UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

106 lines 3.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
rules: - id: tainted-html-string languages: - java severity: ERROR message: >- Detected user input flowing into a manually constructed HTML string. You may be accidentally bypassing secure methods of rendering HTML by manually constructing HTML and this could create a cross-site scripting vulnerability, which could let attackers steal sensitive user data. To be sure this is safe, check that the HTML is rendered safely. You can use the OWASP ESAPI encoder if you must render user data. metadata: cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection references: - https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html category: security technology: - java - spring cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: HIGH impact: MEDIUM confidence: MEDIUM mode: taint pattern-sources: - label: INPUT patterns: - pattern-either: - pattern-inside: | $METHODNAME(..., @$REQ(...) $TYPE $SOURCE,...) { ... } - pattern-inside: | $METHODNAME(..., @$REQ $TYPE $SOURCE,...) { ... } - metavariable-regex: metavariable: $TYPE regex: ^(?!(Integer|Long|Float|Double|Char|Boolean|int|long|float|double|char|boolean)) - metavariable-regex: metavariable: $REQ regex: (RequestBody|PathVariable|RequestParam|RequestHeader|CookieValue|ModelAttribute) - focus-metavariable: $SOURCE - label: CONCAT by-side-effect: true requires: INPUT patterns: - pattern-either: - pattern: | "$HTMLSTR" + ... - pattern: | "$HTMLSTR".concat(...) - patterns: - pattern-inside: | StringBuilder $SB = new StringBuilder("$HTMLSTR"); ... - pattern: $SB.append(...) - patterns: - pattern-inside: | $VAR = "$HTMLSTR"; ... - pattern: $VAR += ... - pattern: String.format("$HTMLSTR", ...) - patterns: - pattern-inside: | String $VAR = "$HTMLSTR"; ... - pattern: String.format($VAR, ...) - metavariable-regex: metavariable: $HTMLSTR regex: ^<\w+ pattern-propagators: - pattern: (StringBuilder $SB).append($...TAINTED) from: $...TAINTED to: $SB - pattern: $VAR += $...TAINTED from: $...TAINTED to: $VAR pattern-sinks: - requires: CONCAT patterns: - pattern-either: - pattern: new ResponseEntity<>($PAYLOAD, ...) - pattern: new ResponseEntity<$ERROR>($PAYLOAD, ...) - pattern: ResponseEntity. ... .body($PAYLOAD) - patterns: - pattern: | ResponseEntity.$RESPFUNC($PAYLOAD). ... - metavariable-regex: metavariable: $RESPFUNC regex: ^(ok|of)$ - focus-metavariable: $PAYLOAD pattern-sanitizers: - pattern-either: - pattern: Encode.forHtml(...) - pattern: (PolicyFactory $POLICY).sanitize(...) - pattern: (AntiSamy $AS).scan(...) - pattern: JSoup.clean(...)