From c934d820454a191035e86296f2cf779788e5d090 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 10 Sep 2025 14:14:54 +0100 Subject: [PATCH 1/4] chore: warn about insecure httpHost usage --- src/common/logger.ts | 1 + src/transports/streamableHttp.ts | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/src/common/logger.ts b/src/common/logger.ts index 5414fc934..7a3ebd99c 100644 --- a/src/common/logger.ts +++ b/src/common/logger.ts @@ -56,6 +56,7 @@ export const LogId = { streamableHttpTransportCloseFailure: mongoLogId(1_006_006), streamableHttpTransportKeepAliveFailure: mongoLogId(1_006_007), streamableHttpTransportKeepAlive: mongoLogId(1_006_008), + streamableHttpTransportHttpHostWarning: mongoLogId(1_006_009), exportCleanupError: mongoLogId(1_007_001), exportCreationError: mongoLogId(1_007_002), diff --git a/src/transports/streamableHttp.ts b/src/transports/streamableHttp.ts index b3f8f9ad4..943731bb4 100644 --- a/src/transports/streamableHttp.ts +++ b/src/transports/streamableHttp.ts @@ -205,6 +205,17 @@ export class StreamableHttpRunner extends TransportRunnerBase { message: `Server started on ${this.serverAddress}`, noRedaction: true, }); + + if (this.userConfig.httpHost === "0.0.0.0") { + this.logger.warning({ + id: LogId.streamableHttpTransportHttpHostWarning, + context: "streamableHttpTransport", + message: `Binding to \`0.0.0.0\` exposes the MCP Server to the entire local + network, which allows other devices on the same network to + potentially access the MCP Server. This is a security risk and could + allow unauthorized access to your database context. `, + }); + } } async closeTransport(): Promise { From b4e62b96fababc52e7bd43240f3fad899dc5eb20 Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 10 Sep 2025 14:30:29 +0100 Subject: [PATCH 2/4] update logs --- src/transports/streamableHttp.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/transports/streamableHttp.ts b/src/transports/streamableHttp.ts index 943731bb4..9b9bccaa5 100644 --- a/src/transports/streamableHttp.ts +++ b/src/transports/streamableHttp.ts @@ -210,10 +210,8 @@ export class StreamableHttpRunner extends TransportRunnerBase { this.logger.warning({ id: LogId.streamableHttpTransportHttpHostWarning, context: "streamableHttpTransport", - message: `Binding to \`0.0.0.0\` exposes the MCP Server to the entire local - network, which allows other devices on the same network to - potentially access the MCP Server. This is a security risk and could - allow unauthorized access to your database context. `, + message: `Binding to \`0.0.0.0\` exposes the MCP Server to the entire local network, which allows other devices on the same network to potentially access the MCP Server. This is a security risk and could allow unauthorized access to your database context. `, + noRedaction: true, }); } } From fead17ef9441e2cd49fb6633962e3f3015c93fc1 Mon Sep 17 00:00:00 2001 From: Bianca Lisle <40155621+blva@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:32:47 +0100 Subject: [PATCH 3/4] Update src/transports/streamableHttp.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/transports/streamableHttp.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/transports/streamableHttp.ts b/src/transports/streamableHttp.ts index 9b9bccaa5..5371f33ca 100644 --- a/src/transports/streamableHttp.ts +++ b/src/transports/streamableHttp.ts @@ -210,7 +210,7 @@ export class StreamableHttpRunner extends TransportRunnerBase { this.logger.warning({ id: LogId.streamableHttpTransportHttpHostWarning, context: "streamableHttpTransport", - message: `Binding to \`0.0.0.0\` exposes the MCP Server to the entire local network, which allows other devices on the same network to potentially access the MCP Server. This is a security risk and could allow unauthorized access to your database context. `, + message: `Binding to \`0.0.0.0\` exposes the MCP Server to the entire local network, which allows other devices on the same network to potentially access the MCP Server. This is a security risk and could allow unauthorized access to your database context.`, noRedaction: true, }); } From 2230ce89cddedce7256fbd3f2a46b0aaef1f939f Mon Sep 17 00:00:00 2001 From: Bianca Lisle Date: Wed, 10 Sep 2025 14:36:57 +0100 Subject: [PATCH 4/4] update criteria --- src/transports/streamableHttp.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/transports/streamableHttp.ts b/src/transports/streamableHttp.ts index 5371f33ca..0a20e59e8 100644 --- a/src/transports/streamableHttp.ts +++ b/src/transports/streamableHttp.ts @@ -206,11 +206,11 @@ export class StreamableHttpRunner extends TransportRunnerBase { noRedaction: true, }); - if (this.userConfig.httpHost === "0.0.0.0") { + if (this.shouldWarnAboutHttpHost(this.userConfig.httpHost)) { this.logger.warning({ id: LogId.streamableHttpTransportHttpHostWarning, context: "streamableHttpTransport", - message: `Binding to \`0.0.0.0\` exposes the MCP Server to the entire local network, which allows other devices on the same network to potentially access the MCP Server. This is a security risk and could allow unauthorized access to your database context.`, + message: `Binding to ${this.userConfig.httpHost} can expose the MCP Server to the entire local network, which allows other devices on the same network to potentially access the MCP Server. This is a security risk and could allow unauthorized access to your database context.`, noRedaction: true, }); } @@ -252,4 +252,10 @@ export class StreamableHttpRunner extends TransportRunnerBase { }); }; } + + private shouldWarnAboutHttpHost(httpHost: string): boolean { + const host = httpHost.trim(); + const safeHosts = new Set(["127.0.0.1", "localhost", "::1"]); + return host === "0.0.0.0" || host === "::" || (!safeHosts.has(host) && host !== ""); + } }