cli-mcp-server 0.2.3__py3-none-any.whl → 0.2.4__py3-none-any.whl

cli_mcp_server/server.py

@@ -49,6 +49,7 @@ class SecurityConfig:
     command_timeout: int
     allow_all_commands: bool = False
     allow_all_flags: bool = False
+    allow_shell_operators: bool = False
 
 
 class CommandExecutor:
@@ -87,29 +88,103 @@ class CommandExecutor:
         """
         Validates and parses a command string for security and formatting.
 
-        Checks the command string for unsupported shell operators and splits it into
-        command and arguments. Only single commands without shell operators are allowed.
+        Checks if the command string contains shell operators. If it does, splits the command
+        by operators and validates each part individually. If all parts are valid, returns
+        the original command string to be executed with shell=True.
+
+        For commands without shell operators, splits into command and arguments and validates
+        each part according to security rules.
 
         Args:
             command_string (str): The command string to validate and parse.
 
         Returns:
             tuple[str, List[str]]: A tuple containing:
-                - The command name (str)
-                - List of command arguments (List[str])
+                - For regular commands: The command name (str) and list of arguments (List[str])
+                - For commands with shell operators: The full command string and empty args list
 
         Raises:
-            CommandSecurityError: If the command contains unsupported shell operators.
+            CommandSecurityError: If any part of the command fails security validation.
         """
 
-        # Check for shell operators that we don't support
+        # Define shell operators
         shell_operators = ["&&", "||", "|", ">", ">>", "<", "<<", ";"]
-        for operator in shell_operators:
-            if operator in command_string:
-                raise CommandSecurityError(
-                    f"Shell operator '{operator}' is not supported"
-                )
 
+        # Check if command contains shell operators
+        contains_shell_operator = any(
+            operator in command_string for operator in shell_operators
+        )
+
+        if contains_shell_operator:
+            # Check if shell operators are allowed
+            if not self.security_config.allow_shell_operators:
+                # If shell operators are not allowed, raise an error
+                for operator in shell_operators:
+                    if operator in command_string:
+                        raise CommandSecurityError(
+                            f"Shell operator '{operator}' is not supported. Set ALLOW_SHELL_OPERATORS=true to enable."
+                        )
+
+            # Split the command by shell operators and validate each part
+            return self._validate_command_with_operators(
+                command_string, shell_operators
+            )
+
+        # Process single command without shell operators
+        return self._validate_single_command(command_string)
+
+    def _is_url_path(self, path: str) -> bool:
+        """
+        Checks if a given path is a URL of type http or https.
+
+        Args:
+            path (str): The path to check.
+
+        Returns:
+            bool: True if the path is a URL, False otherwise.
+        """
+        url_pattern = re.compile(r"^https?://")
+        return bool(url_pattern.match(path))
+
+    def _is_path_safe(self, path: str) -> bool:
+        """
+        Checks if a given path is safe to access within allowed directory boundaries.
+
+        Validates that the absolute resolved path is within the allowed directory
+        to prevent directory traversal attacks.
+
+        Args:
+            path (str): The path to validate.
+
+        Returns:
+            bool: True if path is within allowed directory, False otherwise.
+                Returns False if path resolution fails for any reason.
+
+        Private method intended for internal use only.
+        """
+        try:
+            # Resolve any symlinks and get absolute path
+            real_path = os.path.abspath(os.path.realpath(path))
+            allowed_dir_real = os.path.abspath(os.path.realpath(self.allowed_dir))
+
+            # Check if the path starts with allowed_dir
+            return real_path.startswith(allowed_dir_real)
+        except Exception:
+            return False
+
+    def _validate_single_command(self, command_string: str) -> tuple[str, List[str]]:
+        """
+        Validates a single command without shell operators.
+
+        Args:
+            command_string (str): The command string to validate.
+
+        Returns:
+            tuple[str, List[str]]: A tuple containing the command and validated arguments.
+
+        Raises:
+            CommandSecurityError: If the command fails validation.
+        """
         try:
             parts = shlex.split(command_string)
             if not parts:
@@ -154,44 +229,69 @@ class CommandExecutor:
         except ValueError as e:
             raise CommandSecurityError(f"Invalid command format: {str(e)}")
 
-    def _is_url_path(self, path: str) -> bool:
-        """
-        Checks if a given path is a URL of type http or https.
-
-        Args:
-            path (str): The path to check.
-
-        Returns:
-            bool: True if the path is a URL, False otherwise.
-        """
-        url_pattern = re.compile(r"^https?://")
-        return bool(url_pattern.match(path))
-
-    def _is_path_safe(self, path: str) -> bool:
+    def _validate_command_with_operators(
+        self, command_string: str, shell_operators: List[str]
+    ) -> tuple[str, List[str]]:
         """
-        Checks if a given path is safe to access within allowed directory boundaries.
+        Validates a command string that contains shell operators.
 
-        Validates that the absolute resolved path is within the allowed directory
-        to prevent directory traversal attacks.
+        Splits the command string by shell operators and validates each part individually.
+        If all parts are valid, returns the original command to be executed with shell=True.
 
         Args:
-            path (str): The path to validate.
+            command_string (str): The command string containing shell operators.
+            shell_operators (List[str]): List of shell operators to split by.
 
         Returns:
-            bool: True if path is within allowed directory, False otherwise.
-                Returns False if path resolution fails for any reason.
+            tuple[str, List[str]]: A tuple containing the command and empty args list
+                                  (since the command will be executed with shell=True)
 
-        Private method intended for internal use only.
+        Raises:
+            CommandSecurityError: If any part of the command fails validation.
         """
-        try:
-            # Resolve any symlinks and get absolute path
-            real_path = os.path.abspath(os.path.realpath(path))
-            allowed_dir_real = os.path.abspath(os.path.realpath(self.allowed_dir))
+        # Create a regex pattern to split by any of the shell operators
+        # We need to escape special regex characters in the operators
+        escaped_operators = [re.escape(op) for op in shell_operators]
+        pattern = "|".join(escaped_operators)
+
+        # Split the command string by shell operators, keeping the operators
+        parts = re.split(f"({pattern})", command_string)
+
+        # Filter out empty parts and whitespace-only parts
+        parts = [part.strip() for part in parts if part.strip()]
+
+        # Group commands and operators
+        commands = []
+        i = 0
+        while i < len(parts):
+            if i + 1 < len(parts) and parts[i + 1] in shell_operators:
+                # If next part is an operator, current part is a command
+                if parts[i]:  # Skip empty commands
+                    commands.append(parts[i])
+                i += 2  # Skip the operator
+            else:
+                # If no operator follows, this is the last command
+                if (
+                    parts[i] and parts[i] not in shell_operators
+                ):  # Skip if it's an operator
+                    commands.append(parts[i])
+                i += 1
+
+        # Validate each command individually
+        for cmd in commands:
+            try:
+                # Use the extracted validation method for each command
+                self._validate_single_command(cmd)
+            except CommandSecurityError as e:
+                raise CommandSecurityError(f"Invalid command part '{cmd}': {str(e)}")
+            except ValueError as e:
+                raise CommandSecurityError(
+                    f"Invalid command format in '{cmd}': {str(e)}"
+                )
 
-            # Check if the path starts with allowed_dir
-            return real_path.startswith(allowed_dir_real)
-        except Exception:
-            return False
+        # If we get here, all commands passed validation
+        # Return the original command string to be executed with shell=True
+        return command_string, []
 
     def execute(self, command_string: str) -> subprocess.CompletedProcess:
         """
@@ -210,12 +310,11 @@ class CommandExecutor:
         Raises:
             CommandSecurityError: If the command:
                 - Exceeds maximum length
-                - Contains invalid shell operators
                 - Fails security validation
                 - Fails during execution
 
         Notes:
-            - Executes with shell=False for security
+            - Uses shell=True for commands with shell operators, shell=False otherwise
             - Uses timeout and working directory constraints
             - Captures both stdout and stderr
         """
@@ -227,14 +326,38 @@ class CommandExecutor:
         try:
             command, args = self.validate_command(command_string)
 
-            return subprocess.run(
-                [command] + args,
-                shell=False,
-                text=True,
-                capture_output=True,
-                timeout=self.security_config.command_timeout,
-                cwd=self.allowed_dir,
-            )
+            # Check if this is a command with shell operators
+            shell_operators = ["&&", "||", "|", ">", ">>", "<", "<<", ";"]
+            use_shell = any(operator in command_string for operator in shell_operators)
+
+            # Double-check that shell operators are allowed if they are present
+            if use_shell and not self.security_config.allow_shell_operators:
+                for operator in shell_operators:
+                    if operator in command_string:
+                        raise CommandSecurityError(
+                            f"Shell operator '{operator}' is not supported. Set ALLOW_SHELL_OPERATORS=true to enable."
+                        )
+
+            if use_shell:
+                # For commands with shell operators, execute with shell=True
+                return subprocess.run(
+                    command,  # command is the full command string in this case
+                    shell=True,
+                    text=True,
+                    capture_output=True,
+                    timeout=self.security_config.command_timeout,
+                    cwd=self.allowed_dir,
+                )
+            else:
+                # For regular commands, execute with shell=False
+                return subprocess.run(
+                    [command] + args,
+                    shell=False,
+                    text=True,
+                    capture_output=True,
+                    timeout=self.security_config.command_timeout,
+                    cwd=self.allowed_dir,
+                )
         except subprocess.TimeoutExpired:
             raise CommandTimeoutError(
                 f"Command timed out after {self.security_config.command_timeout} seconds"
@@ -262,18 +385,23 @@ def load_security_config() -> SecurityConfig:
             - command_timeout: Maximum execution time in seconds
             - allow_all_commands: Whether all commands are allowed
             - allow_all_flags: Whether all flags are allowed
+            - allow_shell_operators: Whether shell operators (&&, ||, |, etc.) are allowed
 
     Environment Variables:
         ALLOWED_COMMANDS: Comma-separated list of allowed commands or 'all' (default: "ls,cat,pwd")
         ALLOWED_FLAGS: Comma-separated list of allowed flags or 'all' (default: "-l,-a,--help")
         MAX_COMMAND_LENGTH: Maximum command string length (default: 1024)
         COMMAND_TIMEOUT: Command timeout in seconds (default: 30)
+        ALLOW_SHELL_OPERATORS: Whether to allow shell operators like &&, ||, |, >, etc. (default: false)
+                              Set to "true" or "1" to enable, any other value to disable.
     """
     allowed_commands = os.getenv("ALLOWED_COMMANDS", "ls,cat,pwd")
     allowed_flags = os.getenv("ALLOWED_FLAGS", "-l,-a,--help")
+    allow_shell_operators_env = os.getenv("ALLOW_SHELL_OPERATORS", "false")
 
     allow_all_commands = allowed_commands.lower() == "all"
     allow_all_flags = allowed_flags.lower() == "all"
+    allow_shell_operators = allow_shell_operators_env.lower() in ("true", "1")
 
     return SecurityConfig(
         allowed_commands=(
@@ -284,6 +412,7 @@ def load_security_config() -> SecurityConfig:
         command_timeout=int(os.getenv("COMMAND_TIMEOUT", "30")),
         allow_all_commands=allow_all_commands,
         allow_all_flags=allow_all_flags,
+        allow_shell_operators=allow_shell_operators,
     )
 
 
@@ -312,7 +441,7 @@ async def handle_list_tools() -> list[types.Tool]:
                 f"Allows command (CLI) execution in the directory: {executor.allowed_dir}\n\n"
                 f"Available commands: {commands_desc}\n"
                 f"Available flags: {flags_desc}\n\n"
-                "Note: Shell operators (&&, |, >, >>) are not supported."
+                f"Shell operators (&&, ||, |, >, >>, <, <<, ;) are {'supported' if executor.security_config.allow_shell_operators else 'not supported'}. Set ALLOW_SHELL_OPERATORS=true to enable."
             ),
             inputSchema={
                 "type": "object",

{cli_mcp_server-0.2.3.dist-info → cli_mcp_server-0.2.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cli-mcp-server
-Version: 0.2.3
+Version: 0.2.4
 Summary: Command line interface for MCP clients with secure execution and customizable security policies
 Project-URL: Homepage, https://github.com/MladenSU/cli-mcp-server
 Project-URL: Documentation, https://github.com/MladenSU/cli-mcp-server#readme
@@ -23,6 +23,7 @@ comprehensive security features.
 ![Python Version](https://img.shields.io/badge/python-3.10%2B-blue)
 ![MCP Protocol](https://img.shields.io/badge/MCP-Compatible-green)
 [![smithery badge](https://smithery.ai/badge/cli-mcp-server)](https://smithery.ai/protocol/cli-mcp-server)
+[![Python Tests](https://github.com/MladenSU/cli-mcp-server/actions/workflows/python-tests.yml/badge.svg)](https://github.com/MladenSU/cli-mcp-server/actions/workflows/python-tests.yml)
 
 <a href="https://glama.ai/mcp/servers/q89277vzl1"><img width="380" height="200" src="https://glama.ai/mcp/servers/q89277vzl1/badge" /></a>
 
@@ -76,6 +77,7 @@ Configure the server using environment variables:
 | `ALLOWED_FLAGS`     | Comma-separated list of allowed flags or 'all'       | `-l,-a,--help`    |
 | `MAX_COMMAND_LENGTH`| Maximum command string length                        | `1024`            |
 | `COMMAND_TIMEOUT`   | Command execution timeout (seconds)                  | `30`              |
+| `ALLOW_SHELL_OPERATORS` | Allow shell operators (&&, \|\|, \|, >, etc.)    | `false`           |
 
 Note: Setting `ALLOWED_COMMANDS` or `ALLOWED_FLAGS` to 'all' will allow any command or flag respectively.
 
@@ -104,7 +106,7 @@ Executes whitelisted CLI commands within allowed directories.
 ```
 
 **Security Notes:**
-- Shell operators (&&, |, >, >>) are not supported
+- Shell operators (&&, |, >, >>) are not supported by default, but can be enabled with `ALLOW_SHELL_OPERATORS=true`
 - Commands must be whitelisted unless ALLOWED_COMMANDS='all'
 - Flags must be whitelisted unless ALLOWED_FLAGS='all'
 - All paths are validated to be within ALLOWED_DIR
@@ -139,7 +141,8 @@ Add to your `~/Library/Application\ Support/Claude/claude_desktop_config.json`:
         "ALLOWED_COMMANDS": "ls,cat,pwd,echo",
         "ALLOWED_FLAGS": "-l,-a,--help,--version",
         "MAX_COMMAND_LENGTH": "1024",
-        "COMMAND_TIMEOUT": "30"
+        "COMMAND_TIMEOUT": "30",
+        "ALLOW_SHELL_OPERATORS": "false"
       }
     }
   }
@@ -161,7 +164,8 @@ Add to your `~/Library/Application\ Support/Claude/claude_desktop_config.json`:
         "ALLOWED_COMMANDS": "ls,cat,pwd,echo",
         "ALLOWED_FLAGS": "-l,-a,--help,--version",
         "MAX_COMMAND_LENGTH": "1024",
-        "COMMAND_TIMEOUT": "30"
+        "COMMAND_TIMEOUT": "30",
+        "ALLOW_SHELL_OPERATORS": "false"
       }
     }
   }
@@ -174,7 +178,7 @@ Add to your `~/Library/Application\ Support/Claude/claude_desktop_config.json`:
 - ✅ Command whitelist enforcement with 'all' option
 - ✅ Flag validation with 'all' option
 - ✅ Path traversal prevention and normalization
-- ✅ Shell operator blocking
+- ✅ Shell operator blocking (with opt-in support via `ALLOW_SHELL_OPERATORS=true`)
 - ✅ Command length limits
 - ✅ Execution timeouts
 - ✅ Working directory restrictions

cli_mcp_server-0.2.4.dist-info/RECORD

@@ -0,0 +1,7 @@
+cli_mcp_server/__init__.py,sha256=bGLiX7XuhVsS-PJdoRIWXiilZ3NTAQ7fb9_8kkNzLlM,216
+cli_mcp_server/server.py,sha256=MCjBmXutf4CZCy32e67-3tDI_AF2b_9qzq49ZkUR2qM,21288
+cli_mcp_server-0.2.4.dist-info/METADATA,sha256=eJFjLeByTc-sUtiDlDyN4HB_NtmrgAyNSZ8kxg7TlqE,7860
+cli_mcp_server-0.2.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cli_mcp_server-0.2.4.dist-info/entry_points.txt,sha256=07bDmJJSXg-6VCFEFTOlsGoxI-0faJafT1yEEjUdN-U,55
+cli_mcp_server-0.2.4.dist-info/licenses/LICENSE,sha256=85rOR_IMpb2VzXBA4VCRZh_KWlaO1Rly8HDYDwGgMWk,1062
+cli_mcp_server-0.2.4.dist-info/RECORD,,

cli_mcp_server-0.2.3.dist-info/RECORD

@@ -1,7 +0,0 @@
-cli_mcp_server/__init__.py,sha256=bGLiX7XuhVsS-PJdoRIWXiilZ3NTAQ7fb9_8kkNzLlM,216
-cli_mcp_server/server.py,sha256=CHP2x_FDx1Rz79ZnmznE6J7-9EHdafK-UibrVTvQx7k,15124
-cli_mcp_server-0.2.3.dist-info/METADATA,sha256=EiU10rdnN39XiTq2m0UjTrZDR0-1AEei9NFNf-6NBfk,7371
-cli_mcp_server-0.2.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cli_mcp_server-0.2.3.dist-info/entry_points.txt,sha256=07bDmJJSXg-6VCFEFTOlsGoxI-0faJafT1yEEjUdN-U,55
-cli_mcp_server-0.2.3.dist-info/licenses/LICENSE,sha256=85rOR_IMpb2VzXBA4VCRZh_KWlaO1Rly8HDYDwGgMWk,1062
-cli_mcp_server-0.2.3.dist-info/RECORD,,