eofmcp

CRITICAL VULNERABILITIES: 1. Path Traversal / Arbitrary File Access: The `SourceCodeHandler` class exposes `readSourceFile` and `writeSourceFile` methods that directly interact with the filesystem based on client-provided `file_path`. There is no apparent robust path sanitization or restriction to a designated safe directory. A malicious client could exploit this to read or write arbitrary files on the server's filesystem (e.g., `../../../etc/passwd` or `C:/Windows/System32/evil.exe`). 2. Arbitrary Directory Creation: The `writeSourceFile` method includes `tdir.mkpath(fi.path(), permissions);` which, when combined with path traversal, allows creating directories anywhere on the filesystem, potentially with broad permissions (`ReadOwner`, `ReadGroup`, `WriteOwner`, `WriteGroup`, `ExeOwner`, `ExeGroup`). This could set the stage for further compromise or denial of service. 3. Tool Execution Risk: The `tools/call` endpoint allows clients to invoke registered tools. While the input is schema-validated, the underlying C++ slots executed by `callTool` (via `MCPMethodHelper::syncCallMethod`) could expose powerful operations. Without rigorous internal validation and sandboxing of tool arguments, this is another potential vector for malicious activity. 4. Lack of Sandboxing: There is no indication of a robust sandboxing mechanism to isolate the server's file operations or tool executions to a restricted environment.