aws-security-mcp 0.7.3 → 0.7.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -16,7 +16,7 @@ __export(dashboard_exports, {
|
|
|
16
16
|
});
|
|
17
17
|
import { createServer as createServer2 } from "http";
|
|
18
18
|
import { readFile } from "fs/promises";
|
|
19
|
-
import { join as join3, extname, resolve } from "path";
|
|
19
|
+
import { join as join3, extname, resolve, sep } from "path";
|
|
20
20
|
import { existsSync as existsSync2, copyFileSync } from "fs";
|
|
21
21
|
import { fileURLToPath as fileURLToPath2 } from "url";
|
|
22
22
|
import { exec } from "child_process";
|
|
@@ -48,7 +48,7 @@ Expected: ${dashboardDir}`
|
|
|
48
48
|
let filePath = resolve(
|
|
49
49
|
join3(dashboardDir, url === "/" ? "index.html" : url)
|
|
50
50
|
);
|
|
51
|
-
if (!filePath.startsWith(resolvedBase +
|
|
51
|
+
if (!filePath.startsWith(resolvedBase + sep) && filePath !== resolvedBase) {
|
|
52
52
|
res.writeHead(403);
|
|
53
53
|
res.end("Forbidden");
|
|
54
54
|
return;
|
|
@@ -205,7 +205,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
|
|
|
205
205
|
import { z } from "zod";
|
|
206
206
|
|
|
207
207
|
// src/version.ts
|
|
208
|
-
var VERSION = "0.7.
|
|
208
|
+
var VERSION = "0.7.5";
|
|
209
209
|
|
|
210
210
|
// src/utils/aws-client.ts
|
|
211
211
|
import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
|
|
@@ -9256,8 +9256,9 @@ LOW \u2192 P3 (Low)
|
|
|
9256
9256
|
`;
|
|
9257
9257
|
|
|
9258
9258
|
// src/index.ts
|
|
9259
|
-
import { readFileSync as readFileSync2 } from "fs";
|
|
9259
|
+
import { readFileSync as readFileSync2, mkdirSync as mkdirSync2, writeFileSync as writeFileSync2 } from "fs";
|
|
9260
9260
|
import { join as join2, dirname } from "path";
|
|
9261
|
+
import { homedir as homedir2 } from "os";
|
|
9261
9262
|
import { fileURLToPath } from "url";
|
|
9262
9263
|
var MODULE_DESCRIPTIONS = {
|
|
9263
9264
|
service_detection: "Detects which AWS security services (Security Hub, GuardDuty, Inspector, Config) are enabled and assesses security maturity.",
|
|
@@ -9898,6 +9899,79 @@ Deploy this as a StackSet from your Management Account to all member accounts.`
|
|
|
9898
9899
|
}
|
|
9899
9900
|
}
|
|
9900
9901
|
);
|
|
9902
|
+
server.tool(
|
|
9903
|
+
"scan_and_report",
|
|
9904
|
+
"Run a full security scan AND generate reports in one step. Avoids large data transfer between tools. Reports are saved to ~/.aws-security/reports/",
|
|
9905
|
+
{
|
|
9906
|
+
region: z.string().optional().describe("AWS region (default: server region)"),
|
|
9907
|
+
org_mode: z.boolean().optional().describe("Enable multi-account org scanning"),
|
|
9908
|
+
role_name: z.string().optional().describe("IAM role name for cross-account scanning"),
|
|
9909
|
+
account_ids: z.array(z.string()).optional().describe("Filter to specific account IDs"),
|
|
9910
|
+
reports: z.array(z.enum(["html", "hw_defense", "mlps3", "markdown", "all"])).optional().describe("Report types to generate (default: all)"),
|
|
9911
|
+
lang: z.enum(["zh", "en"]).optional().describe("Language: zh or en (default: zh)")
|
|
9912
|
+
},
|
|
9913
|
+
async ({ region, org_mode, role_name, account_ids, reports, lang }) => {
|
|
9914
|
+
try {
|
|
9915
|
+
const r = region ?? defaultRegion;
|
|
9916
|
+
const l = lang ?? "zh";
|
|
9917
|
+
const reportTypes = reports ?? ["all"];
|
|
9918
|
+
const wantAll = reportTypes.includes("all");
|
|
9919
|
+
let result;
|
|
9920
|
+
if (org_mode) {
|
|
9921
|
+
result = await runMultiAccountScanners(allScanners, r, {
|
|
9922
|
+
orgMode: true,
|
|
9923
|
+
roleName: role_name ?? "AWSSecurityMCPAudit",
|
|
9924
|
+
accountIds: account_ids
|
|
9925
|
+
});
|
|
9926
|
+
} else {
|
|
9927
|
+
result = await runAllScanners(allScanners, r);
|
|
9928
|
+
}
|
|
9929
|
+
const baseDir = join2(homedir2(), ".aws-security", "reports", (/* @__PURE__ */ new Date()).toISOString().slice(0, 10));
|
|
9930
|
+
mkdirSync2(baseDir, { recursive: true });
|
|
9931
|
+
const savedFiles = [];
|
|
9932
|
+
if (wantAll || reportTypes.includes("html")) {
|
|
9933
|
+
const html = generateHtmlReport(result, void 0, l);
|
|
9934
|
+
const p = join2(baseDir, "security-report.html");
|
|
9935
|
+
writeFileSync2(p, html);
|
|
9936
|
+
savedFiles.push(p);
|
|
9937
|
+
}
|
|
9938
|
+
if (wantAll || reportTypes.includes("hw_defense")) {
|
|
9939
|
+
const html = generateHwDefenseHtmlReport(result, l);
|
|
9940
|
+
const p = join2(baseDir, "hw-defense-report.html");
|
|
9941
|
+
writeFileSync2(p, html);
|
|
9942
|
+
savedFiles.push(p);
|
|
9943
|
+
}
|
|
9944
|
+
if (wantAll || reportTypes.includes("mlps3")) {
|
|
9945
|
+
const html = generateMlps3HtmlReport(result, void 0, l);
|
|
9946
|
+
const p = join2(baseDir, "mlps3-report.html");
|
|
9947
|
+
writeFileSync2(p, html);
|
|
9948
|
+
savedFiles.push(p);
|
|
9949
|
+
}
|
|
9950
|
+
if (wantAll || reportTypes.includes("markdown")) {
|
|
9951
|
+
const md = generateMarkdownReport(result, l);
|
|
9952
|
+
const p = join2(baseDir, "security-report.md");
|
|
9953
|
+
writeFileSync2(p, md);
|
|
9954
|
+
savedFiles.push(p);
|
|
9955
|
+
}
|
|
9956
|
+
saveResults(result);
|
|
9957
|
+
const summary = summarizeResult(result, l);
|
|
9958
|
+
const fileList = savedFiles.map((f) => ` ${f}`).join("\n");
|
|
9959
|
+
return {
|
|
9960
|
+
content: [{
|
|
9961
|
+
type: "text",
|
|
9962
|
+
text: `${summary}
|
|
9963
|
+
|
|
9964
|
+
Reports saved:
|
|
9965
|
+
${fileList}
|
|
9966
|
+
|
|
9967
|
+
Dashboard data updated.`
|
|
9968
|
+
}]
|
|
9969
|
+
};
|
|
9970
|
+
} catch (err) {
|
|
9971
|
+
return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
|
|
9972
|
+
}
|
|
9973
|
+
}
|
|
9974
|
+
);
|
|
9901
9975
|
server.resource(
|
|
9902
9976
|
"security-rules",
|
|
9903
9977
|
"security://rules",
|