Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

AuditShield

БесплатноНе проверен

A three-layer MCP server that filters false positives from static analysis tools like Semgrep, Bandit, and Gosec using rule-based, context-aware, and ML-based f

GitHubEmbed

Описание

A three-layer MCP server that filters false positives from static analysis tools like Semgrep, Bandit, and Gosec using rule-based, context-aware, and ML-based filtering to reduce false positives in code audit results.

README

代码审计误报过滤MCP服务器,通过三层过滤架构显著降低静态分析工具的误报率。

特性

三层过滤架构

  1. L1: 规则过滤 - 基于白名单/黑名单的快速过滤

    • 规则ID过滤
    • 文件路径模式匹配
    • 代码模式匹配
    • 严重程度过滤
  2. L2: 上下文分析 - 死代码检测、安全守卫识别

    • 死代码路径检测
    • 安全守卫措施识别
    • 输入验证逻辑分析
    • 数据流分析
  3. L3: ML置信度评分 - 机器学习模型评估

    • 特征提取
    • 模型训练与推理
    • 置信度评分

支持的扫描工具

  • Semgrep (主力,支持Go/Python/多语言)
  • Bandit (Python专用)
  • Gosec (Go专用)

安装

1. 克隆仓库

git clone https://github.com/your-repo/code-audit-fp-filter.git
cd code-audit-fp-filter

2. 安装依赖

pip install -r requirements.txt

3. 配置

复制示例配置文件:

cp config.json.example config.json

编辑 config.json 根据需要调整配置。

使用

作为MCP服务器运行

stdio模式(推荐)

python main.py --transport stdio

SSE模式

python main.py --transport sse --port 8000

在MCP客户端中配置

在MCP配置文件中添加:

{
  "mcpServers": {
    "code-audit-fp": {
      "command": "python",
      "args": ["/path/to/code-audit-fp-filter/main.py", "--transport", "stdio"],
      "env": {
        "CONFIG_PATH": "/path/to/config.json"
      }
    }
  }
}

调用示例

过滤误报

# 通过MCP客户端调用
result = await mcp_client.call_tool(
    "filter_false_positives",
    scan_results=[
        {
            "tool": "semgrep",
            "rule_id": "python.lang.security.injection.sql-injection",
            "file": "app/database.py",
            "line": 42,
            "code": "cursor.execute(user_input)",
            "severity": "ERROR",
            "message": "SQL injection vulnerability"
        }
    ],
    source_code_dir="/path/to/project",
    filter_level="all",
    confidence_threshold=0.7
)

分析代码上下文

result = await mcp_client.call_tool(
    "analyze_code_context",
    file_path="app/database.py",
    line_number=42,
    context_lines=10,
    check_types=["dead_code", "security_guards", "input_validation"]
)

训练模型

result = await mcp_client.call_tool(
    "train_false_positive_model",
    training_data=[
        {
            "features": {
                "rule_confidence": 0.8,
                "severity_score": 1.0,
                "code_complexity": 0.6,
                "data_flow_length": 5,
                "has_security_guards": 0.0,
                "has_input_validation": 0.0,
                "is_test_code": 0.0,
                "file_depth": 3,
                "line_count": 1
            },
            "is_false_positive": False
        }
    ],
    model_type="random_forest",
    validation_split=0.2
)

配置说明

规则过滤配置

{
  "rule_filter": {
    "enabled": true,
    "global_whitelist": [
      {
        "file_pattern": "*/test/*",
        "reason": "测试代码",
        "confidence": 0.9
      }
    ],
    "global_blacklist": [
      {
        "file_pattern": "*/production/*",
        "reason": "生产环境代码",
        "confidence": 0.9
      }
    ]
  }
}

上下文过滤配置

{
  "context_filter": {
    "enabled": true,
    "security_guard_keywords": ["sanitize", "escape", "validate"],
    "input_validation_keywords": ["isinstance", "len", "range"],
    "false_positive_threshold": 0.5
  }
}

ML过滤配置

{
  "ml_filter": {
    "enabled": true,
    "model_path": "models/false_positive_model.pkl",
    "onnx_model_path": "models/false_positive_model.onnx",
    "confidence_threshold": 0.7
  }
}

开发

项目结构

code-audit-false-positive-filter/
├── code_audit_fp/
│   ├── __init__.py
│   ├── server.py          # MCP服务器实现
│   ├── models.py          # 数据模型
│   └── filters/
│       ├── __init__.py
│       ├── base.py        # 过滤器基类
│       ├── rule_filter.py # L1规则过滤器
│       ├── context_filter.py # L2上下文过滤器
│       └── ml_filter.py   # L3 ML过滤器
├── main.py                # 入口点
├── requirements.txt       # 依赖
├── config.json            # 配置文件
└── README.md              # 说明文档

添加新的过滤规则

  1. config.json 中添加规则
  2. 实现规则逻辑在 filters/rule_filter.py
  3. 添加单元测试

训练自定义ML模型

from code_audit_fp.filters import MLFilter

ml_filter = MLFilter(config)
result = await ml_filter.train_model(
    training_data=your_training_data,
    model_type="random_forest",
    validation_split=0.2
)

性能指标

在4核4G环境下的性能基准:

  • L1规则过滤: ~1000条/秒
  • L2上下文分析: ~100条/秒
  • L3 ML推理: ~50条/秒
  • 内存占用: <500MB (含ML模型)

许可证

MIT License

贡献

欢迎提交Issue和Pull Request!

from github.com/hujiaozhuzhu/AuditShield

Установка AuditShield

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/hujiaozhuzhu/AuditShield

FAQ

AuditShield MCP бесплатный?

Да, AuditShield MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для AuditShield?

Нет, AuditShield работает без API-ключей и переменных окружения.

AuditShield — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить AuditShield в Claude Desktop, Claude Code или Cursor?

Открой AuditShield на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare AuditShield with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development