fix: replace vulnerable subprocess with secure MCP SDK implementation

github-actions[bot] · MervinPraison · github-actions[bot] · commit ad1d9f183675 · 2026-04-18T16:52:17.000Z
- Replace arbitrary command execution with official MCP Python SDK
- Fix argument parsing to handle quoted strings with spaces
- Ensure proper session management and cleanup
- Maintain lazy loading for optional dependencies

Addresses security findings from code review.
Co-authored-by: Mervin Praison &lt;MervinPraison@users.noreply.github.com&gt;
diff --git a/src/frontend/src/modals/AddMCPServerModal.tsx b/src/frontend/src/modals/AddMCPServerModal.tsx
@@ -80,7 +80,7 @@ const AddMCPServerModal: React.FC<AddMCPServerModalProps> = ({
     return headers;
   };
 
-  // Parse args from text
+  // Parse args from text with better handling of quoted arguments
   const parseArgs = (text: string): string[] => {
     if (!text.trim()) return [];
     
@@ -89,8 +89,17 @@ const AddMCPServerModal: React.FC<AddMCPServerModalProps> = ({
       const parsed = JSON.parse(text);
       if (Array.isArray(parsed)) return parsed;
     } catch {
-      // Fall back to space-separated
-      return text.trim().split(/\s+/);
+      // Fall back to shell-like parsing that handles quoted strings
+      const args: string[] = [];
+      const regex = /[^\s"']+|"([^"]*)"|'([^']*)'/g;
+      let match;
+      
+      while ((match = regex.exec(text)) !== null) {
+        // match[1] is content of double quotes, match[2] is content of single quotes
+        args.push(match[1] || match[2] || match[0]);
+      }
+      
+      return args;
     }
     
     return [];
diff --git a/src/praisonaiui/features/mcp.py b/src/praisonaiui/features/mcp.py
@@ -12,12 +12,25 @@
 import asyncio
 import json
 import logging
-import subprocess
-import weakref
 from dataclasses import dataclass, field
 from enum import Enum
 from typing import Any, Callable, Dict, List, Optional, Protocol
 
+try:
+    from mcp.client.session import ClientSession
+    from mcp.client.stdio import stdio_client, StdioServerParameters
+    from mcp.client.sse import sse_client
+    from mcp.types import Tool as MCPTool
+    HAS_MCP = True
+except ImportError:
+    # Graceful fallback when mcp is not installed
+    HAS_MCP = False
+    ClientSession = None
+    StdioServerParameters = None
+    stdio_client = None
+    sse_client = None
+    MCPTool = None
+
 logger = logging.getLogger(__name__)
 
 
@@ -80,108 +93,192 @@ async def call_tool(self, name: str, arguments: Dict[str, Any]) -> Any:
 
 
 class StdioMCPClient:
-    """MCP client using stdio transport."""
+    """MCP client using stdio transport with proper MCP SDK."""
     
     def __init__(self, command: str, args: List[str]):
+        if not HAS_MCP:
+            raise ImportError("MCP library not available. Install with: pip install mcp")
+        
         self.command = command
         self.args = args
-        self.process: Optional[subprocess.Popen] = None
+        self.session: Optional[ClientSession] = None
+        self._connected = False
         
     async def connect(self) -> bool:
-        """Connect via stdio subprocess."""
+        """Connect via stdio subprocess using official MCP SDK."""
         try:
-            self.process = subprocess.Popen(
-                [self.command] + self.args,
-                stdin=subprocess.PIPE,
-                stdout=subprocess.PIPE,
-                stderr=subprocess.PIPE,
-                text=True
+            # Use official MCP stdio_client instead of raw subprocess
+            server_params = StdioServerParameters(
+                command=self.command,
+                args=self.args
             )
-            # TODO: Implement actual MCP protocol handshake
-            # For now, assume success if process starts
-            return self.process.poll() is None
+            
+            # Create a new session using stdio_client
+            self.session = await stdio_client(server_params)
+            
+            # Initialize the MCP session
+            await self.session.initialize()
+            
+            self._connected = True
+            logger.info(f"Connected to MCP stdio server: {self.command}")
+            return True
+            
         except Exception as e:
-            logger.error(f"Failed to start MCP stdio process: {e}")
+            logger.error(f"Failed to connect to MCP stdio server: {e}")
+            self._connected = False
             return False
     
     async def disconnect(self) -> None:
-        """Terminate the subprocess."""
-        if self.process:
-            self.process.terminate()
+        """Properly disconnect the MCP session."""
+        if self.session and self._connected:
             try:
-                self.process.wait(timeout=5)
-            except subprocess.TimeoutExpired:
-                self.process.kill()
-                self.process.wait()
-            self.process = None
+                await self.session.close()
+            except Exception as e:
+                logger.warning(f"Error during MCP session close: {e}")
+            finally:
+                self.session = None
+                self._connected = False
     
     async def list_tools(self) -> List[ToolInfo]:
-        """List tools via MCP protocol."""
-        # TODO: Implement actual MCP tools/list request
-        # For now, return mock data
-        return [
-            ToolInfo(
-                name="filesystem_read",
-                description="Read file contents",
-                input_schema={"type": "object", "properties": {"path": {"type": "string"}}}
-            )
-        ]
+        """List tools via proper MCP protocol."""
+        if not self.session or not self._connected:
+            return []
+        
+        try:
+            result = await self.session.list_tools()
+            tools = []
+            
+            for tool in result.tools:
+                tools.append(ToolInfo(
+                    name=tool.name,
+                    description=tool.description or "",
+                    input_schema=tool.inputSchema or {}
+                ))
+            
+            return tools
+            
+        except Exception as e:
+            logger.error(f"Failed to list MCP tools: {e}")
+            return []
     
     async def call_tool(self, name: str, arguments: Dict[str, Any]) -> Any:
-        """Call tool via MCP protocol."""
-        # TODO: Implement actual MCP tools/call request
-        return {"result": f"Tool {name} called with {arguments}"}
+        """Call tool via proper MCP protocol."""
+        if not self.session or not self._connected:
+            raise RuntimeError("MCP session not connected")
+        
+        try:
+            result = await self.session.call_tool(name, arguments)
+            return result.content
+            
+        except Exception as e:
+            logger.error(f"Failed to call MCP tool {name}: {e}")
+            raise
 
 
 class SSEMCPClient:
     """MCP client using Server-Sent Events transport."""
     
     def __init__(self, url: str, headers: Optional[Dict[str, str]] = None):
+        if not HAS_MCP:
+            raise ImportError("MCP library not available. Install with: pip install mcp")
+        
         self.url = url
         self.headers = headers or {}
+        self.session: Optional[ClientSession] = None
+        self._connected = False
         
     async def connect(self) -> bool:
-        """Connect via SSE."""
-        # TODO: Implement SSE connection
-        logger.info(f"Connecting to MCP SSE server at {self.url}")
-        return False  # Not implemented yet
+        """Connect via SSE using official MCP SDK."""
+        try:
+            # Use official MCP sse_client
+            self.session = await sse_client(self.url, headers=self.headers)
+            
+            # Initialize the MCP session
+            await self.session.initialize()
+            
+            self._connected = True
+            logger.info(f"Connected to MCP SSE server at {self.url}")
+            return True
+            
+        except Exception as e:
+            logger.error(f"Failed to connect to MCP SSE server: {e}")
+            self._connected = False
+            return False
     
     async def disconnect(self) -> None:
-        """Disconnect SSE."""
-        pass
+        """Properly disconnect SSE."""
+        if self.session and self._connected:
+            try:
+                await self.session.close()
+            except Exception as e:
+                logger.warning(f"Error during MCP SSE session close: {e}")
+            finally:
+                self.session = None
+                self._connected = False
     
     async def list_tools(self) -> List[ToolInfo]:
-        """List tools via SSE."""
-        return []
+        """List tools via proper MCP SSE protocol."""
+        if not self.session or not self._connected:
+            return []
+        
+        try:
+            result = await self.session.list_tools()
+            tools = []
+            
+            for tool in result.tools:
+                tools.append(ToolInfo(
+                    name=tool.name,
+                    description=tool.description or "",
+                    input_schema=tool.inputSchema or {}
+                ))
+            
+            return tools
+            
+        except Exception as e:
+            logger.error(f"Failed to list MCP SSE tools: {e}")
+            return []
     
     async def call_tool(self, name: str, arguments: Dict[str, Any]) -> Any:
-        """Call tool via SSE."""
-        return {}
+        """Call tool via proper MCP SSE protocol."""
+        if not self.session or not self._connected:
+            raise RuntimeError("MCP SSE session not connected")
+        
+        try:
+            result = await self.session.call_tool(name, arguments)
+            return result.content
+            
+        except Exception as e:
+            logger.error(f"Failed to call MCP SSE tool {name}: {e}")
+            raise
 
 
 class HTTPMCPClient:
-    """MCP client using HTTP transport."""
+    """MCP client using HTTP transport (not yet supported by MCP SDK)."""
     
     def __init__(self, url: str, headers: Optional[Dict[str, str]] = None):
+        if not HAS_MCP:
+            raise ImportError("MCP library not available. Install with: pip install mcp")
+        
         self.url = url
         self.headers = headers or {}
+        self.session: Optional[ClientSession] = None
+        self._connected = False
         
     async def connect(self) -> bool:
-        """Connect via HTTP."""
-        # TODO: Implement HTTP connection
-        logger.info(f"Connecting to MCP HTTP server at {self.url}")
-        return False  # Not implemented yet
+        """Connect via HTTP (not yet implemented in MCP SDK)."""
+        logger.warning("HTTP transport not yet supported by MCP SDK")
+        return False
     
     async def disconnect(self) -> None:
         """Disconnect HTTP."""
         pass
     
     async def list_tools(self) -> List[ToolInfo]:
-        """List tools via HTTP."""
+        """List tools via HTTP (not yet implemented)."""
         return []
     
     async def call_tool(self, name: str, arguments: Dict[str, Any]) -> Any:
-        """Call tool via HTTP."""
+        """Call tool via HTTP (not yet implemented)."""
         return {}
 
 
@@ -249,7 +346,7 @@ async def connect_server(self, server_config: Dict[str, Any]) -> MCPServer:
                 server._client = client
                 
                 # Fire connect hooks
-                await self._fire_connect_hooks(server)
+                await self._fire_connect_hooks(server, None)  # TODO: pass actual session context
             else:
                 server.status = MCPStatus.ERROR
                 server.last_error = "Connection failed"
@@ -276,7 +373,7 @@ async def disconnect_server(self, name: str) -> bool:
                 await client.disconnect()
                 
                 # Fire disconnect hooks
-                await self._fire_disconnect_hooks(server)
+                await self._fire_disconnect_hooks(server, None)  # TODO: pass actual session context
                 
             except Exception as e:
                 logger.exception(f"Error during MCP server {name} disconnect")
@@ -303,25 +400,19 @@ async def get_server(self, name: str) -> Optional[MCPServer]:
         """Get a server by name."""
         return _mcp_servers.get(name)
     
-    async def _fire_connect_hooks(self, server: MCPServer) -> None:
+    async def _fire_connect_hooks(self, server: MCPServer, session_context=None) -> None:
         """Fire all registered connect hooks."""
-        # TODO: Get current session context
-        session = None  # Placeholder for actual session
-        
         for hook in _connect_hooks:
             try:
-                await hook(server, session)
+                await hook(server, session_context)
             except Exception as e:
                 logger.exception(f"Error in MCP connect hook: {e}")
     
-    async def _fire_disconnect_hooks(self, server: MCPServer) -> None:
+    async def _fire_disconnect_hooks(self, server: MCPServer, session_context=None) -> None:
         """Fire all registered disconnect hooks."""
-        # TODO: Get current session context
-        session = None  # Placeholder for actual session
-        
         for hook in _disconnect_hooks:
             try:
-                await hook(server, session)
+                await hook(server, session_context)
             except Exception as e:
                 logger.exception(f"Error in MCP disconnect hook: {e}")
     
