UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

54 lines (53 loc) 1.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
rules: - id: java-jwt-hardcoded-secret message: >- A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). metadata: cwe: - 'CWE-798: Use of Hard-coded Credentials' references: - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html owasp: - A07:2021 - Identification and Authentication Failures technology: - java - secrets - jwt category: security cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: LOW impact: MEDIUM confidence: HIGH languages: [java] severity: WARNING patterns: - pattern-either: - pattern: | (Algorithm $ALG) = $ALGO.$HMAC("$Y"); - pattern: | $SECRET = "$Y"; ... (Algorithm $ALG) = $ALGO.$HMAC($SECRET); - pattern: | class $CLASS { ... $TYPE $SECRET = "$Y"; ... $RETURNTYPE $FUNC (...) { ... (Algorithm $ALG) = $ALGO.$HMAC($SECRET); ... } ... } - focus-metavariable: $Y - metavariable-regex: metavariable: $HMAC regex: (HMAC384|HMAC256|HMAC512)