mcp: add tools/call request transcocding.#43742
Conversation
Signed-off-by: Yilin Guo <guoyilin@google.com>
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for tools/call request transcoding in the MCP JSON REST bridge. However, it introduces a high-severity path traversal vulnerability in the URL construction logic due to permissive percent encoding in path templates, potentially allowing attackers to inject path traversal sequences. Additionally, there is a medium-severity risk of sensitive data exposure because the full request body is logged at the info level, which may leak sensitive tool arguments. The core logic is in http_request_builder.cc and has unit tests. Please address these security concerns to ensure the safety and integrity of the system.
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Outdated
Show resolved
Hide resolved
Signed-off-by: Yilin Guo <guoyilin@google.com>
Signed-off-by: Yilin Guo <guoyilin@google.com>
|
/gemini review |
|
@tyxia I think the Gemini Review stopped working for some reason :( |
|
It was disabled intentionally to figure out the trigger per @yanavlasov |
|
@agrawroh @botengyao , yeah it is probably disabled in #43772 I hope it still can be invoked manually by command like /gemini review / or auto-enabled on the PR that is ready for review. |
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Show resolved
Hide resolved
Signed-off-by: Yilin Guo <guoyilin@google.com>
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request adds support for tools/call request transcoding in the MCP JSON REST bridge filter, introducing a new HttpRequestBuilder for constructing HTTP requests from JSON-RPC tool calls. However, a high-severity Path Traversal / URL Manipulation vulnerability has been identified in http_request_builder.cc. The constructBaseUrl function fails to URL-encode values from the untrusted arguments JSON object before inserting them into the URL path template, which could allow an attacker to manipulate the resulting URL and access unintended backend endpoints. While the overall implementation is well-organized and thoroughly tested, there is also a suggestion to enhance the readability and performance of JSON parsing within the filter.
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Outdated
Show resolved
Hide resolved
Signed-off-by: Yilin Guo <guoyilin@google.com>
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Outdated
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/http_request_builder.cc
Outdated
Show resolved
Hide resolved
test/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter_test.cc
Show resolved
Hide resolved
tyxia
left a comment
tyxia
left a comment
There was a problem hiding this comment.
Thanks for your contribution!
As buffering issue i pointed out below, please add the integration test to verify that this PR is working end to end.
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Outdated
Show resolved
Hide resolved
Signed-off-by: Yilin Guo <guoyilin@google.com>
Signed-off-by: Yilin Guo <guoyilin@google.com>
Signed-off-by: Yilin Guo <guoyilin@google.com>
Signed-off-by: Yilin Guo <guoyilin@google.com>
agrawroh
left a comment
agrawroh
left a comment
There was a problem hiding this comment.
Looks good to me. I'll wait for @botengyao to do a final pass.
Signed-off-by: Yilin Guo <guoyilin@google.com>
Signed-off-by: Yilin Guo <guoyilin@google.com>
tyxia
left a comment
tyxia
left a comment
There was a problem hiding this comment.
Thanks for contribution! LGTM as a baseline implementation.
Please add buffer protection in the next PR to ensure this filter is production ready,
test/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_integration_test.cc
Show resolved
Hide resolved
source/extensions/filters/http/mcp_json_rest_bridge/mcp_json_rest_bridge_filter.cc
Show resolved
Hide resolved
botengyao
left a comment
botengyao
left a comment
There was a problem hiding this comment.
@guoyilin42 could also merge main?
Signed-off-by: Yilin Guo <guoyilin@google.com>
Signed-off-by: Yilin Guo <guoyilin@google.com>
Done. |
|
/retest |
Commit Message: mcp: add tools/call request transcocding. Additional Description: N/A Risk Level: Low Testing: Unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Yilin Guo <guoyilin@google.com> Signed-off-by: bjmask <11672696+bjmask@users.noreply.github.com>
Commit Message: mcp: add tools/call request transcocding. Additional Description: N/A Risk Level: Low Testing: Unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Yilin Guo <guoyilin@google.com>
6 participants
Commit Message: mcp: add tools/call request transcocding.
Additional Description: N/A
Risk Level: Low
Testing: Unit test
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]