UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

31 lines (30 loc) 940 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
rules: - id: use-defused-xmlrpc pattern-either: - pattern: import xmlrpclib - pattern: import SimpleXMLRPCServer - pattern: import xmlrpc message: >- Detected use of xmlrpc. xmlrpc is not inherently safe from vulnerabilities. Use defusedxml.xmlrpc instead. metadata: cwe: - "CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')" owasp: - A04:2017 - XML External Entities (XXE) - A05:2021 - Security Misconfiguration source-rule-url: https://github.com/PyCQA/bandit/blob/07f84cb5f5e7c1055e6feaa0fe93afa471de0ac3/bandit/blacklists/imports.py#L160 references: - https://pypi.org/project/defusedxml/ - https://docs.python.org/3/library/xml.html#xml-vulnerabilities category: security technology: - python subcategory: - audit likelihood: LOW impact: MEDIUM confidence: LOW severity: ERROR languages: - python