check_security_compliance
Analyze code for security vulnerabilities and compliance issues including secrets, injection, XSS, authentication, cryptography, and validation checks.
Instructions
Check code for security vulnerabilities and compliance
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | Code to check for security issues | |
| checkTypes | No | Types of security checks to perform |
Implementation Reference
- Main handler function that performs comprehensive security compliance checks on code, detecting secrets, injections, XSS, auth issues, data exposure, and more.export async function checkSecurityCompliance( code: string, sensitiveOperations?: string[] ): Promise<SecurityCheckResult> { const result: SecurityCheckResult = { secure: true, violations: [], recommendations: [], }; // Check for hardcoded secrets checkHardcodedSecrets(code, result); // Check for injection vulnerabilities checkInjectionVulnerabilities(code, result); // Check for XSS vulnerabilities checkXSSVulnerabilities(code, result); // Check authentication/authorization checkAuthIssues(code, result); // Check for sensitive data exposure checkDataExposure(code, result); // Check specific sensitive operations if provided if (sensitiveOperations) { checkSensitiveOperations(code, sensitiveOperations, result); } // Additional security checks checkGeneralSecurity(code, result); // Determine if code is secure result.secure = result.violations.filter(v => v.severity === 'critical' || v.severity === 'high' ).length === 0; return result; }
- src/tools/index.ts:102-120 (registration)Registration and dispatching logic in the MCP tool handler switch statement, including Zod input validation and calling the security compliance function.case 'check_security_compliance': { const params = z.object({ code: z.string(), sensitiveOperations: z.array(z.string()).optional(), }).parse(args); const result = await checkSecurityCompliance( params.code, params.sensitiveOperations ); return { content: [ { type: 'text', text: JSON.stringify(result, null, 2), }, ], }; }
- src/tools/tool-definitions.ts:79-100 (schema)Tool definition in the list of MCP tools, including the input schema specification.{ name: 'check_security_compliance', description: 'Check code for security vulnerabilities and compliance', inputSchema: { type: 'object', properties: { code: { type: 'string', description: 'Code to check for security issues', }, checkTypes: { type: 'array', items: { type: 'string', enum: ['secrets', 'injection', 'xss', 'auth', 'crypto', 'validation'], }, description: 'Types of security checks to perform', }, }, required: ['code'], }, },
- TypeScript interface defining the output structure of the security check result.interface SecurityCheckResult { secure: boolean; violations: { severity: 'critical' | 'high' | 'medium' | 'low'; type: string; message: string; line?: number; suggestion: string; }[]; recommendations: string[]; } export async function checkSecurityCompliance( code: string, sensitiveOperations?: string[] ): Promise<SecurityCheckResult> { const result: SecurityCheckResult = { secure: true, violations: [], recommendations: [], }; // Check for hardcoded secrets checkHardcodedSecrets(code, result); // Check for injection vulnerabilities checkInjectionVulnerabilities(code, result); // Check for XSS vulnerabilities checkXSSVulnerabilities(code, result); // Check authentication/authorization checkAuthIssues(code, result); // Check for sensitive data exposure checkDataExposure(code, result); // Check specific sensitive operations if provided if (sensitiveOperations) { checkSensitiveOperations(code, sensitiveOperations, result); } // Additional security checks checkGeneralSecurity(code, result); // Determine if code is secure result.secure = result.violations.filter(v => v.severity === 'critical' || v.severity === 'high' ).length === 0; return result; }