PR review feedback on port

Author: nquinquenel

README.md

@@ -479,7 +479,7 @@ By default, the SonarQube MCP Server uses stdio transport for communication. You
 | Environment variable | Description                                                                                      | Default         |
 |----------------------|--------------------------------------------------------------------------------------------------|-----------------|
 | `SONARQUBE_HTTP_ENABLED`   | Enable HTTP transport mode instead of stdio. Set to `true` to enable HTTP mode.                | `false`         |
-| `SONARQUBE_HTTP_PORT`      | Port number for HTTP server when HTTP transport is enabled (1-65535).                          | `8080`          |
+| `SONARQUBE_HTTP_PORT`      | Port number for HTTP server when HTTP transport is enabled (1024-65535, unprivileged ports only). | `8080`          |
 | `SONARQUBE_HTTP_HOST`      | Host address to bind HTTP server to. Use `127.0.0.1` for localhost only, `0.0.0.0` for all interfaces. | `127.0.0.1`     |
 
 #### Security

src/main/java/org/sonarsource/sonarqube/mcp/configuration/McpServerLaunchConfiguration.java

@@ -197,8 +197,8 @@ private static int parseHttpPortValue(@Nullable String portStr) {
     }
     try {
       var port = Integer.parseInt(portStr);
-      if (port < 1 || port > 65535) {
-        throw new IllegalArgumentException("SONARQUBE_HTTP_PORT value must be between 1 and 65535, got: " + port);
+      if (port < 1024 || port > 65535) {
+        throw new IllegalArgumentException("SONARQUBE_HTTP_PORT value must be between 1024 and 65535 (unprivileged ports only), got: " + port);
       }
       return port;
     } catch (NumberFormatException e) {

src/test/java/org/sonarsource/sonarqube/mcp/configuration/McpServerLaunchConfigurationHttpTest.java

@@ -133,21 +133,31 @@ void should_handle_blank_http_port_with_default() {
   @Test
   void should_validate_http_port_bounds_minimum() {
     var environment = createMinimalTestEnvironment();
-    environment.put("SONARQUBE_HTTP_PORT", "0");
+    environment.put("SONARQUBE_HTTP_PORT", "1023");
 
     assertThatThrownBy(() -> new McpServerLaunchConfiguration(environment))
         .isInstanceOf(IllegalArgumentException.class)
-        .hasMessage("SONARQUBE_HTTP_PORT value must be between 1 and 65535, got: 0");
+        .hasMessage("SONARQUBE_HTTP_PORT value must be between 1024 and 65535 (unprivileged ports only), got: 1023");
+  }
+
+  @Test
+  void should_reject_privileged_ports() {
+    var environment = createMinimalTestEnvironment();
+    environment.put("SONARQUBE_HTTP_PORT", "80");
+    
+    assertThatThrownBy(() -> new McpServerLaunchConfiguration(environment))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessageContaining("SONARQUBE_HTTP_PORT value must be between 1024 and 65535 (unprivileged ports only)");
   }
 
   @Test
   void should_accept_valid_http_port_bounds() {
     var environment = createMinimalTestEnvironment();
 
-    // Test minimum valid port
-    environment.put("SONARQUBE_HTTP_PORT", "1");
+    // Test minimum valid unprivileged port
+    environment.put("SONARQUBE_HTTP_PORT", "1024");
     var config1 = new McpServerLaunchConfiguration(environment);
-    assertThat(config1.getHttpPort()).isEqualTo(1);
+    assertThat(config1.getHttpPort()).isEqualTo(1024);
 
     // Test maximum valid port
     environment.put("SONARQUBE_HTTP_PORT", "65535");