Skip to content

[INTERNAL]: Rust MCP Runtime - Code Quality Improvements from Mend Scan #4110

Open
Open
[INTERNAL]: Rust MCP Runtime - Code Quality Improvements from Mend Scan#4110
Assignees
MohanLaksh
Labels
bugSomething isn't workingenhancementNew feature or requestrustRust programmingsecurityImproves securitytriageIssues / Features awaiting triage
@MohanLaksh

Description

@MohanLaksh
MohanLaksh
opened on Apr 9, 2026

Summary

Mend SAST scan (April 8, 2026) identified several code quality improvements for the Rust MCP runtime (tools_rust/mcp_runtime/src/lib.rs).

Scan Details:

  • Date: 2026-04-08 06:52am
  • Total Rust Findings: 25
  • File: tools_rust/mcp_runtime/src/lib.rs (13,319 lines)

Findings Breakdown

🔵 URL Validation (19 findings)

Recommendation: Add validation layer for backend HTTP requests

Affected Functions:

  • send_to_backend_url() (line 4422)
  • send_sampling_to_backend() (line 7891)
  • send_prompts_get_to_backend() (line 7978)
  • 16+ additional backend dispatch functions

Root Cause: Backend URL construction from configuration without validation

Recommended Implementation:

  1. Add URL validation module with hostname resolution
  2. Implement network range checking
  3. Add configuration for allowed destinations
  4. Apply validation to all backend HTTP calls

🔵 Query Parameter Binding (2 findings)

Status: FALSE POSITIVE (verified)

Analysis: All database queries use parameterized statements with proper parameter binding. No changes needed.

Example (line 4841):

client.query(
    "SELECT t.name FROM tools t WHERE sta.server_id = $1",
    &[&server_id],  // ✅ Parameterized - SAFE
)

🔵 Request Size Limits (1 finding)

Recommendation: Add request body size constraints

Current State:

  • No size limits on incoming payloads
  • No nesting depth limits for JSON parsing

Recommended Mitigation:

  1. Limit payload size (e.g., 10MB max)
  2. Set max JSON nesting depth
  3. Use size-limited readers for parsing
  4. Add timeout on parsing operations

Implementation Plan

Phase 1: URL Validation

Create validation module: tools_rust/mcp_runtime/src/url_validator.rs

Features:

  • Length validation (max 2048 chars)
  • Scheme allowlist (http, https, ws, wss)
  • Pattern validation
  • Hostname resolution with network checking
  • Configurable allowed/blocked ranges

Dependencies:

[dependencies]
url = "2.5"              # URL parsing
ipnetwork = "0.20"       # CIDR validation
trust-dns-resolver = "0.24"  # DNS resolution
regex = "1.10"           # Pattern matching

Configuration (Environment Variables):

SSRF_PROTECTION_ENABLED=true          # Enable validation (default: true)
SSRF_BLOCKED_NETWORKS=                # CIDR ranges to block (comma-separated)
SSRF_BLOCKED_HOSTS=                   # Hostnames to block (comma-separated)
SSRF_ALLOW_LOCALHOST=false            # Allow localhost access (default: false)
SSRF_ALLOW_PRIVATE_NETWORKS=false     # Allow RFC1918 networks (default: false)
SSRF_ALLOWED_NETWORKS=                # Allowlist specific CIDR ranges
SSRF_DNS_FAIL_CLOSED=true             # Fail closed on DNS errors (default: true)

Default Blocked Networks:

  • 169.254.169.254/32 - AWS/GCP/Azure instance metadata
  • 169.254.169.123/32 - AWS NTP service
  • fd00::1/128 - IPv6 cloud metadata
  • 169.254.0.0/16 - Link-local IPv4 range
  • fe80::/10 - IPv6 link-local

Default Blocked Hosts:

  • metadata.google.internal - GCP metadata hostname
  • metadata.internal - Generic cloud metadata

Phase 2: Request Size Constraints

Implementation:

// Add Axum middleware
.layer(RequestBodyLimitLayer::new(10 * 1024 * 1024)) // 10MB max

// Size-limited parsing
let parsed: Value = serde_json::from_reader(
    std::io::Cursor::new(body).take(10 * 1024 * 1024)
)?;

Phase 3: Testing & Validation

Create: tools_rust/mcp_runtime/tests/security_tests.rs

Test Coverage:

  • ✅ URL validation with various inputs
  • ✅ Hostname resolution behavior
  • ✅ Configuration modes (strict vs permissive)
  • ✅ Integration scenarios

Verification Checklist

  • All backend HTTP locations have validation
  • Unit tests pass (30+ test cases)
  • Integration tests pass
  • Configuration documented
  • Error messages are clear
  • Logging captures blocked attempts
  • Performance impact < 5ms per request
  • Compatible with existing validation patterns

Implementation Status

Branch: fix/rust-security-vulnerabilities-ssrf-remediation
PR: #4111
Status: ✅ Complete - Ready for Review

Documentation

File: tools_rust/mcp_runtime/README.md

Added configuration section:

## Configuration

### URL Validation

The Rust MCP runtime includes URL validation for backend requests.

**Environment Variables:**
- `SSRF_PROTECTION_ENABLED=true` - Enable validation (default: true)
- `SSRF_ALLOW_LOCALHOST=false` - Allow localhost (default: false)
- See README for full list

**Example - Development Mode:**
```bash
SSRF_ALLOW_LOCALHOST=true ./mcp-runtime

Example - Production Mode:

SSRF_PROTECTION_ENABLED=true \
SSRF_ALLOW_LOCALHOST=false \
./mcp-runtime

---

**Labels:** `enhancement`, `rust`, `code-quality`, `mend-scan`

---

**Related:** PR #4111
**Estimated Effort:** 3-4 weeks → Complete

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingenhancementNew feature or requestrustRust programmingsecurityImproves securitytriageIssues / Features awaiting triage

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions