php-mcp/changelog/2026/jan/security.md

53 lines
1.5 KiB
Markdown
Raw Normal View History

2026-01-26 20:57:41 +00:00
# Core-MCP - January 2026 - Security Fixes
## Critical
### Database Connection Validation
Fixed fallback behavior that could bypass read-only connection configuration.
**Issue:** QueryDatabase tool would silently fall back to default database connection if configured MCP connection was invalid.
**Fix:** Now throws `RuntimeException` with clear error message when configured connection doesn't exist.
**Files:**
- `Tools/QueryDatabase.php` - Added connection validation
**Impact:** Prevents accidental queries against production read-write connections.
---
## High Priority
### SQL Query Validator Strengthening
Restricted WHERE clause patterns to prevent SQL injection vectors.
**Issue:** Whitelist regex patterns used `.+` which was too permissive for WHERE clause validation.
**Fix:** Replaced with strict character class restrictions:
- Only allows: alphanumeric, spaces, backticks, operators, quotes, parentheses
- Explicitly supports AND/OR logical operators
- Blocks function calls and subqueries
- Prevents nested SELECT statements
**Files:**
- `Services/SqlQueryValidator.php` - Updated DEFAULT_WHITELIST patterns
**Before:**
```php
'/^\s*SELECT\s+.*\s+FROM\s+`?\w+`?(\s+WHERE\s+.+)?/i'
```
**After:**
```php
'/^\s*SELECT\s+.*\s+FROM\s+`?\w+`?(\s+WHERE\s+[\w\s`.,!=<>\'"%()]+(\s+(AND|OR)\s+[\w\s`.,!=<>\'"%()]+)*)?/i'
```
**Defense in depth:**
- Read-only database user (infrastructure)
- Blocked keywords (application)
- Pattern validation (application)
- Whitelist matching (application)
- Table access controls (application)