pub fn validate_server_config(config: &ServerConfig) -> Result<()>Expand description
Validates a ServerConfig for safe subprocess execution.
This function performs comprehensive security validation to prevent command injection attacks. It validates:
- Command: Can be absolute path (with existence/permission checks) or binary name
- Arguments: Each arg checked for shell metacharacters
- Environment: Variables checked for dangerous names
§Security Rules
- Forbidden chars in command/args:
;,|,&,>,<,`,$,(,),\n,\r - Forbidden env names:
LD_PRELOAD,LD_LIBRARY_PATH,DYLD_*,PATH - Absolute paths: Must exist and be executable
- Binary names: Allowed (resolved via PATH at runtime)
§Errors
Returns Error::SecurityViolation if:
- Command is empty or whitespace
- Command/args contain shell metacharacters
- Absolute path does not exist or is not executable
- Environment variable name is forbidden
§Examples
use mcp_execution_core::{ServerConfig, validate_server_config};
// Valid: binary name
let config = ServerConfig::builder()
.command("docker".to_string())
.build();
assert!(validate_server_config(&config).is_ok());
// Invalid: forbidden env var
let config = ServerConfig::builder()
.command("docker".to_string())
.env("LD_PRELOAD".to_string(), "/evil.so".to_string())
.build();
assert!(validate_server_config(&config).is_err());§Security Considerations
- Binary names are allowed and resolved via PATH at runtime
- Absolute paths undergo strict validation (existence, permissions)
- All arguments are validated separately to prevent injection
- Environment variables are checked against forbidden names