mcp-pdf-server

The project demonstrates a strong commitment to security with explicit handling of common attack vectors: - Path Traversal: Prevented by robust path normalization (`path.resolve`, `path.relative`). - Symlink Attacks: Mitigated by resolving real paths (`fs.realpath`) and verifying against allowed directories. - TOCTOU (Time-of-Check-Time-of-Use): Actively prevented by re-validating the file path immediately before file access (`extractPdfText` calls `validatePath` again). - Case Sensitivity Bypasses: Handled with platform-specific case-insensitive comparisons on Windows/macOS. - Hard Link Attacks: The `checkForHardLinkVulnerability` function detects files with multiple hard links (`nlink > 1`) and logs a warning. However, by default, it *does not block* access to such files. The `SECURITY.md` notes this as a 'Known Limitation' and suggests uncommenting a `throw new Error` line for stricter enforcement. This default choice slightly reduces the score from a perfect 10, as it leaves a potential, albeit transparently documented, vulnerability if not explicitly configured for strict mode. No 'eval' or intentional obfuscation was found, and sensitive information is not hardcoded. The server uses standard I/O, minimizing network attack surface.