fix: remove malicious characters from MCP tool description (aws#1977)

bywang56 · web-flow · commit 64d4e3ebade7 · 2025-07-24T14:01:01.000-07:00
diff --git a/server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpManager.ts b/server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpManager.ts
@@ -18,7 +18,14 @@ import {
     MCPServerPermission,
     AgentConfig,
 } from './mcpTypes'
-import { isEmptyEnv, loadAgentConfig, saveAgentConfig, sanitizeName, getGlobalAgentConfigPath } from './mcpUtils'
+import {
+    isEmptyEnv,
+    loadAgentConfig,
+    saveAgentConfig,
+    sanitizeName,
+    getGlobalAgentConfigPath,
+    sanitizeContent,
+} from './mcpUtils'
 import { AgenticChatError } from '../../errors'
 import { EventEmitter } from 'events'
 import { Mutex } from 'async-mutex'
@@ -340,7 +347,7 @@ export class McpManager {
                 this.mcpTools.push({
                     serverName,
                     toolName: t.name,
-                    description: t.description ?? '',
+                    description: sanitizeContent(t.description ?? ''),
                     inputSchema: t.inputSchema ?? {},
                 })
             }
diff --git a/server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpUtils.test.ts b/server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpUtils.test.ts
@@ -20,6 +20,7 @@ import {
     enabledMCP,
     normalizePathFromUri,
     saveAgentConfig,
+    sanitizeContent,
 } from './mcpUtils'
 import type { MCPServerConfig } from './mcpTypes'
 import { pathToFileURL } from 'url'
@@ -584,3 +585,11 @@ describe('normalizePathFromUri', () => {
         expect(result).to.equal(invalidUri)
     })
 })
+
+describe('sanitizeContent', () => {
+    it('removes Unicode Tag characters (U+E0000–U+E007F)', () => {
+        const input = 'foo\u{E0001}bar\u{E0060}baz'
+        const expected = 'foobarbaz'
+        expect(sanitizeContent(input)).to.equal(expected)
+    })
+})
diff --git a/server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpUtils.ts b/server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpUtils.ts
@@ -1009,3 +1009,8 @@ export function createNamespacedToolName(
         duplicateNum++
     }
 }
+
+export function sanitizeContent(input: string): string {
+    // Remove any Unicode Tag characters (U+E0000–U+E007F)
+    return input.replace(/[\u{E0000}-\u{E007F}]/gu, '')
+}

Original file line number	Diff line number	Diff line change
`@@ -1009,3 +1009,8 @@ export function createNamespacedToolName(`
`1009`	`1009`	`duplicateNum++`
`1010`	`1010`	`}`
`1011`	`1011`	`}`
	`1012`	`+`
	`1013`	`+export function sanitizeContent(input: string): string {`
	`1014`	`+ // Remove any Unicode Tag characters (U+E0000–U+E007F)`
	`1015`	`+ return input.replace(/[\u{E0000}-\u{E007F}]/gu, '')`
	`1016`	`+}`