agent-security-scanner-mcp 1.0.1 → 1.1.0

package/README.md

@@ -1,6 +1,17 @@
 # agent-security-scanner-mcp
 
-An MCP (Model Context Protocol) server for security vulnerability scanning. Detects SQL injection, XSS, command injection, hardcoded secrets, and 160+ security issues.
+A powerful MCP (Model Context Protocol) server for real-time security vulnerability scanning. Integrates with Claude Desktop and Claude Code to automatically detect and fix security issues as you code.
+
+**165 Semgrep-aligned security rules | 105 auto-fix templates | 100% fix coverage | Package hallucination detection**
+
+## Features
+
+- **Real-time scanning** - Detect vulnerabilities instantly as you write code
+- **Auto-fix suggestions** - Get actionable fixes for every security issue
+- **Multi-language support** - JavaScript, TypeScript, Python, Java, Go, Dockerfile
+- **Semgrep-compatible** - Rules aligned with Semgrep registry format
+- **CWE & OWASP mapped** - Every rule includes CWE and OWASP references
+- **Hallucination detection** - Detect AI-invented package names (Dart, Perl, Raku)
 
 ## Installation
 
@@ -17,7 +28,7 @@ npx agent-security-scanner-mcp
 ## Requirements
 
 - Node.js >= 18.0.0
-- Python 3.x (for the analyzer)
+- Python 3.x (for the analyzer engine)
 
 ## Configuration
 
@@ -36,9 +47,13 @@ Add to your `claude_desktop_config.json`:
 }
 ```
 
+**Config file locations:**
+- macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
+- Windows: `%APPDATA%\Claude\claude_desktop_config.json`
+
 ### Claude Code
 
-Add to your MCP settings:
+Add to your MCP settings (`~/.claude/settings.json`):
 
 ```json
 {
@@ -57,50 +72,318 @@ Add to your MCP settings:
 
 Scan a file for security vulnerabilities and return issues with suggested fixes.
 
-**Parameters:**
-- `file_path` (string): Path to the file to scan
+```
+Parameters:
+  file_path (string): Absolute path to the file to scan
+
+Returns:
+  - List of security issues
+  - Severity level (ERROR, WARNING, INFO)
+  - CWE and OWASP references
+  - Line numbers and code context
+  - Suggested fixes
+```
 
-**Returns:** List of security issues with severity, CWE references, and fix suggestions.
+**Example output:**
+```json
+{
+  "file": "/path/to/file.js",
+  "language": "javascript",
+  "issues_count": 3,
+  "issues": [
+    {
+      "ruleId": "javascript.lang.security.audit.sql-injection",
+      "message": "SQL Injection detected. Use parameterized queries.",
+      "line": 15,
+      "severity": "error",
+      "metadata": {
+        "cwe": "CWE-89",
+        "owasp": "A03:2021 - Injection"
+      },
+      "suggested_fix": {
+        "description": "Use parameterized queries instead of string concatenation",
+        "original": "db.query(\"SELECT * FROM users WHERE id = \" + userId)",
+        "fixed": "db.query(\"SELECT * FROM users WHERE id = ?\", [userId])"
+      }
+    }
+  ]
+}
+```
 
 ### `fix_security`
 
-Scan a file and return the fixed content with all security issues resolved.
+Automatically fix all security issues in a file.
 
-**Parameters:**
-- `file_path` (string): Path to the file to fix
+```
+Parameters:
+  file_path (string): Absolute path to the file to fix
 
-**Returns:** Fixed file content with applied security fixes.
+Returns:
+  - Number of fixes applied
+  - Details of each fix
+  - Fixed file content
+```
 
 ### `list_security_rules`
 
-List all available security fix templates and their descriptions.
+List all 105 available auto-fix templates.
+
+---
+
+## Package Hallucination Detection
+
+Detect AI-hallucinated package names that don't exist in official registries. Prevents supply chain attacks where attackers register fake package names suggested by AI.
+
+### `check_package`
+
+Check if a single package name is legitimate or potentially hallucinated.
+
+```
+Parameters:
+  package_name (string): The package name to verify
+  ecosystem (enum): "dart", "perl", "raku", "npm", "pypi"
+
+Returns:
+  - legitimate: true/false
+  - hallucinated: true/false
+  - confidence: "high"
+  - recommendation: Action to take
+```
+
+**Example:**
+```json
+{
+  "package": "flutter_animations",
+  "ecosystem": "dart",
+  "legitimate": true,
+  "hallucinated": false,
+  "confidence": "high",
+  "total_known_packages": 64721,
+  "recommendation": "Package exists in registry - safe to use"
+}
+```
+
+### `scan_packages`
 
-## Detected Vulnerabilities
+Scan a code file and detect all potentially hallucinated package imports.
 
-| Category | Examples |
-|----------|----------|
-| Injection | SQL injection, Command injection, XSS |
-| Secrets | Hardcoded API keys, passwords, private keys |
-| Cryptography | Weak hashing (MD5, SHA1), insecure random |
-| Deserialization | Pickle, unsafe YAML load |
-| Network | SSL verification disabled, HTTP usage |
-| Path Traversal | Unsanitized file paths |
+```
+Parameters:
+  file_path (string): Path to the file to scan
+  ecosystem (enum): "dart", "perl", "raku", "npm", "pypi"
+
+Returns:
+  - List of all packages found
+  - Which are legitimate vs hallucinated
+  - Recommendation
+```
 
-## Supported Languages
+**Example output:**
+```json
+{
+  "file": "/path/to/main.dart",
+  "ecosystem": "dart",
+  "total_packages_found": 5,
+  "legitimate_count": 4,
+  "hallucinated_count": 1,
+  "hallucinated_packages": ["fake_flutter_pkg"],
+  "legitimate_packages": ["flutter", "http", "provider", "shared_preferences"],
+  "recommendation": "⚠️ Found 1 potentially hallucinated package(s): fake_flutter_pkg"
+}
+```
+
+### `list_package_stats`
+
+Show statistics about loaded package lists.
 
-- JavaScript / TypeScript
-- Python
-- Java
-- Go
-- Ruby
-- PHP
-- Dockerfile
-- Generic (secrets detection)
+```json
+{
+  "package_lists": [
+    { "ecosystem": "dart", "packages_loaded": 64721, "status": "ready" },
+    { "ecosystem": "perl", "packages_loaded": 1000, "status": "ready" },
+    { "ecosystem": "raku", "packages_loaded": 2626, "status": "ready" }
+  ],
+  "total_packages": 68347
+}
+```
+
+### Adding Custom Package Lists
+
+Add your own package lists to `packages/` directory:
+
+```bash
+# Format: one package name per line
+packages/
+├── dart.txt    # 64,721 packages
+├── perl.txt    # 1,000 packages
+├── raku.txt    # 2,626 packages
+├── npm.txt     # Add your own
+└── pypi.txt    # Add your own
+```
+
+### Fetching Package Lists
+
+```bash
+# Using the included script
+cd mcp-server
+pip install datasets
+python scripts/fetch-packages.py
+```
+
+Package lists are sourced from:
+- **Dart:** [dchitimalla1/dart-20250529](https://huggingface.co/datasets/dchitimalla1/dart-20250529)
+- **Perl:** [dchitimalla1/perl-20250530](https://huggingface.co/datasets/dchitimalla1/perl-20250530)
+- **Raku:** [dchitimalla1/raku-20250523](https://huggingface.co/datasets/dchitimalla1/raku-20250523)
+
+---
+
+## Security Rules (165 total)
+
+### By Language
+
+| Language | Rules | Categories |
+|----------|-------|------------|
+| JavaScript/TypeScript | 31 | XSS, injection, secrets, crypto |
+| Python | 36 | Injection, deserialization, crypto, XXE |
+| Java | 27 | Injection, XXE, crypto, deserialization |
+| Go | 22 | Injection, crypto, race conditions |
+| Dockerfile | 18 | Secrets, permissions, best practices |
+| Generic (Secrets) | 31 | API keys, tokens, passwords |
+
+### By Category
+
+| Category | Rules | Auto-Fix |
+|----------|-------|----------|
+| **Injection (SQL, Command, XSS)** | 35 | Yes |
+| **Hardcoded Secrets** | 45 | Yes |
+| **Weak Cryptography** | 18 | Yes |
+| **Insecure Deserialization** | 12 | Yes |
+| **Path Traversal** | 6 | Yes |
+| **SSRF** | 6 | Yes |
+| **XXE** | 6 | Yes |
+| **SSL/TLS Issues** | 8 | Yes |
+| **CSRF** | 4 | Yes |
+| **JWT Vulnerabilities** | 6 | Yes |
+| **Dockerfile Security** | 18 | Yes |
+| **Other** | 11 | Yes |
+
+## Auto-Fix Templates (105 total)
+
+Every detected vulnerability includes an automatic fix suggestion:
+
+| Vulnerability | Fix Strategy |
+|--------------|--------------|
+| SQL Injection | Parameterized queries with placeholders |
+| XSS (innerHTML) | Replace with `textContent` or DOMPurify |
+| Command Injection | Use `execFile()` / `spawn()` with `shell: false` |
+| Hardcoded Secrets | Environment variables (`process.env` / `os.environ`) |
+| Weak Crypto (MD5/SHA1) | Replace with SHA-256 |
+| Insecure Deserialization | Use `json.load()` or `yaml.safe_load()` |
+| SSL verify=False | Set `verify=True` |
+| Path Traversal | Use `path.basename()` / `os.path.basename()` |
+| Eval/Exec | Remove or use safer alternatives |
+| CORS Wildcard | Specify allowed origins |
+
+## Example Usage
+
+### Scanning a file
+
+Ask Claude: *"Scan my app.js file for security issues"*
+
+Claude will use `scan_security` and return:
+- All vulnerabilities found
+- Severity levels
+- CWE/OWASP references
+- Suggested fixes for each issue
+
+### Auto-fixing issues
+
+Ask Claude: *"Fix all security issues in app.js"*
+
+Claude will use `fix_security` to:
+- Apply all available auto-fixes
+- Return the secured code
+- List all changes made
+
+## Supported Vulnerabilities
+
+### Injection
+- SQL Injection (multiple databases)
+- NoSQL Injection (MongoDB)
+- Command Injection (exec, spawn, subprocess)
+- XSS (innerHTML, document.write, React dangerouslySetInnerHTML)
+- LDAP Injection
+- XPath Injection
+- Template Injection (Jinja2, SpEL)
+
+### Secrets & Credentials
+- AWS Access Keys & Secret Keys
+- GitHub Tokens (PAT, OAuth, App)
+- Stripe API Keys
+- OpenAI API Keys
+- Slack Tokens & Webhooks
+- Database URLs & Passwords
+- Private Keys (RSA, SSH)
+- JWT Secrets
+- 25+ more token types
+
+### Cryptography
+- Weak Hashing (MD5, SHA1)
+- Weak Ciphers (DES, RC4)
+- ECB Mode Usage
+- Insecure Random
+- Weak RSA Key Size
+- Weak TLS Versions
+
+### Deserialization
+- Python pickle/marshal/shelve
+- YAML unsafe load
+- Java ObjectInputStream
+- Node serialize
+- Go gob decode
+
+### Network & SSL
+- SSL Verification Disabled
+- Certificate Validation Bypass
+- SSRF Vulnerabilities
+- Open Redirects
+- CORS Misconfiguration
+
+### Other
+- Path Traversal
+- XXE (XML External Entities)
+- CSRF Disabled
+- Debug Mode Enabled
+- Prototype Pollution
+- ReDoS (Regex DoS)
+- Race Conditions
+
+## Contributing
+
+Contributions welcome! Please see our [GitHub repository](https://github.com/sinewaveai/agent-security-layer-fork).
+
+### Adding New Rules
+
+Rules are defined in YAML format in the `rules/` directory:
+
+```yaml
+- id: language.category.rule-name
+  languages: [javascript]
+  severity: ERROR
+  message: "Description of the vulnerability"
+  patterns:
+    - "regex_pattern"
+  metadata:
+    cwe: "CWE-XXX"
+    owasp: "Category"
+```
 
 ## License
 
 MIT
 
-## Repository
+## Links
 
-https://github.com/sinewaveai/agent-security-layer-fork
+- **npm:** https://www.npmjs.com/package/agent-security-scanner-mcp
+- **GitHub:** https://github.com/sinewaveai/agent-security-layer-fork
+- **Issues:** https://github.com/sinewaveai/agent-security-layer-fork/issues

package/index.js

@@ -824,6 +824,235 @@ server.tool(
   }
 );
 
+// ===========================================
+// PACKAGE HALLUCINATION DETECTION
+// ===========================================
+
+// Load legitimate package lists into memory (hash sets for O(1) lookup)
+const LEGITIMATE_PACKAGES = {
+  dart: new Set(),
+  perl: new Set(),
+  raku: new Set(),
+  npm: new Set(),
+  pypi: new Set()
+};
+
+// Package import patterns by ecosystem
+const IMPORT_PATTERNS = {
+  dart: [
+    /import\s+['"]package:([^\/'"]+)/g,
+    /dependencies:\s*\n(?:\s+(\w+):\s*[\^~]?[\d.]+\n)+/g
+  ],
+  perl: [
+    /use\s+([\w:]+)/g,
+    /require\s+([\w:]+)/g
+  ],
+  raku: [
+    /use\s+([\w:]+)/g,
+    /need\s+([\w:]+)/g
+  ],
+  npm: [
+    /require\s*\(\s*['"]([^'"]+)['"]\s*\)/g,
+    /from\s+['"]([^'"]+)['"]/g,
+    /import\s+['"]([^'"]+)['"]/g
+  ],
+  pypi: [
+    /^import\s+([\w]+)/gm,
+    /^from\s+([\w]+)/gm
+  ]
+};
+
+// Load package lists on startup
+function loadPackageLists() {
+  const packagesDir = join(__dirname, 'packages');
+
+  for (const ecosystem of Object.keys(LEGITIMATE_PACKAGES)) {
+    const filePath = join(packagesDir, `${ecosystem}.txt`);
+    try {
+      if (existsSync(filePath)) {
+        const content = readFileSync(filePath, 'utf-8');
+        const packages = content.split('\n').filter(p => p.trim());
+        LEGITIMATE_PACKAGES[ecosystem] = new Set(packages);
+        console.error(`Loaded ${packages.length} ${ecosystem} packages`);
+      }
+    } catch (error) {
+      console.error(`Warning: Could not load ${ecosystem} packages: ${error.message}`);
+    }
+  }
+}
+
+// Extract package names from code
+function extractPackages(code, ecosystem) {
+  const packages = new Set();
+  const patterns = IMPORT_PATTERNS[ecosystem] || [];
+
+  for (const pattern of patterns) {
+    const regex = new RegExp(pattern.source, pattern.flags);
+    let match;
+    while ((match = regex.exec(code)) !== null) {
+      const pkg = match[1];
+      if (pkg && !pkg.startsWith('.') && !pkg.startsWith('/')) {
+        // Normalize package name (handle scoped packages, subpaths)
+        const basePkg = pkg.split('/')[0].replace(/^@/, '');
+        packages.add(basePkg);
+      }
+    }
+  }
+
+  return Array.from(packages);
+}
+
+// Check if a package is hallucinated
+function isHallucinated(packageName, ecosystem) {
+  const legitPackages = LEGITIMATE_PACKAGES[ecosystem];
+  if (!legitPackages || legitPackages.size === 0) {
+    return { unknown: true, reason: `No package list loaded for ${ecosystem}` };
+  }
+  return { hallucinated: !legitPackages.has(packageName) };
+}
+
+// Register check_package tool
+server.tool(
+  "check_package",
+  "Check if a package name is legitimate or potentially hallucinated (AI-invented)",
+  {
+    package_name: z.string().describe("The package name to verify"),
+    ecosystem: z.enum(["dart", "perl", "raku", "npm", "pypi"]).describe("The package ecosystem")
+  },
+  async ({ package_name, ecosystem }) => {
+    const legitPackages = LEGITIMATE_PACKAGES[ecosystem];
+    const totalPackages = legitPackages?.size || 0;
+
+    if (totalPackages === 0) {
+      return {
+        content: [{
+          type: "text",
+          text: JSON.stringify({
+            package: package_name,
+            ecosystem,
+            status: "unknown",
+            reason: `No package list loaded for ${ecosystem}. Add packages/${ecosystem}.txt`,
+            suggestion: "Load package list or verify manually at the package registry"
+          }, null, 2)
+        }]
+      };
+    }
+
+    const exists = legitPackages.has(package_name);
+
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          package: package_name,
+          ecosystem,
+          legitimate: exists,
+          hallucinated: !exists,
+          confidence: "high",
+          total_known_packages: totalPackages,
+          recommendation: exists
+            ? "Package exists in registry - safe to use"
+            : "⚠️ POTENTIAL HALLUCINATION - Package not found in registry. Verify before using!"
+        }, null, 2)
+      }]
+    };
+  }
+);
+
+// Register scan_packages tool
+server.tool(
+  "scan_packages",
+  "Scan code for package imports and check for hallucinated (AI-invented) packages",
+  {
+    file_path: z.string().describe("Path to the file to scan"),
+    ecosystem: z.enum(["dart", "perl", "raku", "npm", "pypi"]).describe("The package ecosystem")
+  },
+  async ({ file_path, ecosystem }) => {
+    if (!existsSync(file_path)) {
+      return {
+        content: [{ type: "text", text: JSON.stringify({ error: "File not found" }) }]
+      };
+    }
+
+    const code = readFileSync(file_path, 'utf-8');
+    const packages = extractPackages(code, ecosystem);
+    const legitPackages = LEGITIMATE_PACKAGES[ecosystem];
+    const totalKnown = legitPackages?.size || 0;
+
+    if (totalKnown === 0) {
+      return {
+        content: [{
+          type: "text",
+          text: JSON.stringify({
+            file: file_path,
+            ecosystem,
+            packages_found: packages,
+            status: "unknown",
+            reason: `No package list loaded for ${ecosystem}`
+          }, null, 2)
+        }]
+      };
+    }
+
+    const results = packages.map(pkg => ({
+      package: pkg,
+      legitimate: legitPackages.has(pkg),
+      hallucinated: !legitPackages.has(pkg)
+    }));
+
+    const hallucinated = results.filter(r => r.hallucinated);
+    const legitimate = results.filter(r => r.legitimate);
+
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          file: file_path,
+          ecosystem,
+          total_packages_found: packages.length,
+          legitimate_count: legitimate.length,
+          hallucinated_count: hallucinated.length,
+          known_packages_in_registry: totalKnown,
+          hallucinated_packages: hallucinated.map(r => r.package),
+          legitimate_packages: legitimate.map(r => r.package),
+          all_results: results,
+          recommendation: hallucinated.length > 0
+            ? `⚠️ Found ${hallucinated.length} potentially hallucinated package(s): ${hallucinated.map(r => r.package).join(', ')}`
+            : "✅ All packages verified as legitimate"
+        }, null, 2)
+      }]
+    };
+  }
+);
+
+// Register list_package_stats tool
+server.tool(
+  "list_package_stats",
+  "List statistics about loaded package lists for hallucination detection",
+  {},
+  async () => {
+    const stats = Object.entries(LEGITIMATE_PACKAGES).map(([ecosystem, packages]) => ({
+      ecosystem,
+      packages_loaded: packages.size,
+      status: packages.size > 0 ? "ready" : "not loaded"
+    }));
+
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          package_lists: stats,
+          total_packages: stats.reduce((sum, s) => sum + s.packages_loaded, 0),
+          usage: "Use check_package or scan_packages to detect hallucinated packages"
+        }, null, 2)
+      }]
+    };
+  }
+);
+
+// Load package lists on module initialization
+loadPackageLists();
+
 // Start the server with stdio transport
 async function main() {
   const transport = new StdioServerTransport();

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "1.0.1",
-  "description": "MCP server for security vulnerability scanning - detects SQL injection, XSS, command injection, hardcoded secrets, and more",
+  "version": "1.1.0",
+  "description": "MCP server for security scanning & package hallucination detection - SQL injection, XSS, secrets, and AI-invented package detection",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -21,7 +21,10 @@
     "code-analysis",
     "sql-injection",
     "xss",
-    "secrets-detection"
+    "secrets-detection",
+    "hallucination-detection",
+    "package-verification",
+    "supply-chain-security"
   ],
   "author": "",
   "license": "MIT",
@@ -43,6 +46,7 @@
   "files": [
     "index.js",
     "analyzer.py",
-    "rules/**"
+    "rules/**",
+    "packages/**"
   ]
 }