Expand description
Secure Handler Name Validation
This module prevents handler name injection attacks by validating that handler names
are valid Rust identifiers using the syn crate (Sprint 2.4).
§Security Properties
- Injection Prevention: Prevents malicious handler names like
../../../etc/passwd,foo"; DROP TABLE handlers; --, or other injection attempts - Keyword Prevention: Blocks Rust reserved keywords (
async,await,impl, etc.) - Path Traversal Prevention: Blocks path components like
.. - Canonical Validation: Uses
syn::Ident- the same validator used by rustc
§Attack Scenarios Prevented
Without validation, an attacker could register handlers with names like:
../../../sensitive_file- Path traversalhandler"; os.system("rm -rf /"); "- Command injection<script>alert(1)</script>- XSS in web UIsadminorsystem- Privilege escalation attempts
§Implementation
Uses the industry-standard syn crate (maintained by dtolnay) for identifier validation.
This is the same crate used by every Rust procedural macro and provides:
- Complete coverage of all Rust identifier rules
- Automatic keyword detection (including weak keywords)
- Zero maintenance (tracks Rust language evolution)
- Battle-tested by millions of Rust projects
§Usage
ⓘ
use turbomcp_server::handler_validation::validate_handler_name;
// Valid handler names
assert!(validate_handler_name("get_user").is_ok());
assert!(validate_handler_name("fetch_data").is_ok());
assert!(validate_handler_name("tool_123").is_ok());
// Invalid handler names
assert!(validate_handler_name("async").is_err()); // Reserved keyword
assert!(validate_handler_name("../etc/passwd").is_err()); // Path traversal
assert!(validate_handler_name("foo-bar").is_err()); // Invalid characterFunctions§
- validate_
handler_ name - Validate a handler name (no-op when security feature is disabled)