UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

66 lines (65 loc) 1.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
rules: - id: require-request message: >- If an attacker controls the x in require(x) then they can cause code to load that was not intended to run on the server. options: interfile: true metadata: interfile: true owasp: - A01:2021 - Broken Access Control cwe: - 'CWE-706: Use of Incorrectly-Resolved Name or Reference' source-rule-url: https://nodesecroadmap.fyi/chapter-1/threat-UIR.html category: security technology: - express references: - https://github.com/google/node-sec-roadmap/blob/master/chapter-2/dynamism.md#dynamism-when-you-need-it subcategory: - vuln likelihood: MEDIUM impact: MEDIUM confidence: MEDIUM languages: - javascript - typescript severity: ERROR mode: taint pattern-sources: - patterns: - pattern-either: - pattern-inside: function ... ($REQ, $RES) {...} - pattern-inside: function ... ($REQ, $RES, $NEXT) {...} - patterns: - pattern-either: - pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES) {...}) - pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, $NEXT) {...}) - metavariable-regex: metavariable: $METHOD regex: ^(get|post|put|head|delete|options)$ - pattern-either: - pattern: $REQ.query - pattern: $REQ.body - pattern: $REQ.params - pattern: $REQ.cookies - pattern: $REQ.headers - patterns: - pattern-either: - pattern-inside: | ({ $REQ }: Request,$RES: Response, $NEXT: NextFunction) => {...} - pattern-inside: | ({ $REQ }: Request,$RES: Response) => {...} - focus-metavariable: $REQ - pattern-either: - pattern: params - pattern: query - pattern: cookies - pattern: headers - pattern: body pattern-sinks: - patterns: - pattern: require($SINK) - focus-metavariable: $SINK