From 9d28f0b765ec2fe02169bb080b6504574306828b Mon Sep 17 00:00:00 2001 From: iws17 <259966791+iws17@users.noreply.github.com> Date: Sat, 6 Jun 2026 16:07:06 -0500 Subject: [PATCH] security: stop OAuth token logging and enforce localhost bind. Remove unconditional OAuth1 access-token logging and the debug print branch. Reject MCP_HOST values outside localhost to avoid accidental exposure of the generated X API tool surface. Co-authored-by: Cursor --- server.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/server.py b/server.py index 7930e87..d3c33ba 100644 --- a/server.py +++ b/server.py @@ -308,10 +308,7 @@ def build_oauth1_client() -> OAuth1Client: "Missing X_OAUTH_CONSUMER_KEY or X_OAUTH_CONSUMER_SECRET for OAuth1 signing." ) access_token, access_secret = run_oauth1_flow() - if is_truthy(os.getenv("X_OAUTH_PRINT_TOKENS", "0")): - print("OAuth1 access token:", access_token) - print("OAuth1 access token secret:", access_secret) - LOGGER.info("OAuth1 access token: %s", access_token) + # Do not log or print OAuth1 tokens — persistent credential leak risk. return OAuth1Client( client_key=consumer_key, client_secret=consumer_secret, @@ -451,8 +448,21 @@ async def log_response(response: httpx.Response) -> None: ) +LOCAL_MCP_HOSTS = {"127.0.0.1", "localhost", "::1"} + + +def _validated_mcp_host() -> str: + host = os.getenv("MCP_HOST", "127.0.0.1").strip().lower() + if host not in LOCAL_MCP_HOSTS: + raise RuntimeError( + f"MCP_HOST={host} is not allowed. xmcp must bind to localhost only " + f"(127.0.0.1, localhost, ::1)." + ) + return host + + def main() -> None: - host = os.getenv("MCP_HOST", "127.0.0.1") + host = _validated_mcp_host() port = int(os.getenv("MCP_PORT", "8000")) mcp = create_mcp() mcp.run(transport="http", host=host, port=port)