Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat(aws-dataprocessing-mcp): add support for --allow-sensitive-data-access mcp flag#3094

Merged
naikvaib merged 4 commits into
awslabs:mainfrom
naikvaib:flag-fix
Apr 17, 2026
Merged

feat(aws-dataprocessing-mcp): add support for --allow-sensitive-data-access mcp flag#3094
naikvaib merged 4 commits into
awslabs:mainfrom
naikvaib:flag-fix

Conversation

@naikvaib
Copy link
Copy Markdown
Member

@naikvaib naikvaib commented Apr 14, 2026

Summary

Changes

Implemented enforcement for the --allow-sensitive-data-access CLI flag that was previously parsed and stored but never checked in any conditional. This security vulnerability allowed unauthorized access to sensitive customer data including database passwords, query results, and job execution outputs regardless of the flag's value.

Security Fixes:

  • Added 8 enforcement points across 5 handler files to protect sensitive operations
  • Fixed critical password exposure by forcing hide_password=True when flag is disabled
  • Blocked query result retrieval operations that return customer data
  • Protected job run details containing sensitive arguments and error messages

Operations Protected:

CRITICAL - Database Credentials:

  • get-connection and list-connections: Enforces hide_password=True to prevent plaintext password exposure

HIGH - Customer Data:

  • get-query-results (Athena): Blocks customer query result data
  • get-statement (Glue Interactive Sessions): Blocks execution outputs with customer data
  • get-entity-records (Data Catalog): Blocks preview data from connected sources

MEDIUM - Job Outputs:

  • get-job-run (Glue ETL & EMR Serverless): Blocks job details with sensitive arguments/errors
  • describe-step (EMR EC2): Blocks step configurations with potential credentials

User experience

Before this change:

  • README documented: "Access to sensitive data is restricted by default"
  • Reality: --allow-sensitive-data-access flag had zero effect
  • Users could retrieve plaintext database passwords by passing hide_password=False
  • Query results, session outputs, and job logs were always accessible
  • False security promise created compliance risk

After this change:

  • Default behavior (secure): Without --allow-sensitive-data-access flag:

    • get-connection() automatically hides passwords even if user passes hide_password=False
    • get-query-results() returns error: "requires --allow-sensitive-data-access flag"
    • get-statement() returns error: "requires --allow-sensitive-data-access flag"
    • get-entity-records() returns error: "requires --allow-sensitive-data-access flag"
    • Job run and step detail operations return similar errors

  • With flag enabled: All operations work as originally intended:

    {
  "args": [
    "awslabs.aws-dataprocessing-mcp-server@latest",
    "--allow-sensitive-data-access"
  ]
}

  • Metadata operations unaffected: List operations (e.g., list-query-executions, list-statements) continue to work without the flag as they only return IDs/status, not actual data

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have reviewed the contributing guidelines
  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented

Is this a breaking change? (N)

Explanation: This is NOT a breaking change. The default behavior is more restrictive (secure by default), but users can restore previous behavior by explicitly adding the --allow-sensitive-data-access flag. Existing test suites were updated to enable the flag where needed, demonstrating backward compatibility.

RFC issue number: N/A (Security fix addressing documented but unimplemented feature)

Checklist:

  • Migration process documented (in README.md and SECURITY_IMPLEMENTATION_SUMMARY.md)
  • Implement warnings (security enforcement includes logging at INFO and ERROR levels)

Testing

Test Coverage:

  • All 1,136 existing tests pass (100% pass rate)
  • Added 17 new dedicated security enforcement tests in tests/test_sensitive_data_access.py
  • Updated 6 test files to explicitly enable allow_sensitive_data_access=True in fixtures

Test Categories:

  1. Connection Password Protection: 3 tests verifying hide_password enforcement
  2. Query Result Protection: 6 tests verifying data access blocking
  3. Job Output Protection: 6 tests verifying job detail blocking
  4. Non-Sensitive Operations: 2 tests verifying list operations remain accessible

Verification:

# Run all tests
python -m pytest tests/ --tb=no -q
# Result: 1136 passed, 3 warnings in 9.95s

# Run security-specific tests
python -m pytest tests/test_sensitive_data_access.py -v
# Result: 17 passed in 0.40s

Documentation

Updated Files:

  • README.md: Enhanced --allow-sensitive-data-access flag documentation with detailed breakdown of protected operations by severity level
  • SENSITIVE_DATA_ANALYSIS.md: New file with comprehensive analysis of all sensitive operations backed by AWS API documentation
  • SECURITY_IMPLEMENTATION_SUMMARY.md: New file documenting implementation approach, testing, and verification

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.46%. Comparing base (e2de99c) to head (e094f30).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3094   +/-   ##
=======================================
  Coverage   92.45%   92.46%           
=======================================
  Files         851      851           
  Lines       67540    67570   +30     
  Branches    10844    10852    +8     
=======================================
+ Hits        62445    62477   +32     
  Misses       3075     3075           
+ Partials     2020     2018    -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@naikvaib naikvaib marked this pull request as ready for review April 15, 2026 05:32
@naikvaib naikvaib self-assigned this Apr 15, 2026
ckha2000
ckha2000 previously approved these changes Apr 15, 2026
View reviewed changes
chappidim
chappidim reviewed Apr 15, 2026
View reviewed changes
Comment thread src/aws-dataprocessing-mcp-server/README.md Outdated
Comment thread src/aws-dataprocessing-mcp-server/README.md
@naikvaib naikvaib enabled auto-merge April 17, 2026 21:25
@naikvaib naikvaib added this pull request to the merge queue Apr 17, 2026
Merged via the queue into awslabs:main with commit e25f0bf Apr 17, 2026
125 checks passed
@naikvaib naikvaib deleted the flag-fix branch April 17, 2026 21:26
@github-project-automation github-project-automation Bot moved this from To triage to Done in awslabs/mcp Project Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chappidim chappidim chappidim approved these changes

@ckha2000 ckha2000 ckha2000 approved these changes

@LiyuanLD LiyuanLD Awaiting requested review from LiyuanLD LiyuanLD is a code owner

@raghav1397 raghav1397 Awaiting requested review from raghav1397 raghav1397 is a code owner

@yuxiaorun yuxiaorun Awaiting requested review from yuxiaorun yuxiaorun is a code owner

Assignees

@naikvaib naikvaib

Labels

None yet

Projects

awslabs/mcp Project
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@naikvaib @chappidim @ckha2000