mcp-server-kubernetes

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    148:         }
    149:         // When K8S_CA_DATA is provided, force skipTLSVerify to false as they are incompatible
>>> 150:         const hasCAData = !!(process.env.K8S_CA_DATA && process.env.K8S_CA_DATA.trim());
    151:         const skipTLSVerify = hasCAData ? false : process.env.K8S_SKIP_TLS_VERIFY === "true";
    152:         const cluster = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    144:      */
    145:     loadEnvMinimalKubeconfig() {
>>> 146:         if (!process.env.K8S_SERVER || !process.env.K8S_TOKEN) {
    147:             throw new Error("K8S_SERVER and K8S_TOKEN environment variables are required");
    148:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    265:      */
    266:     getDefaultNamespace() {
>>> 267:         return process.env.K8S_NAMESPACE || "default";
    268:     }
    269:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    137:      */
    138:     loadEnvKubeconfigJson() {
>>> 139:         const configObj = JSON.parse(process.env.KUBECONFIG_JSON);
    140:         this.kc.loadFromOptions(configObj);
    141:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:             const enableDnsRebindingProtection = process.env.DNS_REBINDING_PROTECTION === "true";
    17:             const allowedHosts = process.env.DNS_REBINDING_ALLOWED_HOST
>>> 18:                 ? [process.env.DNS_REBINDING_ALLOWED_HOST]
    19:                 : ["127.0.0.1"];
    20:             const transport = new StreamableHTTPServerTransport({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    48:     let port = 3000;
    49:     try {
>>> 50:         port = parseInt(process.env.PORT || "3000", 10);
    51:     }
    52:     catch (e) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1: export function getSpawnMaxBuffer() {
>>> 2:     return parseInt(process.env.SPAWN_MAX_BUFFER || "1048577", 10);
    3: }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28: import { startStreamableHTTPServer } from "./utils/streamable-http.js";
    29: // Check environment variables for tool filtering
>>> 30: const allowOnlyReadonlyTools = process.env.ALLOW_ONLY_READONLY_TOOLS === "true";
    31: const allowedToolsEnv = process.env.ALLOWED_TOOLS;
    32: const nonDestructiveTools = process.env.ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS === "true";

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    29: // Check environment variables for tool filtering
    30: const allowOnlyReadonlyTools = process.env.ALLOW_ONLY_READONLY_TOOLS === "true";
>>> 31: const allowedToolsEnv = process.env.ALLOWED_TOOLS;
    32: const nonDestructiveTools = process.env.ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS === "true";
    33: // Define readonly tools

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30: const allowOnlyReadonlyTools = process.env.ALLOW_ONLY_READONLY_TOOLS === "true";
    31: const allowedToolsEnv = process.env.ALLOWED_TOOLS;
>>> 32: const nonDestructiveTools = process.env.ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS === "true";
    33: // Define readonly tools
    34: const readonlyTools = [

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    222: });
    223: // Start the server
>>> 224: if (process.env.ENABLE_UNSAFE_SSE_TRANSPORT) {
    225:     startSSEServer(server);
    226:     console.log(`SSE server started`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    226:     console.log(`SSE server started`);
    227: }
>>> 228: else if (process.env.ENABLE_UNSAFE_STREAMABLE_HTTP_TRANSPORT) {
    229:     startStreamableHTTPServer(server);
    230:     console.log(`Streamable HTTP server started`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    286:             });
    287:             // Set KUBECONFIG environment variable for kubectl commands
>>> 288:             process.env.KUBECONFIG = tempKubeconfigPath;
    289:             // Function to clean up the temporary file
    290:             const cleanupTempFile = () => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    147:             timeout: 300000, // 5 minutes timeout
    148:             maxBuffer: getSpawnMaxBuffer(),
>>> 149:             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    150:         });
    151:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    131:         }
    132:         // Load the config into the JavaScript client
>>> 133:         this.kc.loadFromString(process.env.KUBECONFIG_YAML);
    134:     }
    135:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    127:      */
    128:     loadEnvKubeconfigYaml() {
>>> 129:         if (!process.env.KUBECONFIG_YAML) {
    130:             throw new Error("KUBECONFIG_YAML environment variable is not set");
    131:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    121:      */
    122:     loadEnvKubeconfigPath() {
>>> 123:         this.kc.loadFromFile(process.env.KUBECONFIG_PATH);
    124:     }
    125:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    77:                 encoding: "utf8",
    78:                 maxBuffer: getSpawnMaxBuffer(),
>>> 79:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    80:             });
    81:             // Clean up temp file if created

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    60:                         encoding: "utf8",
    61:                         maxBuffer: getSpawnMaxBuffer(),
>>> 62:                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    63:                     });
    64:                     // Parse the tabular output from kubectl

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    114:                     encoding: "utf8",
    115:                     maxBuffer: getSpawnMaxBuffer(),
>>> 116:                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    117:                 });
    118:                 break;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    125:                         encoding: "utf8",
    126:                         maxBuffer: getSpawnMaxBuffer(),
>>> 127:                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    128:                     }).trim();
    129:                     if (detailed) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132:                             encoding: "utf8",
    133:                             maxBuffer: getSpawnMaxBuffer(),
>>> 134:                             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    135:                         });
    136:                         // Parse the tabular output from kubectl

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    215:                         encoding: "utf8",
    216:                         maxBuffer: getSpawnMaxBuffer(),
>>> 217:                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    218:                     });
    219:                     const availableContexts = allContextsOutput.trim().split("\n");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    237:                         encoding: "utf8",
    238:                         maxBuffer: getSpawnMaxBuffer(),
>>> 239:                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    240:                     });
    241:                     // For tests to pass, we need to return the original name format that was passed in

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15:             // locally, make sure to set DNS_REBINDING_PROTECTION=true
    16:             const enableDnsRebindingProtection = process.env.DNS_REBINDING_PROTECTION === "true";
>>> 17:             const allowedHosts = process.env.DNS_REBINDING_ALLOWED_HOST
    18:                 ? [process.env.DNS_REBINDING_ALLOWED_HOST]
    19:                 : ["127.0.0.1"];

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    298:                 encoding: "utf8",
    299:                 maxBuffer: getSpawnMaxBuffer(),
>>> 300:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    301:             });
    302:             // Clean up temp file if created

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    115:             process.env.K8S_SERVER.trim() &&
    116:             process.env.K8S_TOKEN &&
>>> 117:             process.env.K8S_TOKEN.trim());
    118:     }
    119:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    114:         return !!(process.env.K8S_SERVER &&
    115:             process.env.K8S_SERVER.trim() &&
>>> 116:             process.env.K8S_TOKEN &&
    117:             process.env.K8S_TOKEN.trim());
    118:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    113:     hasEnvMinimalKubeconfig() {
    114:         return !!(process.env.K8S_SERVER &&
>>> 115:             process.env.K8S_SERVER.trim() &&
    116:             process.env.K8S_TOKEN &&
    117:             process.env.K8S_TOKEN.trim());

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14:             // DNS rebinding protection is disabled by default for backwards compatibility. If you are running this server
    15:             // locally, make sure to set DNS_REBINDING_PROTECTION=true
>>> 16:             const enableDnsRebindingProtection = process.env.DNS_REBINDING_PROTECTION === "true";
    17:             const allowedHosts = process.env.DNS_REBINDING_ALLOWED_HOST
    18:                 ? [process.env.DNS_REBINDING_ALLOWED_HOST]

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    119:                 encoding: "utf8",
    120:                 maxBuffer: getSpawnMaxBuffer(),
>>> 121:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    122:             });
    123:             // Clean up temp file if created

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    53:         console.error("Invalid PORT environment variable, using default port 3000.");
    54:     }
>>> 55:     const host = process.env.HOST || "localhost";
    56:     app.listen(port, host, () => {
    57:         console.log(`mcp-kubernetes-server is listening on port ${port}\nUse the following url to connect to the server:\nhttp://${host}:${port}/sse`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    56:                 encoding: "utf8",
    57:                 maxBuffer: getSpawnMaxBuffer(),
>>> 58:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    59:             });
    60:             return {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    101:                 encoding: "utf8",
    102:                 maxBuffer: getSpawnMaxBuffer(),
>>> 103:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    104:             });
    105:             return {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    99:         console.error("Invalid PORT environment variable, using default port 3000.");
    100:     }
>>> 101:     const host = process.env.HOST || "localhost";
    102:     const httpServer = app.listen(port, host, () => {
    103:         console.log(`mcp-kubernetes-server is listening on port ${port}\nUse the following url to connect to the server:\nhttp://${host}:${port}/mcp`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    180:     }
    181:     hasEnvKubeconfig() {
>>> 182:         return !!(process.env.KUBECONFIG && process.env.KUBECONFIG.trim());
    183:     }
    184:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    125:                 encoding: "utf8",
    126:                 maxBuffer: getSpawnMaxBuffer(),
>>> 127:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    128:             });
    129:             // Apply secrets masking if enabled and dealing with secrets

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    128:             });
    129:             // Apply secrets masking if enabled and dealing with secrets
>>> 130:             const shouldMaskSecrets = process.env.MASK_SECRETS !== "false" &&
    131:                 (resourceType === "secrets" || resourceType === "secret");
    132:             let processedResult = result;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    112:      */
    113:     hasEnvMinimalKubeconfig() {
>>> 114:         return !!(process.env.K8S_SERVER &&
    115:             process.env.K8S_SERVER.trim() &&
    116:             process.env.K8S_TOKEN &&

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    177:      */
    178:     hasEnvKubeconfigPath() {
>>> 179:         return !!(process.env.KUBECONFIG_PATH && process.env.KUBECONFIG_PATH.trim());
    180:     }
    181:     hasEnvKubeconfig() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    158:         const user = {
    159:             name: "env-user",
>>> 160:             token: process.env.K8S_TOKEN,
    161:         };
    162:         const context = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    88:                     encoding: "utf8",
    89:                     maxBuffer: getSpawnMaxBuffer(),
>>> 90:                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    91:                 });
    92:                 return formatLogOutput(name, result);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    131:                         encoding: "utf8",
    132:                         maxBuffer: getSpawnMaxBuffer(),
>>> 133:                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    134:                     })
    135:                         .trim()

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    181:                         encoding: "utf8",
    182:                         maxBuffer: getSpawnMaxBuffer(),
>>> 183:                         env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    184:                     }).trim();
    185:                     const selector = JSON.parse(selectorJson.replace(/'/g, '"'));

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    264:             encoding: "utf8",
    265:             maxBuffer: getSpawnMaxBuffer(),
>>> 266:             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    267:         })
    268:             .trim()

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    297:                     encoding: "utf8",
    298:                     maxBuffer: getSpawnMaxBuffer(),
>>> 299:                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    300:                 });
    301:                 logsMap[pod] = logs;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    106:      */
    107:     hasEnvKubeconfigJson() {
>>> 108:         return !!(process.env.KUBECONFIG_JSON && process.env.KUBECONFIG_JSON.trim());
    109:     }
    110:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    94:     let port = 3000;
    95:     try {
>>> 96:         port = parseInt(process.env.PORT || "3000", 10);
    97:     }
    98:     catch (e) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    78:             encoding: "utf8",
    79:             maxBuffer: getSpawnMaxBuffer(),
>>> 80:             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    81:         });
    82:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    97:                 encoding: "utf8",
    98:                 maxBuffer: getSpawnMaxBuffer(),
>>> 99:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    100:             });
    101:             // Clean up temp file if created

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    92:                     maxBuffer: getSpawnMaxBuffer(),
    93:                     timeout: 15000, // Reduced from 30 seconds to 15 seconds
>>> 94:                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    95:                 });
    96:                 return {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    108:                     encoding: "utf8",
    109:                     maxBuffer: getSpawnMaxBuffer(),
>>> 110:                     env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    111:                 });
    112:                 return {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    53:                 encoding: "utf8",
    54:                 maxBuffer: getSpawnMaxBuffer(),
>>> 55:                 env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    56:             });
    57:             return {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    90:             timeout: 300000, // 5 minutes timeout for node operations
    91:             maxBuffer: getSpawnMaxBuffer(),
>>> 92:             env: { ...process.env, KUBECONFIG: process.env.KUBECONFIG },
    93:         });
    94:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    13:  */
    14: export function createAuthMiddleware() {
>>> 15:     const authToken = process.env.MCP_AUTH_TOKEN;
    16:     return (req, res, next) => {
    17:         // If no auth token is configured, allow all requests

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    50:  */
    51: export function isAuthEnabled() {
>>> 52:     return !!process.env.MCP_AUTH_TOKEN;
    53: }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    17:             try {
    18:                 this.loadEnvKubeconfigYaml();
>>> 19:                 this.createTempKubeconfigFromYaml(process.env.KUBECONFIG_YAML);
    20:             }
    21:             catch (error) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    56:                 this.loadEnvKubeconfigPath();
    57:                 // Set KUBECONFIG environment variable to the custom path for kubectl commands
>>> 58:                 process.env.KUBECONFIG = process.env.KUBECONFIG_PATH;
    59:             }
    60:             catch (error) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    64:         else if (this.hasEnvKubeconfig()) {
    65:             // Load from KUBECONFIG
>>> 66:             this.kc.loadFromFile(process.env.KUBECONFIG);
    67:         }
    68:         else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    71:         }
    72:         // Apply context override if specified
>>> 73:         if (process.env.K8S_CONTEXT) {
    74:             try {
    75:                 this.setCurrentContext(process.env.K8S_CONTEXT);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    73:         if (process.env.K8S_CONTEXT) {
    74:             try {
>>> 75:                 this.setCurrentContext(process.env.K8S_CONTEXT);
    76:             }
    77:             catch (error) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    76:             }
    77:             catch (error) {
>>> 78:                 console.warn(`Warning: Could not set context to ${process.env.K8S_CONTEXT}: ${error instanceof Error ? error.message : "Unknown error"}`);
    79:             }
    80:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    100:      */
    101:     hasEnvKubeconfigYaml() {
>>> 102:         return !!(process.env.KUBECONFIG_YAML && process.env.KUBECONFIG_YAML.trim());
    103:     }
    104:     /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    154:             server: process.env.K8S_SERVER,
    155:             skipTLSVerify,
>>> 156:             caData: process.env.K8S_CA_DATA || undefined,
    157:         };
    158:         const user = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    152:         const cluster = {
    153:             name: "env-cluster",
>>> 154:             server: process.env.K8S_SERVER,
    155:             skipTLSVerify,
    156:             caData: process.env.K8S_CA_DATA || undefined,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    149:         // When K8S_CA_DATA is provided, force skipTLSVerify to false as they are incompatible
    150:         const hasCAData = !!(process.env.K8S_CA_DATA && process.env.K8S_CA_DATA.trim());
>>> 151:         const skipTLSVerify = hasCAData ? false : process.env.K8S_SKIP_TLS_VERIFY === "true";
    152:         const cluster = {
    153:             name: "env-cluster",

Decoded base64 content: zv������wb��ל�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �x��֥�w��(Z�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^1�ځ鞞Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�B�{^�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�Fzw��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�Q�Yh�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�B�{^�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �x��֥�w��(Z�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�Fzw��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^1�ځ鞞Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�Q�Yh�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�B�{^�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �x��֥�w��(Z�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^1�ځ鞞Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r�Fzw��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    104:         // Use the Kubernetes client-node Exec API for native exec
    105:         const kc = k8sManager.getKubeConfig();
>>> 106:         const exec = new k8s.Exec(kc);
    107:         // Add a timeout to avoid hanging forever if exec never returns
    108:         await new Promise((resolve, reject) => {

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    123:                 stderrStreamType: typeof stderrStream,
    124:             });
>>> 125:             exec.exec(namespace, input.name, input.container ?? "", commandArr, stdoutStream, stderrStream, stdinStream, // use dummy stdin
    126:             true, // set tty to true
    127:             (status) => {

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    5:  * Supports local chart paths, remote repositories, and custom values.
    6:  */
>>> 7: import { execFileSync } from "child_process";
    8: import { writeFileSync, unlinkSync } from "fs";
    9: import { dump } from "js-yaml";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    135: };
    136: /**
>>> 137:  * Execute a command using child_process.execFileSync with proper error handling.
    138:  * @param command - The command to execute
    139:  * @param args - Array of command arguments

Decoded base64 content: �x��֥�w��(Z�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �{-jYGzY����M驕�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �{-jYGzY����M驕�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import * as fs from "fs";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Decoded base64 content: ���r�B�{^�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import * as fs from "fs";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import * as fs from "fs";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Decoded base64 content: ���r�Fzw��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: i�b�*'jS뢗��'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: }�l{��_�ן�w�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Decoded base64 content: ��ޮw�z���)�z�?�{^�v���슉�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Decoded base64 content: ��Ki��I�^r�+.�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Ki��I�^r�+.�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Ki��I�^r�+.�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Ki��I�^r�+.�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Ki��I�^r�+.�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { getSpawnMaxBuffer } from "../config/max-buffer.js";
    3: import { contextParameter } from "../models/common-parameters.js";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import * as fs from "fs";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Decoded base64 content: ���r�Q�Yh�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { execFileSync } from "child_process";
    2: import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
    3: import { getSpawnMaxBuffer } from "../config/max-buffer.js";

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    6:  * Note: Use kubectl_get with resourceType="nodes" to list nodes.
    7:  */
>>> 8: import { execFileSync } from "child_process";
    9: import { getSpawnMaxBuffer } from "../config/max-buffer.js";
    10: /**

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    78: };
    79: /**
>>> 80:  * Execute a command using child_process.execFileSync with proper error handling.
    81:  * @param command - The command to execute
    82:  * @param args - Array of command arguments

Decoded base64 content: ��^1�ځ鞞Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { spawn } from "child_process";
    2: // Use spawn instead of exec because port-forward is a long-running process
    3: async function executeKubectlCommandAsync(command) {

Decoded base64 content: r����.�"u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����m�(���a��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����ޚ��m�(����&a��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����m�(���&�'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����ޚ��m�(����&a��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���{̊x�jR�m�(���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����ޚ��m�(����&a��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����m�(���=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����m�(���a��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����m�(���&�'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���{̊x�jR�m�(���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����m�(���=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����ޚ��m�(����&a��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����.�"u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����.�"u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����.�"u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����.�"u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv������wb��ל�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.