UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

37 lines (36 loc) 920 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
rules: - id: flask-api-method-string-format patterns: - pattern-either: - pattern: | def $METHOD(...,$ARG,...): ... $STRING = "...".format(...,$ARG,...) ... ... = requests.$REQMETHOD($STRING,...) - pattern: | def $METHOD(...,$ARG,...): ... ... = requests.$REQMETHOD("...".format(...,$ARG,...),...) - pattern-inside: | class $CLASS(...): method_decorators = ... ... message: >- Method $METHOD in API controller $CLASS provides user arg $ARG to requests method $REQMETHOD severity: ERROR languages: - python metadata: cwe: - 'CWE-134: Use of Externally-Controlled Format String' category: security technology: - flask references: - https://cwe.mitre.org/data/definitions/134.html subcategory: - audit likelihood: LOW impact: MEDIUM confidence: LOW