local-mcpserver

CRITICAL VULNERABILITIES IDENTIFIED: 1. Local File Disclosure/Arbitrary File Read: The `convert_file` and `convert_batch` MCP tools (exposed via both STDIO and HTTP APIs) accept an arbitrary `path: str` argument. A malicious actor could specify paths like `/etc/passwd` to read sensitive server files, or other system files, leading to unauthorized information disclosure. 2. SQL Injection: The `db_preview` tool in `db_server/server.py` constructs SQL queries via f-strings with a user-controlled `table` name (`f"SELECT * FROM {table} LIMIT {limit}"`). This is vulnerable to SQL injection if `table` contains malicious input. Other Concerns: - CORS policy set to `allow_origins=['*']` is overly permissive for production environments. - Hardcoded API key example (`'your-secret-token'`) in `MCP_HTTP_GUIDE.md` might be overlooked and used as-is in deployments. - File uploads are saved to `tempfile.NamedTemporaryFile` before processing, which is standard, but the overall lack of input validation on file paths for conversion tools remains a severe risk.