Skip to content

Commit 9b5ef4d

Browse files
committed
work
1 parent a3edbeb commit 9b5ef4d

File tree

2 files changed

+20
-18
lines changed

2 files changed

+20
-18
lines changed

src/mcp/shared/session.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -369,7 +369,8 @@ async def _receive_loop(self) -> None:
369369
request=validated_request,
370370
session=self,
371371
on_complete=lambda r: self._in_flight.pop(
372-
r.request_id, None),
372+
r.request_id, None
373+
),
373374
message_metadata=message.metadata,
374375
)
375376
self._in_flight[responder.request_id] = responder
@@ -394,7 +395,8 @@ async def _receive_loop(self) -> None:
394395
),
395396
)
396397
session_message = SessionMessage(
397-
message=JSONRPCMessage(error_response))
398+
message=JSONRPCMessage(error_response)
399+
)
398400
await self._write_stream.send(session_message)
399401

400402
elif isinstance(message.message.root, JSONRPCNotification):

tests/issues/test_malformed_input.py

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Claude Debug
1+
# Claude Debug
22
"""Test for HackerOne vulnerability report #3156202 - malformed input DOS."""
33

44
import anyio
@@ -38,7 +38,7 @@ async def test_malformed_initialize_request_does_not_crash_server():
3838
method="initialize",
3939
# params=None # Missing required params field
4040
)
41-
41+
4242
# Wrap in session message
4343
request_message = SessionMessage(message=JSONRPCMessage(malformed_request))
4444

@@ -54,22 +54,22 @@ async def test_malformed_initialize_request_does_not_crash_server():
5454
):
5555
# Send the malformed request
5656
await read_send_stream.send(request_message)
57-
57+
5858
# Give the session time to process the request
5959
await anyio.sleep(0.1)
60-
60+
6161
# Check that we received an error response instead of a crash
6262
try:
6363
response_message = write_receive_stream.receive_nowait()
6464
response = response_message.message.root
65-
65+
6666
# Verify it's a proper JSON-RPC error response
6767
assert isinstance(response, JSONRPCError)
6868
assert response.jsonrpc == "2.0"
6969
assert response.id == "f20fe86132ed4cd197f89a7134de5685"
7070
assert response.error.code == INVALID_PARAMS
7171
assert "Invalid request parameters" in response.error.message
72-
72+
7373
# Verify the session is still alive and can handle more requests
7474
# Send another malformed request to confirm server stability
7575
another_malformed_request = JSONRPCRequest(
@@ -81,18 +81,18 @@ async def test_malformed_initialize_request_does_not_crash_server():
8181
another_request_message = SessionMessage(
8282
message=JSONRPCMessage(another_malformed_request)
8383
)
84-
84+
8585
await read_send_stream.send(another_request_message)
8686
await anyio.sleep(0.1)
87-
87+
8888
# Should get another error response, not a crash
8989
second_response_message = write_receive_stream.receive_nowait()
9090
second_response = second_response_message.message.root
91-
91+
9292
assert isinstance(second_response, JSONRPCError)
9393
assert second_response.id == "test_id_2"
9494
assert second_response.error.code == INVALID_PARAMS
95-
95+
9696
except anyio.WouldBlock:
9797
pytest.fail("No response received - server likely crashed")
9898
finally:
@@ -140,14 +140,14 @@ async def test_multiple_concurrent_malformed_requests():
140140
message=JSONRPCMessage(malformed_request)
141141
)
142142
malformed_requests.append(request_message)
143-
143+
144144
# Send all requests
145145
for request in malformed_requests:
146146
await read_send_stream.send(request)
147-
147+
148148
# Give time to process
149149
await anyio.sleep(0.2)
150-
150+
151151
# Verify we get error responses for all requests
152152
error_responses = []
153153
try:
@@ -156,10 +156,10 @@ async def test_multiple_concurrent_malformed_requests():
156156
error_responses.append(response_message.message.root)
157157
except anyio.WouldBlock:
158158
pass # No more messages
159-
159+
160160
# Should have received 10 error responses
161161
assert len(error_responses) == 10
162-
162+
163163
for i, response in enumerate(error_responses):
164164
assert isinstance(response, JSONRPCError)
165165
assert response.id == f"malformed_{i}"
@@ -169,4 +169,4 @@ async def test_multiple_concurrent_malformed_requests():
169169
await read_send_stream.aclose()
170170
await write_send_stream.aclose()
171171
await read_receive_stream.aclose()
172-
await write_receive_stream.aclose()
172+
await write_receive_stream.aclose()

0 commit comments

Comments
 (0)