UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

31 lines (30 loc) 809 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
rules: - id: force-ssl-false message: >- Checks for configuration setting of force_ssl to false. Force_ssl forces usage of HTTPS, which could lead to network interception of unencrypted application traffic. To fix, set config.force_ssl = true. metadata: cwe: - 'CWE-311: Missing Encryption of Sensitive Data' references: - https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_force_ssl.rb category: security technology: - ruby owasp: - A03:2017 - Sensitive Data Exposure - A04:2021 - Insecure Design subcategory: - vuln likelihood: LOW impact: MEDIUM confidence: HIGH languages: - ruby severity: WARNING pattern: config.force_ssl = false fix-regex: regex: =\s*false replacement: = true