jmeter-mcp-server
by chandanvars
Overview
Automated generation and execution of JMeter load and performance test scripts with comprehensive analysis and reporting via Docker.
Installation
npm startEnvironment Variables
- PORT
- NODE_ENV
- DEBUG
Security Notes
The server uses 'child_process.exec' to run Docker commands, directly embedding user-controlled 'jmxFile' names into shell commands executed within a Docker container. Although 'fileWriter.cleanFilename' is used during JMX creation, it is not explicitly reapplied when 'execute_jmeter_script' receives a JMX file name as input. A malicious JMX file, if executed, could potentially exploit the Docker environment (e.g., via OS Process Samplers or Groovy scripts) to interact with mounted host volumes ('./output', './sample_data', './jmeter-results'), leading to arbitrary code execution or data exfiltration on the host machine. Additionally, the HTTP transport mode uses 'Access-Control-Allow-Origin: *', which is a broad CORS policy that can increase the attack surface if the server is exposed publicly without proper authentication or origin restrictions.
Similar Servers
mockloop-mcp
Provides a comprehensive platform for generating and managing mock API servers with AI-driven test generation, scenario management, proxy capabilities, and robust monitoring and auditing features.
runautomation-mcpserver
A comprehensive Playwright-based Model Context Protocol (MCP) server designed for AI assistants to perform web testing, browser automation, and quality assurance tasks through natural language commands.
mcp-perf-suite
The JMeter MCP Server automates the generation of JMeter test scripts, execution of tests, and aggregation of results, primarily using Playwright-captured network traffic for web and API performance testing.
mcp-collection
Provides a containerized server application, likely part of a larger collection or system, designed for automated dependency management.