UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

107 lines (106 loc) 3.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
rules: - id: hardcoded-passport-secret message: >- A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). metadata: cwe: - 'CWE-798: Use of Hard-coded Credentials' references: - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html owasp: - A07:2021 - Identification and Authentication Failures asvs: section: 'V3: Session Management Verification Requirements' control_id: 3.5.2 Static API keys or secret control_url: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x12-V3-Session-management.md#v35-token-based-session-management version: '4' category: security technology: - jwt - nodejs - secrets cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: HIGH impact: MEDIUM confidence: HIGH languages: - javascript - typescript severity: WARNING mode: taint pattern-sources: - by-side-effect: true patterns: - pattern-either: - pattern: | {..., clientSecret: "...", ...} - pattern: | {..., secretOrKey: "...", ...} - pattern: | {..., consumerSecret: "...", ...} - patterns: - pattern-inside: | $OBJ = {} ... - pattern-either: - pattern: | $OBJ.clientSecret = "..." - pattern: | $OBJ.secretOrKey = "..." - pattern: | $OBJ.consumerSecret = "..." - pattern: $OBJ - patterns: - pattern-inside: | $SECRET = '...' ... - pattern-either: - pattern: | {..., clientSecret: $SECRET, ...} - pattern: | {..., secretOrKey: $SECRET, ...} - pattern: | {..., consumerSecret: $SECRET, ...} - patterns: - pattern-inside: | $SECRET = '...' ... - pattern-either: - pattern-inside: | $VALUE = {..., clientSecret: $SECRET, ...} ... - pattern-inside: | $VALUE = {..., secretOrKey: $SECRET, ...} ... - pattern-inside: | $VALUE = {..., consumerSecret: $SECRET, ...} ... - pattern: $VALUE pattern-sinks: - patterns: - pattern-either: - pattern-inside: | $F = require("$I").Strategy ... - pattern-inside: | $F = require("$I") ... - pattern-inside: | import { $STRAT as $F } from '$I' ... - pattern-inside: | import $F from '$I' ... - metavariable-regex: metavariable: $I regex: (passport-.*) - pattern-inside: | new $F($VALUE,...) - focus-metavariable: $VALUE