UNPKG

mcp-siber-security-audit

Version:

MCP server for security code audit with auto-fix capabilities

79 lines (70 loc) 2.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
const { exec } = require('child_process'); const { promisify } = require('util'); const fs = require('fs-extra'); const path = require('path'); const execAsync = promisify(exec); class SemgrepScanner { constructor() { this.rulesPath = path.resolve(__dirname, '../config/semgrep-rules.yaml'); } async checkSemgrepInstalled() { try { await execAsync('semgrep --version'); return true; } catch (error) { console.warn('\n⚠️ Semgrep is not installed. To install Semgrep:'); console.warn('\nOn macOS/Linux:'); console.warn(' python3 -m pip install semgrep'); console.warn(' or'); console.warn(' brew install semgrep'); console.warn('\nOn Windows:'); console.warn(' python3 -m pip install semgrep'); console.warn(' or'); console.warn(' winget install semgrep'); console.warn('\nFor more installation options, visit: https://semgrep.dev/docs/getting-started/\n'); console.warn('Skipping Semgrep scan for now...\n'); return false; } } async scanFile(filePath) { const isInstalled = await this.checkSemgrepInstalled(); if (!isInstalled) { return []; } try { const { stdout } = await execAsync(`semgrep --config "${this.rulesPath}" --json "${filePath}"`); const results = JSON.parse(stdout); return this.formatResults(results, filePath); } catch (error) { console.error(`Error running Semgrep on ${filePath}:`, error); return []; } } formatResults(semgrepOutput, filePath) { const issues = []; for (const result of semgrepOutput.results) { issues.push({ scanner: 'semgrep', file: filePath, line: result.start.line, column: result.start.col, type: this.mapCheckIdToType(result.check_id), severity: this.mapSeverity(result.extra.severity), description: result.extra.message, ruleId: result.check_id, }); } return issues; } mapCheckIdToType(checkId) { return checkId.replace(/-/g, '_').toUpperCase(); } mapSeverity(semgrepSeverity) { switch (semgrepSeverity) { case 'ERROR': return 'high'; case 'WARNING': return 'medium'; default: return 'low'; } } } module.exports = SemgrepScanner;