IT-MCP

import { CommandRunner, CommandExecutionError, type CommandResult } from "../utils/commandRunner.js"; import { resolve, join } from "node:path"; import { tmpdir } from "node:os"; export interface CodeqlScanOptions { readonly sourceRoot: string; readonly language: "javascript" | "typescript" | "python" | "cpp" | "csharp" | "java" | string; readonly buildCommand?: string; readonly databasePath?: string; readonly querySuite?: string; readonly outputSarifPath?: string; } export interface CodeqlScanResult { readonly databasePath: string; readonly sarifPath: string; readonly commands: CommandResult[]; } export interface OpenvasScanOptions { readonly target: string; readonly portRange?: string; readonly profile?: string; readonly username?: string; readonly password?: string; } export interface OpenvasScanResult { readonly command: string; readonly stdout: string; readonly stderr: string; readonly exitCode: number | null; } export interface InstallationResult { readonly command: string; readonly stdout: string; readonly stderr: string; readonly exitCode: number | null; } export class SecurityScannerService { public constructor(private readonly runner: CommandRunner) {} public async installCodeql(): Promise<InstallationResult> { const command = "brew install codeql"; return this.executeInstall(command, true); } public async installOpenvas(): Promise<InstallationResult> { const command = "brew install gvm"; return this.executeInstall(command, true); } public async runCodeqlScan(options: CodeqlScanOptions): Promise<CodeqlScanResult> { const sourceRoot = resolve(options.sourceRoot); const language = options.language; const databasePath = resolve(options.databasePath ?? join(tmpdir(), `codeql-db-${Date.now()}`)); const sarifPath = resolve(options.outputSarifPath ?? join(tmpdir(), `codeql-results-${Date.now()}.sarif`)); const querySuite = options.querySuite ?? `codeql-suites/${language}-code-scanning.qls`; const commands: CommandResult[] = []; const databaseCreateCmd = [ "codeql", "database", "create", databasePath, "--language", language, "--source-root", sourceRoot, ]; if (options.buildCommand) { databaseCreateCmd.push("--command", options.buildCommand); } commands.push(await this.runner.run(databaseCreateCmd.join(" "))); const analyzeCmd = [ "codeql", "database", "analyze", databasePath, querySuite, "--format=sarifv2.1.0", `--output=${sarifPath}`, ]; commands.push(await this.runner.run(analyzeCmd.join(" "))); return { databasePath, sarifPath, commands, }; } public async updateOpenvasFeeds(): Promise<CommandResult> { return this.runner.run("gvm-feed-update", { requiresSudo: true }); } public async runOpenvasScan(options: OpenvasScanOptions): Promise<OpenvasScanResult> { const profile = options.profile ?? "Full and fast"; const commandParts = [ "gvm-cli", "--gmp-username", options.username ?? "admin", "--gmp-password", options.password ?? "admin", "socket", "--xml", `'<?xml version="1.0"?><create_task><name>MCP Scan ${options.target}</name><comment>Generated via scan_security_vulnerabilities</comment><config id="${profile}"/><target id="${options.target}"/></create_task>'`, ]; try { const result = await this.runner.run(commandParts.join(" ")); return { command: commandParts.join(" "), stdout: result.stdout, stderr: result.stderr, exitCode: result.code, }; } catch (error) { const failed = error instanceof CommandExecutionError ? error.result : undefined; return { command: commandParts.join(" "), stdout: failed?.stdout ?? "", stderr: failed?.stderr ?? "OpenVAS execution failed. Ensure gvm service is running and credentials are configured.", exitCode: failed?.code ?? 1, }; } } private async executeInstall(command: string, sudo: boolean): Promise<InstallationResult> { try { const result = await this.runner.run(command, { requiresSudo: sudo }); return { command, stdout: result.stdout, stderr: result.stderr, exitCode: result.code, }; } catch (error) { const failed = error instanceof CommandExecutionError ? error.result : undefined; return { command, stdout: failed?.stdout ?? "", stderr: failed?.stderr ?? (error as Error).message, exitCode: failed?.code ?? 1, }; } } }