Skip to content

fix: prevent command injection in example URL opening#1553

Open
maxisbey wants to merge 1 commit intomainfrom
fix/example-command-injection
Open

fix: prevent command injection in example URL opening#1553
maxisbey wants to merge 1 commit intomainfrom
fix/example-command-injection

Conversation

@maxisbey
Copy link
Contributor

@maxisbey maxisbey commented Feb 18, 2026

Summary

Fix a command injection issue in the example clients, mirroring the equivalent fix in the Python SDK (modelcontextprotocol/python-sdk#2082).

Problem

elicitationUrlExample.ts and simpleOAuthClient.ts used exec() with string interpolation to open URLs in the browser:

const command = `open "${url}"`;
exec(command, error => { ... });

exec() spawns a shell, so a crafted URL can break out of the quotes and execute arbitrary commands. The original code also hardcoded open, which only works on macOS.

Fix

  • Replace exec/execFile with the open package, which handles cross-platform browser opening safely (macOS, Windows, Linux, WSL) without shell invocation
  • Add URL scheme validation (allowlist: http:, https:) with proper try/catch around new URL()
  • Remove unused child_process imports

The open package is added only to the examples/client package ("private": true, never published to npm), not to the SDK itself.

AI Disclaimer

@maxisbey
fix: prevent command injection in example URL opening
dc55d32 
Replace exec() with execFile() and add URL scheme validation in both
elicitationUrlExample.ts and simpleOAuthClient.ts.

The previous code used exec() with string interpolation, which invokes
a shell and allows command injection via crafted URLs containing shell
metacharacters (e.g., double-quote escapes and & as command separators).

Changes:
- Use execFile() with array arguments instead of exec() with string
  interpolation to avoid shell interpretation
- Add cross-platform support (open/xdg-open/start) instead of
  hardcoding macOS open command
- Add URL scheme allowlist (http/https only) to prevent abuse via
  dangerous protocol handlers (file://, smb://, ms-msdt://, etc.)
@maxisbey maxisbey requested a review from a team as a code owner February 18, 2026 16:08
@changeset-bot
Copy link

changeset-bot bot commented Feb 18, 2026

⚠️ No Changeset found

Latest commit: dc55d32

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 18, 2026

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1553

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1553

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@1553

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@1553

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@1553

commit: dc55d32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felixweinberger felixweinberger Awaiting requested review from felixweinberger

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maxisbey

Comments