UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

31 lines (30 loc) 890 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
rules: - id: detect-angular-sce-disabled message: >- $sceProvider is set to false. Disabling Strict Contextual escaping (SCE) in an AngularJS application could provide additional attack surface for XSS vulnerabilities. metadata: cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" references: - https://docs.angularjs.org/api/ng/service/$sce - https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20170727_AngularJS.pdf category: security technology: - angular owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: HIGH impact: MEDIUM confidence: HIGH languages: - javascript - typescript severity: ERROR pattern: | $sceProvider.enabled(false);