OSV

Instructions

Implementation Reference

• src/server.py:153-165 (handler)

  MCP tool handler for 'query_for_cve_fix_versions'. Registers the tool and executes by delegating to OSVServer instance method. Includes input schema via type annotation and docstring.
  @mcp.tool() def query_for_cve_fix_versions(cve: str): """ Query the OSV database for a CVE and return the fix versions. Args: cve: The CVE ID to query Returns: A list of fix versions """ osv = OSVServer() return osv.query_for_cve_fix_versions(cve)
• src/server.py:92-98 (helper)

  Core helper method in OSVServer class implementing the query logic: fetches CVE data from OSV API and extracts fix versions using _parse_fix_versions.
  def query_for_cve_fix_versions(self, cve: str): """ Query the OSV database for a CVE and return the fix versions. """ data = self._query_cve(cve) versions = self._parse_fix_versions(data) return versions
• src/server.py:50-70 (helper)

  Supporting utility that parses fix version information from the OSV API response JSON.
  def _parse_fix_versions(self, data: dict): """ Parse fix version strings from the OSV response. Extracts fix versions from the 'ranges[].events[].fixed' in the affected package data. Args: data: The full OSV response JSON data Returns: List of fixed version strings """ fix_versions = [] if 'affected' in data: for affected in data['affected']: if 'ranges' in affected: for range_data in affected['ranges']: if 'events' in range_data: for event in range_data['events']: if 'fixed' in event: fix_versions.append(event['fixed']) return list(set(fix_versions)) # Remove duplicates
• src/server.py:23-29 (helper)

  Helper method to query the OSV API for CVE details.
  def _query_cve(self, cve: str): """ Query the OSV database for a CVE. """ url = self.cve_url.format(cve_id=cve) response = requests.get(url) return response.json()