Skip to main content
Glama

Lanalyzer MCP Server

by bayuncao

Lanalyzer

Lanalyzer

Lanalyzer is an advanced Python static taint analysis tool designed to detect potential security vulnerabilities in Python projects. It identifies data flows from untrusted sources (Sources) to sensitive operations (Sinks) and provides detailed insights into potential risks.

📖 Table of Contents

✨ Features

  • Taint Analysis: Tracks data flows from sources to sinks.
  • Customizable Rules: Define your own sources, sinks, sanitizers, and taint propagation paths.
  • Static Analysis: No need to execute the code.
  • Extensibility: Easily add new rules for detecting vulnerabilities like SQL Injection, XSS, and more.
  • Detailed Reports: Generate comprehensive analysis reports with vulnerability details and mitigation suggestions.
  • Command-Line Interface: Run analyses directly from the terminal.

🚀 Getting Started

Prerequisites

  • Python 3.10 or higher
  • uv (recommended for dependency management)

Installation

# Using pip pip install lanalyzer # Using uv (recommended) uv add lanalyzer # With MCP support uv add lanalyzer[mcp]
Option 2: Install from Source
  1. Clone the repository:
    git clone https://github.com/mxcrafts/lanalyzer.git cd lanalyzer
  2. Install dependencies:
    # Install basic dependencies make install # Install with development dependencies make install-dev # Install with MCP support make install-mcp # Install everything (dev + MCP) make install-all

💻 Usage

Basic Analysis

Run a taint analysis on a Python file:

lanalyzer --target <target_file> --config <config_file> --pretty --output <output_file> --log-file <log_file> --debug

Command-Line Options

  • --target: Path to the Python file or directory to analyze.
  • --config: Path to the configuration file.
  • --output: Path to save the analysis report.
  • --log-file: Path to save the log file.
  • --pretty: Pretty-print the output.
  • --detailed: Show detailed analysis statistics.
  • --debug: Enable debug mode with detailed logging.

Example

lanalyzer --target example.py --config rules/sql_injection.json --pretty --output example_analysis.json --log-file example_analysis.log --debug

🤝 Contributing

We welcome contributions! Please see the CONTRIBUTING.md file for guidelines on how to contribute to Lanalyzer.

For development setup, building, and publishing instructions, see DEVELOPMENT.md.

📄 License

This project is licensed under the GNU Affero General Public License v3.0. See the LICENSE file for details.

📞 Contact

Contact

🧩 Model Context Protocol (MCP) Support

Lanalyzer now supports the Model Context Protocol (MCP), allowing it to run as an MCP server that AI models and tools can use to access taint analysis functionality through a standard interface.

Installing MCP Dependencies

If you're using pip:

pip install "lanalyzer[mcp]"

If you're using uv:

uv add lanalyzer[mcp]

Starting the MCP Server

There are multiple ways to start the MCP server:

  1. Using Python Module:
# View help information python -m lanalyzer.mcp --help # Start the server (default port 8001) python -m lanalyzer.mcp run --port 8001 --debug
  1. Using the lanalyzer Command-Line Tool:
# View help information lanalyzer mcp --help # Start the server (default port 8000) lanalyzer mcp run --port 8000 --debug # Use development mode lanalyzer mcp dev
  1. Using Makefile (Recommended for Development):
# Start MCP server make mcp-server # Start MCP server with debug mode make mcp-server-debug # Test MCP CLI make mcp-test

MCP Server Features

The MCP server provides the following core functionalities:

  1. Code Analysis: Analyze Python code strings for security vulnerabilities
  2. File Analysis: Analyze specific files for security vulnerabilities
  3. Path Analysis: Analyze entire directories or projects for security vulnerabilities
  4. Vulnerability Explanation: Provide detailed explanations of discovered vulnerabilities
  5. Configuration Management: Get, validate, and create analysis configurations

For detailed MCP API documentation, see MCP Tools Reference.

Integration with AI Tools

The MCP server can be integrated with AI tools that support the MCP protocol:

# Using the FastMCP client from fastmcp import FastMCPClient # Create a client connected to the server client = FastMCPClient("http://127.0.0.1:8000") # Analyze code result = client.call({ "type": "analyze_code", "code": "user_input = input()\nquery = f\"SELECT * FROM users WHERE name = '{user_input}'\"", "file_path": "example.py", "config_path": "/path/to/config.json" }) # Print analysis results print(result)

Using in Cursor

If you're working in the Cursor editor, you can directly ask the AI to use Lanalyzer to analyze your code:

Please use lanalyzer to analyze the current file for security vulnerabilities and explain the potential risks.

MCP Command-Line Options

The MCP server supports the following command-line options:

For python -m lanalyzer.mcp run:

  • --debug: Enable debug mode with detailed logging
  • --host: Set the server listening address (default: 127.0.0.1)
  • --port: Set the server listening port (default: 8001)
  • --transport: Transport protocol (sse or streamable-http)

For lanalyzer mcp run:

  • --debug: Enable debug mode
  • --port: Set the server listening port (default: 8000)

Advanced MCP Usage

Custom Configurations

You can use the get_config, validate_config, and create_config tools to manage vulnerability detection configurations:

# Get the default configuration config = client.call({ "type": "get_config" }) # Create a new configuration result = client.call({ "type": "create_config", "config_data": {...}, # Configuration data "config_path": "/path/to/save/config.json" # Optional })
Batch File Analysis

Analyze an entire project or directory:

result = client.call({ "type": "analyze_path", "target_path": "/path/to/project", "config_path": "/path/to/config.json", "output_path": "/path/to/output.json" # Optional })

📊 Analysis Results Format

The analysis results are returned in JSON format with the following main sections:

  • vulnerabilities: List of detected security vulnerabilities
  • call_chains: Data flow paths from sources to sinks
  • summary: Analysis statistics and overview
  • imports: Import information for analyzed files

For detailed format specification, see Output Format Documentation.

-
security - not tested
A
license - permissive license
-
quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Provides Python code security analysis through the Model Context Protocol, enabling AI tools to detect potential vulnerabilities like SQL injection and XSS by identifying tainted data flows from untrusted sources to sensitive operations.

  1. 📖 Table of Contents
    1. ✨ Features
      1. 🚀 Getting Started
        1. Prerequisites
        2. Installation
      2. 💻 Usage
        1. Basic Analysis
        2. Command-Line Options
        3. Example
      3. 🤝 Contributing
        1. 📄 License
          1. 📞 Contact
            1. Contact
          2. 🧩 Model Context Protocol (MCP) Support
            1. Installing MCP Dependencies
            2. Starting the MCP Server
            3. MCP Server Features
            4. Integration with AI Tools
            5. Using in Cursor
            6. MCP Command-Line Options
            7. Advanced MCP Usage
          3. 📊 Analysis Results Format

            Related MCP Servers

            • -
              security
              A
              license
              -
              quality
              A Model Context Protocol tool for analyzing code repositories, performing security scans, and assessing code quality across multiple programming languages.
              Last updated -
              Python
              MIT License
              • Apple
              • Linux
            • -
              security
              A
              license
              -
              quality
              A Model Context Protocol server that extracts and analyzes Python code structures, focusing on import/export relationships between files to help LLMs understand code context.
              Last updated -
              4
              Python
              MIT License
            • -
              security
              A
              license
              -
              quality
              A Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.
              Last updated -
              4
              TypeScript
              MIT License
              • Linux
              • Apple
            • A
              security
              F
              license
              A
              quality
              A comprehensive Model Context Protocol server for advanced code analysis that provides tools for syntax analysis, dependency visualization, and AI-assisted development workflow support.
              Last updated -
              28
              3
              Python

            View all related MCP servers

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/bayuncao/lanalyzer'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server