Skip to content

chore: restrict local paths edge_functions #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
staaldraad wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore: restrict local paths edge_functions #244

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bb9833b
chore: restrict local paths edge_functions
staaldraad Mar 24, 2026
8261661
chore: update types
staaldraad Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions packages/mcp-server-supabase/src/management-api/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1545,6 +1545,26 @@ export interface paths {
patch?: never;
trace?: never;
};
"/v1/projects/{ref}/database/openapi": {
parameters: {
query?: never;
header?: never;
path?: never;
cookie?: never;
};
/**
* Get PostgREST OpenAPI spec
* @description Returns the PostgREST OpenAPI specification for the project. This is the replacement for querying `/rest/v1/` directly with the anon key.
*/
get: operations["v1-get-database-openapi"];
put?: never;
post?: never;
delete?: never;
options?: never;
head?: never;
patch?: never;
trace?: never;
};
"/v1/projects/{ref}/functions": {
parameters: {
query?: never;
Expand Down Expand Up @@ -4310,6 +4330,8 @@ export interface components {
name: string;
/** @enum {string} */
status: "AVAILABLE" | "PENDING" | "REMOVED" | "FAILED";
/** Format: date-time */
completed_on: string | null;
};
V1UndoBody: {
name: string;
Expand Down Expand Up @@ -9949,6 +9971,59 @@ export interface operations {
};
};
};
"v1-get-database-openapi": {
parameters: {
query?: {
/** @description The database schema to generate the OpenAPI spec for */
schema?: string;
};
header?: never;
path: {
/** @description Project ref */
ref: string;
};
cookie?: never;
};
requestBody?: never;
responses: {
200: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": Record<string, never>;
};
};
/** @description Unauthorized */
401: {
headers: {
[name: string]: unknown;
};
content?: never;
};
/** @description Forbidden action */
403: {
headers: {
[name: string]: unknown;
};
content?: never;
};
/** @description Rate limit exceeded */
429: {
headers: {
[name: string]: unknown;
};
content?: never;
};
/** @description Failed to fetch PostgREST OpenAPI spec */
500: {
headers: {
[name: string]: unknown;
};
content?: never;
};
};
};
"v1-list-all-functions": {
parameters: {
query?: never;
Expand Down
9 changes: 8 additions & 1 deletion packages/mcp-server-supabase/src/tools/database-operation-tools.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,14 @@ const listMigrationsOutputSchema = z.object({

const applyMigrationInputSchema = z.object({
project_id: z.string(),
name: z.string().describe('The name of the migration in snake_case'),
name: z
.string()
.describe('The name of the migration in snake_case')
.refine(
(name) =>
!name.includes('/') && !name.includes('\\') && !name.includes('..'),
{ message: 'Name cannot contain path separators or traversal' }
),
query: z.string().describe('The SQL query to apply'),
});

Expand Down
13 changes: 12 additions & 1 deletion packages/mcp-server-supabase/src/tools/edge-function-tools.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import {
edgeFunctionWithBodySchema,
} from '../platform/types.js';
import { injectableTool, type ToolDefs } from './util.js';
import path from 'path';

type EdgeFunctionToolsOptions = {
functions: EdgeFunctionsOperations;
Expand Down Expand Up @@ -48,7 +49,17 @@ const deployEdgeFunctionInputSchema = z.object({
files: z
.array(
z.object({
name: z.string(),
name: z.string().refine(
(filePath) => {
const resolved = path.resolve(process.cwd(), filePath);
Copy link
Copy Markdown
Contributor

@mattrossman mattrossman Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks off to me—in this context, name represents the path within the edge function bundle where the function will be written, not a file path on the machine running the MCP process. Why would process.cwd() be a factor? I might need to see a test case showing what sort of scenario this prevents to better understand the motivation.

const normalized = path.normalize(resolved);
const cwd = process.cwd();
return normalized.startsWith(cwd + path.sep) || normalized === cwd;
},
{
message: 'Name must be a path inside the current working directory',
}
),
content: z.string(),
})
)
Expand Down
Loading