Merge commit from fork

chore: add command injection protections, document in README.md and SECURITY.md

Author: joshuayoes

QA.md

@@ -0,0 +1,23 @@
+# Quality Assurance
+
+This guide contains manual quality assurance tests to make sure all the tools in this MCP server is functional on release.
+
+You can run a test case copy and pasting the test case into a chat in an MCP client (like Cursor) that can run MCP tools.
+
+## Test Case: Photos app
+
+1. Have the user open the native Photo app in the iOS simulator.
+2. Call `get_booted_sim_id` to get the UDID of the booted simulator.
+3. Call `record_video` to start recording a screen recording of the test.
+4. Call `ui_describe_all` to make sure we are on the All Photos tab.
+5. Call `ui_describe_point` to find the x and y coordinates for tapping the Search tab button.
+6. Call `ui_tap` to tap the Search tab button.
+7. Call `ui_tap` to focus on the Search text input.
+8. Call `ui_type` to type "Photos" into the Search text input.
+9. Call `ui_describe_all` to describe the page and find the first photo result.
+10. Call `ui_describe_point` to find the x and y coordinates for the first photo result touchable area.
+11. Call `ui_tap` to tap the coordinates of the first photo result touchable area
+12. Call `ui_swipe` to swipe from the center of the screen down to dismiss the photo and go back to the All Photos tab.
+13. Call `ui_describe_all` to describe the page and see we are the All Photos tab.
+14. Call `screenshot` to take a screenshot of the current page.
+15. Call `stop_recording` to stop the screen recording.

README.md

@@ -4,6 +4,8 @@
 
 A Model Context Protocol (MCP) server for interacting with iOS simulators. This server allows you to interact with iOS simulators by getting information about them, controlling UI interactions, and inspecting UI elements.
 
+> **Security Notice**: Command injection vulnerabilities present in versions < 1.3.3 have been fixed. Please update to v1.3.3 or later. See [SECURITY.md](SECURITY.md) for details.
+
 <a href="https://glama.ai/mcp/servers/@joshuayoes/ios-simulator-mcp">
   <img width="380" height="200" src="https://glama.ai/mcp/servers/@joshuayoes/ios-simulator-mcp/badge" alt="iOS Simulator MCP server" />
 </a>

SECURITY.md

@@ -5,9 +5,24 @@
 Use this section to tell people about which versions of your project are
 currently being supported with security updates.
 
-| Version | Supported          |
-| ------- | ------------------ |
-| *       | :white_check_mark: |
+| Version  | Supported          |
+| -------- | ------------------ |
+| >= 1.3.3 | :white_check_mark: |
+| < 1.3.3  | :x:                |
+
+## Fixed Vulnerabilities
+
+### Command Injection (Fixed in v1.3.3)
+
+**CVE**: To be assigned  
+**Severity**: Moderate  
+**Fixed in**: v1.3.3 (2025)
+
+**Description**: Previous versions contained command injection vulnerabilities in several MCP tools (ui_tap, ui_type, ui_swipe, ui_describe_point, ui_describe_all, screenshot, record_video, stop_recording) due to unsafe shell command construction using string interpolation.
+
+**Impact**: Malicious input could potentially execute arbitrary commands on the host system.
+
+**Fix**: Replaced unsafe `execAsync` string interpolation with secure `execFile` calls using argument arrays. Added input validation.
 
 ## Reporting a Vulnerability
 
@@ -16,10 +31,12 @@ To report a security issue, please use the GitHub Security Advisory "Report a Vu
 You can expect an initial response to your report within 48 hours. We will keep you informed about the progress of addressing the vulnerability and will work with you to coordinate the disclosure timeline.
 
 If the vulnerability is accepted:
+
 - We will work on a fix and keep you updated on the progress
 - Once a fix is ready, we will coordinate with you on the disclosure timeline
 - You will be credited for the discovery (unless you prefer to remain anonymous)
 
 If the vulnerability is declined:
+
 - We will provide a detailed explanation of why it was not accepted
-- If appropriate, we will suggest alternative approaches or mitigations
+- If appropriate, we will suggest alternative approaches or mitigations

package.json

@@ -1,6 +1,6 @@
 {
   "name": "ios-simulator-mcp",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "MCP server for interacting with the iOS simulator",
   "bin": {
     "ios-simulator-mcp": "./build/index.js"

src/index.ts

@@ -2,13 +2,36 @@
 
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { exec, spawn } from "child_process";
+import { execFile, spawn } from "child_process";
 import { promisify } from "util";
 import { z } from "zod";
 import path from "path";
 import os from "os";
 
-const execAsync = promisify(exec);
+const execFileAsync = promisify(execFile);
+
+/**
+ * Strict UDID/UUID pattern: 8-4-4-4-12 hexadecimal characters (e.g. 37A360EC-75F9-4AEC-8EFA-10F4A58D8CCA)
+ */
+const UDID_REGEX =
+  /^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$/;
+
+/**
+ * Runs a command with arguments and returns the stdout and stderr
+ * @param cmd - The command to run
+ * @param args - The arguments to pass to the command
+ * @returns The stdout and stderr of the command
+ */
+async function run(
+  cmd: string,
+  args: string[]
+): Promise<{ stdout: string; stderr: string }> {
+  const { stdout, stderr } = await execFileAsync(cmd, args, { shell: false });
+  return {
+    stdout: stdout.trim(),
+    stderr: stderr.trim(),
+  };
+}
 
 // Read filtered tools from environment variable
 const FILTERED_TOOLS =
@@ -49,7 +72,7 @@ function errorWithTroubleshooting(message: string): string {
 }
 
 async function getBootedDevice() {
-  const { stdout, stderr } = await execAsync("xcrun simctl list devices");
+  const { stdout, stderr } = await run("xcrun", ["simctl", "list", "devices"]);
 
   if (stderr) throw new Error(stderr);
 
@@ -130,16 +153,22 @@ if (!isToolFiltered("ui_describe_all")) {
     {
       udid: z
         .string()
+        .regex(UDID_REGEX)
         .optional()
         .describe("Udid of target, can also be set with the IDB_UDID env var"),
     },
     async ({ udid }) => {
       try {
         const actualUdid = await getBootedDeviceId(udid);
 
-        const { stdout } = await execAsync(
-          `idb ui describe-all --udid ${actualUdid} --json --nested`
-        );
+        const { stdout } = await run("idb", [
+          "ui",
+          "describe-all",
+          "--udid",
+          actualUdid,
+          "--json",
+          "--nested",
+        ]);
 
         return {
           isError: false,
@@ -167,9 +196,14 @@ if (!isToolFiltered("ui_tap")) {
     "ui_tap",
     "Tap on the screen in the iOS Simulator",
     {
-      duration: z.string().optional().describe("Press duration"),
+      duration: z
+        .string()
+        .regex(/^\d+(\.\d+)?$/)
+        .optional()
+        .describe("Press duration"),
       udid: z
         .string()
+        .regex(UDID_REGEX)
         .optional()
         .describe("Udid of target, can also be set with the IDB_UDID env var"),
       x: z.number().describe("The x-coordinate"),
@@ -178,10 +212,21 @@ if (!isToolFiltered("ui_tap")) {
     async ({ duration, udid, x, y }) => {
       try {
         const actualUdid = await getBootedDeviceId(udid);
-        const durationArg = duration ? `--duration ${duration}` : "";
-        const { stderr } = await execAsync(
-          `idb ui tap --udid ${actualUdid} ${durationArg} ${x} ${y}  --json`
-        );
+
+        const { stderr } = await run("idb", [
+          "ui",
+          "tap",
+          "--udid",
+          actualUdid,
+          ...(duration ? ["--duration", duration] : []),
+          "--json",
+          // When passing user-provided values to a command, it's crucial to use `--`
+          // to separate the command's options from positional arguments.
+          // This prevents the shell from misinterpreting the arguments as options.
+          "--",
+          String(x),
+          String(y),
+        ]);
 
         if (stderr) throw new Error(stderr);
 
@@ -213,16 +258,30 @@ if (!isToolFiltered("ui_type")) {
     {
       udid: z
         .string()
+        .regex(UDID_REGEX)
         .optional()
         .describe("Udid of target, can also be set with the IDB_UDID env var"),
-      text: z.string().describe("Text to input"),
+      text: z
+        .string()
+        .max(500)
+        .regex(/^[\x20-\x7E]+$/)
+        .describe("Text to input"),
     },
     async ({ udid, text }) => {
       try {
         const actualUdid = await getBootedDeviceId(udid);
-        const { stderr } = await execAsync(
-          `idb ui text ${text} --udid ${actualUdid}`
-        );
+
+        const { stderr } = await run("idb", [
+          "ui",
+          "text",
+          "--udid",
+          actualUdid,
+          // When passing user-provided values to a command, it's crucial to use `--`
+          // to separate the command's options from positional arguments.
+          // This prevents the shell from misinterpreting the arguments as options.
+          "--",
+          text,
+        ]);
 
         if (stderr) throw new Error(stderr);
 
@@ -256,6 +315,7 @@ if (!isToolFiltered("ui_swipe")) {
     {
       udid: z
         .string()
+        .regex(UDID_REGEX)
         .optional()
         .describe("Udid of target, can also be set with the IDB_UDID env var"),
       x_start: z.number().describe("The starting x-coordinate"),
@@ -271,10 +331,23 @@ if (!isToolFiltered("ui_swipe")) {
     async ({ udid, x_start, y_start, x_end, y_end, delta }) => {
       try {
         const actualUdid = await getBootedDeviceId(udid);
-        const deltaArg = delta ? `--delta ${delta}` : "";
-        const { stderr } = await execAsync(
-          `idb ui swipe --udid ${actualUdid} ${deltaArg} ${x_start} ${y_start} ${x_end} ${y_end} --json`
-        );
+
+        const { stderr } = await run("idb", [
+          "ui",
+          "swipe",
+          "--udid",
+          actualUdid,
+          ...(delta ? ["--delta", String(delta)] : []),
+          "--json",
+          // When passing user-provided values to a command, it's crucial to use `--`
+          // to separate the command's options from positional arguments.
+          // This prevents the shell from misinterpreting the arguments as options.
+          "--",
+          String(x_start),
+          String(y_start),
+          String(x_end),
+          String(y_end),
+        ]);
 
         if (stderr) throw new Error(stderr);
 
@@ -306,6 +379,7 @@ if (!isToolFiltered("ui_describe_point")) {
     {
       udid: z
         .string()
+        .regex(UDID_REGEX)
         .optional()
         .describe("Udid of target, can also be set with the IDB_UDID env var"),
       x: z.number().describe("The x-coordinate"),
@@ -314,9 +388,20 @@ if (!isToolFiltered("ui_describe_point")) {
     async ({ udid, x, y }) => {
       try {
         const actualUdid = await getBootedDeviceId(udid);
-        const { stdout, stderr } = await execAsync(
-          `idb ui describe-point --udid ${actualUdid} ${x} ${y} --json`
-        );
+
+        const { stdout, stderr } = await run("idb", [
+          "ui",
+          "describe-point",
+          "--udid",
+          actualUdid,
+          "--json",
+          // When passing user-provided values to a command, it's crucial to use `--`
+          // to separate the command's options from positional arguments.
+          // This prevents the shell from misinterpreting the arguments as options.
+          "--",
+          String(x),
+          String(y),
+        ]);
 
         if (stderr) throw new Error(stderr);
 
@@ -362,10 +447,12 @@ if (!isToolFiltered("screenshot")) {
     {
       udid: z
         .string()
+        .regex(UDID_REGEX)
         .optional()
         .describe("Udid of target, can also be set with the IDB_UDID env var"),
       output_path: z
         .string()
+        .max(1024)
         .describe(
           "File path where the screenshot will be saved (if relative, ~/Downloads will be used as base directory)"
         ),
@@ -393,14 +480,21 @@ if (!isToolFiltered("screenshot")) {
         const actualUdid = await getBootedDeviceId(udid);
         const absolutePath = ensureAbsolutePath(output_path);
 
-        let command = `xcrun simctl io ${actualUdid} screenshot ${absolutePath}`;
-
-        if (type) command += ` --type=${type}`;
-        if (display) command += ` --display=${display}`;
-        if (mask) command += ` --mask=${mask}`;
-
         // command is weird, it responds with stderr on success and stdout is blank
-        const { stderr: stdout } = await execAsync(command);
+        const { stderr: stdout } = await run("xcrun", [
+          "simctl",
+          "io",
+          actualUdid,
+          "screenshot",
+          ...(type ? [`--type=${type}`] : []),
+          ...(display ? [`--display=${display}`] : []),
+          ...(mask ? [`--mask=${mask}`] : []),
+          // When passing user-provided values to a command, it's crucial to use `--`
+          // to separate the command's options from positional arguments.
+          // This prevents the shell from misinterpreting the arguments as options.
+          "--",
+          absolutePath,
+        ]);
 
         // throw if we don't get the expected success message
         if (stdout && !stdout.includes("Wrote screenshot to")) {
@@ -440,6 +534,7 @@ if (!isToolFiltered("record_video")) {
     {
       output_path: z
         .string()
+        .max(1024)
         .optional()
         .describe(
           `Optional output path (defaults to ~/Downloads/simulator_recording_$DATE.mp4)`
@@ -474,18 +569,22 @@ if (!isToolFiltered("record_video")) {
         const defaultFileName = `simulator_recording_${Date.now()}.mp4`;
         const outputFile = ensureAbsolutePath(output_path ?? defaultFileName);
 
-        // Build command arguments array
-        const args = ["simctl", "io", "booted", "recordVideo"];
-
-        if (codec) args.push(`--codec=${codec}`);
-        if (display) args.push(`--display=${display}`);
-        if (mask) args.push(`--mask=${mask}`);
-        if (force) args.push("--force");
-
-        args.push(outputFile);
-
         // Start the recording process
-        const recordingProcess = spawn("xcrun", args);
+        const recordingProcess = spawn("xcrun", [
+          "simctl",
+          "io",
+          "booted",
+          "recordVideo",
+          ...(codec ? [`--codec=${codec}`] : []),
+          ...(display ? [`--display=${display}`] : []),
+          ...(mask ? [`--mask=${mask}`] : []),
+          ...(force ? ["--force"] : []),
+          // When passing user-provided values to a command, it's crucial to use `--`
+          // to separate the command's options from positional arguments.
+          // This prevents the shell from misinterpreting the arguments as options.
+          "--",
+          outputFile,
+        ]);
 
         // Wait for recording to start
         await new Promise((resolve, reject) => {
@@ -543,7 +642,7 @@ if (!isToolFiltered("stop_recording")) {
     {},
     async () => {
       try {
-        await execAsync('pkill -SIGINT -f "simctl.*recordVideo"');
+        await run("pkill", ["-SIGINT", "-f", "simctl.*recordVideo"]);
 
         // Wait a moment for the video to finalize
         await new Promise((resolve) => setTimeout(resolve, 1000));