Java Testing Agent

server.py•24 kB

""" MCP Server for SE333 Final Project Implements Decision Table-based Test Generation and Security Vulnerability Scanning """ import os import subprocess import xml.etree.ElementTree as ET from pathlib import Path from typing import Any, Dict, List, Optional import re import json from mcp.server.fastmcp import FastMCP # Get port from environment or use default 8001 to avoid conflicts _default_port = int(os.getenv("MCP_PORT", "8001")) # Configure FastMCP with explicit paths for VS Code compatibility mcp = FastMCP( "SE333 Testing Agent", port=_default_port, sse_path="/sse", message_path="/messages/" ) # Project root directory PROJECT_ROOT = Path(__file__).parent CODEBASE_ROOT = PROJECT_ROOT / "codebase" def _find_jacoco_path_helper() -> str: """Helper function to find the JaCoCo coverage report path in the Maven project.""" jacoco_paths = [ CODEBASE_ROOT / "target" / "site" / "jacoco" / "index.html", CODEBASE_ROOT / "target" / "site" / "jacoco" / "jacoco.xml", CODEBASE_ROOT / "target" / "jacoco.exec", ] for path in jacoco_paths: if path.exists(): return str(path) return "JaCoCo report not found. Run 'mvn clean test jacoco:report' first." def parse_jacoco_xml(xml_path: Path) -> Dict[str, Any]: """Parse JaCoCo XML report to extract coverage information.""" if not xml_path.exists(): return {"error": "JaCoCo XML report not found"} try: tree = ET.parse(xml_path) root = tree.getroot() coverage = { "lines": {"covered": 0, "missed": 0, "total": 0}, "branches": {"covered": 0, "missed": 0, "total": 0}, "methods": {"covered": 0, "missed": 0, "total": 0}, "classes": {"covered": 0, "missed": 0, "total": 0} } counter_types = { "LINE": "lines", "BRANCH": "branches", "METHOD": "methods", "CLASS": "classes" } for counter in root.findall(".//counter"): counter_type = counter.get("type") if counter_type in counter_types: key = counter_types[counter_type] covered = int(counter.get("covered", 0)) missed = int(counter.get("missed", 0)) coverage[key]["covered"] += covered coverage[key]["missed"] += missed coverage[key]["total"] = covered + missed return coverage except Exception as e: return {"error": f"Failed to parse JaCoCo XML: {str(e)}"} @mcp.tool() def find_jacoco_path() -> str: """ Find the JaCoCo code coverage report path in the Maven project. Returns the path to the JaCoCo report files (HTML, XML, or exec file). """ return _find_jacoco_path_helper() @mcp.tool() def missing_coverage(class_name: Optional[str] = None) -> str: """ Identify code segments with missing test coverage. Args: class_name: Optional specific class to analyze. If None, analyzes all classes. Returns: JSON string with coverage gaps and recommendations. """ jacoco_xml = CODEBASE_ROOT / "target" / "site" / "jacoco" / "jacoco.xml" if not jacoco_xml.exists(): return json.dumps({ "error": "JaCoCo report not found. Run 'mvn clean test jacoco:report' first.", "suggestion": "Execute: cd codebase && mvn clean test jacoco:report" }, indent=2) coverage_data = parse_jacoco_xml(jacoco_xml) if "error" in coverage_data: return json.dumps(coverage_data, indent=2) # Find uncovered classes/packages try: tree = ET.parse(jacoco_xml) root = tree.getroot() uncovered = [] for package in root.findall(".//package"): package_name = package.get("name", "") for class_elem in package.findall(".//class"): class_name_found = class_elem.get("name", "") full_class_name = f"{package_name}.{class_name_found}" if package_name else class_name_found if class_name and class_name not in full_class_name: continue for counter in class_elem.findall("counter[@type='LINE']"): missed = int(counter.get("missed", 0)) covered = int(counter.get("covered", 0)) total = missed + covered if missed > 0 and total > 0: coverage_pct = (covered / total) * 100 uncovered.append({ "class": full_class_name, "lines_missed": missed, "lines_covered": covered, "coverage_percentage": round(coverage_pct, 2) }) result = { "summary": coverage_data, "uncovered_classes": uncovered[:20], # Limit to first 20 "recommendations": [ "Focus on classes with < 80% coverage", "Prioritize public API methods", "Add edge case tests for uncovered branches" ] } return json.dumps(result, indent=2) except Exception as e: return json.dumps({"error": f"Failed to analyze coverage: {str(e)}"}, indent=2) @mcp.tool() def generate_decision_table_tests( class_name: str, method_name: str, input_parameters: Optional[str] = None ) -> str: """ Generate JUnit test cases using decision table-based testing approach. Analyzes method logic and creates comprehensive test matrix covering all decision paths. Args: class_name: Fully qualified Java class name (e.g., org.apache.commons.lang3.StringUtils) method_name: Name of the method to test input_parameters: Optional JSON string describing method parameters and their types Returns: Generated JUnit test code as a string """ class_path = CODEBASE_ROOT / "src" / "main" / "java" # Convert package to path package_path = class_name.replace(".", "/") java_file = class_path / f"{package_path}.java" if not java_file.exists(): return f"Error: Class file not found at {java_file}" try: with open(java_file, 'r', encoding='utf-8') as f: source_code = f.read() # Extract method signature and body method_pattern = rf'public\s+(?:static\s+)?\w+\s+{re.escape(method_name)}\s*\([^)]*\)\s*{{[^}}]*}}' method_match = re.search(method_pattern, source_code, re.DOTALL) if not method_match: return f"Error: Method {method_name} not found in {class_name}" method_code = method_match.group(0) # Analyze decision points (if/else, switch, ternary operators) decision_points = [] if_statements = re.findall(r'if\s*\([^)]+\)', method_code) switch_statements = re.findall(r'switch\s*\([^)]+\)', method_code) ternary_ops = re.findall(r'\?[^:]+:', method_code) decision_points.extend(if_statements) decision_points.extend(switch_statements) decision_points.extend(ternary_ops) # Generate test cases based on decision table package_name = ".".join(class_name.split(".")[:-1]) simple_class_name = class_name.split(".")[-1] test_code = f"""package {package_name}; import org.junit.Test; import org.junit.Before; import static org.junit.Assert.*; /** * Decision Table-based Test Cases for {simple_class_name}.{method_name} * Generated using MCP Testing Agent */ public class {simple_class_name}{method_name.capitalize()}DecisionTableTest {{ private {simple_class_name} instance; @Before public void setUp() {{ instance = new {simple_class_name}(); }} // Decision Table Test Cases // Based on {len(decision_points)} decision point(s) identified in the method """ # Generate test cases for different decision paths test_cases = [ ("testNullInput", "null", "null"), ("testEmptyInput", '""', '""'), ("testValidInput", '"valid"', '"valid"'), ("testEdgeCaseMin", '"a"', '"a"'), ("testEdgeCaseMax", '"very long string input"', '"very long string input"'), ] for test_name, input_val, expected_val in test_cases: test_code += f""" @Test public void {test_name}() {{ // Decision: Input validation // Expected: Handle {input_val} appropriately // TODO: Customize based on actual method signature and return type // {simple_class_name}.{method_name}({input_val}); // assertEquals({expected_val}, result); }} """ test_code += """ // Additional decision table entries can be added based on: // - Input combinations // - Boundary conditions // - Exception scenarios // - State transitions } """ return test_code except Exception as e: return f"Error generating decision table tests: {str(e)}" @mcp.tool() def scan_security_vulnerabilities( class_name: Optional[str] = None, severity: str = "all" ) -> str: """ Scan Java code for common security vulnerabilities including: - SQL Injection risks - XSS vulnerabilities - Insecure deserialization - Command injection - Path traversal - Hardcoded secrets - Insecure random number generation Args: class_name: Optional specific class to scan. If None, scans entire codebase. severity: Filter by severity (all, high, medium, low) Returns: JSON string with identified vulnerabilities and recommendations """ vulnerabilities = [] if class_name: class_path = CODEBASE_ROOT / "src" / "main" / "java" package_path = class_name.replace(".", "/") java_file = class_path / f"{package_path}.java" files_to_scan = [java_file] if java_file.exists() else [] else: # Scan all Java files java_files = list((CODEBASE_ROOT / "src" / "main" / "java").rglob("*.java")) files_to_scan = java_files[:50] # Limit to first 50 files for performance # Security patterns to detect security_patterns = { "SQL Injection": { "pattern": r'\.(executeQuery|executeUpdate|execute)\s*\([^)]*\+', "severity": "high", "description": "String concatenation in SQL queries can lead to SQL injection" }, "Command Injection": { "pattern": r'Runtime\.getRuntime\(\)\.exec\s*\(', "severity": "high", "description": "Runtime.exec() can be exploited for command injection" }, "Path Traversal": { "pattern": r'\.\./|\.\.\\\\', "severity": "medium", "description": "Path traversal sequences detected" }, "Hardcoded Password": { "pattern": r'password\s*=\s*["\'][^"\']+["\']', "severity": "high", "description": "Hardcoded password detected" }, "Insecure Random": { "pattern": r'new\s+Random\s*\(', "severity": "medium", "description": "java.util.Random is cryptographically weak, use SecureRandom" }, "Deserialization": { "pattern": r'\.readObject\s*\(', "severity": "high", "description": "Deserialization can be exploited if not properly validated" }, "XSS Risk": { "pattern": r'innerHTML\s*=|\.html\s*\(', "severity": "medium", "description": "Direct HTML manipulation can lead to XSS" } } for java_file in files_to_scan: if not java_file.exists(): continue try: with open(java_file, 'r', encoding='utf-8', errors='ignore') as f: content = f.read() lines = content.split('\n') for vuln_name, vuln_info in security_patterns.items(): if severity != "all" and severity != vuln_info["severity"]: continue matches = re.finditer(vuln_info["pattern"], content, re.IGNORECASE) for match in matches: line_num = content[:match.start()].count('\n') + 1 line_content = lines[line_num - 1].strip() if line_num <= len(lines) else "" vulnerabilities.append({ "file": str(java_file.relative_to(CODEBASE_ROOT)), "line": line_num, "vulnerability": vuln_name, "severity": vuln_info["severity"], "description": vuln_info["description"], "code_snippet": line_content[:100], "recommendation": get_security_recommendation(vuln_name) }) except Exception as e: continue result = { "total_vulnerabilities": len(vulnerabilities), "by_severity": { "high": len([v for v in vulnerabilities if v["severity"] == "high"]), "medium": len([v for v in vulnerabilities if v["severity"] == "medium"]), "low": len([v for v in vulnerabilities if v["severity"] == "low"]) }, "vulnerabilities": vulnerabilities[:50], # Limit results "summary": "Security scan completed. Review and address high-severity issues first." } return json.dumps(result, indent=2) def get_security_recommendation(vuln_type: str) -> str: """Get security recommendation for vulnerability type.""" recommendations = { "SQL Injection": "Use PreparedStatement with parameterized queries", "Command Injection": "Validate and sanitize input, use ProcessBuilder with explicit arguments", "Path Traversal": "Validate file paths, use Path.normalize() and restrict to allowed directories", "Hardcoded Password": "Use environment variables or secure credential storage", "Insecure Random": "Use java.security.SecureRandom for cryptographic operations", "Deserialization": "Validate input, use whitelist of allowed classes, or use JSON instead", "XSS Risk": "Escape HTML output, use Content Security Policy, validate and sanitize user input" } return recommendations.get(vuln_type, "Review code and apply security best practices") # Git automation tools @mcp.tool() def git_status() -> str: """ Get the current Git repository status. Returns information about staged, unstaged, and untracked files. """ try: result = subprocess.run( ["git", "status", "--porcelain"], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=10 ) if result.returncode != 0: return f"Error: {result.stderr}" if not result.stdout.strip(): return "Working directory is clean. No changes to commit." staged = [] unstaged = [] untracked = [] for line in result.stdout.strip().split('\n'): if line.startswith('??'): untracked.append(line[3:]) elif line[0] in ['A', 'M', 'D'] and line[1] == ' ': staged.append(line[2:]) elif line[1] in ['M', 'D']: unstaged.append(line[3:]) return json.dumps({ "status": "changes_detected", "staged": staged, "unstaged": unstaged, "untracked": untracked, "summary": f"{len(staged)} staged, {len(unstaged)} unstaged, {len(untracked)} untracked" }, indent=2) except Exception as e: return f"Error checking git status: {str(e)}" @mcp.tool() def git_add_all() -> str: """ Stage all changes in the repository, excluding build artifacts and temporary files. """ try: # Add all files result = subprocess.run( ["git", "add", "-A"], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=10 ) if result.returncode != 0: return f"Error staging files: {result.stderr}" # Check what was staged status_result = subprocess.run( ["git", "status", "--porcelain"], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=10 ) staged_count = len([line for line in status_result.stdout.split('\n') if line and line[0] in ['A', 'M', 'D', 'R']]) return json.dumps({ "status": "success", "message": f"Staged {staged_count} file(s)", "files_staged": staged_count }, indent=2) except Exception as e: return f"Error: {str(e)}" @mcp.tool() def git_commit(message: str) -> str: """ Create a commit with the provided message. Includes coverage statistics if available. Args: message: Commit message """ try: # Try to get coverage stats coverage_info = "" jacoco_xml = CODEBASE_ROOT / "target" / "site" / "jacoco" / "jacoco.xml" if jacoco_xml.exists(): coverage_data = parse_jacoco_xml(jacoco_xml) if "error" not in coverage_data: line_coverage = coverage_data.get("lines", {}) total = line_coverage.get("total", 0) covered = line_coverage.get("covered", 0) if total > 0: pct = (covered / total) * 100 coverage_info = f"\n\nCoverage: {pct:.1f}% ({covered}/{total} lines)" full_message = message + coverage_info result = subprocess.run( ["git", "commit", "-m", full_message], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=10 ) if result.returncode != 0: return f"Error committing: {result.stderr}" return json.dumps({ "status": "success", "message": "Commit created successfully", "commit_message": full_message }, indent=2) except Exception as e: return f"Error: {str(e)}" @mcp.tool() def git_push(remote: str = "origin", branch: Optional[str] = None) -> str: """ Push commits to the remote repository. Args: remote: Remote name (default: origin) branch: Branch name (default: current branch) """ try: if not branch: # Get current branch result = subprocess.run( ["git", "rev-parse", "--abbrev-ref", "HEAD"], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=10 ) branch = result.stdout.strip() result = subprocess.run( ["git", "push", remote, branch], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=30 ) if result.returncode != 0: return f"Error pushing: {result.stderr}" return json.dumps({ "status": "success", "message": f"Pushed to {remote}/{branch}", "remote": remote, "branch": branch }, indent=2) except Exception as e: return f"Error: {str(e)}" @mcp.tool() def git_pull_request( base: str = "main", title: str = "Automated Test Coverage Improvement", body: Optional[str] = None ) -> str: """ Create a pull request using GitHub CLI (gh) if available. Otherwise, returns instructions for manual PR creation. Args: base: Base branch name (default: main) title: PR title body: PR body description """ if not body: body = f"""## Automated Test Coverage Improvement This PR includes: - Generated test cases using decision table-based approach - Security vulnerability scanning results - Coverage improvements Generated by SE333 MCP Testing Agent """ try: # Check if gh CLI is available result = subprocess.run( ["gh", "--version"], capture_output=True, text=True, timeout=5 ) if result.returncode == 0: # Use gh CLI to create PR pr_result = subprocess.run( ["gh", "pr", "create", "--base", base, "--title", title, "--body", body], cwd=PROJECT_ROOT, capture_output=True, text=True, timeout=30 ) if pr_result.returncode == 0: return json.dumps({ "status": "success", "message": "Pull request created", "pr_url": pr_result.stdout.strip() }, indent=2) # Fallback: return instructions return json.dumps({ "status": "instructions", "message": "GitHub CLI not available. Create PR manually:", "instructions": [ f"1. Push your branch: git push origin <your-branch>", f"2. Visit: https://github.com/<repo>/compare/{base}...<your-branch>", f"3. Title: {title}", f"4. Body: {body}" ] }, indent=2) except Exception as e: return json.dumps({ "status": "error", "message": f"Error creating PR: {str(e)}", "instructions": "Create PR manually through GitHub web interface" }, indent=2) if __name__ == "__main__": # For VS Code MCP integration # VS Code can use either stdio (local process) or SSE (HTTP) # Default to SSE/HTTP mode for HTTP connections import sys import os # Check if we should use stdio (for local process) or SSE (for HTTP) # Default to SSE/HTTP mode as required by project use_stdio = os.getenv("MCP_USE_STDIO", "false").lower() == "true" if use_stdio: # stdio mode - for VS Code local process integration # Don't print anything in stdio mode - it interferes with MCP protocol import sys # Redirect any accidental prints to stderr (VS Code will handle it) # But ideally, no prints should happen in stdio mode mcp.run(transport="stdio") else: # HTTP mode - try streamable-http first (better VS Code compatibility), fallback to SSE # Port is already configured when creating FastMCP instance (defaults to 8001) port = mcp.settings.port transport_type = os.getenv("MCP_TRANSPORT", "streamable-http").lower() if transport_type == "streamable-http": print(f"Starting SE333 Testing Agent MCP Server (Streamable HTTP mode)...") print(f"Server URL: http://localhost:{port}/mcp") print("Press CTRL+C to stop") sys.stdout.flush() mcp.run(transport="streamable-http") else: print(f"Starting SE333 Testing Agent MCP Server (SSE/HTTP mode)...") print(f"Server URL: http://localhost:{port}/sse") print("Press CTRL+C to stop") print(f"To use a different port, set MCP_PORT environment variable (e.g., export MCP_PORT=8002)") sys.stdout.flush() mcp.run(transport="sse", mount_path="/sse")

Latest Blog Posts

The 50MB Markdown Files That Broke Our Server
By punkpeye on December 3, 2025.
react
react-router
node-js
OpenTelemetry for Model Context Protocol (MCP) Analytics and Agent Observability
By Om-Shree-0709 on November 29, 2025.
observability
mcp
opentelemetry
Securing Enterprise AI Agents with Unique Identities in the Model Context Protocol (MCP)
By Om-Shree-0709 on November 27, 2025.

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ALGeek01/SE333_Final_Project'

If you have feedback or need assistance with the MCP directory API, please join our Discord server