Fixes a bug where the the proxy settings were not being properly picked up And adds the last seen date as a String to the returned Application Data.

Author: JoeBeeContrast

README.md

@@ -304,10 +304,11 @@ When configuring in your config.json file, include the proxy settings in the arg
 ### Docker
 When running the MCP server in Docker, you can configure the proxy by passing the relevant environment variables:
 
+
 ```bash
 docker run \
-  -e HTTP_PROXY="http://proxy.example.com:8080" \
-  -e HTTPS_PROXY="http://proxy.example.com:8080" \
+  -e http_proxy_host="proxy.example.com" \
+  -e http_proxy_port="8080" \
   -e CONTRAST_HOST_NAME=example.contrastsecurity.com \
   -e CONTRAST_API_KEY=example \
   -e CONTRAST_SERVICE_KEY=example \
@@ -339,8 +340,8 @@ For VS Code configuration with Docker and proxy, modify the settings.json like t
         "CONTRAST_USERNAME",
         "-e",
         "CONTRAST_ORG_ID",
-        "-e", "HTTP_PROXY=http://proxy.example.com:8080",
-        "-e", "HTTPS_PROXY=http://proxy.example.com:8080",
+        "-e", "http_proxy_host",
+        "-e", "http_proxy_port",
         "-i",
         "--rm",
         "contrast/mcp-contrast:latest",
@@ -353,8 +354,8 @@ For VS Code configuration with Docker and proxy, modify the settings.json like t
             "CONTRAST_SERVICE_KEY": "example",
             "CONTRAST_USERNAME": "[email protected]",
             "CONTRAST_ORG_ID": "example",
-            "HTTP_PROXY": "http://proxy.example.com:8080",
-            "HTTP_PROXY": "http://proxy.example.com:8080"
+            "http_proxy_host": "proxy.example.com",
+            "http_proxy_port": "8080"
         }
     }
   }

src/main/java/com/contrast/labs/ai/mcp/contrast/ADRService.java

@@ -32,6 +32,7 @@ public class ADRService {
 
     private static final Logger logger = LoggerFactory.getLogger(ADRService.class);
 
+
     @Value("${contrast.host-name:${CONTRAST_HOST_NAME:}}")
     private String hostName;
 
@@ -47,13 +48,20 @@ public class ADRService {
     @Value("${contrast.org-id:${CONTRAST_ORG_ID:}}")
     private String orgID;
 
+    @Value("${http.proxy.host:${http_proxy_host:}}")
+    private String httpProxyHost;
+
+    @Value("${http.proxy.port:${http_proxy_port:}}")
+    private String httpProxyPort;
+
+
     @Tool(name = "get_ADR_Protect_Rules", description = "takes a application name and returns the protect / adr rules for the application")
     public ProtectData getProtectData(String applicationName) throws IOException {
         logger.info("Starting retrieval of protection rules for application: {}", applicationName);
         long startTime = System.currentTimeMillis();
 
         try {
-            ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+            ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
             logger.debug("ContrastSDK initialized successfully for application: {}", applicationName);
 
             // Get application ID from name
@@ -90,7 +98,7 @@ public ProtectData getProtectDataByAppID(String appID) throws IOException {
 
         try {
             // Initialize ContrastSDK
-            ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+            ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
             logger.debug("ContrastSDK initialized successfully for application ID: {}", appID);
 
             // Initialize SDK extension

src/main/java/com/contrast/labs/ai/mcp/contrast/AssessService.java

@@ -42,11 +42,7 @@
 import org.springframework.stereotype.Service;
 
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 
 @Service
 public class AssessService {
@@ -69,11 +65,18 @@ public class AssessService {
     @Value("${contrast.org-id:${CONTRAST_ORG_ID:}}")
     private String orgID;
 
+    @Value("${http.proxy.host:${http_proxy_host:}}")
+    private String httpProxyHost;
+
+    @Value("${http.proxy.port:${http_proxy_port:}}")
+    private String httpProxyPort;
+
+
 
     @Tool(name = "get_vulnerability_by_id", description = "takes a vulnerability ID ( vulnID ) and Application ID ( appID ) and returns details about the specific security vulnerability. If based on the stacktrace, the vulnerability looks like it is in code that is not in the codebase, the vulnerability may be in a 3rd party library, review the CVE data attached to that stackframe you believe the vulnerability exists in and if possible upgrade that library to the next non vulnerable version based on the remediation guidance.")
     public Vulnerability getVulnerabilityById(String vulnID, String appID) throws IOException {
         logger.info("Retrieving vulnerability details for vulnID: {} in application ID: {}", vulnID, appID);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         logger.debug("ContrastSDK initialized with host: {}", hostName);
 
         try {
@@ -153,7 +156,7 @@ private Optional<LibraryLibraryObservation> findMatchingLibraryData(String stack
     @Tool(name = "get_vulnerability", description = "Takes a vulnerability ID (vulnID) and application name (app_name) and returns details about the specific security vulnerability.  If based on the stacktrace, the vulnerability looks like it is in code that is not in the codebase, the vulnerability may be in a 3rd party library, review the CVE data attached to that stackframe you believe the vulnerability exists in and if possible upgrade that library to the next non vulnerable version based on the remediation guidance.")
     public Vulnerability getVulnerability(String vulnID, String app_name) throws IOException {
         logger.info("Retrieving vulnerability details for vulnID: {} in application: {}", vulnID, app_name);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         Optional<String> appID = Optional.empty();
         logger.debug("Searching for application ID matching name: {}", app_name);
 
@@ -175,7 +178,7 @@ public Vulnerability getVulnerability(String vulnID, String app_name) throws IOE
     @Tool(name = "list_vulnerabilities_with_id", description = "Takes a  Application ID ( appID ) and returns a list of vulnerabilities, please remember to include the vulnID in the response.")
     public List<VulnLight> listVulnsByAppId(String appID) throws IOException {
         logger.info("Listing vulnerabilities for application ID: {}", appID);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         try {
             List<Trace> traces = contrastSDK.getTraces(orgID, appID, new TraceFilterBody()).getTraces();
             logger.debug("Found {} vulnerability traces for application ID: {}", traces.size(), appID);
@@ -197,7 +200,7 @@ public List<VulnLight> listVulnsByAppId(String appID) throws IOException {
     @Tool(name = "list_vulnerabilities", description = "Takes an application name ( app_name ) and returns a list of vulnerabilities, please remember to include the vulnID in the response.  ")
     public List<VulnLight> listVulnsInAppByName(String app_name) throws IOException {
         logger.info("Listing vulnerabilities for application: {}", app_name);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
 
         Optional<String> appID = Optional.empty();
         logger.debug("Searching for application ID matching name: {}", app_name);
@@ -226,15 +229,15 @@ public List<VulnLight> listVulnsInAppByName(String app_name) throws IOException
     @Tool(name = "list_applications", description = "Takes an application name (app_name) returns a list of active applications matching that name. Please remember to display the name, status and ID.")
     public List<ApplicationData> getApplications(String app_name) throws IOException {
         logger.info("Listing active applications matching name: {}", app_name);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         try {
             List<Application> applications = SDKHelper.getApplicationsWithCache(orgID, contrastSDK);
             logger.debug("Retrieved {} total applications from Contrast", applications.size());
 
             List<ApplicationData> filteredApps = new ArrayList<>();
             for(Application app : applications) {
                 if(app.getName().toLowerCase().contains(app_name.toLowerCase())) {
-                    filteredApps.add(new ApplicationData(app.getName(), app.getStatus(), app.getId(), app.getLastSeen(), app.getLanguage()));
+                    filteredApps.add(new ApplicationData(app.getName(), app.getStatus(), app.getId(), app.getLastSeen(), new Date(app.getLastSeen()).toString(), app.getLanguage()));
                     logger.debug("Found matching application - ID: {}, Name: {}, Status: {}", 
                             app.getId(), app.getName(), app.getStatus());
                 }
@@ -252,15 +255,15 @@ public List<ApplicationData> getApplications(String app_name) throws IOException
     @Tool(name = "list_all_applications", description = "Takes no argument and list all the applications")
     public List<ApplicationData> getAllApplications() throws IOException {
         logger.info("Listing all applications");
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         try {
             List<Application> applications = SDKHelper.getApplicationsWithCache(orgID, contrastSDK);
             logger.debug("Retrieved {} total applications from Contrast", applications.size());
 
             List<ApplicationData> returnedApps = new ArrayList<>();
             for(Application app : applications) {
                 returnedApps.add(new ApplicationData(app.getName(), app.getStatus(), app.getId(),
-                        app.getLastSeen(), app.getLanguage()));
+                        app.getLastSeen(), new Date(app.getLastSeen()).toString(),app.getLanguage()));
             }
 
             logger.info("Found {} applications", returnedApps.size());

src/main/java/com/contrast/labs/ai/mcp/contrast/RouteCoverageService.java

@@ -22,6 +22,7 @@ public class RouteCoverageService {
     private static final Logger logger = LoggerFactory.getLogger(RouteCoverageService.class);
 
 
+
     @Value("${contrast.host-name:${CONTRAST_HOST_NAME:}}")
     private String hostName;
 
@@ -37,11 +38,19 @@ public class RouteCoverageService {
     @Value("${contrast.org-id:${CONTRAST_ORG_ID:}}")
     private String orgID;
 
+    @Value("${http.proxy.host:${http_proxy_host:}}")
+    private String httpProxyHost;
+
+    @Value("${http.proxy.port:${http_proxy_port:}}")
+    private String httpProxyPort;
+
+
+
     @Tool(name = "get_application_route_coverage", description = "takes a application name and return the route coverage data for that application. " +
             "If a route/endpoint is DISCOVERED, it means it has been found by Assess but that route has had no inbound http requests. If it is EXERCISED, it means it has had atleast one inbound http request to that route/endpoint.")
     public RouteCoverageResponse getRouteCoverage(String app_name) throws IOException {
         logger.info("Retrieving route coverage for application by name: {}", app_name);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         SDKExtension sdkExtension = new SDKExtension(contrastSDK);
         Optional<String> appID = Optional.empty();
         logger.debug("Searching for application ID matching name: {}", app_name);
@@ -78,7 +87,7 @@ public RouteCoverageResponse getRouteCoverage(String app_name) throws IOExceptio
             "If a route/endpoint is DISCOVERED, it means it has been found by Assess but that route has had no inbound http requests. If it is EXERCISED, it means it has had atleast one inbound http request to that route/endpoint.")
     public RouteCoverageResponse getRouteCoverageByAppID(String app_id) throws IOException {
         logger.info("Retrieving route coverage for application by ID: {}", app_id);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         SDKExtension sdkExtension = new SDKExtension(contrastSDK);
 
         logger.debug("Fetching route coverage data for application ID: {}", app_id);

src/main/java/com/contrast/labs/ai/mcp/contrast/SCAService.java

@@ -39,6 +39,7 @@ public class SCAService {
 
     private static final Logger logger = LoggerFactory.getLogger(SCAService.class);
 
+
     @Value("${contrast.host-name:${CONTRAST_HOST_NAME:}}")
     private String hostName;
 
@@ -54,10 +55,17 @@ public class SCAService {
     @Value("${contrast.org-id:${CONTRAST_ORG_ID:}}")
     private String orgID;
 
+    @Value("${http.proxy.host:${http_proxy_host:}}")
+    private String httpProxyHost;
+
+    @Value("${http.proxy.port:${http_proxy_port:}}")
+    private String httpProxyPort;
+
+
     @Tool(name = "list_application_libraries_by_app_id", description = "takes a application ID and returns the libraries used in the application, note if class usage count is 0 the library is unlikely to be used")
     public List<LibraryExtended> getApplicationLibrariesByID(String appID) throws IOException {
         logger.info("Retrieving libraries for application id: {}", appID);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         logger.debug("ContrastSDK initialized with host: {}", hostName);
 
         SDKExtension extendedSDK = new SDKExtension(contrastSDK);
@@ -69,7 +77,7 @@ public List<LibraryExtended> getApplicationLibrariesByID(String appID) throws IO
     @Tool(name = "list_application_libraries", description = "takes a application name and returns the libraries used in the application, note if class usage count is 0 the library is unlikely to be used")
     public List<LibraryExtended> getApplicationLibraries(String app_name) throws IOException {
         logger.info("Retrieving libraries for application: {}", app_name);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         logger.debug("ContrastSDK initialized with host: {}", hostName);
 
         SDKExtension extendedSDK = new SDKExtension(contrastSDK);
@@ -94,7 +102,7 @@ public List<LibraryExtended> getApplicationLibraries(String app_name) throws IOE
     @Tool(name= "list_applications_vulnerable_to_cve", description = "takes a cve id and returns the applications and servers vulnerable to the cve. Please note if the application class usage is 0, its unlikely to be vulnerable")
     public CveData listCVESForApplication(String cveid) throws IOException {
         logger.info("Retrieving applications vulnerable to CVE: {}", cveid);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
 
         logger.debug("ContrastSDK initialized with host: {}", hostName);
         contrastSDK.getLibrariesWithFilter(orgID, new LibraryFilterForm());

src/main/java/com/contrast/labs/ai/mcp/contrast/SastService.java

@@ -37,6 +37,7 @@ public class SastService {
 
     private static final Logger logger = LoggerFactory.getLogger(SastService.class);
 
+
     @Value("${contrast.host-name:${CONTRAST_HOST_NAME:}}")
     private String hostName;
 
@@ -52,10 +53,18 @@ public class SastService {
     @Value("${contrast.org-id:${CONTRAST_ORG_ID:}}")
     private String orgID;
 
+    @Value("${http.proxy.host:${http_proxy_host:}}")
+    private String httpProxyHost;
+
+    @Value("${http.proxy.port:${http_proxy_port:}}")
+    private String httpProxyPort;
+
+
+
     @Tool(name = "list_Scan_Project", description = "takes a scan project name and returns the project details")
     public Project getScanProject(String projectName) throws IOException {
         logger.info("Retrieving scan project details for project: {}", projectName);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         logger.debug("ContrastSDK initialized with host: {}", hostName);
 
         try {
@@ -72,7 +81,7 @@ public Project getScanProject(String projectName) throws IOException {
     @Tool(name = "list_Scan_Results", description = "takes a scan project name and returns the latest results in Sarif format")
     public String getLatestScanResult(String projectName) throws IOException {
         logger.info("Retrieving latest scan results in SARIF format for project: {}", projectName);
-        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName);
+        ContrastSDK contrastSDK = SDKHelper.getSDK(hostName, apiKey, serviceKey, userName,httpProxyHost, httpProxyPort);
         logger.debug("ContrastSDK initialized with host: {}", hostName);
 
         try {

src/main/java/com/contrast/labs/ai/mcp/contrast/data/ApplicationData.java

@@ -15,5 +15,7 @@
  */
 package com.contrast.labs.ai.mcp.contrast.data;
 
-public record ApplicationData(String name, String status, String appID, long lastSeen, String language) {
+import java.util.Date;
+
+public record ApplicationData(String name, String status, String appID, long lastSeen, String lastSeenDate, String language) {
 }

src/main/java/com/contrast/labs/ai/mcp/contrast/sdkexstension/SDKHelper.java

@@ -28,6 +28,7 @@
 import com.contrastsecurity.http.LibraryFilterForm;
 
 import java.io.IOException;
+import java.net.Proxy;
 import java.util.ArrayList;
 import java.util.EnumSet;
 import java.util.List;
@@ -159,12 +160,26 @@ public static List<LibraryObservation> getLibraryObservationsWithCache(
 
     // The withUserAgentProduct will generate a user agent header that looks like
     // User-Agent: contrast-mcp/1.0 contrast-sdk-java/3.4.2 Java/19.0.2+7
-    public static ContrastSDK getSDK(String hostName, String apiKey, String serviceKey, String userName)  {
-        logger.info("Initializing ContrastSDK with username: {}, host: {}", userName,  hostName);
-        return new ContrastSDK.Builder(userName, serviceKey, apiKey)
-                .withApiUrl( "https://" + hostName + "/Contrast/api")
-                .withUserAgentProduct(UserAgentProduct.of(MCP_SERVER_NAME,MCP_VERSION))
-                .build();
+    public static ContrastSDK getSDK(String hostName, String apiKey, String serviceKey, String userName, String httpProxyHost, String httpProxyPort)  {
+        logger.info("Initializing ContrastSDK with username: {}, host: {}", userName, hostName);
+
+        ContrastSDK.Builder builder = new ContrastSDK.Builder(userName, serviceKey, apiKey)
+                .withApiUrl("https://" + hostName + "/Contrast/api")
+                .withUserAgentProduct(UserAgentProduct.of(MCP_SERVER_NAME, MCP_VERSION));
+
+        if (httpProxyHost != null && !httpProxyHost.isEmpty()) {
+            int port = httpProxyPort != null && !httpProxyPort.isEmpty() ? Integer.parseInt(httpProxyPort) : 80;
+            logger.debug("Configuring HTTP proxy: {}:{}", httpProxyHost, port);
+
+            java.net.Proxy proxy = new java.net.Proxy(
+                java.net.Proxy.Type.HTTP,
+                new java.net.InetSocketAddress(httpProxyHost, port)
+            );
+
+            builder.withProxy(proxy);
+        }
+
+        return builder.build();
     }
 
     /**