ggerve Coding Standards MCP Path Traversal Vulnerability in Language Argument

A path traversal vulnerability has been identified in ggerve coding-standards-mcp, specifically within the 'get_style_guide' and 'get_best_practices' functions of 'server.py'. The issue arises because the 'language' argument is not properly validated before being used to construct file paths. This flaw allows for the manipulation of the 'language' input to traverse directories and access files outside the intended 'templates' directory. The vulnerability can be exploited remotely, and the details have been made public.

Impact

Exploitation of this vulnerability allows for path traversal, enabling the reading of files outside the application's template directory. While this could lead to the unintentional disclosure of sensitive information, the impact is somewhat limited, as the vulnerability only allows access to files with specific suffixes that match the expected template naming conventions.

Reproduction

To reproduce this vulnerability, first create a readable file outside the repository, such as '/tmp/secret_style_guide.md'. Then, invoke the MCP tool by calling the 'get_style_guide' method with a traversal payload that includes directory traversal sequences. The expected result is the content of the '/tmp/secret_style_guide.md' file, indicating that the path traversal was successful.

Remediation

To address this vulnerability, it is recommended to validate the 'language' input by restricting it to a fixed allowlist of known template names. Alternatively, if free-form input is necessary, it should be validated with a strict regular expression and the resolved path must be checked to ensure it remains within the 'templates' directory. Adding regression tests for payloads containing traversal tokens or path separators would also be beneficial.