analyze_permissions
Analyze file permissions and access control issues to identify security vulnerabilities and configuration problems in development workflows.
Instructions
Analyze file permissions and access control issues
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| files | Yes | File paths to analyze |
Implementation Reference
- src/tools/code-analysis.ts:104-113 (handler)The main handler logic for the 'analyze_permissions' tool. Reads specified files, scans for security issues, filters those with type 'permission', and returns count and details.case 'analyze_permissions': { const files = params.files as string[]; const codeFiles = await FileReader.readFiles(files.join(',')); const issues = await securityAnalyzer.scanSecurityIssues(codeFiles); const permissionIssues = issues.filter((i) => i.type === 'permission'); return { total: permissionIssues.length, issues: permissionIssues, }; }
- src/tools/code-analysis.ts:36-50 (schema)Tool schema definition specifying name, description, and input schema requiring an array of file paths.{ name: 'analyze_permissions', description: 'Analyze file permissions and access control issues', inputSchema: { type: 'object', properties: { files: { type: 'array', items: { type: 'string' }, description: 'File paths to analyze', }, }, required: ['files'], }, },
- src/server.ts:18-25 (registration)Registers the 'analyze_permissions' tool by including codeAnalysisTools in the complete list of available tools returned by ListToolsRequestSchema.const allTools = [ ...codeAnalysisTools, ...codeQualityTools, ...dependencyAnalysisTools, ...lintingTools, ...webScrapingTools, ...apiDiscoveryTools, ];
- src/server.ts:62-63 (registration)Routes execution of 'analyze_permissions' tool calls to the handleCodeAnalysisTool function.if (codeAnalysisTools.some((t) => t.name === name)) { result = await handleCodeAnalysisTool(name, args || {});
- Core logic that identifies permission issues by detecting file system operations without accompanying permission checks.private detectPermissionIssues(file: CodeFile): SecurityIssue[] { const issues: SecurityIssue[] = []; const content = file.content.toLowerCase(); // File system operations without permission checks if (content.includes('fs.writefile') || content.includes('fs.unlink')) { if (!content.includes('permission') && !content.includes('access')) { issues.push({ type: 'permission', severity: 'medium', location: file.path, description: 'File system operations without permission checks', recommendation: 'Add permission checks before file operations', detectedAt: new Date(), }); } } return issues;