mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

64 lines (63 loc) • 2.14 kB

YAML

rules: - id: open-redirect patterns: - pattern-inside: | @$APP.route(...) def $X(...): ... - pattern-not-inside: | @$APP.route(...) def $X(...): ... if <... werkzeug.urls.url_parse($V) ...>: ... - pattern-either: - pattern: flask.redirect(<... flask.request.$W.get(...) ...>, ...) - pattern: flask.redirect(<... flask.request.$W[...] ...>, ...) - pattern: flask.redirect(<... flask.request.$W(...) ...>, ...) - pattern: flask.redirect(<... flask.request.$W ...>, ...) - pattern: | $V = flask.request.$W.get(...) ... flask.redirect(<... $V ...>, ...) - pattern: | $V = flask.request.$W[...] ... flask.redirect(<... $V ...>, ...) - pattern: | $V = flask.request.$W(...) ... flask.redirect(<... $V ...>, ...) - pattern: | $V = flask.request.$W ... flask.redirect(<... $V ...>, ...) - pattern-not: flask.redirect(flask.request.path) - pattern-not: flask.redirect(flask.request.path + ...) - pattern-not: flask.redirect(f"{flask.request.path}...") message: >- Data from request is passed to redirect(). This is an open redirect and could be exploited. Consider using 'url_for()' to generate links to known locations. If you must use a URL to unknown pages, consider using 'urlparse()' or similar and checking if the 'netloc' property is the same as your site's host name. See the references for more information. metadata: cwe: - "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" owasp: - A01:2021 - Broken Access Control references: - https://flask-login.readthedocs.io/en/latest/#login-example - https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html#dangerous-url-redirect-example-1 - https://docs.python.org/3/library/urllib.parse.html#url-parsing category: security technology: - flask subcategory: - audit likelihood: LOW impact: MEDIUM confidence: LOW languages: [python] severity: ERROR