Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR hardens the Argus MCP server's path resolution to prevent directory traversal attacks and improves error handling by making path resolution fallible with clear MCP errors.
Changes:
- Modified
resolve_pathto returnResult<PathBuf, McpError>with canonicalization-based validation - Updated all four tools that accept path parameters to propagate path resolution errors
- Added comprehensive unit tests for path security scenarios
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| crates/argus-mcp/src/tools.rs | Implemented secure path resolution with canonicalization and boundary checking; updated tool handlers to propagate errors; added unit tests |
| crates/argus-mcp/Cargo.toml | Added tempfile dev-dependency for testing |
| Cargo.lock | Updated lock file with tempfile dependency |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| #[test] | ||
| fn resolve_path_rejects_parent_escape() { | ||
| let repo = tempfile::tempdir().unwrap(); | ||
| fs::create_dir_all(repo.path().join("safe")).unwrap(); |
There was a problem hiding this comment.
The "safe" directory created on this line is never used in the test. The parent directory traversal test (using "../") will work without creating this directory because the parent of the temporary directory (typically /tmp) already exists. Consider removing this line to simplify the test.
| fs::create_dir_all(repo.path().join("safe")).unwrap(); |
Meru143
deleted the
codex/update-argusserver-path-resolution-and-handlers
branch
Motivation
self.repo_pathto avoid directory traversal or absolute path escapes.Description
ArgusServer::resolve_pathsignature to returnResult<PathBuf, McpError>and updated the implementation to canonicalize the configured repo root and the requested path, handle relative vs absolute inputs, and reject any resolved path that does not start with the canonical repo path (error viaMcpError).search_codebase,get_repo_map,get_hotspots, andget_historyto callresolve_path(¶ms.path)?and thus propagate MCP errors cleanly.../escape rejected, absolute out-of-repo rejected) insidecrates/argus-mcp/src/tools.rsand addedtempfiletocrates/argus-mcpdev-dependencies to support the tests.Testing
cargo fmt --allsuccessfully.cargo test -p argus-mcpwhich ran the new unit tests (4 passed), integration tests (8 passed), and doc-tests (3 passed), with all tests succeeding.Codex Task