UNPKG

mcp-siber-security-audit

Version:

MCP server for security code audit with auto-fix capabilities

92 lines (84 loc) 2.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
const fs = require('fs-extra'); class SecretScanner { constructor() { this.patterns = [ { name: 'AWS Access Key', regex: /(AKIA[0-9A-Z]{16})/g, type: 'HARDCODED_AWS_KEY', severity: 'critical', }, { name: 'API Key', regex: /API_KEY/g, type: 'HARDCODED_API_KEY', severity: 'high', }, { name: 'Password', regex: /[pP][aA][sS][sS][wW][oO][rR][dD].*?([^\s'"`]{8,})/g, type: 'HARDCODED_PASSWORD', severity: 'high', }, { name: 'Private Key', regex: /-----BEGIN.*PRIVATE KEY-----/g, type: 'HARDCODED_PRIVATE_KEY', severity: 'critical', }, { name: 'JWT Token', regex: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g, type: 'HARDCODED_JWT_TOKEN', severity: 'critical', }, { name: 'Insecure URL', regex: /http:\/\//g, type: 'INSECURE_URL', severity: 'medium', }, ]; } async scanFile(filePath) { const content = await fs.readFile(filePath, 'utf-8'); return this.scanContent(content, filePath); } scanContent(content, filePath) { const issues = []; const lines = content.split('\n'); for (let i = 0; i < lines.length; i++) { const line = lines[i]; for (const pattern of this.patterns) { pattern.regex.lastIndex = 0; let match; while ((match = pattern.regex.exec(line)) !== null) { if (!this.isLikelyPlaceholder(match[0])) { issues.push({ scanner: 'secret-scanner', file: filePath, line: i + 1, column: match.index + 1, type: pattern.type, severity: pattern.severity, description: `Detected a potential ${pattern.name}`, snippet: this.getCodeSnippet(lines, i), }); } } } } return issues; } isLikelyPlaceholder(text) { const lowerCaseText = text.toLowerCase(); const placeholders = ['example', 'placeholder', 'your-api-key', 'xxxxxxxxx', '******', '123456']; return placeholders.some(p => lowerCaseText.includes(p)); } getCodeSnippet(lines, lineIndex, contextLines = 2) { const start = Math.max(0, lineIndex - contextLines); const end = Math.min(lines.length - 1, lineIndex + contextLines); return lines.slice(start, end + 1).join('\n'); } } module.exports = SecretScanner;