mcp-server-semgrep
Version:
MCP Server for Semgrep Integration - static code analysis with AI
33 lines (32 loc) • 918 B
YAML
rules:
- id: stacktrace-disclosure
patterns:
- pattern: $APP.UseDeveloperExceptionPage(...);
- pattern-not-inside: |
if ($ENV.IsDevelopment(...)) {
...
}
message: >-
Stacktrace information is displayed in a non-Development environment.
Accidentally disclosing sensitive stack trace information in a production
environment aids an attacker in reconnaissance and information gathering.
metadata:
category: security
technology:
- csharp
owasp:
- A06:2017 - Security Misconfiguration
- A04:2021 - Insecure Design
cwe:
- 'CWE-209: Generation of Error Message Containing Sensitive Information'
references:
- https://cwe.mitre.org/data/definitions/209.html
- https://owasp.org/Top10/A04_2021-Insecure_Design/
subcategory:
- audit
likelihood: LOW
impact: LOW
confidence: HIGH
languages:
- csharp
severity: WARNING