security_audit
Analyzes Python code to identify security vulnerabilities like SQL injection and command injection, helping developers detect risks before deployment.
Instructions
Focused security vulnerability analysis for Python code. Identifies SQL injection, command injection, and other security risks.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | Python code to audit for security vulnerabilities | |
| filename | No | Name of the file (optional) | unknown.py |
Implementation Reference
- src/index.ts:270-287 (handler)Handler function that executes the security_audit tool. Parses input arguments using SecurityAuditSchema, performs code analysis using PythonAnalyzer, generates a security report with ReportFormatter, adds custom security insights, and returns the result as MCP content.private async handleSecurityAudit(args: unknown) { const { code, filename } = SecurityAuditSchema.parse(args); const result = this.analyzer.analyzePythonCode(code, filename); const securityReport = this.formatter.generateSecurityReport(result); // Add additional security insights const securityInsights = this.generateSecurityInsights(result); return { content: [ { type: 'text', text: `${securityReport}\n\n${securityInsights}` } ] }; }
- src/index.ts:32-35 (schema)Zod validation schema for security_audit tool inputs: requires 'code' string, optional 'filename' defaulting to 'unknown.py'.const SecurityAuditSchema = z.object({ code: z.string().min(1, "Code cannot be empty"), filename: z.string().optional().default("unknown.py") });
- src/index.ts:106-124 (registration)Tool registration in the ListTools response, defining name 'security_audit', description, and input schema matching the Zod schema.{ name: 'security_audit', description: 'Focused security vulnerability analysis for Python code. Identifies SQL injection, command injection, and other security risks.', inputSchema: { type: 'object', properties: { code: { type: 'string', description: 'Python code to audit for security vulnerabilities' }, filename: { type: 'string', description: 'Name of the file (optional)', default: 'unknown.py' } }, required: ['code'] } },
- src/index.ts:354-391 (helper)Supporting helper function called by the handler to generate additional security insights, including vulnerability summaries and critical alerts.private generateSecurityInsights(result: AnalysisResult): string { const securityIssues = result.issues.filter(i => i.type === 'security'); const insights = [ '## π§ **SECURITY INSIGHTS**', '' ]; if (securityIssues.length === 0) { insights.push('β **No immediate security vulnerabilities detected in this code.**'); insights.push(''); insights.push('**Proactive Security Measures:**'); insights.push('- Implement input validation for all user inputs'); insights.push('- Use environment variables for sensitive configuration'); insights.push('- Enable logging for security-relevant events'); insights.push('- Regularly update dependencies to patch known vulnerabilities'); return insights.join('\n'); } const vulnTypes = [...new Set(securityIssues.map(i => i.rule))]; insights.push(`**Vulnerability Types Found:** ${vulnTypes.length}`); insights.push(`**Most Common:** ${this.getMostCommonVulnerability(securityIssues)}`); insights.push(''); const criticalSecurity = securityIssues.filter(i => i.severity === 'critical'); if (criticalSecurity.length > 0) { insights.push('π¨ **CRITICAL SECURITY ALERT:**'); insights.push(`This code contains ${criticalSecurity.length} critical security vulnerabilities that could lead to:`); insights.push('- Data breaches and unauthorized access'); insights.push('- Remote code execution'); insights.push('- SQL injection attacks'); insights.push('- Complete system compromise'); insights.push(''); insights.push('**IMMEDIATE ACTION REQUIRED BEFORE DEPLOYMENT**'); } return insights.join('\n'); }