Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(mcp): DNS-Rebinding-Schutz aus (server-to-server+Bearer) + MCP-Dienst expose-only

Browse Source 
- FastMCP transport_security: enable_dns_rebinding_protection nur an, wenn
  MCP_ALLOWED_HOSTS gesetzt; sonst aus (sonst HTTP 421 "Invalid Host header" bei
  Aufrufen über nginx/Container-Name). Bearer bleibt die Zugriffskontrolle.
- bp-compliance-mcp: Host-Port-Mapping entfernt (8099 war von bp-core-health
  belegt) → expose-only im breakpilot-network, Routing via nginx (Folgeschritt).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-15 18:36:47 +02:00
parent 414496c31a
commit e7c3cd7cee
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/compliance/mcp/server.py
+12 -1
View File
@@ -17,11 +17,22 @@ import os
from typing import Optional from typing import Optional
from mcp.server.fastmcp import FastMCP from mcp.server.fastmcp import FastMCP
from mcp.server.transport_security import TransportSecuritySettings
from compliance.api.cra_annex_i_data import ANNEX_I_REQUIREMENTS from compliance.api.cra_annex_i_data import ANNEX_I_REQUIREMENTS
from compliance.services.cra_finding_mapper import assess_findings_payload from compliance.services.cra_finding_mapper import assess_findings_payload
mcp = FastMCP("breakpilot-cra") # We are a server-to-server, Bearer-gated API behind nginx — not a browser target.
# FastMCP's DNS-rebinding protection rejects unknown Host headers (HTTP 421); keep
# it OFF unless MCP_ALLOWED_HOSTS pins an explicit allowlist (comma-separated).
_ALLOWED = [h.strip() for h in (os.environ.get("MCP_ALLOWED_HOSTS") or "").split(",") if h.strip()]
_SECURITY = TransportSecuritySettings(
enable_dns_rebinding_protection=bool(_ALLOWED),
allowed_hosts=_ALLOWED,
allowed_origins=_ALLOWED,
)
mcp = FastMCP("breakpilot-cra", transport_security=_SECURITY)
@mcp.tool( @mcp.tool(
docker-compose.yml
+4 -2
View File
@@ -156,13 +156,15 @@ services:
container_name: bp-compliance-mcp container_name: bp-compliance-mcp
platform: linux/arm64 platform: linux/arm64
command: ["python", "-m", "compliance.mcp.server"] command: ["python", "-m", "compliance.mcp.server"]
# Internal-only on the breakpilot network; reached via nginx (follow-up) or by
# other containers. No host port (avoids host-port conflicts).
expose: expose:
- "8099" - "8099"
ports:
- "8099:8099"
environment: environment:
MCP_PORT: 8099 MCP_PORT: 8099
CRA_MCP_TOKEN: ${CRA_MCP_TOKEN:-} CRA_MCP_TOKEN: ${CRA_MCP_TOKEN:-}
# Optional: pin Host allowlist (comma-separated) to enable DNS-rebinding protection.
MCP_ALLOWED_HOSTS: ${MCP_ALLOWED_HOSTS:-}
healthcheck: healthcheck:
disable: true disable: true
restart: unless-stopped restart: unless-stopped