check_cve
Identify security vulnerabilities and support status for specified software products and versions, aiding in proactive risk management and lifecycle planning.
Instructions
Scan for known security vulnerabilities and support status
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| product | Yes | Software product name | |
| vendor | No | Software vendor (optional) | |
| version | Yes | Version to check for vulnerabilities |
Input Schema (JSON Schema)
{
"properties": {
"product": {
"description": "Software product name",
"examples": [
"python",
"nodejs"
],
"type": "string"
},
"vendor": {
"description": "Software vendor (optional)",
"examples": [
"canonical",
"redhat"
],
"type": "string"
},
"version": {
"description": "Version to check for vulnerabilities",
"examples": [
"3.8.0",
"16.13.0"
],
"type": "string"
}
},
"required": [
"product",
"version"
],
"type": "object"
}
Implementation Reference
- src/index.ts:681-724 (handler)The handler function that executes the logic for the 'check_cve' tool. It fetches end-of-life data for the product from the API, matches the version, and returns a security status based on the support field.private async handleCheckCVE(args: CVECheckArgs) { const { product, version, vendor } = args; try { const response = await this.axiosInstance.get(`/${product}.json`); const cycles = response.data as EOLCycle[]; const matchingCycle = cycles.find(cycle => cycle.cycle.startsWith(version)); if (!matchingCycle) { return { content: [{ type: "text", text: `Version ${version} not found for ${product}` }], isError: true }; } // For now, return basic EOL info since we removed Snyk return { content: [{ type: "text", text: JSON.stringify({ product, version, vendor, cycle: matchingCycle, securityStatus: matchingCycle.support ? 'supported' : 'unsupported' }, null, 2) }] }; } catch (error) { if (axios.isAxiosError(error)) { return { content: [{ type: "text", text: `API error: ${error.response?.data?.message ?? error.message}` }], isError: true }; } throw error; } }
- src/types.ts:91-107 (schema)TypeScript interface and type guard function defining the input schema and validation for the 'check_cve' tool arguments.export interface CVECheckArgs { product: string; version: string; vendor?: string; } export function isValidCVECheckArgs(args: any): args is CVECheckArgs { return ( typeof args === "object" && args !== null && "product" in args && typeof args.product === "string" && "version" in args && typeof args.version === "string" && (args.vendor === undefined || typeof args.vendor === "string") ); }
- src/index.ts:304-328 (registration)Registration of the 'check_cve' tool in the ListToolsRequestSchema response, including its description and input schema.{ name: "check_cve", description: "Scan for known security vulnerabilities and support status", inputSchema: { type: "object", properties: { product: { type: "string", description: "Software product name", examples: ["python", "nodejs"] }, version: { type: "string", description: "Version to check for vulnerabilities", examples: ["3.8.0", "16.13.0"] }, vendor: { type: "string", description: "Software vendor (optional)", examples: ["canonical", "redhat"] } }, required: ["product", "version"] } },
- src/index.ts:398-405 (registration)Dispatch logic in the CallToolRequestSchema handler that validates input using isValidCVECheckArgs and calls the handleCheckCVE method.case "check_cve": if (!isValidCVECheckArgs(args)) { throw new McpError( ErrorCode.InvalidParams, "Invalid CVE check arguments" ); } return this.handleCheckCVE(args);