awesome-oceanbase-mcp

The `awesome-oceanbase-mcp` project contains multiple MCP servers, several of which exhibit critical security vulnerabilities: 1. **SQL Injection**: `okctl_mcp_server` (in `sql.py`), `obcloud_mcp_server` (in `functions/index.ts`), `seekdb_mcp_server` (in `server.py`, especially `_embed_mode_execute_sql`, `_server_model_execute_sql`, `full_text_search`, AI model functions, and CSV import), and `oceanbase_mcp_server` (in `server.py`, including `execute_sql`, ASH report, tenant/server queries, and specialized search tools like `oceanbase_text_search`, `oceanbase_vector_search`, `oceanbase_hybrid_search`) directly concatenate or format user-controlled input into SQL queries without proper parameterization, making them highly susceptible to SQL injection. 2. **Command Injection**: `obdiag_mcp_server` (in `server.py`, specifically `obdiag_display_run` and `obdiag_gather_log`) and `okctl_mcp_server` (in `install.py` for `bash -c download_output` and generally for other `okctl` commands if `validate_identifier` isn't fully comprehensive) construct shell commands using f-strings or direct string concatenation with user-provided arguments, posing a risk of arbitrary command execution. 3. **Arbitrary Method Execution (Code Execution)**: `obshell_mcp_server` (in `server.py`, specifically `call_obshell_sdk`) uses `getattr(client.v1, sdk_method)(**processed_args)`, allowing an attacker to call virtually any method available on the `obshell` client with arbitrary arguments. This is a critical remote code execution vector. 4. **Supply Chain Risk**: `okctl_mcp_server`'s `install_okctl` downloads and executes a shell script from a remote GitHub repository. A compromise of this remote script would lead to arbitrary code execution on the server running the MCP. 5. **Lack of Comprehensive Input Validation**: While some modules attempt basic identifier validation (e.g., `okctl_mcp_server/utils/security.py`), it is not consistently applied to all user-controlled inputs that are eventually passed to shell commands or SQL queries, exacerbating the injection risks. Secrets are generally managed through environment variables, which is a good practice. However, the severe injection and execution vulnerabilities make these servers unsafe for production environments without significant security hardening.