Restrict deps_read jar paths to dependency cache directories

Validate that jar paths passed to deps_read are under ~/.m2/repository
or ~/.clojure-mcp/deps_cache to prevent reading arbitrary jar files
via path traversal.

Author: Bruce Hauman

src/clojure_mcp/tools/deps_read/core.clj

@@ -4,7 +4,10 @@
    [clojure.string :as str]
    [clojure.java.io :as io]
    [clojure-mcp.tools.deps-common.jar-utils :as jar-utils]
-   [taoensso.timbre :as log]))
+   [clojure-mcp.utils.valid-paths :as valid-paths]
+   [taoensso.timbre :as log])
+  (:import
+   (java.io File)))
 
 (defn list-jar-entries
   "List all entries in a jar file.
@@ -95,6 +98,21 @@
           {:jar-path jar-path
            :entry-path entry-path})))))
 
+(defn allowed-jar-dirs
+  "Returns the list of directories that jar paths are allowed to reside in.
+   - ~/.m2/repository (Maven local cache)
+   - ~/.clojure-mcp/deps_cache (downloaded sources cache)"
+  []
+  (let [home (System/getProperty "user.home")]
+    [(.getPath (io/file home ".m2" "repository"))
+     (.getPath (io/file home ".clojure-mcp" "deps_cache"))]))
+
+(defn validate-jar-path!
+  "Validates that a jar path is under an allowed dependency cache directory.
+   Returns the normalized path if valid, throws ex-info if not."
+  [jar-path]
+  (valid-paths/validate-path jar-path "/" (allowed-jar-dirs)))
+
 (defn deps-read
   "Read a file from a dependency jar.
 
@@ -112,6 +130,7 @@
      (deps-read jar-path entry-path opts)
      {:error (str "Invalid path format. Expected 'jar-path:entry-path', got: " path)}))
   ([jar-path entry-path opts]
+   (validate-jar-path! jar-path)
    (read-jar-entry jar-path entry-path
                    :offset (or (:offset opts) 0)
                    :limit (:limit opts)

test/clojure_mcp/tools/deps_read/core_test.clj

@@ -0,0 +1,32 @@
+(ns clojure-mcp.tools.deps-read.core-test
+  (:require [clojure.test :refer [deftest is testing]]
+            [clojure-mcp.tools.deps-read.core :as sut]
+            [clojure.java.io :as io]))
+
+(deftest validate-jar-path-test
+  (let [home (System/getProperty "user.home")
+        m2-jar (str home "/.m2/repository/org/clojure/clojure/1.11.1/clojure-1.11.1.jar")
+        cache-jar (str home "/.clojure-mcp/deps_cache/org/clojure/clojure-1.11.1-sources.jar")]
+
+    (testing "accepts paths under ~/.m2/repository"
+      (is (string? (sut/validate-jar-path! m2-jar))))
+
+    (testing "accepts paths under ~/.clojure-mcp/deps_cache"
+      (is (string? (sut/validate-jar-path! cache-jar))))
+
+    (testing "rejects paths outside allowed directories"
+      (is (thrown? clojure.lang.ExceptionInfo
+                   (sut/validate-jar-path! "/tmp/evil.jar"))))
+
+    (testing "rejects path traversal attacks"
+      (is (thrown? clojure.lang.ExceptionInfo
+                   (sut/validate-jar-path!
+                    (str home "/.m2/repository/../../etc/foo.jar")))))))
+
+(deftest allowed-jar-dirs-test
+  (testing "returns expected directories"
+    (let [home (System/getProperty "user.home")
+          dirs (sut/allowed-jar-dirs)]
+      (is (= 2 (count dirs)))
+      (is (some #(.contains % ".m2/repository") dirs))
+      (is (some #(.contains % ".clojure-mcp/deps_cache") dirs)))))