sanitize tool name ensuring safety

bishoy-at-pieces · bishoy-at-pieces · commit 0bafec6ff8a0 · 2025-07-23T20:12:09.000+03:00
diff --git a/src/pieces/mcp/gateway.py b/src/pieces/mcp/gateway.py
@@ -180,14 +180,23 @@ def _get_error_message_for_tool(self, tool_name: str) -> str:
 
         if not is_valid:
             return error_message
-
+        tool_name = self._sanitize_tool_name(tool_name)
         # If all validations pass but we still have an error, return generic message
+
         return (
             f"Unable to execute '{tool_name}' tool. Please ensure PiecesOS is running "
             "and try again. If the problem persists, run:\n\n"
             "`pieces restart`"
         )
 
+    def _sanitize_tool_name(self, tool_name: str) -> str:
+        """Sanitize tool name for safe inclusion in messages."""
+        import re
+
+        # Remove control characters and limit length
+        sanitized = re.sub(r"[^\w\s\-_.]", "", tool_name)
+        return sanitized[:100]  # Limit to reasonable length
+
     def _get_tools_hash(self, tools):
         """Generate a hash of the tools list for change detection."""
         if not tools:
