-
securityA
license-
qualityA Model Context Protocol tool for analyzing code repositories, performing security scans, and assessing code quality across multiple programming languages.
Last updated -
Python
MIT License
Integrates with Codecov for code coverage reporting, shown by the Codecov badge that tracks test coverage metrics.
Provides integration with GitHub for analyzing code repositories, as evidenced by the GitHub Actions workflow status badge and repository links.
Allows publishing and versioning of the Lanalyzer package through PyPI, as indicated by the PyPI version badge.
Built for Python projects with specific version requirements (3.10+), providing static taint analysis for Python code.
Lanalyzer
Lanalyzer is an advanced Python static taint analysis tool designed to detect potential security vulnerabilities in Python projects. It identifies data flows from untrusted sources (Sources) to sensitive operations (Sinks) and provides detailed insights into potential risks.
📖 Table of Contents
- ✨ Features
- 🚀 Getting Started
- 💻 Usage
- 🧩 Model Context Protocol (MCP) Support
- 🤝 Contributing
- 📄 License
- 📞 Contact
✨ Features
- Taint Analysis: Tracks data flows from sources to sinks.
- Customizable Rules: Define your own sources, sinks, sanitizers, and taint propagation paths.
- Static Analysis: No need to execute the code.
- Extensibility: Easily add new rules for detecting vulnerabilities like SQL Injection, XSS, and more.
- Detailed Reports: Generate comprehensive analysis reports with vulnerability details and mitigation suggestions.
- Command-Line Interface: Run analyses directly from the terminal.
🚀 Getting Started
Prerequisites
- Python 3.10 or higher
- uv (recommended for dependency management)
Steps
- Clone the repository:
- Create a virtual environment and install dependencies:
- Activate the virtual environment:
💻 Usage
Basic Analysis
Run a taint analysis on a Python file:
Command-Line Options
--target: Path to the Python file or directory to analyze.--config: Path to the configuration file.--output: Path to save the analysis report.--log-file: Path to save the log file.--pretty: Pretty-print the output.--detailed: Show detailed analysis statistics.--debug: Enable debug mode with detailed logging.
Example
🤝 Contributing
We welcome contributions! Please see the CONTRIBUTING.md file for guidelines on how to contribute to Lanalyzer.
📄 License
This project is licensed under the GNU Affero General Public License v3.0. See the LICENSE file for details.
📞 Contact
Contact
- Issues: GitHub Issues
- Email: support@mx-crafts.com
🧩 Model Context Protocol (MCP) Support
Lanalyzer now supports the Model Context Protocol (MCP), allowing it to run as an MCP server that AI models and tools can use to access taint analysis functionality through a standard interface.
Installing MCP Dependencies
If you're using pip:
If you're using uv:
Starting the MCP Server
There are multiple ways to start the MCP server:
- Using Python Module:
- Using the lanalyzer Command-Line Tool:
MCP Server Features
The MCP server provides the following core functionalities:
- Code Analysis: Analyze Python code strings for security vulnerabilities
- File Analysis: Analyze specific files for security vulnerabilities
- Path Analysis: Analyze entire directories or projects for security vulnerabilities
- Vulnerability Explanation: Provide detailed explanations of discovered vulnerabilities
- Configuration Management: Get, validate, and create analysis configurations
Integration with AI Tools
The MCP server can be integrated with AI tools that support the MCP protocol:
Using in Cursor
If you're working in the Cursor editor, you can directly ask the AI to use Lanalyzer to analyze your code:
MCP Command-Line Options
The MCP server supports the following command-line options:
--debug: Enable debug mode with detailed logging--host: Set the server listening address (default: 127.0.0.1)--port: Set the server listening port (default: 8000)
Advanced MCP Usage
Custom Configurations
You can use the get_config, validate_config, and create_config tools to manage vulnerability detection configurations:
Batch File Analysis
Analyze an entire project or directory:
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Provides Python code security analysis through the Model Context Protocol, enabling AI tools to detect potential vulnerabilities like SQL injection and XSS by identifying tainted data flows from untrusted sources to sensitive operations.
Related MCP Servers
- -securityAlicense-qualityA Model Context Protocol server that extracts and analyzes Python code structures, focusing on import/export relationships between files to help LLMs understand code context.Last updated -4PythonMIT License
- -securityAlicense-qualityA Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.Last updated -4TypeScriptMIT License
- -securityFlicense-qualityA comprehensive Model Context Protocol server for advanced code analysis that provides tools for syntax analysis, dependency visualization, and AI-assisted development workflow support.Last updated -3Python