Skip to content

fix: use execFileSync for prettier to avoid shell injection (CodeQL #21)#2546

Merged
mcp-commander[bot] merged 1 commit intomainfrom
den/fix-codeql-21-shell-injection
Apr 9, 2026
Merged

fix: use execFileSync for prettier to avoid shell injection (CodeQL #21)#2546
mcp-commander[bot] merged 1 commit intomainfrom
den/fix-codeql-21-shell-injection

Conversation

@localden
Copy link
Copy Markdown
Contributor

@localden localden commented Apr 9, 2026

Fixes https://github.com/modelcontextprotocol/modelcontextprotocol/security/code-scanning/21

CodeQL flagged execSync with interpolated file paths as CWE-78/CWE-88 shell command injection.

The issue

execSync(`npx prettier --write ${filesToFormat.join(" ")}`, { stdio: "inherit" });

The paths are derived from __dirname + SEP filenames, so direct exploitability requires commit access to seps/ — at which point you could just modify the script directly. But the bug is real:

  • A path with spaces breaks the command (/home/user/my project/docs/seps/foo.mdx becomes two args)
  • A SEP filename containing ; or $() would execute arbitrary commands (the filename regex ^(\\d+)-(.+)\\.md$ allows anything in .+)

The fix

execFileSync(npx, ["prettier", "--write", ...filesToFormat], { stdio: "inherit" });

Paths are passed as separate process arguments — never touch a shell. The process.platform === "win32" ? "npx.cmd" : "npx" resolution keeps it cross-platform.

Tested

$ npm run check:seps     # exit 0 (line 397 path)
$ npm run generate:seps  # exit 0, no diff in docs/ (line 437 path — formatting byte-identical)

Fixed both occurrences — line 395 had the identical pattern but the alert only flagged line 435.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • My changes follow the project's style guidelines
  • I have performed a self-review of my changes
  • Tested locally (check:seps + generate:seps)

@localden
fix: use execFileSync for prettier to avoid shell injection (CodeQL #21)
66da4af 
CodeQL flagged execSync with interpolated file paths as CWE-78/CWE-88
shell injection. The paths are derived from __dirname and SEP filenames,
so direct exploitability requires commit access — but paths with spaces
or shell metacharacters would still break the command.

Replaced execSync template-string interpolation with execFileSync and
an args array. Paths are passed as separate process arguments, never
touching a shell. The win32 npx.cmd resolution keeps it cross-platform.

Fixed both occurrences (lines 395 and 435 had the identical pattern;
the alert only flagged 435).

Fixes https://github.com/modelcontextprotocol/modelcontextprotocol/security/code-scanning/21

🏠 Remote-Dev: homespace
@localden
Copy link
Copy Markdown
Contributor Author

localden commented Apr 9, 2026

/lgtm force

Security update

@mcp-commander mcp-commander bot added the accepted SEP accepted by core maintainers, but still requires final wording and reference implementation. label Apr 9, 2026
mcp-commander[bot]
mcp-commander bot approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@mcp-commander mcp-commander bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved on behalf of @localden via /lgtm force.

@mcp-commander mcp-commander bot merged commit 3ea370b into main Apr 9, 2026
10 checks passed
@mcp-commander mcp-commander bot deleted the den/fix-codeql-21-shell-injection branch April 9, 2026 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcp-commander mcp-commander[bot] mcp-commander[bot] approved these changes

Assignees

No one assigned

Labels

accepted SEP accepted by core maintainers, but still requires final wording and reference implementation.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@localden