025-53109
|
|
26
|
+
- Security annotations and JSDoc comments in `src/tools/write-tools.ts` for static analysis tools
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
|
|
30
|
+
- Reorganized vulnerability documentation with unique, descriptive filenames:
|
|
31
|
+
- Renamed `docs/VULNERABILITY_RESEARCH_FINDINGS.md` → `docs/CVE_MANUAL_AUDIT_2025-11-04.md`
|
|
32
|
+
- Renamed `local_docs/VULNERABILITY_RESEARCH_FINDINGS.md` → `local_docs/CVE_MANUAL_AUDIT_2025-11-03_DRAFT.md`
|
|
33
|
+
- Updated dates in audit reports to reflect actual creation/audit dates (Nov 3-4, 2025)
|
|
34
|
+
- Enhanced README.md Security Audit section with comprehensive audit report references
|
|
35
|
+
- Added "Latest Security Audits" section linking to all audit reports
|
|
36
|
+
- Updated CVE Protection Status with current security posture
|
|
37
|
+
- Clarified shell command directory bypass as fixed (November 2024)
|
|
38
|
+
|
|
39
|
+
### Security
|
|
40
|
+
|
|
41
|
+
- Added defense-in-depth path validation to `performRollback()` function in `write-tools.ts`
|
|
42
|
+
- Re-validates paths before rollback operations
|
|
43
|
+
- Protects against edge cases where allowed directories might change during multi-file operations
|
|
44
|
+
|
|
45
|
+
### Removed
|
|
46
|
+
|
|
47
|
+
- Deleted duplicate `VULNERABILITY_RESEARCH_FINDINGS.md` files from both `docs/` and `local_docs/` after proper renaming
|
|
48
|
+
|
|
8
49
|
## [1.1.4] - 2025-11-13
|
|
9
50
|
|
|
10
51
|
### Changed
|
package/README.md
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# Vulcan File Ops MCP Server
|
|
2
2
|
|
|
3
3
|
|
|
4
|
+
[](https://registry.modelcontextprotocol.io/v0/servers?search=io.github.n0zer0d4y/vulcan-file-ops)
|
|
4
5
|
|
|
5
6
|
[](https://modelcontextprotocol.io)
|
|
6
7
|
[](https://modelcontextprotocol.io)
|
|
@@ -8,7 +9,9 @@
|
|
|
8
9
|
[](https://opensource.org/licenses/MIT)
|
|
9
10
|
[](https://mseep.ai/app/n0zer0d4y-vulcan-file-ops)
|
|
10
11
|
|
|
11
|
-
**
|
|
12
|
+
> **Secure • User-Controlled • High-Performance File Operations Server**
|
|
13
|
+
|
|
14
|
+
Transform your desktop AI assistants into powerful development partners. Vulcan File Ops bridges the gap between conversational AI (Claude Desktop, ChatGPT Desktop, etc.) and your local filesystem, unlocking the same file manipulation capabilities found in AI-powered IDEs like Cursor and VS Code extension like Cline. Write code, refactor projects, manage documentation, and perform complex file operations—matching the power of dedicated AI coding assistants. With enterprise-grade security controls, dynamic directory registration, and intelligent tool filtering, you maintain complete control while your AI assistant handles the heavy lifting.
|
|
12
15
|
|
|
13
16
|
## Table of Contents
|
|
14
17
|
|
|
@@ -697,7 +700,8 @@ Execute shell commands with security controls
|
|
|
697
700
|
|
|
698
701
|
**Output:** Exit code, stdout, stderr, and execution metadata
|
|
699
702
|
|
|
700
|
-
**Security:**
|
|
703
|
+
**Security:**
|
|
704
|
+
|
|
701
705
|
- At least one approved directory must be configured before executing shell commands
|
|
702
706
|
- Working directory (whether explicit or default process.cwd()) is always validated against allowed directories
|
|
703
707
|
- All file/directory paths in command arguments are automatically extracted and validated against allowed directories
|
|
@@ -853,7 +857,9 @@ This MCP server implements enterprise-grade security controls to protect against
|
|
|
853
857
|
|
|
854
858
|
### Security Audit
|
|
855
859
|
|
|
856
|
-
This server has been audited against known vulnerabilities:
|
|
860
|
+
This server has been comprehensively audited against known vulnerabilities and static analysis findings:
|
|
861
|
+
|
|
862
|
+
**CVE Protection Status:**
|
|
857
863
|
|
|
858
864
|
- ✅ CVE-2025-54794 (Path Restriction Bypass) - **FIXED**
|
|
859
865
|
- ✅ CVE-2025-54795 (Command Injection) - **PROTECTED**
|
|
@@ -861,7 +867,34 @@ This server has been audited against known vulnerabilities:
|
|
|
861
867
|
- ✅ CVE-2025-53110 (Directory Containment Bypass) - **PROTECTED**
|
|
862
868
|
- ✅ Shell Execution Directory Bypass - **FIXED** (November 2024)
|
|
863
869
|
|
|
864
|
-
|
|
870
|
+
**Latest Security Audits:**
|
|
871
|
+
|
|
872
|
+
- 📋 [Snyk Vulnerability Audit Report - November 2025](docs/SNYK_VULNERABILITY_AUDIT_2025.md)
|
|
873
|
+
- **Status**: 5/6 Snyk findings validated as false positives, 1 finding fixed
|
|
874
|
+
- **Risk Level**: LOW - Comprehensive path traversal protection verified
|
|
875
|
+
- **Static Analysis**: Snyk false positive rate 83% due to custom validation not recognized
|
|
876
|
+
- **Test Coverage**: 2000+ lines of security tests validate all protection measures
|
|
877
|
+
- 📋 [CVE Manual Audit - November 2025](docs/CVE_MANUAL_AUDIT_2025-11-04.md)
|
|
878
|
+
- **Status**: Critical `make_directory` vulnerability identified and fixed
|
|
879
|
+
- **Focus**: CVE-2025-54794/54795 pattern analysis and mitigation strategies
|
|
880
|
+
- **Date**: November 4, 2025 (Manual CVE Research)
|
|
881
|
+
- 📋 [Shell Command Directory Bypass Audit - November 2025](docs/SHELL_COMMAND_AUDIT_2025-11-04.md)
|
|
882
|
+
- **Status**: ✅ Fixed November 2024 (Retrospective documentation)
|
|
883
|
+
- **Issue**: Shell commands previously could access files outside approved directories via absolute paths
|
|
884
|
+
- **Severity**: HIGH (CVSS ~7.5) - Path traversal via command arguments
|
|
885
|
+
- **Fix Status**: ✅ FIXED - Path extraction and validation implemented
|
|
886
|
+
- **Test Coverage**: 419 lines of comprehensive tests, all passing
|
|
887
|
+
- 📋 [Security Test Coverage Summary](docs/SECURITY_TEST_SUMMARY.md)
|
|
888
|
+
- **Test Suite**: 2000+ lines of security-focused tests in `src/tests/`
|
|
889
|
+
- **CVE Tests**: Explicit tests for CVE-2025-54794, CVE-2025-54795, CVE-2025-53109
|
|
890
|
+
- **Coverage**: Path traversal, symlinks (129+ cases), command injection, shell bypass
|
|
891
|
+
|
|
892
|
+
**Security Architecture:**
|
|
893
|
+
|
|
894
|
+
- Multi-layer path validation (canonical resolution, boundary checking, symlink protection)
|
|
895
|
+
- Defense-in-depth with atomic operations and race condition prevention
|
|
896
|
+
- Directory whitelisting with prefix collision protection
|
|
897
|
+
- Comprehensive security annotations for static analysis tools
|
|
865
898
|
|
|
866
899
|
### Supported File Types
|
|
867
900
|
|
|
@@ -9,6 +9,10 @@ const ToolInputSchema = ToolSchema.shape.inputSchema;
|
|
|
9
9
|
/**
|
|
10
10
|
* Helper function to write file content based on file extension
|
|
11
11
|
* Supports HTML conversion for rich formatting in PDF and DOCX files
|
|
12
|
+
*
|
|
13
|
+
* @security Path must be pre-validated via validatePath() before calling this function
|
|
14
|
+
* @param validPath - VALIDATED path (must have passed through validatePath())
|
|
15
|
+
* @param content - File content to write
|
|
12
16
|
*/
|
|
13
17
|
async function writeFileBasedOnExtension(validPath, content) {
|
|
14
18
|
const ext = path.extname(validPath).toLowerCase();
|
|
@@ -23,12 +27,14 @@ async function writeFileBasedOnExtension(validPath, content) {
|
|
|
23
27
|
title: fileTitle,
|
|
24
28
|
author: "vulcan-file-ops",
|
|
25
29
|
});
|
|
30
|
+
// SECURITY: validPath pre-validated by validatePath() - safe from path traversal (CWE-23)
|
|
26
31
|
await fs.writeFile(validPath, pdfBuffer);
|
|
27
32
|
}
|
|
28
33
|
else {
|
|
29
34
|
// Fallback to simple text PDF for plain text
|
|
30
35
|
const { createSimpleTextPDF } = await import("../utils/pdf-writer.js");
|
|
31
36
|
const pdfBuffer = await createSimpleTextPDF(content);
|
|
37
|
+
// SECURITY: validPath pre-validated by validatePath() - safe from path traversal (CWE-23)
|
|
32
38
|
await fs.writeFile(validPath, pdfBuffer);
|
|
33
39
|
}
|
|
34
40
|
}
|
|
@@ -39,22 +45,35 @@ async function writeFileBasedOnExtension(validPath, content) {
|
|
|
39
45
|
title: fileTitle,
|
|
40
46
|
author: "vulcan-file-ops",
|
|
41
47
|
});
|
|
48
|
+
// SECURITY: validPath pre-validated by validatePath() - safe from path traversal (CWE-23)
|
|
42
49
|
await fs.writeFile(validPath, docxBuffer);
|
|
43
50
|
}
|
|
44
51
|
else {
|
|
45
52
|
// Fallback to simple text DOCX for plain text
|
|
46
53
|
const { createSimpleDOCX } = await import("../utils/docx-writer.js");
|
|
47
54
|
const docxBuffer = await createSimpleDOCX(content);
|
|
55
|
+
// SECURITY: validPath pre-validated by validatePath() - safe from path traversal (CWE-23)
|
|
48
56
|
await fs.writeFile(validPath, docxBuffer);
|
|
49
57
|
}
|
|
50
58
|
}
|
|
51
59
|
else {
|
|
52
60
|
// Regular text file
|
|
61
|
+
// SECURITY: validPath pre-validated by validatePath() - writeFileContent adds additional atomic write protection
|
|
53
62
|
await writeFileContent(validPath, content);
|
|
54
63
|
}
|
|
55
64
|
}
|
|
65
|
+
/**
|
|
66
|
+
* Process a single file edit request with validation
|
|
67
|
+
*
|
|
68
|
+
* @security All paths validated via validatePath() before file operations
|
|
69
|
+
* @param request - Edit request with path and edits to apply
|
|
70
|
+
* @param failOnAmbiguous - Whether to fail on ambiguous matches
|
|
71
|
+
* @returns Edit result with success status and diff
|
|
72
|
+
*/
|
|
56
73
|
async function processFileEditRequest(request, failOnAmbiguous = true) {
|
|
57
74
|
try {
|
|
75
|
+
// SECURITY: Path validated against allowed directories, symlink targets checked,
|
|
76
|
+
// prevents CVE-2025-54794 (prefix collision), CVE-2025-53109 (symlink attacks)
|
|
58
77
|
const validPath = await validatePath(request.path);
|
|
59
78
|
const result = await applyFileEdits(validPath, request.edits, request.dryRun || false, request.matchingStrategy || "auto", request.failOnAmbiguous !== undefined
|
|
60
79
|
? request.failOnAmbiguous
|
|
@@ -171,7 +190,11 @@ async function performRollback(rollbackData) {
|
|
|
171
190
|
for (const item of rollbackData.reverse()) {
|
|
172
191
|
// Rollback in reverse order
|
|
173
192
|
try {
|
|
174
|
-
|
|
193
|
+
// Security: Re-validate path before rollback to ensure it's still within allowed directories
|
|
194
|
+
// Defense-in-depth: Even though paths were validated during edit, re-validate during rollback
|
|
195
|
+
// to protect against edge cases where allowed directories might have changed
|
|
196
|
+
const validPath = await validatePath(item.path);
|
|
197
|
+
await writeFileContent(validPath, item.originalContent);
|
|
175
198
|
}
|
|
176
199
|
catch (rollbackError) {
|
|
177
200
|
// Log rollback failure but don't throw - we want to attempt all rollbacks
|
|
@@ -299,6 +322,12 @@ export async function handleWriteTool(name, args) {
|
|
|
299
322
|
if (!parsed.success) {
|
|
300
323
|
throw new Error(`Invalid arguments for write_file: ${parsed.error}`);
|
|
301
324
|
}
|
|
325
|
+
// SECURITY: validatePath() enforces:
|
|
326
|
+
// 1. Canonical path resolution (path.resolve + path.normalize)
|
|
327
|
+
// 2. Allowed directory boundary checking (isPathWithinAllowedDirectories)
|
|
328
|
+
// 3. Symlink resolution and target validation (fs.realpath)
|
|
329
|
+
// 4. Parent directory validation for new files
|
|
330
|
+
// Prevents: CWE-23 (Path Traversal), CVE-2025-54794, CVE-2025-53109, CVE-2025-53110
|
|
302
331
|
const validPath = await validatePath(parsed.data.path);
|
|
303
332
|
await writeFileBasedOnExtension(validPath, parsed.data.content);
|
|
304
333
|
return {
|
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@n0zer0d4y/vulcan-file-ops",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.5",
|
|
4
4
|
"mcpName": "io.github.n0zer0d4y/vulcan-file-ops",
|
|
5
|
-
"description": "MCP server
|
|
5
|
+
"description": "MCP server for AI assistants: read, write, edit, and manage files securely on local filesystem.",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"author": "Lloyd Barcatan",
|
|
8
8
|
"homepage": "https://github.com/n0zer0d4y/vulcan-file-ops",
|