feat(Makefile): set default goal to 'all' for easier command execution

tumf · tumf · commit 358ccdabf1c8 · 2024-12-14T09:50:21.000+09:00
feat(shell_executor.py): add _create_shell_command method to safely create shell command strings and prevent shell injection
refactor(shell_executor.py): change subprocess execution to use create_subprocess_shell for improved command handling
diff --git a/Makefile b/Makefile
@@ -1,4 +1,5 @@
 .PHONY: test format lint typecheck check
+.DEFAULT_GOAL := all
 
 test:
 	pip install -e .
@@ -21,4 +22,4 @@ typecheck:
 # Run all checks required before pushing
 check:  lint typecheck test
 fix: check format
-all: check
+all: check test
diff --git a/src/mcp_shell_server/shell_executor.py b/src/mcp_shell_server/shell_executor.py
@@ -1,5 +1,6 @@
 import asyncio
 import os
+import shlex
 import time
 from typing import Any, Dict, List, Optional
 
@@ -40,6 +41,19 @@ def _clean_command(self, command: List[str]) -> List[str]:
         """
         return [arg.strip() for arg in command if arg.strip()]
 
+    def _create_shell_command(self, command: List[str]) -> str:
+        """
+        Create a shell command string from a list of arguments.
+        Properly escapes all arguments to prevent shell injection.
+
+        Args:
+            command (List[str]): Command and its arguments
+
+        Returns:
+            str: Shell-safe command string
+        """
+        return " ".join(shlex.quote(arg) for arg in command)
+
     def _validate_command(self, command: List[str]) -> None:
         """
         Validate if the command is allowed to be executed.
@@ -140,9 +154,10 @@ async def execute(
             }
 
         try:
-            process = await asyncio.create_subprocess_exec(
-                cleaned_command[0],
-                *cleaned_command[1:],
+            # Create shell command and execute it
+            shell_command = self._create_shell_command(cleaned_command)
+            process = await asyncio.create_subprocess_shell(
+                shell_command,
                 stdin=asyncio.subprocess.PIPE if stdin else None,
                 stdout=asyncio.subprocess.PIPE,
                 stderr=asyncio.subprocess.PIPE,
