npm - agent-security-scanner-mcp - Versions diffs - 3.1.0 → 3.2.0 - Mend

agent-security-scanner-mcp 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +69 -1
package/index.js +31 -2428
package/package.json +5 -1
package/src/analyzer.py +119 -0
package/src/cli/demo.js +238 -0
package/src/cli/doctor.js +273 -0
package/src/cli/init.js +288 -0
package/src/fix-patterns.js +698 -0
package/src/tools/check-package.js +169 -0
package/src/tools/fix-security.js +115 -0
package/src/tools/scan-packages.js +154 -0
package/src/tools/scan-prompt.js +570 -0
package/src/tools/scan-security.js +117 -0
package/src/utils.js +153 -0

package/src/utils.js ADDED Viewed

@@ -0,0 +1,153 @@
+import { execFileSync } from "child_process";
+import { readFileSync, existsSync } from "fs";
+import { dirname, join, extname, basename } from "path";
+import { fileURLToPath } from "url";
+import { FIX_TEMPLATES } from './fix-patterns.js';
+// Handle both ESM and CJS bundling (Smithery bundles to CJS)
+let __dirname;
+try {
+  __dirname = dirname(fileURLToPath(import.meta.url));
+} catch {
+  __dirname = process.cwd();
+}
+// Detect language from file extension
+export function detectLanguage(filePath) {
+  // Check basename first for extensionless files like Dockerfile
+  const base = filePath.split('/').pop().split('\\').pop().toLowerCase();
+  if (base === 'dockerfile' || base.startsWith('dockerfile.')) return 'dockerfile';
+  const ext = filePath.split('.').pop().toLowerCase();
+  const langMap = {
+    'py': 'python', 'js': 'javascript', 'ts': 'typescript',
+    'tsx': 'typescript', 'jsx': 'javascript', 'java': 'java',
+    'go': 'go', 'rb': 'ruby', 'php': 'php',
+    'cs': 'csharp', 'rs': 'rust', 'c': 'c', 'cpp': 'cpp',
+    'cc': 'cpp', 'cxx': 'cpp', 'h': 'c', 'hpp': 'cpp',
+    'tf': 'terraform', 'hcl': 'terraform',
+    'yaml': 'generic', 'yml': 'generic',
+    'sql': 'sql',
+    // Prompt/text file extensions for prompt injection scanning
+    'txt': 'generic', 'md': 'generic', 'prompt': 'generic',
+    'jinja': 'generic', 'jinja2': 'generic', 'j2': 'generic'
+  };
+  return langMap[ext] || 'generic';
+}
+// Run the Python analyzer
+export function runAnalyzer(filePath) {
+  try {
+    const analyzerPath = join(__dirname, '..', 'analyzer.py');
+    const result = execFileSync('python3', [analyzerPath, filePath], {
+      encoding: 'utf-8',
+      timeout: 30000
+    });
+    return JSON.parse(result);
+  } catch (error) {
+    return { error: error.message };
+  }
+}
+// Generate fix suggestion for an issue
+export function generateFix(issue, line, language) {
+  const ruleId = issue.ruleId.toLowerCase();
+  for (const [pattern, template] of Object.entries(FIX_TEMPLATES)) {
+    if (ruleId.includes(pattern)) {
+      return {
+        description: template.description,
+        original: line,
+        fixed: template.fix(line, language)
+      };
+    }
+  }
+  return {
+    description: "Review and fix manually based on the security rule",
+    original: line,
+    fixed: null
+  };
+}
+// Convert issues to SARIF 2.1.0 format
+export function toSarif(file_path, language, issues) {
+  const severityToLevel = {
+    'error': 'error',
+    'ERROR': 'error',
+    'warning': 'warning',
+    'WARNING': 'warning',
+    'info': 'note',
+    'INFO': 'note'
+  };
+  // Build unique rules from issues
+  const rulesMap = new Map();
+  for (const issue of issues) {
+    if (!rulesMap.has(issue.ruleId)) {
+      rulesMap.set(issue.ruleId, {
+        id: issue.ruleId,
+        shortDescription: { text: issue.message },
+        defaultConfiguration: {
+          level: severityToLevel[issue.severity] || 'warning'
+        },
+        properties: issue.metadata || {}
+      });
+    }
+  }
+  // Build results
+  const results = issues.map(issue => {
+    const result = {
+      ruleId: issue.ruleId,
+      level: severityToLevel[issue.severity] || 'warning',
+      message: { text: issue.message },
+      locations: [{
+        physicalLocation: {
+          artifactLocation: { uri: file_path },
+          region: {
+            startLine: (issue.line || 0) + 1,
+            startColumn: (issue.column || 0) + 1
+          }
+        }
+      }]
+    };
+    // Add fix if available
+    if (issue.suggested_fix && issue.suggested_fix.fixed) {
+      result.fixes = [{
+        description: { text: issue.suggested_fix.description || 'Apply security fix' },
+        artifactChanges: [{
+          artifactLocation: { uri: file_path },
+          replacements: [{
+            deletedRegion: {
+              startLine: (issue.line || 0) + 1,
+              startColumn: 1,
+              endLine: (issue.line || 0) + 1,
+              endColumn: (issue.line_content?.length || 0) + 1
+            },
+            insertedContent: { text: issue.suggested_fix.fixed }
+          }]
+        }]
+      }];
+    }
+    return result;
+  });
+  return {
+    $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+    version: '2.1.0',
+    runs: [{
+      tool: {
+        driver: {
+          name: 'agent-security-scanner-mcp',
+          version: '3.1.0',
+          informationUri: 'https://github.com/sinewaveai/agent-security-scanner-mcp',
+          rules: Array.from(rulesMap.values())
+        }
+      },
+      results: results
+    }]
+  };
+}