UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

35 lines (34 loc) 1.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
rules: - id: net-webconfig-debug message: >- ASP.NET applications built with `debug` set to true in production may leak debug information to attackers. Debug mode also affects performance and reliability. Set `debug` to `false` or remove it from `<compilation ... />` severity: WARNING metadata: likelihood: LOW impact: LOW confidence: LOW category: security cwe: - 'CWE-11: ASP.NET Misconfiguration: Creating Debug Binary' owasp: - A05:2021 - Security Misconfiguration references: - https://web.archive.org/web/20190919105353/https://blogs.msdn.microsoft.com/prashant_upadhyay/2011/07/14/why-debugfalse-in-asp-net-applications-in-production-environment/ - https://msdn.microsoft.com/en-us/library/e8z01xdh.aspx subcategory: - audit technology: - .net languages: [generic] paths: include: - '*web.config*' patterns: - pattern: | <compilation ... debug = "true" ... /> - pattern-inside: | <system.web> ... </system.web>