config-audit/tests/scanners/mcp-config-validator.test.mjs
Kjell Tore Guttormsen b3c572ad46 fix(mcp-config-validator): remove invented trust field (verify-first)
`.mcp.json` has no per-server `trust` key — verified 2026-06-18 against
code.claude.com/docs/en/mcp + /settings. MCP server approval is
dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers /
disabledMcpjsonServers), never a JSON field. The scanner's "Missing trust
level" (CA-MCP-001, medium) and "Invalid trust level" (high) were false
positives flagging a field that does not exist.

- scanner: delete both trust checks + VALID_TRUST_LEVELS; drop `trust` from
  VALID_SERVER_FIELDS so a stray `trust` is now flagged as an unknown field
- humanizer: remove the two trust-level entries
- knowledge (5 files): point to the real approval mechanism, not a trust field
- fixtures: scrub `trust` (incl. the invalid "local" in optimal-setup)
- tests: flip assertions (no trust-level finding; stray trust -> unknown
  field) + add knowledge-staleness re-freeze guards
- snapshots: reseed (marketplace-medium .mcp.json -8 tokens, hermetic)
- gap-matrix: mark the trust verify-first item DONE

Suite: 853/853 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
2026-06-18 14:22:56 +02:00

221 lines
7.5 KiB
JavaScript

import { describe, it, beforeEach, afterEach } from 'node:test';
import assert from 'node:assert/strict';
import { resolve, join } from 'node:path';
import { fileURLToPath } from 'node:url';
import { mkdtemp, writeFile, rm } from 'node:fs/promises';
import { tmpdir } from 'node:os';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';
import { scan } from '../../scanners/mcp-config-validator.mjs';
const __dirname = fileURLToPath(new URL('.', import.meta.url));
const FIXTURES = resolve(__dirname, '../fixtures');
describe('MCP scanner — healthy project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'healthy-project'));
result = await scan(resolve(FIXTURES, 'healthy-project'), discovery);
});
it('returns status ok', () => {
assert.equal(result.status, 'ok');
});
it('reports scanner prefix MCP', () => {
assert.equal(result.scanner, 'MCP');
});
it('scans at least 1 file', () => {
assert.ok(result.files_scanned >= 1);
});
it('has no critical or high findings', () => {
assert.equal(result.counts.critical, 0);
assert.equal(result.counts.high, 0);
});
it('finding IDs match CA-MCP-NNN pattern', () => {
for (const f of result.findings) {
assert.match(f.id, /^CA-MCP-\d{3}$/);
}
});
it('has counts object with all severity levels', () => {
assert.ok('critical' in result.counts);
assert.ok('high' in result.counts);
assert.ok('medium' in result.counts);
assert.ok('low' in result.counts);
assert.ok('info' in result.counts);
});
});
describe('MCP scanner — broken project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'broken-project'));
result = await scan(resolve(FIXTURES, 'broken-project'), discovery);
});
it('returns status ok', () => {
assert.equal(result.status, 'ok');
});
it('detects SSE server type', () => {
assert.ok(result.findings.some(f => f.title.includes('SSE')));
});
it('SSE recommendation is info severity', () => {
const sse = result.findings.find(f => f.title.includes('SSE'));
assert.equal(sse.severity, 'info');
});
it('detects unknown server type', () => {
assert.ok(result.findings.some(f => f.title.includes('Unknown MCP server type')));
});
it('unknown server type is high severity', () => {
const unknown = result.findings.find(f => f.title.includes('Unknown MCP server type'));
assert.equal(unknown.severity, 'high');
});
it('does NOT flag any trust level — `trust` is not a real .mcp.json field (CC docs verified 2026-06-18)', () => {
assert.ok(!result.findings.some(f => /trust level/i.test(f.title)),
'no "Missing trust level"/"Invalid trust level" findings: the field does not exist in the official schema');
});
it('detects unreferenced env vars in args', () => {
assert.ok(result.findings.some(f => f.title.includes('Unreferenced env var')));
});
it('detects unknown server fields', () => {
assert.ok(result.findings.some(f => f.title.includes('Unknown MCP server field')));
});
it('has multiple findings', () => {
assert.ok(result.findings.length >= 5);
});
});
describe('MCP scanner — stray `trust` field is an unknown field (verify-first, 2026-06-18)', () => {
let result;
let tmpRoot;
beforeEach(async () => {
resetCounter();
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-mcp-trust-'));
// `trust` is NOT a field in the official .mcp.json schema (verified against
// code.claude.com/docs/en/mcp + /settings, 2026-06-18). Approval is
// dialog/settings-based (enableAllProjectMcpServers / enabledMcpjsonServers /
// disabledMcpjsonServers), never a per-server JSON field.
const mcp = {
mcpServers: {
legacy: { type: 'stdio', command: 'node', args: ['server.mjs'], trust: 'workspace' },
},
};
await writeFile(join(tmpRoot, '.mcp.json'), JSON.stringify(mcp, null, 2) + '\n', 'utf8');
const discovery = await discoverConfigFiles(tmpRoot);
result = await scan(tmpRoot, discovery);
});
afterEach(async () => {
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
});
it('flags `trust` as an unknown MCP server field', () => {
const f = result.findings.find(x => x.title.includes('Unknown MCP server field')
&& /trust/.test(x.description || ''));
assert.ok(f, 'a `trust` field must now be reported as an unknown field');
});
it('emits no "trust level" findings at all', () => {
assert.ok(!result.findings.some(x => /trust level/i.test(x.title)),
'the invented trust-level checks must be gone');
});
});
describe('MCP scanner — env-var false positives (CC 2.1.139/2.1.142, Batch 1)', () => {
let tmpRoot;
let envFindings;
beforeEach(async () => {
resetCounter();
tmpRoot = await mkdtemp(join(tmpdir(), 'ca-mcp-env-'));
const mcp = {
mcpServers: {
proj: {
type: 'stdio',
command: 'node',
// CLAUDE_PROJECT_DIR is auto-injected (CC 2.1.139); ${VAR%…}/${VAR:-…}
// are POSIX expansions CC resolves (2.1.142) — none need an env block.
args: ['${CLAUDE_PROJECT_DIR}/server.mjs', '--root', '${HOME%/}', '--cfg', '${CONFIG_DIR:-/etc}'],
},
legacy: {
type: 'stdio',
command: 'node',
args: ['${REAL_MISSING}'],
},
},
};
await writeFile(join(tmpRoot, '.mcp.json'), JSON.stringify(mcp, null, 2) + '\n', 'utf8');
const discovery = await discoverConfigFiles(tmpRoot);
const result = await scan(tmpRoot, discovery);
envFindings = result.findings.filter(f => f.title === 'Unreferenced env var in args');
});
afterEach(async () => {
if (tmpRoot) await rm(tmpRoot, { recursive: true, force: true });
});
it('does NOT flag ${CLAUDE_PROJECT_DIR} (auto-injected runtime var)', () => {
const f = envFindings.find(x => /CLAUDE_PROJECT_DIR/.test(x.description || ''));
assert.equal(f, undefined, 'CLAUDE_PROJECT_DIR must be allowlisted');
});
it('does NOT flag POSIX expansions ${VAR%…} / ${VAR:-…}', () => {
const f = envFindings.find(x => /HOME|CONFIG_DIR/.test(x.description || ''));
assert.equal(f, undefined, 'POSIX operator expansions are not env-var references');
});
it('STILL flags a genuine bare unreferenced var', () => {
assert.equal(envFindings.length, 1,
`expected exactly REAL_MISSING; got: ${envFindings.map(f => f.description).join(' | ')}`);
assert.match(envFindings[0].description || '', /REAL_MISSING/);
});
});
describe('MCP scanner — empty project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'empty-project'));
result = await scan(resolve(FIXTURES, 'empty-project'), discovery);
});
it('returns skipped status', () => {
assert.equal(result.status, 'skipped');
});
it('has 0 findings', () => {
assert.equal(result.findings.length, 0);
});
});
describe('MCP scanner — minimal project', () => {
let result;
beforeEach(async () => {
resetCounter();
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'minimal-project'));
result = await scan(resolve(FIXTURES, 'minimal-project'), discovery);
});
it('returns skipped when no .mcp.json', () => {
assert.equal(result.status, 'skipped');
});
it('has 0 findings', () => {
assert.equal(result.findings.length, 0);
});
});