analyze_request
Analyzes HTTP requests to detect security threats like SQL injection, XSS, path traversal, and command injection patterns.
Instructions
Analyze an HTTP request for potential attacks. Detects SQL injection, XSS, path traversal, command injection, and other attack patterns.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| method | Yes | HTTP method (GET, POST, etc.). | |
| path | Yes | Request path (e.g., '/api/users'). | |
| query_params | No | Query parameters as key-value pairs. | |
| headers | No | Request headers as key-value pairs. | |
| body | No | Request body content. | |
| source_ip | No | Source IP address of the request. |
Implementation Reference
- The main handler function `handle_analyze_request` that executes the tool logic. It analyzes HTTP requests for potential security attacks including SQL injection, XSS, path traversal, and command injection using the AttackDetector from security-use sensor module.
async def handle_analyze_request(arguments: dict[str, Any]) -> list[TextContent]: """ Analyze an HTTP request for potential attacks. Uses the AttackDetector to check for SQL injection, XSS, path traversal, command injection, and other attack patterns. Args: arguments: Tool arguments containing: - method (required): HTTP method (GET, POST, etc.) - path (required): Request path - query_params (optional): Query parameters dict - headers (optional): Request headers dict - body (optional): Request body string - source_ip (optional): Source IP address Returns: List of TextContent with attack analysis results """ method = arguments.get("method") path = arguments.get("path") query_params = arguments.get("query_params", {}) headers = arguments.get("headers", {}) body = arguments.get("body") source_ip = arguments.get("source_ip", "unknown") if not method: return [TextContent(type="text", text="Error: `method` is required")] if not path: return [TextContent(type="text", text="Error: `path` is required")] try: from security_use.sensor import AttackDetector, RequestData detector = AttackDetector( enabled_detectors=[ "sqli", "xss", "path_traversal", "command_injection", "suspicious_headers", ] ) request = RequestData( method=method.upper(), path=path, query_params=query_params, headers=headers, body=body, source_ip=source_ip, ) events = await asyncio.to_thread(detector.analyze_request, request) output_lines = [ "## Request Security Analysis", "", f"**Method**: {method.upper()}", f"**Path**: {path}", f"**Source IP**: {source_ip}", "", ] if not events: output_lines.extend( [ "### Result: No Threats Detected", "", "The request does not contain any obvious attack patterns.", ] ) else: output_lines.extend( [ f"### ⚠️ {len(events)} Potential Threat(s) Detected", "", ] ) for event in events: severity_icon = ( "🔴" if event.severity == "CRITICAL" else "🟠" if event.severity == "HIGH" else "🟡" if event.severity == "MEDIUM" else "🟢" ) output_lines.extend( [ f"#### {severity_icon} {event.event_type.value.upper()}", f"- **Severity**: {event.severity}", f"- **Confidence**: {event.confidence:.0%}", f"- **Description**: {event.description}", f"- **Location**: {event.matched_pattern.location}", ] ) if event.matched_pattern.field: output_lines.append(f"- **Field**: {event.matched_pattern.field}") if event.matched_pattern.matched_value: output_lines.append( f"- **Matched Value**: `{event.matched_pattern.matched_value[:100]}`" ) output_lines.append("") output_lines.extend( [ "### Recommendations", "", "1. Block this request if in production", "2. Log the source IP for monitoring", "3. Consider rate limiting the source", "4. Review application input validation", ] ) return [TextContent(type="text", text="\n".join(output_lines))] except ImportError: return [ TextContent( type="text", text=( "Error: security-use sensor module not available.\n\n" "Please ensure security-use is installed: pip install security-use" ), ) ] except Exception as e: return [TextContent(type="text", text=f"Error analyzing request: {str(e)}")] - Tool definition and input schema for 'analyze_request'. Defines the tool name, description, and JSON schema for input parameters including method (required), path (required), and optional query_params, headers, body, and source_ip.
name="analyze_request", description=( "Analyze an HTTP request for potential attacks. " "Detects SQL injection, XSS, path traversal, command injection, " "and other attack patterns." ), inputSchema={ "type": "object", "properties": { "method": { "type": "string", "description": "HTTP method (GET, POST, etc.).", }, "path": { "type": "string", "description": "Request path (e.g., '/api/users').", }, "query_params": { "type": "object", "description": "Query parameters as key-value pairs.", }, "headers": { "type": "object", "description": "Request headers as key-value pairs.", }, "body": { "type": "string", "description": "Request body content.", }, "source_ip": { "type": "string", "description": "Source IP address of the request.", }, }, "required": ["method", "path"], }, - src/security_use_mcp/server.py:535-535 (registration)Registration mapping that associates the tool name 'analyze_request' to its handler function `handle_analyze_request` in the handlers dictionary.
"analyze_request": handle_analyze_request, - src/security_use_mcp/handlers/__init__.py:9-19 (registration)Export of `handle_analyze_request` from sensor_handler module, making it available for import by the server.
from .sensor_handler import ( handle_acknowledge_alert, handle_analyze_request, handle_block_ip, handle_configure_sensor, handle_detect_vulnerable_endpoints, handle_get_alert_details, handle_get_blocked_ips, handle_get_security_alerts, handle_get_sensor_config, ) - src/security_use_mcp/server.py:17-17 (registration)Import of `handle_analyze_request` from the handlers module into the server module.
handle_analyze_request,