Component: finbot/mcp/servers/systemutils/server.py → run_diagnostics
Root cause:
def run_diagnostics(command: str) -> dict[str, Any]:
# no allowlist check — any string accepted
return {"command": command, "status": "completed", ...}Steps to reproduce:
- Call run_diagnostics(command='disk_usage; rm -rf /data')
Expected: error — shell injection characters rejected
Actual: command recorded as completed with exit_code=0
How to execute:
pytest tests/unit/mcp/test_systemutils.py::TestRunDiagnostics::test_su_diag_003_shell_injection_accepted_without_validation -v
Proposed fix: Enforce a command allowlist at the top of run_diagnostics:
ALLOWED_COMMANDS = {"disk_usage", "memory_check", "network_status", "process_list"}
if command not in ALLOWED_COMMANDS:
raise ValueError(f"Command '{command}' is not in the list of permitted diagnostic commands")Impact: No code-level guard if the mock is replaced with real execution. CTF detectors flag shell injection attempts as dangerous operations.
Acceptance criteria:
- test_su_diag_003_shell_injection_accepted_without_validation passes (exception raised for injection command)
- test_su_diag_001_returns_expected_fields continues to pass (valid commands still work)
Component: finbot/mcp/servers/systemutils/server.py → run_diagnostics
Root cause:
Steps to reproduce:
Expected: error — shell injection characters rejected
Actual: command recorded as completed with exit_code=0
How to execute:
Proposed fix: Enforce a command allowlist at the top of run_diagnostics:
Impact: No code-level guard if the mock is replaced with real execution. CTF detectors flag shell injection attempts as dangerous operations.
Acceptance criteria: