mcp-server-starrocks

The server uses `eval()` for Plotly expressions, although it includes AST-based validation to restrict the expression's complexity. A significant SQL injection risk exists because many SQL queries, particularly in tools like `read_query`, `write_query`, and internal data fetching, are constructed via f-strings and sent without explicit parameterization to the database driver. This is especially problematic if user-controlled input (like query strings or database/table names from an AI agent) is not thoroughly sanitized upstream by the MCP framework or the AI agent itself. The `parse_connection_url` function has a known limitation where an `@` symbol in the password can lead to incorrect parsing, potentially causing connection failures or unintended host connections. Additionally, CORS is configured to `allow_origins=["*"]` by default for HTTP modes, which is insecure for production environments.