The Gopher MCP Server is designed with security as a primary concern. This document outlines our security practices, how to report vulnerabilities, and the measures we take to protect users.
- Timeout Protection: All network requests have configurable timeouts (default: 30 seconds)
- Size Limits: Response size limits prevent memory exhaustion attacks (default: 1MB)
- URL Validation: Input URLs are validated to prevent malicious requests
- Protocol Restriction: Only Gopher protocol (gopher://) URLs are accepted
- No Arbitrary Code Execution: The server only fetches and parses Gopher content
- URL Sanitization: All URLs are parsed and validated before use
- Content Type Checking: Response content types are verified
- Encoding Validation: Text content encoding is validated and sanitized
- Path Traversal Prevention: Gopher selectors are validated to prevent path traversal
- Memory Limits: Response size limits prevent memory exhaustion
- Connection Limits: Concurrent connection limits prevent resource exhaustion
- Cache Security: Cached responses are isolated and have TTL limits
- Error Handling: Error messages don't leak sensitive system information
- Regular Updates: Dependencies are regularly updated for security patches
- Vulnerability Scanning: Automated scanning with
safetyandbandit - Minimal Dependencies: Only essential dependencies are included
- Trusted Sources: All dependencies are from trusted PyPI sources
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | β Yes |
| < 1.0 | β No |
If you discover a security vulnerability, please report it responsibly:
- DO NOT create a public GitHub issue
- Email security reports to: [email protected]
- Include detailed information about the vulnerability
- Provide steps to reproduce if possible
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix if you have one
- Your contact information for follow-up
- Initial Response: Within 48 hours
- Assessment: Within 1 week
- Fix Development: Depends on severity
- Public Disclosure: After fix is released
We follow responsible disclosure practices:
- Acknowledgment of your report within 48 hours
- Assessment and validation of the vulnerability
- Fix development and testing
- Coordinated disclosure after fix is available
- Credit to the reporter (if desired)
# Set conservative limits
export MAX_RESPONSE_SIZE=524288 # 512KB instead of 1MB
export TIMEOUT_SECONDS=15 # Shorter timeout
export CACHE_TTL_SECONDS=60 # Shorter cache TTL- Firewall: Run behind a firewall when possible
- Network Isolation: Consider network isolation for production use
- Monitoring: Monitor network traffic and resource usage
- Logging: Enable logging for security monitoring
- Principle of Least Privilege: Run with minimal required permissions
- User Isolation: Run as a non-privileged user
- Container Security: Use containers with security policies
- Environment Isolation: Isolate from sensitive systems
| Variable | Security Impact | Recommendation |
|---|---|---|
MAX_RESPONSE_SIZE |
Prevents memory exhaustion | Set based on your needs, max 10MB |
TIMEOUT_SECONDS |
Prevents hanging connections | 15-60 seconds recommended |
CACHE_ENABLED |
Reduces network requests | Enable for better security |
CACHE_TTL_SECONDS |
Limits stale data exposure | 60-300 seconds recommended |
{
"mcpServers": {
"gopher": {
"command": "uv",
"args": ["--directory", "/path/to/gopher-mcp", "run", "task", "serve"],
"env": {
"MAX_RESPONSE_SIZE": "524288",
"TIMEOUT_SECONDS": "15",
"CACHE_ENABLED": "true",
"CACHE_TTL_SECONDS": "60"
}
}
}
}Our CI/CD pipeline includes:
- Bandit: Static security analysis for Python
- Safety: Dependency vulnerability scanning
- Ruff: Code quality and security linting
- MyPy: Type checking to prevent runtime errors
We recommend:
- Input Fuzzing: Test with malformed URLs and data
- Resource Exhaustion: Test with large responses and timeouts
- Network Security: Test in isolated network environments
- Error Handling: Verify error messages don't leak information
# Test URL validation
def test_malicious_url_rejection():
"""Test that malicious URLs are rejected."""
malicious_urls = [
"http://example.com/", # Wrong protocol
"gopher://localhost:22/", # SSH port
"gopher://internal.network/", # Internal network
]
for url in malicious_urls:
with pytest.raises(ValidationError):
validate_gopher_url(url)
# Test resource limits
def test_response_size_limit():
"""Test that oversized responses are rejected."""
# Implementation would test actual size limits
pass- No Encryption: Gopher protocol doesn't support encryption
- No Authentication: No built-in authentication mechanism
- Plain Text: All communication is in plain text
- Legacy Protocol: May have undiscovered vulnerabilities
- Network Monitoring: Monitor all Gopher traffic
- Content Filtering: Filter potentially malicious content
- Access Logging: Log all access attempts
- Regular Updates: Keep the server updated
- Input validation for all user data
- Proper error handling without information leakage
- Resource limits and timeouts
- Security tests for new features
- Dependency updates and vulnerability scanning
- Configure appropriate resource limits
- Run with minimal privileges
- Monitor network traffic and logs
- Keep the server updated
- Use in isolated network environments when possible
- Contributing Guidelines - Security requirements for contributors
- Development Setup - Secure development environment
- API Documentation - Security considerations for each API
For security-related questions or concerns:
- Security Email: [email protected]
- General Issues: GitHub Issues
- Documentation: Project Docs
We recognize security researchers who help improve our security:
Thank you for helping keep the Gopher MCP Server secure! π