Skip to content

Commit 65a2c04

Browse files
nayanaktonayanakto
committed
add file path related tests
1 parent aa41d89 commit 65a2c04

File tree

2 files changed

+49
-3
lines changed

2 files changed

+49
-3
lines changed

MCP-LT/MCPFilePathDisclosure.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
---
2+
id: FILE_SYSTEM_PATH_DISCLOSURE
3+
info:
4+
name: File System Path Disclosure
5+
description: "This test detects whether the MCP server's LLM responses disclose absolute\nfile system paths (e.g., Chrome binary locations, user data directories).\nSuch leaks can provide reconnaissance data useful for attackers in \ncrafting targeted payloads or social engineering attacks.\n"
6+
details: "The test sends a normal request to the MCP server and inspects the \nresponse for patterns resembling absolute file system paths \n(e.g., \"C:\\Program Files\\\", \"/usr/bin/\", \"/home/\").\n"
7+
impact: "Revealing absolute file paths allows adversaries to learn about \nthe target's environment, directory structure, installed software, \nand potential attack surfaces. This information can be combined \nwith local file read/write primitives or privilege escalation \nto increase impact.\n"
8+
category:
9+
name: MCP_SENSITIVE_DATA_LEAKAGE
10+
shortName: MCP_SENSITIVE_DATA_LEAKAGE
11+
displayName: MCP - Data Leak
12+
subCategory: FILE_SYSTEM_PATH_DISCLOSURE
13+
severity: LOW
14+
tags:
15+
- information-disclosure
16+
- file-paths
17+
- reconnaissance
18+
- mcp
19+
references:
20+
- https://cwe.mitre.org/data/definitions/200.html
21+
- https://owasp.org/www-community/attacks/Information_exposure_through_an_error_message
22+
cwe:
23+
- CWE-200
24+
cve: []
25+
attributes:
26+
nature: NON_INTRUSIVE
27+
plan: PRO
28+
duration: FAST
29+
api_selection_filters:
30+
response_code:
31+
gte: 200
32+
lt: 300
33+
method:
34+
eq: POST
35+
request_payload:
36+
contains_all:
37+
- method
38+
- id
39+
- jsonrpc
40+
execute:
41+
type: single
42+
requests:
43+
- req: []
44+
validate:
45+
response_payload:
46+
magic_validate: "Check the response body strictly for literal absolute file system paths only. Unix-style paths must start with '/' followed by at least one valid directory or file name (e.g., /etc/passwd, /var/log/file.txt). Windows-style paths must start with a drive letter, colon, and backslash, followed by at least one directory or file name (e.g., C:\\Windows\\System32\\). Do NOT flag JSON keys, array names, or plain text that mention directories, logs, or file types unless they contain a literal absolute path. Do NOT flag empty arrays, placeholders (e.g., /path/to/file), relative paths (./file.txt, ../logs/debug.log), or strings that only look like paths but are not literal. Flag only actual paths that exist literally in the response."

MCP-LT/MCPWebdriverSessionExpose.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,9 @@ info:
1919
other parts of the infrastructure. Severity may escalate to CRITICAL if the
2020
WebDriver grid is reachable beyond the sandboxed environment.
2121
category:
22-
name: MCP
23-
shortName: MCP
24-
displayName: Model Context Protocol (MCP) Security
22+
name: MCP_SENSITIVE_DATA_LEAKAGE
23+
shortName: MCP_SENSITIVE_DATA_LEAKAGE
24+
displayName: MCP - Data Leak
2525
subCategory: MCP_WEBDRIVER_SESSIONID_EXPOSURE_LT
2626
severity: HIGH
2727
tags:

0 commit comments

Comments
 (0)