Add Gradio app with MCP server support

.gitignore

@@ -0,0 +1,4 @@
+.idea/
+__pycache__/
+*.pyc
+.DS_Store

README.md

@@ -1,14 +1,62 @@
 ---
 title: Simple Security Scanner
-emoji: 🌖
-colorFrom: purple
-colorTo: blue
+emoji: 🔒
+colorFrom: red
+colorTo: yellow
 sdk: gradio
-sdk_version: 6.0.1
+sdk_version: "5.6.0"
 app_file: app.py
+tags:
+  - mcp
+  - security
+  - building-mcp-track-developer-tools
 pinned: false
-license: mit
-short_description: MCP server that scans Python code for security vulnerabiliti
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# 🔒 Simple Security Scanner MCP
+
+An MCP server that scans Python code for security vulnerabilities and provides **beginner-friendly explanations**.
+
+## Features
+
+- **Pattern-based Detection**: Hardcoded secrets, path traversal, insecure deserialization, and more
+- **SQL Injection Detection**: Precise detection using AST analysis
+- **Beginner-friendly Explanations**: Easy-to-understand descriptions of what's wrong, why it's dangerous, and how to fix it
+
+## MCP Tool
+
+### `scan_security`
+
+Analyzes Python code for security vulnerabilities.
+
+**Inputs:**
+- `code` (string): Python source code to analyze
+- `severity_threshold` (string): Minimum severity level to report (CRITICAL, HIGH, MEDIUM, LOW)
+
+**Output:**
+- Beginner-friendly explanation of found vulnerabilities
+
+## Usage
+
+### Web UI
+Visit this Space and enter your code to scan.
+
+### MCP Client
+Connect from MCP clients like Claude Desktop with the following configuration:
+```json
+{
+  "mcpServers": {
+    "security-scanner": {
+      "url": "https://huggingface.co/spaces/MCP-1st-Birthday/simple-security-scanner/gradio_api/mcp/sse"
+    }
+  }
+}
+```
+
+## Track
+
+`building-mcp-track-developer-tools`
+
+## License
+
+MIT

app.py

@@ -0,0 +1,183 @@
+"""
+Simple Security Scanner - Gradio App with MCP Server
+A security vulnerability scanner that provides beginner-friendly explanations.
+"""
+
+import gradio as gr
+from src.scanner.pattern_detector import PatternDetector
+from src.scanner.sql_injection import SQLInjectionDetector
+from src.formatter import format_results_for_beginners
+
+# 샘플 코드들
+SAMPLE_CODES = {
+    "SQL Injection": '''import sqlite3
+
+def get_user(username):
+    conn = sqlite3.connect('users.db')
+    cursor = conn.cursor()
+    query = f"SELECT * FROM users WHERE username = '{username}'"
+    cursor.execute(query)
+    return cursor.fetchone()
+''',
+    "Hardcoded Secret": '''import requests
+
+API_KEY = "sk-1234567890abcdef"
+DATABASE_PASSWORD = "admin123"
+
+def connect():
+    return requests.get(f"https://api.example.com?key={API_KEY}")
+''',
+    "Path Traversal": '''import os
+
+def read_file(filename):
+    base_path = "/var/www/uploads/"
+    file_path = base_path + filename
+    with open(file_path, 'r') as f:
+        return f.read()
+''',
+    "Insecure Deserialization": '''import pickle
+import base64
+
+def load_user_data(data):
+    decoded = base64.b64decode(data)
+    return pickle.loads(decoded)
+'''
+}
+
+
+def scan_code(code: str, severity_threshold: str = "MEDIUM") -> str:
+    """
+    Scan Python code for security vulnerabilities.
+
+    Args:
+        code: Python source code to analyze
+        severity_threshold: Minimum severity level (CRITICAL, HIGH, MEDIUM, LOW)
+
+    Returns:
+        Beginner-friendly explanation of found vulnerabilities
+    """
+    if not code or not code.strip():
+        return "⚠️ 코드를 입력해주세요."
+
+    all_findings = []
+
+    # Pattern-based detection
+    try:
+        pattern_detector = PatternDetector()
+        pattern_findings = pattern_detector.scan(code)
+        all_findings.extend(pattern_findings)
+    except Exception as e:
+        pass
+
+    # SQL Injection detection
+    try:
+        sql_detector = SQLInjectionDetector()
+        sql_findings = sql_detector.scan(code)
+        all_findings.extend(sql_findings)
+    except Exception as e:
+        pass
+
+    # Filter by severity
+    severity_order = {"CRITICAL": 4, "HIGH": 3, "MEDIUM": 2, "LOW": 1}
+    threshold_value = severity_order.get(severity_threshold, 2)
+
+    filtered_findings = [
+        f for f in all_findings
+        if severity_order.get(f.get("severity", "LOW"), 1) >= threshold_value
+    ]
+
+    # Remove duplicates
+    seen = set()
+    unique_findings = []
+    for f in filtered_findings:
+        key = (f.get("line", 0), f.get("rule_id", ""), f.get("message", ""))
+        if key not in seen:
+            seen.add(key)
+            unique_findings.append(f)
+
+    if not unique_findings:
+        return "✅ 선택한 심각도 수준에서 발견된 보안 취약점이 없습니다!"
+
+    # Format results
+    return format_results_for_beginners(unique_findings)
+
+
+def load_sample(sample_name: str) -> str:
+    """Load sample vulnerable code."""
+    return SAMPLE_CODES.get(sample_name, "")
+
+
+# Gradio UI
+with gr.Blocks(
+        title="🔒 Simple Security Scanner",
+        theme=gr.themes.Soft()
+) as demo:
+    gr.Markdown("""
+    # 🔒 Simple Security Scanner
+
+    **Python 코드의 보안 취약점을 분석하고 초보자도 이해할 수 있는 설명을 제공합니다.**
+
+    MCP (Model Context Protocol) 서버로도 사용 가능합니다.
+    """)
+
+    with gr.Row():
+        with gr.Column(scale=2):
+            code_input = gr.Code(
+                label="Python 코드 입력",
+                language="python",
+                lines=15,
+                placeholder="분석할 Python 코드를 입력하세요..."
+            )
+
+            with gr.Row():
+                severity_dropdown = gr.Dropdown(
+                    choices=["LOW", "MEDIUM", "HIGH", "CRITICAL"],
+                    value="MEDIUM",
+                    label="최소 심각도",
+                    scale=1
+                )
+                scan_btn = gr.Button("🔍 스캔 시작", variant="primary", scale=2)
+
+        with gr.Column(scale=1):
+            gr.Markdown("### 📝 샘플 코드")
+            for name in SAMPLE_CODES.keys():
+                sample_btn = gr.Button(name, size="sm")
+                sample_btn.click(
+                    fn=lambda n=name: load_sample(n),
+                    outputs=code_input
+                )
+
+    output = gr.Markdown(label="분석 결과")
+
+    scan_btn.click(
+        fn=scan_code,
+        inputs=[code_input, severity_dropdown],
+        outputs=output
+    )
+
+    gr.Markdown("""
+    ---
+    ### 🛠️ MCP 서버로 사용하기
+
+    이 앱은 MCP 클라이언트(Claude Desktop 등)에서 도구로 사용할 수 있습니다.
+```json
+    {
+      "mcpServers": {
+        "security-scanner": {
+          "url": "https://huggingface.co/spaces/MCP-1st-Birthday/simple-security-scanner/gradio_api/mcp/sse"
+        }
+      }
+    }
+```
+    """)
+
+if __name__ == "__main__":
+    demo.launch(mcp_server=True)
+```
+
+---
+
+## 2. `requirements.txt` 생성
+```
+gradio[mcp] >= 5.6
+.0

demo/vulnerable_samples/hardcoded_secrets.py

@@ -0,0 +1,74 @@
+"""
+Vulnerable Code Sample: Hardcoded Secrets
+
+⚠️  WARNING: This file contains intentionally insecure code for demonstration purposes.
+    NEVER use these patterns in production code!
+
+This sample demonstrates various types of hardcoded credentials that should
+never be stored directly in source code.
+"""
+
+
+# 1. AWS Credentials - VULNERABLE
+AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"
+AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+
+
+# 2. GitHub Personal Access Token - VULNERABLE
+GITHUB_TOKEN = "ghp_1234567890abcdefghijklmnopqrstuvwxyz"
+
+
+# 3. Stripe API Key - VULNERABLE
+def process_payment(amount):
+    """Process payment using hardcoded Stripe key."""
+    stripe_api_key = "sk_live_1234567890abcdefghijklmnop"  # VULNERABLE!
+    # Payment processing logic...
+    return f"Processing ${amount} with key: {stripe_api_key[:10]}..."
+
+
+# 4. OpenAI API Key - VULNERABLE
+class AIService:
+    def __init__(self):
+        self.api_key = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890"  # VULNERABLE!
+
+    def generate_text(self, prompt):
+        """Generate text using hardcoded API key."""
+        return f"Calling API with key: {self.api_key[:10]}..."
+
+
+# 5. Database Connection String with Password - VULNERABLE
+DATABASE_URL = "postgresql://admin:SuperSecret123@localhost:5432/mydb"
+
+
+# 6. JWT Secret Key - VULNERABLE
+JWT_SECRET = "my-super-secret-jwt-key-that-should-be-in-env"
+
+
+# 7. Hardcoded Password - VULNERABLE
+def authenticate_user(username):
+    """Check user credentials with hardcoded password."""
+    admin_password = "Admin123!@#"  # VULNERABLE!
+    if username == "admin":
+        return admin_password
+    return None
+
+
+# 8. Private Key - VULNERABLE
+PRIVATE_KEY = """-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7VJTUt9Us8cKj
+MzEfYyjiWA4R4/M2bS1+fWIcPm15A4LH5V8NGlIRIDlT2H5M3V2dZdG4vZbJTvP2
+-----END PRIVATE KEY-----"""
+
+
+# 9. Korean Bank Account Info - VULNERABLE (한국 특화)
+BANK_ACCOUNT = {
+    "bank": "국민은행",
+    "account_number": "123-456-789012",
+    "account_holder": "홍길동"
+}
+
+
+# Safe alternative (commented for comparison):
+# import os
+# AWS_ACCESS_KEY_ID = os.getenv('AWS_ACCESS_KEY_ID')
+# AWS_SECRET_ACCESS_KEY = os.getenv('AWS_SECRET_ACCESS_KEY')

demo/vulnerable_samples/insecure_deserialization.py

@@ -0,0 +1,142 @@
+"""
+Vulnerable Code Sample: Insecure Deserialization
+
+⚠️  WARNING: This file contains intentionally insecure code for demonstration purposes.
+    NEVER use these patterns in production code!
+
+This sample demonstrates insecure deserialization vulnerabilities that allow
+attackers to execute arbitrary code through crafted input data.
+"""
+
+import pickle
+import yaml
+
+
+# 1. Unsafe pickle.loads() - VULNERABLE
+def load_user_session(session_data):
+    """Vulnerable to code execution via pickle deserialization."""
+    # VULNERABLE: pickle can execute arbitrary code during deserialization
+    # An attacker can craft a pickle that runs os.system("rm -rf /")
+    try:
+        user_data = pickle.loads(session_data)
+        return user_data
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Safe alternative: Use JSON for untrusted data
+    # import json
+    # user_data = json.loads(session_data.decode('utf-8'))
+
+
+# 2. Unsafe eval() for JSON parsing - VULNERABLE
+def parse_config(config_string):
+    """Vulnerable to code execution via eval()."""
+    # VULNERABLE: eval() executes arbitrary Python code
+    # Input like "__import__('os').system('rm -rf /')" will execute
+    try:
+        config = eval(config_string)
+        return config
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Safe alternative:
+    # import json
+    # config = json.loads(config_string)
+
+
+# 3. Unsafe exec() for dynamic code - VULNERABLE
+def run_user_script(script_code):
+    """Vulnerable to code execution via exec()."""
+    # VULNERABLE: exec() runs arbitrary Python code
+    # User can run anything: "import os; os.system('cat /etc/passwd')"
+    result = {}
+    try:
+        exec(script_code, {}, result)
+        return result
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Safe alternative: Use ast.literal_eval() for data only
+    # import ast
+    # data = ast.literal_eval(user_input)  # Only evaluates literals
+
+
+# 4. Unsafe YAML loading - VULNERABLE
+def load_config_file(yaml_content):
+    """Vulnerable to code execution via YAML deserialization."""
+    # VULNERABLE: yaml.load() can execute Python code
+    # YAML can contain !!python/object/apply tags to execute code
+    try:
+        config = yaml.load(yaml_content, Loader=yaml.Loader)
+        return config
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Safe alternative:
+    # config = yaml.safe_load(yaml_content)  # Only parses basic YAML
+
+
+# 5. Unsafe pickle in file operations - VULNERABLE
+def save_and_load_data(data, filename="/tmp/data.pkl"):
+    """Vulnerable pickle usage in file operations."""
+    # VULNERABLE: Loading pickles from untrusted sources
+    # Save
+    with open(filename, 'wb') as f:
+        pickle.dump(data, f)
+
+    # Load - VULNERABLE if file is tampered with
+    with open(filename, 'rb') as f:
+        loaded_data = pickle.load(f)
+
+    return loaded_data
+
+
+# 6. Dynamic code compilation - VULNERABLE
+def compile_and_run(code_string):
+    """Vulnerable to code execution via compile()."""
+    # VULNERABLE: compile() + exec() allows arbitrary code execution
+    try:
+        compiled_code = compile(code_string, '<string>', 'exec')
+        exec(compiled_code)
+        return "Code executed"
+    except Exception as e:
+        return f"Error: {e}"
+
+
+# Example malicious payloads:
+"""
+# Malicious pickle payload (simplified concept):
+malicious_pickle = b"cos\nsystem\n(S'cat /etc/passwd'\ntR."
+
+# Malicious YAML payload:
+malicious_yaml = '''
+!!python/object/apply:os.system
+args: ['cat /etc/passwd']
+'''
+
+# Malicious eval payload:
+malicious_eval = "__import__('os').system('whoami')"
+"""
+
+
+# Safe deserialization example:
+def safe_deserialize(json_string):
+    """Safe deserialization using JSON."""
+    import json
+
+    try:
+        # JSON is safe - it only deserializes data, not code
+        data = json.loads(json_string)
+
+        # Validate the structure
+        if not isinstance(data, dict):
+            raise ValueError("Expected dictionary")
+
+        # Whitelist expected keys
+        allowed_keys = {'username', 'email', 'age', 'preferences'}
+        if not set(data.keys()).issubset(allowed_keys):
+            raise ValueError("Unexpected keys in data")
+
+        return data
+    except json.JSONDecodeError as e:
+        raise ValueError(f"Invalid JSON: {e}")

demo/vulnerable_samples/path_traversal.py

@@ -0,0 +1,114 @@
+"""
+Vulnerable Code Sample: Path Traversal
+
+⚠️  WARNING: This file contains intentionally insecure code for demonstration purposes.
+    NEVER use these patterns in production code!
+
+This sample demonstrates path traversal vulnerabilities that allow attackers
+to access files outside of the intended directory.
+"""
+
+import os
+
+
+# 1. Direct user input in file path - VULNERABLE
+def read_user_file(filename):
+    """Vulnerable to path traversal - direct file path usage."""
+    # VULNERABLE: User can use ../../../etc/passwd
+    file_path = f"/var/www/uploads/{filename}"
+    try:
+        with open(file_path, 'r') as f:
+            return f.read()
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Safe alternative:
+    # import os
+    # base_dir = "/var/www/uploads/"
+    # file_path = os.path.join(base_dir, filename)
+    # real_path = os.path.realpath(file_path)
+    # if not real_path.startswith(os.path.realpath(base_dir)):
+    #     raise ValueError("Invalid file path")
+
+
+# 2. Unsafe os.path.join usage - VULNERABLE
+def download_file(user_dir, filename):
+    """Vulnerable to path traversal via os.path.join."""
+    # VULNERABLE: Absolute paths in filename can bypass base directory
+    base_path = "/home/users/"
+    file_path = os.path.join(base_path, user_dir, filename)
+    # If filename = "/etc/passwd", it returns "/etc/passwd"
+    try:
+        with open(file_path, 'r') as f:
+            return f.read()
+    except Exception as e:
+        return f"Error: {e}"
+
+
+# 3. Directory listing vulnerability - VULNERABLE
+def list_directory(subdir):
+    """Vulnerable to directory traversal in listing."""
+    # VULNERABLE: User can list any directory with ../
+    base_dir = "/var/www/public/"
+    target_dir = base_dir + subdir
+    try:
+        return os.listdir(target_dir)
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Example exploit: list_directory("../../../etc/")
+
+
+# 4. File write vulnerability - VULNERABLE
+def save_uploaded_file(username, filename, content):
+    """Vulnerable to path traversal in file upload."""
+    # VULNERABLE: Can overwrite system files
+    upload_dir = f"/uploads/{username}/"
+    file_path = upload_dir + filename  # User controls filename
+    try:
+        os.makedirs(os.path.dirname(file_path), exist_ok=True)
+        with open(file_path, 'w') as f:
+            f.write(content)
+        return f"Saved to {file_path}"
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Example exploit: save_uploaded_file("user", "../../../etc/cron.d/backdoor", "* * * * * root /tmp/malware")
+
+
+# 5. Template file inclusion - VULNERABLE
+def render_template(template_name):
+    """Vulnerable to path traversal in template rendering."""
+    # VULNERABLE: Can read arbitrary files
+    templates_dir = "./templates/"
+    template_path = templates_dir + template_name + ".html"
+    try:
+        with open(template_path, 'r') as f:
+            return f.read()
+    except Exception as e:
+        return f"Error: {e}"
+
+    # Example exploit: render_template("../../etc/passwd")
+
+
+# Safe implementation example:
+def safe_read_file(filename):
+    """Safe file reading with path validation."""
+    from pathlib import Path
+
+    # Define allowed base directory
+    base_dir = Path("/var/www/uploads/").resolve()
+
+    # Build the full path
+    requested_path = (base_dir / filename).resolve()
+
+    # Ensure the resolved path is within base_dir
+    if not str(requested_path).startswith(str(base_dir)):
+        raise ValueError("Access denied: Path traversal detected")
+
+    # Also check for common path traversal patterns
+    if ".." in filename or filename.startswith("/"):
+        raise ValueError("Invalid filename")
+
+    with open(requested_path, 'r') as f:
+        return f.read()

demo/vulnerable_samples/sql_injection.py

@@ -0,0 +1,96 @@
+"""
+Vulnerable Code Sample: SQL Injection
+
+⚠️  WARNING: This file contains intentionally insecure code for demonstration purposes.
+    NEVER use these patterns in production code!
+
+This sample demonstrates various SQL injection vulnerabilities that can occur
+when user input is directly incorporated into SQL queries.
+"""
+
+
+# 1. SQL Injection via f-string - VULNERABLE
+def get_user_by_id_fstring(user_id):
+    """Vulnerable to SQL injection via f-string."""
+    # VULNERABLE: User input directly in f-string
+    query = f"SELECT * FROM users WHERE id = {user_id}"
+    # execute_query(query)
+    return query
+
+    # Safe alternative:
+    # query = "SELECT * FROM users WHERE id = %s"
+    # execute_query(query, (user_id,))
+
+
+# 2. SQL Injection via string concatenation - VULNERABLE
+def search_products(keyword):
+    """Vulnerable to SQL injection via + operator."""
+    # VULNERABLE: String concatenation with user input
+    query = "SELECT * FROM products WHERE name LIKE '%" + keyword + "%'"
+    # execute_query(query)
+    return query
+
+    # Safe alternative:
+    # query = "SELECT * FROM products WHERE name LIKE %s"
+    # execute_query(query, (f"%{keyword}%",))
+
+
+# 3. SQL Injection via % formatting - VULNERABLE
+def delete_user(username):
+    """Vulnerable to SQL injection via % formatting."""
+    # VULNERABLE: % formatting with quotes
+    query = "DELETE FROM users WHERE username='%s'" % username
+    # execute_query(query)
+    return query
+
+    # Safe alternative:
+    # query = "DELETE FROM users WHERE username=%s"
+    # execute_query(query, (username,))
+
+
+# 4. SQL Injection via .format() - VULNERABLE
+def update_email(user_id, new_email):
+    """Vulnerable to SQL injection via .format() method."""
+    # VULNERABLE: .format() with user input
+    query = "UPDATE users SET email='{}' WHERE id={}".format(new_email, user_id)
+    # execute_query(query)
+    return query
+
+    # Safe alternative:
+    # query = "UPDATE users SET email=%s WHERE id=%s"
+    # execute_query(query, (new_email, user_id))
+
+
+# 5. SQL Injection via ORM raw query - VULNERABLE
+def get_orders_by_status(status):
+    """Vulnerable to SQL injection in ORM raw query."""
+    # VULNERABLE: Django ORM raw() with string formatting
+    query = f"SELECT * FROM orders WHERE status = '{status}' ORDER BY created_at"
+    # Order.objects.raw(query)
+    return query
+
+    # Safe alternative:
+    # query = "SELECT * FROM orders WHERE status = %s ORDER BY created_at"
+    # Order.objects.raw(query, [status])
+
+
+# 6. Complex SQL injection - VULNERABLE
+def advanced_search(table_name, column, value):
+    """Vulnerable to SQL injection with dynamic table/column names."""
+    # VULNERABLE: Dynamic table and column names
+    query = f"SELECT * FROM {table_name} WHERE {column} = '{value}'"
+    # execute_query(query)
+    return query
+
+    # Safe alternative: Use whitelist for table/column names
+    # ALLOWED_TABLES = {'users', 'products', 'orders'}
+    # ALLOWED_COLUMNS = {'id', 'name', 'email', 'status'}
+    # if table_name in ALLOWED_TABLES and column in ALLOWED_COLUMNS:
+    #     query = f"SELECT * FROM {table_name} WHERE {column} = %s"
+    #     execute_query(query, (value,))
+
+
+# Example of exploitation:
+# get_user_by_id_fstring("1 OR 1=1")  # Returns all users
+# delete_user("admin'; DROP TABLE users--")  # Deletes the users table!
+# search_products("'; DELETE FROM products--")  # Deletes all products!

mcp_config.json

@@ -0,0 +1,99 @@
+{
+  "server": {
+    "name": "security-scanner-mcp",
+    "version": "0.1.0",
+    "description": "Python 코드 보안 취약점을 스캔하고 초보자 친화적인 설명을 제공하는 MCP 서버"
+  },
+  "tools": {
+    "scan_security": {
+      "enabled": true,
+      "description": "코드의 보안 취약점을 스캔하고 초보자 친화적인 설명 제공",
+      "timeout_seconds": 30
+    }
+  },
+  "scanners": {
+    "pattern_detector": {
+      "enabled": true,
+      "patterns": {
+        "aws_keys": true,
+        "api_keys": true,
+        "github_tokens": true,
+        "jwt_tokens": true,
+        "passwords": true,
+        "korean_pii": true,
+        "database_credentials": true,
+        "private_keys": true
+      }
+    },
+    "bandit": {
+      "enabled": true,
+      "confidence_level": "MEDIUM",
+      "skip_tests": []
+    },
+    "semgrep": {
+      "enabled": true,
+      "config": "auto",
+      "timeout": 30,
+      "max_memory_mb": 2000
+    },
+    "sql_injection": {
+      "enabled": true,
+      "check_fstring": true,
+      "check_concat": true,
+      "check_format": true,
+      "check_percent": true
+    }
+  },
+  "custom_rules": {
+    "enabled": true,
+    "directories": [
+      "rules"
+    ],
+    "files": [
+      "rules/skt_guidelines.yaml"
+    ]
+  },
+  "severity": {
+    "thresholds": {
+      "CRITICAL": 0,
+      "HIGH": 1,
+      "MEDIUM": 2,
+      "LOW": 3
+    },
+    "default_threshold": "MEDIUM"
+  },
+  "formatter": {
+    "explanation_templates": {
+      "hardcoded_api_key": {
+        "what": "API 키가 소스 코드에 직접 하드코딩되어 있습니다",
+        "why": "코드에 접근할 수 있는 누구나 이 자격증명을 훔쳐서 악용할 수 있습니다. Git 히스토리에 영구히 남아 삭제하기 어렵습니다.",
+        "how_to_fix": "환경 변수나 별도의 설정 파일을 사용하세요",
+        "references": [
+          "https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password"
+        ]
+      },
+      "sql_injection": {
+        "what": "SQL 쿼리가 사용자 입력과 문자열 연결로 만들어지고 있습니다",
+        "why": "공격자가 악의적인 SQL 코드를 삽입하여 데이터베이스의 모든 데이터를 탈취하거나 삭제할 수 있습니다.",
+        "how_to_fix": "파라미터화된 쿼리 또는 ORM을 사용하세요",
+        "references": [
+          "https://owasp.org/www-community/attacks/SQL_Injection"
+        ]
+      }
+    },
+    "include_code_examples": true,
+    "include_references": true,
+    "json_indent": 2
+  },
+  "performance": {
+    "max_file_size_mb": 10,
+    "enable_caching": true,
+    "cache_ttl_seconds": 3600
+  },
+  "logging": {
+    "level": "INFO",
+    "file": "logs/mcp_server.log",
+    "console": true,
+    "json_format": false
+  }
+}

requirements.txt

@@ -0,0 +1 @@
+gradio[mcp]>=5.6.0

src/formatter.py

@@ -0,0 +1,322 @@
+"""
+Result formatter for security scan results.
+
+Transforms raw vulnerability data into beginner-friendly explanations.
+"""
+
+from datetime import datetime
+from typing import Dict, List, Any
+import sys
+from pathlib import Path
+
+# Import utilities
+sys.path.insert(0, str(Path(__file__).parent))
+from utils import get_severity_order
+
+# Explanation templates for common vulnerabilities
+EXPLANATION_TEMPLATES = {
+    "hardcoded_api_key": {
+        "what": "API 키가 소스 코드에 직접 하드코딩되어 있습니다",
+        "why": "소스 코드는 버전 관리 시스템(Git)에 저장되고, 여러 개발자가 접근할 수 있습니다. "
+               "코드에 접근할 수 있는 누구나 이 API 키를 복사하여 악용할 수 있으며, "
+               "심지어 공개 저장소에 실수로 올릴 경우 전 세계에 노출됩니다. "
+               "공격자는 이 키로 무단 API 호출을 하여 비용을 발생시키거나 데이터를 탈취할 수 있습니다.",
+        "how_to_fix": "API 키는 환경 변수나 별도의 설정 파일(예: .env)에 저장하고, "
+                      "이 파일은 .gitignore에 추가하여 버전 관리에서 제외하세요.",
+        "example": "# 나쁜 예\napi_key = 'sk-1234567890abcdef'\n\n"
+                   "# 좋은 예\nimport os\napi_key = os.getenv('API_KEY')\n\n"
+                   "# .env 파일에\n# API_KEY=sk-1234567890abcdef",
+        "references": [
+            "https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password",
+            "https://12factor.net/config"
+        ]
+    },
+    "sql_injection": {
+        "what": "사용자 입력을 SQL 쿼리에 직접 삽입하여 SQL 인젝션 취약점이 발생합니다",
+        "why": "공격자가 악의적인 SQL 코드를 입력하면, 데이터베이스의 모든 데이터를 조회하거나 삭제할 수 있습니다. "
+               "예를 들어 'admin' OR '1'='1' 같은 입력으로 인증을 우회하거나, "
+               "; DROP TABLE users-- 같은 입력으로 전체 테이블을 삭제할 수 있습니다.",
+        "how_to_fix": "파라미터화된 쿼리(Prepared Statement)를 사용하여 사용자 입력을 SQL 코드와 분리하세요. "
+                      "ORM(SQLAlchemy, Django ORM 등)을 사용하면 자동으로 안전하게 처리됩니다.",
+        "example": "# 나쁜 예\nquery = f\"SELECT * FROM users WHERE id={user_id}\"\n\n"
+                   "# 좋은 예\nquery = \"SELECT * FROM users WHERE id=%s\"\ncursor.execute(query, (user_id,))\n\n"
+                   "# ORM 사용\nuser = User.objects.filter(id=user_id).first()",
+        "references": [
+            "https://owasp.org/www-community/attacks/SQL_Injection",
+            "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html"
+        ]
+    },
+    "password": {
+        "what": "비밀번호가 소스 코드에 평문으로 저장되어 있습니다",
+        "why": "코드에 접근할 수 있는 누구나 이 비밀번호를 볼 수 있으며, "
+               "Git 히스토리에 영구히 남아 나중에 삭제해도 복구할 수 있습니다. "
+               "같은 비밀번호를 다른 서비스에서도 재사용했다면 피해가 더 커질 수 있습니다.",
+        "how_to_fix": "비밀번호는 환경 변수에 저장하고, 가능하면 비밀번호 관리 서비스(AWS Secrets Manager, HashiCorp Vault 등)를 사용하세요.",
+        "example": "# 나쁜 예\npassword = 'MyPassword123'\n\n"
+                   "# 좋은 예\nimport os\npassword = os.getenv('DB_PASSWORD')",
+        "references": [
+            "https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password"
+        ]
+    },
+    "pickle_usage": {
+        "what": "pickle.loads()를 사용하여 신뢰할 수 없는 데이터를 역직렬화하고 있습니다",
+        "why": "pickle은 Python 객체를 복원할 때 임의의 코드를 실행할 수 있습니다. "
+               "공격자가 악의적으로 조작한 pickle 데이터를 제공하면, "
+               "서버에서 임의의 명령을 실행하거나 시스템을 완전히 장악할 수 있습니다.",
+        "how_to_fix": "신뢰할 수 없는 데이터는 pickle 대신 JSON, YAML(safe_load), 또는 Protocol Buffers 같은 "
+                      "안전한 직렬화 형식을 사용하세요.",
+        "example": "# 나쁜 예\nimport pickle\ndata = pickle.loads(untrusted_input)\n\n"
+                   "# 좋은 예\nimport json\ndata = json.loads(untrusted_input)",
+        "references": [
+            "https://docs.python.org/3/library/pickle.html#module-pickle",
+            "https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data"
+        ]
+    },
+    "exec_usage": {
+        "what": "exec() 또는 eval()을 사용하여 동적으로 코드를 실행하고 있습니다",
+        "why": "사용자 입력이나 외부 데이터를 exec()/eval()로 실행하면, "
+               "공격자가 임의의 Python 코드를 실행할 수 있습니다. "
+               "이는 서버의 모든 파일에 접근하거나, 다른 시스템을 공격하거나, "
+               "악성코드를 설치하는 등 치명적인 결과를 초래할 수 있습니다.",
+        "how_to_fix": "exec()와 eval()은 가능한 한 사용하지 마세요. "
+                      "필요하다면 ast.literal_eval()로 안전하게 평가하거나, "
+                      "화이트리스트 기반의 명령어 매핑을 사용하세요.",
+        "example": "# 나쁜 예\nexec(user_input)\n\n"
+                   "# 좋은 예 (리터럴만)\nimport ast\nvalue = ast.literal_eval(user_input)\n\n"
+                   "# 또는 화이트리스트\nallowed_commands = {'start': start_func, 'stop': stop_func}\ncommand = allowed_commands.get(user_input)",
+        "references": [
+            "https://docs.python.org/3/library/functions.html#eval",
+            "https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html"
+        ]
+    },
+    "shell_injection": {
+        "what": "subprocess에서 shell=True를 사용하여 명령어를 실행하고 있습니다",
+        "why": "shell=True는 명령어를 셸을 통해 실행하므로, 사용자 입력에 세미콜론(;)이나 파이프(|) 같은 "
+               "셸 메타문자가 포함되면 추가 명령어를 실행할 수 있습니다. "
+               "예를 들어 '; rm -rf /' 같은 입력으로 시스템 전체를 삭제할 수 있습니다.",
+        "how_to_fix": "shell=True를 제거하고 명령어를 리스트로 전달하세요. "
+                      "또는 shlex.quote()로 입력을 이스케이프하세요.",
+        "example": "# 나쁜 예\nimport subprocess\nsubprocess.call(f'ls {user_dir}', shell=True)\n\n"
+                   "# 좋은 예\nsubprocess.call(['ls', user_dir])\n\n"
+                   "# 또는 shlex 사용\nimport shlex\nsafe_dir = shlex.quote(user_dir)\nsubprocess.call(f'ls {safe_dir}', shell=True)",
+        "references": [
+            "https://docs.python.org/3/library/subprocess.html#security-considerations",
+            "https://owasp.org/www-community/attacks/Command_Injection"
+        ]
+    }
+}
+
+
+def get_explanation(vulnerability: Dict[str, Any]) -> Dict[str, Any]:
+    """
+    Generate beginner-friendly explanation for a vulnerability.
+
+    Args:
+        vulnerability: Vulnerability dictionary from scanner
+
+    Returns:
+        Explanation dictionary with what, why, how_to_fix, example, references
+    """
+    vuln_id = vulnerability.get("id", "")
+    vuln_type = vulnerability.get("pattern_type", "")
+
+    # Try to find a matching template
+    template = None
+
+    # Check by pattern type first
+    if vuln_type in EXPLANATION_TEMPLATES:
+        template = EXPLANATION_TEMPLATES[vuln_type]
+    # Check by ID pattern
+    elif "sql-injection" in vuln_id:
+        template = EXPLANATION_TEMPLATES["sql_injection"]
+    elif "api" in vuln_id.lower() or "api_key" in vuln_type:
+        template = EXPLANATION_TEMPLATES["hardcoded_api_key"]
+    elif "password" in vuln_id.lower() or "password" in vuln_type:
+        template = EXPLANATION_TEMPLATES["password"]
+    elif "pickle" in vuln_id.lower() or "B301" in vuln_id:
+        template = EXPLANATION_TEMPLATES["pickle_usage"]
+    elif "exec" in vuln_id.lower() or "eval" in vuln_id.lower() or "B102" in vuln_id:
+        template = EXPLANATION_TEMPLATES["exec_usage"]
+    elif "shell" in vuln_id.lower() or "B602" in vuln_id:
+        template = EXPLANATION_TEMPLATES["shell_injection"]
+
+    # Use template or create generic explanation
+    if template:
+        explanation = template.copy()
+    else:
+        # Generic explanation
+        description = vulnerability.get("description", "보안 취약점이 발견되었습니다")
+        explanation = {
+            "what": description,
+            "why": "이 패턴은 보안 취약점을 일으킬 수 있으며, 공격자가 악용할 경우 시스템에 피해를 줄 수 있습니다.",
+            "how_to_fix": vulnerability.get("recommendation", "보안 모범 사례를 따르고, 신뢰할 수 없는 입력을 검증하세요."),
+            "example": "# 안전한 코드 작성을 위해 보안 가이드를 참고하세요",
+            "references": [
+                "https://owasp.org/www-project-top-ten/",
+                "https://cheatsheetseries.owasp.org/"
+            ]
+        }
+
+    return explanation
+
+
+def remove_duplicates(vulnerabilities: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    """
+    Remove duplicate vulnerabilities based on line number and issue type.
+
+    Args:
+        vulnerabilities: List of vulnerability dictionaries
+
+    Returns:
+        Deduplicated list
+    """
+    seen = set()
+    unique = []
+
+    for vuln in vulnerabilities:
+        # Create a key based on line number and vulnerability type
+        key = (
+            vuln.get("line_number"),
+            vuln.get("id", "").split("-")[0],  # Base ID without suffix
+            vuln.get("file_path", "")
+        )
+
+        if key not in seen:
+            seen.add(key)
+            unique.append(vuln)
+
+    return unique
+
+
+def sort_vulnerabilities(vulnerabilities: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    """
+    Sort vulnerabilities by severity and line number.
+
+    Args:
+        vulnerabilities: List of vulnerability dictionaries
+
+    Returns:
+        Sorted list
+    """
+    severity_order = get_severity_order()
+
+    def sort_key(vuln):
+        severity = vuln.get("severity", "LOW").upper()
+        severity_value = severity_order.get(severity, 99)
+        line_number = vuln.get("line_number", 0)
+        return (severity_value, line_number)
+
+    return sorted(vulnerabilities, key=sort_key)
+
+
+def calculate_summary(vulnerabilities: List[Dict[str, Any]]) -> Dict[str, Any]:
+    """
+    Calculate summary statistics for vulnerabilities.
+
+    Args:
+        vulnerabilities: List of vulnerability dictionaries
+
+    Returns:
+        Summary dictionary with counts
+    """
+    summary = {
+        "total_issues": len(vulnerabilities),
+        "critical": 0,
+        "high": 0,
+        "medium": 0,
+        "low": 0,
+        "scan_timestamp": datetime.utcnow().isoformat() + "Z"
+    }
+
+    for vuln in vulnerabilities:
+        severity = vuln.get("severity", "LOW").lower()
+        if severity in summary:
+            summary[severity] += 1
+
+    return summary
+
+
+def format_results(
+    vulnerabilities: List[Dict[str, Any]],
+    severity_threshold: str = "MEDIUM"
+) -> Dict[str, Any]:
+    """
+    Format scan results into beginner-friendly output.
+
+    Args:
+        vulnerabilities: List of vulnerability dictionaries from scanners
+        severity_threshold: Minimum severity threshold used
+
+    Returns:
+        Formatted results dictionary
+    """
+    # Remove duplicates
+    unique_vulns = remove_duplicates(vulnerabilities)
+
+    # Sort by severity and line number
+    sorted_vulns = sort_vulnerabilities(unique_vulns)
+
+    # Add explanations to each vulnerability
+    formatted_vulns = []
+    for vuln in sorted_vulns:
+        formatted_vuln = vuln.copy()
+
+        # Add explanation if not already present
+        if "explanation" not in formatted_vuln:
+            formatted_vuln["explanation"] = get_explanation(vuln)
+
+        formatted_vulns.append(formatted_vuln)
+
+    # Calculate summary
+    summary = calculate_summary(formatted_vulns)
+    summary["severity_threshold"] = severity_threshold
+
+    # Create final result
+    result = {
+        "summary": summary,
+        "vulnerabilities": formatted_vulns
+    }
+
+    return result
+
+
+def format_for_display(results: Dict[str, Any]) -> str:
+    """
+    Format results for console display.
+
+    Args:
+        results: Formatted results dictionary
+
+    Returns:
+        Human-readable string
+    """
+    summary = results.get("summary", {})
+    vulns = results.get("vulnerabilities", [])
+
+    output = []
+    output.append("\n" + "=" * 70)
+    output.append("보안 스캔 결과")
+    output.append("=" * 70)
+    output.append(f"\n총 발견된 이슈: {summary.get('total_issues', 0)}")
+    output.append(f"  - CRITICAL: {summary.get('critical', 0)}")
+    output.append(f"  - HIGH: {summary.get('high', 0)}")
+    output.append(f"  - MEDIUM: {summary.get('medium', 0)}")
+    output.append(f"  - LOW: {summary.get('low', 0)}")
+    output.append(f"\n스캔 시각: {summary.get('scan_timestamp', 'N/A')}")
+    output.append("\n" + "-" * 70)
+
+    for i, vuln in enumerate(vulns, 1):
+        output.append(f"\n[{i}] {vuln.get('title', 'Unknown Issue')}")
+        output.append(f"심각도: {vuln.get('severity', 'UNKNOWN')}")
+        output.append(f"위치: 라인 {vuln.get('line_number', 'N/A')}")
+        output.append(f"코드: {vuln.get('code_snippet', '')[:60]}...")
+
+        explanation = vuln.get("explanation", {})
+        if explanation:
+            output.append(f"\n문제: {explanation.get('what', '')}")
+            output.append(f"위험성: {explanation.get('why', '')[:100]}...")
+            output.append(f"해결방법: {explanation.get('how_to_fix', '')[:100]}...")
+
+        output.append("\n" + "-" * 70)
+
+    return "\n".join(output)

src/scanner/__init__.py

@@ -0,0 +1,11 @@
+"""
+Security scanner modules package.
+
+This package contains various security scanning modules:
+- pattern_detector: Regex-based pattern detection for hardcoded secrets
+- sql_injection: SQL injection vulnerability detection
+- bandit_wrapper: Integration with Bandit security scanner
+- semgrep_wrapper: Integration with Semgrep static analysis tool
+"""
+
+__version__ = "0.1.0"

src/scanner/bandit_wrapper.py

@@ -0,0 +1,244 @@
+"""
+Bandit security scanner wrapper.
+
+Integrates the Bandit tool for Python-specific security analysis.
+"""
+
+import json
+import subprocess
+import sys
+from pathlib import Path
+from typing import Dict, List, Any, Optional
+
+# Import config loader
+sys.path.insert(0, str(Path(__file__).parent.parent))
+from utils import load_config
+
+# Severity mapping from Bandit to our standard
+SEVERITY_MAPPING = {
+    "HIGH": "CRITICAL",
+    "MEDIUM": "HIGH",
+    "LOW": "MEDIUM",
+}
+
+
+def is_bandit_available() -> bool:
+    """
+    Check if bandit is installed and available.
+
+    Returns:
+        True if bandit is available, False otherwise
+    """
+    try:
+        result = subprocess.run(
+            ["bandit", "--version"],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        return result.returncode == 0
+    except (FileNotFoundError, subprocess.TimeoutExpired):
+        return False
+
+
+def map_severity(bandit_severity: str) -> str:
+    """
+    Map Bandit severity to our standard severity levels.
+
+    Args:
+        bandit_severity: Bandit's severity (HIGH, MEDIUM, LOW)
+
+    Returns:
+        Standard severity level (CRITICAL, HIGH, MEDIUM, LOW)
+    """
+    return SEVERITY_MAPPING.get(bandit_severity.upper(), "MEDIUM")
+
+
+def run_bandit(file_path: str, config: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
+    """
+    Run bandit on a file and return JSON results.
+
+    Args:
+        file_path: Path to Python file to scan
+        config: Optional configuration dictionary
+
+    Returns:
+        Bandit results as dictionary
+
+    Raises:
+        RuntimeError: If bandit is not available
+        subprocess.TimeoutExpired: If bandit execution times out
+        subprocess.CalledProcessError: If bandit execution fails
+    """
+    if not is_bandit_available():
+        raise RuntimeError(
+            "Bandit is not installed. Please install it with: pip install bandit"
+        )
+
+    if config is None:
+        config = load_config().get("scanners", {}).get("bandit", {})
+
+    # Build bandit command
+    cmd = [
+        "bandit",
+        "-f", "json",  # JSON output format
+        "-r",  # Recursive (even for single file, bandit expects this)
+        file_path
+    ]
+
+    # Add confidence level if specified
+    confidence_level = config.get("confidence_level", "").upper()
+    if confidence_level in ["HIGH", "MEDIUM", "LOW"]:
+        cmd.extend(["-ll"])  # Set minimum confidence level
+
+    # Add skip tests if specified
+    skip_tests = config.get("skip_tests", [])
+    if skip_tests:
+        cmd.extend(["-s", ",".join(skip_tests)])
+
+    try:
+        # Run bandit
+        result = subprocess.run(
+            cmd,
+            capture_output=True,
+            text=True,
+            timeout=30,  # 30 second timeout
+            check=False  # Don't raise exception on non-zero exit
+        )
+
+        # Bandit returns exit code 1 if issues found, which is expected
+        # Only fail on actual errors (exit code > 1)
+        if result.returncode > 1:
+            raise subprocess.CalledProcessError(
+                result.returncode,
+                cmd,
+                result.stdout,
+                result.stderr
+            )
+
+        # Parse JSON output
+        if result.stdout:
+            return json.loads(result.stdout)
+        else:
+            return {"results": []}
+
+    except json.JSONDecodeError as e:
+        raise RuntimeError(f"Failed to parse bandit output: {e}")
+    except subprocess.TimeoutExpired:
+        raise RuntimeError("Bandit execution timed out (30s limit)")
+
+
+def parse_bandit_results(bandit_output: Dict[str, Any], file_path: str) -> List[Dict[str, Any]]:
+    """
+    Parse bandit JSON output into standard vulnerability format.
+
+    Args:
+        bandit_output: Raw bandit JSON output
+        file_path: Path to the scanned file
+
+    Returns:
+        List of vulnerability dictionaries in standard format
+    """
+    vulnerabilities = []
+
+    results = bandit_output.get("results", [])
+
+    for issue in results:
+        # Extract bandit data
+        test_id = issue.get("test_id", "UNKNOWN")
+        test_name = issue.get("test_name", "unknown")
+        bandit_severity = issue.get("issue_severity", "MEDIUM")
+        confidence = issue.get("issue_confidence", "MEDIUM")
+        line_number = issue.get("line_number", 0)
+        code_snippet = issue.get("code", "").strip()
+        issue_text = issue.get("issue_text", "Security issue detected")
+
+        # Map to standard severity
+        standard_severity = map_severity(bandit_severity)
+
+        # Create vulnerability entry
+        vulnerability = {
+            "id": f"bandit-{test_id}",
+            "severity": standard_severity,
+            "title": f"Bandit: {issue_text}",
+            "description": issue_text,
+            "line_number": line_number,
+            "code_snippet": code_snippet,
+            "file_path": file_path,
+            "scanner": "bandit",
+            "bandit_test_id": test_id,
+            "bandit_test_name": test_name,
+            "bandit_severity": bandit_severity,
+            "bandit_confidence": confidence,
+        }
+
+        vulnerabilities.append(vulnerability)
+
+    return vulnerabilities
+
+
+def scan_with_bandit(file_path: str, config: Optional[Dict[str, Any]] = None) -> List[Dict[str, Any]]:
+    """
+    Main function to scan a file with bandit.
+
+    Args:
+        file_path: Path to Python file to scan
+        config: Optional configuration dictionary
+
+    Returns:
+        List of vulnerability dictionaries
+
+    Raises:
+        RuntimeError: If bandit is not available or execution fails
+    """
+    try:
+        # Run bandit
+        bandit_output = run_bandit(file_path, config)
+
+        # Parse results
+        vulnerabilities = parse_bandit_results(bandit_output, file_path)
+
+        # Filter by confidence if needed
+        if config is None:
+            config = load_config().get("scanners", {}).get("bandit", {})
+
+        confidence_level = config.get("confidence_level", "").upper()
+        if confidence_level:
+            confidence_order = {"HIGH": 2, "MEDIUM": 1, "LOW": 0}
+            min_confidence = confidence_order.get(confidence_level, 0)
+
+            vulnerabilities = [
+                v for v in vulnerabilities
+                if confidence_order.get(v["bandit_confidence"], 0) >= min_confidence
+            ]
+
+        return vulnerabilities
+
+    except Exception as e:
+        # Log the error but don't fail the entire scan
+        print(f"Warning: Bandit scan failed: {e}", file=sys.stderr)
+        return []
+
+
+def get_bandit_version() -> str:
+    """
+    Get the installed bandit version.
+
+    Returns:
+        Version string or "not installed"
+    """
+    try:
+        result = subprocess.run(
+            ["bandit", "--version"],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        if result.returncode == 0:
+            # Parse version from output
+            for line in result.stdout.split("\n"):
+                if "bandit" in line.lower():
+                    return line.strip()
+        return "unknown version"
+    except (FileNotFoundError, subprocess.TimeoutExpired):
+        return "not installed"

src/scanner/pattern_detector.py

@@ -0,0 +1,231 @@
+"""
+Pattern-based security vulnerability detector using regular expressions.
+
+Detects hardcoded secrets, credentials, and sensitive information patterns.
+"""
+
+import re
+from typing import Dict, List, Any
+
+# Security patterns with regex, severity, and descriptions
+SECURITY_PATTERNS = {
+    "aws_access_key": {
+        "regex": r"(?:AWS_ACCESS_KEY_ID|aws_access_key_id)\s*[:=]\s*['\"]?(AKIA[0-9A-Z]{16})['\"]?",
+        "severity": "CRITICAL",
+        "title": "하드코딩된 AWS Access Key 탐지",
+        "description": "AWS Access Key가 코드에 하드코딩되어 있습니다.",
+    },
+    "aws_secret_key": {
+        "regex": r"(?:AWS_SECRET_ACCESS_KEY|aws_secret_access_key)\s*[:=]\s*['\"]?([A-Za-z0-9/+=]{40})['\"]?",
+        "severity": "CRITICAL",
+        "title": "하드코딩된 AWS Secret Key 탐지",
+        "description": "AWS Secret Access Key가 코드에 하드코딩되어 있습니다.",
+    },
+    "api_key": {
+        "regex": r"(?:api[_-]?key|apikey|api[_-]?secret)\s*[:=]\s*['\"]([a-zA-Z0-9_\-]{20,})['\"]",
+        "severity": "HIGH",
+        "title": "하드코딩된 API 키 탐지",
+        "description": "API 키가 코드에 직접 하드코딩되어 있습니다.",
+    },
+    "github_token": {
+        "regex": r"\b(gh[ps]_[a-zA-Z0-9]{36,})\b",
+        "severity": "HIGH",
+        "title": "GitHub Personal Access Token 탐지",
+        "description": "GitHub 개인 액세스 토큰이 코드에 노출되어 있습니다.",
+    },
+    "jwt_token": {
+        "regex": r"\b(eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]+)\b",
+        "severity": "HIGH",
+        "title": "JWT 토큰 하드코딩 탐지",
+        "description": "JWT 토큰이 코드에 하드코딩되어 있습니다.",
+    },
+    "password": {
+        "regex": r"(?:password|passwd|pwd)\s*[:=]\s*['\"]([^'\"]{4,})['\"]",
+        "severity": "MEDIUM",
+        "title": "하드코딩된 비밀번호 탐지",
+        "description": "비밀번호가 코드에 직접 작성되어 있습니다.",
+    },
+    "korean_ssn": {
+        "regex": r"\b(\d{6}[-]\d{7})\b",
+        "severity": "MEDIUM",
+        "title": "주민등록번호 패턴 탐지",
+        "description": "주민등록번호 형식의 데이터가 코드에 포함되어 있습니다.",
+    },
+    "credit_card": {
+        "regex": r"\b(\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4})\b",
+        "severity": "MEDIUM",
+        "title": "신용카드 번호 패턴 탐지",
+        "description": "신용카드 번호 형식의 데이터가 발견되었습니다.",
+    },
+    "phone_number": {
+        "regex": r"\b(0\d{1,2}[-\s]?\d{3,4}[-\s]?\d{4})\b",
+        "severity": "LOW",
+        "title": "전화번호 패턴 탐지",
+        "description": "전화번호가 코드에 포함되어 있습니다.",
+    },
+    "database_url": {
+        "regex": r"(?:postgresql|mysql|mongodb|redis)://([^:]+):([^@]+)@",
+        "severity": "CRITICAL",
+        "title": "데이터베이스 연결 문자열에 자격증명 포함",
+        "description": "데이터베이스 연결 문자열에 사용자명과 비밀번호가 포함되어 있습니다.",
+    },
+    "private_key": {
+        "regex": r"-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----",
+        "severity": "CRITICAL",
+        "title": "개인 키 하드코딩 탐지",
+        "description": "암호화 개인 키가 코드에 직접 포함되어 있습니다.",
+    },
+}
+
+
+def is_false_positive(line: str, pattern_type: str) -> bool:
+    """
+    Check if a detected pattern is likely a false positive.
+
+    Args:
+        line: The line of code containing the match
+        pattern_type: Type of pattern detected
+
+    Returns:
+        True if likely a false positive, False otherwise
+    """
+    # Skip commented lines (but with lower confidence)
+    if line.strip().startswith("#"):
+        return True
+
+    # Skip obvious example/test values
+    test_indicators = [
+        "example",
+        "test",
+        "dummy",
+        "fake",
+        "sample",
+        "mock",
+        "placeholder",
+        "TODO",
+        "FIXME",
+        "xxx",
+        "000",
+    ]
+
+    line_lower = line.lower()
+    for indicator in test_indicators:
+        if indicator in line_lower:
+            return True
+
+    # Pattern-specific false positive checks
+    if pattern_type == "credit_card":
+        # Common false positive: date ranges, version numbers
+        if re.search(r"(19|20)\d{2}", line):  # Year pattern
+            return True
+
+    if pattern_type == "phone_number":
+        # Skip if looks like a date or other numeric pattern
+        if "date" in line_lower or "time" in line_lower:
+            return True
+
+    if pattern_type == "password":
+        # Skip if it's just a variable name assignment (no actual password)
+        if re.search(r'password\s*[:=]\s*["\']?\s*["\']?$', line):
+            return True
+
+    return False
+
+
+def scan_patterns(file_path: str, code: str) -> List[Dict[str, Any]]:
+    """
+    Scan code for security vulnerability patterns.
+
+    Args:
+        file_path: Path to the file being scanned (for reference)
+        code: Source code to scan
+
+    Returns:
+        List of vulnerability dictionaries
+    """
+    vulnerabilities = []
+    lines = code.split("\n")
+
+    for line_num, line in enumerate(lines, start=1):
+        for pattern_name, pattern_info in SECURITY_PATTERNS.items():
+            regex = pattern_info["regex"]
+            matches = re.finditer(regex, line, re.IGNORECASE)
+
+            for match in matches:
+                # Check for false positives
+                if is_false_positive(line, pattern_name):
+                    continue
+
+                # Extract matched text (mask sensitive parts)
+                matched_text = match.group(0)
+                if len(matched_text) > 50:
+                    # Truncate long matches for display
+                    matched_text = matched_text[:47] + "..."
+
+                # Mask the actual secret value for security
+                code_snippet = line.strip()
+                if len(code_snippet) > 100:
+                    code_snippet = code_snippet[:97] + "..."
+
+                vulnerability = {
+                    "id": f"pattern-{pattern_name}",
+                    "severity": pattern_info["severity"],
+                    "title": pattern_info["title"],
+                    "description": pattern_info["description"],
+                    "line_number": line_num,
+                    "code_snippet": code_snippet,
+                    "pattern_type": pattern_name,
+                    "file_path": file_path,
+                    "scanner": "pattern_detector",
+                }
+
+                vulnerabilities.append(vulnerability)
+
+    return vulnerabilities
+
+
+def get_pattern_info(pattern_type: str) -> Dict[str, str]:
+    """
+    Get information about a specific pattern type.
+
+    Args:
+        pattern_type: Type of security pattern
+
+    Returns:
+        Dictionary with pattern information
+    """
+    return SECURITY_PATTERNS.get(
+        pattern_type,
+        {
+            "severity": "MEDIUM",
+            "title": "보안 패턴 탐지",
+            "description": "알 수 없는 보안 패턴이 발견되었습니다.",
+        },
+    )
+
+
+def list_available_patterns() -> List[str]:
+    """
+    List all available security patterns.
+
+    Returns:
+        List of pattern names
+    """
+    return list(SECURITY_PATTERNS.keys())
+
+
+def get_patterns_by_severity(severity: str) -> List[str]:
+    """
+    Get patterns filtered by severity level.
+
+    Args:
+        severity: Severity level (CRITICAL, HIGH, MEDIUM, LOW)
+
+    Returns:
+        List of pattern names with matching severity
+    """
+    return [
+        name
+        for name, info in SECURITY_PATTERNS.items()
+        if info["severity"] == severity.upper()
+    ]

src/scanner/semgrep_wrapper.py

@@ -0,0 +1,363 @@
+"""
+Semgrep integration wrapper for multi-language security scanning.
+
+Runs semgrep as a subprocess and parses the JSON output.
+"""
+
+import subprocess
+import json
+import tempfile
+import os
+import sys
+from pathlib import Path
+from typing import Dict, List, Any, Optional
+
+# Add parent directory to path to import utils
+sys.path.insert(0, str(Path(__file__).parent.parent))
+
+# Severity mapping from semgrep to standard format
+SEVERITY_MAPPING = {
+    "ERROR": "CRITICAL",
+    "WARNING": "HIGH",
+    "INFO": "MEDIUM"
+}
+
+# Default Python security rule categories
+DEFAULT_PYTHON_RULES = [
+    "python.lang.security",
+    "python.flask.security",
+    "python.django.security",
+    "python.requests.security"
+]
+
+
+def check_semgrep_installed() -> bool:
+    """
+    Check if semgrep is installed and accessible.
+
+    Returns:
+        True if semgrep is available, False otherwise
+    """
+    try:
+        result = subprocess.run(
+            ["semgrep", "--version"],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        return result.returncode == 0
+    except (subprocess.TimeoutExpired, FileNotFoundError):
+        return False
+
+
+def find_custom_rules() -> List[str]:
+    """
+    Find custom rule files in the rules/ directory.
+
+    Returns:
+        List of paths to custom rule files
+    """
+    rules_dir = Path(__file__).parent.parent.parent / "rules"
+    custom_rules = []
+
+    if rules_dir.exists() and rules_dir.is_dir():
+        # Look for YAML rule files
+        for pattern in ["*.yaml", "*.yml"]:
+            custom_rules.extend([str(f) for f in rules_dir.glob(pattern)])
+
+    return custom_rules
+
+
+def load_config_rules(config: Optional[Dict[str, Any]] = None) -> List[str]:
+    """
+    Load custom rules from configuration.
+
+    Args:
+        config: Configuration dictionary with optional 'custom_rules' key
+
+    Returns:
+        List of rule file paths from configuration
+    """
+    if not config:
+        return []
+
+    custom_rules = config.get("custom_rules", [])
+    if isinstance(custom_rules, list):
+        return custom_rules
+
+    return []
+
+
+def run_semgrep(
+    file_path: str,
+    config: Optional[Dict[str, Any]] = None,
+    timeout: int = 30
+) -> Dict[str, Any]:
+    """
+    Run semgrep on a file and return JSON results.
+
+    Args:
+        file_path: Path to the file to scan
+        config: Optional configuration dictionary
+        timeout: Timeout in seconds (default 30)
+
+    Returns:
+        Dictionary with semgrep results or error information
+    """
+    # Check if semgrep is installed
+    if not check_semgrep_installed():
+        return {
+            "error": "semgrep_not_installed",
+            "message": "Semgrep is not installed. Install it with: pip install semgrep"
+        }
+
+    # Build semgrep command
+    cmd = ["semgrep", "--json", "--quiet"]
+
+    # Add custom rules
+    custom_rules = find_custom_rules()
+    config_rules = load_config_rules(config)
+    all_rules = custom_rules + config_rules
+
+    if all_rules:
+        # Use custom rules
+        for rule_file in all_rules:
+            if os.path.exists(rule_file):
+                cmd.extend(["--config", rule_file])
+    else:
+        # Use auto configuration (community rules)
+        cmd.extend(["--config", "auto"])
+
+    # Add target file
+    cmd.append(file_path)
+
+    try:
+        result = subprocess.run(
+            cmd,
+            capture_output=True,
+            text=True,
+            timeout=timeout
+        )
+
+        # Parse JSON output
+        if result.stdout:
+            try:
+                output = json.loads(result.stdout)
+                return output
+            except json.JSONDecodeError as e:
+                return {
+                    "error": "json_parse_error",
+                    "message": f"Failed to parse semgrep output: {str(e)}",
+                    "raw_output": result.stdout
+                }
+        else:
+            # No output means no findings
+            return {"results": []}
+
+    except subprocess.TimeoutExpired:
+        return {
+            "error": "timeout",
+            "message": f"Semgrep scan timed out after {timeout} seconds"
+        }
+    except FileNotFoundError:
+        return {
+            "error": "semgrep_not_found",
+            "message": "Semgrep executable not found in PATH"
+        }
+    except Exception as e:
+        return {
+            "error": "unexpected_error",
+            "message": f"Unexpected error running semgrep: {str(e)}"
+        }
+
+
+def parse_semgrep_results(
+    semgrep_output: Dict[str, Any],
+    file_path: str
+) -> List[Dict[str, Any]]:
+    """
+    Parse semgrep JSON output into standard vulnerability format.
+
+    Args:
+        semgrep_output: Raw semgrep JSON output
+        file_path: Path to the scanned file
+
+    Returns:
+        List of standardized vulnerability dictionaries
+    """
+    vulnerabilities = []
+
+    # Check for errors
+    if "error" in semgrep_output:
+        # Return empty list for errors - they've been logged
+        return vulnerabilities
+
+    # Get results from semgrep output
+    results = semgrep_output.get("results", [])
+
+    for finding in results:
+        # Extract basic information
+        check_id = finding.get("check_id", "unknown")
+        message = finding.get("extra", {}).get("message", finding.get("message", ""))
+        severity = finding.get("extra", {}).get("severity", "INFO").upper()
+
+        # Map severity to standard format
+        standard_severity = SEVERITY_MAPPING.get(severity, "MEDIUM")
+
+        # Get location information
+        start = finding.get("start", {})
+        line_number = start.get("line", 0)
+
+        # Get code snippet
+        lines = finding.get("extra", {}).get("lines", "")
+        if not lines:
+            # Try to extract from the finding
+            lines = finding.get("lines", "")
+        code_snippet = lines.strip() if lines else ""
+
+        # Get metadata
+        metadata = finding.get("extra", {}).get("metadata", {})
+
+        # Create vulnerability entry
+        vulnerability = {
+            "id": f"semgrep-{check_id}",
+            "severity": standard_severity,
+            "title": f"Semgrep: {message[:80]}",
+            "description": message,
+            "line_number": line_number,
+            "code_snippet": code_snippet,
+            "file_path": file_path,
+            "scanner": "semgrep",
+            "semgrep_rule_id": check_id,
+            "semgrep_message": message,
+            "semgrep_metadata": metadata
+        }
+
+        vulnerabilities.append(vulnerability)
+
+    return vulnerabilities
+
+
+def scan_with_semgrep(
+    file_path: str,
+    code: str,
+    config: Optional[Dict[str, Any]] = None
+) -> List[Dict[str, Any]]:
+    """
+    Scan code using semgrep.
+
+    Args:
+        file_path: Original file path (for reference)
+        code: Source code to scan
+        config: Optional configuration dictionary
+
+    Returns:
+        List of vulnerability dictionaries
+    """
+    vulnerabilities = []
+
+    # Create temporary file with the code
+    with tempfile.NamedTemporaryFile(
+        mode='w',
+        suffix=Path(file_path).suffix or '.py',
+        delete=False
+    ) as temp_file:
+        temp_file.write(code)
+        temp_path = temp_file.name
+
+    try:
+        # Run semgrep on temporary file
+        timeout = config.get("semgrep_timeout", 30) if config else 30
+        semgrep_output = run_semgrep(temp_path, config, timeout)
+
+        # Parse results
+        vulnerabilities = parse_semgrep_results(semgrep_output, file_path)
+
+    finally:
+        # Clean up temporary file
+        try:
+            os.unlink(temp_path)
+        except Exception:
+            pass  # Ignore cleanup errors
+
+    return vulnerabilities
+
+
+def scan_with_custom_rules(
+    file_path: str,
+    code: str,
+    rule_files: List[str]
+) -> List[Dict[str, Any]]:
+    """
+    Scan code using specific custom rule files.
+
+    Args:
+        file_path: Original file path (for reference)
+        code: Source code to scan
+        rule_files: List of paths to rule files
+
+    Returns:
+        List of vulnerability dictionaries
+    """
+    config = {"custom_rules": rule_files}
+    return scan_with_semgrep(file_path, code, config)
+
+
+# Test function
+def test_semgrep_wrapper():
+    """Test the semgrep wrapper with sample vulnerable code."""
+    print("Testing Semgrep Wrapper...")
+    print("-" * 50)
+
+    # Check if semgrep is installed
+    if not check_semgrep_installed():
+        print("❌ Semgrep is not installed")
+        print("Install it with: pip install semgrep")
+        return
+
+    print("✓ Semgrep is installed")
+
+    # Test code with security issues
+    test_code = '''
+import pickle
+import subprocess
+
+# Insecure deserialization
+def load_data(data):
+    return pickle.loads(data)  # Vulnerable to code execution
+
+# Command injection
+def run_command(user_input):
+    subprocess.call("ls " + user_input, shell=True)  # Shell injection
+
+# Hardcoded secret
+api_key = "sk-1234567890abcdef"
+'''
+
+    print("\nScanning test code...")
+    vulnerabilities = scan_with_semgrep("test.py", test_code)
+
+    print(f"\n✓ Found {len(vulnerabilities)} issue(s)")
+
+    if vulnerabilities:
+        print("\nDetected vulnerabilities:")
+        for i, vuln in enumerate(vulnerabilities, 1):
+            print(f"\n[{i}] {vuln['title']}")
+            print(f"    Severity: {vuln['severity']}")
+            print(f"    Line: {vuln['line_number']}")
+            print(f"    Rule: {vuln['semgrep_rule_id']}")
+
+    # Test custom rules
+    custom_rules = find_custom_rules()
+    if custom_rules:
+        print(f"\n✓ Found {len(custom_rules)} custom rule file(s):")
+        for rule in custom_rules:
+            print(f"  - {rule}")
+    else:
+        print("\n✓ No custom rule files found in rules/")
+
+    print("\n✅ Semgrep wrapper test: SUCCESS")
+
+
+if __name__ == "__main__":
+    test_semgrep_wrapper()

src/scanner/sql_injection.py

@@ -0,0 +1,273 @@
+"""
+SQL Injection vulnerability detector using AST analysis.
+
+Detects unsafe SQL query construction patterns in Python code.
+"""
+
+import ast
+import re
+from typing import Dict, List, Any, Optional
+
+# SQL keywords that indicate a query
+SQL_KEYWORDS = [
+    "SELECT", "INSERT", "UPDATE", "DELETE", "DROP", "CREATE", "ALTER",
+    "FROM", "WHERE", "JOIN", "UNION", "ORDER BY", "GROUP BY",
+    "EXEC", "EXECUTE", "TRUNCATE", "GRANT", "REVOKE"
+]
+
+# Database methods that execute SQL
+EXECUTE_METHODS = ["execute", "executemany", "raw", "extra"]
+
+
+class SQLInjectionVisitor(ast.NodeVisitor):
+    """AST visitor to detect SQL injection vulnerabilities."""
+
+    def __init__(self, code_lines: List[str]):
+        """
+        Initialize the visitor.
+
+        Args:
+            code_lines: Source code split by lines
+        """
+        self.vulnerabilities = []
+        self.code_lines = code_lines
+
+    def get_line_content(self, line_number: int) -> str:
+        """Get the content of a specific line."""
+        if 0 < line_number <= len(self.code_lines):
+            return self.code_lines[line_number - 1].strip()
+        return ""
+
+    def contains_sql_keywords(self, text: str) -> bool:
+        """Check if text contains SQL keywords."""
+        text_upper = text.upper()
+        return any(keyword in text_upper for keyword in SQL_KEYWORDS)
+
+    def extract_string_content(self, node: ast.AST) -> Optional[str]:
+        """Extract string content from various node types."""
+        if isinstance(node, ast.Constant) and isinstance(node.value, str):
+            return node.value
+        elif isinstance(node, ast.Str):  # Python < 3.8
+            return node.s
+        elif isinstance(node, ast.JoinedStr):
+            # f-string - combine literal parts
+            parts = []
+            for value in node.values:
+                if isinstance(value, ast.Constant):
+                    parts.append(str(value.value))
+                elif isinstance(value, ast.FormattedValue):
+                    parts.append("{}")
+            return "".join(parts)
+        return None
+
+    def visit_JoinedStr(self, node: ast.JoinedStr):
+        """Detect f-strings with SQL keywords (potential SQL injection)."""
+        # Extract the f-string content
+        string_content = self.extract_string_content(node)
+
+        if string_content and self.contains_sql_keywords(string_content):
+            # Check if it has any FormattedValue (variable interpolation)
+            has_variables = any(isinstance(v, ast.FormattedValue) for v in node.values)
+
+            if has_variables:
+                line_number = node.lineno
+                code_snippet = self.get_line_content(line_number)
+
+                self.vulnerabilities.append({
+                    "id": "sql-injection-fstring",
+                    "severity": "CRITICAL",
+                    "title": "SQL Injection: f-string으로 SQL 쿼리 생성",
+                    "description": "f-string을 사용하여 SQL 쿼리에 변수를 직접 삽입하고 있습니다.",
+                    "line_number": line_number,
+                    "code_snippet": code_snippet,
+                    "vulnerable_pattern": "f-string interpolation",
+                    "recommendation": "파라미터화된 쿼리를 사용하세요: cursor.execute('SELECT * FROM users WHERE id=%s', (user_id,))",
+                    "scanner": "sql_injection",
+                })
+
+        self.generic_visit(node)
+
+    def visit_BinOp(self, node: ast.BinOp):
+        """Detect string concatenation with SQL keywords."""
+        # Check for string concatenation with + operator
+        if isinstance(node.op, ast.Add):
+            left_str = self.extract_string_content(node.left)
+            right_str = self.extract_string_content(node.right)
+
+            # Check if either side contains SQL keywords
+            combined = (left_str or "") + (right_str or "")
+            if self.contains_sql_keywords(combined):
+                line_number = node.lineno
+                code_snippet = self.get_line_content(line_number)
+
+                self.vulnerabilities.append({
+                    "id": "sql-injection-concat",
+                    "severity": "CRITICAL",
+                    "title": "SQL Injection: 문자열 연결로 SQL 쿼리 생성",
+                    "description": "+ 연산자로 SQL 쿼리를 동적으로 생성하고 있습니다.",
+                    "line_number": line_number,
+                    "code_snippet": code_snippet,
+                    "vulnerable_pattern": "string concatenation",
+                    "recommendation": "파라미터화된 쿼리를 사용하세요",
+                    "scanner": "sql_injection",
+                })
+
+        # Check for % formatting
+        elif isinstance(node.op, ast.Mod):
+            left_str = self.extract_string_content(node.left)
+            if left_str and self.contains_sql_keywords(left_str):
+                line_number = node.lineno
+                code_snippet = self.get_line_content(line_number)
+
+                # Check if it looks like old-style parameterized query
+                # Safe: "SELECT * FROM users WHERE id=%s" % (user_id,)
+                # Unsafe: "SELECT * FROM users WHERE name='%s'" % username
+                if "'%s'" in left_str or '"%s"' in left_str:
+                    self.vulnerabilities.append({
+                        "id": "sql-injection-percent",
+                        "severity": "CRITICAL",
+                        "title": "SQL Injection: % 포맷팅으로 SQL 쿼리 생성",
+                        "description": "% 연산자로 SQL 쿼리에 변수를 직접 삽입하고 있습니다.",
+                        "line_number": line_number,
+                        "code_snippet": code_snippet,
+                        "vulnerable_pattern": "percent formatting",
+                        "recommendation": "파라미터화된 쿼리를 사용하세요",
+                        "scanner": "sql_injection",
+                    })
+
+        self.generic_visit(node)
+
+    def visit_Call(self, node: ast.Call):
+        """Detect execute() calls and .format() on SQL strings."""
+        # Check if this is a .format() call on a string with SQL
+        if isinstance(node.func, ast.Attribute) and node.func.attr == "format":
+            if isinstance(node.func.value, (ast.Constant, ast.Str)):
+                string_content = self.extract_string_content(node.func.value)
+                if string_content and self.contains_sql_keywords(string_content):
+                    line_number = node.lineno
+                    code_snippet = self.get_line_content(line_number)
+
+                    self.vulnerabilities.append({
+                        "id": "sql-injection-format",
+                        "severity": "CRITICAL",
+                        "title": "SQL Injection: .format()으로 SQL 쿼리 생성",
+                        "description": ".format() 메서드로 SQL 쿼리를 동적으로 생성하고 있습니다.",
+                        "line_number": line_number,
+                        "code_snippet": code_snippet,
+                        "vulnerable_pattern": "string.format()",
+                        "recommendation": "파라미터화된 쿼리를 사용하세요",
+                        "scanner": "sql_injection",
+                    })
+
+        # Check for execute() calls with dynamic strings
+        func_name = None
+        if isinstance(node.func, ast.Name):
+            func_name = node.func.id
+        elif isinstance(node.func, ast.Attribute):
+            func_name = node.func.attr
+
+        if func_name in EXECUTE_METHODS and node.args:
+            first_arg = node.args[0]
+
+            # Check if first argument is a dynamic string (not a simple constant)
+            is_dynamic = False
+            if isinstance(first_arg, (ast.JoinedStr, ast.BinOp, ast.Call)):
+                is_dynamic = True
+
+            # Also check if it's a formatted string
+            if isinstance(first_arg, (ast.Constant, ast.Str)):
+                content = self.extract_string_content(first_arg)
+                # Check for string formatting placeholders
+                if content and ("{}" in content or "{0" in content):
+                    is_dynamic = True
+
+            if is_dynamic:
+                line_number = node.lineno
+                code_snippet = self.get_line_content(line_number)
+
+                self.vulnerabilities.append({
+                    "id": f"sql-injection-{func_name}",
+                    "severity": "CRITICAL",
+                    "title": f"SQL Injection: {func_name}()에 동적 SQL 쿼리 사용",
+                    "description": f"{func_name}() 메서드에 동적으로 생성된 SQL 쿼리를 전달하고 있습니다.",
+                    "line_number": line_number,
+                    "code_snippet": code_snippet,
+                    "vulnerable_pattern": f"dynamic SQL in {func_name}()",
+                    "recommendation": "파라미터화된 쿼리를 사용하세요",
+                    "scanner": "sql_injection",
+                })
+
+        self.generic_visit(node)
+
+
+def scan_sql_injection(file_path: str, code: str) -> List[Dict[str, Any]]:
+    """
+    Scan Python code for SQL injection vulnerabilities.
+
+    Args:
+        file_path: Path to the file being scanned
+        code: Source code to analyze
+
+    Returns:
+        List of vulnerability dictionaries
+    """
+    vulnerabilities = []
+
+    try:
+        # Parse code into AST
+        tree = ast.parse(code)
+
+        # Create visitor and walk the AST
+        code_lines = code.split("\n")
+        visitor = SQLInjectionVisitor(code_lines)
+        visitor.visit(tree)
+
+        # Add file path to all vulnerabilities
+        for vuln in visitor.vulnerabilities:
+            vuln["file_path"] = file_path
+
+        vulnerabilities = visitor.vulnerabilities
+
+    except SyntaxError:
+        # If code has syntax errors, we can't analyze it
+        # Return empty list rather than failing
+        pass
+    except Exception as e:
+        # Log unexpected errors but don't fail
+        import sys
+        print(f"Warning: SQL injection scan error: {e}", file=sys.stderr)
+
+    return vulnerabilities
+
+
+def check_sql_pattern_regex(code: str) -> List[Dict[str, Any]]:
+    """
+    Fallback regex-based SQL injection detection.
+
+    Args:
+        code: Source code to scan
+
+    Returns:
+        List of vulnerability dictionaries
+    """
+    vulnerabilities = []
+    lines = code.split("\n")
+
+    # Pattern for f-strings with SQL keywords
+    fstring_pattern = r'f["\'].*(?:SELECT|INSERT|UPDATE|DELETE|FROM|WHERE).*\{.*\}.*["\']'
+
+    for line_num, line in enumerate(lines, start=1):
+        if re.search(fstring_pattern, line, re.IGNORECASE):
+            vulnerabilities.append({
+                "id": "sql-injection-regex",
+                "severity": "HIGH",
+                "title": "SQL Injection 가능성: f-string 사용 탐지",
+                "description": "SQL 쿼리에 f-string 변수 삽입이 의심됩니다.",
+                "line_number": line_num,
+                "code_snippet": line.strip(),
+                "vulnerable_pattern": "f-string with SQL keywords",
+                "recommendation": "파라미터화된 쿼리 사용 권장",
+                "scanner": "sql_injection",
+            })
+
+    return vulnerabilities

src/server.py

@@ -0,0 +1,340 @@
+#!/usr/bin/env python3
+"""
+Security Scanner MCP Server
+
+An MCP server that scans Python code for security vulnerabilities
+and provides beginner-friendly explanations.
+"""
+
+import argparse
+import asyncio
+import json
+import sys
+import tempfile
+from pathlib import Path
+from typing import Any, Dict, List
+
+# MCP imports
+from mcp.server import Server
+from mcp.server.stdio import stdio_server
+from mcp.types import Tool, TextContent
+
+# Local imports
+from utils import (
+    load_config,
+    setup_logging,
+    validate_severity_threshold,
+    filter_by_severity,
+)
+
+# Initialize logger (will be configured in main)
+logger = None
+
+
+class SecurityScannerServer:
+    """MCP server for security scanning."""
+
+    def __init__(self, debug: bool = False):
+        """
+        Initialize the Security Scanner MCP server.
+
+        Args:
+            debug: Enable debug logging
+        """
+        global logger
+        logger = setup_logging(debug=debug)
+
+        self.config = load_config()
+        self.server = Server(self.config["server"]["name"])
+        self.debug = debug
+
+        logger.info(
+            f"Initializing {self.config['server']['name']} "
+            f"v{self.config['server']['version']}"
+        )
+
+        # Register handlers
+        self._register_handlers()
+
+    def _register_handlers(self):
+        """Register MCP tool handlers."""
+
+        @self.server.list_tools()
+        async def list_tools() -> List[Tool]:
+            """List available tools."""
+            return [
+                Tool(
+                    name="scan_security",
+                    description=self.config["tools"]["scan_security"]["description"],
+                    inputSchema={
+                        "type": "object",
+                        "properties": {
+                            "code": {
+                                "type": "string",
+                                "description": "분석할 Python 소스 코드",
+                            },
+                            "severity_threshold": {
+                                "type": "string",
+                                "enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW"],
+                                "description": "보고할 최소 심각도 수준",
+                                "default": self.config["severity"]["default_threshold"],
+                            },
+                        },
+                        "required": ["code"],
+                    },
+                )
+            ]
+
+        @self.server.call_tool()
+        async def call_tool(name: str, arguments: Any) -> List[TextContent]:
+            """
+            Handle tool calls.
+
+            Args:
+                name: Tool name
+                arguments: Tool arguments
+
+            Returns:
+                List of text content with results
+            """
+            if name != "scan_security":
+                raise ValueError(f"Unknown tool: {name}")
+
+            logger.info(f"Tool called: {name}")
+            logger.debug(f"Arguments: {arguments}")
+
+            try:
+                result = await self._scan_security(arguments)
+                return [TextContent(type="text", text=json.dumps(result, indent=2, ensure_ascii=False))]
+
+            except Exception as e:
+                logger.error(f"Error during security scan: {e}", exc_info=True)
+                error_result = {
+                    "error": str(e),
+                    "summary": {
+                        "total_issues": 0,
+                        "critical": 0,
+                        "high": 0,
+                        "medium": 0,
+                        "low": 0,
+                    },
+                    "vulnerabilities": [],
+                }
+                return [TextContent(type="text", text=json.dumps(error_result, indent=2, ensure_ascii=False))]
+
+    async def _scan_security(self, arguments: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Perform security scan on provided code.
+
+        Args:
+            arguments: Dictionary containing 'code' and optional 'severity_threshold'
+
+        Returns:
+            Dictionary with scan results
+        """
+        # Extract and validate arguments
+        code = arguments.get("code", "").strip()
+        if not code:
+            raise ValueError("Code parameter is required and cannot be empty")
+
+        severity_threshold = arguments.get(
+            "severity_threshold",
+            self.config["severity"]["default_threshold"]
+        ).upper()
+
+        if not validate_severity_threshold(severity_threshold):
+            raise ValueError(
+                f"Invalid severity threshold: {severity_threshold}. "
+                f"Must be one of: CRITICAL, HIGH, MEDIUM, LOW"
+            )
+
+        logger.info(f"Starting security scan (threshold: {severity_threshold})")
+        logger.debug(f"Code length: {len(code)} characters")
+
+        # Check file size limit
+        max_size_mb = self.config["performance"]["max_file_size_mb"]
+        code_size_mb = len(code.encode("utf-8")) / (1024 * 1024)
+        if code_size_mb > max_size_mb:
+            raise ValueError(
+                f"Code size ({code_size_mb:.2f}MB) exceeds maximum "
+                f"allowed size ({max_size_mb}MB)"
+            )
+
+        # Create temporary file for scanning
+        with tempfile.NamedTemporaryFile(
+            mode="w",
+            suffix=".py",
+            delete=False,
+            encoding="utf-8"
+        ) as tmp_file:
+            tmp_file.write(code)
+            tmp_file_path = tmp_file.name
+
+        try:
+            # Collect results from all enabled scanners
+            all_vulnerabilities = []
+
+            # Run pattern detector
+            if self.config["scanners"]["pattern_detector"]["enabled"]:
+                logger.info("Running pattern detector...")
+                try:
+                    from scanner.pattern_detector import scan_patterns
+                    pattern_results = scan_patterns(tmp_file_path, code)
+                    all_vulnerabilities.extend(pattern_results)
+                    logger.info(f"Pattern detector found {len(pattern_results)} issues")
+                except ImportError:
+                    logger.warning("Pattern detector module not available (not yet implemented)")
+                except Exception as e:
+                    logger.error(f"Pattern detector error: {e}")
+
+            # Run SQL injection detector
+            if self.config["scanners"]["sql_injection"]["enabled"]:
+                logger.info("Running SQL injection detector...")
+                try:
+                    from scanner.sql_injection import scan_sql_injection
+                    sql_results = scan_sql_injection(tmp_file_path, code)
+                    all_vulnerabilities.extend(sql_results)
+                    logger.info(f"SQL injection detector found {len(sql_results)} issues")
+                except ImportError:
+                    logger.warning("SQL injection detector module not available (not yet implemented)")
+                except Exception as e:
+                    logger.error(f"SQL injection detector error: {e}")
+
+            # Run bandit
+            if self.config["scanners"]["bandit"]["enabled"]:
+                logger.info("Running bandit scanner...")
+                try:
+                    from scanner.bandit_wrapper import scan_with_bandit
+                    bandit_results = scan_with_bandit(tmp_file_path)
+                    all_vulnerabilities.extend(bandit_results)
+                    logger.info(f"Bandit found {len(bandit_results)} issues")
+                except ImportError:
+                    logger.warning("Bandit wrapper module not available (not yet implemented)")
+                except Exception as e:
+                    logger.error(f"Bandit scanner error: {e}")
+
+            # Run semgrep
+            if self.config["scanners"]["semgrep"]["enabled"]:
+                logger.info("Running semgrep scanner...")
+                try:
+                    from scanner.semgrep_wrapper import scan_with_semgrep
+                    semgrep_results = scan_with_semgrep(tmp_file_path)
+                    all_vulnerabilities.extend(semgrep_results)
+                    logger.info(f"Semgrep found {len(semgrep_results)} issues")
+                except ImportError:
+                    logger.warning("Semgrep wrapper module not available (not yet implemented)")
+                except Exception as e:
+                    logger.error(f"Semgrep scanner error: {e}")
+
+            # Filter by severity threshold
+            filtered_vulnerabilities = filter_by_severity(
+                all_vulnerabilities,
+                severity_threshold
+            )
+
+            logger.info(
+                f"Total issues found: {len(all_vulnerabilities)}, "
+                f"after filtering: {len(filtered_vulnerabilities)}"
+            )
+
+            # Format results
+            try:
+                from formatter import format_results
+                formatted_results = format_results(
+                    filtered_vulnerabilities,
+                    severity_threshold
+                )
+            except ImportError:
+                logger.warning("Formatter module not available, using basic format")
+                formatted_results = self._basic_format_results(
+                    filtered_vulnerabilities,
+                    severity_threshold
+                )
+
+            return formatted_results
+
+        finally:
+            # Clean up temporary file
+            try:
+                Path(tmp_file_path).unlink()
+            except Exception as e:
+                logger.warning(f"Failed to delete temporary file: {e}")
+
+    def _basic_format_results(
+        self,
+        vulnerabilities: List[Dict[str, Any]],
+        threshold: str
+    ) -> Dict[str, Any]:
+        """
+        Basic result formatting when formatter module is not available.
+
+        Args:
+            vulnerabilities: List of vulnerabilities
+            threshold: Severity threshold used
+
+        Returns:
+            Formatted results dictionary
+        """
+        # Count by severity
+        severity_counts = {"critical": 0, "high": 0, "medium": 0, "low": 0}
+
+        for vuln in vulnerabilities:
+            severity = vuln.get("severity", "LOW").lower()
+            if severity in severity_counts:
+                severity_counts[severity] += 1
+
+        return {
+            "summary": {
+                "total_issues": len(vulnerabilities),
+                "critical": severity_counts["critical"],
+                "high": severity_counts["high"],
+                "medium": severity_counts["medium"],
+                "low": severity_counts["low"],
+                "severity_threshold": threshold,
+            },
+            "vulnerabilities": vulnerabilities,
+        }
+
+    async def run(self):
+        """Run the MCP server."""
+        logger.info("Starting MCP server...")
+
+        async with stdio_server() as (read_stream, write_stream):
+            logger.info("Server is ready and listening on stdio")
+            await self.server.run(
+                read_stream,
+                write_stream,
+                self.server.create_initialization_options()
+            )
+
+
+def main():
+    """Main entry point for the MCP server."""
+    parser = argparse.ArgumentParser(
+        description="Security Scanner MCP Server"
+    )
+    parser.add_argument(
+        "--debug",
+        action="store_true",
+        help="Enable debug logging"
+    )
+
+    args = parser.parse_args()
+
+    # Create and run server
+    server = SecurityScannerServer(debug=args.debug)
+
+    try:
+        asyncio.run(server.run())
+    except KeyboardInterrupt:
+        if logger:
+            logger.info("Server stopped by user")
+        sys.exit(0)
+    except Exception as e:
+        if logger:
+            logger.error(f"Server error: {e}", exc_info=True)
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

src/utils.py

@@ -0,0 +1,149 @@
+"""
+Utility functions for the Security Scanner MCP server.
+"""
+
+import json
+import logging
+from pathlib import Path
+from typing import Any, Dict
+
+# Project root directory
+PROJECT_ROOT = Path(__file__).parent.parent
+
+
+def load_config() -> Dict[str, Any]:
+    """
+    Load configuration from mcp_config.json.
+
+    Returns:
+        Dictionary containing configuration settings
+    """
+    config_path = PROJECT_ROOT / "mcp_config.json"
+
+    if not config_path.exists():
+        raise FileNotFoundError(f"Configuration file not found: {config_path}")
+
+    with open(config_path, "r", encoding="utf-8") as f:
+        config = json.load(f)
+
+    return config
+
+
+def setup_logging(debug: bool = False) -> logging.Logger:
+    """
+    Set up logging based on configuration.
+
+    Args:
+        debug: If True, set logging level to DEBUG
+
+    Returns:
+        Configured logger instance
+    """
+    config = load_config()
+    log_config = config.get("logging", {})
+
+    # Determine log level
+    if debug:
+        log_level = logging.DEBUG
+    else:
+        log_level = getattr(logging, log_config.get("level", "INFO"))
+
+    # Create logs directory if it doesn't exist
+    log_file = log_config.get("file", "logs/mcp_server.log")
+    log_path = PROJECT_ROOT / log_file
+    log_path.parent.mkdir(parents=True, exist_ok=True)
+
+    # Configure logging
+    handlers = []
+
+    # File handler
+    file_handler = logging.FileHandler(log_path, encoding="utf-8")
+    file_handler.setLevel(log_level)
+    handlers.append(file_handler)
+
+    # Console handler
+    if log_config.get("console", True):
+        console_handler = logging.StreamHandler()
+        console_handler.setLevel(log_level)
+        handlers.append(console_handler)
+
+    # Set up formatter
+    if log_config.get("json_format", False):
+        formatter = logging.Formatter(
+            '{"time":"%(asctime)s","level":"%(levelname)s","message":"%(message)s"}'
+        )
+    else:
+        formatter = logging.Formatter(
+            "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+        )
+
+    for handler in handlers:
+        handler.setFormatter(formatter)
+
+    # Create and configure logger
+    logger = logging.getLogger("security-scanner-mcp")
+    logger.setLevel(log_level)
+    logger.handlers = []  # Clear any existing handlers
+
+    for handler in handlers:
+        logger.addHandler(handler)
+
+    return logger
+
+
+def validate_severity_threshold(threshold: str) -> bool:
+    """
+    Validate severity threshold value.
+
+    Args:
+        threshold: Severity threshold string
+
+    Returns:
+        True if valid, False otherwise
+    """
+    valid_thresholds = ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
+    return threshold.upper() in valid_thresholds
+
+
+def get_severity_order() -> Dict[str, int]:
+    """
+    Get severity level ordering from configuration.
+
+    Returns:
+        Dictionary mapping severity levels to numeric order
+    """
+    config = load_config()
+    return config.get("severity", {}).get("thresholds", {
+        "CRITICAL": 0,
+        "HIGH": 1,
+        "MEDIUM": 2,
+        "LOW": 3
+    })
+
+
+def filter_by_severity(
+    vulnerabilities: list,
+    threshold: str
+) -> list:
+    """
+    Filter vulnerabilities by severity threshold.
+
+    Args:
+        vulnerabilities: List of vulnerability dictionaries
+        threshold: Minimum severity threshold
+
+    Returns:
+        Filtered list of vulnerabilities
+    """
+    severity_order = get_severity_order()
+    threshold_value = severity_order.get(threshold.upper(), 2)
+
+    filtered = []
+    for vuln in vulnerabilities:
+        vuln_severity = vuln.get("severity", "LOW").upper()
+        vuln_value = severity_order.get(vuln_severity, 3)
+
+        if vuln_value <= threshold_value:
+            filtered.append(vuln)
+
+    return filtered