Skip to content

Feat-mcp#2

Open
Huleinpylo wants to merge 22 commits into
0xlildoudou:mainfrom
Huleinpylo:feat-mcp
Open

Feat-mcp#2
Huleinpylo wants to merge 22 commits into
0xlildoudou:mainfrom
Huleinpylo:feat-mcp

Conversation

@Huleinpylo

Copy link
Copy Markdown

fix: Update tests to validate MCP configuration

Huleinpylo and others added 19 commits June 2, 2025 23:17
- Add project structure for Model Context Protocol integration
- Include comprehensive documentation and setup guides
- Prepare foundation for OSINT intelligence gathering via MCP
- Support for AI assistants like Claude, Cursor, and VS Code agents

This commit establishes the foundation for GitOSINT-MCP addon that will enable:
* Public repository intelligence gathering without authentication
* Email discovery from Git commits and metadata  
* User profile analysis across Git platforms
* Social network mapping between developers
* Integration with AI agents through standardized MCP protocol
- Implement GitOSINTMCPServer with MCP protocol integration
- Add comprehensive configuration management for addon
- Support for 5 core MCP tools: analyze_repository, discover_user_info, find_emails, map_social_network, scan_security_issues
- Include rate limiting, security controls, and platform-specific settings
- Add CLI foundation for MCP server management

This commit establishes the core MCP addon functionality:
* Full MCP server implementation with async operation
* Configurable security and rate limiting for safe OSINT
* Support for multiple Git platforms (GitHub, GitLab, Bitbucket)
* Modular analyzer architecture for extensibility
* CLI interface for standalone operations and server management
- Add comprehensive RepositoryAnalyzer for MCP addon OSINT capabilities
- Support multi-platform analysis (GitHub, GitLab, Bitbucket)
- Include structured data extraction: repo info, contributors, languages
- Implement async operations with rate limiting and security controls
- Provide detailed vs basic analysis modes for different MCP use cases

Core MCP addon features implemented:
* Repository metadata extraction with contributor analysis
* Programming language distribution statistics  
* Platform-agnostic URL parsing and API integration
* Structured output optimized for AI assistant consumption
* Error handling and logging for robust MCP server operation
…email discovery

- Implement UserIntelligence module for comprehensive user profiling via MCP
- Add EmailDiscovery engine with multiple OSINT techniques for MCP addon
- Support cross-platform intelligence gathering (GitHub, GitLab, Bitbucket) 
- Include confidence scoring and validation for discovered information
- Provide structured data outputs optimized for AI assistant consumption

Key MCP addon intelligence capabilities:
* User profile extraction with activity statistics and repository analysis
* Email discovery from Git commits, documentation, and public profiles
* Privacy-respecting approach using only publicly available data
* Confidence scoring and validation for intelligence quality assessment
* Async operations with proper error handling for robust MCP integration
…MCP addon

- Implement SecurityScanner with comprehensive threat detection for MCP integration
- Add secret detection patterns for AWS keys, GitHub tokens, API keys, and private keys  
- Include Docker and CI/CD security configuration analysis
- Support vulnerability scanning of dependency files (package.json, requirements.txt)
- Complete SocialMapper with basic network analysis framework for MCP addon

Core MCP addon security capabilities:
* Multi-pattern secret detection with confidence scoring
* Suspicious file identification and malware pattern recognition
* Security configuration analysis for Docker and CI/CD workflows
* Risk level calculation and automated security recommendations
* Privacy-respecting scanning of publicly available repository data
* Structured output optimized for AI assistant security analysis
- Implement pytest-based test suite with fixtures and mocks for MCP addon
- Add unit tests for configuration management and repository analyzer
- Include test fixtures for GitHub API responses and sample data
- Support integration testing with Docker Compose and mock services
- Provide comprehensive test categories: unit, integration, security, performance

Key MCP addon testing capabilities:
* Complete test configuration with async support and MCP-specific fixtures
* Mock GitHub API responses for consistent testing without rate limits
* Configuration validation tests ensuring robust MCP addon setup
* Repository analyzer tests covering URL parsing and data extraction
* Docker-based testing environment for isolated and reproducible tests
* Test categorization with pytest markers for selective test execution
- Add comprehensive Quick Start Guide for immediate MCP addon usage
- Include step-by-step setup instructions for all major AI assistants
- Provide troubleshooting section with common issues and solutions  
- Create AUTHORS.md recognizing contributors and project attribution
- Complete documentation ecosystem for GitOSINT-MCP addon

Final MCP addon documentation includes:
* Quick start guide with 5-minute setup for Claude Desktop, VS Code, Cursor
* Example conversations showing real OSINT intelligence gathering scenarios
* Comprehensive testing instructions and troubleshooting solutions
* Community contribution guidelines and recognition framework
* Complete project attribution acknowledging open source dependencies
GitOSINT-MCP CI/CD Pipeline
- Added Docker Compose setup (`docker-compose.yml`)
- Added installation script (`install.sh`)
- Updated dependencies in `requirements.txt`
- Enhanced CLI functionality in `src/gitosint_mcp/cli.py`
- Introduced configuration management in `src/gitosint_mcp/config.py`
- Improved server logic in `src/gitosint_mcp/server.py`
- Added basic unit test (`tests/unit/basic.py`)
- Updated configuration tests (`tests/unit/test_config.py`)
…orrectly

fix: Update tests to validate MCP configuration
…n permissions

Potential fix for code scanning alert no. 8: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

jobs:
test:
name: Run Tests

Check warning

Code scanning / CodeQL

Workflow does not contain permissions

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}
file_findings = self._detect_secrets_in_content(content, file_path)
findings.extend(file_findings)
except Exception as e:
logger.debug(f"MCP: Could not scan {file_path} for secrets: {str(e)}")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
Comment thread src/gitosint_mcp/server.py Outdated
owner, repo = path_parts[0], path_parts[1]

# Determine platform and API endpoint
if 'github.com' in parsed_url.netloc:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

The string [github.com](1) may be at an arbitrary position in the sanitized URL.
Comment thread src/gitosint_mcp/server.py Outdated
# Determine platform and API endpoint
if 'github.com' in parsed_url.netloc:
return await self._analyze_github_repo(owner, repo)
elif 'gitlab.com' in parsed_url.netloc:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

The string [gitlab.com](1) may be at an arbitrary position in the sanitized URL.
Comment thread tests/conftest.py
def assert_valid_github_url(url):
"""Assert that a string is a valid GitHub URL"""
assert_valid_url(url)
assert "github.com" in url

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

The string [github.com](1) may be at an arbitrary position in the sanitized URL.
Comment thread tests/conftest.py
def assert_valid_gitlab_url(url):
"""Assert that a string is a valid GitLab URL"""
assert_valid_url(url)
assert "gitlab.com" in url

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

The string [gitlab.com](1) may be at an arbitrary position in the sanitized URL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants