Skip to content

Add strict input validation and security for MCP tools #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ewalid merged 4 commits into from
Jan 6, 2026
Merged

Add strict input validation and security for MCP tools #20

ewalid merged 4 commits into from
Jan 6, 2026

Conversation

@ewalid
Copy link
Owner

@ewalid ewalid commented Jan 5, 2026
edited
Loading

Summary

This PR adds comprehensive input validation and security measures to the MCP server to prevent AI hallucination and prompt injection attacks.

Changes

  • Pydantic validation models for all 5 MCP tools:

    • TranslateExcelArgs
    • GetSheetsArgs
    • CountCellsArgs
    • PreviewCellsArgs
    • EstimateCostArgs

  • Context field security (most critical):

    • Block common prompt injection patterns (e.g., "ignore previous instructions", "system:", "")
    • Only allow alphanumeric + basic punctuation
    • Maximum 500 character limit

  • Language validation:

    • Whitelist of 30 supported languages
    • Rejects unknown languages

  • Filename validation:

    • Path traversal prevention (blocks .., /, \)
    • Must have Excel extension
    • Maximum 255 characters

  • Base64 validation:

    • Validates encoding
    • Minimum file size (prevent empty files)
    • Maximum 50MB limit

  • Sheet names validation:

    • Maximum 50 sheets
    • Maximum 100 char per name

Security Patterns Blocked

- ignore previous/above/all instructions
- disregard previous/above/all instructions
- system:
- <system>
- you are now
- pretend to be
- roleplay as

Test plan

  • Test valid translation request
  • Test prompt injection in context field (should be blocked)
  • Test invalid language (should be rejected)
  • Test path traversal in filename (should be blocked)
  • Test invalid base64 (should error gracefully)

Add strict input validation and security for MCP tools
df52ac0 
- Add Pydantic validation models for all tool arguments
- Add context field security: block prompt injection patterns
- Add language allowlist validation (30 supported languages)
- Add filename validation (path traversal protection)
- Add base64 validation with size limits
- Add sheet name validation with length limits
- Format validation errors for clear feedback

Security measures:
- Block common prompt injection patterns in context
- Only allow alphanumeric + basic punctuation in context
- Maximum 500 char context length
- Whitelist of allowed languages
- Path traversal prevention in filenames

🤖 Generated with [Claude Code](https://claude.com/claude-code)
@ewalid ewalid self-assigned this Jan 5, 2026
@ewalid ewalid merged commit 5e2901f into master Jan 6, 2026
2 checks passed
@ewalid ewalid deleted the feature/mcp-input-validation branch January 9, 2026 23:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ewalid ewalid

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ewalid