OSV

Instructions

Implementation Reference

• src/server.py:153-165 (handler)

  MCP tool handler for 'query_for_cve_fix_versions'. Decorated with @mcp.tool(), it instantiates OSVServer and calls its query_for_cve_fix_versions method to execute the tool logic.
  @mcp.tool() def query_for_cve_fix_versions(cve: str): """ Query the OSV database for a CVE and return the fix versions. Args: cve: The CVE ID to query Returns: A list of fix versions """ osv = OSVServer() return osv.query_for_cve_fix_versions(cve)
• src/server.py:92-98 (helper)

  Core implementation in OSVServer class: queries CVE details via _query_cve and extracts fix versions via _parse_fix_versions.
  def query_for_cve_fix_versions(self, cve: str): """ Query the OSV database for a CVE and return the fix versions. """ data = self._query_cve(cve) versions = self._parse_fix_versions(data) return versions
• src/server.py:50-70 (helper)

  Helper function to parse and deduplicate fix version strings from the OSV API response.
  def _parse_fix_versions(self, data: dict): """ Parse fix version strings from the OSV response. Extracts fix versions from the 'ranges[].events[].fixed' in the affected package data. Args: data: The full OSV response JSON data Returns: List of fixed version strings """ fix_versions = [] if 'affected' in data: for affected in data['affected']: if 'ranges' in affected: for range_data in affected['ranges']: if 'events' in range_data: for event in range_data['events']: if 'fixed' in event: fix_versions.append(event['fixed']) return list(set(fix_versions)) # Remove duplicates
• src/server.py:23-29 (helper)

  Helper function to fetch CVE details from OSV API endpoint.
  def _query_cve(self, cve: str): """ Query the OSV database for a CVE. """ url = self.cve_url.format(cve_id=cve) response = requests.get(url) return response.json()