fix: prevent tool exceptions from leaking internal details to client

Varun Sharma · Copilot · Varun Sharma · commit 7cf339c81049 · 2026-03-02T16:45:56.000+05:30
Tool.run() and _handle_call_tool() now return a generic error message for unexpected exceptions instead of str(e), which could expose sensitive internal details like connection strings, file paths, or stack traces to MCP clients. - ToolError is still passed through unchanged (intentional user-facing errors) - UrlElicitationRequiredError and MCPError are re-raised at the server level - All other exceptions log the full traceback server-side and return a generic 'An unexpected error occurred' message to the client Fixes #698 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
diff --git a/src/mcp/server/mcpserver/server.py b/src/mcp/server/mcpserver/server.py
@@ -33,7 +33,7 @@
 from mcp.server.lowlevel.helper_types import ReadResourceContents
 from mcp.server.lowlevel.server import LifespanResultT, Server, request_ctx
 from mcp.server.lowlevel.server import lifespan as default_lifespan
-from mcp.server.mcpserver.exceptions import ResourceError
+from mcp.server.mcpserver.exceptions import ResourceError, ToolError
 from mcp.server.mcpserver.prompts import Prompt, PromptManager
 from mcp.server.mcpserver.resources import FunctionResource, Resource, ResourceManager
 from mcp.server.mcpserver.tools import Tool, ToolManager
@@ -304,8 +304,14 @@ async def _handle_call_tool(
             result = await self.call_tool(params.name, params.arguments or {})
         except MCPError:
             raise
-        except Exception as e:
+        except ToolError as e:
             return CallToolResult(content=[TextContent(type="text", text=str(e))], is_error=True)
+        except Exception:
+            logger.exception(f"Error calling tool {params.name}")
+            return CallToolResult(
+                content=[TextContent(type="text", text=f"An unexpected error occurred calling tool {params.name}")],
+                is_error=True,
+            )
         if isinstance(result, CallToolResult):
             return result
         if isinstance(result, tuple) and len(result) == 2:
diff --git a/src/mcp/server/mcpserver/tools/base.py b/src/mcp/server/mcpserver/tools/base.py
@@ -2,6 +2,7 @@
 
 import functools
 import inspect
+import logging
 from collections.abc import Callable
 from functools import cached_property
 from typing import TYPE_CHECKING, Any
@@ -15,6 +16,8 @@
 from mcp.shared.tool_name_validation import validate_and_warn_tool_name
 from mcp.types import Icon, ToolAnnotations
 
+logger = logging.getLogger(__name__)
+
 if TYPE_CHECKING:
     from mcp.server.context import LifespanContextT, RequestT
     from mcp.server.mcpserver.server import Context
@@ -112,8 +115,11 @@ async def run(
             # Re-raise UrlElicitationRequiredError so it can be properly handled
             # as an MCP error response with code -32042
             raise
+        except ToolError:
+            raise
         except Exception as e:
-            raise ToolError(f"Error executing tool {self.name}: {e}") from e
+            logger.exception(f"Error executing tool {self.name}")
+            raise ToolError(f"An unexpected error occurred executing tool {self.name}") from e
 
 
 def _is_async_callable(obj: Any) -> bool:
diff --git a/tests/client/test_list_roots_callback.py b/tests/client/test_list_roots_callback.py
@@ -45,4 +45,4 @@ async def test_list_roots(context: Context[None], message: str):
         result = await client.call_tool("test_list_roots", {"message": "test message"})
         assert result.is_error is True
         assert isinstance(result.content[0], TextContent)
-        assert result.content[0].text == "Error executing tool test_list_roots: List roots not supported"
+        assert result.content[0].text == "An unexpected error occurred executing tool test_list_roots"
diff --git a/tests/client/test_sampling_callback.py b/tests/client/test_sampling_callback.py
@@ -54,7 +54,7 @@ async def test_sampling_tool(message: str):
         result = await client.call_tool("test_sampling", {"message": "Test message for sampling"})
         assert result.is_error is True
         assert isinstance(result.content[0], TextContent)
-        assert result.content[0].text == "Error executing tool test_sampling: Sampling not supported"
+        assert result.content[0].text == "An unexpected error occurred executing tool test_sampling"
 
 
 @pytest.mark.anyio
diff --git a/tests/server/mcpserver/test_server.py b/tests/server/mcpserver/test_server.py
@@ -258,7 +258,8 @@ async def test_tool_exception_handling(self):
             assert len(result.content) == 1
             content = result.content[0]
             assert isinstance(content, TextContent)
-            assert "Test error" in content.text
+            assert "unexpected error" in content.text.lower()
+            assert "Test error" not in content.text
             assert result.is_error is True
 
     async def test_tool_error_handling(self):
@@ -269,19 +270,21 @@ async def test_tool_error_handling(self):
             assert len(result.content) == 1
             content = result.content[0]
             assert isinstance(content, TextContent)
-            assert "Test error" in content.text
+            assert "unexpected error" in content.text.lower()
+            assert "Test error" not in content.text
             assert result.is_error is True
 
     async def test_tool_error_details(self):
-        """Test that exception details are properly formatted in the response"""
+        """Test that exception details are NOT exposed to the client"""
         mcp = MCPServer()
         mcp.add_tool(error_tool_fn)
         async with Client(mcp) as client:
             result = await client.call_tool("error_tool_fn", {})
             content = result.content[0]
             assert isinstance(content, TextContent)
             assert isinstance(content.text, str)
-            assert "Test error" in content.text
+            assert "error_tool_fn" in content.text
+            assert "Test error" not in content.text
             assert result.is_error is True
 
     async def test_tool_return_value_conversion(self):
diff --git a/tests/server/mcpserver/test_tool_manager.py b/tests/server/mcpserver/test_tool_manager.py
@@ -410,7 +410,7 @@ def tool_with_context(x: int, ctx: Context[ServerSessionT, None]) -> str:
 
         mcp = MCPServer()
         ctx = mcp.get_context()
-        with pytest.raises(ToolError, match="Error executing tool tool_with_context"):
+        with pytest.raises(ToolError, match="unexpected error occurred executing tool tool_with_context"):
             await manager.call_tool("tool_with_context", {"x": 42}, context=ctx)
 
 
diff --git a/tests/server/mcpserver/test_url_elicitation_error_throw.py b/tests/server/mcpserver/test_url_elicitation_error_throw.py
@@ -106,4 +106,6 @@ async def failing_tool(ctx: Context[ServerSession, None]) -> str:
         assert result.is_error is True
         assert len(result.content) == 1
         assert isinstance(result.content[0], types.TextContent)
-        assert "Something went wrong" in result.content[0].text
+        assert "An unexpected error occurred executing tool failing_tool" in result.content[0].text
+        # Verify the original exception details are NOT leaked to the client
+        assert "Something went wrong" not in result.content[0].text
