Acasă Explorează Ajutor
Înregistrare Autentificare
haiany
/
codegraph
oglindă de https://github.com/colbymchenry/codegraph.git
1
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Ramură: fix/kiro-installer-notes-enable-mcp
Ramuri Etichete
codegraph
/
__tests__
/
integration
/
mcp-input-limits.test.ts

mcp-input-limits.test.ts 3.8 KB
Permalink Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. /**
    2. 

  2.  * MCP tool input-size limits
    3. 

  3.  *
    4. 

  4.  * Regression coverage for the DoS vector: MCP clients can ship
    5. 

  5.  * unbounded payloads (`query`, `task`, `symbol`, `projectPath`,
    6. 

  6.  * `path`, `pattern`). Before the cap, a 100MB string would hit
    7. 

  7.  * the FTS5 layer and pin the server. These tests assert that the
    8. 

  8.  * tool layer rejects oversize inputs early.
    9. 

  9.  */
    10. 

  10. 

  11. import { describe, it, expect, beforeEach, afterEach } from 'vitest';
    12. 

  12. import * as fs from 'fs';
    13. 

  13. import * as path from 'path';
    14. 

  14. import * as os from 'os';
    15. 

  15. import CodeGraph from '../../src/index';
    16. 

  16. import { ToolHandler } from '../../src/mcp/tools';
    17. 

  17. 

  18. describe('MCP input size limits', () => {
    19. 

  19.   let tempDir: string;
    20. 

  20.   let cg: CodeGraph;
    21. 

  21.   let handler: ToolHandler;
    22. 

  22. 

  23.   beforeEach(async () => {
    24. 

  24.     tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'codegraph-mcp-limits-'));
    25. 

  25.     fs.mkdirSync(path.join(tempDir, 'src'), { recursive: true });
    26. 

  26.     fs.writeFileSync(
    27. 

  27.       path.join(tempDir, 'src', 'a.ts'),
    28. 

  28.       `export function alpha(): number { return 1; }\n`
    29. 

  29.     );
    30. 

  30.     cg = await CodeGraph.init(tempDir, {
    31. 

  31.       config: { include: ['**/*.ts'], exclude: [] },
    32. 

  32.     });
    33. 

  33.     await cg.indexAll();
    34. 

  34.     handler = new ToolHandler(cg);
    35. 

  35.   });
    36. 

  36. 

  37.   afterEach(() => {
    38. 

  38.     if (cg) cg.destroy();
    39. 

  39.     if (fs.existsSync(tempDir)) {
    40. 

  40.       fs.rmSync(tempDir, { recursive: true, force: true });
    41. 

  41.     }
    42. 

  42.   });
    43. 

  43. 

  44.   it('accepts a normal-sized query', async () => {
    45. 

  45.     const result = await handler.execute('codegraph_search', { query: 'alpha' });
    46. 

  46.     expect(result.isError).toBeFalsy();
    47. 

  47.   });
    48. 

  48. 

  49.   it('rejects an oversize query on codegraph_search', async () => {
    50. 

  50.     const huge = 'a'.repeat(20_000);
    51. 

  51.     const result = await handler.execute('codegraph_search', { query: huge });
    52. 

  52.     expect(result.isError).toBe(true);
    53. 

  53.     expect(result.content[0]!.text).toMatch(/maximum length/i);
    54. 

  54.   });
    55. 

  55. 

  56.   it('rejects an oversize task on codegraph_context', async () => {
    57. 

  57.     const huge = 'b'.repeat(50_000);
    58. 

  58.     const result = await handler.execute('codegraph_context', { task: huge });
    59. 

  59.     expect(result.isError).toBe(true);
    60. 

  60.     expect(result.content[0]!.text).toMatch(/maximum length/i);
    61. 

  61.   });
    62. 

  62. 

  63.   it('rejects an oversize symbol on codegraph_callers', async () => {
    64. 

  64.     const huge = 'c'.repeat(15_000);
    65. 

  65.     const result = await handler.execute('codegraph_callers', { symbol: huge });
    66. 

  66.     expect(result.isError).toBe(true);
    67. 

  67.     expect(result.content[0]!.text).toMatch(/maximum length/i);
    68. 

  68.   });
    69. 

  69. 

  70.   it('rejects an oversize symbol on codegraph_impact', async () => {
    71. 

  71.     const huge = 'd'.repeat(11_000);
    72. 

  72.     const result = await handler.execute('codegraph_impact', { symbol: huge });
    73. 

  73.     expect(result.isError).toBe(true);
    74. 

  74.     expect(result.content[0]!.text).toMatch(/maximum length/i);
    75. 

  75.   });
    76. 

  76. 

  77.   it('rejects an oversize projectPath', async () => {
    78. 

  78.     const hugePath = '/tmp/' + 'x'.repeat(5_000);
    79. 

  79.     const result = await handler.execute('codegraph_search', {
    80. 

  80.       query: 'alpha',
    81. 

  81.       projectPath: hugePath,
    82. 

  82.     });
    83. 

  83.     expect(result.isError).toBe(true);
    84. 

  84.     expect(result.content[0]!.text).toMatch(/projectPath/);
    85. 

  85.   });
    86. 

  86. 

  87.   it('rejects an oversize path filter on codegraph_files', async () => {
    88. 

  88.     const hugePath = 'src/' + 'y'.repeat(5_000);
    89. 

  89.     const result = await handler.execute('codegraph_files', { path: hugePath });
    90. 

  90.     expect(result.isError).toBe(true);
    91. 

  91.     expect(result.content[0]!.text).toMatch(/path/);
    92. 

  92.   });
    93. 

  93. 

  94.   it('rejects an oversize glob pattern on codegraph_files', async () => {
    95. 

  95.     const hugePattern = '*'.repeat(5_000);
    96. 

  96.     const result = await handler.execute('codegraph_files', { pattern: hugePattern });
    97. 

  97.     expect(result.isError).toBe(true);
    98. 

  98.     expect(result.content[0]!.text).toMatch(/pattern/);
    99. 

  99.   });
    100. 

  100. 

  101.   it('rejects a non-string projectPath', async () => {
    102. 

  102.     const result = await handler.execute('codegraph_search', {
    103. 

  103.       query: 'alpha',
    104. 

  104.       projectPath: 12345 as unknown as string,
    105. 

  105.     });
    106. 

  106.     expect(result.isError).toBe(true);
    107. 

  107.     expect(result.content[0]!.text).toMatch(/projectPath/);
    108. 

  108.   });
    109. 

  109. });
    110.