Sahil7475/mcp-server-and-client-ts
criticalA TypeScript-based Model Context Protocol (MCP) server and client for managing and generating user data, featuring resource APIs, tool integrations, and sample data handling.
This MCP server provides tools and resources for managing user data, including creating users manually or via AI-generated fake profiles using Google ...
195await fs.writeFile("../../../Projects/MCP Server and Client/src/data/users.json",JSON.stringify(users,null,2))// Local-only MCP, requires compromised LLM to exploit
The writeFile path uses a relative path that traverses up three directories from the server's working directory. If the working directory is not controlled, an attacker could manipulate the path to write to arbitrary locations. Additionally, the path is hardcoded but relative, making it dependent on the execution context.
ImpactAn attacker could overwrite arbitrary files on the filesystem by controlling the working directory or by exploiting symlinks, leading to potential code execution or data corruption.
FixUse an absolute path or a path resolved from a configuration variable. Validate that the resolved path is within an allowed directory.
105const users = await import("../../../Projects/MCP Server and Client/src/data/users.json",{
106 with : { type:"json" }
107 }).then(m=>m.default)// Local-only MCP, requires compromised LLM to exploit
The import path is a relative path that traverses up three directories. This path is used to read a JSON file. If the working directory is not fixed, an attacker could potentially read arbitrary JSON files by manipulating the execution context.
ImpactAn attacker could read arbitrary JSON files on the filesystem, potentially leaking sensitive data.
FixUse an absolute path or a path resolved from a configuration variable. Validate that the resolved path is within an allowed directory.
81const fakeUser = JSON.parse(res.content.text.trim().replace(/^```json/,"").replace(/```$/,"").trim())
82
83 const id = await createUser(fakeUser)// Local-only MCP, requires compromised LLM to exploit
The create-random-user tool sends a prompt to the LLM and directly parses the response as JSON without validation of the structure. An attacker who can influence the LLM output (e.g., via prompt injection) could inject arbitrary fields into the user object, potentially leading to data corruption or injection into the database.
ImpactAn attacker could inject malicious data into the user database, such as extra fields or malformed data, potentially causing application errors or data integrity issues.
FixValidate the parsed JSON against a strict schema (e.g., using Zod) before inserting into the database. Ensure only expected fields are accepted.
19server.tool("create-user","Create a new user in the database",{
20 name:z.string(),
21 email:z.string(),
22 address:z.string(),
23 phone:z.string()
24},...// Local-only MCP, requires compromised LLM to exploit
The create-user tool accepts string inputs for name, email, address, and phone without any format validation (e.g., email format, phone format). This could allow injection of unexpected data or large strings that might cause issues downstream.
ImpactAn attacker could provide malformed data (e.g., very long strings, special characters) that could cause database corruption, application errors, or injection into other systems if the data is used elsewhere.
FixAdd format validation using Zod (e.g., z.string().email(), z.string().max(100)) to ensure inputs meet expected constraints.