checkmate5 4.1.0.dev11__py3-none-any.whl → 4.1.0.dev12__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checkmate/contrib/plugins/all/gptanalyzer/analyzer.py +3 -5
- checkmate/contrib/plugins/all/gptanalyzer/issues_data.py +203 -6
- {checkmate5-4.1.0.dev11.dist-info → checkmate5-4.1.0.dev12.dist-info}/METADATA +1 -1
- {checkmate5-4.1.0.dev11.dist-info → checkmate5-4.1.0.dev12.dist-info}/RECORD +8 -10
- checkmate/__pycache__/__init__.cpython-312.pyc +0 -0
- checkmate/__pycache__/__main__.cpython-312.pyc +0 -0
- {checkmate5-4.1.0.dev11.dist-info → checkmate5-4.1.0.dev12.dist-info}/LICENSE.txt +0 -0
- {checkmate5-4.1.0.dev11.dist-info → checkmate5-4.1.0.dev12.dist-info}/WHEEL +0 -0
- {checkmate5-4.1.0.dev11.dist-info → checkmate5-4.1.0.dev12.dist-info}/entry_points.txt +0 -0
- {checkmate5-4.1.0.dev11.dist-info → checkmate5-4.1.0.dev12.dist-info}/top_level.txt +0 -0
|
@@ -48,9 +48,7 @@ class GptAnalyzer(BaseAnalyzer):
|
|
|
48
48
|
os.environ["PATH"] = "/root/.go/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/:/usr/local/go/bin/"
|
|
49
49
|
|
|
50
50
|
try:
|
|
51
|
-
result = subprocess.check_output(["/root/bin/
|
|
52
|
-
"run",
|
|
53
|
-
"scr",
|
|
51
|
+
result = subprocess.check_output(["/root/bin/aicodereview",
|
|
54
52
|
f.name],
|
|
55
53
|
stderr=subprocess.DEVNULL).strip()
|
|
56
54
|
except subprocess.CalledProcessError as e:
|
|
@@ -74,7 +72,7 @@ class GptAnalyzer(BaseAnalyzer):
|
|
|
74
72
|
location = (((value,None),
|
|
75
73
|
(value,None)),)
|
|
76
74
|
|
|
77
|
-
string = issue["
|
|
75
|
+
string = issue["description"]
|
|
78
76
|
string = string.replace("'","")
|
|
79
77
|
string = string.replace("`","")
|
|
80
78
|
string = string.replace("\"","")
|
|
@@ -82,7 +80,7 @@ class GptAnalyzer(BaseAnalyzer):
|
|
|
82
80
|
string = re.sub('[^A-Za-z0-9 ]+', '', string)
|
|
83
81
|
|
|
84
82
|
issues.append({
|
|
85
|
-
'code': "
|
|
83
|
+
'code': issue["category"],
|
|
86
84
|
'location': location,
|
|
87
85
|
'data': string,
|
|
88
86
|
'file': file_revision.path,
|
|
@@ -1,6 +1,203 @@
|
|
|
1
|
-
issues_data = {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
1
|
+
issues_data = {
|
|
2
|
+
'CodeInjection': {
|
|
3
|
+
'categories': ['Injection'],
|
|
4
|
+
'description': 'Code injection occurs when an attacker is able to insert or inject malicious code into an application.',
|
|
5
|
+
'file': '%(issue.file)s',
|
|
6
|
+
'line': '%(issue.line)s',
|
|
7
|
+
'severity': 1,
|
|
8
|
+
'title': 'Code Injection'
|
|
9
|
+
},
|
|
10
|
+
'SQLInjection': {
|
|
11
|
+
'categories': ['Injection'],
|
|
12
|
+
'description': 'SQL injection occurs when an attacker is able to manipulate a query to execute malicious SQL code.',
|
|
13
|
+
'file': '%(issue.file)s',
|
|
14
|
+
'line': '%(issue.line)s',
|
|
15
|
+
'severity': 1,
|
|
16
|
+
'title': 'SQL Injection'
|
|
17
|
+
},
|
|
18
|
+
'OSCommandInjection': {
|
|
19
|
+
'categories': ['Injection'],
|
|
20
|
+
'description': 'OS command injection allows an attacker to execute arbitrary OS commands on the server.',
|
|
21
|
+
'file': '%(issue.file)s',
|
|
22
|
+
'line': '%(issue.line)s',
|
|
23
|
+
'severity': 1,
|
|
24
|
+
'title': 'OS Command Injection'
|
|
25
|
+
},
|
|
26
|
+
'CrossSiteScriptingXSS': {
|
|
27
|
+
'categories': ['Scripting'],
|
|
28
|
+
'description': 'Cross-Site Scripting (XSS) occurs when an attacker injects malicious scripts into a web page.',
|
|
29
|
+
'file': '%(issue.file)s',
|
|
30
|
+
'line': '%(issue.line)s',
|
|
31
|
+
'severity': 1,
|
|
32
|
+
'title': 'Cross-Site Scripting (XSS)'
|
|
33
|
+
},
|
|
34
|
+
'InsecureDeserialization': {
|
|
35
|
+
'categories': ['Deserialization'],
|
|
36
|
+
'description': 'Insecure deserialization occurs when untrusted data is deserialized and executed, leading to remote code execution or other attacks.',
|
|
37
|
+
'file': '%(issue.file)s',
|
|
38
|
+
'line': '%(issue.line)s',
|
|
39
|
+
'severity': 1,
|
|
40
|
+
'title': 'Insecure Deserialization'
|
|
41
|
+
},
|
|
42
|
+
'CrossSiteRequestForgeryCSRF': {
|
|
43
|
+
'categories': ['Forgery'],
|
|
44
|
+
'description': 'Cross-Site Request Forgery (CSRF) forces a logged-in user to perform unwanted actions on a web application.',
|
|
45
|
+
'file': '%(issue.file)s',
|
|
46
|
+
'line': '%(issue.line)s',
|
|
47
|
+
'severity': 2,
|
|
48
|
+
'title': 'Cross-Site Request Forgery (CSRF)'
|
|
49
|
+
},
|
|
50
|
+
'SensitiveDataExposure': {
|
|
51
|
+
'categories': ['DataExposure'],
|
|
52
|
+
'description': 'Sensitive data exposure occurs when sensitive data like passwords or credit card numbers are exposed in an unprotected manner.',
|
|
53
|
+
'file': '%(issue.file)s',
|
|
54
|
+
'line': '%(issue.line)s',
|
|
55
|
+
'severity': 2,
|
|
56
|
+
'title': 'Sensitive Data Exposure'
|
|
57
|
+
},
|
|
58
|
+
'BrokenAuthentication': {
|
|
59
|
+
'categories': ['Authentication'],
|
|
60
|
+
'description': 'Broken authentication occurs when attackers are able to gain unauthorized access to accounts or services.',
|
|
61
|
+
'file': '%(issue.file)s',
|
|
62
|
+
'line': '%(issue.line)s',
|
|
63
|
+
'severity': 1,
|
|
64
|
+
'title': 'Broken Authentication'
|
|
65
|
+
},
|
|
66
|
+
'BrokenAccessControl': {
|
|
67
|
+
'categories': ['AccessControl'],
|
|
68
|
+
'description': 'Broken access control occurs when a user is able to access resources or perform actions they should not be allowed to.',
|
|
69
|
+
'file': '%(issue.file)s',
|
|
70
|
+
'line': '%(issue.line)s',
|
|
71
|
+
'severity': 1,
|
|
72
|
+
'title': 'Broken Access Control'
|
|
73
|
+
},
|
|
74
|
+
'SecurityMisconfiguration': {
|
|
75
|
+
'categories': ['Misconfiguration'],
|
|
76
|
+
'description': 'Security misconfiguration occurs when a system is set up insecurely, allowing for possible exploitation.',
|
|
77
|
+
'file': '%(issue.file)s',
|
|
78
|
+
'line': '%(issue.line)s',
|
|
79
|
+
'severity': 2,
|
|
80
|
+
'title': 'Security Misconfiguration'
|
|
81
|
+
},
|
|
82
|
+
'UsingComponentsWithKnownVulnerabilities': {
|
|
83
|
+
'categories': ['Components'],
|
|
84
|
+
'description': 'Using components with known vulnerabilities exposes the system to known exploits.',
|
|
85
|
+
'file': '%(issue.file)s',
|
|
86
|
+
'line': '%(issue.line)s',
|
|
87
|
+
'severity': 2,
|
|
88
|
+
'title': 'Using Components with Known Vulnerabilities'
|
|
89
|
+
},
|
|
90
|
+
'XMLExternalEntityXXEInjection': {
|
|
91
|
+
'categories': ['Injection'],
|
|
92
|
+
'description': 'XML External Entity (XXE) injection allows an attacker to interfere with XML processing and extract data.',
|
|
93
|
+
'file': '%(issue.file)s',
|
|
94
|
+
'line': '%(issue.line)s',
|
|
95
|
+
'severity': 2,
|
|
96
|
+
'title': 'XML External Entity (XXE) Injection'
|
|
97
|
+
},
|
|
98
|
+
'BrokenCryptography': {
|
|
99
|
+
'categories': ['Cryptography'],
|
|
100
|
+
'description': 'Broken cryptography occurs when weak or outdated cryptographic algorithms are used, compromising data integrity.',
|
|
101
|
+
'file': '%(issue.file)s',
|
|
102
|
+
'line': '%(issue.line)s',
|
|
103
|
+
'severity': 1,
|
|
104
|
+
'title': 'Broken Cryptography'
|
|
105
|
+
},
|
|
106
|
+
'InsufficientLoggingMonitoring': {
|
|
107
|
+
'categories': ['Logging'],
|
|
108
|
+
'description': 'Insufficient logging and monitoring allows attackers to perform actions without detection.',
|
|
109
|
+
'file': '%(issue.file)s',
|
|
110
|
+
'line': '%(issue.line)s',
|
|
111
|
+
'severity': 3,
|
|
112
|
+
'title': 'Insufficient Logging & Monitoring'
|
|
113
|
+
},
|
|
114
|
+
'ImproperErrorHandling': {
|
|
115
|
+
'categories': ['ErrorHandling'],
|
|
116
|
+
'description': 'Improper error handling may expose sensitive information about the system to attackers.',
|
|
117
|
+
'file': '%(issue.file)s',
|
|
118
|
+
'line': '%(issue.line)s',
|
|
119
|
+
'severity': 3,
|
|
120
|
+
'title': 'Improper Error Handling'
|
|
121
|
+
},
|
|
122
|
+
'BufferOverflow': {
|
|
123
|
+
'categories': ['Overflow'],
|
|
124
|
+
'description': 'Buffer overflow occurs when data overflows into adjacent memory, potentially leading to arbitrary code execution.',
|
|
125
|
+
'file': '%(issue.file)s',
|
|
126
|
+
'line': '%(issue.line)s',
|
|
127
|
+
'severity': 1,
|
|
128
|
+
'title': 'Buffer Overflow'
|
|
129
|
+
},
|
|
130
|
+
'PathTraversal': {
|
|
131
|
+
'categories': ['Traversal'],
|
|
132
|
+
'description': 'Path traversal allows attackers to access files and directories that are stored outside the web root folder.',
|
|
133
|
+
'file': '%(issue.file)s',
|
|
134
|
+
'line': '%(issue.line)s',
|
|
135
|
+
'severity': 1,
|
|
136
|
+
'title': 'Path Traversal'
|
|
137
|
+
},
|
|
138
|
+
'InsecureDirectObjectReferencesIDOR': {
|
|
139
|
+
'categories': ['ObjectReferences'],
|
|
140
|
+
'description': 'Insecure Direct Object References (IDOR) allow attackers to bypass access control checks by manipulating object identifiers.',
|
|
141
|
+
'file': '%(issue.file)s',
|
|
142
|
+
'line': '%(issue.line)s',
|
|
143
|
+
'severity': 1,
|
|
144
|
+
'title': 'Insecure Direct Object References (IDOR)'
|
|
145
|
+
},
|
|
146
|
+
'LackOfDataProtection': {
|
|
147
|
+
'categories': ['DataProtection'],
|
|
148
|
+
'description': 'Lack of data protection means failure to secure sensitive data during storage and transmission.',
|
|
149
|
+
'file': '%(issue.file)s',
|
|
150
|
+
'line': '%(issue.line)s',
|
|
151
|
+
'severity': 2,
|
|
152
|
+
'title': 'Lack of Data Protection'
|
|
153
|
+
},
|
|
154
|
+
'ServerSideRequestForgerySSRF': {
|
|
155
|
+
'categories': ['RequestForgery'],
|
|
156
|
+
'description': 'Server-Side Request Forgery (SSRF) allows an attacker to make requests from the server-side application to internal systems.',
|
|
157
|
+
'file': '%(issue.file)s',
|
|
158
|
+
'line': '%(issue.line)s',
|
|
159
|
+
'severity': 1,
|
|
160
|
+
'title': 'Server-Side Request Forgery (SSRF)'
|
|
161
|
+
},
|
|
162
|
+
'UntrustedInputValidation': {
|
|
163
|
+
'categories': ['InputValidation'],
|
|
164
|
+
'description': 'Untrusted input validation allows attackers to send malicious data, leading to potential exploits.',
|
|
165
|
+
'file': '%(issue.file)s',
|
|
166
|
+
'line': '%(issue.line)s',
|
|
167
|
+
'severity': 1,
|
|
168
|
+
'title': 'Untrusted Input Validation'
|
|
169
|
+
},
|
|
170
|
+
'RaceConditions': {
|
|
171
|
+
'categories': ['Conditions'],
|
|
172
|
+
'description': 'Race conditions occur when two processes attempt to change shared data simultaneously, leading to unexpected behavior.',
|
|
173
|
+
'file': '%(issue.file)s',
|
|
174
|
+
'line': '%(issue.line)s',
|
|
175
|
+
'severity': 2,
|
|
176
|
+
'title': 'Race Conditions'
|
|
177
|
+
},
|
|
178
|
+
'ImproperAuthorization': {
|
|
179
|
+
'categories': ['Authorization'],
|
|
180
|
+
'description': 'Improper authorization allows users to gain access to parts of the system they should not.',
|
|
181
|
+
'file': '%(issue.file)s',
|
|
182
|
+
'line': '%(issue.line)s',
|
|
183
|
+
'severity': 1,
|
|
184
|
+
'title': 'Improper Authorization'
|
|
185
|
+
},
|
|
186
|
+
'ImproperValidationOfRedirectsAndForwards': {
|
|
187
|
+
'categories': ['RedirectValidation'],
|
|
188
|
+
'description': 'Improper validation of redirects and forwards can be exploited to redirect users to malicious sites.',
|
|
189
|
+
'file': '%(issue.file)s',
|
|
190
|
+
'line': '%(issue.line)s',
|
|
191
|
+
'severity': 2,
|
|
192
|
+
'title': 'Improper Validation of Redirects and Forwards'
|
|
193
|
+
},
|
|
194
|
+
'InsufficientSecurityControls': {
|
|
195
|
+
'categories': ['SecurityControls'],
|
|
196
|
+
'description': 'Insufficient security controls fail to protect the system against known vulnerabilities and exploits.',
|
|
197
|
+
'file': '%(issue.file)s',
|
|
198
|
+
'line': '%(issue.line)s',
|
|
199
|
+
'severity': 2,
|
|
200
|
+
'title': 'Insufficient Security Controls'
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
|
|
@@ -1,13 +1,11 @@
|
|
|
1
1
|
checkmate/__init__.py,sha256=h0A5VNAgY_KCei1186pBJXycyUYDdeInykmh26yrxOM,1121
|
|
2
2
|
checkmate/__main__.py,sha256=f39qxz9fNWmRBKiqJij6cYBO-ekZghr7dDOqAF6xvjU,1182
|
|
3
3
|
checkmate/exceptions.py,sha256=QmXREqMV_3oinlOgI_4Iwz7_nL61UsrubkG-SXEBW8M,117
|
|
4
|
-
checkmate/__pycache__/__init__.cpython-312.pyc,sha256=d40ed5drH8hrXIMCX4VEwfQ7geTt205cNxxArEL6kZE,154
|
|
5
|
-
checkmate/__pycache__/__main__.cpython-312.pyc,sha256=wjNKuSg-Vsb1HI5d226Epy3Jbe1yPjBa39TwKAC9OKw,280
|
|
6
4
|
checkmate/contrib/__init__.py,sha256=h0A5VNAgY_KCei1186pBJXycyUYDdeInykmh26yrxOM,1121
|
|
7
5
|
checkmate/contrib/plugins/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
6
|
checkmate/contrib/plugins/all/gptanalyzer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
|
-
checkmate/contrib/plugins/all/gptanalyzer/analyzer.py,sha256=
|
|
10
|
-
checkmate/contrib/plugins/all/gptanalyzer/issues_data.py,sha256=
|
|
7
|
+
checkmate/contrib/plugins/all/gptanalyzer/analyzer.py,sha256=z8YFS-ACzIFBwk6CTu23neNqipjrd0f1VM5SrfxmgRM,3117
|
|
8
|
+
checkmate/contrib/plugins/all/gptanalyzer/issues_data.py,sha256=sxNFc6F3544JRuObxP5meOH_lMqh8mGfP8G7vvfzagk,8715
|
|
11
9
|
checkmate/contrib/plugins/all/gptanalyzer/setup.py,sha256=60GttDlkRy7Ne_upLOoBgkatBKeKumHi86eEaBz1hzY,304
|
|
12
10
|
checkmate/contrib/plugins/cve/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
13
11
|
checkmate/contrib/plugins/cve/text4shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -113,9 +111,9 @@ checkmate/scripts/manage.py,sha256=mpioBaxzirAKXZtbxO-y4dbOcc6UoP0MaAMsNuKHbz0,4
|
|
|
113
111
|
checkmate/settings/__init__.py,sha256=z32hPz-kGS-tTGa6dWCFjrrrbS_eagLd-YrqBP3gjWI,33
|
|
114
112
|
checkmate/settings/base.py,sha256=3WBXZITqoWepIja96bo5JTi-TDpQALPTCugL0E8z-yE,4551
|
|
115
113
|
checkmate/settings/defaults.py,sha256=uK1KB50ukDbk2rACyiCQuXTNSr2M7GXE-2_GTFupbv0,2728
|
|
116
|
-
checkmate5-4.1.0.
|
|
117
|
-
checkmate5-4.1.0.
|
|
118
|
-
checkmate5-4.1.0.
|
|
119
|
-
checkmate5-4.1.0.
|
|
120
|
-
checkmate5-4.1.0.
|
|
121
|
-
checkmate5-4.1.0.
|
|
114
|
+
checkmate5-4.1.0.dev12.dist-info/LICENSE.txt,sha256=SGQTFjJQjkYGoK1PCFfMKpfgRLm3yL0h9Mq2o26sm2E,151451
|
|
115
|
+
checkmate5-4.1.0.dev12.dist-info/METADATA,sha256=BVnSusDymHaGg6BGwcsH25kc7e0eQ8-XL_NHDChwUxs,1239
|
|
116
|
+
checkmate5-4.1.0.dev12.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
|
|
117
|
+
checkmate5-4.1.0.dev12.dist-info/entry_points.txt,sha256=FbGnau5C4z98WmBYpMJqUzobQEr1AIi9aZApSavNojQ,60
|
|
118
|
+
checkmate5-4.1.0.dev12.dist-info/top_level.txt,sha256=tl6eIJXedpLZbcbmYEwlhEzuTaSt0TvIRUesOb8gtng,10
|
|
119
|
+
checkmate5-4.1.0.dev12.dist-info/RECORD,,
|
|
Binary file
|
|
Binary file
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|