Skip to content

[CRITICAL] MCP CLI installers build shell commands from unescaped paths #65

Description

@Daliys

Problem

The MCP CLI installer paths build shell command strings by concatenating resolved executable paths and project-derived script paths, then pass the result to bash -c or cmd.exe /c.

Project paths and executable paths are not shell-escaped before interpolation.

Evidence

  • Editor/MCPCliInstaller.cs:309-316 wraps the caller-built command string in bash -c "..." or cmd.exe /c "...".
  • Editor/MCPCliInstaller.Codex.cs:36-40 concatenates codexPath, pythonPath, and scriptPath into shell commands.
  • Editor/MCPCliInstaller.ClaudeCode.cs:39-43 uses the same pattern for Claude Code.
  • Editor/MCPCliInstaller.Gemini.cs:33-38 uses the same pattern for Gemini and includes --trust in the add command.
  • scriptPath comes from the Unity project location, so it can include shell metacharacters if the checkout directory is named maliciously or unusually.

Impact

A project checked out into a path containing quotes or shell metacharacters can break out of the intended command and execute unintended shell syntax when the user runs the integration link action. This affects Codex, Claude Code, and Gemini installer flows.

Suggested fix

Avoid shell wrapping. Use ProcessStartInfo.FileName plus ArgumentList for each executable and argument. If a shell is unavoidable, centralize platform-correct escaping and cover paths containing quotes, spaces, $(), backticks, semicolons, ampersands, pipes, and Windows metacharacters.

Source report

Imported from audit report items:

  • security (11) / Editor/MCPCliInstaller.cs:309
  • security (11) / Editor/MCPCliInstaller.Codex.cs:40
  • security (11) / Editor/MCPCliInstaller.ClaudeCode.cs:43
  • security (11) / Editor/MCPCliInstaller.Gemini.cs:37

These were combined because all four entries describe the same shell command construction root cause.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingneeds-triageImported or reported issue awaiting owner reviewpriority: criticalImmediate breakage, data loss, or release-blocking issuesurface: integrationsCLI installer and external tool integration surfacesurface: unity-editorUnity Editor package, windows, menus, or C# server surfacetype: securitySecurity vulnerability or unsafe trust boundary

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions