MCP_Server_v1
by PareshKolte1
Overview
An API server for integrating with SAP systems, specifically for sales order creation, and provides a generic tool registration and invocation layer.
Installation
python server.pyEnvironment Variables
- SAP_API_BASE_URL
- SAP_USERNAME
- SAP_PASSWORD
- DESTINATION_NAME
- PORT
- VCAP_SERVICES
Security Notes
The `SapClientCF` class uses `verify=False` in `requests` calls for both CSRF token fetching and sales order posting, disabling SSL certificate verification and making the application highly vulnerable to Man-in-the-Middle (MITM) attacks. The `/v1/tools/invoke/{tool_name}` endpoint in `main.py` is vulnerable to Server-Side Request Forgery (SSRF) as it allows arbitrary URL invocation based on user-registered tool configurations without validation or restrictions, potentially exposing internal network resources. Error messages might expose sensitive internal details. Hardcoded `sap-client` values are present.
Similar Servers
lex
Provides a UK legal research API for AI agents, offering capabilities to search legislation, caselaw, amendments, and explanatory notes using semantic and keyword search, and includes a Micro-Copilot (MCP) server for integration with AI assistants.
mcp-abap-adt
MCP server for integrating with SAP ABAP Development Tools (ADT) to perform read, write, and system operations on ABAP objects.
cpi-mcp-server
The MCP server provides AI-powered applications with access to integration packages and artifacts within an SAP Cloud Integration tenant.
mcp-code-exec-python
Provides a Model Context Protocol (MCP) server for executing arbitrary Python code with optional package installations, supporting HTTP, SSE, and STDIO transports.