UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

90 lines (89 loc) 3.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
rules: - id: react-href-var message: >- Detected a variable used in an anchor tag with the 'href' attribute. A malicious actor may be able to input the 'javascript:' URI, which could cause cross-site scripting (XSS). It is recommended to disallow 'javascript:' URIs within your application. metadata: cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection references: - https://reactjs.org/blog/2019/08/08/react-v16.9.0.html#deprecating-javascript-urls - https://pragmaticwebsecurity.com/articles/spasecurity/react-xss-part1.html category: security confidence: LOW technology: - react cwe2022-top25: true cwe2021-top25: true subcategory: - audit likelihood: LOW impact: MEDIUM languages: - typescript - javascript severity: WARNING mode: taint pattern-sources: - label: TAINTED patterns: - pattern-either: - pattern-inside: | function ...({..., $X, ...}) { ... } - pattern-inside: | function ...(..., $X, ...) { ... } - focus-metavariable: $X # This rule causes too many false positives without this addition - pattern-either: - pattern: $X.$Y - pattern: $X[...] # this removes .map(...) etc which likely comes from hard coded values. - pattern-not-inside: | $F. ... .$SANITIZEUNC(...) - label: CONCAT requires: TAINTED patterns: - pattern-either: - pattern: | `...${$X}...` - pattern: | $SANITIZE + <... $X ...> - pattern-not: | `${$X}...` - pattern-not: | $X + ... - focus-metavariable: $X - label: CLEAN by-side-effect: true patterns: - pattern-either: - pattern: $A($SOURCE) - pattern: $SANITIZE. ... .$A($SOURCE) - pattern: $A. ... .$SANITIZE($SOURCE) - focus-metavariable: $SOURCE - metavariable-regex: metavariable: $A regex: (?i)(.*valid|.*sanitiz) pattern-sinks: - requires: TAINTED and not CONCAT and not CLEAN patterns: - focus-metavariable: $X - pattern-either: - pattern: | <$EL href={$X} /> - pattern: | React.createElement($EL, {href: $X}) - pattern-inside: | $PARAMS = {href: $X}; ... React.createElement($EL, $PARAMS); - metavariable-pattern: patterns: - pattern-not-regex: (?i)(button) metavariable: $EL