threatpointer opened a new pull request, #15:
URL: https://github.com/apache/iotdb-mcp-server/pull/15
## Summary
This patch fixes a critical path traversal vulnerability (CVE pending) in
the `export_query()` and `export_table_query()` functions that allowed remote
attackers to write arbitrary files outside the designated export directory.
## Vulnerability Details
- **Severity:** CRITICAL (CVSS 9.1)
- **Attack Vector:** Network (MCP protocol)
- **Authentication Required:** None
- **Impact:** Remote Code Execution via arbitrary file write
## Changes Made
### 1. Added Security Function (src/iotdb_mcp_server/server.py)
Added `sanitize_filename()` function with multiple security layers:
- Blocks path separators (`/`, `\`)
- Blocks directory traversal sequences (`..`)
- Validates characters (alphanumeric, `_`, `-`, `.` only)
- Verifies files stay within export directory boundary
- Prevents symlink attacks
### 2. Applied to Export Functions
Modified both `export_query()` and `export_table_query()` to use
`sanitize_filename()` instead of direct string concatenation.
**Before:**
```python
filepath = f"{config.export_path}/{filename}.csv"
```
**After:**
```python
filepath = sanitize_filename(f"{filename}.csv", config.export_path)
```
### 3. Added Import
Added `import re` for regex-based filename validation.
## Testing
### Test Coverage
- 32 comprehensive security tests (all passing)
- Tests cover:
- Path traversal attacks (simple and multi-level)
- Absolute path attacks
- Invalid character rejection
- Edge cases
- Boundary validation
- Real exploit scenarios from security report
### Test Files Included
1. `test_security_patch.py` - Comprehensive test suite
2. `demo_exploit_blocked.py` - Demonstration showing exploits are blocked
3. `SECURITY_PATCH.md` - Detailed documentation
## Verification
Run the test suite:
```bash
python test_security_patch.py
```
Expected output: `TEST SUMMARY: 32/32 tests passed`
## Exploit Prevention
All attack vectors from the security report are now blocked:
- ✅ Windows Startup script injection
- ✅ Linux cron job injection
- ✅ SSH authorized_keys injection
- ✅ Web shell deployment
- ✅ Configuration file tampering
## Backwards Compatibility
**Breaking Change:** Filenames with spaces or special characters will now be
rejected.
Valid filenames must match: `^[a-zA-Z0-9_\-\.]+$`
Examples:
- ✅ `export.csv`
- ✅ `data_2024.xlsx`
- ✅ `my-file-123.csv`
- ❌ `my file.csv` (space)
- ❌ `../export.csv` (traversal)
## Files Changed
1. `src/iotdb_mcp_server/server.py` (modified)
2. `test_security_patch.py` (new)
3. `demo_exploit_blocked.py` (new)
4. `SECURITY_PATCH.md` (new)
## Credits
- Vulnerability reported by: Mohammed Tanveer
- Report date: January 5, 2026
- Patch date: January 12, 2026
## Recommendations
1. Apply this patch immediately
2. Review server logs for suspicious export attempts
3. Audit export directory for unexpected files
4. Consider implementing authentication for MCP server
5. Update documentation with filename restrictions
---
**Signed-off-by:** Security Response Team
**Date:** 2026-01-12
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
