Merge branch 'main' of github.com:mobile-next/mobile-mcp

gmegidish · gmegidish · commit 40a8e768219f · 2026-03-24T19:45:45.000+01:00
diff --git a/src/server.ts b/src/server.ts
@@ -14,6 +14,10 @@ import { PNG } from "./png";
 import { isScalingAvailable, Image } from "./image-utils";
 import { Mobilecli } from "./mobilecli";
 import { MobileDevice } from "./mobile-device";
+import { validateOutputPath, validateFileExtension } from "./utils";
+
+const ALLOWED_SCREENSHOT_EXTENSIONS = [".png", ".jpg", ".jpeg"];
+const ALLOWED_RECORDING_EXTENSIONS = [".mp4"];
 
 interface MobilecliDevice {
 	id: string;
@@ -581,10 +585,13 @@ export const createMcpServer = (): McpServer => {
 		"Save a screenshot of the mobile device to a file",
 		{
 			device: z.string().describe("The device identifier to use. Use mobile_list_available_devices to find which devices are available to you."),
-			saveTo: z.string().describe("The path to save the screenshot to"),
+			saveTo: z.string().describe("The path to save the screenshot to. Filename must end with .png, .jpg, or .jpeg"),
 		},
 		{ destructiveHint: true },
 		async ({ device, saveTo }) => {
+			validateFileExtension(saveTo, ALLOWED_SCREENSHOT_EXTENSIONS, "save_screenshot");
+			validateOutputPath(saveTo);
+
 			const robot = getRobotFromDevice(device);
 
 			const screenshot = await robot.getScreenshot();
@@ -694,11 +701,16 @@ export const createMcpServer = (): McpServer => {
 		"Start recording the screen of a mobile device. The recording runs in the background until stopped with mobile_stop_screen_recording. Returns the path where the recording will be saved.",
 		{
 			device: z.string().describe("The device identifier to use. Use mobile_list_available_devices to find which devices are available to you."),
-			output: z.string().optional().describe("The file path to save the recording to. If not provided, a temporary path will be used."),
+			output: z.string().optional().describe("The file path to save the recording to. Filename must end with .mp4. If not provided, a temporary path will be used."),
 			timeLimit: z.coerce.number().optional().describe("Maximum recording duration in seconds. The recording will stop automatically after this time."),
 		},
 		{ destructiveHint: true },
 		async ({ device, output, timeLimit }) => {
+			if (output) {
+				validateFileExtension(output, ALLOWED_RECORDING_EXTENSIONS, "start_screen_recording");
+				validateOutputPath(output);
+			}
+
 			getRobotFromDevice(device);
 
 			if (activeRecordings.has(device)) {
diff --git a/src/utils.ts b/src/utils.ts
@@ -1,3 +1,6 @@
+import path from "node:path";
+import os from "node:os";
+import fs from "node:fs";
 import { ActionableError } from "./robot";
 
 export function validatePackageName(packageName: string): void {
@@ -11,3 +14,75 @@ export function validateLocale(locale: string): void {
 		throw new ActionableError(`Invalid locale: "${locale}"`);
 	}
 }
+
+function getAllowedRoots(): string[] {
+	const roots = [
+		os.tmpdir(),
+		process.cwd(),
+	];
+
+	// macOS /tmp is a symlink to /private/tmp, add both to be safe
+	if (process.platform === "darwin") {
+		roots.push("/tmp");
+		roots.push("/private/tmp");
+	}
+
+	return roots.map(r => path.resolve(r));
+}
+
+function isPathUnderRoot(filePath: string, root: string): boolean {
+	const relative = path.relative(root, filePath);
+	if (relative === "") {
+		return false;
+	}
+
+	if (path.isAbsolute(relative)) {
+		return false;
+	}
+
+	if (relative.startsWith("..")) {
+		return false;
+	}
+
+	return true;
+}
+
+export function validateFileExtension(filePath: string, allowedExtensions: string[], toolName: string): void {
+	const ext = path.extname(filePath).toLowerCase();
+	if (!allowedExtensions.includes(ext)) {
+		throw new ActionableError(`${toolName} requires a ${allowedExtensions.join(", ")} file extension, got: "${ext || "(none)"}"`);
+	}
+}
+
+function resolveWithSymlinks(filePath: string): string {
+	const resolved = path.resolve(filePath);
+	const dir = path.dirname(resolved);
+	const filename = path.basename(resolved);
+
+	try {
+		return path.join(fs.realpathSync(dir), filename);
+	} catch {
+		return resolved;
+	}
+}
+
+export function validateOutputPath(filePath: string): void {
+	const resolved = resolveWithSymlinks(filePath);
+	const allowedRoots = getAllowedRoots();
+	const isWindows = process.platform === "win32";
+
+	const isAllowed = allowedRoots.some(root => {
+		if (isWindows) {
+			return isPathUnderRoot(resolved.toLowerCase(), root.toLowerCase());
+		}
+
+		return isPathUnderRoot(resolved, root);
+	});
+
+	if (!isAllowed) {
+		const dir = path.dirname(resolved);
+		throw new ActionableError(
+			`"${dir}" is not in the list of allowed directories. Allowed directories include the current directory and the temp directory on this host.`
+		);
+	}
+}
