Skip to main content
Glama
enesjakozh

Xcode MCP Server

by r-huijts
npmGitHub
TypeScript
MIT License
67
254
  • Apple
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
# execAsync Injection Review This document summarizes each usage of `execAsync` within `src/tools` and whether user supplied input is passed to the shell. When a potential injection vector is found, a mitigation strategy is noted. | File & Line | Parameters | Status | |-------------|-----------|--------| | `project/index.ts` lines around 337 | `cleanedPath` from user path | Switched to `execFile` to avoid shell injection | | `simulator/index.ts` boot/install/etc | `udid`, `bundleId`, `url` parameters | Potential injection; consider validating against `[0-9A-F-]+` and using `execFile` | | `file/index.ts` copy/info operations | validated file paths | Quoting with `"` may allow injection if path contains quotes. Use `execFile` or sanitize path. | | `build/index.ts` build/clean/archive commands | `scheme`, `configuration`, paths | Strings passed directly to shell; sanitize or use `execFile`. | | `spm/index.ts` package commands | package names, options | Strings interpolated; validate or use `execFile`. | | `cocoapods/index.ts` | boolean flags only | Low risk. | | `xcode/index.ts` various commands | parameters like `command`, `developerDir` | Validate or use `execFile`. |

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/r-huijts/xcode-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server