mcp-siber-security-audit
Version:
MCP server for security code audit with auto-fix capabilities
337 lines • 13.3 kB
JSON
{
"metadata": {
"timestamp": "2025-11-04T04:03:58.439Z",
"version": "1.3.0"
},
"summary": {
"totalIssues": 28,
"bySeverity": {
"high": 25,
"medium": 2,
"low": 0,
"critical": null
},
"byType": {
"DETECT_NON_LITERAL_FS_FILENAME": 9,
"HARDCODED_API_KEY": 8,
"LINT_ERROR": 3,
"DETECT_OBJECT_INJECTION": 4,
"DETECT_UNSAFE_REGEX": 1,
"INSECURE_URL": 2,
"HARDCODED_PRIVATE_KEY": 1
},
"byScanner": {
"eslint": 17,
"secret-scanner": 11
}
},
"issues": [
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/index.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found readFileSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 50,
"column": 29
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/index.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found writeFileSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 53,
"column": 11
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/index.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found existsSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 67,
"column": 12
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/index.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found readdirSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 76,
"column": 23
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/index.js",
"line": 25,
"column": 18,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": " ];\n this.fixers = {\n 'HARDCODED_API_KEY': new SecretFixer(),\n 'INSECURE_URL': new SecretFixer(),\n 'SRC.CONFIG.EXPRESS_XSS': new XSSFixer(),"
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/package.json",
"type": "LINT_ERROR",
"severity": "high",
"description": "Parsing error: Unexpected token :",
"ruleId": null,
"auto_fix_available": false,
"line": 2,
"column": 9
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/sample-project/app.js",
"type": "LINT_ERROR",
"severity": "high",
"description": "Parsing error: Unexpected token",
"ruleId": null,
"auto_fix_available": false,
"line": 20,
"column": 4
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/sample-project/app.js",
"line": 6,
"column": 7,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": "const db = require('./db');\n\nconst API_KEY = process.env.API_KEY; // Loaded from environment variable\n\napp.get('/', (req, res) => {"
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/sample-project/app.js",
"line": 6,
"column": 29,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": "const db = require('./db');\n\nconst API_KEY = process.env.API_KEY; // Loaded from environment variable\n\napp.get('/', (req, res) => {"
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/sample-project/package.json",
"type": "LINT_ERROR",
"severity": "high",
"description": "Parsing error: Unexpected token :",
"ruleId": null,
"auto_fix_available": false,
"line": 2,
"column": 9
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/secret-fixer.js",
"type": "DETECT_OBJECT_INJECTION",
"severity": "high",
"description": "Generic Object Injection Sink",
"ruleId": "security/detect-object-injection",
"auto_fix_available": false,
"line": 9,
"column": 7
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/secret-fixer.js",
"line": 6,
"column": 35,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": " let isFixed = false;\n\n if (issue.type === 'HARDCODED_API_KEY') {\n const lines = content.split('\\n');\n const lineIndex = issue.line - 1;"
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/secret-fixer.js",
"line": 9,
"column": 33,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": " const lines = content.split('\\n');\n const lineIndex = issue.line - 1;\n lines[lineIndex] = 'const API_KEY = process.env.API_KEY; // Loaded from environment variable';\n fixedContent = lines.join('\\n');\n isFixed = true;"
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/secret-fixer.js",
"line": 9,
"column": 55,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": " const lines = content.split('\\n');\n const lineIndex = issue.line - 1;\n lines[lineIndex] = 'const API_KEY = process.env.API_KEY; // Loaded from environment variable';\n fixedContent = lines.join('\\n');\n isFixed = true;"
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/xss-fixer.js",
"type": "DETECT_OBJECT_INJECTION",
"severity": "high",
"description": "Variable Assigned to Object Injection Sink",
"ruleId": "security/detect-object-injection",
"auto_fix_available": false,
"line": 7,
"column": 18
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/xss-fixer.js",
"type": "DETECT_OBJECT_INJECTION",
"severity": "high",
"description": "Generic Object Injection Sink",
"ruleId": "security/detect-object-injection",
"auto_fix_available": false,
"line": 10,
"column": 5
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/dependency-scanner.js",
"locations": [
{
"line": 9,
"column": 34
},
{
"line": 30,
"column": 38
}
],
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found readFileSync from package \"fs\" with non literal argument at index 0 (Found in 2 locations)",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 9,
"column": 34
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/dependency-scanner.js",
"type": "DETECT_UNSAFE_REGEX",
"severity": "high",
"description": "Unsafe Regular Expression",
"ruleId": "security/detect-unsafe-regex",
"auto_fix_available": false,
"line": 104,
"column": 33
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/secret-scanner.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found readFile from package \"fs-extra\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 46,
"column": 27
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/secret-scanner.js",
"type": "DETECT_OBJECT_INJECTION",
"severity": "high",
"description": "Variable Assigned to Object Injection Sink",
"ruleId": "security/detect-object-injection",
"auto_fix_available": false,
"line": 55,
"column": 20
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/secret-scanner.js",
"line": 14,
"column": 17,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": " {\n name: 'API Key',\n regex: /API_KEY/g,\n type: 'HARDCODED_API_KEY',\n severity: 'high',"
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/secret-scanner.js",
"line": 15,
"column": 26,
"type": "HARDCODED_API_KEY",
"severity": "high",
"description": "Detected a potential API Key",
"snippet": " name: 'API Key',\n regex: /API_KEY/g,\n type: 'HARDCODED_API_KEY',\n severity: 'high',\n },"
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/utils/report-generator.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found existsSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 63,
"column": 10
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/utils/report-generator.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found mkdirSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 64,
"column": 7
},
{
"scanner": "eslint",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/utils/report-generator.js",
"type": "DETECT_NON_LITERAL_FS_FILENAME",
"severity": "high",
"description": "Found writeFileSync from package \"fs\" with non literal argument at index 0",
"ruleId": "security/detect-non-literal-fs-filename",
"auto_fix_available": false,
"line": 70,
"column": 5
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/secret-fixer.js",
"line": 13,
"column": 18,
"type": "INSECURE_URL",
"severity": "medium",
"description": "Detected a potential Insecure URL",
"snippet": " isFixed = true;\n } else if (issue.type === 'INSECURE_URL') {\n // Replace http:// with https://\n fixedContent = content.replace('http://', 'https://');\n isFixed = true;"
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/fixers/secret-fixer.js",
"line": 14,
"column": 39,
"type": "INSECURE_URL",
"severity": "medium",
"description": "Detected a potential Insecure URL",
"snippet": " } else if (issue.type === 'INSECURE_URL') {\n // Replace http:// with https://\n fixedContent = content.replace('http://', 'https://');\n isFixed = true;\n }"
},
{
"scanner": "secret-scanner",
"file": "/Users/user/Campuss/Semester 5/SIBER/mcp-siber-security-audit-main/src/scanners/secret-scanner.js",
"line": 26,
"column": 17,
"type": "HARDCODED_PRIVATE_KEY",
"severity": "critical",
"description": "Detected a potential Private Key",
"snippet": " {\n name: 'Private Key',\n regex: /-----BEGIN.*PRIVATE KEY-----/g,\n type: 'HARDCODED_PRIVATE_KEY',\n severity: 'critical',"
}
]
}