AuditShield
A three-layer MCP server that filters false positives from static analysis tools like Semgrep, Bandit, and Gosec using rule-based, context-aware, and ML-based filtering to reduce false positives in code audit results.
README
Code Audit False Positive Filter MCP Server
代码审计误报过滤MCP服务器,通过三层过滤架构显著降低静态分析工具的误报率。
特性
三层过滤架构
-
L1: 规则过滤 - 基于白名单/黑名单的快速过滤
- 规则ID过滤
- 文件路径模式匹配
- 代码模式匹配
- 严重程度过滤
-
L2: 上下文分析 - 死代码检测、安全守卫识别
- 死代码路径检测
- 安全守卫措施识别
- 输入验证逻辑分析
- 数据流分析
-
L3: ML置信度评分 - 机器学习模型评估
- 特征提取
- 模型训练与推理
- 置信度评分
支持的扫描工具
- Semgrep (主力,支持Go/Python/多语言)
- Bandit (Python专用)
- Gosec (Go专用)
安装
1. 克隆仓库
git clone https://github.com/your-repo/code-audit-fp-filter.git
cd code-audit-fp-filter
2. 安装依赖
pip install -r requirements.txt
3. 配置
复制示例配置文件:
cp config.json.example config.json
编辑 config.json 根据需要调整配置。
使用
作为MCP服务器运行
stdio模式(推荐)
python main.py --transport stdio
SSE模式
python main.py --transport sse --port 8000
在MCP客户端中配置
在MCP配置文件中添加:
{
"mcpServers": {
"code-audit-fp": {
"command": "python",
"args": ["/path/to/code-audit-fp-filter/main.py", "--transport", "stdio"],
"env": {
"CONFIG_PATH": "/path/to/config.json"
}
}
}
}
调用示例
过滤误报
# 通过MCP客户端调用
result = await mcp_client.call_tool(
"filter_false_positives",
scan_results=[
{
"tool": "semgrep",
"rule_id": "python.lang.security.injection.sql-injection",
"file": "app/database.py",
"line": 42,
"code": "cursor.execute(user_input)",
"severity": "ERROR",
"message": "SQL injection vulnerability"
}
],
source_code_dir="/path/to/project",
filter_level="all",
confidence_threshold=0.7
)
分析代码上下文
result = await mcp_client.call_tool(
"analyze_code_context",
file_path="app/database.py",
line_number=42,
context_lines=10,
check_types=["dead_code", "security_guards", "input_validation"]
)
训练模型
result = await mcp_client.call_tool(
"train_false_positive_model",
training_data=[
{
"features": {
"rule_confidence": 0.8,
"severity_score": 1.0,
"code_complexity": 0.6,
"data_flow_length": 5,
"has_security_guards": 0.0,
"has_input_validation": 0.0,
"is_test_code": 0.0,
"file_depth": 3,
"line_count": 1
},
"is_false_positive": False
}
],
model_type="random_forest",
validation_split=0.2
)
配置说明
规则过滤配置
{
"rule_filter": {
"enabled": true,
"global_whitelist": [
{
"file_pattern": "*/test/*",
"reason": "测试代码",
"confidence": 0.9
}
],
"global_blacklist": [
{
"file_pattern": "*/production/*",
"reason": "生产环境代码",
"confidence": 0.9
}
]
}
}
上下文过滤配置
{
"context_filter": {
"enabled": true,
"security_guard_keywords": ["sanitize", "escape", "validate"],
"input_validation_keywords": ["isinstance", "len", "range"],
"false_positive_threshold": 0.5
}
}
ML过滤配置
{
"ml_filter": {
"enabled": true,
"model_path": "models/false_positive_model.pkl",
"onnx_model_path": "models/false_positive_model.onnx",
"confidence_threshold": 0.7
}
}
开发
项目结构
code-audit-false-positive-filter/
├── code_audit_fp/
│ ├── __init__.py
│ ├── server.py # MCP服务器实现
│ ├── models.py # 数据模型
│ └── filters/
│ ├── __init__.py
│ ├── base.py # 过滤器基类
│ ├── rule_filter.py # L1规则过滤器
│ ├── context_filter.py # L2上下文过滤器
│ └── ml_filter.py # L3 ML过滤器
├── main.py # 入口点
├── requirements.txt # 依赖
├── config.json # 配置文件
└── README.md # 说明文档
添加新的过滤规则
- 在
config.json中添加规则 - 实现规则逻辑在
filters/rule_filter.py - 添加单元测试
训练自定义ML模型
from code_audit_fp.filters import MLFilter
ml_filter = MLFilter(config)
result = await ml_filter.train_model(
training_data=your_training_data,
model_type="random_forest",
validation_split=0.2
)
性能指标
在4核4G环境下的性能基准:
- L1规则过滤: ~1000条/秒
- L2上下文分析: ~100条/秒
- L3 ML推理: ~50条/秒
- 内存占用: <500MB (含ML模型)
许可证
MIT License
贡献
欢迎提交Issue和Pull Request!
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.