OSV

Instructions

Implementation Reference

• src/server.py:139-152 (handler)

  MCP tool handler for 'query_for_cve_affected'. Instantiates OSVServer and delegates to its query_for_cve_affected method, which executes the core logic.
  @mcp.tool() def query_for_cve_affected(cve: str): """ Query the OSV database for a CVE and return the affected versions. Args: cve: The CVE ID to query Returns: A list of affected versions """ osv = OSVServer() return osv.query_for_cve_affected(cve)
• src/server.py:84-90 (helper)

  Core implementation in OSVServer class: queries OSV API for CVE details and parses affected package versions using helper methods _query_cve and _parse_versions.
  def query_for_cve_affected(self, cve: str): """ Query the OSV database for a CVE and return the affected versions. """ data = self._query_cve(cve) versions = self._parse_versions(data) return versions
• src/server.py:23-29 (helper)

  Helper method to fetch CVE data from OSV API via GET request.
  def _query_cve(self, cve: str): """ Query the OSV database for a CVE. """ url = self.cve_url.format(cve_id=cve) response = requests.get(url) return response.json()
• src/server.py:31-48 (helper)

  Helper method to extract affected versions from OSV response JSON.
  def _parse_versions(self, data: dict): """ Parse version strings from the OSV response. Extracts versions from the 'versions' array in the affected package data. Args: data: The full OSV response JSON data Returns: List of version strings """ versions = [] if 'affected' in data: for affected in data['affected']: if 'versions' in affected: versions.extend(affected['versions']) versions = list(set(versions)) return versions
• src/server.py:139-139 (registration)

  The @mcp.tool() decorator registers the query_for_cve_affected function as an MCP tool.
  @mcp.tool()