Skip to content

evaluator: MCP resource URI traversal #114

Description

@achuvyas-kv

Area

MCP Evaluators (evaluators/mcp/)

Problem or motivation

MCP servers exposing resources/read may be vulnerable to path traversal attacks that access files outside the intended scope.

Proposed solution

Add evaluator under evaluators/mcp/injection/ that:

  • Tests path traversal in resource URIs (e.g., ../../etc/passwd)
  • Covers Windows and Unix path formats

Acceptance criteria

  • Evaluator YAML file created with pass/fail criteria
  • Patterns cover common traversal techniques
  • Maps to OWASP MCP Top 10

Alternatives considered

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions