[UPDATE PRIMITIVE] Fix path traversal check, add prompt fixture runner, fix comment mismatch#155
Merged
data-douser merged 2 commits intodd/improve-error-handling-relative-path-supportfrom Mar 23, 2026
Conversation
… comment mismatch
Copilot
AI
changed the title
[WIP] Improve prompt error handling and relative path support
[UPDATE PRIMITIVE] Fix path traversal check, add prompt fixture runner, fix comment mismatch
Mar 23, 2026
data-douser
approved these changes
Mar 23, 2026
data-douser
pushed a commit
that referenced
this pull request
Mar 23, 2026
…r, fix comment mismatch (#155)
Merged
38 tasks
data-douser
added a commit
that referenced
this pull request
Mar 24, 2026
* Initial plan * Add path resolution and error handling for prompt file path parameters - Add resolvePromptFilePath() utility that resolves relative paths against workspace root and returns user-friendly warnings for invalid paths - Update all 9 prompt handlers with file path parameters to resolve paths and embed warnings in the response instead of throwing protocol errors - Add integration test in mcp-test-suite.js for explain_codeql_query with invalid path - Add file-based integration test fixtures in primitives/prompts/ - Add 10 unit tests for resolvePromptFilePath and handler path resolution Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Address code review: add advisory comment on existsSync, improve test assertions Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * plan: add extension integration test for prompt error handling Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Add extension integration test for MCP prompt error handling with invalid paths Add mcp-prompt-e2e.integration.test.ts to the VS Code extension test suite that spawns the real MCP server inside the Extension Development Host and verifies that prompts return user-friendly warnings (not protocol errors) when given invalid file paths: - explain_codeql_query with nonexistent relative path returns "does not exist" - explain_codeql_query with valid absolute path returns no warning - document_codeql_query with nonexistent path returns "does not exist" - Server lists prompts including explain_codeql_query Register the new test in esbuild.config.js so it is bundled for CI. Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Initial plan * fix: return inline errors for invalid prompt inputs The MCP SDK validates prompt arguments before calling handlers. When validation fails (e.g. unsupported language like "rust"), the SDK throws McpError(-32602) with a raw JSON dump — poor UX for VS Code slash commands. Server-side changes (server/src/prompts/workflow-prompts.ts): - Add toPermissiveShape() to widen z.enum() to z.string() in registered schemas so the SDK never rejects user input at the protocol layer - Add createSafePromptHandler() to wrap all 11 prompt handlers with: (1) strict Zod validation that returns user-friendly inline errors (2) exception recovery that catches handler crashes gracefully - Add formatValidationError() to convert ZodError into actionable markdown with field names, received values, and valid options listed Integration tests (extensions/vscode/test/suite/mcp-prompt-e2e.integration.test.ts): - Expand from 4 to 15 e2e tests covering all prompts with file-path params - Add test for invalid language returning inline error (not protocol error) - Add test for path traversal detection - Add tests for all-optional prompts with empty args Unit tests (server/test/src/prompts/workflow-prompts.test.ts): - Add 17 new tests for toPermissiveShape, formatValidationError, createSafePromptHandler, and handler-level invalid argument handling - Update schema-to-registration consistency tests for permissive shapes * fix: promote key prompt parameters from optional to required Make databasePath, language, queryPath, and sarifPath required where the prompt depends on them. VS Code now correctly marks these fields as required in the slash-command input dialog. * Addres PR review feedback * Sync server/dist/codeql-development-mcp-server.js.map * [UPDATE PRIMITIVE] Fix path traversal check, add prompt fixture runner, fix comment mismatch (#155) * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Enforce tidy and rebuild server dist * address PR review comments for prompt path handling - Treat path traversal as hard failure: return blocked=true with empty resolvedPath instead of leaking the outside-root absolute path - Handle file:// URIs in resolvePromptFilePath via fileURLToPath so all callers (queryPath, workspaceUri, etc.) get consistent URI handling - Replace synchronous existsSync with async fs/promises.access to avoid blocking the event loop on the prompt hot path - Fix integration test success condition to fail when no tests executed - Make VS Code e2e invalid-language test deterministic (assert inline validation instead of accepting both throw and inline error) - Fix misleading test name "should return the original path" to match actual behavior (resolves relative to workspace root) * [WIP] Improve prompt error handling and relative path support (#157) * Initial plan * Fix prompt test runner: propagate failures and check sessions[].expectedContentPatterns Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/2840e119-cc2c-4f60-91ce-ba685ce25b5c --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * More fixes for PR review feedback Improves end-to-end extension integration tests such that the 'CODEQL_MCP_WORKSPACE' env var is passed to StdioClientTransport, which ensures that the server's relative-path resolution uses a deterministic diretory instead of depending upon the Extension Host's working directory. * [UPDATE PRIMITIVE] Fix markdown injection and platform-dependent path tests in prompt handlers (#162) * Initial plan * Fix markdown injection and platform-dependent path tests in prompt handlers - Add sanitizeForInlineCode() helper to escape backticks and newlines in user-supplied values embedded in markdown code spans - Apply sanitizer to resolvePromptFilePath 'does not exist' warning (filePath and absolutePath) - Apply sanitizer to formatValidationError issue.received display - Fix POSIX path separator assumptions in tests: use basename only ('mydb', 'database') - Rename createSafePromptHandler tests to clarify they validate the handler wrapper, not MCP SDK validation Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/2660567b-5822-4505-91c2-37fe3ef00f4e * Replace sanitizeForInlineCode with CommonMark-compliant markdownInlineCode - markdownInlineCode() uses a fence length = maxRun+1 per CommonMark spec, preserving the original string (no information loss from backtick→apostrophe) - Normalises CR/CRLF to LF before wrapping (inline spans can't span lines) - Export markdownInlineCode for testability - Add 6 unit tests for markdownInlineCode (plain text, single/double backtick, CRLF normalisation, backtick-only values) - Add regression test for formatValidationError with backtick in received value - Add regression test for resolvePromptFilePath warning with backtick in path Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/ec7c534b-93ac-40e5-bcb6-023bc7496940 * Fix markdownInlineCode to replace newlines with spaces for single-line output Replace \r\n, \r, and \n with a space (not just normalize CRLF to LF) so the returned inline code span never contains a literal newline character. Update docstring and test to reflect space-replacement behavior. Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/87cfd54e-9d66-4871-a581-601aff3c6c8d --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Add 'actions/cache@v5' for VS Code integration test download Adds a common cache for actions workflows that download the latest instance of VS Code for integration testing purposes. * Address latest feedback for PR #153 * Add retries to download-vscode.js script * fix: resilient VS Code download for integration tests - Add retry logic (3 attempts) with backoff to download-vscode.js - Handle unhandled promise rejections from @vscode/test-electron stream errors - Clean partial downloads between retries to avoid checksum mismatches - Default to 'stable' version to match .vscode-test.mjs configuration - Chain download:vscode before vscode-test in test:integration script - Cache VS Code downloads in build-and-test-extension.yml and copilot-setup-steps.yml - Increase download timeout from 15s (default) to 120s Fixes intermittent CI failures from ECONNRESET and empty-file checksum errors when downloading VS Code for Extension Host integration tests. * Address PR #153 review comments - resolvePromptFilePath: only enforce workspace-root boundary for relative path inputs; absolute paths pass through since users legitimately reference databases/queries outside the workspace - download-vscode.js: use fileURLToPath() instead of URL.pathname for cross-platform compatibility - integration-test-runner.js: track execution counts separately from pass/fail; runWorkflowIntegrationTests and runPromptIntegrationTests return { executed, passed } objects - Add test for absolute paths outside workspace being allowed * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * fix: address PR #153 review comments for path resolution - Remove absolute path from 'does not exist' warning to avoid leaking local machine paths into prompt context sent to LLMs - Add blockedPathError() helper and check blocked flag at all 12 resolvePromptFilePath call sites so traversal attempts short-circuit with a clear inline error instead of silently proceeding - Add tests for both behaviors --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📝 Update Information
Primitive Details
resolvePromptFilePath, integration test runner✅ ALLOWED FILES:
server/src/**/*.ts)server/src/tools/*.ts)server/test/**/*.ts)README.md, server docs)server/src/types/*.ts)server/src/lib/*.ts)package.json,tsconfig.json)🚫 FORBIDDEN FILES:
🛑 MANDATORY PR VALIDATION CHECKLIST
Update Metadata
🎯 Changes Description
Addresses three unresolved review comments from PR #153.
Current Behavior
resolvePromptFilePathusesrel.startsWith('..')to detect path traversal, which false-positives on legitimate filenames likemy..query.qlsarifPathis required in the schemaprimitives/prompts/are never discovered or executed by CIUpdated Behavior
rel === '..' || rel.startsWith(..${sep})— only flags actual..path segmentsrunPromptIntegrationTests()discovers and executes prompt fixtures, mirroring the tool fixture patternMotivation
Review feedback on PR #153 identified a false-positive security check, a misleading comment, and dead test fixtures.
🔄 Before vs. After Comparison
Functionality Changes
API Changes
No API changes.
Output Format Changes
No output format changes.
🧪 Testing & Validation
Test Coverage Updates
my..query.ql)../../../etc/passwd) still correctly flaggedValidation Scenarios
resolvePromptFilePathtests pass unchangedexplain_codeql_query/invalid_query_pathTest Results
📋 Implementation Details
Files Modified
server/src/prompts/workflow-prompts.ts— fix traversal check, addsepimportserver/test/src/prompts/workflow-prompts.test.ts— add consecutive-dot filename testclient/src/lib/integration-test-runner.js— addrunPromptIntegrationTests()andrunSinglePromptIntegrationTest()extensions/vscode/test/suite/mcp-prompt-e2e.integration.test.ts— fix commentREADME.mdandbefore/monitoring-state.jsonto includedatabasePathCode Changes Summary
..-containing filenamesDependencies
🔍 Quality Improvements
Bug Fixes (if applicable)
rel.startsWith('..')flags valid paths like..config/fileormy..query.ql..or..followed by platform separatorCode Quality Enhancements
🔗 References
Related Issues/PRs
🚀 Compatibility & Migration
Backward Compatibility
API Evolution
👥 Review Guidelines
For Reviewers
Please verify:
Testing Instructions
📊 Impact Assessment
Server Impact
🔄 Deployment Strategy
Rollout Considerations
⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.