Tool.run should not reveal exception value to the client #698
Description
If any exception is raised during a tool call, the exception error message is revealed to the client. This is generally bad practice in python, as private information about the server may be conveyed through the exception.
src/mcp/server/fastmcp/tools/base.py
async def run(
self,
arguments: dict[str, Any],
context: Context[ServerSessionT, LifespanContextT] | None = None,
) -> Any:
"""Run the tool with arguments."""
try:
return await self.fn_metadata.call_fn_with_arg_validation(
self.fn,
self.is_async,
arguments,
{self.context_kwarg: context}
if self.context_kwarg is not None
else None,
)
except Exception as e:
raise ToolError(f"Error executing tool {self.name}: {e}") from eThis exposes the server to vulnerabilities such as information leakage, attack surface mapping, etc.
Ideally whomever is implementing the tool should be handling errors and explicitly raising ToolError if the error is meant to be seen by the client. The run definition should be modified to
async def run(
self,
arguments: dict[str, Any],
context: Context[ServerSessionT, LifespanContextT] | None = None,
) -> Any:
"""Run the tool with arguments."""
try:
return await self.fn_metadata.call_fn_with_arg_validation(
self.fn,
self.is_async,
arguments,
{self.context_kwarg: context}
if self.context_kwarg is not None
else None,
)
except ToolError:
# Re-raise if it's a handled error
raise
except Exception as e:
logger.exception(e)
raise ToolError(f"An unexpected error occurred while executing tool {self.name}")There may be other areas where this is occurring such as resources or prompts, but I have not yet tested to see if those also expose internal errors.
Reactions are currently unavailable