UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

60 lines (59 loc) 1.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
rules: - id: ssrf severity: ERROR languages: - csharp metadata: cwe: - 'CWE-918: Server-Side Request Forgery (SSRF)' owasp: - A10:2021 - Server-Side Request Forgery (SSRF) references: - https://cwe.mitre.org/data/definitions/918.html - https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html category: security technology: - .net confidence: LOW cwe2022-top25: true cwe2021-top25: true subcategory: - audit likelihood: LOW impact: MEDIUM message: >- The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. Many different options exist to fix this issue depending the use case (Application can send request only to identified and trusted applications, Application can send requests to ANY external IP address or domain name). patterns: - pattern-inside: | using System.Net; ... - pattern-either: - pattern: | $T $F(..., $X, ...) { ... ... WebRequest.Create(<... $X ...>); } - pattern: | $T $F($X) { ... $A $B = <... $X ...>; ... ... WebRequest.Create($B); } - pattern: | $T $F($X) { ... $A $B = <... $X ...>; ... $C $D = <... $B ...>; ... ... WebRequest.Create($D); }