### Vulnerability Overview - **Vulnerability Name**: mcp Git Search Command Injection Vulnerability #2 - **Vulnerability Type**: OS Command Injection (CWE-78) - **Vulnerability Description**: The Git search API accepts a user-controlled `pattern` string and passes it to a shell command constructed via Python f-strings. Because the command is executed with `shell=True`, shell metacharacters in the `pattern` can break the intended `grep` invocation, allowing the execution of arbitrary host commands. ### Impact Scope - **Affected Versions**: 0.1.0 - **Affected Components**: `mcp_server.py`, `mcp/git_service.py` - **Security Impact**: - **Confidentiality**: High, as arbitrary commands can read host and repository data. - **Integrity**: High, as arbitrary commands can modify host state. - **Availability**: High, as arbitrary commands can stop the service or exhaust resources. ### Remediation - **Recommended Fixes**: - Replace the `grep ... | cut ...` shell pipeline with direct Python file traversal and content scanning. - If `grep` must be used, employ `subprocess.run([...], shell=False)` with an argument list and without invoking a shell. - Escape external inputs containing metacharacters (e.g., `*`, `?`, `$`, `(`, `)`). - Review the nearby `requirements_analyzer.py` file, treating shell usage reduction as part of the same hardening process. ### POC Code ```bash curl -X POST 'http://HOST:PORT/v1/models/git-analyzer/search' \ -H 'Content-Type: application/json' \ -d '{ "repo_url": "https://github.com/octocat/Hello-World.git", "pattern": "'; touch /tmp/dvladimirov_mcp_cmd'; #" }' ```