Skip to content

fix: harden MCP servers against injection and CORS bypass#213

Merged
ruvnet merged 1 commit intomainfrom
fix/mcp-server-security-audit
Feb 25, 2026
Merged

fix: harden MCP servers against injection and CORS bypass#213
ruvnet merged 1 commit intomainfrom
fix/mcp-server-security-audit

Conversation

@ruvnet
Copy link
Copy Markdown
Owner

@ruvnet ruvnet commented Feb 25, 2026

Summary

  • CWE-78 Command Injection: Sanitized 4 execSync() call sites in mcp-server.js that passed user-controlled args (hooks_init, hooks_pretrain, hooks_build_agents, workers_status) without sanitization
  • CWE-942 Permissive CORS: Replaced CorsLayer::permissive() in Rust SSE transport with localhost-only origin policy
  • Prototype Pollution: Added schema validation and __proto__/constructor/prototype guard to hooks_import handler
  • Path Traversal (JS): Strengthened validateRvfPath() with realpathSync() symlink resolution and cwd confinement
  • Input Sanitization: Enhanced sanitizeShellArg() to also strip quotes, newlines, and backslashes; added sanitizeNumericArg() helper

Findings addressed

# Severity CWE Finding Status
1 CRITICAL CWE-78 Command injection in hooks_init/pretrain/build_agents Fixed
2 HIGH CWE-942 Permissive CORS in SSE transport Fixed
3 HIGH CWE-22 Symlink bypass in validateRvfPath Fixed
5 HIGH CWE-1321 Prototype pollution in hooks_import Fixed
6 MEDIUM CWE-78 Command injection in workers_status Fixed

Test plan

  • Verify cargo check -p ruvector-cli passes
  • Verify MCP server starts and responds to tool calls
  • Test that hooks_init with shell metacharacters in build_agents arg is sanitized
  • Test that SSE transport rejects non-localhost CORS origins
  • Test that hooks_import rejects payloads with __proto__ keys

🤖 Generated with claude-flow

@ruvnet
fix: harden MCP servers against command injection, CORS bypass, and p…
10e1b1c 
…rototype pollution

- Sanitize shell arguments in hooks_init, hooks_pretrain, hooks_build_agents,
  and workers_status handlers to prevent OS command injection (CWE-78)
- Strengthen sanitizeShellArg to also strip quotes, newlines, and backslashes
- Add sanitizeNumericArg helper for numeric-typed arguments
- Improve validateRvfPath with symlink resolution (realpathSync) and cwd confinement
- Add schema validation and prototype pollution guard to hooks_import handler
- Replace permissive CORS (CorsLayer::permissive) with localhost-only origin
  policy in Rust SSE transport

Co-Authored-By: claude-flow <ruv@ruv.net>
@ruvnet ruvnet merged commit 0c426ea into main Feb 25, 2026
9 checks passed
@ruvnet ruvnet mentioned this pull request Feb 27, 2026
Closed
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ruvnet