@sulthonzh/mcp-audit 1.1.0

package/dist/reporter/report-generator.js

@@ -0,0 +1,240 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateReport = generateReport;
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const path_1 = __importDefault(require("path"));
+const chalk_1 = __importDefault(require("chalk"));
+const logger_1 = require("../utils/logger");
+async function generateReport(result, outputPath) {
+    logger_1.logger.info('Generating security report...');
+    const options = {
+        format: determineFormat(outputPath),
+        output: outputPath
+    };
+    switch (options.format) {
+        case 'json':
+            await generateJsonReport(result, options.output);
+            break;
+        case 'table':
+            await generateTableReport(result, options.output);
+            break;
+        case 'summary':
+            await generateSummaryReport(result, options.output);
+            break;
+        case 'sarif':
+            await (0, sarif_reporter_1.generateSarifReport)(result, options.output);
+            break;
+    }
+}
+function determineFormat(outputPath) {
+    if (!outputPath)
+        return 'table'; // Default to table for console output
+    const ext = path_1.default.extname(outputPath).toLowerCase();
+    switch (ext) {
+        case '.json':
+            return 'json';
+        case '.sarif':
+            return 'sarif';
+        case '.txt':
+        case '.md':
+            return 'summary';
+        default:
+            return 'table';
+    }
+}
+async function generateJsonReport(result, outputPath) {
+    const report = {
+        metadata: {
+            scannedAt: result.timestamp,
+            scanType: result.scanType,
+            target: result.target,
+            toolVersion: '1.0.0'
+        },
+        score: result.score,
+        summary: result.summary,
+        issues: result.issues.map(issue => ({
+            ...issue,
+            severity: issue.type
+        })),
+        recommendations: generateRecommendations(result)
+    };
+    const output = JSON.stringify(report, null, 2);
+    if (outputPath) {
+        await fs_extra_1.default.writeFile(outputPath, output);
+        logger_1.logger.success(`JSON report saved to: ${outputPath}`);
+    }
+    else {
+        console.log(output);
+    }
+}
+async function generateTableReport(result, outputPath) {
+    const report = createTableReport(result);
+    const output = report;
+    if (outputPath) {
+        await fs_extra_1.default.writeFile(outputPath, output);
+        logger_1.logger.success(`Table report saved to: ${outputPath}`);
+    }
+    else {
+        console.log(report);
+    }
+}
+async function generateSummaryReport(result, outputPath) {
+    const report = createSummaryReport(result);
+    const output = report;
+    if (outputPath) {
+        await fs_extra_1.default.writeFile(outputPath, output);
+        logger_1.logger.success(`Summary report saved to: ${outputPath}`);
+    }
+    else {
+        console.log(report);
+    }
+}
+function createTableReport(result) {
+    let output = '';
+    // Header
+    output += chalk_1.default.bold.blue(`\n🔍 MCP Security Report\n`);
+    output += chalk_1.default.gray(`┌${'─'.repeat(70)}┐\n`);
+    output += chalk_1.default.gray(`│ Target: ${chalk_1.default.white(result.target.padEnd(56))}│\n`);
+    output += chalk_1.default.gray(`│ Scan Type: ${chalk_1.default.white(result.scanType.padEnd(53))}│\n`);
+    output += chalk_1.default.gray(`│ Timestamp: ${chalk_1.default.white(result.timestamp.padEnd(51))}│\n`);
+    output += chalk_1.default.gray(`└${'─'.repeat(70)}┘\n\n`);
+    // Score
+    const scoreColor = result.score >= 80 ? chalk_1.default.green :
+        result.score >= 50 ? chalk_1.default.yellow : chalk_1.default.red;
+    output += scoreColor(`🎯 Security Score: ${result.score}/100\n\n`);
+    // Summary
+    output += chalk_1.default.bold('📊 Summary:\n');
+    output += `  📁 Config Files Found: ${result.summary.configFilesFound}\n`;
+    output += `  🔴 High Risk Issues: ${result.summary.highRiskIssues}\n`;
+    output += `  🟡 Medium Risk Issues: ${result.summary.mediumRiskIssues}\n`;
+    output += `  🔵 Low Risk Issues: ${result.summary.lowRiskIssues}\n\n`;
+    // Issues
+    if (result.issues.length > 0) {
+        output += chalk_1.default.bold('🚨 Security Issues:\n\n');
+        result.issues.forEach((issue, index) => {
+            const severityColor = issue.type === 'high' ? chalk_1.default.red :
+                issue.type === 'medium' ? chalk_1.default.yellow : chalk_1.default.blue;
+            output += `${index + 1}. ${severityColor(issue.title)}\n`;
+            output += `   Type: ${issue.category}\n`;
+            output += `   Description: ${issue.description}\n`;
+            output += `   Recommendation: ${issue.recommendation}\n`;
+            if (issue.evidence) {
+                output += `   Evidence: ${issue.evidence}\n`;
+            }
+            output += '\n';
+        });
+    }
+    else {
+        output += chalk_1.default.green('✅ No security issues detected!\n\n');
+    }
+    // Recommendations
+    output += chalk_1.default.bold('💡 Recommendations:\n');
+    output += generateRecommendations(result).join('\n');
+    output += '\n';
+    return output;
+}
+function createSummaryReport(result) {
+    let output = '';
+    // Header
+    output += `# MCP Security Report\n\n`;
+    output += `**Target:** ${result.target}\n`;
+    output += `**Scan Type:** ${result.scanType}\n`;
+    output += `**Date:** ${result.timestamp}\n\n`;
+    // Score
+    output += `## 🎯 Security Score: ${result.score}/100\n\n`;
+    const scoreLevel = result.score >= 80 ? 'Good' :
+        result.score >= 50 ? 'Medium' : 'Poor';
+    output += `**Level:** ${scoreLevel}\n\n`;
+    // Summary
+    output += `## 📊 Summary\n\n`;
+    output += `- **Config Files Found:** ${result.summary.configFilesFound}\n`;
+    output += `- **High Risk Issues:** ${result.summary.highRiskIssues}\n`;
+    output += `- **Medium Risk Issues:** ${result.summary.mediumRiskIssues}\n`;
+    output += `- **Low Risk Issues:** ${result.summary.lowRiskIssues}\n\n`;
+    // Issues
+    if (result.issues.length > 0) {
+        output += `## 🚨 Security Issues\n\n`;
+        const issuesByType = result.issues.reduce((acc, issue) => {
+            if (!acc[issue.type])
+                acc[issue.type] = [];
+            acc[issue.type].push(issue);
+            return acc;
+        }, {});
+        Object.entries(issuesByType).forEach(([type, issues]) => {
+            const severity = type === 'high' ? 'High' : type === 'medium' ? 'Medium' : 'Low';
+            output += `### ${severity} Priority Issues\n\n`;
+            issues.forEach((issue, index) => {
+                output += `${index + 1}. **${issue.title}**\n`;
+                output += `   - **Type:** ${issue.category}\n`;
+                output += `   - **Description:** ${issue.description}\n`;
+                output += `   - **Recommendation:** ${issue.recommendation}\n`;
+                if (issue.evidence) {
+                    output += `   - **Evidence:** ${issue.evidence}\n`;
+                }
+                output += '\n';
+            });
+        });
+    }
+    else {
+        output += `## ✅ No Security Issues\n\n`;
+        output += `No security issues were detected during the scan.\n\n`;
+    }
+    // Recommendations
+    output += `## 💡 Recommendations\n\n`;
+    generateRecommendations(result).forEach(rec => {
+        output += `- ${rec}\n`;
+    });
+    output += '\n';
+    // Next Steps
+    output += `## 🚀 Next Steps\n\n`;
+    output += `1. **Address High Priority Issues:** Fix all high-risk issues immediately\n`;
+    output += `2. **Monitor Medium Priority Issues:** Schedule fixes for medium-risk issues\n`;
+    output += `3. **Regular Scans:** Run MCP Audit regularly as part of your development workflow\n`;
+    output += `4. **CI Integration:** Add MCP Audit to your CI/CD pipeline\n`;
+    output += `5. **Stay Updated:** Keep MCP Audit updated to get the latest vulnerability database\n\n`;
+    return output;
+}
+// Import SARIF reporter
+const sarif_reporter_1 = require("../reporters/sarif-reporter");
+function generateRecommendations(result) {
+    const recommendations = [];
+    // High-level recommendations based on score
+    if (result.score < 50) {
+        recommendations.push('⚠️ **Critical:** Security score is very low. Review and fix all issues immediately.');
+    }
+    else if (result.score < 80) {
+        recommendations.push('⚠️ **Attention:** Security score needs improvement. Address medium and high-risk issues.');
+    }
+    else {
+        recommendations.push('✅ **Good:** Security score is acceptable. Continue regular monitoring.');
+    }
+    // Specific recommendations based on issues
+    const highRiskIssues = result.issues.filter(issue => issue.type === 'high');
+    const mediumRiskIssues = result.issues.filter(issue => issue.type === 'medium');
+    const configIssues = result.issues.filter(issue => issue.category === 'config');
+    const permissionIssues = result.issues.filter(issue => issue.category === 'permissions');
+    if (highRiskIssues.length > 0) {
+        recommendations.push(`🔴 **Priority:** Address ${highRiskIssues.length} high-risk issues first.`);
+    }
+    if (configIssues.length > 0) {
+        recommendations.push(`📁 **Configuration:** Review MCP configuration settings for security best practices.`);
+    }
+    if (permissionIssues.length > 0) {
+        recommendations.push(`🔐 **Permissions:** Audit file system and network access permissions.`);
+    }
+    if (result.scanType === 'config' && result.summary.configFilesFound === 0) {
+        recommendations.push('🔍 **Discovery:** No MCP configuration files found. Check alternative locations.');
+    }
+    if (result.score === 100 && result.issues.length === 0) {
+        recommendations.push('🎉 **Excellent:** No security issues detected. Keep up good security practices!');
+    }
+    // General recommendations
+    recommendations.push('🔄 **Regular Scans:** Run MCP Audit regularly to maintain security posture.');
+    recommendations.push('🔗 **CI Integration:** Integrate MCP Audit into your CI/CD pipeline for automated scanning.');
+    recommendations.push('📚 **Documentation:** Keep your MCP server documentation up to date with security considerations.');
+    return recommendations;
+}
+//# sourceMappingURL=report-generator.js.map

package/dist/reporter/report-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-generator.js","sourceRoot":"","sources":["../../src/reporter/report-generator.ts"],"names":[],"mappings":";;;;;AAYA,wCAsBC;AAlCD,wDAA0B;AAC1B,gDAAwB;AACxB,kDAA0B;AAG1B,4CAAyC;AAOlC,KAAK,UAAU,cAAc,CAAC,MAAsB,EAAE,UAAmB;IAC9E,eAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAE7C,MAAM,OAAO,GAAkB;QAC7B,MAAM,EAAE,eAAe,CAAC,UAAU,CAAC;QACnC,MAAM,EAAE,UAAU;KACnB,CAAC;IAEF,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,MAAM;YACT,MAAM,kBAAkB,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM;QACR,KAAK,OAAO;YACV,MAAM,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAClD,MAAM;QACR,KAAK,SAAS;YACZ,MAAM,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YACpD,MAAM;QACR,KAAK,OAAO;YACV,MAAM,IAAA,oCAAmB,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAClD,MAAM;IACV,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,UAAmB;IAC1C,IAAI,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,CAAC,sCAAsC;IAEvE,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;IACnD,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,OAAO,MAAM,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,OAAO,CAAC;QACjB,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK;YACR,OAAO,SAAS,CAAC;QACnB;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,MAAsB,EAAE,UAAmB;IAC3E,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE;YACR,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,WAAW,EAAE,OAAO;SACrB;QACD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAClC,GAAG,KAAK;YACR,QAAQ,EAAE,KAAK,CAAC,IAAI;SACrB,CAAC,CAAC;QACH,eAAe,EAAE,uBAAuB,CAAC,MAAM,CAAC;KACjD,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAE/C,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACvC,eAAM,CAAC,OAAO,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAsB,EAAE,UAAmB;IAC5E,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACvC,eAAM,CAAC,OAAO,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,MAAsB,EAAE,UAAmB;IAC9E,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACvC,eAAM,CAAC,OAAO,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAsB;IAC/C,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,SAAS;IACT,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACxD,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,aAAa,eAAK,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9E,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,gBAAgB,eAAK,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;IACnF,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,gBAAgB,eAAK,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;IACpF,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;IAEhD,QAAQ;IACR,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,eAAK,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,eAAK,CAAC,MAAM,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC;IACjE,MAAM,IAAI,UAAU,CAAC,sBAAsB,MAAM,CAAC,KAAK,UAAU,CAAC,CAAC;IAEnE,UAAU;IACV,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACtC,MAAM,IAAI,4BAA4B,MAAM,CAAC,OAAO,CAAC,gBAAgB,IAAI,CAAC;IAC1E,MAAM,IAAI,0BAA0B,MAAM,CAAC,OAAO,CAAC,cAAc,IAAI,CAAC;IACtE,MAAM,IAAI,4BAA4B,MAAM,CAAC,OAAO,CAAC,gBAAgB,IAAI,CAAC;IAC1E,MAAM,IAAI,yBAAyB,MAAM,CAAC,OAAO,CAAC,aAAa,MAAM,CAAC;IAEtE,SAAS;IACT,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAEhD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACrC,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC,CAAC;gBACrC,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,eAAK,CAAC,MAAM,CAAC,CAAC,CAAC,eAAK,CAAC,IAAI,CAAC;YAExE,MAAM,IAAI,GAAG,KAAK,GAAG,CAAC,KAAK,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;YAC1D,MAAM,IAAI,YAAY,KAAK,CAAC,QAAQ,IAAI,CAAC;YACzC,MAAM,IAAI,mBAAmB,KAAK,CAAC,WAAW,IAAI,CAAC;YACnD,MAAM,IAAI,sBAAsB,KAAK,CAAC,cAAc,IAAI,CAAC;YACzD,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,gBAAgB,KAAK,CAAC,QAAQ,IAAI,CAAC;YAC/C,CAAC;YACD,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,eAAK,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAC9D,CAAC;IAED,kBAAkB;IAClB,MAAM,IAAI,eAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAC9C,MAAM,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,IAAI,IAAI,CAAC;IAEf,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAsB;IACjD,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,SAAS;IACT,MAAM,IAAI,2BAA2B,CAAC;IACtC,MAAM,IAAI,eAAe,MAAM,CAAC,MAAM,IAAI,CAAC;IAC3C,MAAM,IAAI,kBAAkB,MAAM,CAAC,QAAQ,IAAI,CAAC;IAChD,MAAM,IAAI,aAAa,MAAM,CAAC,SAAS,MAAM,CAAC;IAE9C,QAAQ;IACR,MAAM,IAAI,yBAAyB,MAAM,CAAC,KAAK,UAAU,CAAC;IAE1D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;IAC1D,MAAM,IAAI,cAAc,UAAU,MAAM,CAAC;IAEzC,UAAU;IACV,MAAM,IAAI,mBAAmB,CAAC;IAC9B,MAAM,IAAI,6BAA6B,MAAM,CAAC,OAAO,CAAC,gBAAgB,IAAI,CAAC;IAC3E,MAAM,IAAI,2BAA2B,MAAM,CAAC,OAAO,CAAC,cAAc,IAAI,CAAC;IACvE,MAAM,IAAI,6BAA6B,MAAM,CAAC,OAAO,CAAC,gBAAgB,IAAI,CAAC;IAC3E,MAAM,IAAI,0BAA0B,MAAM,CAAC,OAAO,CAAC,aAAa,MAAM,CAAC;IAEvE,SAAS;IACT,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,2BAA2B,CAAC;QAEtC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACvD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3C,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5B,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAqC,CAAC,CAAC;QAE1C,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE;YACtD,MAAM,QAAQ,GAAG,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;YACjF,MAAM,IAAI,OAAO,QAAQ,sBAAsB,CAAC;YAEhD,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;gBAC9B,MAAM,IAAI,GAAG,KAAK,GAAG,CAAC,OAAO,KAAK,CAAC,KAAK,MAAM,CAAC;gBAC/C,MAAM,IAAI,kBAAkB,KAAK,CAAC,QAAQ,IAAI,CAAC;gBAC/C,MAAM,IAAI,yBAAyB,KAAK,CAAC,WAAW,IAAI,CAAC;gBACzD,MAAM,IAAI,4BAA4B,KAAK,CAAC,cAAc,IAAI,CAAC;gBAC/D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACnB,MAAM,IAAI,sBAAsB,KAAK,CAAC,QAAQ,IAAI,CAAC;gBACrD,CAAC;gBACD,MAAM,IAAI,IAAI,CAAC;YACjB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,6BAA6B,CAAC;QACxC,MAAM,IAAI,uDAAuD,CAAC;IACpE,CAAC;IAED,kBAAkB;IAClB,MAAM,IAAI,2BAA2B,CAAC;IACtC,uBAAuB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,GAAG,IAAI,CAAC;IACzB,CAAC,CAAC,CAAC;IACH,MAAM,IAAI,IAAI,CAAC;IAEf,aAAa;IACb,MAAM,IAAI,sBAAsB,CAAC;IACjC,MAAM,IAAI,6EAA6E,CAAC;IACxF,MAAM,IAAI,gFAAgF,CAAC;IAC3F,MAAM,IAAI,sFAAsF,CAAC;IACjG,MAAM,IAAI,+DAA+D,CAAC;IAC1E,MAAM,IAAI,0FAA0F,CAAC;IAErG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,wBAAwB;AACxB,gEAAkE;AAElE,SAAS,uBAAuB,CAAC,MAAsB;IACrD,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,4CAA4C;IAC5C,IAAI,MAAM,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;QACtB,eAAe,CAAC,IAAI,CAAC,qFAAqF,CAAC,CAAC;IAC9G,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;QAC7B,eAAe,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC;IACnH,CAAC;SAAM,CAAC;QACN,eAAe,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACjG,CAAC;IAED,2CAA2C;IAC3C,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC5E,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAChF,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;IAEzF,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,eAAe,CAAC,IAAI,CAAC,4BAA4B,cAAc,CAAC,MAAM,0BAA0B,CAAC,CAAC;IACpG,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,eAAe,CAAC,IAAI,CAAC,sFAAsF,CAAC,CAAC;IAC/G,CAAC;IAED,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,eAAe,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IAChG,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,KAAK,CAAC,EAAE,CAAC;QAC1E,eAAe,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC;IAC3G,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,eAAe,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;IAC1G,CAAC;IAED,0BAA0B;IAC1B,eAAe,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAC;IACpG,eAAe,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAC;IACpH,eAAe,CAAC,IAAI,CAAC,mGAAmG,CAAC,CAAC;IAE1H,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/reporters/sarif-reporter.d.ts

@@ -0,0 +1,18 @@
+/**
+ * SARIF (Static Analysis Results Interchange Format) reporter for mcp-audit.
+ *
+ * Produces SARIF v2.1.0 output compatible with GitHub Code Scanning,
+ * Azure DevOps, and other SARIF-consuming tools.
+ *
+ * @see https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+ */
+import { SecurityResult } from '../types/security-result';
+/**
+ * Generate a SARIF v2.1.0 report from a SecurityResult.
+ */
+export declare function generateSarifOutput(result: SecurityResult): object;
+/**
+ * Write SARIF report to file or stdout.
+ */
+export declare function generateSarifReport(result: SecurityResult, outputPath?: string): Promise<void>;
+//# sourceMappingURL=sarif-reporter.d.ts.map

package/dist/reporters/sarif-reporter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-reporter.d.ts","sourceRoot":"","sources":["../../src/reporters/sarif-reporter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,cAAc,EAAiB,MAAM,0BAA0B,CAAC;AAgIzE;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAqClE;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,cAAc,EACtB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CASf"}

package/dist/reporters/sarif-reporter.js

@@ -0,0 +1,148 @@
+"use strict";
+/**
+ * SARIF (Static Analysis Results Interchange Format) reporter for mcp-audit.
+ *
+ * Produces SARIF v2.1.0 output compatible with GitHub Code Scanning,
+ * Azure DevOps, and other SARIF-consuming tools.
+ *
+ * @see https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSarifOutput = generateSarifOutput;
+exports.generateSarifReport = generateSarifReport;
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const logger_1 = require("../utils/logger");
+const TOOL_NAME = 'mcp-audit';
+const TOOL_VERSION = '1.0.0';
+const TOOL_INFO_URI = 'https://github.com/sulthonzh/mcp-audit';
+function severityToLevel(type) {
+    switch (type) {
+        case 'high': return 'error';
+        case 'medium': return 'warning';
+        default: return 'note';
+    }
+}
+function categoryToRuleId(category, title) {
+    const prefix = `MA${category.charAt(0).toUpperCase()}`;
+    // Create a short hash from the title for uniqueness
+    const hash = title
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-|-$/g, '')
+        .split('-')
+        .slice(0, 4)
+        .join('-');
+    return `${prefix}/${hash}`;
+}
+function buildRules(issues) {
+    const rules = [];
+    const ruleMap = new Map();
+    const seen = new Set();
+    for (const issue of issues) {
+        const ruleId = categoryToRuleId(issue.category, issue.title);
+        if (seen.has(ruleId))
+            continue;
+        seen.add(ruleId);
+        ruleMap.set(`${issue.category}:${issue.title}`, rules.length);
+        rules.push({
+            id: ruleId,
+            name: issue.title.replace(/[^a-zA-Z0-9]/g, ''),
+            shortDescription: { text: issue.title },
+            fullDescription: { text: issue.description },
+            helpUri: `${TOOL_INFO_URI}#rules`,
+            properties: {
+                tags: ['security', issue.category],
+                precision: 'medium',
+            },
+            defaultConfiguration: {
+                level: severityToLevel(issue.type),
+            },
+        });
+    }
+    return { rules, ruleMap };
+}
+function buildResults(issues, ruleMap, targetUri) {
+    return issues.map((issue) => {
+        const key = `${issue.category}:${issue.title}`;
+        const ruleIndex = ruleMap.get(key) ?? 0;
+        const ruleId = categoryToRuleId(issue.category, issue.title);
+        const result = {
+            ruleId,
+            ruleIndex,
+            level: severityToLevel(issue.type),
+            message: { text: issue.description },
+            locations: [
+                {
+                    physicalLocation: {
+                        artifactLocation: { uri: targetUri },
+                        region: { startLine: 1, startColumn: 1 },
+                    },
+                },
+            ],
+            properties: {
+                category: issue.category,
+                recommendation: issue.recommendation,
+            },
+        };
+        if (issue.evidence) {
+            result.properties.evidence = issue.evidence;
+        }
+        return result;
+    });
+}
+/**
+ * Generate a SARIF v2.1.0 report from a SecurityResult.
+ */
+function generateSarifOutput(result) {
+    const targetUri = result.target.startsWith('/')
+        ? `file://${result.target}`
+        : result.target;
+    const { rules, ruleMap } = buildRules(result.issues);
+    const results = buildResults(result.issues, ruleMap, targetUri);
+    return {
+        $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json',
+        version: '2.1.0',
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: TOOL_NAME,
+                        version: TOOL_VERSION,
+                        informationUri: TOOL_INFO_URI,
+                        rules,
+                    },
+                },
+                results,
+                invocations: [
+                    {
+                        executionSuccessful: true,
+                        startTimeUtc: result.timestamp,
+                        endTimeUtc: new Date().toISOString(),
+                    },
+                ],
+                properties: {
+                    scanType: result.scanType,
+                    securityScore: result.score,
+                    summary: result.summary,
+                },
+            },
+        ],
+    };
+}
+/**
+ * Write SARIF report to file or stdout.
+ */
+async function generateSarifReport(result, outputPath) {
+    const sarif = generateSarifOutput(result);
+    if (outputPath) {
+        await fs_extra_1.default.writeFile(outputPath, JSON.stringify(sarif, null, 2));
+        logger_1.logger.success(`SARIF report saved to: ${outputPath}`);
+    }
+    else {
+        console.log(JSON.stringify(sarif, null, 2));
+    }
+}
+//# sourceMappingURL=sarif-reporter.js.map

package/dist/reporters/sarif-reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-reporter.js","sourceRoot":"","sources":["../../src/reporters/sarif-reporter.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;AAsIH,kDAqCC;AAKD,kDAYC;AA1LD,wDAA0B;AAE1B,4CAAyC;AAEzC,MAAM,SAAS,GAAG,WAAW,CAAC;AAC9B,MAAM,YAAY,GAAG,OAAO,CAAC;AAC7B,MAAM,aAAa,GAAG,wCAAwC,CAAC;AAmC/D,SAAS,eAAe,CAAC,IAAY;IACnC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,CAAC,OAAO,OAAO,CAAC;QAC5B,KAAK,QAAQ,CAAC,CAAC,OAAO,SAAS,CAAC;QAChC,OAAO,CAAC,CAAC,OAAO,MAAM,CAAC;IACzB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB,EAAE,KAAa;IACvD,MAAM,MAAM,GAAG,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IACvD,oDAAoD;IACpD,MAAM,IAAI,GAAG,KAAK;SACf,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,KAAK,CAAC,GAAG,CAAC;SACV,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,IAAI,CAAC,GAAG,CAAC,CAAC;IACb,OAAO,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,UAAU,CAAC,MAAuB;IACzC,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAC/B,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAEjB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9D,KAAK,CAAC,IAAI,CAAC;YACT,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;YAC9C,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE;YACvC,eAAe,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,WAAW,EAAE;YAC5C,OAAO,EAAE,GAAG,aAAa,QAAQ;YACjC,UAAU,EAAE;gBACV,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC,QAAQ,CAAC;gBAClC,SAAS,EAAE,QAAQ;aACpB;YACD,oBAAoB,EAAE;gBACpB,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,YAAY,CACnB,MAAuB,EACvB,OAA4B,EAC5B,SAAiB;IAEjB,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QAC1B,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAgB;YAC1B,MAAM;YACN,SAAS;YACT,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC;YAClC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,WAAW,EAAE;YACpC,SAAS,EAAE;gBACT;oBACE,gBAAgB,EAAE;wBAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;wBACpC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE;qBACzC;iBACF;aACF;YACD,UAAU,EAAE;gBACV,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,cAAc,EAAE,KAAK,CAAC,cAAc;aACrC;SACF,CAAC;QAEF,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,CAAC,UAAW,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC/C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,MAAsB;IACxD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;QAC7C,CAAC,CAAC,UAAU,MAAM,CAAC,MAAM,EAAE;QAC3B,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;IAElB,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhE,OAAO;QACL,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,YAAY;wBACrB,cAAc,EAAE,aAAa;wBAC7B,KAAK;qBACN;iBACF;gBACD,OAAO;gBACP,WAAW,EAAE;oBACX;wBACE,mBAAmB,EAAE,IAAI;wBACzB,YAAY,EAAE,MAAM,CAAC,SAAS;wBAC9B,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;qBACrC;iBACF;gBACD,UAAU,EAAE;oBACV,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,aAAa,EAAE,MAAM,CAAC,KAAK;oBAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,MAAsB,EACtB,UAAmB;IAEnB,MAAM,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAE1C,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/D,eAAM,CAAC,OAAO,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC"}

package/dist/scanners/config-scanner.d.ts

@@ -0,0 +1,11 @@
+import { SecurityResult } from '../types/security-result';
+export interface SecurityIssue {
+    type: 'high' | 'medium' | 'low';
+    category: 'permissions' | 'config' | 'filesystem' | 'network' | 'injection' | 'supply-chain' | 'transport';
+    title: string;
+    description: string;
+    recommendation: string;
+    evidence?: string;
+}
+export declare function scanConfig(config: any, verbose?: boolean): Promise<SecurityResult>;
+//# sourceMappingURL=config-scanner.d.ts.map

package/dist/scanners/config-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-scanner.d.ts","sourceRoot":"","sources":["../../src/scanners/config-scanner.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAe1D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAChC,QAAQ,EAAE,aAAa,GAAG,QAAQ,GAAG,YAAY,GAAG,SAAS,GAAG,WAAW,GAAG,cAAc,GAAG,WAAW,CAAC;IAC3G,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AA8CD,wBAAsB,UAAU,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,UAAQ,GAAG,OAAO,CAAC,cAAc,CAAC,CA8CtF"}