Danor93/secure-mcp-server

Secure MCP Server Demo

A comprehensive Model Context Protocol (MCP) server implementation in Python with security-first design.

Features

MCP Primitives Implementation

1. Resources: Secure file access with validation

   • Path traversal protection
   • File size limits (1MB max)
   • Extension whitelist (.txt, .md, .json, .py, .js, .html, .css)
   • Safe directory restriction

2. Tools: Secure file operations

   • safe_file_writer: Write files with sanitization
   • secure_echo: Echo text with injection prevention
   • list_safe_files: List files in secure directory

3. Prompts: Security-focused templates

   • secure_code_review: Security-focused code analysis
   • safe_documentation: Generate safe documentation

Security Features

• Input Sanitization: Prevents script injection and dangerous patterns
• Path Validation: Prevents directory traversal attacks
• File Restrictions: Size limits and extension controls
• Injection Prevention: Detects and blocks common attack patterns
• Error Handling: Secure error messages without information leakage

Quick Start

Option 1: Windows Batch Scripts

• Double-click scripts/run_mcp_server.bat - Start the server directly
• Double-click scripts/activate_env.bat - Open command prompt with environment

Option 2: Manual Setup

1. Create Virtual Environment:

   py -m venv mcp-server-env
   mcp-server-env\Scripts\activate
   

2. Install Dependencies:

   pip install -r requirements.txt
   

3. Run Server:

   python start_server.py
   

Option 3: Direct Python Path

C:\path\to\project\mcp-server-env\Scripts\python.exe start_server.py

Claude Desktop Integration

1. Copy configuration from config/claude_desktop_config.json
2. Add to your Claude Desktop config file:
   • Windows: %APPDATA%\Claude\claude_desktop_config.json
   • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
   • Linux: ~/.config/Claude/claude_desktop_config.json
3. Restart Claude Desktop

Testing

• Functionality: python examples/test_server.py
• Security: python examples/demo_security.py
• Documentation: See docs/ directory

Security Considerations

Prevented Attack Vectors:

• Directory Traversal: ../../../etc/passwd attempts blocked
• Script Injection: <script> tags and JavaScript URLs sanitized
• Command Injection: Shell command patterns detected and blocked
• File Exfiltration: Access restricted to safe directory only
• Prompt Injection: Dangerous patterns in prompts filtered

Best Practices Implemented:

• Input validation at every entry point
• Whitelist-based file access
• Size and type restrictions
• Comprehensive logging
• Graceful error handling
• Minimal information disclosure

Project Structure

mcp-server-python/
├── src/mcp_server/          # Main server code
│   ├── server.py           # MCP server implementation
│   ├── safe_files/         # Secure file storage
│   └── __init__.py
├── config/                 # Configuration files
│   └── claude_desktop_config.json
├── scripts/                # Helper scripts
│   ├── activate_env.bat    # Activate virtual environment
│   └── run_mcp_server.bat  # Start server directly
├── examples/               # Test and demo files
│   ├── test_server.py      # Functionality tests
│   └── demo_security.py    # Security demonstrations
├── docs/                   # Documentation
│   ├── SETUP.md           # Detailed setup guide
│   └── POWERSHELL_SETUP.md # PowerShell-specific setup
├── requirements.txt        # Python dependencies
├── start_server.py        # Server entry point
└── .gitignore            # Git ignore rules

This implementation demonstrates how to build secure MCP servers that protect against common attack vectors while providing useful functionality to Claude Desktop users.