mcp-server-semgrep/semgrep-rules/python/distributed/security.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: require-encryption
  patterns:
  - pattern: |
      distributed.security.Security(..., require_encryption=$VAL, ...)
  - metavariable-pattern:
      metavariable: $VAL
      pattern: |
        False
  - focus-metavariable: $VAL
  fix: |
    True
  message: >-
    Initializing a security context for Dask (`distributed`) without "require_encryption" keyword
    argument may silently fail to provide security.
  severity: WARNING
  metadata:
    cwe:
    - 'CWE-319: Cleartext Transmission of Sensitive Information'
    owasp:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures
    references:
    - https://distributed.dask.org/en/latest/tls.html?highlight=require_encryption#parameters
    category: security
    technology:
    - distributed
    subcategory:
    - vuln
    likelihood: MEDIUM
    impact: MEDIUM
    confidence: MEDIUM
  languages:
  - python