Dissect-mcp-server

The server executes external binaries (`target-query`, `rdump`, `target-fs`, `acquire`) via `subprocess.run` with user-controlled arguments like `image_path`, `plugin`, `search`, `fs_path`, `username`, `profile`, and `output_type`. While `subprocess.run` with a list of arguments (`List[str]`) typically prevents direct shell injection, it does not mitigate application-level injection if the `dissect` binaries themselves interpret specially crafted arguments as commands or options. A significant risk is the ability to specify an `output_dir` in `extract_file_or_directory` and `acquire_minimal_artifacts`. Without robust path sanitization (e.g., preventing `../../../` traversal), a malicious client could potentially instruct the server to write or extract files to arbitrary locations on the host system, leading to privilege escalation, data destruction, or denial of service. The security posture is highly dependent on the robustness of the underlying `dissect` tools against malicious input passed as arguments.