From 742d168b518427d31c3341affbc81396af12417a Mon Sep 17 00:00:00 2001 From: David Sarno Date: Sun, 24 Aug 2025 09:46:54 -0700 Subject: [PATCH] sec(installer): escape server path in pgrep pattern to prevent injection/regex issues --- .../Editor/Helpers/ServerInstaller.cs | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/UnityMcpBridge/Editor/Helpers/ServerInstaller.cs b/UnityMcpBridge/Editor/Helpers/ServerInstaller.cs index 188bb76..5bc1a4a 100644 --- a/UnityMcpBridge/Editor/Helpers/ServerInstaller.cs +++ b/UnityMcpBridge/Editor/Helpers/ServerInstaller.cs @@ -368,10 +368,11 @@ namespace MCPForUnity.Editor.Helpers if (string.IsNullOrEmpty(serverSrcPath)) return; if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) return; + string safePath = EscapeForPgrep(serverSrcPath); var psi = new System.Diagnostics.ProcessStartInfo { FileName = "/usr/bin/pgrep", - Arguments = $"-f \"uv .*--directory {serverSrcPath}\"", + Arguments = $"-f \"uv .*--directory {safePath}\"", UseShellExecute = false, RedirectStandardOutput = true, RedirectStandardError = true, @@ -406,6 +407,26 @@ namespace MCPForUnity.Editor.Helpers catch { return null; } } + // Escape regex metacharacters so the path is treated literally by pgrep -f + private static string EscapeForPgrep(string path) + { + if (string.IsNullOrEmpty(path)) return path; + // Escape backslash first, then regex metacharacters + string s = path.Replace("\\", "\\\\"); + char[] meta = new[] {'.','+','*','?','^','$','(',')','[',']','{','}','|'}; + var sb = new StringBuilder(s.Length * 2); + foreach (char c in s) + { + if (Array.IndexOf(meta, c) >= 0) + { + sb.Append('\\'); + } + sb.Append(c); + } + // Also escape double quotes which we wrap the pattern with + return sb.ToString().Replace("\"", "\\\""); + } + private static int CompareSemverSafe(string a, string b) { try