From 18186926d42447a23561744a417e283fad44b712 Mon Sep 17 00:00:00 2001
From: Kernel Bot <kernelbot@example.com>
Date: Fri, 20 Feb 2026 23:31:35 +0300
Subject: [PATCH] fix: add numeric input validation to docker_logs and
 system_logs tools

Apply consistent input validation pattern (matching process.js and
network.js) to the tail/lines parameters in docker.js and monitor.js.
Rejects invalid, negative, and excessively large values (>10000) to
prevent unexpected behavior and potential resource exhaustion.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/tools/docker.js  | 10 ++++++++--
 src/tools/monitor.js | 13 ++++++++++---
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/tools/docker.js b/src/tools/docker.js
index d20d755..8a6abcd 100644
--- a/src/tools/docker.js
+++ b/src/tools/docker.js
@@ -58,8 +58,14 @@ export const handlers = {
   },
 
   docker_logs: async (params) => {
-    const tail = parseInt(params.tail, 10) || 100;
-    return await run(`docker logs --tail ${tail} ${shellEscape(params.container)}`);
+    if (params.tail != null) {
+      const tail = parseInt(params.tail, 10);
+      if (!Number.isFinite(tail) || tail <= 0 || tail > 10000) {
+        return { error: 'Invalid tail value: must be between 1 and 10000' };
+      }
+      return await run(`docker logs --tail ${tail} ${shellEscape(params.container)}`);
+    }
+    return await run(`docker logs --tail 100 ${shellEscape(params.container)}`);
   },
 
   docker_exec: async (params) => {
diff --git a/src/tools/monitor.js b/src/tools/monitor.js
index 5bf9134..318153a 100644
--- a/src/tools/monitor.js
+++ b/src/tools/monitor.js
@@ -59,17 +59,24 @@ export const handlers = {
   },
 
   system_logs: async (params) => {
-    const lines = parseInt(params.lines, 10) || 50;
+    let finalLines = 50;
+    if (params.lines != null) {
+      const lines = parseInt(params.lines, 10);
+      if (!Number.isFinite(lines) || lines <= 0 || lines > 10000) {
+        return { error: 'Invalid lines value: must be between 1 and 10000' };
+      }
+      finalLines = lines;
+    }
     const source = params.source || 'journalctl';
     const filter = params.filter;
 
     if (source === 'journalctl') {
       const filterArg = filter ? ` -g ${shellEscape(filter)}` : '';
-      return await run(`journalctl -n ${lines}${filterArg} --no-pager`);
+      return await run(`journalctl -n ${finalLines}${filterArg} --no-pager`);
     }
 
     // Reading a log file
     const filterCmd = filter ? ` | grep -i ${shellEscape(filter)}` : '';
-    return await run(`tail -n ${lines} ${shellEscape(source)}${filterCmd}`);
+    return await run(`tail -n ${finalLines} ${shellEscape(source)}${filterCmd}`);
   },
 };