UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

34 lines (33 loc) 1.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
rules: - id: avoid-mark-safe patterns: - pattern-not-inside: django.utils.html.format_html(...) - pattern-not: django.utils.safestring.mark_safe("...") - pattern: django.utils.safestring.mark_safe(...) message: >- 'mark_safe()' is used to mark a string as "safe" for HTML output. This disables escaping and could therefore subject the content to XSS attacks. Use 'django.utils.html.format_html()' to build HTML for rendering instead. metadata: source-rule-url: https://bandit.readthedocs.io/en/latest/plugins/b703_django_mark_safe.html cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection references: - https://docs.djangoproject.com/en/3.0/ref/utils/#django.utils.safestring.mark_safe - https://docs.djangoproject.com/en/3.0/ref/utils/#django.utils.html.format_html category: security technology: - django cwe2022-top25: true cwe2021-top25: true subcategory: - audit likelihood: LOW impact: MEDIUM confidence: LOW languages: [python] severity: WARNING