Skip to content

Fix cross-server environment variable and argument filtering bypass #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 24, 2025
Merged

Fix cross-server environment variable and argument filtering bypass #187

merged 6 commits into from
Sep 24, 2025

Conversation

@peteski22
Copy link
Contributor

@peteski22 peteski22 commented Sep 22, 2025

Summary:

Fixes a security vulnerability where environment variables and command-line arguments with cross-server references (e.g. ${MCPD__DATABASE_SERVER__DB_PASSWORD}) were bypassing filtering due to premature expansion.

This regression was introduced in PR #144 when environment variable expansion was moved to load time.

Changes:

  • Add RawEnv/RawArgs fields to preserve unexpanded values for filtering
  • Implement secure SafeEnv() (formerly Environ()) and SafeArgs() methods that filter on raw values
  • Update daemon to use safe methods, preventing cross-server data leakage
  • Add comprehensive tests to verify cross-server isolation

Security Impact:

Prevents servers from accessing environment variables and arguments intended for other servers, maintaining proper isolation between MCP server configurations.

@peteski22 peteski22 added bug Something isn't working daemon labels Sep 22, 2025
@peteski22 peteski22 requested a review from agpituk September 22, 2025 17:50
@peteski22
Add RawEnv/RawArgs fields for cross-server filtering
a207d7c 
* Add RawEnv and RawArgs fields to ServerExecutionContext
* Store unexpanded values before environment variable expansion
* Update all methods to handle new fields (Get, Equals, AggregateConfigs)
* Update tests to expect new fields
* Add documentation for security-aware usage
@peteski22
Implement environment variable filtering with RawEnv
b2bce87 
* Convert filterEnv to Server receiver method
* Use RawEnv to detect cross-server references before expansion
* Check both raw and expanded values for comprehensive filtering
* Update all test calls to use Server receiver method
@peteski22
Implement command-line argument filtering
8e14242 
* Add filterArgs method to detect cross-server references in args
* Use RawArgs to check unexpanded values for security filtering
* Update exportRuntimeArgs to filter args before processing
* Filter both expanded and raw argument values
@peteski22
Add SafeEnv/SafeArgs methods and update daemon
52360c1 
* Add SafeArgs() method that returns filtered command-line arguments
* Rename Environ() to SafeEnv() for consistency and clarity
* Update daemon to use SafeArgs() and SafeEnv() when starting servers
* Ensure production usage is secure by default
@peteski22
Add comprehensive cross-server filtering tests
452f3a7 
* Add end-to-end tests for SafeEnv and SafeArgs methods
* Verify cross-server references are filtered from environment variables and arguments
* Test with realistic config files to ensure production-like scenarios
@peteski22
Linting
7c2f916
@peteski22 peteski22 force-pushed the peteski22/bug/env-filtering branch from bb5ffd1 to 7c2f916 Compare September 23, 2025 10:18
@peteski22 peteski22 mentioned this pull request Sep 23, 2025
Merged
@peteski22 peteski22 merged commit 1b8a5c4 into main Sep 24, 2025
2 checks passed
@peteski22 peteski22 deleted the peteski22/bug/env-filtering branch September 24, 2025 10:08
@chenrui333 chenrui333 mentioned this pull request Sep 26, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dpoulopoulos dpoulopoulos dpoulopoulos approved these changes

@agpituk agpituk agpituk approved these changes

Assignees

No one assigned

Labels

bug Something isn't working daemon

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@peteski22 @dpoulopoulos @agpituk