fix(mcp): address critical review feedback for resource auto-approval

- Fix UI pattern inconsistency in McpResourceRow to match McpToolRow
- Secure URI pattern matching with validation and timeout protection
- Add comprehensive error handling to toggleResourceAlwaysAllow
- Update tests to match secure implementation patterns
- Add alwaysAllowResources field to BaseConfigSchema validation

Addresses review feedback from PR #5709

Author: MuriloFP

src/core/webview/webviewMessageHandler.ts

@@ -883,14 +883,31 @@ export const webviewMessageHandler = async (
 		}
 		case "toggleResourceAlwaysAllow": {
 			try {
-				await provider
-					.getMcpHub()
-					?.toggleResourceAlwaysAllow(
-						message.serverName!,
-						message.source as "global" | "project",
-						message.resourceUri!,
-						Boolean(message.alwaysAllow),
-					)
+				// Validate required parameters
+				if (!message.serverName) {
+					throw new Error("Server name is required")
+				}
+				if (!message.resourceUri) {
+					throw new Error("Resource URI is required")
+				}
+				if (!message.source || !["global", "project"].includes(message.source)) {
+					throw new Error("Valid source (global or project) is required")
+				}
+				if (message.alwaysAllow === undefined || message.alwaysAllow === null) {
+					throw new Error("alwaysAllow flag is required")
+				}
+
+				const mcpHub = provider.getMcpHub()
+				if (!mcpHub) {
+					throw new Error("MCP Hub is not available")
+				}
+
+				await mcpHub.toggleResourceAlwaysAllow(
+					message.serverName,
+					message.source as "global" | "project",
+					message.resourceUri,
+					Boolean(message.alwaysAllow),
+				)
 			} catch (error) {
 				provider.log(
 					`Failed to toggle auto-approve for resource ${message.resourceUri}: ${JSON.stringify(error, Object.getOwnPropertyNames(error), 2)}`,

src/services/mcp/McpHub.ts

@@ -44,6 +44,7 @@ const BaseConfigSchema = z.object({
 	disabled: z.boolean().optional(),
 	timeout: z.number().min(1).max(3600).optional().default(60),
 	alwaysAllow: z.array(z.string()).default([]),
+	alwaysAllowResources: z.array(z.string()).default([]), // URIs of resources that are always allowed
 	watchPaths: z.array(z.string()).optional(), // paths to watch for changes and restart server
 	disabledTools: z.array(z.string()).default([]),
 })

webview-ui/src/components/chat/ChatView.tsx

@@ -68,6 +68,32 @@ export const MAX_IMAGES_PER_MESSAGE = 20 // Anthropic limits to 20 images
 
 const isMac = navigator.platform.toUpperCase().indexOf("MAC") >= 0
 
+// Helper function to validate URI format for security
+const isValidUriFormat = (uri: string): boolean => {
+	// Basic URI validation - must be reasonable length and contain valid characters
+	if (!uri || uri.length > 2048) {
+		return false
+	}
+
+	// Must contain only safe characters (alphanumeric, common URI chars)
+	const validUriPattern = /^[a-zA-Z][a-zA-Z0-9+.-]*:[a-zA-Z0-9._~:/?#[\]@!$&'()*+,;=-]+$/
+	if (!validUriPattern.test(uri)) {
+		return false
+	}
+
+	// Prevent common attack patterns
+	const dangerousPatterns = [
+		/javascript:/i,
+		/data:/i,
+		/vbscript:/i,
+		/file:/i,
+		/\.\.\//, // Path traversal
+		/%2e%2e%2f/i, // URL encoded path traversal
+	]
+
+	return !dangerousPatterns.some((pattern) => pattern.test(uri))
+}
+
 const ChatViewComponent: React.ForwardRefRenderFunction<ChatViewRef, ChatViewProps> = (
 	{ isHidden, showAnnouncement, hideAnnouncement },
 	ref,
@@ -986,14 +1012,35 @@ const ChatViewComponent: React.ForwardRefRenderFunction<ChatViewRef, ChatViewPro
 
 					// Check resource templates
 					if (server?.resourceTemplates && mcpServerUse.uri) {
+						// Validate URI format first
+						if (!isValidUriFormat(mcpServerUse.uri)) {
+							return false
+						}
+
 						for (const template of server.resourceTemplates) {
-							// Convert template pattern to regex with proper escaping
-							const pattern = template.uriTemplate
-								.replace(/[.*+?^${}()|[\]\\]/g, "\\$&") // Escape special regex chars
-								.replace(/\\\{[^}]+\\\}/g, "[^/]+") // Match path segments, not everything
-							const regex = new RegExp(`^${pattern}$`)
-							if (regex.test(mcpServerUse.uri) && template.alwaysAllow) {
-								return true
+							try {
+								// Convert template pattern to regex with more restrictive matching
+								const pattern = template.uriTemplate
+									.replace(/[.*+?^${}()|[\]\\]/g, "\\$&") // Escape special regex chars
+									.replace(/\\\{[^}]+\\\}/g, "[a-zA-Z0-9._-]+") // More restrictive: alphanumeric, dots, underscores, hyphens only
+
+								// Add timeout protection for regex execution
+								const regex = new RegExp(`^${pattern}$`)
+								const startTime = Date.now()
+								const matches = regex.test(mcpServerUse.uri)
+
+								// Check for regex timeout (prevent ReDoS attacks)
+								if (Date.now() - startTime > 100) {
+									console.warn("URI pattern matching timeout, rejecting for security")
+									return false
+								}
+
+								if (matches && template.alwaysAllow) {
+									return true
+								}
+							} catch (error) {
+								console.warn("Invalid regex pattern in resource template:", error)
+								continue
 							}
 						}
 					}

webview-ui/src/components/chat/__tests__/ChatView.auto-approve.spec.tsx

@@ -1033,15 +1033,31 @@ describe("ChatView - Auto Approval Tests", () => {
 				// Check resource templates
 				if (server?.resourceTemplates && mcpServerUse.uri) {
 					for (const template of server.resourceTemplates) {
-						// Convert template pattern to regex with proper escaping
-						const pattern = template.uriTemplate
-							.replace(/[.*+?^${}()|[\]\\]/g, "\\$&") // Escape special regex chars
-							.replace(/\\\{[^}]+\\\}/g, "[^/]+") // Match path segments, not everything
-						const regex = new RegExp(`^${pattern}$`)
-						if (regex.test(mcpServerUse.uri) && template.alwaysAllow) {
-							// Auto-approve the request
-							vscode.postMessage({ type: "askResponse", askResponse: "yesButtonClicked" })
-							return
+						try {
+							// Convert template pattern to regex with more restrictive matching
+							const pattern = template.uriTemplate
+								.replace(/[.*+?^${}()|[\]\\]/g, "\\$&") // Escape special regex chars
+								.replace(/\\\{[^}]+\\\}/g, "[a-zA-Z0-9._-]+") // More restrictive: alphanumeric, dots, underscores, hyphens only
+
+							// Add timeout protection for regex execution
+							const regex = new RegExp(`^${pattern}$`)
+							const startTime = Date.now()
+							const matches = regex.test(mcpServerUse.uri)
+
+							// Check for regex timeout (prevent ReDoS attacks)
+							if (Date.now() - startTime > 100) {
+								console.warn("URI pattern matching timeout, rejecting for security")
+								return
+							}
+
+							if (matches && template.alwaysAllow) {
+								// Auto-approve the request
+								vscode.postMessage({ type: "askResponse", askResponse: "yesButtonClicked" })
+								return
+							}
+						} catch (error) {
+							console.warn("Invalid regex pattern in resource template:", error)
+							continue
 						}
 					}
 				}

webview-ui/src/components/mcp/McpResourceRow.tsx

@@ -34,26 +34,32 @@ const McpResourceRow = ({
 	}
 
 	return (
-		<div
-			key={uri}
-			style={{
-				padding: "3px 0",
-			}}>
-			<div
-				style={{
-					display: "flex",
-					alignItems: "center",
-					marginBottom: "4px",
-				}}>
-				<span className={`codicon codicon-symbol-file`} style={{ marginRight: "6px" }} />
-				<span style={{ fontWeight: 500, wordBreak: "break-all" }}>{uri}</span>
+		<div key={uri} className="py-2 border-b border-vscode-panel-border last:border-b-0">
+			<div className="flex items-center gap-4" onClick={(e) => e.stopPropagation()}>
+				{/* Resource URI section */}
+				<div className="flex items-center min-w-0 flex-1">
+					<span className="codicon codicon-symbol-file mr-2 flex-shrink-0 text-vscode-symbolIcon-fileForeground" />
+					<span className="font-medium break-all text-vscode-foreground">{uri}</span>
+				</div>
+
+				{/* Controls section */}
+				{serverName && alwaysAllowMcp && !isInChatContext && (
+					<div className="flex items-center flex-shrink-0">
+						<VSCodeCheckbox
+							checked={item.alwaysAllow}
+							onChange={handleAlwaysAllowChange}
+							data-resource={uri}
+							className="text-xs">
+							<span className="text-vscode-descriptionForeground whitespace-nowrap">
+								{t("mcp:resource.alwaysAllow")}
+							</span>
+						</VSCodeCheckbox>
+					</div>
+				)}
 			</div>
-			<div
-				style={{
-					fontSize: "12px",
-					opacity: 0.8,
-					margin: "4px 0",
-				}}>
+
+			{/* Description section */}
+			<div className="mt-1 text-xs text-vscode-descriptionForeground opacity-80">
 				{item.name && item.description
 					? `${item.name}: ${item.description}`
 					: !item.name && item.description
@@ -62,34 +68,14 @@ const McpResourceRow = ({
 							? item.name
 							: "No description"}
 			</div>
-			<div
-				style={{
-					fontSize: "12px",
-				}}>
-				<span style={{ opacity: 0.8 }}>Returns </span>
-				<code
-					style={{
-						color: "var(--vscode-textPreformat-foreground)",
-						background: "var(--vscode-textPreformat-background)",
-						padding: "1px 4px",
-						borderRadius: "3px",
-					}}>
+
+			{/* MIME type section */}
+			<div className="mt-2 text-xs">
+				<span className="text-vscode-descriptionForeground opacity-80">Returns </span>
+				<code className="text-vscode-textPreformat-foreground bg-vscode-textPreformat-background px-1 py-0.5 rounded">
 					{item.mimeType || "Unknown"}
 				</code>
 			</div>
-			{serverName && alwaysAllowMcp && !isInChatContext && (
-				<div style={{ marginTop: "8px" }}>
-					<VSCodeCheckbox
-						checked={item.alwaysAllow}
-						onChange={handleAlwaysAllowChange}
-						data-resource={uri}
-						className="text-xs">
-						<span className="text-vscode-descriptionForeground whitespace-nowrap">
-							{t("mcp:resource.alwaysAllow")}
-						</span>
-					</VSCodeCheckbox>
-				</div>
-			)}
 		</div>
 	)
 }