Skip to content

security: stop OAuth token logging and enforce localhost MCP bind#19

Open
iws17 wants to merge 1 commit into
xdevplatform:masterfrom
iws17:upstream-security
Open

security: stop OAuth token logging and enforce localhost MCP bind#19
iws17 wants to merge 1 commit into
xdevplatform:masterfrom
iws17:upstream-security

Conversation

@iws17
Copy link
Copy Markdown

@iws17 iws17 commented Jun 6, 2026

Summary

  • Remove unconditional LOGGER.info of OAuth1 access tokens in build_oauth1_client() and drop the X_OAUTH_PRINT_TOKENS debug-print branch.
  • Add _validated_mcp_host() so MCP_HOST must be 127.0.0.1, localhost, or ::1 — prevents accidental wide bind of the generated X API MCP surface.

Related: overlaps with #17 (OAuth logging) but also removes the debug-print path and adds the localhost bind guard.

Test plan

  • Start server with default MCP_HOST — binds on localhost
  • Set MCP_HOST=0.0.0.0 — startup fails with clear error
  • Complete OAuth1 flow — access token is not written to logs

Made with Cursor

@iws17 @cursoragent
security: stop OAuth token logging and enforce localhost bind.
9d28f0b 
Remove unconditional OAuth1 access-token logging and the debug print
branch. Reject MCP_HOST values outside localhost to avoid accidental
exposure of the generated X API tool surface.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copilot AI review requested due to automatic review settings June 6, 2026 21:08
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Jun 6, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Copilot AI reviewed Jun 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR tightens security by preventing OAuth1 credential leakage in logs and by ensuring the MCP server only binds to loopback interfaces.

Changes:

  • Removed logging/printing of OAuth1 access tokens in build_oauth1_client.
  • Added MCP_HOST validation to restrict binding to localhost/loopback addresses.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread server.py
Comment on lines +451 to +456
LOCAL_MCP_HOSTS = {"127.0.0.1", "localhost", "::1"}


def _validated_mcp_host() -> str:
host = os.getenv("MCP_HOST", "127.0.0.1").strip().lower()
if host not in LOCAL_MCP_HOSTS:
Comment thread server.py
Comment on lines +457 to +460
raise RuntimeError(
f"MCP_HOST={host} is not allowed. xmcp must bind to localhost only "
f"(127.0.0.1, localhost, ::1)."
)
Comment thread server.py


def _validated_mcp_host() -> str:
host = os.getenv("MCP_HOST", "127.0.0.1").strip().lower()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iws17 @CLAassistant