UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

50 lines (49 loc) 1.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
rules: - id: no-static-initialization-vector message: >- Initialization Vectors (IVs) for block ciphers should be randomly generated each time they are used. Using a static IV means the same plaintext encrypts to the same ciphertext every time, weakening the strength of the encryption. metadata: cwe: - 'CWE-329: Generation of Predictable IV with CBC Mode' owasp: - A02:2021 - Cryptographic Failures source-rule-url: https://find-sec-bugs.github.io/bugs.htm#STATIC_IV asvs: section: V6 Stored Cryptography Verification Requirements control_id: 6.2.5 Insecure Algorithm control_url: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x14-V6-Cryptography.md#v62-algorithms version: '4' references: - https://cwe.mitre.org/data/definitions/329.html category: security technology: - java subcategory: - vuln likelihood: MEDIUM impact: MEDIUM confidence: HIGH severity: WARNING languages: [java] pattern-either: - pattern: | byte[] $IV = { ... }; ... new IvParameterSpec($IV, ...); - pattern: | class $CLASS { byte[] $IV = { ... }; ... $METHOD(...) { ... new IvParameterSpec($IV, ...); ... } }