Feat: add MCP honeypot support #199
Conversation
…covered by integration tests.
WalkthroughThe changes introduce support for the MCP protocol across the codebase. This includes adding an MCP protocol strategy, updating the service configuration model and parser to support MCP tools, adding a sample MCP honeypot configuration, modifying tracing and metrics to handle MCP events, and updating the CI workflow to exclude MCP code from coverage. Tests and dependencies are also updated accordingly. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant HTTP_Server
participant MCP_Server
participant MCPStrategy
participant Tracer
Client->>HTTP_Server: Sends MCP protocol request
HTTP_Server->>MCP_Server: Passes request with remote address in context
MCP_Server->>MCPStrategy: Invokes tool handler
MCPStrategy->>Tracer: Emits trace event (protocol: MCP, details)
MCPStrategy-->>MCP_Server: Returns static handler response
MCP_Server-->>HTTP_Server: Sends response
HTTP_Server-->>Client: Returns handler result
Poem
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #199 +/- ##
==========================================
+ Coverage 82.66% 82.94% +0.28%
==========================================
Files 7 7
Lines 421 428 +7
==========================================
+ Hits 348 355 +7
Misses 63 63
Partials 10 10 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 6
🧹 Nitpick comments (6)
protocols/strategies/HTTP/http.go (1)
159-169: Improve the header string formatting.The function works correctly but has minor formatting issues that could be improved.
func mapHeaderToString(headers http.Header) string { - headersString := "" + var headersString strings.Builder for key := range headers { - for _, values := range headers[key] { - headersString += fmt.Sprintf("[Key: %s, values: %s],", key, values) + for _, value := range headers[key] { + headersString.WriteString(fmt.Sprintf("[Key: %s, Value: %s]", key, value)) } } - return headersString + return headersString.String() }This change:
- Uses
strings.Builderfor better performance- Fixes variable naming (
values→value)- Removes trailing comma
- Uses consistent capitalization ("Value" vs "values")
parser/configurations_parser_test.go (1)
166-166: Remove duplicate assertion.This line duplicates the assertion from line 165.
- assert.Equal(t, firstBeelzebubServiceConfiguration.TLSKeyPath, "/tmp/cert.key")configurations/services/mcp-8000.yaml (2)
41-41: Add newline at end of file.} } +
21-21: Use ISO 8601 date format for clarity.The date format "02/07/2025" is ambiguous (could be DD/MM/YYYY or MM/DD/YYYY). Consider using ISO 8601 format (YYYY-MM-DD) for consistency and clarity.
Also applies to: 38-38
protocols/strategies/MCP/mcp.go (2)
29-29: Remove redundant nil check.The
len()function returns 0 for nil slices, so the nil check is unnecessary.- if toolConfig.Params == nil || len(toolConfig.Params) == 0 { + if len(toolConfig.Params) == 0 {
62-62: Consider using a more robust command format.Using "|" as a delimiter could cause issues if the tool name or arguments contain this character. Consider using a structured format or escaping the delimiter.
- Command: fmt.Sprintf("%s|%s", request.Params.Name, request.Params.Arguments), + Command: fmt.Sprintf("%s: %v", request.Params.Name, request.Params.Arguments),
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (9)
.github/workflows/ci.yml(1 hunks)builder/builder.go(3 hunks)configurations/services/mcp-8000.yaml(1 hunks)go.mod(1 hunks)parser/configurations_parser.go(2 hunks)parser/configurations_parser_test.go(2 hunks)protocols/strategies/HTTP/http.go(2 hunks)protocols/strategies/MCP/mcp.go(1 hunks)tracer/tracer.go(5 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (1)
builder/builder.go (1)
protocols/strategies/MCP/mcp.go (1)
MCPStrategy(18-19)
🪛 YAMLlint (1.37.1)
configurations/services/mcp-8000.yaml
[error] 41-41: no new line character at the end of file
(new-line-at-end-of-file)
🪛 golangci-lint (1.64.8)
protocols/strategies/MCP/mcp.go
29-29: S1009: should omit nil check; len() for nil slices is defined as zero
(gosimple)
🪛 GitHub Check: codecov/patch
tracer/tracer.go
[warning] 159-160: tracer/tracer.go#L159-L160
Added lines #L159 - L160 were not covered by tests
🔇 Additional comments (11)
.github/workflows/ci.yml (1)
48-48: LGTM! Consistent exclusion pattern.The addition of
mcp.goto the coverage exclusion list follows the established pattern for other protocol strategies and aligns with the comment explaining that concrete strategies are covered by integration tests.go.mod (1)
29-29: MCP library version and security status verified
- go.mod (line 29):
github.com/mark3labs/mcp-go v0.32.0is the latest stable release (June 11, 2025).- No known CVEs or security advisories against v0.32.0.
- Review the project’s SECURITY.md and issue tracker for any emerging reports.
- Consider scheduling a periodic security audit and monitoring upstream releases.
builder/builder.go (3)
6-6: LGTM! Proper import integration.The MCP strategy import follows the established pattern alongside other protocol strategies.
116-116: LGTM! Consistent strategy instantiation.The MCP strategy instantiation follows the same pattern as other protocol strategies with descriptive variable naming.
144-145: LGTM! Proper protocol switch integration.The MCP protocol case is correctly added to the switch statement, maintaining consistency with existing protocol handling.
protocols/strategies/HTTP/http.go (1)
141-142: LGTM! Dual header representation support.The changes correctly support both string and map representations of headers, which appears to align with tracer event structure modifications for MCP protocol compatibility.
parser/configurations_parser_test.go (2)
55-63: LGTM! Comprehensive tools test data.The mock YAML properly represents the tools configuration structure with name, description, parameters, and handler - providing good test coverage for the new functionality.
167-173: LGTM! Thorough tools configuration testing.The test assertions comprehensively verify the tools parsing including count, names, descriptions, parameters, and handler - ensuring the new configuration structure is properly validated.
parser/configurations_parser.go (1)
66-66: LGTM! Clean extension of the configuration model.The addition of the
Toolsfield and the newToolandParamstructs properly extends the service configuration to support MCP honeypot tools. The structure follows the existing patterns in the codebase.Also applies to: 90-102
tracer/tracer.go (2)
52-52: Well-structured MCP protocol integration.The addition of MCP support to the tracer follows the existing pattern perfectly. The new protocol constant, Prometheus counter, and switch case are implemented consistently with the other protocols.
Also applies to: 56-56, 83-83, 118-122, 159-160
28-29: No usages of tracer.Event.Headers detected; change is safe.A search for any direct access or iteration over
Headerson theEventtype returned no matches. The only.Headers[0]hit was inparser/configurations_parser_test.go, which refers to a differentHeadersfield in the parser package. As a result, switchingEvent.Headersfrommap[string][]stringtostringdoes not introduce a breaking change in the current codebase.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
tracer/tracer_test.go (1)
89-89: Consider test isolation to avoid shared state dependencies.The global
countervariable creates dependencies between test cases. While this doesn't affect the correctness of the current changes, consider resetting the counter between test cases or using test-specific counters for better test isolation.func TestUpdatePrometheusCounters(t *testing.T) { + counter = 0 // Reset counter at the start of the test mockStrategy := func(event Event) {}
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
tracer/tracer_test.go(2 hunks)
🔇 Additional comments (2)
tracer/tracer_test.go (2)
109-109: LGTM! Consistent with existing pattern.The addition of
eventsMCPTotalfield to the mock tracer struct is consistent with the existing pattern for other protocols (SSH, HTTP, TCP).
121-122: LGTM! MCP protocol test follows established pattern.The MCP protocol test case correctly follows the same pattern as the existing protocol tests, incrementing the global counter by 2 (once for total events, once for protocol-specific events).
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (5)
README.md (5)
21-21: Insert a space after “MCP” to fix the broken parenthesis.
Current text renders asMCP(Detect …)which is hard to read and triggers the spell checker.- - Multi-protocol support: SSH, HTTP, TCP, MCP(Detect prompt injection against LLM agents) + - Multi-protocol support: SSH, HTTP, TCP, MCP (detect prompt-injection against LLM agents)
36-50: Unify list-marker style for markdown-lint compliance.
Above lists use dashes (-) while this block uses asterisks (*), producing MD004 warnings. Pick one style; the rest of the file already prefers dashes.-* **Automated Testing:** -* **Static Analysis:** -* **Code Coverage:** -* **Continuous Integration:** -* **Code Reviews:** +- **Automated Testing:** +- **Static Analysis:** +- **Code Coverage:** +- **Continuous Integration:** +- **Code Reviews:**
53-53: Add a space before the parenthesis and hyphenate “cross-device”.-You can run Beelzebub via Docker, Go compiler(cross device), or Helm (Kubernetes). +You can run Beelzebub via Docker, Go compiler (cross-device), or Helm (Kubernetes).
182-182: Remove trailing punctuation in the heading (MD026).-#### Invoke remotely: beelzebub:port/mcp (Streamable HTTPServer). +#### Invoke remotely: beelzebub:port/mcp (streamable HTTP server)
249-249: Duplicate heading – differentiate or remove.
### HTTP Honeypotappears twice (lines 185 and 249). Consider renaming the second one, e.g.:-### HTTP Honeypot +### HTTP Honeypot (Port 8080 example)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
README.md(7 hunks)
🧰 Additional context used
🪛 LanguageTool
README.md
[misspelling] ~21-~21: This word is normally spelled as one.
Context: ...nhanced security and easy management. - Multi-protocol support: SSH, HTTP, TCP, MCP(Detect pro...
(EN_COMPOUNDS_MULTI_PROTOCOL)
🪛 markdownlint-cli2 (0.17.2)
README.md
36-36: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
39-39: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
42-42: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
45-45: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
48-48: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
113-113: Dollar signs used before commands without showing output
(MD014, commands-show-output)
124-124: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
127-127: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
130-130: Unordered list style
Expected: dash; Actual: asterisk
(MD004, ul-style)
182-182: Trailing punctuation in heading
Punctuation: '.'
(MD026, no-trailing-punctuation)
249-249: Multiple headings with the same content
(MD024, no-duplicate-heading)
374-374: Dollar signs used before commands without showing output
(MD014, commands-show-output)
382-382: Dollar signs used before commands without showing output
(MD014, commands-show-output)
383-383: Dollar signs used before commands without showing output
(MD014, commands-show-output)
384-384: Dollar signs used before commands without showing output
(MD014, commands-show-output)
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (1)
configurations/services/mcp-8000.yaml (1)
20-22: Remove real-looking email to avoid PII exposureThe static JSON responses embed what looks like a real e-mail address (
[email protected]). Publishing even fictitious personal data in public repos can raise compliance / GDPR questions and was flagged in the previous review round.- "details": "email: [email protected], role: admin, last-login: 02/07/2025" + "details": "email: [email protected], role: admin, last-login: 2025-07-02" … - "details": "Info: email: [email protected], last-login: 02/07/2025" + "details": "Info: email: [email protected], last-login: 2025-07-02"Also applies to: 36-39
🧹 Nitpick comments (1)
configurations/services/mcp-8000.yaml (1)
41-41: Add trailing newline
yamllintflags the missing newline at EOF.
Helps maintain POSIX-friendly files and keeps linters quiet.} +
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
configurations/services/mcp-8000.yaml(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
configurations/services/mcp-8000.yaml
[error] 41-41: no new line character at the end of file
(new-line-at-end-of-file)
Description
configurations/services/mcp-8000.yamlAll Submissions:
New Feature Submissions:
Changes to Core Features:
Summary by CodeRabbit
New Features
Bug Fixes
Tests
Chores
Documentation