68 lines
2.7 KiB
TOML
68 lines
2.7 KiB
TOML
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# This is the configuration file for mcp-bash-server
|
|
|
|
[settings]
|
|
# Port for MCP Server deployment
|
|
port = 4000
|
|
# IP for MCP Server deployment
|
|
host = "127.0.0.1"
|
|
# Usage environment for MCP Server, can be development or production environment.
|
|
# Set env to "development" or "production", production uses oauth2.0.
|
|
env = "production"
|
|
|
|
[whitelist]
|
|
# Whitelist of allowed commands (exact match), a string list.
|
|
# Only commands where the complete command string exactly matches an item in this list will be allowed
|
|
commands = [
|
|
"echo hello",
|
|
"ls -la",
|
|
"pwd",
|
|
# Add your allowed commands here
|
|
]
|
|
# Whitelist of allowed command regex patterns, a regex expression string list
|
|
# Commands where the complete command string matches any of these regex patterns will be allowed
|
|
regex = [
|
|
'^echo [a-zA-Z0-9 ]+$',
|
|
'^ls [a-zA-Z0-9 /-]*$',
|
|
# Add your whitelist regex patterns here
|
|
]
|
|
|
|
[blacklist]
|
|
# Blacklist of forbidden commands (exact match), a string list
|
|
# Blacklist has higher priority than whitelist. If the complete command string exactly matches an item in this list, the entire command will be blocked, even if it would be allowed by the whitelist
|
|
# Note: Only exact matches are blocked. For example, if "rm" is blacklisted, only the exact command "rm" is blocked, not commands like "rm -rf /tmp/test"
|
|
commands = [
|
|
# Dangerous file operations
|
|
"rm -rf /",
|
|
"shutdown",
|
|
# Add your forbidden commands here
|
|
]
|
|
# Blacklist of forbidden command regex patterns, a regex expression string list
|
|
# Blacklist has higher priority than whitelist. If the complete command string matches any of these regex patterns, it will be blocked, even if it would be allowed by the whitelist
|
|
regex = [
|
|
# Block any command with dangerous operators
|
|
'.*[|&;`$()><].*',
|
|
# Block commands that try to write to system directories
|
|
'.*/etc/.*',
|
|
'.*/root/.*',
|
|
# Block commands with sudo or su
|
|
'^sudo .*',
|
|
'^su .*',
|
|
# Add your blacklist regex patterns here
|
|
] |