team05-mcp-server

CRITICAL: The use of `pickle.loads` on unauthenticated network input in `microscope_server.py` and `gatan_server.py` allows for arbitrary remote code execution (RCE). This is a severe and easily exploitable vulnerability. High Risk: `4Dcamera_commands_mcp.py` uses `paramiko` and `sshpass -e ssh` to connect via SSH using passwords retrieved from environment variables. Passing passwords directly in this manner, even from environment variables, is not a secure practice for robust automation and can expose credentials (e.g., in process lists). Moderate Risk: `subprocess.call` in `gatan_server.py` executes external `.s` scripts. While these scripts are generated from Python templates, insufficient sanitization of input parameters to the template functions could potentially lead to arbitrary command injection and execution on the Gatan PC. Network Exposure: `microscope_server.py` and `gatan_server.py` bind to all network interfaces (`tcp://*:port`), making them accessible from any device on the network. Without stringent firewall rules and network segmentation, this significantly increases the attack surface. Lack of Authentication/Encryption: Communication between servers (ZeroMQ, raw sockets for 4D camera) does not appear to have explicit authentication or encryption layers implemented in the provided code, relying solely on network-level security.