sbb-mcp-commons
Verified Safeby schlpbch
Overview
A shared Java library for building robust and resilient SBB Model Context Protocol (MCP) servers with features like session management, tool/prompt discovery, validation, and API client utilities.
Installation
No command providedEnvironment Variables
- REDIS_PASSWORD
Security Notes
The library demonstrates an excellent security posture with explicit implementations for critical defenses: Server-Side Request Forgery (SSRF) prevention in WebClientFactory (blocking internal IPs, metadata endpoints, non-HTTP/S protocols); robust error message sanitization in McpGlobalExceptionHandler to prevent information disclosure; input validation (string length, null bytes) and session ID format validation (UUID regex) in RedisMcpSessionStore to prevent injection attacks; and explicit mitigation of Jackson deserialization vulnerabilities in McpSession. No obvious hardcoded secrets or malicious patterns were found.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
spring-documentation-mcp-server
Provides an AI-driven Model Context Protocol (MCP) server for comprehensive access to Spring ecosystem documentation, migration guides, code examples, and project compatibility, serving as a knowledge base and tool integration for AI agents.
mcp-annotated-java-sdk
Annotation-driven framework for building Model Context Protocol (MCP) servers in Java, simplifying the definition and integration of resources, prompts, and tools for LLM applications.
infobip-openapi-mcp
Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.