mirror of
https://github.com/aljazceru/mcp-python-sdk.git
synced 2025-12-20 07:14:24 +01:00
Use 120 characters instead of 88 (#856)
This commit is contained in:
Marcelo Trylesinski
committed by
GitHub
GitHub
parent
f7265f7b91
commit
543961968c
@@ -1,4 +1,4 @@
|
||||
# Claude Debug
|
||||
# Claude Debug
|
||||
"""Test for HackerOne vulnerability report #3156202 - malformed input DOS."""
|
||||
|
||||
import anyio
|
||||
@@ -23,12 +23,8 @@ async def test_malformed_initialize_request_does_not_crash_server():
|
||||
instead of crashing the server (HackerOne #3156202).
|
||||
"""
|
||||
# Create in-memory streams for testing
|
||||
read_send_stream, read_receive_stream = anyio.create_memory_object_stream[
|
||||
SessionMessage | Exception
|
||||
](10)
|
||||
write_send_stream, write_receive_stream = anyio.create_memory_object_stream[
|
||||
SessionMessage
|
||||
](10)
|
||||
read_send_stream, read_receive_stream = anyio.create_memory_object_stream[SessionMessage | Exception](10)
|
||||
write_send_stream, write_receive_stream = anyio.create_memory_object_stream[SessionMessage](10)
|
||||
|
||||
try:
|
||||
# Create a malformed initialize request (missing required params field)
|
||||
@@ -38,7 +34,7 @@ async def test_malformed_initialize_request_does_not_crash_server():
|
||||
method="initialize",
|
||||
# params=None # Missing required params field
|
||||
)
|
||||
|
||||
|
||||
# Wrap in session message
|
||||
request_message = SessionMessage(message=JSONRPCMessage(malformed_request))
|
||||
|
||||
@@ -54,22 +50,22 @@ async def test_malformed_initialize_request_does_not_crash_server():
|
||||
):
|
||||
# Send the malformed request
|
||||
await read_send_stream.send(request_message)
|
||||
|
||||
|
||||
# Give the session time to process the request
|
||||
await anyio.sleep(0.1)
|
||||
|
||||
|
||||
# Check that we received an error response instead of a crash
|
||||
try:
|
||||
response_message = write_receive_stream.receive_nowait()
|
||||
response = response_message.message.root
|
||||
|
||||
|
||||
# Verify it's a proper JSON-RPC error response
|
||||
assert isinstance(response, JSONRPCError)
|
||||
assert response.jsonrpc == "2.0"
|
||||
assert response.id == "f20fe86132ed4cd197f89a7134de5685"
|
||||
assert response.error.code == INVALID_PARAMS
|
||||
assert "Invalid request parameters" in response.error.message
|
||||
|
||||
|
||||
# Verify the session is still alive and can handle more requests
|
||||
# Send another malformed request to confirm server stability
|
||||
another_malformed_request = JSONRPCRequest(
|
||||
@@ -78,21 +74,19 @@ async def test_malformed_initialize_request_does_not_crash_server():
|
||||
method="tools/call",
|
||||
# params=None # Missing required params
|
||||
)
|
||||
another_request_message = SessionMessage(
|
||||
message=JSONRPCMessage(another_malformed_request)
|
||||
)
|
||||
|
||||
another_request_message = SessionMessage(message=JSONRPCMessage(another_malformed_request))
|
||||
|
||||
await read_send_stream.send(another_request_message)
|
||||
await anyio.sleep(0.1)
|
||||
|
||||
|
||||
# Should get another error response, not a crash
|
||||
second_response_message = write_receive_stream.receive_nowait()
|
||||
second_response = second_response_message.message.root
|
||||
|
||||
|
||||
assert isinstance(second_response, JSONRPCError)
|
||||
assert second_response.id == "test_id_2"
|
||||
assert second_response.error.code == INVALID_PARAMS
|
||||
|
||||
|
||||
except anyio.WouldBlock:
|
||||
pytest.fail("No response received - server likely crashed")
|
||||
finally:
|
||||
@@ -109,12 +103,8 @@ async def test_multiple_concurrent_malformed_requests():
|
||||
Test that multiple concurrent malformed requests don't crash the server.
|
||||
"""
|
||||
# Create in-memory streams for testing
|
||||
read_send_stream, read_receive_stream = anyio.create_memory_object_stream[
|
||||
SessionMessage | Exception
|
||||
](100)
|
||||
write_send_stream, write_receive_stream = anyio.create_memory_object_stream[
|
||||
SessionMessage
|
||||
](100)
|
||||
read_send_stream, read_receive_stream = anyio.create_memory_object_stream[SessionMessage | Exception](100)
|
||||
write_send_stream, write_receive_stream = anyio.create_memory_object_stream[SessionMessage](100)
|
||||
|
||||
try:
|
||||
# Start a server session
|
||||
@@ -136,18 +126,16 @@ async def test_multiple_concurrent_malformed_requests():
|
||||
method="initialize",
|
||||
# params=None # Missing required params
|
||||
)
|
||||
request_message = SessionMessage(
|
||||
message=JSONRPCMessage(malformed_request)
|
||||
)
|
||||
request_message = SessionMessage(message=JSONRPCMessage(malformed_request))
|
||||
malformed_requests.append(request_message)
|
||||
|
||||
|
||||
# Send all requests
|
||||
for request in malformed_requests:
|
||||
await read_send_stream.send(request)
|
||||
|
||||
|
||||
# Give time to process
|
||||
await anyio.sleep(0.2)
|
||||
|
||||
|
||||
# Verify we get error responses for all requests
|
||||
error_responses = []
|
||||
try:
|
||||
@@ -156,10 +144,10 @@ async def test_multiple_concurrent_malformed_requests():
|
||||
error_responses.append(response_message.message.root)
|
||||
except anyio.WouldBlock:
|
||||
pass # No more messages
|
||||
|
||||
|
||||
# Should have received 10 error responses
|
||||
assert len(error_responses) == 10
|
||||
|
||||
|
||||
for i, response in enumerate(error_responses):
|
||||
assert isinstance(response, JSONRPCError)
|
||||
assert response.id == f"malformed_{i}"
|
||||
@@ -169,4 +157,4 @@ async def test_multiple_concurrent_malformed_requests():
|
||||
await read_send_stream.aclose()
|
||||
await write_send_stream.aclose()
|
||||
await read_receive_stream.aclose()
|
||||
await write_receive_stream.aclose()
|
||||
await write_receive_stream.aclose()
|
||||
|
||||
Reference in New Issue
Block a user