@sulthonzh/mcp-audit 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +41 -0
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/scanners/config-fixer.d.ts +42 -0
- package/dist/scanners/config-fixer.d.ts.map +1 -0
- package/dist/scanners/config-fixer.js +284 -0
- package/dist/scanners/config-fixer.js.map +1 -0
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
"use strict";
|
|
3
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
4
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
5
|
+
};
|
|
3
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
7
|
const commander_1 = require("commander");
|
|
5
8
|
const config_scanner_1 = require("./scanners/config-scanner");
|
|
@@ -10,6 +13,8 @@ const config_loader_1 = require("./config/config-loader");
|
|
|
10
13
|
const docker_scanner_1 = require("./scanners/docker-scanner");
|
|
11
14
|
const k8s_scanner_1 = require("./scanners/k8s-scanner");
|
|
12
15
|
const helm_scanner_1 = require("./scanners/helm-scanner");
|
|
16
|
+
const config_fixer_1 = require("./scanners/config-fixer");
|
|
17
|
+
const chalk_1 = __importDefault(require("chalk"));
|
|
13
18
|
commander_1.program
|
|
14
19
|
.name('mcp-audit')
|
|
15
20
|
.description('Security scanner for MCP (Model Context Protocol) servers')
|
|
@@ -161,5 +166,41 @@ commander_1.program
|
|
|
161
166
|
}
|
|
162
167
|
console.log('Use --init to create configuration or --show to view current config');
|
|
163
168
|
});
|
|
169
|
+
commander_1.program
|
|
170
|
+
.command('fix')
|
|
171
|
+
.description('Auto-fix security issues in MCP config files')
|
|
172
|
+
.option('--dry-run', 'Show what would change without writing (default)', true)
|
|
173
|
+
.option('--in-place', 'Apply fixes directly to config files')
|
|
174
|
+
.option('-o, --output <file>', 'Write fixed config to a specific file')
|
|
175
|
+
.option('-q, --quiet', 'Minimal output')
|
|
176
|
+
.addHelpText('after', '\nExamples:\n mcp-audit fix # Show fixes (dry run)\n mcp-audit fix --in-place # Apply fixes to config files\n mcp-audit fix -o fixed.json # Write fixed config to file')
|
|
177
|
+
.action(async (options) => {
|
|
178
|
+
try {
|
|
179
|
+
logger_1.logger.info('Running MCP config auto-fix...');
|
|
180
|
+
const results = await (0, config_fixer_1.autoFixConfig)({
|
|
181
|
+
dryRun: !options.inPlace,
|
|
182
|
+
inPlace: options.inPlace,
|
|
183
|
+
output: options.output,
|
|
184
|
+
quiet: options.quiet,
|
|
185
|
+
});
|
|
186
|
+
if (results.length === 0) {
|
|
187
|
+
logger_1.logger.info('✅ No fixable issues found — config looks good!');
|
|
188
|
+
process.exit(0);
|
|
189
|
+
}
|
|
190
|
+
const totalFixes = results.reduce((sum, r) => sum + r.fixesApplied.length, 0);
|
|
191
|
+
if (!options.quiet) {
|
|
192
|
+
(0, config_fixer_1.printFixDiff)(results);
|
|
193
|
+
}
|
|
194
|
+
if (!options.inPlace && !options.output) {
|
|
195
|
+
console.log(chalk_1.default.dim(`\n Run with --in-place to apply, or -o <file> to save to a new file`));
|
|
196
|
+
}
|
|
197
|
+
logger_1.logger.info(`${options.inPlace ? '✅' : '🔍'} ${totalFixes} fix(es) across ${results.length} file(s)`);
|
|
198
|
+
process.exit(0);
|
|
199
|
+
}
|
|
200
|
+
catch (error) {
|
|
201
|
+
logger_1.logger.error('❌ Auto-fix failed:', error);
|
|
202
|
+
process.exit(1);
|
|
203
|
+
}
|
|
204
|
+
});
|
|
164
205
|
commander_1.program.parse();
|
|
165
206
|
//# sourceMappingURL=cli.js.map
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;;AAEA,yCAAoC;AACpC,8DAAuD;AACvD,8DAAwD;AACxD,kEAA6D;AAC7D,2CAAwC;AACxC,0DAAsE;AACtE,8DAAuD;AACvD,wDAAiD;AACjD,0DAAmD;AACnD,0DAAsE;AACtE,kDAA0B;AAE1B,mBAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,2DAA2D,CAAC;KACxE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,mBAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,eAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAA,0BAAU,GAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAU,EAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9C,eAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,QAAQ,CAAC,cAAc,EAAE,+BAA+B,CAAC;KACzD,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,MAAM,EAAE,mCAAmC,CAAC;KACnD,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,EAAE,GAAG,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,eAAM,CAAC,IAAI,CAAC,qCAAqC,UAAU,EAAE,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,IAAA,0BAAU,GAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAW,EAAC,UAAU,EAAE;YAC5C,GAAG,MAAM;YACT,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QACpB,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,eAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,yEAAyE,CAAC;KACtF,QAAQ,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/C,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,mCAAmC,CAAC;KACvD,MAAM,CAAC,MAAM,EAAE,qCAAqC,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,eAAM,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;QAC1E,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAU,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;YACzC,eAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,2BAA2B,KAAK,EAAE,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,iEAAiE,CAAC;KAC9E,QAAQ,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/C,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC3D,MAAM,CAAC,MAAM,EAAE,qCAAqC,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,eAAM,CAAC,IAAI,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAO,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtE,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;YACzC,eAAM,CAAC,IAAI,CAAC,0BAA0B,UAAU,2BAA2B,KAAK,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;QACnE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,iDAAiD,CAAC;KAC9D,QAAQ,CAAC,QAAQ,EAAE,0CAA0C,CAAC;KAC9D,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC3D,MAAM,CAAC,MAAM,EAAE,qCAAqC,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,eAAM,CAAC,IAAI,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAQ,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;YACzC,eAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,2BAA2B,KAAK,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;QACnE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,QAAQ,EAAE,+BAA+B,CAAC;KACjD,MAAM,CAAC,QAAQ,EAAE,4BAA4B,CAAC;KAC9C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,MAAM,GAAG,IAAA,0BAAU,GAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,IAAA,gCAAgB,GAAE,CAAC;QACzB,eAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC3C,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;AACrF,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,kDAAkD,EAAE,IAAI,CAAC;KAC7E,MAAM,CAAC,YAAY,EAAE,sCAAsC,CAAC;KAC5D,MAAM,CAAC,qBAAqB,EAAE,uCAAuC,CAAC;KACtE,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC;KACvC,WAAW,CAAC,OAAO,EAAE,0LAA0L,CAAC;KAChN,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,eAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAa,EAAC;YAClC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,eAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAE9E,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,IAAA,2BAAY,EAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC,CAAC;QACjG,CAAC;QAED,eAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,UAAU,mBAAmB,OAAO,CAAC,MAAM,UAAU,CAAC,CAAC;QACtG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO,CAAC,KAAK,EAAE,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -4,5 +4,6 @@ export { generateReport } from './reporter/report-generator';
|
|
|
4
4
|
export { loadConfig, initializeConfig } from './config/config-loader';
|
|
5
5
|
export { logger } from './utils/logger';
|
|
6
6
|
export { scanDocker } from './scanners/docker-scanner';
|
|
7
|
+
export { autoFixConfig, printFixDiff } from './scanners/config-fixer';
|
|
7
8
|
export { SecurityResult, SecurityIssue } from './types/security-result';
|
|
8
9
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
// MCP Audit - Main entry point
|
|
3
3
|
// This file serves as the main entry point for the package
|
|
4
4
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
|
-
exports.scanDocker = exports.logger = exports.initializeConfig = exports.loadConfig = exports.generateReport = exports.checkServer = exports.scanConfig = void 0;
|
|
5
|
+
exports.printFixDiff = exports.autoFixConfig = exports.scanDocker = exports.logger = exports.initializeConfig = exports.loadConfig = exports.generateReport = exports.checkServer = exports.scanConfig = void 0;
|
|
6
6
|
var config_scanner_1 = require("./scanners/config-scanner");
|
|
7
7
|
Object.defineProperty(exports, "scanConfig", { enumerable: true, get: function () { return config_scanner_1.scanConfig; } });
|
|
8
8
|
var server_scanner_1 = require("./scanners/server-scanner");
|
|
@@ -16,6 +16,9 @@ var logger_1 = require("./utils/logger");
|
|
|
16
16
|
Object.defineProperty(exports, "logger", { enumerable: true, get: function () { return logger_1.logger; } });
|
|
17
17
|
var docker_scanner_1 = require("./scanners/docker-scanner");
|
|
18
18
|
Object.defineProperty(exports, "scanDocker", { enumerable: true, get: function () { return docker_scanner_1.scanDocker; } });
|
|
19
|
+
var config_fixer_1 = require("./scanners/config-fixer");
|
|
20
|
+
Object.defineProperty(exports, "autoFixConfig", { enumerable: true, get: function () { return config_fixer_1.autoFixConfig; } });
|
|
21
|
+
Object.defineProperty(exports, "printFixDiff", { enumerable: true, get: function () { return config_fixer_1.printFixDiff; } });
|
|
19
22
|
// Re-export command for programmatic usage
|
|
20
23
|
// Note: program is not exported due to circular dependency
|
|
21
24
|
// Use cli module directly for programmatic access
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B,2DAA2D;;;AAE3D,4DAAuD;AAA9C,4GAAA,UAAU,OAAA;AACnB,4DAAwD;AAA/C,6GAAA,WAAW,OAAA;AACpB,gEAA6D;AAApD,kHAAA,cAAc,OAAA;AACvB,wDAAsE;AAA7D,2GAAA,UAAU,OAAA;AAAE,iHAAA,gBAAgB,OAAA;AACrC,yCAAwC;AAA/B,gGAAA,MAAM,OAAA;AACf,4DAAuD;AAA9C,4GAAA,UAAU,OAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B,2DAA2D;;;AAE3D,4DAAuD;AAA9C,4GAAA,UAAU,OAAA;AACnB,4DAAwD;AAA/C,6GAAA,WAAW,OAAA;AACpB,gEAA6D;AAApD,kHAAA,cAAc,OAAA;AACvB,wDAAsE;AAA7D,2GAAA,UAAU,OAAA;AAAE,iHAAA,gBAAgB,OAAA;AACrC,yCAAwC;AAA/B,gGAAA,MAAM,OAAA;AACf,4DAAuD;AAA9C,4GAAA,UAAU,OAAA;AACnB,wDAAsE;AAA7D,6GAAA,aAAa,OAAA;AAAE,4GAAA,YAAY,OAAA;AAGpC,2CAA2C;AAC3C,2DAA2D;AAC3D,kDAAkD"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Config Auto-Fixer for MCP Audit
|
|
3
|
+
*
|
|
4
|
+
* Reads MCP config files, applies security fixes based on detected issues,
|
|
5
|
+
* and outputs patched versions. Supports dry-run mode (default) and in-place fixes.
|
|
6
|
+
*
|
|
7
|
+
* Fixes applied:
|
|
8
|
+
* - Pin unpinned npx/uvx/pip package versions to latest
|
|
9
|
+
* - Restrict root filesystem access to project directory
|
|
10
|
+
* - Remove dangerous flags (--allow-all, --no-sandbox, --privileged, --auto-approve)
|
|
11
|
+
* - Upgrade HTTP URLs to HTTPS for remote servers
|
|
12
|
+
* - Add version pinning recommendation comments (YAML only)
|
|
13
|
+
* - Fix overly permissive file permissions (chmod 600)
|
|
14
|
+
*/
|
|
15
|
+
export interface FixOptions {
|
|
16
|
+
dryRun?: boolean;
|
|
17
|
+
inPlace?: boolean;
|
|
18
|
+
output?: string;
|
|
19
|
+
quiet?: boolean;
|
|
20
|
+
}
|
|
21
|
+
export interface FixResult {
|
|
22
|
+
file: string;
|
|
23
|
+
fixesApplied: FixDetail[];
|
|
24
|
+
fixedConfig: string;
|
|
25
|
+
originalConfig: string;
|
|
26
|
+
}
|
|
27
|
+
export interface FixDetail {
|
|
28
|
+
server: string;
|
|
29
|
+
field: string;
|
|
30
|
+
oldValue: string;
|
|
31
|
+
newValue: string;
|
|
32
|
+
reason: string;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Run auto-fix on all found MCP config files
|
|
36
|
+
*/
|
|
37
|
+
export declare function autoFixConfig(options?: FixOptions): Promise<FixResult[]>;
|
|
38
|
+
/**
|
|
39
|
+
* Print a human-readable diff of fixes
|
|
40
|
+
*/
|
|
41
|
+
export declare function printFixDiff(results: FixResult[]): void;
|
|
42
|
+
//# sourceMappingURL=config-fixer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config-fixer.d.ts","sourceRoot":"","sources":["../../src/scanners/config-fixer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AASH,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,SAAS,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AAmCD;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,GAAE,UAAe,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA6BlF;AAyMD;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAgBvD"}
|
|
@@ -0,0 +1,284 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Config Auto-Fixer for MCP Audit
|
|
4
|
+
*
|
|
5
|
+
* Reads MCP config files, applies security fixes based on detected issues,
|
|
6
|
+
* and outputs patched versions. Supports dry-run mode (default) and in-place fixes.
|
|
7
|
+
*
|
|
8
|
+
* Fixes applied:
|
|
9
|
+
* - Pin unpinned npx/uvx/pip package versions to latest
|
|
10
|
+
* - Restrict root filesystem access to project directory
|
|
11
|
+
* - Remove dangerous flags (--allow-all, --no-sandbox, --privileged, --auto-approve)
|
|
12
|
+
* - Upgrade HTTP URLs to HTTPS for remote servers
|
|
13
|
+
* - Add version pinning recommendation comments (YAML only)
|
|
14
|
+
* - Fix overly permissive file permissions (chmod 600)
|
|
15
|
+
*/
|
|
16
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
17
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
18
|
+
};
|
|
19
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
20
|
+
exports.autoFixConfig = autoFixConfig;
|
|
21
|
+
exports.printFixDiff = printFixDiff;
|
|
22
|
+
const fs_extra_1 = __importDefault(require("fs-extra"));
|
|
23
|
+
const path_1 = __importDefault(require("path"));
|
|
24
|
+
const js_yaml_1 = __importDefault(require("js-yaml"));
|
|
25
|
+
const chalk_1 = __importDefault(require("chalk"));
|
|
26
|
+
const logger_1 = require("../utils/logger");
|
|
27
|
+
const STANDARD_CONFIG_PATHS = [
|
|
28
|
+
'claude_desktop_config.json',
|
|
29
|
+
'.cursor/mcp.json',
|
|
30
|
+
'.vscode/mcp.json',
|
|
31
|
+
'mcp.json',
|
|
32
|
+
'~/.config/claude/claude_desktop_config.json',
|
|
33
|
+
'~/.cursor/mcp.json',
|
|
34
|
+
];
|
|
35
|
+
// Flags that are dangerous and should be removed
|
|
36
|
+
const DANGEROUS_FLAGS = [
|
|
37
|
+
/--allow-all/i,
|
|
38
|
+
/--no-sandbox/i,
|
|
39
|
+
/--privileged/i,
|
|
40
|
+
/--auto-?approve/i,
|
|
41
|
+
/--yes/i,
|
|
42
|
+
/-y/i,
|
|
43
|
+
/--no-?confirm/i,
|
|
44
|
+
];
|
|
45
|
+
/**
|
|
46
|
+
* Run auto-fix on all found MCP config files
|
|
47
|
+
*/
|
|
48
|
+
async function autoFixConfig(options = {}) {
|
|
49
|
+
const dryRun = options.dryRun !== false && !options.inPlace;
|
|
50
|
+
const results = [];
|
|
51
|
+
for (const configPath of STANDARD_CONFIG_PATHS) {
|
|
52
|
+
const fullPath = expandPath(configPath);
|
|
53
|
+
if (!fs_extra_1.default.existsSync(fullPath))
|
|
54
|
+
continue;
|
|
55
|
+
const result = await fixConfigFile(fullPath, options);
|
|
56
|
+
if (result) {
|
|
57
|
+
results.push(result);
|
|
58
|
+
if (options.inPlace && !options.quiet) {
|
|
59
|
+
logger_1.logger.info(`🔒 Applied ${result.fixesApplied.length} fix(es) to ${fullPath}`);
|
|
60
|
+
}
|
|
61
|
+
else if (!options.quiet) {
|
|
62
|
+
logger_1.logger.info(`🔍 Found ${result.fixesApplied.length} fix(es) for ${fullPath} (dry run)`);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
// Fix file permissions for config files with secrets
|
|
67
|
+
for (const configPath of STANDARD_CONFIG_PATHS) {
|
|
68
|
+
const fullPath = expandPath(configPath);
|
|
69
|
+
if (!fs_extra_1.default.existsSync(fullPath))
|
|
70
|
+
continue;
|
|
71
|
+
fixFilePermissions(fullPath, dryRun, options);
|
|
72
|
+
}
|
|
73
|
+
return results;
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Fix a single config file
|
|
77
|
+
*/
|
|
78
|
+
async function fixConfigFile(filePath, options = {}) {
|
|
79
|
+
const dryRun = options.dryRun !== false && !options.inPlace;
|
|
80
|
+
const content = await fs_extra_1.default.readFile(filePath, 'utf8');
|
|
81
|
+
const isJSON = filePath.endsWith('.json');
|
|
82
|
+
let config;
|
|
83
|
+
try {
|
|
84
|
+
if (isJSON) {
|
|
85
|
+
config = JSON.parse(content);
|
|
86
|
+
}
|
|
87
|
+
else {
|
|
88
|
+
config = js_yaml_1.default.load(content);
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
catch {
|
|
92
|
+
logger_1.logger.error(`Cannot parse ${filePath}, skipping`);
|
|
93
|
+
return null;
|
|
94
|
+
}
|
|
95
|
+
const fixes = [];
|
|
96
|
+
// Get server entries
|
|
97
|
+
const servers = config.mcpServers || {};
|
|
98
|
+
for (const [name, server] of Object.entries(servers)) {
|
|
99
|
+
if (!server || typeof server !== 'object')
|
|
100
|
+
continue;
|
|
101
|
+
// Fix 1: Remove dangerous flags from args
|
|
102
|
+
if (server.args && Array.isArray(server.args)) {
|
|
103
|
+
const cleanedArgs = [];
|
|
104
|
+
let removedFlags = [];
|
|
105
|
+
for (const arg of server.args) {
|
|
106
|
+
const isDangerous = DANGEROUS_FLAGS.some(pattern => pattern.test(arg));
|
|
107
|
+
if (isDangerous) {
|
|
108
|
+
removedFlags.push(arg);
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
cleanedArgs.push(arg);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
if (removedFlags.length > 0) {
|
|
115
|
+
fixes.push({
|
|
116
|
+
server: name,
|
|
117
|
+
field: 'args',
|
|
118
|
+
oldValue: JSON.stringify(server.args),
|
|
119
|
+
newValue: JSON.stringify(cleanedArgs),
|
|
120
|
+
reason: `Removed dangerous flags: ${removedFlags.join(', ')}`,
|
|
121
|
+
});
|
|
122
|
+
server.args = cleanedArgs;
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
// Fix 2: Pin unpinned package versions
|
|
126
|
+
if (server.command && (server.command.includes('npx') || server.command.includes('uvx'))) {
|
|
127
|
+
if (server.args && Array.isArray(server.args)) {
|
|
128
|
+
const pkgIndex = server.args.findIndex(a => !a.startsWith('-'));
|
|
129
|
+
if (pkgIndex !== -1) {
|
|
130
|
+
const pkg = server.args[pkgIndex];
|
|
131
|
+
const hasVersion = /@\d/.test(pkg);
|
|
132
|
+
if (!hasVersion) {
|
|
133
|
+
const pinnedPkg = `${pkg}@latest`; // Will be resolved to specific version
|
|
134
|
+
fixes.push({
|
|
135
|
+
server: name,
|
|
136
|
+
field: `args[${pkgIndex}]`,
|
|
137
|
+
oldValue: pkg,
|
|
138
|
+
newValue: pinnedPkg,
|
|
139
|
+
reason: 'Pin package version to prevent supply-chain attacks',
|
|
140
|
+
});
|
|
141
|
+
server.args[pkgIndex] = pinnedPkg;
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
// Fix 3: Restrict root filesystem access
|
|
147
|
+
if (server.args && Array.isArray(server.args)) {
|
|
148
|
+
const restrictedArgs = server.args.map((arg, idx) => {
|
|
149
|
+
if (arg === '/' || arg === '*') {
|
|
150
|
+
fixes.push({
|
|
151
|
+
server: name,
|
|
152
|
+
field: `args[${idx}]`,
|
|
153
|
+
oldValue: arg,
|
|
154
|
+
newValue: './',
|
|
155
|
+
reason: 'Restrict filesystem access from root to current directory',
|
|
156
|
+
});
|
|
157
|
+
return './';
|
|
158
|
+
}
|
|
159
|
+
if (arg === '/*' || arg === '~/*') {
|
|
160
|
+
fixes.push({
|
|
161
|
+
server: name,
|
|
162
|
+
field: `args[${idx}]`,
|
|
163
|
+
oldValue: arg,
|
|
164
|
+
newValue: './',
|
|
165
|
+
reason: 'Restrict filesystem access to current directory',
|
|
166
|
+
});
|
|
167
|
+
return './';
|
|
168
|
+
}
|
|
169
|
+
return arg;
|
|
170
|
+
});
|
|
171
|
+
server.args = restrictedArgs;
|
|
172
|
+
}
|
|
173
|
+
// Fix 4: Upgrade HTTP to HTTPS for remote URLs
|
|
174
|
+
if (server.url && !server.url.includes('localhost') && !server.url.includes('127.0.0.1')) {
|
|
175
|
+
if (server.url.startsWith('http://')) {
|
|
176
|
+
const newUrl = server.url.replace('http://', 'https://');
|
|
177
|
+
fixes.push({
|
|
178
|
+
server: name,
|
|
179
|
+
field: 'url',
|
|
180
|
+
oldValue: server.url,
|
|
181
|
+
newValue: newUrl,
|
|
182
|
+
reason: 'Upgrade to HTTPS to prevent MITM attacks',
|
|
183
|
+
});
|
|
184
|
+
server.url = newUrl;
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
// Fix 5: Redact plaintext secrets, replace with env reference
|
|
188
|
+
if (server.env && typeof server.env === 'object') {
|
|
189
|
+
const sensitivePatterns = ['SECRET', 'KEY', 'PASSWORD', 'TOKEN', 'API_KEY', 'PRIVATE', 'CREDENTIAL'];
|
|
190
|
+
for (const [key, value] of Object.entries(server.env)) {
|
|
191
|
+
if (sensitivePatterns.some(p => key.toUpperCase().includes(p)) &&
|
|
192
|
+
typeof value === 'string' &&
|
|
193
|
+
value.length > 0 &&
|
|
194
|
+
!value.startsWith('$(') &&
|
|
195
|
+
!value.startsWith('${') &&
|
|
196
|
+
!value.startsWith('process.env')) {
|
|
197
|
+
fixes.push({
|
|
198
|
+
server: name,
|
|
199
|
+
field: `env.${key}`,
|
|
200
|
+
oldValue: '[REDACTED]',
|
|
201
|
+
newValue: `${key}_PLACEHOLDER`,
|
|
202
|
+
reason: `Plaintext secret detected in ${key} — replace with env reference or keychain`,
|
|
203
|
+
});
|
|
204
|
+
server.env[key] = `${key}_PLACEHOLDER`;
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
if (fixes.length === 0) {
|
|
210
|
+
return null;
|
|
211
|
+
}
|
|
212
|
+
// Serialize fixed config
|
|
213
|
+
let fixedConfig;
|
|
214
|
+
if (isJSON) {
|
|
215
|
+
fixedConfig = JSON.stringify(config, null, 2) + '\n';
|
|
216
|
+
}
|
|
217
|
+
else {
|
|
218
|
+
fixedConfig = js_yaml_1.default.dump(config, { lineWidth: 120, noRefs: true });
|
|
219
|
+
}
|
|
220
|
+
// Write output
|
|
221
|
+
if (!dryRun) {
|
|
222
|
+
const outputPath = options.output || (options.inPlace ? filePath : null);
|
|
223
|
+
if (outputPath) {
|
|
224
|
+
await fs_extra_1.default.writeFile(outputPath, fixedConfig, 'utf8');
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
return {
|
|
228
|
+
file: filePath,
|
|
229
|
+
fixesApplied: fixes,
|
|
230
|
+
fixedConfig,
|
|
231
|
+
originalConfig: content,
|
|
232
|
+
};
|
|
233
|
+
}
|
|
234
|
+
/**
|
|
235
|
+
* Fix file permissions on config files
|
|
236
|
+
*/
|
|
237
|
+
function fixFilePermissions(filePath, dryRun, options = {}) {
|
|
238
|
+
try {
|
|
239
|
+
const stat = fs_extra_1.default.statSync(filePath);
|
|
240
|
+
const mode = stat.mode & 0o777;
|
|
241
|
+
const isWorldWritable = mode & 0o002;
|
|
242
|
+
const isWorldReadable = mode & 0o004;
|
|
243
|
+
const needsFix = isWorldWritable || isWorldReadable;
|
|
244
|
+
if (needsFix) {
|
|
245
|
+
if (!dryRun) {
|
|
246
|
+
fs_extra_1.default.chmodSync(filePath, 0o600);
|
|
247
|
+
if (!options.quiet) {
|
|
248
|
+
logger_1.logger.info(`🔒 Fixed permissions on ${filePath}: ${mode.toString(8)} → 600`);
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
else if (!options.quiet) {
|
|
252
|
+
logger_1.logger.info(`🔍 Would fix permissions on ${filePath}: ${mode.toString(8)} → 600 (dry run)`);
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
catch {
|
|
257
|
+
// Best effort
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
/**
|
|
261
|
+
* Print a human-readable diff of fixes
|
|
262
|
+
*/
|
|
263
|
+
function printFixDiff(results) {
|
|
264
|
+
for (const result of results) {
|
|
265
|
+
console.log(chalk_1.default.bold(`\n📄 ${result.file}`));
|
|
266
|
+
console.log(chalk_1.default.dim('─'.repeat(60)));
|
|
267
|
+
for (const fix of result.fixesApplied) {
|
|
268
|
+
console.log(` ${chalk_1.default.yellow('⚠')} ${chalk_1.default.cyan(fix.server)}.${chalk_1.default.white(fix.field)}`);
|
|
269
|
+
console.log(` ${chalk_1.default.red('-')} ${fix.oldValue}`);
|
|
270
|
+
console.log(` ${chalk_1.default.green('+')} ${fix.newValue}`);
|
|
271
|
+
console.log(` ${chalk_1.default.dim(`→ ${fix.reason}`)}`);
|
|
272
|
+
}
|
|
273
|
+
if (result.fixesApplied.length > 0) {
|
|
274
|
+
console.log(chalk_1.default.dim(`\n ${result.fixesApplied.length} fix(es) total`));
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
function expandPath(p) {
|
|
279
|
+
if (p.startsWith('~/')) {
|
|
280
|
+
return path_1.default.join(process.env.HOME || '', p.slice(2));
|
|
281
|
+
}
|
|
282
|
+
return p;
|
|
283
|
+
}
|
|
284
|
+
//# sourceMappingURL=config-fixer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config-fixer.js","sourceRoot":"","sources":["../../src/scanners/config-fixer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;AAmEH,sCA6BC;AA4MD,oCAgBC;AA1TD,wDAA0B;AAC1B,gDAAwB;AACxB,sDAA2B;AAC3B,kDAA0B;AAC1B,4CAAyC;AAsCzC,MAAM,qBAAqB,GAAG;IAC5B,4BAA4B;IAC5B,kBAAkB;IAClB,kBAAkB;IAClB,UAAU;IACV,6CAA6C;IAC7C,oBAAoB;CACrB,CAAC;AAEF,iDAAiD;AACjD,MAAM,eAAe,GAAG;IACtB,cAAc;IACd,eAAe;IACf,eAAe;IACf,kBAAkB;IAClB,QAAQ;IACR,KAAK;IACL,gBAAgB;CACjB,CAAC;AAEF;;GAEG;AACI,KAAK,UAAU,aAAa,CAAC,UAAsB,EAAE;IAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;IAC5D,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,UAAU,IAAI,qBAAqB,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,CAAC,kBAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACtD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACtC,eAAM,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,YAAY,CAAC,MAAM,eAAe,QAAQ,EAAE,CAAC,CAAC;YACjF,CAAC;iBAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC1B,eAAM,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,YAAY,CAAC,MAAM,gBAAgB,QAAQ,YAAY,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,KAAK,MAAM,UAAU,IAAI,qBAAqB,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,CAAC,kBAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,QAAgB,EAAE,UAAsB,EAAE;IACrE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;IAC5D,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAE1C,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,iBAAI,CAAC,IAAI,CAAC,OAAO,CAAc,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,eAAM,CAAC,KAAK,CAAC,gBAAgB,QAAQ,YAAY,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,qBAAqB;IACrB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IAExC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QAEpD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAa,EAAE,CAAC;YACjC,IAAI,YAAY,GAAa,EAAE,CAAC;YAEhC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC9B,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,IAAI,WAAW,EAAE,CAAC;oBAChB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACzB,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;YAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,KAAK,CAAC,IAAI,CAAC;oBACT,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,MAAM;oBACb,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;oBACrC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;oBACrC,MAAM,EAAE,4BAA4B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAC9D,CAAC,CAAC;gBACH,MAAM,CAAC,IAAI,GAAG,WAAW,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACzF,IAAI,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;gBAChE,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;oBACpB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAClC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAEnC,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,SAAS,GAAG,GAAG,GAAG,SAAS,CAAC,CAAC,uCAAuC;wBAC1E,KAAK,CAAC,IAAI,CAAC;4BACT,MAAM,EAAE,IAAI;4BACZ,KAAK,EAAE,QAAQ,QAAQ,GAAG;4BAC1B,QAAQ,EAAE,GAAG;4BACb,QAAQ,EAAE,SAAS;4BACnB,MAAM,EAAE,qDAAqD;yBAC9D,CAAC,CAAC;wBACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;oBAC/B,KAAK,CAAC,IAAI,CAAC;wBACT,MAAM,EAAE,IAAI;wBACZ,KAAK,EAAE,QAAQ,GAAG,GAAG;wBACrB,QAAQ,EAAE,GAAG;wBACb,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,2DAA2D;qBACpE,CAAC,CAAC;oBACH,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;oBAClC,KAAK,CAAC,IAAI,CAAC;wBACT,MAAM,EAAE,IAAI;wBACZ,KAAK,EAAE,QAAQ,GAAG,GAAG;wBACrB,QAAQ,EAAE,GAAG;wBACb,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,iDAAiD;qBAC1D,CAAC,CAAC;oBACH,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,GAAG,CAAC;YACb,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,GAAG,cAAc,CAAC;QAC/B,CAAC;QAED,+CAA+C;QAC/C,IAAI,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACzF,IAAI,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;gBACzD,KAAK,CAAC,IAAI,CAAC;oBACT,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,KAAK;oBACZ,QAAQ,EAAE,MAAM,CAAC,GAAG;oBACpB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,0CAA0C;iBACnD,CAAC,CAAC;gBACH,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC;YACtB,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,IAAI,MAAM,CAAC,GAAG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACjD,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;YACrG,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,IACE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBAC1D,OAAO,KAAK,KAAK,QAAQ;oBACzB,KAAK,CAAC,MAAM,GAAG,CAAC;oBAChB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;oBACvB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;oBACvB,CAAC,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,EAChC,CAAC;oBACD,KAAK,CAAC,IAAI,CAAC;wBACT,MAAM,EAAE,IAAI;wBACZ,KAAK,EAAE,OAAO,GAAG,EAAE;wBACnB,QAAQ,EAAE,YAAY;wBACtB,QAAQ,EAAE,GAAG,GAAG,cAAc;wBAC9B,MAAM,EAAE,gCAAgC,GAAG,2CAA2C;qBACvF,CAAC,CAAC;oBACH,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,cAAc,CAAC;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB;IACzB,IAAI,WAAmB,CAAC;IACxB,IAAI,MAAM,EAAE,CAAC;QACX,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,iBAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,eAAe;IACf,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzE,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,KAAK;QACnB,WAAW;QACX,cAAc,EAAE,OAAO;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,QAAgB,EAAE,MAAe,EAAE,UAAsB,EAAE;IACrF,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,kBAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC;QAC/B,MAAM,eAAe,GAAG,IAAI,GAAG,KAAK,CAAC;QACrC,MAAM,eAAe,GAAG,IAAI,GAAG,KAAK,CAAC;QACrC,MAAM,QAAQ,GAAG,eAAe,IAAI,eAAe,CAAC;QAEpD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,kBAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC9B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;oBACnB,eAAM,CAAC,IAAI,CAAC,2BAA2B,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAChF,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC1B,eAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,OAAoB;IAC/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,eAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC1F,OAAO,CAAC,GAAG,CAAC,OAAO,eAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,OAAO,eAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,OAAO,eAAK,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,YAAY,CAAC,MAAM,gBAAgB,CAAC,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sulthonzh/mcp-audit",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.1",
|
|
4
4
|
"description": "Security scanner for MCP (Model Context Protocol) servers",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -74,4 +74,4 @@
|
|
|
74
74
|
"url": "https://github.com/sulthonzh/mcp-audit/issues"
|
|
75
75
|
},
|
|
76
76
|
"homepage": "https://github.com/sulthonzh/mcp-audit#readme"
|
|
77
|
-
}
|
|
77
|
+
}
|