Merge pull request #1 from redhat-ai-tools/beingnishas-patch-1

beingnishas · web-flow · commit 08bc9c2b15e7 · 2025-07-23T02:15:21.000-04:00
No other operations are allowed, hard coded read
For testing disabled ssl verification
Allowed limiting repositories of interest, this will help in quicker responses
diff --git a/gitlab_mcp_server.py b/gitlab_mcp_server.py
@@ -8,6 +8,7 @@
 import json
 import logging
 import time
+import fnmatch
 from collections import defaultdict
 from typing import Any, Dict, List, Optional
 import asyncio
@@ -28,8 +29,20 @@ class GitLabConfig:
     def __init__(self):
         # While using a client like cursor limit the api calls, actions & repos
         self.max_api_calls_per_hour = int(os.getenv("MCP_MAX_API_CALLS", "100"))
-        self.allowed_actions = os.getenv("MCP_ALLOWED_ACTIONS", "read").split(",")
-        self.allowed_repos = os.getenv("MCP_ALLOWED_REPOS", "").split(",") if os.getenv("MCP_ALLOWED_REPOS") else []
+        
+        # CRITICAL: Hardcoded read-only actions for security - no configuration allowed
+        # For security, we only allow read-only queries - write operations are never permitted
+        self.allowed_actions = ['read', 'list', 'search', 'get', 'check', 'info', 'describe', 'find']
+        
+        # Parse MCP_ALLOWED_REPOS with support for wildcards: repo1,group1/*,group2/subgroup/*,exact-project
+        # This is now a REQUIRED environment variable
+        allowed_repos_env = os.getenv("MCP_ALLOWED_REPOS")
+        if not allowed_repos_env:
+            raise ValueError("MCP_ALLOWED_REPOS is required. Set repository patterns like 'automotive/*,project1,group/subgroup/*'")
+        
+        self.allowed_repos = [repo.strip() for repo in allowed_repos_env.split(",") if repo.strip()]
+        if not self.allowed_repos:
+            raise ValueError("MCP_ALLOWED_REPOS cannot be empty. Specify at least one repository pattern.")
         
         # Rate limiting tracking
         self.api_calls = defaultdict(list)
@@ -42,13 +55,33 @@ def __init__(self):
         if not self.gitlab_token:
             raise ValueError("GitLab token required. Set MCP_GITLAB_TOKEN environment variable")
         
+        # SSL Configuration options
+        ssl_verify = os.getenv("MCP_SSL_VERIFY", "true").lower() == "true"
+        ssl_ca_bundle = os.getenv("MCP_SSL_CA_BUNDLE")  # Path to CA bundle file
+        
+        # Build GitLab client configuration
+        gitlab_config = {
+            "url": self.gitlab_url,
+            "private_token": self.gitlab_token,
+            "ssl_verify": ssl_verify
+        }
+        
+        # Add CA bundle if provided
+        if ssl_ca_bundle and ssl_verify:
+            gitlab_config["ssl_ca_bundle"] = ssl_ca_bundle
+            logger.info(f"🔒 Using SSL CA bundle: {ssl_ca_bundle}")
+        elif not ssl_verify:
+            logger.warning(f"⚠️  SSL verification disabled - not recommended for production!")
+        
         # Initialize GitLab client
-        self.gl = gitlab.Gitlab(self.gitlab_url, private_token=self.gitlab_token)
+        self.gl = gitlab.Gitlab(**gitlab_config)
         
         # Log configuration
         logger.info(f"🔒 Max API calls/hour: {self.max_api_calls_per_hour}")
-        logger.info(f"🔒 Allowed actions: {self.allowed_actions}")
-        logger.info(f"🔒 Allowed repos: {self.allowed_repos if self.allowed_repos != [''] else 'ALL'}")
+        logger.info(f"🔒🛡️  SECURITY: Read-only mode hardcoded (write operations never permitted)")
+        logger.info(f"ℹ️ Allowed actions: {self.allowed_actions}")
+        logger.info(f"🔒 Allowed repos (wildcard patterns): {self.allowed_repos}")
+        logger.info(f"ℹ️ Pattern examples: 'repo-name', 'group/*', 'group/subgroup/*', 'group/project'")
         logger.info(f"🔗 GitLab URL: {self.gitlab_url}")
 
 # Global configuration instance
@@ -156,25 +189,78 @@ def check_rate_limit() -> bool:
     return True
 
 def check_action_allowed(action: str) -> bool:
-    """Check if action is permitted"""
-    if action in config.allowed_actions or "all" in config.allowed_actions:
+    """Check if action is permitted - hardcoded read-only mode for security"""
+    action_lower = action.lower()
+    
+    # Check against hardcoded allowed read-only actions
+    if action_lower in [act.lower() for act in config.allowed_actions]:
         return True
-    logger.warning(f"🚫 Action not allowed: {action}")
+    
+    # Block any write actions with explicit security warning
+    forbidden_actions = ['write', 'create', 'update', 'delete', 'modify', 'push', 'merge', 'approve', 'deploy', 'change']
+    if any(forbidden in action_lower for forbidden in forbidden_actions):
+        logger.error(f"🚫🔒 SECURITY: Write action blocked: {action}")
+        return False
+    
+    # Log any unknown actions for security monitoring
+    logger.warning(f"🚫 Action not allowed: {action} (only read-only actions permitted)")
     return False
 
-def check_repo_allowed(project_id: str) -> bool:
-    """Check repository access permissions"""
-    if not config.allowed_repos or config.allowed_repos == ['']:
+def match_repo_pattern(project_path: str, pattern: str) -> bool:
+    """
+    Check if a project path matches a given pattern.
+    
+    Supports various patterns:
+    - Exact match: "my-repo" or "group/my-repo"
+    - Group wildcard: "group/*" (matches all repos in group)
+    - Subgroup wildcard: "group/subgroup/*" (matches all repos in subgroup)
+    - Mixed patterns: supports any combination
+    
+    Args:
+        project_path: Full project path like "group/subgroup/project"
+        pattern: Pattern to match against, e.g. "group/*", "exact-name", etc.
+    
+    Returns:
+        bool: True if project matches the pattern
+    """
+    if not pattern or not project_path:
+        return False
+    
+    # Remove leading/trailing whitespace
+    pattern = pattern.strip()
+    project_path = project_path.strip()
+    
+    # Exact match (including project ID as string)
+    if pattern == project_path:
         return True
     
+    # Wildcard pattern matching
+    if '*' in pattern:
+        # Use fnmatch for shell-style wildcards
+        return fnmatch.fnmatch(project_path, pattern)
+    
+    # No match
+    return False
+
+def check_repo_allowed(project_id: str) -> bool:
+    """Check repository access permissions against MCP_ALLOWED_REPOS patterns"""
     try:
         project = config.gl.projects.get(project_id)
         project_name = project.path_with_namespace
         
-        if project_id in config.allowed_repos or project_name in config.allowed_repos:
-            return True
+        # Check against each allowed pattern
+        for allowed_pattern in config.allowed_repos:
+            allowed_pattern = allowed_pattern.strip()
+            
+            # Check if project ID matches (for backward compatibility)
+            if project_id == allowed_pattern:
+                return True
+            
+            # Check if project path matches the pattern
+            if match_repo_pattern(project_name, allowed_pattern):
+                return True
         
-        logger.warning(f"🚫 Repo not allowed: {project_name}")
+        logger.warning(f"🚫 Repo not allowed: {project_name} (allowed patterns: {config.allowed_repos})")
         return False
     except Exception:
         logger.warning(f"🚫 Could not verify repo access: {project_id}")
@@ -741,4 +827,4 @@ def main():
     mcp.run()
 
 if __name__ == "__main__":
-    main() 
+    main() 
