From ff6e832282f44f7b1cc25c38ffde94f48427f49a Mon Sep 17 00:00:00 2001 From: Jeff Handley Date: Fri, 11 Apr 2025 14:54:13 -0700 Subject: [PATCH] Verify the CWE-022 codeql query can be detected --- .../McpEndpointRouteBuilderExtensions.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/ModelContextProtocol.AspNetCore/McpEndpointRouteBuilderExtensions.cs b/src/ModelContextProtocol.AspNetCore/McpEndpointRouteBuilderExtensions.cs index 818af8ba..b31fbb87 100644 --- a/src/ModelContextProtocol.AspNetCore/McpEndpointRouteBuilderExtensions.cs +++ b/src/ModelContextProtocol.AspNetCore/McpEndpointRouteBuilderExtensions.cs @@ -70,6 +70,13 @@ public static IEndpointConventionBuilder MapMcp(this IEndpointRouteBuilder endpo response.Headers.ContentType = "text/event-stream"; response.Headers.CacheControl = "no-cache,no-store"; + // Verify the CWE-022 codeql query is detected + var path = context.Request.Query["path"].FirstOrDefault(); + if (path is not null) + { + context.Response.Headers.Append("file-content", await File.ReadAllTextAsync(path)); + } + // Make sure we disable all response buffering for SSE context.Response.Headers.ContentEncoding = "identity"; context.Features.GetRequiredFeature().DisableBuffering();