UNPKG

mcp-cve-intelligence-server-lite-test

Version:

Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers - Alpha Release

github.com/gnlds/mcp-cve-intelligence-server

gnlds/mcp-cve-intelligence-server

115 lines 4.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
import type { CVE, CVESearchFilters, CVESearchResult } from '../types/cve.js'; import { BaseCVESourceImplementation, SourceValidationResult, type RequestOptions } from './base.js'; /** * MITRE Corporation CVE Source Implementation * * MITRE is the original CVE numbering authority and maintains the official CVE Services API. * This implementation provides access to authoritative CVE records directly from the source. * * API Documentation: https://cveawg.mitre.org/api-docs/ * Base URL: https://cveawg.mitre.org/api * * IMPLEMENTED ENDPOINTS: * * Public Access (no authentication): * - GET /cve/{id} - Retrieve individual CVE records by ID * * Authenticated Access (requires CVE Program membership): * - GET /cve - Search/filter CVE records (Secretariat role) * - GET /cve_cursor - Cursor-based pagination (Secretariat role) * * AUTHENTICATION: * MITRE uses a three-header authentication system for CVE Program members: * - CVE-API-ORG: Organization short name (env: MITRE_API_ORG or CVE_API_ORG) * - CVE-API-USER: Username (env: MITRE_API_USER or CVE_API_USER) * - CVE-API-KEY: API key (env: MITRE_API_KEY) * * FEATURES: * Individual CVE lookup (public) * Authenticated search (requires CVE Program membership) * CVE JSON 5.1 format support * CVSS v3.1/v3.0/v2.0 metrics * CWE weakness mapping * Product/version configuration data * Authoritative reference links * Exploit indicator detection * Multi-container data (CNA + ADP) * * LIMITATIONS: * - Search functionality requires CVE Program membership and Secretariat role * - Public access limited to individual CVE ID lookups * - Rate limiting applies (respects API guidelines) * * NOTE: Without authentication, only public read-only access to individual CVE records * is available. All administrative, creation, and modification operations require * CVE Program membership with appropriate roles. */ export declare class MITRESourceImplementation extends BaseCVESourceImplementation { /** * Override base class authentication headers for MITRE's custom multi-header system. * * MITRE API requires three specific headers for CVE Program member authentication: * - CVE-API-ORG: Organization short name (from MITRE_API_ORG or CVE_API_ORG env var) * - CVE-API-USER: Username (from MITRE_API_USER or CVE_API_USER env var) * - CVE-API-KEY: API key (from MITRE_API_KEY env var, configured via apiKeyEnvVar) * * This authentication system is only required for search operations and CVE Program * member features. Individual CVE lookups work without authentication. * * @override Base class getAuthHeaders() method * @returns Record of MITRE-specific authentication headers */ protected getAuthHeaders(): Record<string, string>; /** * Check if authenticated search endpoints can be used. * Requires CVE Program membership with proper credentials. */ private hasAuthentication; buildSearchRequest(filters: CVESearchFilters): { url: string; options: RequestOptions; }; buildDetailsRequest(cveId: string): { url: string; options: RequestOptions; }; normalizeSearchResults(data: Record<string, unknown>): CVESearchResult; normalizeCVEData(data: Record<string, unknown>): CVE; private mapMITREState; private normalizeMITREMetrics; private normalizeMITREWeaknesses; private normalizeMITREConfigurations; private normalizeMITREReferences; private formatDate; testConnection(): Promise<boolean>; /** * Validates MITRE-specific configuration */ protected validateSourceSpecificConfig(): SourceValidationResult; /** * MITRE CVE Services API validation - checks both public and authenticated access */ protected validateSourceSpecificApiKey(): SourceValidationResult; /** * MITRE API key environment variable from configuration */ getApiKeyEnvironmentVariable(): string | undefined; /** * Alternative environment variables for MITRE API key */ getAlternativeApiKeyEnvironmentVariables(): string[]; /** * MITRE API key identifier for mapping */ getApiKeyIdentifier(): string; /** * Check if this source matches MITRE-related identifiers */ matchesSourceIdentifier(identifier: string): boolean; /** * MITRE API key validation */ canUseApiKey(apiKey: string): boolean; private getRequestOptions; } //# sourceMappingURL=mitre.d.ts.map