agent-security-scanner-mcp 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/README.md +106 -0
  2. package/analyzer.py +119 -0
  3. package/index.js +269 -0
  4. package/package.json +48 -0
  5. package/rules/__init__.py +167 -0
  6. package/rules/dockerfile.security.yaml +291 -0
  7. package/rules/generic.secrets.yaml +503 -0
  8. package/rules/go.security.yaml +380 -0
  9. package/rules/java.security.yaml +453 -0
  10. package/rules/javascript.security.yaml +504 -0
  11. package/rules/python.security.yaml +602 -0
package/rules/generic.secrets.yaml ADDED
@@ -0,0 +1,503 @@
1
+ rules:
2
+ # ============================================================================
3
+ # AWS SECRETS
4
+ # ============================================================================
5
+ - id: generic.secrets.security.aws-access-key-id
6
+ languages: [generic]
7
+ severity: ERROR
8
+ message: "AWS Access Key ID detected. Remove and rotate immediately."
9
+ patterns:
10
+ - "(AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16}"
11
+ metadata:
12
+ cwe: "CWE-798"
13
+ owasp: "A07:2021 - Identification and Authentication Failures"
14
+ confidence: HIGH
15
+ references:
16
+ - https://semgrep.dev/r/generic.secrets.security.detected-aws-access-key-id
17
+
18
+ - id: generic.secrets.security.aws-secret-access-key
19
+ languages: [generic]
20
+ severity: ERROR
21
+ message: "AWS Secret Access Key detected. Remove and rotate immediately."
22
+ patterns:
23
+ - "(?i)(aws_secret_access_key|aws_secret_key|secret_access_key)\\s*[:=]\\s*[\"']?[A-Za-z0-9/+]{40}[\"']?"
24
+ metadata:
25
+ cwe: "CWE-798"
26
+ owasp: "A07:2021 - Identification and Authentication Failures"
27
+ confidence: HIGH
28
+ references:
29
+ - https://semgrep.dev/r/generic.secrets.security.detected-aws-secret-access-key
30
+
31
+ # ============================================================================
32
+ # GITHUB TOKENS
33
+ # ============================================================================
34
+ - id: generic.secrets.security.github-pat
35
+ languages: [generic]
36
+ severity: ERROR
37
+ message: "GitHub Personal Access Token detected. Remove and revoke immediately."
38
+ patterns:
39
+ - "ghp_[A-Za-z0-9]{36}"
40
+ - "github_pat_[A-Za-z0-9]{22}_[A-Za-z0-9]{59}"
41
+ metadata:
42
+ cwe: "CWE-798"
43
+ owasp: "A07:2021 - Identification and Authentication Failures"
44
+ confidence: HIGH
45
+ references:
46
+ - https://semgrep.dev/r/generic.secrets.security.detected-github-pat
47
+
48
+ - id: generic.secrets.security.github-oauth
49
+ languages: [generic]
50
+ severity: ERROR
51
+ message: "GitHub OAuth Token detected. Remove and revoke immediately."
52
+ patterns:
53
+ - "gho_[A-Za-z0-9]{36}"
54
+ metadata:
55
+ cwe: "CWE-798"
56
+ owasp: "A07:2021 - Identification and Authentication Failures"
57
+ confidence: HIGH
58
+ references:
59
+ - https://semgrep.dev/r/generic.secrets.security.detected-github-oauth
60
+
61
+ - id: generic.secrets.security.github-app-token
62
+ languages: [generic]
63
+ severity: ERROR
64
+ message: "GitHub App Token detected. Remove and revoke immediately."
65
+ patterns:
66
+ - "ghu_[A-Za-z0-9]{36}"
67
+ - "ghs_[A-Za-z0-9]{36}"
68
+ metadata:
69
+ cwe: "CWE-798"
70
+ owasp: "A07:2021 - Identification and Authentication Failures"
71
+ confidence: HIGH
72
+ references:
73
+ - https://semgrep.dev/r/generic.secrets.security.detected-github-app-token
74
+
75
+ # ============================================================================
76
+ # STRIPE KEYS
77
+ # ============================================================================
78
+ - id: generic.secrets.security.stripe-api-key
79
+ languages: [generic]
80
+ severity: ERROR
81
+ message: "Stripe API Key detected. Remove and rotate immediately."
82
+ patterns:
83
+ - "sk_live_[A-Za-z0-9]{24,}"
84
+ - "sk_test_[A-Za-z0-9]{24,}"
85
+ - "rk_live_[A-Za-z0-9]{24,}"
86
+ - "rk_test_[A-Za-z0-9]{24,}"
87
+ metadata:
88
+ cwe: "CWE-798"
89
+ owasp: "A07:2021 - Identification and Authentication Failures"
90
+ confidence: HIGH
91
+ references:
92
+ - https://semgrep.dev/r/generic.secrets.security.detected-stripe-api-key
93
+
94
+ # ============================================================================
95
+ # OPENAI / AI API KEYS
96
+ # ============================================================================
97
+ - id: generic.secrets.security.openai-api-key
98
+ languages: [generic]
99
+ severity: ERROR
100
+ message: "OpenAI API Key detected. Remove and rotate immediately."
101
+ patterns:
102
+ - "sk-[A-Za-z0-9]{48}"
103
+ - "sk-proj-[A-Za-z0-9_-]{48,}"
104
+ metadata:
105
+ cwe: "CWE-798"
106
+ owasp: "A07:2021 - Identification and Authentication Failures"
107
+ confidence: HIGH
108
+ references:
109
+ - https://semgrep.dev/r/generic.secrets.security.detected-openai-api-key
110
+
111
+ # ============================================================================
112
+ # GOOGLE / GCP SECRETS
113
+ # ============================================================================
114
+ - id: generic.secrets.security.gcp-api-key
115
+ languages: [generic]
116
+ severity: ERROR
117
+ message: "Google Cloud API Key detected. Remove and rotate immediately."
118
+ patterns:
119
+ - "AIza[A-Za-z0-9_-]{35}"
120
+ metadata:
121
+ cwe: "CWE-798"
122
+ owasp: "A07:2021 - Identification and Authentication Failures"
123
+ confidence: HIGH
124
+ references:
125
+ - https://semgrep.dev/r/generic.secrets.security.detected-gcp-api-key
126
+
127
+ - id: generic.secrets.security.gcp-service-account
128
+ languages: [generic]
129
+ severity: ERROR
130
+ message: "GCP Service Account key detected. Remove and rotate immediately."
131
+ patterns:
132
+ - "\"type\"\\s*:\\s*\"service_account\""
133
+ - "\"private_key\"\\s*:\\s*\"-----BEGIN"
134
+ metadata:
135
+ cwe: "CWE-798"
136
+ owasp: "A07:2021 - Identification and Authentication Failures"
137
+ confidence: HIGH
138
+ references:
139
+ - https://semgrep.dev/r/generic.secrets.security.detected-gcp-service-account
140
+
141
+ # ============================================================================
142
+ # AZURE SECRETS
143
+ # ============================================================================
144
+ - id: generic.secrets.security.azure-storage-key
145
+ languages: [generic]
146
+ severity: ERROR
147
+ message: "Azure Storage Account Key detected. Remove and rotate immediately."
148
+ patterns:
149
+ - "(?i)AccountKey\\s*=\\s*[A-Za-z0-9+/=]{88}"
150
+ - "DefaultEndpointsProtocol=https;AccountName=[^;]+;AccountKey=[A-Za-z0-9+/=]{88}"
151
+ metadata:
152
+ cwe: "CWE-798"
153
+ owasp: "A07:2021 - Identification and Authentication Failures"
154
+ confidence: HIGH
155
+ references:
156
+ - https://semgrep.dev/r/generic.secrets.security.detected-azure-storage-key
157
+
158
+ # ============================================================================
159
+ # SLACK TOKENS
160
+ # ============================================================================
161
+ - id: generic.secrets.security.slack-token
162
+ languages: [generic]
163
+ severity: ERROR
164
+ message: "Slack Token detected. Remove and revoke immediately."
165
+ patterns:
166
+ - "xoxb-[0-9]{10,}-[0-9]{10,}-[A-Za-z0-9]{24}"
167
+ - "xoxp-[0-9]{10,}-[0-9]{10,}-[0-9]{10,}-[a-f0-9]{32}"
168
+ - "xoxa-[0-9]{10,}-[0-9]{10,}-[A-Za-z0-9]{24}"
169
+ - "xoxr-[0-9]{10,}-[A-Za-z0-9]{24}"
170
+ metadata:
171
+ cwe: "CWE-798"
172
+ owasp: "A07:2021 - Identification and Authentication Failures"
173
+ confidence: HIGH
174
+ references:
175
+ - https://semgrep.dev/r/generic.secrets.security.detected-slack-token
176
+
177
+ - id: generic.secrets.security.slack-webhook
178
+ languages: [generic]
179
+ severity: ERROR
180
+ message: "Slack Webhook URL detected. Remove and regenerate."
181
+ patterns:
182
+ - "https://hooks\\.slack\\.com/services/T[A-Z0-9]+/B[A-Z0-9]+/[A-Za-z0-9]+"
183
+ metadata:
184
+ cwe: "CWE-798"
185
+ owasp: "A07:2021 - Identification and Authentication Failures"
186
+ confidence: HIGH
187
+ references:
188
+ - https://semgrep.dev/r/generic.secrets.security.detected-slack-webhook
189
+
190
+ # ============================================================================
191
+ # PRIVATE KEYS
192
+ # ============================================================================
193
+ - id: generic.secrets.security.private-key-rsa
194
+ languages: [generic]
195
+ severity: ERROR
196
+ message: "RSA Private Key detected. Remove from code immediately."
197
+ patterns:
198
+ - "-----BEGIN RSA PRIVATE KEY-----"
199
+ - "-----BEGIN PRIVATE KEY-----"
200
+ - "-----BEGIN EC PRIVATE KEY-----"
201
+ - "-----BEGIN DSA PRIVATE KEY-----"
202
+ - "-----BEGIN OPENSSH PRIVATE KEY-----"
203
+ metadata:
204
+ cwe: "CWE-798"
205
+ owasp: "A07:2021 - Identification and Authentication Failures"
206
+ confidence: HIGH
207
+ references:
208
+ - https://semgrep.dev/r/generic.secrets.security.detected-private-key
209
+
210
+ # ============================================================================
211
+ # JWT SECRETS
212
+ # ============================================================================
213
+ - id: generic.secrets.security.jwt-token
214
+ languages: [generic]
215
+ severity: WARNING
216
+ message: "JWT token detected in code. Ensure tokens are not hardcoded."
217
+ patterns:
218
+ - "eyJ[A-Za-z0-9_-]+\\.eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+"
219
+ metadata:
220
+ cwe: "CWE-798"
221
+ owasp: "A07:2021 - Identification and Authentication Failures"
222
+ confidence: MEDIUM
223
+ references:
224
+ - https://semgrep.dev/r/generic.secrets.security.detected-jwt-token
225
+
226
+ # ============================================================================
227
+ # DATABASE CREDENTIALS
228
+ # ============================================================================
229
+ - id: generic.secrets.security.database-url
230
+ languages: [generic]
231
+ severity: ERROR
232
+ message: "Database connection string with credentials detected. Use environment variables."
233
+ patterns:
234
+ - "(?i)(mysql|postgres|postgresql|mongodb|redis|mssql)://[^:]+:[^@]+@"
235
+ - "(?i)mongodb\\+srv://[^:]+:[^@]+@"
236
+ metadata:
237
+ cwe: "CWE-798"
238
+ owasp: "A07:2021 - Identification and Authentication Failures"
239
+ confidence: HIGH
240
+ references:
241
+ - https://semgrep.dev/r/generic.secrets.security.detected-database-url
242
+
243
+ # ============================================================================
244
+ # TWILIO
245
+ # ============================================================================
246
+ - id: generic.secrets.security.twilio-api-key
247
+ languages: [generic]
248
+ severity: ERROR
249
+ message: "Twilio API Key detected. Remove and rotate immediately."
250
+ patterns:
251
+ - "SK[a-f0-9]{32}"
252
+ - "(?i)twilio[_-]?(auth[_-]?token|api[_-]?key)\\s*[:=]\\s*[\"']?[a-f0-9]{32}[\"']?"
253
+ metadata:
254
+ cwe: "CWE-798"
255
+ owasp: "A07:2021 - Identification and Authentication Failures"
256
+ confidence: HIGH
257
+ references:
258
+ - https://semgrep.dev/r/generic.secrets.security.detected-twilio-api-key
259
+
260
+ # ============================================================================
261
+ # SENDGRID
262
+ # ============================================================================
263
+ - id: generic.secrets.security.sendgrid-api-key
264
+ languages: [generic]
265
+ severity: ERROR
266
+ message: "SendGrid API Key detected. Remove and rotate immediately."
267
+ patterns:
268
+ - "SG\\.[A-Za-z0-9_-]{22}\\.[A-Za-z0-9_-]{43}"
269
+ metadata:
270
+ cwe: "CWE-798"
271
+ owasp: "A07:2021 - Identification and Authentication Failures"
272
+ confidence: HIGH
273
+ references:
274
+ - https://semgrep.dev/r/generic.secrets.security.detected-sendgrid-api-key
275
+
276
+ # ============================================================================
277
+ # MAILCHIMP
278
+ # ============================================================================
279
+ - id: generic.secrets.security.mailchimp-api-key
280
+ languages: [generic]
281
+ severity: ERROR
282
+ message: "Mailchimp API Key detected. Remove and rotate immediately."
283
+ patterns:
284
+ - "[a-f0-9]{32}-us[0-9]{1,2}"
285
+ metadata:
286
+ cwe: "CWE-798"
287
+ owasp: "A07:2021 - Identification and Authentication Failures"
288
+ confidence: HIGH
289
+ references:
290
+ - https://semgrep.dev/r/generic.secrets.security.detected-mailchimp-api-key
291
+
292
+ # ============================================================================
293
+ # HEROKU
294
+ # ============================================================================
295
+ - id: generic.secrets.security.heroku-api-key
296
+ languages: [generic]
297
+ severity: ERROR
298
+ message: "Heroku API Key detected. Remove and rotate immediately."
299
+ patterns:
300
+ - "(?i)heroku[_-]?(api[_-]?key|auth[_-]?token)\\s*[:=]\\s*[\"']?[a-f0-9-]{36}[\"']?"
301
+ metadata:
302
+ cwe: "CWE-798"
303
+ owasp: "A07:2021 - Identification and Authentication Failures"
304
+ confidence: HIGH
305
+ references:
306
+ - https://semgrep.dev/r/generic.secrets.security.detected-heroku-api-key
307
+
308
+ # ============================================================================
309
+ # NPM TOKEN
310
+ # ============================================================================
311
+ - id: generic.secrets.security.npm-token
312
+ languages: [generic]
313
+ severity: ERROR
314
+ message: "NPM Token detected. Remove and revoke immediately."
315
+ patterns:
316
+ - "npm_[A-Za-z0-9]{36}"
317
+ - "//registry\\.npmjs\\.org/:_authToken=[A-Za-z0-9-]+"
318
+ metadata:
319
+ cwe: "CWE-798"
320
+ owasp: "A07:2021 - Identification and Authentication Failures"
321
+ confidence: HIGH
322
+ references:
323
+ - https://semgrep.dev/r/generic.secrets.security.detected-npm-token
324
+
325
+ # ============================================================================
326
+ # PYPI TOKEN
327
+ # ============================================================================
328
+ - id: generic.secrets.security.pypi-token
329
+ languages: [generic]
330
+ severity: ERROR
331
+ message: "PyPI Token detected. Remove and revoke immediately."
332
+ patterns:
333
+ - "pypi-[A-Za-z0-9_-]{100,}"
334
+ metadata:
335
+ cwe: "CWE-798"
336
+ owasp: "A07:2021 - Identification and Authentication Failures"
337
+ confidence: HIGH
338
+ references:
339
+ - https://semgrep.dev/r/generic.secrets.security.detected-pypi-token
340
+
341
+ # ============================================================================
342
+ # DISCORD
343
+ # ============================================================================
344
+ - id: generic.secrets.security.discord-token
345
+ languages: [generic]
346
+ severity: ERROR
347
+ message: "Discord Token detected. Remove and regenerate immediately."
348
+ patterns:
349
+ - "[MN][A-Za-z0-9]{23,}\\.[A-Za-z0-9_-]{6}\\.[A-Za-z0-9_-]{27}"
350
+ - "(?i)discord[_-]?(token|webhook)\\s*[:=]\\s*[\"']?[A-Za-z0-9._-]+[\"']?"
351
+ metadata:
352
+ cwe: "CWE-798"
353
+ owasp: "A07:2021 - Identification and Authentication Failures"
354
+ confidence: HIGH
355
+ references:
356
+ - https://semgrep.dev/r/generic.secrets.security.detected-discord-token
357
+
358
+ # ============================================================================
359
+ # GENERIC PATTERNS
360
+ # ============================================================================
361
+ - id: generic.secrets.security.hardcoded-password
362
+ languages: [generic]
363
+ severity: ERROR
364
+ message: "Hardcoded password detected. Use environment variables or a secrets manager."
365
+ patterns:
366
+ - "(?i)(password|passwd|pwd)\\s*[:=]\\s*[\"'][^\"']{6,}[\"']"
367
+ metadata:
368
+ cwe: "CWE-798"
369
+ owasp: "A07:2021 - Identification and Authentication Failures"
370
+ confidence: MEDIUM
371
+ references:
372
+ - https://semgrep.dev/r/generic.secrets.security.hardcoded-password
373
+
374
+ - id: generic.secrets.security.hardcoded-api-key
375
+ languages: [generic]
376
+ severity: ERROR
377
+ message: "Hardcoded API key detected. Use environment variables."
378
+ patterns:
379
+ - "(?i)(api[_-]?key|apikey)\\s*[:=]\\s*[\"'][A-Za-z0-9_-]{16,}[\"']"
380
+ - "(?i)(secret[_-]?key|secretkey)\\s*[:=]\\s*[\"'][A-Za-z0-9_-]{16,}[\"']"
381
+ - "(?i)(auth[_-]?token|authtoken)\\s*[:=]\\s*[\"'][A-Za-z0-9_-]{16,}[\"']"
382
+ - "(?i)(access[_-]?token|accesstoken)\\s*[:=]\\s*[\"'][A-Za-z0-9_-]{16,}[\"']"
383
+ metadata:
384
+ cwe: "CWE-798"
385
+ owasp: "A07:2021 - Identification and Authentication Failures"
386
+ confidence: HIGH
387
+ references:
388
+ - https://semgrep.dev/r/generic.secrets.security.hardcoded-api-key
389
+
390
+ # ============================================================================
391
+ # SHOPIFY
392
+ # ============================================================================
393
+ - id: generic.secrets.security.shopify-token
394
+ languages: [generic]
395
+ severity: ERROR
396
+ message: "Shopify Token detected. Remove and rotate immediately."
397
+ patterns:
398
+ - "shpat_[a-fA-F0-9]{32}"
399
+ - "shpca_[a-fA-F0-9]{32}"
400
+ - "shppa_[a-fA-F0-9]{32}"
401
+ metadata:
402
+ cwe: "CWE-798"
403
+ owasp: "A07:2021 - Identification and Authentication Failures"
404
+ confidence: HIGH
405
+ references:
406
+ - https://semgrep.dev/r/generic.secrets.security.detected-shopify-token
407
+
408
+ # ============================================================================
409
+ # FACEBOOK
410
+ # ============================================================================
411
+ - id: generic.secrets.security.facebook-token
412
+ languages: [generic]
413
+ severity: ERROR
414
+ message: "Facebook Access Token detected. Remove and revoke immediately."
415
+ patterns:
416
+ - "EAA[A-Za-z0-9]{100,}"
417
+ metadata:
418
+ cwe: "CWE-798"
419
+ owasp: "A07:2021 - Identification and Authentication Failures"
420
+ confidence: HIGH
421
+ references:
422
+ - https://semgrep.dev/r/generic.secrets.security.detected-facebook-token
423
+
424
+ # ============================================================================
425
+ # TWITTER
426
+ # ============================================================================
427
+ - id: generic.secrets.security.twitter-bearer-token
428
+ languages: [generic]
429
+ severity: ERROR
430
+ message: "Twitter Bearer Token detected. Remove and regenerate immediately."
431
+ patterns:
432
+ - "AAAAAAAAAAAAAAAAAAAAAA[A-Za-z0-9%]+"
433
+ metadata:
434
+ cwe: "CWE-798"
435
+ owasp: "A07:2021 - Identification and Authentication Failures"
436
+ confidence: HIGH
437
+ references:
438
+ - https://semgrep.dev/r/generic.secrets.security.detected-twitter-bearer-token
439
+
440
+ # ============================================================================
441
+ # LINEAR
442
+ # ============================================================================
443
+ - id: generic.secrets.security.linear-api-key
444
+ languages: [generic]
445
+ severity: ERROR
446
+ message: "Linear API Key detected. Remove and rotate immediately."
447
+ patterns:
448
+ - "lin_api_[A-Za-z0-9]{40}"
449
+ metadata:
450
+ cwe: "CWE-798"
451
+ owasp: "A07:2021 - Identification and Authentication Failures"
452
+ confidence: HIGH
453
+ references:
454
+ - https://semgrep.dev/r/generic.secrets.security.detected-linear-api-key
455
+
456
+ # ============================================================================
457
+ # GITLAB
458
+ # ============================================================================
459
+ - id: generic.secrets.security.gitlab-token
460
+ languages: [generic]
461
+ severity: ERROR
462
+ message: "GitLab Token detected. Remove and revoke immediately."
463
+ patterns:
464
+ - "glpat-[A-Za-z0-9_-]{20}"
465
+ - "glptt-[A-Za-z0-9_-]{40}"
466
+ metadata:
467
+ cwe: "CWE-798"
468
+ owasp: "A07:2021 - Identification and Authentication Failures"
469
+ confidence: HIGH
470
+ references:
471
+ - https://semgrep.dev/r/generic.secrets.security.detected-gitlab-token
472
+
473
+ # ============================================================================
474
+ # BITBUCKET
475
+ # ============================================================================
476
+ - id: generic.secrets.security.bitbucket-token
477
+ languages: [generic]
478
+ severity: ERROR
479
+ message: "Bitbucket Token detected. Remove and revoke immediately."
480
+ patterns:
481
+ - "(?i)bitbucket[_-]?(token|api[_-]?key)\\s*[:=]\\s*[\"']?[A-Za-z0-9_-]{20,}[\"']?"
482
+ metadata:
483
+ cwe: "CWE-798"
484
+ owasp: "A07:2021 - Identification and Authentication Failures"
485
+ confidence: HIGH
486
+ references:
487
+ - https://semgrep.dev/r/generic.secrets.security.detected-bitbucket-token
488
+
489
+ # ============================================================================
490
+ # DATADOG
491
+ # ============================================================================
492
+ - id: generic.secrets.security.datadog-api-key
493
+ languages: [generic]
494
+ severity: ERROR
495
+ message: "Datadog API Key detected. Remove and rotate immediately."
496
+ patterns:
497
+ - "(?i)datadog[_-]?(api[_-]?key|app[_-]?key)\\s*[:=]\\s*[\"']?[a-f0-9]{32}[\"']?"
498
+ metadata:
499
+ cwe: "CWE-798"
500
+ owasp: "A07:2021 - Identification and Authentication Failures"
501
+ confidence: HIGH
502
+ references:
503
+ - https://semgrep.dev/r/generic.secrets.security.detected-datadog-api-key