codebadger
Verified Safeby Lekssays
Overview
Static code analysis Model Context Protocol (MCP) server utilizing Joern's Code Property Graph (CPG) technology to provide structural and security analysis for various programming languages.
Installation
python main.py &Environment Variables
- MCP_HOST
- MCP_PORT
- MCP_LOG_LEVEL
- JOERN_BINARY_PATH
- JOERN_MEMORY_LIMIT
- JOERN_JAVA_OPTS
- CPG_GENERATION_TIMEOUT
- MAX_REPO_SIZE_MB
- QUERY_TIMEOUT
- QUERY_CACHE_ENABLED
- QUERY_CACHE_TTL
- WORKSPACE_ROOT
- CLEANUP_ON_SHUTDOWN
Security Notes
The server's architecture promotes isolation by running the core Joern static analysis engine within a separate Docker container, communicating via `docker exec`. The `run_cpgql_query` tool, which allows arbitrary CPGQL execution, is protected by `validate_cpgql_query` that explicitly blocks dangerous commands (e.g., `System.exit`, `Runtime.getRuntime`, `java.io.File.delete`). User-provided local paths are validated with `resolve_host_path` to prevent path traversal and access to sensitive system directories. Potential risks include resource exhaustion from overly complex CPGQL queries (mitigated by timeouts) or vulnerabilities within the Joern engine itself. No hardcoded secrets or obvious malicious patterns were found in the Python codebase.
Similar Servers
ls-mcp
A command-line tool for discovering, analyzing, and reporting on Model Context Protocol (MCP) server configurations in a local development environment, including their status, versioning, and potential credential exposures.
mcp-reference
A reference processing tool for Markdown documents, providing automated reference extraction, citation renumbering, bibliography generation, and related literature recommendation functions, integrated via Model Context Protocol (MCP) into Trae IDE.
firemcp
Enables AI agents and LLMs to securely interact with Firestore databases through a Model Context Protocol (MCP) server, offering complete CRUD and query operations.
mela-cp
This is likely a server or tool related to the Minecraft Client Protocol (MCP), potentially for managing a Minecraft server or developing Minecraft-related applications.