detect_security_issues
Identify and analyze security vulnerabilities in your code across multiple programming languages to enhance safety and prevent risks in software development.
Instructions
检测代码中的安全漏洞和风险
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | 要检测的代码 | |
| language | Yes | 编程语言 |
Implementation Reference
- src/index.ts:225-242 (handler)MCP tool handler for 'detect_security_issues': validates input with Zod, calls detectSecurityIssues helper, formats result as MCP content.private async handleDetectSecurityIssues(args: any) { const schema = z.object({ code: z.string(), language: z.string() }); const { code, language } = schema.parse(args); const result = await detectSecurityIssues(code, language); return { content: [ { type: 'text', text: JSON.stringify(result, null, 2) } ] }; }
- src/tools/securityScanner.ts:6-43 (helper)Core helper function implementing security issue detection logic for multiple languages using pattern matching.export async function detectSecurityIssues( code: string, language: string ): Promise<SecurityScanResult> { const issues: SecurityIssue[] = []; // 通用安全检测 await detectCommonSecurityIssues(code, language, issues); // 语言特定安全检测 switch (language.toLowerCase()) { case 'javascript': case 'typescript': await detectJavaScriptSecurityIssues(code, issues); break; case 'python': await detectPythonSecurityIssues(code, issues); break; case 'java': await detectJavaSecurityIssues(code, issues); break; case 'sql': await detectSQLSecurityIssues(code, issues); break; } return { language, totalIssues: issues.length, criticalIssues: issues.filter(i => i.severity === 'critical').length, highIssues: issues.filter(i => i.severity === 'high').length, mediumIssues: issues.filter(i => i.severity === 'medium').length, lowIssues: issues.filter(i => i.severity === 'low').length, issues, recommendations: generateSecurityRecommendations(issues), riskScore: calculateRiskScore(issues) }; }
- src/index.ts:89-106 (registration)Tool registration in ListTools response, including name, description, and input schema.{ name: 'detect_security_issues', description: '检测代码中的安全漏洞和风险', inputSchema: { type: 'object', properties: { code: { type: 'string', description: '要检测的代码' }, language: { type: 'string', description: '编程语言' } }, required: ['code', 'language'] } },
- src/index.ts:226-229 (schema)Runtime input validation schema using Zod in the handler.const schema = z.object({ code: z.string(), language: z.string() });
- src/index.ts:92-105 (schema)Declared input schema for the tool in registration.inputSchema: { type: 'object', properties: { code: { type: 'string', description: '要检测的代码' }, language: { type: 'string', description: '编程语言' } }, required: ['code', 'language'] }