xai-mcp-server

The core Rust MCP server (`src/main.rs`) operates over `stdin`/`stdout` JSON-RPC, limiting direct network attack surface. Its exposed tools (`faf_score_aligned`, `bi_sync`) take structured, basic types (numbers, strings), making the Rust component itself relatively robust against common injection attacks. However, the overall project includes a SvelteKit UI with API endpoints (`svelte-ui/src/routes/api/`) that introduce significant vulnerabilities: 1. **Stripe Webhook (`stripe-webhook/+server.ts`):** Critically, the webhook signature is read (`request.headers.get('stripe-signature')`) but *not verified* against `STRIPE_WEBHOOK_SECRET` before processing payment-related events (`checkout.session.completed`, `customer.subscription.updated`, `customer.subscription.deleted`). This allows an attacker to send forged events, potentially leading to unauthorized license generation, status changes, or other financial fraud. 2. **Subscriber Storage (`subscribe/+server.ts`):** The endpoint writes user email data to a local JSON file (`data/subscribers.json`) using `fs.writeFile` with `process.cwd()`. While less critical in a containerized environment like Vercel, this pattern can be susceptible to path traversal attacks if `process.cwd()` is manipulated or if data input can construct malicious paths. 3. **Turbo Analyze (`turbo-analyze/+server.ts`):** This endpoint accepts `fileContent` and `fileName`, writes them to a temporary file (`tmpdir()`) on the server, and then processes the file using external dependencies (`faf-cli`, `yaml`). This introduces potential risks from vulnerabilities in these third-party libraries (e.g., YAML parsing bombs for DoS, or arbitrary code execution if underlying parsers are exploited). The use of `tmpdir()` mitigates some local file system risks but not parser-level vulnerabilities. No `eval` or explicit `unsafe` blocks were found in the Rust code. Overall, the unverified Stripe webhook is a critical flaw that compromises the system's payment and licensing integrity.