bug-buster-ai
by dilettacal
Overview
A cybersecurity AI agent that analyzes Python code for vulnerabilities using OpenAI's LLMs and Semgrep, deployable on Azure and GCP.
Installation
docker build -t bug-buster . && docker run --rm --name bug-buster -p 8000:8000 --env-file .env bug-busterEnvironment Variables
- OPENAI_API_KEY
- SEMGREP_APP_TOKEN
- ENVIRONMENT
Security Notes
The `backend/airline.py` file, which is part of the provided source code, contains a `calculate` function that uses `eval(expr)`. If this function were exposed to untrusted user input, it would be a severe remote code execution vulnerability. While `backend/server.py` (the core API) does not appear to directly use this `airline.py` file, its presence in the repository's backend makes it a significant security risk if the architecture were ever changed or if `airline.py` were invoked in an insecure context. Other aspects, like handling API keys via Key Vault and OIDC for deployment, are good practices. Diagnostic endpoints `/network-test` and `/semgrep-test` provide system information, which could be a minor information disclosure risk, but are common for health checks.
Similar Servers
zenfeed
An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.
cupertino
Cupertino is an Apple Documentation Crawler & MCP Server that provides accurate, up-to-date Apple API documentation and sample code to AI agents and developers for offline and AI-assisted development.
mcp-server-computer
This server acts as a Spring AI MCP Server component to provide cross-platform computer configuration information (OS, user, Java, and platform-specific details) to an AI agent.
meds-mcp
A Medical Context Protocol (MCP) server for retrieving and analyzing de-identified patient EHR data, facilitating LLM-powered chat interaction and evidence review with medical ontologies and faceted search.