Merge branch 'main' into 7-20-losing-resource-bug

Author: olaservo

.husky/pre-commit

@@ -0,0 +1,2 @@
+npx lint-staged
+git update-index --again

README.md

@@ -166,6 +166,16 @@ If you need to disable authentication (NOT RECOMMENDED), you can set the `DANGER
 DANGEROUSLY_OMIT_AUTH=true npm start
 ```
 
+---
+
+**🚨 WARNING 🚨**
+
+Disabling authentication with `DANGEROUSLY_OMIT_AUTH` is incredibly dangerous! Disabling auth leaves your machine open to attack not just when exposed to the public internet, but also **via your web browser**. Meaning, visiting a malicious website OR viewing a malicious advertizement could allow an attacker to remotely compromise your computer. Do not disable this feature unless you truly understand the risks.
+
+Read more about the risks of this vulnerability on Oligo's blog: [Critical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596](https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596)
+
+---
+
 You can also set the token via the `MCP_PROXY_AUTH_TOKEN` environment variable when starting the server:
 
 ```bash

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelcontextprotocol/inspector-cli",
-  "version": "0.16.4",
+  "version": "0.16.5",
   "description": "CLI for the Model Context Protocol inspector",
   "license": "MIT",
   "author": "Anthropic, PBC (https://anthropic.com)",
@@ -21,7 +21,7 @@
   },
   "devDependencies": {},
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.17.2",
+    "@modelcontextprotocol/sdk": "^1.17.3",
     "commander": "^13.1.0",
     "spawn-rx": "^5.1.2"
   }

cli/src/transport.ts

@@ -32,8 +32,8 @@ function createStdioTransport(options: TransportOptions): Transport {
   const defaultEnv = getDefaultEnvironment();
 
   const env: Record<string, string> = {
-    ...processEnv,
     ...defaultEnv,
+    ...processEnv,
   };
 
   const { cmd: actualCommand, args: actualArgs } = findActualExecutable(

client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelcontextprotocol/inspector-client",
-  "version": "0.16.4",
+  "version": "0.16.5",
   "description": "Client-side application for the Model Context Protocol inspector",
   "license": "MIT",
   "author": "Anthropic, PBC (https://anthropic.com)",
@@ -25,7 +25,7 @@
     "cleanup:e2e": "node e2e/global-teardown.js"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.17.2",
+    "@modelcontextprotocol/sdk": "^1.17.3",
     "@radix-ui/react-checkbox": "^1.1.4",
     "@radix-ui/react-dialog": "^1.1.3",
     "@radix-ui/react-icons": "^1.3.0",

client/src/components/OAuthDebugCallback.tsx

@@ -46,6 +46,17 @@ const OAuthDebugCallback = ({ onConnect }: OAuthCallbackProps) => {
       if (storedState) {
         try {
           restoredState = JSON.parse(storedState);
+          if (restoredState && typeof restoredState.resource === "string") {
+            restoredState.resource = new URL(restoredState.resource);
+          }
+          if (
+            restoredState &&
+            typeof restoredState.authorizationUrl === "string"
+          ) {
+            restoredState.authorizationUrl = new URL(
+              restoredState.authorizationUrl,
+            );
+          }
           // Clean up the stored state
           sessionStorage.removeItem(SESSION_KEYS.AUTH_DEBUGGER_STATE);
         } catch (e) {

client/src/components/__tests__/AuthDebugger.test.tsx

@@ -25,6 +25,7 @@ const mockOAuthMetadata = {
   token_endpoint: "https://oauth.example.com/token",
   response_types_supported: ["code"],
   grant_types_supported: ["authorization_code"],
+  scopes_supported: ["read", "write"],
 };
 
 const mockOAuthClientInfo = {
@@ -56,6 +57,57 @@ import {
 import { OAuthMetadata } from "@modelcontextprotocol/sdk/shared/auth.js";
 import { EMPTY_DEBUGGER_STATE } from "@/lib/auth-types";
 
+// Mock local auth module
+jest.mock("@/lib/auth", () => ({
+  DebugInspectorOAuthClientProvider: jest.fn().mockImplementation(() => ({
+    tokens: jest.fn().mockImplementation(() => Promise.resolve(undefined)),
+    clear: jest.fn().mockImplementation(() => {
+      // Mock the real clear() behavior which removes items from sessionStorage
+      sessionStorage.removeItem("[https://example.com/mcp] mcp_tokens");
+      sessionStorage.removeItem("[https://example.com/mcp] mcp_client_info");
+      sessionStorage.removeItem(
+        "[https://example.com/mcp] mcp_server_metadata",
+      );
+    }),
+    redirectUrl: "http://localhost:3000/oauth/callback/debug",
+    clientMetadata: {
+      redirect_uris: ["http://localhost:3000/oauth/callback/debug"],
+      token_endpoint_auth_method: "none",
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      client_name: "MCP Inspector",
+    },
+    clientInformation: jest.fn().mockImplementation(async () => {
+      const serverUrl = "https://example.com/mcp";
+      const preregisteredKey = `[${serverUrl}] ${SESSION_KEYS.PREREGISTERED_CLIENT_INFORMATION}`;
+      const preregisteredData = sessionStorage.getItem(preregisteredKey);
+      if (preregisteredData) {
+        return JSON.parse(preregisteredData);
+      }
+      const dynamicKey = `[${serverUrl}] ${SESSION_KEYS.CLIENT_INFORMATION}`;
+      const dynamicData = sessionStorage.getItem(dynamicKey);
+      if (dynamicData) {
+        return JSON.parse(dynamicData);
+      }
+      return undefined;
+    }),
+    saveClientInformation: jest.fn().mockImplementation((clientInfo) => {
+      const serverUrl = "https://example.com/mcp";
+      const key = `[${serverUrl}] ${SESSION_KEYS.CLIENT_INFORMATION}`;
+      sessionStorage.setItem(key, JSON.stringify(clientInfo));
+    }),
+    saveTokens: jest.fn(),
+    redirectToAuthorization: jest.fn(),
+    saveCodeVerifier: jest.fn(),
+    codeVerifier: jest.fn(),
+    saveServerMetadata: jest.fn(),
+    getServerMetadata: jest.fn(),
+  })),
+  discoverScopes: jest.fn().mockResolvedValue("read write" as never),
+}));
+
+import { discoverScopes } from "@/lib/auth";
+
 // Type the mocked functions properly
 const mockDiscoverAuthorizationServerMetadata =
   discoverAuthorizationServerMetadata as jest.MockedFunction<
@@ -75,6 +127,9 @@ const mockDiscoverOAuthProtectedResourceMetadata =
   discoverOAuthProtectedResourceMetadata as jest.MockedFunction<
     typeof discoverOAuthProtectedResourceMetadata
   >;
+const mockDiscoverScopes = discoverScopes as jest.MockedFunction<
+  typeof discoverScopes
+>;
 
 const sessionStorageMock = {
   getItem: jest.fn(),
@@ -103,9 +158,15 @@ describe("AuthDebugger", () => {
     // Suppress console errors in tests to avoid JSDOM navigation noise
     jest.spyOn(console, "error").mockImplementation(() => {});
 
-    mockDiscoverAuthorizationServerMetadata.mockResolvedValue(
-      mockOAuthMetadata,
-    );
+    // Set default mock behaviors with complete OAuth metadata
+    mockDiscoverAuthorizationServerMetadata.mockResolvedValue({
+      issuer: "https://oauth.example.com",
+      authorization_endpoint: "https://oauth.example.com/authorize",
+      token_endpoint: "https://oauth.example.com/token",
+      response_types_supported: ["code"],
+      grant_types_supported: ["authorization_code"],
+      scopes_supported: ["read", "write"],
+    });
     mockRegisterClient.mockResolvedValue(mockOAuthClientInfo);
     mockDiscoverOAuthProtectedResourceMetadata.mockRejectedValue(
       new Error("No protected resource metadata found"),
@@ -427,7 +488,24 @@ describe("AuthDebugger", () => {
       });
     });
 
-    it("should not include scope in authorization URL when scopes_supported is not present", async () => {
+    it("should include scope in authorization URL when scopes_supported is not present", async () => {
+      const updateAuthState =
+        await setupAuthorizationUrlTest(mockOAuthMetadata);
+
+      // Wait for the updateAuthState to be called
+      await waitFor(() => {
+        expect(updateAuthState).toHaveBeenCalledWith(
+          expect.objectContaining({
+            authorizationUrl: expect.stringContaining("scope="),
+          }),
+        );
+      });
+    });
+
+    it("should omit scope from authorization URL when discoverScopes returns undefined", async () => {
+      // Mock discoverScopes to return undefined (no scopes available)
+      mockDiscoverScopes.mockResolvedValueOnce(undefined);
+
       const updateAuthState =
         await setupAuthorizationUrlTest(mockOAuthMetadata);
 

client/src/lib/__tests__/auth.test.ts

@@ -0,0 +1,155 @@
+import { discoverScopes } from "../auth";
+import { discoverAuthorizationServerMetadata } from "@modelcontextprotocol/sdk/client/auth.js";
+
+jest.mock("@modelcontextprotocol/sdk/client/auth.js", () => ({
+  discoverAuthorizationServerMetadata: jest.fn(),
+}));
+
+const mockDiscoverAuth =
+  discoverAuthorizationServerMetadata as jest.MockedFunction<
+    typeof discoverAuthorizationServerMetadata
+  >;
+
+const baseMetadata = {
+  issuer: "https://test.com",
+  authorization_endpoint: "https://test.com/authorize",
+  token_endpoint: "https://test.com/token",
+  response_types_supported: ["code"],
+  grant_types_supported: ["authorization_code"],
+  scopes_supported: ["read", "write"],
+};
+
+describe("discoverScopes", () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  const testCases = [
+    {
+      name: "returns joined scopes from OAuth metadata",
+      mockResolves: baseMetadata,
+      serverUrl: "https://example.com",
+      expected: "read write",
+      expectedCallUrl: "https://example.com/",
+    },
+    {
+      name: "prefers resource metadata over OAuth metadata",
+      mockResolves: baseMetadata,
+      serverUrl: "https://example.com",
+      resourceMetadata: {
+        resource: "https://example.com",
+        scopes_supported: ["admin", "full"],
+      },
+      expected: "admin full",
+    },
+    {
+      name: "falls back to OAuth when resource has empty scopes",
+      mockResolves: baseMetadata,
+      serverUrl: "https://example.com",
+      resourceMetadata: {
+        resource: "https://example.com",
+        scopes_supported: [],
+      },
+      expected: "read write",
+    },
+    {
+      name: "normalizes URL with port and path",
+      mockResolves: baseMetadata,
+      serverUrl: "https://example.com:8080/some/path",
+      expected: "read write",
+      expectedCallUrl: "https://example.com:8080/",
+    },
+    {
+      name: "normalizes URL with trailing slash",
+      mockResolves: baseMetadata,
+      serverUrl: "https://example.com/",
+      expected: "read write",
+      expectedCallUrl: "https://example.com/",
+    },
+    {
+      name: "handles single scope",
+      mockResolves: { ...baseMetadata, scopes_supported: ["admin"] },
+      serverUrl: "https://example.com",
+      expected: "admin",
+    },
+    {
+      name: "prefers resource metadata even with fewer scopes",
+      mockResolves: {
+        ...baseMetadata,
+        scopes_supported: ["read", "write", "admin", "full"],
+      },
+      serverUrl: "https://example.com",
+      resourceMetadata: {
+        resource: "https://example.com",
+        scopes_supported: ["read"],
+      },
+      expected: "read",
+    },
+  ];
+
+  const undefinedCases = [
+    {
+      name: "returns undefined when OAuth discovery fails",
+      mockRejects: new Error("Discovery failed"),
+      serverUrl: "https://example.com",
+    },
+    {
+      name: "returns undefined when OAuth has no scopes",
+      mockResolves: { ...baseMetadata, scopes_supported: [] },
+      serverUrl: "https://example.com",
+    },
+    {
+      name: "returns undefined when scopes_supported missing",
+      mockResolves: (() => {
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const { scopes_supported, ...rest } = baseMetadata;
+        return rest;
+      })(),
+      serverUrl: "https://example.com",
+    },
+    {
+      name: "returns undefined with resource metadata but OAuth fails",
+      mockRejects: new Error("No OAuth metadata"),
+      serverUrl: "https://example.com",
+      resourceMetadata: {
+        resource: "https://example.com",
+        scopes_supported: ["read", "write"],
+      },
+    },
+  ];
+
+  test.each(testCases)(
+    "$name",
+    async ({
+      mockResolves,
+      serverUrl,
+      resourceMetadata,
+      expected,
+      expectedCallUrl,
+    }) => {
+      mockDiscoverAuth.mockResolvedValue(mockResolves);
+
+      const result = await discoverScopes(serverUrl, resourceMetadata);
+
+      expect(result).toBe(expected);
+      if (expectedCallUrl) {
+        expect(mockDiscoverAuth).toHaveBeenCalledWith(new URL(expectedCallUrl));
+      }
+    },
+  );
+
+  test.each(undefinedCases)(
+    "$name",
+    async ({ mockResolves, mockRejects, serverUrl, resourceMetadata }) => {
+      if (mockRejects) {
+        mockDiscoverAuth.mockRejectedValue(mockRejects);
+      } else {
+        mockDiscoverAuth.mockResolvedValue(mockResolves);
+      }
+
+      const result = await discoverScopes(serverUrl, resourceMetadata);
+
+      expect(result).toBeUndefined();
+    },
+  );
+});