AuditShield
БесплатноНе проверенA three-layer MCP server that filters false positives from static analysis tools like Semgrep, Bandit, and Gosec using rule-based, context-aware, and ML-based f
Описание
A three-layer MCP server that filters false positives from static analysis tools like Semgrep, Bandit, and Gosec using rule-based, context-aware, and ML-based filtering to reduce false positives in code audit results.
README
代码审计误报过滤MCP服务器,通过三层过滤架构显著降低静态分析工具的误报率。
特性
三层过滤架构
L1: 规则过滤 - 基于白名单/黑名单的快速过滤
- 规则ID过滤
- 文件路径模式匹配
- 代码模式匹配
- 严重程度过滤
L2: 上下文分析 - 死代码检测、安全守卫识别
- 死代码路径检测
- 安全守卫措施识别
- 输入验证逻辑分析
- 数据流分析
L3: ML置信度评分 - 机器学习模型评估
- 特征提取
- 模型训练与推理
- 置信度评分
支持的扫描工具
- Semgrep (主力,支持Go/Python/多语言)
- Bandit (Python专用)
- Gosec (Go专用)
安装
1. 克隆仓库
git clone https://github.com/your-repo/code-audit-fp-filter.git
cd code-audit-fp-filter
2. 安装依赖
pip install -r requirements.txt
3. 配置
复制示例配置文件:
cp config.json.example config.json
编辑 config.json 根据需要调整配置。
使用
作为MCP服务器运行
stdio模式(推荐)
python main.py --transport stdio
SSE模式
python main.py --transport sse --port 8000
在MCP客户端中配置
在MCP配置文件中添加:
{
"mcpServers": {
"code-audit-fp": {
"command": "python",
"args": ["/path/to/code-audit-fp-filter/main.py", "--transport", "stdio"],
"env": {
"CONFIG_PATH": "/path/to/config.json"
}
}
}
}
调用示例
过滤误报
# 通过MCP客户端调用
result = await mcp_client.call_tool(
"filter_false_positives",
scan_results=[
{
"tool": "semgrep",
"rule_id": "python.lang.security.injection.sql-injection",
"file": "app/database.py",
"line": 42,
"code": "cursor.execute(user_input)",
"severity": "ERROR",
"message": "SQL injection vulnerability"
}
],
source_code_dir="/path/to/project",
filter_level="all",
confidence_threshold=0.7
)
分析代码上下文
result = await mcp_client.call_tool(
"analyze_code_context",
file_path="app/database.py",
line_number=42,
context_lines=10,
check_types=["dead_code", "security_guards", "input_validation"]
)
训练模型
result = await mcp_client.call_tool(
"train_false_positive_model",
training_data=[
{
"features": {
"rule_confidence": 0.8,
"severity_score": 1.0,
"code_complexity": 0.6,
"data_flow_length": 5,
"has_security_guards": 0.0,
"has_input_validation": 0.0,
"is_test_code": 0.0,
"file_depth": 3,
"line_count": 1
},
"is_false_positive": False
}
],
model_type="random_forest",
validation_split=0.2
)
配置说明
规则过滤配置
{
"rule_filter": {
"enabled": true,
"global_whitelist": [
{
"file_pattern": "*/test/*",
"reason": "测试代码",
"confidence": 0.9
}
],
"global_blacklist": [
{
"file_pattern": "*/production/*",
"reason": "生产环境代码",
"confidence": 0.9
}
]
}
}
上下文过滤配置
{
"context_filter": {
"enabled": true,
"security_guard_keywords": ["sanitize", "escape", "validate"],
"input_validation_keywords": ["isinstance", "len", "range"],
"false_positive_threshold": 0.5
}
}
ML过滤配置
{
"ml_filter": {
"enabled": true,
"model_path": "models/false_positive_model.pkl",
"onnx_model_path": "models/false_positive_model.onnx",
"confidence_threshold": 0.7
}
}
开发
项目结构
code-audit-false-positive-filter/
├── code_audit_fp/
│ ├── __init__.py
│ ├── server.py # MCP服务器实现
│ ├── models.py # 数据模型
│ └── filters/
│ ├── __init__.py
│ ├── base.py # 过滤器基类
│ ├── rule_filter.py # L1规则过滤器
│ ├── context_filter.py # L2上下文过滤器
│ └── ml_filter.py # L3 ML过滤器
├── main.py # 入口点
├── requirements.txt # 依赖
├── config.json # 配置文件
└── README.md # 说明文档
添加新的过滤规则
- 在
config.json中添加规则 - 实现规则逻辑在
filters/rule_filter.py - 添加单元测试
训练自定义ML模型
from code_audit_fp.filters import MLFilter
ml_filter = MLFilter(config)
result = await ml_filter.train_model(
training_data=your_training_data,
model_type="random_forest",
validation_split=0.2
)
性能指标
在4核4G环境下的性能基准:
- L1规则过滤: ~1000条/秒
- L2上下文分析: ~100条/秒
- L3 ML推理: ~50条/秒
- 内存占用: <500MB (含ML模型)
许可证
MIT License
贡献
欢迎提交Issue和Pull Request!
Установка AuditShield
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/hujiaozhuzhu/AuditShieldFAQ
AuditShield MCP бесплатный?
Да, AuditShield MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для AuditShield?
Нет, AuditShield работает без API-ключей и переменных окружения.
AuditShield — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить AuditShield в Claude Desktop, Claude Code или Cursor?
Открой AuditShield на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare AuditShield with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
