mcp-cve-intelligence-server-lite-test
Version:
Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers - Alpha Release
313 lines • 16 kB
JavaScript
import { z } from 'zod';
// Base CVE schema
export const CVESchema = z.object({
id: z.string(),
sourceIdentifier: z.string().optional(),
published: z.string(),
lastModified: z.string(),
vulnStatus: z.string().optional(),
cveTags: z.array(z.string()).optional(),
descriptions: z.array(z.object({
lang: z.string(),
value: z.string(),
})),
metrics: z.object({
cvssMetricV31: z.array(z.object({
source: z.string(),
type: z.string(),
cvssData: z.object({
version: z.string(),
vectorString: z.string(),
baseScore: z.number(),
baseSeverity: z.string(),
attackVector: z.string(),
attackComplexity: z.string(),
privilegesRequired: z.string(),
userInteraction: z.string(),
scope: z.string(),
confidentialityImpact: z.string(),
integrityImpact: z.string(),
availabilityImpact: z.string(),
// Additional temporal and environmental metrics
temporalScore: z.number().optional(),
temporalSeverity: z.string().optional(),
environmentalScore: z.number().optional(),
environmentalSeverity: z.string().optional(),
}),
exploitabilityScore: z.number().optional(),
impactScore: z.number().optional(),
})).optional(),
cvssMetricV30: z.array(z.object({
source: z.string(),
type: z.string(),
cvssData: z.object({
version: z.string(),
vectorString: z.string(),
baseScore: z.number(),
baseSeverity: z.string(),
attackVector: z.string(),
attackComplexity: z.string(),
privilegesRequired: z.string(),
userInteraction: z.string(),
scope: z.string(),
confidentialityImpact: z.string(),
integrityImpact: z.string(),
availabilityImpact: z.string(),
// Additional temporal and environmental metrics
temporalScore: z.number().optional(),
temporalSeverity: z.string().optional(),
environmentalScore: z.number().optional(),
environmentalSeverity: z.string().optional(),
}),
exploitabilityScore: z.number().optional(),
impactScore: z.number().optional(),
})).optional(),
cvssMetricV2: z.array(z.object({
source: z.string(),
type: z.string(),
cvssData: z.object({
version: z.string(),
vectorString: z.string(),
baseScore: z.number(),
baseSeverity: z.string().optional(),
accessVector: z.string(),
accessComplexity: z.string(),
authentication: z.string(),
confidentialityImpact: z.string(),
integrityImpact: z.string(),
availabilityImpact: z.string(),
// Additional temporal and environmental metrics
temporalScore: z.number().optional(),
temporalSeverity: z.string().optional(),
environmentalScore: z.number().optional(),
environmentalSeverity: z.string().optional(),
}),
exploitabilityScore: z.number().optional(),
impactScore: z.number().optional(),
})).optional(),
cvssMetricV4: z.array(z.object({
source: z.string(),
type: z.string(),
cvssData: z.object({
version: z.string(),
vectorString: z.string(),
baseScore: z.number(),
baseSeverity: z.string(),
// CVSS v4 specific metrics
attackVector: z.string(),
attackComplexity: z.string(),
attackRequirements: z.string().optional(),
privilegesRequired: z.string(),
userInteraction: z.string(),
vulnConfidentialityImpact: z.string().optional(),
vulnIntegrityImpact: z.string().optional(),
vulnAvailabilityImpact: z.string().optional(),
subConfidentialityImpact: z.string().optional(),
subIntegrityImpact: z.string().optional(),
subAvailabilityImpact: z.string().optional(),
// Additional temporal and environmental metrics
temporalScore: z.number().optional(),
temporalSeverity: z.string().optional(),
environmentalScore: z.number().optional(),
environmentalSeverity: z.string().optional(),
}),
exploitabilityScore: z.number().optional(),
impactScore: z.number().optional(),
})).optional(),
}).optional(),
weaknesses: z.array(z.object({
source: z.string(),
type: z.string(),
description: z.array(z.object({
lang: z.string(),
value: z.string(),
})),
})).optional(),
configurations: z.array(z.object({
nodes: z.array(z.object({
operator: z.string(),
negate: z.boolean().optional(),
cpeMatch: z.array(z.object({
vulnerable: z.boolean(),
criteria: z.string(),
versionStartIncluding: z.string().optional(),
versionEndExcluding: z.string().optional(),
versionStartExcluding: z.string().optional(),
versionEndIncluding: z.string().optional(),
matchCriteriaId: z.string().optional(),
})),
})),
})).optional(),
references: z.array(z.object({
url: z.string(),
source: z.string().optional(),
tags: z.array(z.string()).optional(),
// Enhanced reference fields
name: z.string().optional(),
refsource: z.string().optional(),
})).optional(),
// Data provenance and metadata
dataSource: z.object({
name: z.string(),
version: z.string().optional(),
lastUpdated: z.string(),
url: z.string().optional(),
}).optional(),
// Processing metadata
processingInfo: z.object({
extractedAt: z.string(),
normalizedBy: z.string(),
rawDataAvailable: z.boolean(),
}).optional(),
// Exploit indicators (calculated during normalization)
exploitIndicators: z.object({
hasExploitIndicators: z.boolean(),
indicators: z.array(z.object({
source: z.string(),
type: z.string(),
url: z.string(),
title: z.string(),
verified: z.boolean().optional(),
published: z.string().optional(),
})),
calculatedAt: z.string(),
}).optional(),
});
export const CVESearchFiltersSchema = z.object({
keyword: z.string().optional().describe('Search keyword (e.g., "apache", "sql injection")'),
cveId: z.string().optional().describe('Specific CVE ID (e.g., "CVE-2021-44228")'),
cpeNameId: z.string().optional().describe('CPE identifier for specific products'),
vendor: z.string().optional().describe('Vendor name (e.g., "microsoft", "apache")'),
product: z.string().optional().describe('Product name (e.g., "windows", "http_server")'),
// CVSS v2 parameters
cvssV2Severity: z.enum(['LOW', 'MEDIUM', 'HIGH']).optional().describe('CVSS v2 severity level'),
cvssV2Metrics: z.string().optional().describe('CVSS v2 vector string'),
// CVSS v3 parameters
cvssV3Severity: z.enum(['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']).optional().describe('CVSS v3 severity level'),
cvssV3Metrics: z.string().optional().describe('CVSS v3 vector string'),
// CVSS v4 parameters (NVD API 2.0)
cvssV4Severity: z.enum(['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']).optional().describe('CVSS v4 severity level'),
cvssV4Metrics: z.string().optional().describe('CVSS v4 vector string'),
// CWE filtering (NVD API 2.0)
cweId: z.string().optional().describe('Common Weakness Enumeration ID (e.g., "CWE-287")'),
// CVE tag filtering (NVD API 2.0)
cveTag: z.enum(['disputed', 'unsupported-when-assigned', 'exclusively-hosted-service']).optional()
.describe('CVE tag filter'),
// Boolean flags (NVD API 2.0)
hasCertAlerts: z.boolean().optional().describe('Filter for CVEs with CERT alerts'),
hasCertNotes: z.boolean().optional().describe('Filter for CVEs with CERT notes'),
hasKev: z.boolean().optional().describe('Filter for CVEs in CISA Known Exploited Vulnerabilities catalog'),
hasOval: z.boolean().optional().describe('Filter for CVEs with OVAL information'),
noRejected: z.boolean().optional().describe('Exclude rejected CVEs from results'),
hasExploit: z.boolean().optional().describe('Filter for CVEs with exploit indicators in references'),
// CPE vulnerability filtering (NVD API 2.0)
isVulnerable: z.boolean().optional().describe('Filter for CPEs marked as vulnerable (requires cpeNameId)'),
// Keyword exact match (NVD API 2.0)
keywordExactMatch: z.boolean().optional().describe('Require exact phrase match for keyword search'),
// Virtual match string (NVD API 2.0)
virtualMatchString: z.string().optional().describe('Virtual CPE match string for advanced filtering'),
pubStartDate: z.string().optional().describe('Publication start date (ISO format: YYYY-MM-DD)'),
pubEndDate: z.string().optional().describe('Publication end date (ISO format: YYYY-MM-DD)'),
lastModStartDate: z.string().optional()
.describe('Last modified start date (ISO format: YYYY-MM-DD)'),
lastModEndDate: z.string().optional().describe('Last modified end date (ISO format: YYYY-MM-DD)'),
vulnStatus: z.string().optional().describe('Vulnerability status'),
startIndex: z.number().min(0).optional().describe('Starting index for pagination (default: 0)'),
resultsPerPage: z.number().min(1).max(2000).optional()
.describe('Number of results per page (default: 20, max: 2000)'),
// Sorting configuration (always descending order)
sortBy: z.enum(['published', 'lastModified', 'cvssScore', 'severity']).default('published').optional()
.describe('Sort field (default: published, always descending order)'),
});
export const EPSSRequestSchema = z.object({
cveIds: z.array(z.string()).min(1).max(20)
.describe('Array of CVE IDs to analyze (e.g., ["CVE-2021-44228", "CVE-2022-0778"])'),
environmentContext: z.object({
networkExposure: z.enum(['internet-facing', 'internal', 'air-gapped']).optional()
.describe('Network exposure level of affected systems'),
assetCriticality: z.enum(['critical', 'high', 'medium', 'low']).optional()
.describe('Business criticality of affected assets'),
securityControls: z.array(z.enum(['waf', 'ids', 'antivirus', 'dlp', 'segmented'])).optional()
.describe('Security controls in place'),
patchingCadence: z.enum(['immediate', 'weekly', 'monthly', 'quarterly']).optional()
.describe('Typical patching schedule'),
}).optional().describe('Environmental context for risk assessment'),
includeRecommendations: z.boolean().default(true).optional()
.describe('Include actionable recommendations'),
});
export const CVEReportSchema = z.object({
cveIds: z.array(z.string()).min(1),
format: z.enum(['markdown', 'json', 'summary']).default('markdown'),
includeRecommendations: z.boolean().default(true),
includeExploits: z.boolean().default(true).optional().describe('Include exploit indicators analysis'),
});
export const CVEDetailSchema = z.object({
cveId: z.string().describe('CVE identifier (e.g., CVE-2024-1234)'),
});
export const TrendingCVEsSchema = z.object({
limit: z.number().min(1).max(100).optional().describe('Maximum number of trending CVEs to return (default: 20)'),
});
export const CPESearchSchema = z.object({
cpe: z.string().describe('CPE identifier (e.g., cpe:2.3:a:vendor:product:version:*:*:*:*:*:*:*)'),
severity: z.enum(['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']).optional().describe('Filter by CVSS v3 severity'),
dateStart: z.string().optional().describe('Publication start date (YYYY-MM-DD)'),
dateEnd: z.string().optional().describe('Publication end date (YYYY-MM-DD)'),
resultsPerPage: z.number().min(1).max(2000).optional().describe('Number of results per page'),
});
// Simplified schema for MCP API (user-facing)
export const SimpleCVESearchSchema = z.object({
keyword: z.string().optional().describe('Search keyword (e.g., "apache", "sql injection", "remote code execution")'),
cveId: z.string().optional().describe('Specific CVE ID (e.g., "CVE-2021-44228")'),
vendor: z.string().optional().describe('Vendor name (e.g., "microsoft", "apache", "google")'),
product: z.string().optional().describe('Product name (e.g., "windows", "http_server", "chrome")'),
severity: z.enum(['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']).optional()
.describe('Minimum severity level (returns this level and higher)'),
dateStart: z.string().optional().describe('Publication start date (YYYY-MM-DD format)'),
dateEnd: z.string().optional().describe('Publication end date (YYYY-MM-DD format)'),
hasExploit: z.boolean().optional().describe('Filter for CVEs with known exploits available'),
hasKev: z.boolean().optional()
.describe('Filter for CVEs in CISA Known Exploited Vulnerabilities catalog'),
sortBy: z.enum(['published', 'lastModified', 'cvssScore', 'severity']).default('published').optional()
.describe('Sort field (always descending: newest/highest first)'),
limit: z.number().min(1).max(1000).default(20).optional()
.describe('Maximum number of results to return (default: 20, max: 1000)'),
});
/**
* Maps simplified MCP API parameters to full internal CVESearchFilters
*/
export function mapToFullSearchFilters(simple) {
const filters = {
keyword: simple.keyword,
cveId: simple.cveId,
vendor: simple.vendor,
product: simple.product,
pubStartDate: simple.dateStart,
pubEndDate: simple.dateEnd,
hasExploit: simple.hasExploit,
hasKev: simple.hasKev,
sortBy: simple.sortBy || 'published',
resultsPerPage: simple.limit || 20,
// Apply severity filter to CVSS v3 (most common)
...(simple.severity && { cvssV3Severity: simple.severity }),
// Default optimizations
noRejected: true, // Exclude rejected CVEs by default for better UX
startIndex: 0,
};
return filters;
}
// MCP Prompt Schemas
export const AssessTechnologyStackSchema = z.object({
technologies: z.string().describe('Technologies in your stack (e.g., Apache, Linux, Windows)'),
environment: z.string().optional().describe('Environment type (development, staging, production)'),
});
export const ThreatHuntingCVEsSchema = z.object({
cve_id: z.string().optional().describe('Specific CVE ID to investigate (e.g., CVE-2024-12345)'),
threat_type: z.string().optional().describe('Type of threat to hunt for (rce, privilege-escalation, etc.)'),
});
export const BugBountyHuntingSchema = z.object({
target_technologies: z.string().describe('Target technologies or products (e.g., WordPress, Apache, React)'),
impact_focus: z.string().optional().describe('Desired impact type (rce, xss, sqli, auth-bypass, etc.)'),
disclosure_window: z.string().optional().describe('Time window for recent vulnerabilities (90d, 180d, 1y)'),
exploit_preference: z.string().optional().describe('Exploit availability preference (with-exploits, no-exploits, any)'),
});
//# sourceMappingURL=cve.js.map