@modelcontextprotocol/server-filesystem

Failure modes

• • Symlink race condition: validatePath checks symlink target, but file operations happen later without atomic verification - TOCTOU vulnerability could allow access outside allowed directories
• • Incomplete lib.ts: writeFileContent function is truncated in source, suggesting build/compilation issues that would cause runtime crashes
• • No timeout protection: File I/O operations lack timeouts, large files or slow filesystems could hang indefinitely
• • Concurrent request handling: No evidence of request queuing or rate limiting, simultaneous operations on same files could cause race conditions
• • Memory exhaustion: readFileContent loads entire file into memory without size limits, very large files would crash the server
• • Error message information leakage: validatePath errors expose full file paths which could leak directory structure to unauthorized users
• • Unicode/special character handling: normalizePath has complex logic for path separators but no validation for invalid Unicode sequences or control characters
• • Empty/whitespace-only paths: While some validation exists, edge cases like paths with only whitespace after quote removal may not be fully handled
• • Glob pattern DoS: minimatch patterns in directory_tree could be exploited with deeply nested wildcards causing exponential complexity
• • Platform-specific failures: Extensive Windows/WSL path handling increases surface area for platform-specific edge cases