OSV

Instructions

Query the OSV database for a CVE and return the fix versions.

Args:
    cve: The CVE ID to query

Returns:
    A list of fix versions

Implementation Reference

• src/server.py:153-165 (handler)

  MCP tool handler for 'query_for_cve_fix_versions'. Registers the tool and executes by delegating to OSVServer instance method. Includes input schema via type annotation and docstring.

  @mcp.tool()
  def query_for_cve_fix_versions(cve: str):
      """
      Query the OSV database for a CVE and return the fix versions.
  
      Args:
          cve: The CVE ID to query
  
      Returns:
          A list of fix versions
      """
      osv = OSVServer()
      return osv.query_for_cve_fix_versions(cve)

• src/server.py:92-98 (helper)

  Core helper method in OSVServer class implementing the query logic: fetches CVE data from OSV API and extracts fix versions using _parse_fix_versions.

  def query_for_cve_fix_versions(self, cve: str):
      """
      Query the OSV database for a CVE and return the fix versions.
      """
      data = self._query_cve(cve)
      versions = self._parse_fix_versions(data)
      return versions

• src/server.py:50-70 (helper)

  Supporting utility that parses fix version information from the OSV API response JSON.

  def _parse_fix_versions(self, data: dict):
      """
      Parse fix version strings from the OSV response.
      Extracts fix versions from the 'ranges[].events[].fixed' in the affected package data.
      
      Args:
          data: The full OSV response JSON data
          
      Returns:
          List of fixed version strings
      """
      fix_versions = []
      if 'affected' in data:
          for affected in data['affected']:
              if 'ranges' in affected:
                  for range_data in affected['ranges']:
                      if 'events' in range_data:
                          for event in range_data['events']:
                              if 'fixed' in event:
                                  fix_versions.append(event['fixed'])
      return list(set(fix_versions))  # Remove duplicates

• src/server.py:23-29 (helper)

  Helper method to query the OSV API for CVE details.

  def _query_cve(self, cve: str):
      """
      Query the OSV database for a CVE.
      """
      url = self.cve_url.format(cve_id=cve)
      response = requests.get(url)
      return response.json()