UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

53 lines (52 loc) 1.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
rules: - id: ruby-jwt-hardcoded-secret message: >- Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables) metadata: cwe: - 'CWE-522: Insufficiently Protected Credentials' owasp: - A02:2017 - Broken Authentication - A04:2021 - Insecure Design source-rule-url: https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/ category: security technology: - jwt references: - https://owasp.org/Top10/A04_2021-Insecure_Design cwe2021-top25: true subcategory: - audit likelihood: LOW impact: LOW confidence: LOW patterns: - pattern-inside: | require 'jwt' ... - pattern-either: - pattern: | JWT.encode($PAYLOAD,"...",...) - pattern: | JWT.decode($PAYLOAD,"...",...) - pattern: | JWT.encode($PAYLOAD,nil,...) - pattern: | JWT.decode($PAYLOAD,nil,...) - pattern: | $SECRET = "..." ... JWT.encode($PAYLOAD,$SECRET,...) - pattern: | $SECRET = "..." ... JWT.decode($PAYLOAD,$SECRET,...) - pattern-not: | JWT.encode($PAYLOAD, nil, ... , jwks: ..., ...) - pattern-not: | JWT.decode($PAYLOAD, nil, ..., jwks: ..., ...) languages: [ruby] severity: ERROR