mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

69 lines (68 loc) • 2.16 kB

YAML

rules: - id: tainted-sql-string languages: [java] severity: ERROR message: >- Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as Sequelize which will protect your queries. options: interfile: true metadata: references: - https://owasp.org/www-community/attacks/SQL_Injection category: security owasp: - A01:2017 - Injection - A03:2021 - Injection cwe: - "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" technology: - aws-lambda cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: MEDIUM impact: HIGH confidence: MEDIUM interfile: true mode: taint pattern-sources: - patterns: - focus-metavariable: $EVENT - pattern-either: - pattern: | $HANDLERTYPE $HANDLER($TYPE $EVENT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { ... } - pattern: | $HANDLERTYPE $HANDLER(InputStream $EVENT, OutputStream $OUT, com.amazonaws.services.lambda.runtime.Context $CONTEXT) { ... } pattern-sinks: - patterns: - pattern-either: - pattern: | "$SQLSTR" + ... - pattern: | "$SQLSTR".concat(...) - patterns: - pattern-inside: | StringBuilder $SB = new StringBuilder("$SQLSTR"); ... - pattern: $SB.append(...) - patterns: - pattern-inside: | $VAR = "$SQLSTR"; ... - pattern: $VAR += ... - pattern: String.format("$SQLSTR", ...) - metavariable-regex: metavariable: $SQLSTR regex: (?i)(select|delete|insert|create|update|alter|drop)\b - pattern-not-inside: | System.out.$PRINTLN(...)