fix(percy): disable runPercyScan#285
Merged
gaurav-singh-9227 merged 1 commit intobrowserstack:mainfrom Apr 27, 2026
Merged
Conversation
ruturaj-browserstack
approved these changes
Apr 27, 2026
4 tasks
manoj-k04
added a commit
to manoj-k04/mcp-server
that referenced
this pull request
Apr 30, 2026
The Percy token fetched from api.browserstack.com was being interpolated verbatim into runPercyScan tool output (and the percy-web / percy-automate SDK handlers), exposing a server-side credential across a trust boundary into MCP client / AI-assistant context (HackerOne #3576387, CVSS 6.5). PMAA-100 (PR browserstack#285) mitigated this by disabling the runPercyScan tool registration. This change removes the underlying leak so the tool can be safely re-enabled. Output sanitization - run-percy-scan.ts: generatePercyTokenInstructions returns placeholder-only text and points users to the Percy dashboard. The token is still fetched (preserves the existing project-validation side effect of fetchPercyToken) but is intentionally not echoed. - percy-web/handler.ts and percy-automate/handler.ts: same treatment in runPercyWeb and runPercyAutomateOnly. Parameter signatures are kept for upstream compatibility; SECURITY comments document why the token must not be interpolated. Tool re-enabled - percy-sdk.ts: restore the runPercyScan import, schema import, and tool registration block that PMAA-100 commented out. - percySdk.test.ts: restore the matching import, mock, name assertion, and "runPercyScan - SUCCESS" test. Regression coverage - runPercyScan.test.ts: assertions inverted — output must NOT contain the fetched token; the placeholder must be present. - percyTokenLeak.test.ts (new): pin the no-leak contract on runPercyWeb and runPercyAutomateOnly directly so any future regression fails CI. Refs: HackerOne #3576387, PMAA-100, PMAA-103 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
runPercyScanwas embedding the server-fetched Percy token in plaintext inside the tool response (export PERCY_TOKEN="<actual_token>").runPercyScanMCP tool registration insrc/tools/percy-sdk.tsso the leaking code path is no longer reachable viatools/list/tools/call.src/tools/run-percy-scan.ts) is untouched — it remains exported and unit-tested. The proper fix (replacing the interpolated token with a placeholder) will land in the planned sprint per Gaurav's note on the ticket.src/tools/sdk-utils/percy-web/handler.ts(called fromexpandPercyVisualTesting). Reporter flagged it under "Code References" in the original H1 submission. Out of scope for this temp fix per Pradum's instruction; should be addressed in the proper-fix PR.Test plan
npm run lintnpx tsc --noEmitnpm test— 122/122 passrunPercyScanno longer appears intools/listfrom a connected MCP client