Skip to content

🔒 Security: fix command injection via project_name (Windows shell=True)#29

Open
shunfeng8421 wants to merge 1 commit into
QuantGeekDev:mainfrom
shunfeng8421:fix/shell-injection-project-name
Open

🔒 Security: fix command injection via project_name (Windows shell=True)#29
shunfeng8421 wants to merge 1 commit into
QuantGeekDev:mainfrom
shunfeng8421:fix/shell-injection-project-name

Conversation

@shunfeng8421

Copy link
Copy Markdown

Summary

Fix command injection vulnerability in WindowsExecutor._build_windows_command().

Vulnerability

project_name originates from the MCP deploy_compose tool argument and is interpolated directly into a shell command string without quoting:

# Before (vulnerable)
f'-p {self.project_name} {command} {" ".join(args)}'

On Windows, this command is executed via create_subprocess_shell(cmd, shell=True). An attacker-controlled project_name such as test && calc.exe results in arbitrary command execution.

Affected

  • Windows only — the Linux path (_build_unix_command) passes arguments as a list and is not affected

Fix

import shlex
f'-p {shlex.quote(self.project_name)} {shlex.quote(command)} {" ".join(map(shlex.quote, args))}'

shlex.quote() properly escapes shell metacharacters on both Windows and POSIX.

Entry point

MCP client → deploy_compose(project_name="evil && cmd") 
  → handlers.py:73 → DockerComposeExecutor 
  → _build_windows_command → create_subprocess_shell(shell=True)

_build_windows_command() builds a shell command string that is
executed via create_subprocess_shell(shell=True).  Three user-
controlled values were interpolated without quoting:

  - self.project_name  (from MCP tool argument)
  - command            (from MCP tool argument)
  - args               (from MCP tool argument)

On Windows an attacker-controlled project_name such as
'test && calc.exe' results in arbitrary command execution.

Fix: wrap all three interpolations with shlex.quote().

The Linux path (_build_unix_command) passes arguments as a list
and was not affected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant