security_check
Analyze code for security vulnerabilities in WordPress projects using predefined rules. Ensure compliance and improve code quality by identifying potential risks.
Instructions
Perform security analysis on code using configured security rules
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | The code to check for security issues |
Implementation Reference
- src/guidelines-manager.ts:40-53 (registration)Registration of the 'security_check' tool in the getTools() method, including name, description, and input schema.{ name: 'security_check', description: 'Perform security analysis on code using configured security rules', inputSchema: { type: 'object', properties: { code: { type: 'string', description: 'The code to check for security issues', }, }, required: ['code'], }, },
- src/guidelines-manager.ts:171-204 (handler)Main handler for security_check tool: calls guidelineSource.performSecurityCheck and formats results into MCP response.private async performSecurityCheck(code: string) { try { const result = await this.guidelineSource.performSecurityCheck(code); const response = []; if (result.vulnerabilities.length > 0) { response.push(`🚨 **Vulnerabilities Found:**\n${result.vulnerabilities.map(vuln => `- ${vuln}`).join('\n')}`); } if (result.warnings.length > 0) { response.push(`⚠️ **Warnings:**\n${result.warnings.map(warning => `- ${warning}`).join('\n')}`); } if (result.recommendations.length > 0) { response.push(`💡 **Recommendations:**\n${result.recommendations.map(rec => `- ${rec}`).join('\n')}`); } if (response.length === 0) { response.push('✅ Security check passed. No obvious vulnerabilities detected.'); } return { content: [ { type: 'text', text: response.join('\n\n'), }, ], }; } catch (error) { throw new Error(`Security check failed: ${error instanceof Error ? error.message : 'Unknown error'}`); } }
- src/guidelines-source-factory.ts:57-60 (handler)GuidelineSource implementation of performSecurityCheck: fetches security rules and parses them against the code.async performSecurityCheck(code: string): Promise<{ vulnerabilities: string[]; warnings: string[]; recommendations: string[] }> { const securityGuidelines = await this.fetchGuidelines('security-rules'); return this.parseSecurityRules(securityGuidelines, code); }
- Core helper that extracts security rules from markdown guidelines and categorizes matches into vulnerabilities, warnings, or recommendations using pattern matching.private parseSecurityRules(guidelines: string, code: string): { vulnerabilities: string[]; warnings: string[]; recommendations: string[] } { const vulnerabilities: string[] = []; const warnings: string[] = []; const recommendations: string[] = []; const rules = this.extractRules(guidelines, 'SECURITY_RULES'); for (const rule of rules) { const result = this.applySecurityRule(rule, code); if (result.level === 'CRITICAL' || result.level === 'HIGH') { vulnerabilities.push(`${result.level}: ${result.message}`); } else if (result.level === 'MEDIUM') { warnings.push(`${result.level}: ${result.message}`); } else if (result.level === 'INFO') { recommendations.push(result.message); } } return { vulnerabilities, warnings, recommendations }; }
- Type definition (schema) for the GuidelineSource interface, including the performSecurityCheck method signature.export interface GuidelineSource { fetchGuidelines(category?: string): Promise<string>; validateCode(code: string, language: string): Promise<{ issues: string[]; suggestions: string[] }>; performSecurityCheck(code: string): Promise<{ vulnerabilities: string[]; warnings: string[]; recommendations: string[] }>; }