UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

65 lines (64 loc) 1.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
rules: - id: user-exec message: >- Found user data in a call to 'exec'. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use 'eval' and instead use a safe library for the specific functionality you need. metadata: cwe: - "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')" owasp: - A03:2021 - Injection category: security technology: - django references: - https://owasp.org/www-community/attacks/Code_Injection subcategory: - vuln likelihood: MEDIUM impact: HIGH confidence: MEDIUM patterns: - pattern-inside: | def $F(...): ... - pattern-either: - pattern: exec(..., request.$W.get(...), ...) - pattern: | $V = request.$W.get(...) ... exec(..., $V, ...) - pattern: exec(..., request.$W(...), ...) - pattern: | $V = request.$W(...) ... exec(..., $V, ...) - pattern: exec(..., request.$W[...], ...) - pattern: | $V = request.$W[...] ... exec(..., $V, ...) - pattern: | loop = asyncio.get_running_loop() ... await loop.run_in_executor(None, exec, request.$W[...]) - pattern: | $V = request.$W[...] ... loop = asyncio.get_running_loop() ... await loop.run_in_executor(None, exec, $V) - pattern: | loop = asyncio.get_running_loop() ... await loop.run_in_executor(None, exec, request.$W.get(...)) - pattern: | $V = request.$W.get(...) ... loop = asyncio.get_running_loop() ... await loop.run_in_executor(None, exec, $V) languages: [python] severity: WARNING