MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
🔗 CVE IDs covered (1)
📋 Description
Summary
The log_file_name parameter in the stata_do API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (GuardValidator) only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands (including shell, python, erase, etc.) by crafting a malicious log_file_name containing quotes, newlines, or Stata command separators.
Details
In src/stata_mcp/stata/stata_do/do.py, both _execute_unix_like and _execute_windows construct a Stata command string using Python f-strings:
commands = f"""
capture log close
{self.generate_log_command(log_file, is_replace)}
...
do "{dofile_path}"
...
"""
The generate_log_command method returns:
log_cmd = f'log using "{log_file.as_posix()}", {replace_clause} {log_type} name({log_type}_log)'
Where log_file is constructed from user-supplied log_name:
def generate_log_file(self, log_name: str, extension='log'):
return self.log_file_path / f"{log_name}.{extension}"
The log_name parameter comes directly from user input (via MCP tool stata_do or CLI stata-mcp tool do) without any validation. Since the path is embedded inside double quotes in a Stata command string, an attacker can break out of the string context and inject arbitrary commands.
Additionally, generate_log_file does not prevent path traversal via log_name, allowing arbitrary file write outside the intended log directory.
Proof of Concept
When calling stata_do via MCP tool with:
{
"dofile_path": "test.do",
"log_file_name": "'; shell echo pwned > /tmp/pwned.txt; '"
}
The generated Stata commands become:
log using "<log_dir>/'; shell echo pwned > /tmp/pwned.txt; '.log", replace text name(text_log)
Stata interprets this as multiple commands, with shell echo pwned > /tmp/pwned.txt; executed as an arbitrary shell command.
Impact
- Remote Code Execution via
shellcommand injection - Arbitrary file write/overwrite via path traversal in
log_name - Complete bypass of the security guard, as the guard only validates do-file content, not wrapper parameters
Remediation / Fix
- Apply strict allowlist validation to
log_name(only alphanumeric, underscore, dot, hyphen; max 128 chars) - Resolve and verify the constructed log path remains within the intended log directory
- Consider generating safe internal filenames (e.g., UUIDs) instead of accepting user-defined log names for command construction
- Apply similar sanitization to
dofile_pathbefore embedding it into Stata command strings
References
- Issue: #74
- Fix commit: https://github.com/SepineTam/stata-mcp/commit/e6f945941ae0c7cf5e74a428e0b3dc82b396382f
🎯 Affected products1
- pip/stata-mcp:< 1.17.3