refactor: harden input validation in persistence and command parsing

Author: MervinPraison

src/praisonai-agents/praisonaiagents/storage/backends.py

@@ -188,6 +188,9 @@ def __init__(
             auto_create: Create table if it doesn't exist
         """
         self.db_path = os.path.expanduser(db_path) if db_path else str(get_storage_path())
+        import re as _re
+        if not isinstance(table_name, str) or not _re.match(r'^[a-zA-Z0-9_]+$', table_name):
+            raise ValueError("table_name must contain only alphanumeric characters and underscores")
         self.table_name = table_name
         self._local = threading.local()
 

src/praisonai/praisonai/cli/features/mcp.py

@@ -24,6 +24,16 @@
     "pipx",
 }
 
+# Per-executable argument flags that enable arbitrary inline code execution
+# and must be rejected to prevent command-injection via MCP command strings.
+_INLINE_EXEC_ARGS = {
+    "python":  {"-c", "--command"},
+    "python3": {"-c", "--command"},
+    "node":    {"-e", "--eval", "-p", "--print"},
+    "deno":    {"-e", "--eval", "eval"},
+    "bun":     {"-e", "--eval", "eval"},
+}
+
 
 class MCPHandler(FlagHandler):
     """
@@ -90,6 +100,21 @@ def parse_mcp_command(self, command: str, env_vars: str = None) -> Tuple[str, Li
                 f"Command '{cmd}' is not in the allowed MCP executables list. "
                 f"Allowed: {', '.join(sorted(ALLOWED_MCP_COMMANDS - {c for c in ALLOWED_MCP_COMMANDS if '.' in c}))}"
             )
+
+        # Reject inline-eval flags that allow arbitrary code execution for
+        # interpreters (python -c, node -e, deno eval, bun -e, ...).
+        base_key = basename.lower()
+        for suffix in (".exe", ".cmd"):
+            if base_key.endswith(suffix):
+                base_key = base_key[: -len(suffix)]
+        forbidden = _INLINE_EXEC_ARGS.get(base_key)
+        if forbidden:
+            for arg in args:
+                if arg in forbidden:
+                    raise ValueError(
+                        f"Argument '{arg}' is not allowed for '{basename}' "
+                        "(inline code execution is blocked in MCP commands)."
+                    )
 
         # Parse environment variables
         env = {}

src/praisonai/praisonai/persistence/conversation/async_mysql.py

@@ -11,7 +11,7 @@
 import time
 from typing import List, Optional
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -62,6 +62,7 @@ def __init__(
         self.database = database
         self.user = user
         self.password = password
+        validate_identifier(table_prefix, "table_prefix")
         self.table_prefix = table_prefix
         self.pool_size = pool_size
         self._pool = None

src/praisonai/praisonai/persistence/conversation/async_postgres.py

@@ -12,7 +12,7 @@
 import time
 from typing import List, Optional
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -60,6 +60,7 @@ def __init__(
         self.database = database
         self.user = user
         self.password = password
+        validate_identifier(table_prefix, "table_prefix")
         self.table_prefix = table_prefix
         self.pool_size = pool_size
         self._pool = None

src/praisonai/praisonai/persistence/conversation/async_sqlite.py

@@ -11,7 +11,7 @@
 import time
 from typing import List, Optional
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -40,6 +40,7 @@ def __init__(
             table_prefix: Prefix for table names
         """
         self.path = path
+        validate_identifier(table_prefix, "table_prefix")
         self.table_prefix = table_prefix
         self._conn = None
         self._initialized = False

src/praisonai/praisonai/persistence/conversation/base.py

@@ -7,10 +7,27 @@
 from abc import ABC, abstractmethod
 from dataclasses import dataclass, field
 from typing import Any, Dict, List, Optional
+import re
 import time
 import uuid
 
 
+_IDENTIFIER_RE = re.compile(r'^[a-zA-Z0-9_]*$')
+
+
+def validate_identifier(value: str, name: str = "identifier") -> str:
+    """Validate that a string is safe for use as a SQL identifier.
+
+    Only allows alphanumeric characters and underscores to prevent SQL
+    injection in table/schema names that are interpolated into DDL/DML.
+    """
+    if not isinstance(value, str) or not _IDENTIFIER_RE.match(value):
+        raise ValueError(
+            f"{name} must contain only alphanumeric characters and underscores"
+        )
+    return value
+
+
 @dataclass
 class ConversationMessage:
     """A single message in a conversation."""

src/praisonai/praisonai/persistence/conversation/mysql.py

@@ -9,7 +9,7 @@
 import logging
 from typing import Any, List, Optional
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -62,6 +62,7 @@ def __init__(
             )
 
         self._mysql = mysql.connector
+        validate_identifier(table_prefix, "table_prefix")
         self.table_prefix = table_prefix
         self.sessions_table = f"{table_prefix}sessions"
         self.messages_table = f"{table_prefix}messages"

src/praisonai/praisonai/persistence/conversation/postgres.py

@@ -11,7 +11,7 @@
 from typing import Any, Callable, Dict, List, Optional
 from urllib.parse import urlparse, parse_qs, urlencode, urlunparse
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -85,6 +85,8 @@ def __init__(
         self._psycopg2 = psycopg2
         self._RealDictCursor = RealDictCursor
 
+        validate_identifier(schema, "schema")
+        validate_identifier(table_prefix, "table_prefix")
         self.schema = schema
         self.table_prefix = table_prefix
         self.sessions_table = f"{schema}.{table_prefix}sessions"

src/praisonai/praisonai/persistence/conversation/singlestore.py

@@ -9,7 +9,7 @@
 import logging
 from typing import Any, List, Optional
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -48,6 +48,7 @@ def __init__(
             )
 
         self._s2 = s2
+        validate_identifier(table_prefix, "table_prefix")
         self.table_prefix = table_prefix
         self.sessions_table = f"{table_prefix}sessions"
         self.messages_table = f"{table_prefix}messages"

src/praisonai/praisonai/persistence/conversation/supabase.py

@@ -9,7 +9,7 @@
 import time
 from typing import List, Optional
 
-from .base import ConversationStore, ConversationSession, ConversationMessage
+from .base import ConversationStore, ConversationSession, ConversationMessage, validate_identifier
 
 logger = logging.getLogger(__name__)
 
@@ -49,6 +49,7 @@ def __init__(
             max_retries: Max retries for paused project wake-up
             retry_delay: Base delay between retries in seconds
         """
+        validate_identifier(table_prefix, "table_prefix")
         try:
             from supabase import create_client, Client
         except ImportError: