checkmate5 4.1.0.dev42__py3-none-any.whl → 4.1.0.dev44__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checkmate/contrib/plugins/all/opengrep/__init__.py +0 -0
- checkmate/contrib/plugins/all/opengrep/analyzer.py +95 -0
- checkmate/contrib/plugins/all/opengrep/issues_data.py +5 -0
- checkmate/contrib/plugins/all/opengrep/setup.py +13 -0
- checkmate/scripts/manage.py +16 -9
- checkmate/settings/defaults.py +1 -0
- {checkmate5-4.1.0.dev42.dist-info → checkmate5-4.1.0.dev44.dist-info}/METADATA +1 -1
- {checkmate5-4.1.0.dev42.dist-info → checkmate5-4.1.0.dev44.dist-info}/RECORD +12 -8
- {checkmate5-4.1.0.dev42.dist-info → checkmate5-4.1.0.dev44.dist-info}/WHEEL +0 -0
- {checkmate5-4.1.0.dev42.dist-info → checkmate5-4.1.0.dev44.dist-info}/entry_points.txt +0 -0
- {checkmate5-4.1.0.dev42.dist-info → checkmate5-4.1.0.dev44.dist-info}/licenses/LICENSE.txt +0 -0
- {checkmate5-4.1.0.dev42.dist-info → checkmate5-4.1.0.dev44.dist-info}/top_level.txt +0 -0
|
File without changes
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
from checkmate.lib.analysis.base import BaseAnalyzer
|
|
5
|
+
|
|
6
|
+
import logging
|
|
7
|
+
import os
|
|
8
|
+
import tempfile
|
|
9
|
+
import json
|
|
10
|
+
|
|
11
|
+
import subprocess
|
|
12
|
+
|
|
13
|
+
logger = logging.getLogger(__name__)
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
class OpengrepAnalyzer(BaseAnalyzer):
|
|
17
|
+
|
|
18
|
+
def __init__(self, *args, **kwargs):
|
|
19
|
+
super(OpengrepAnalyzer, self).__init__(*args, **kwargs)
|
|
20
|
+
try:
|
|
21
|
+
result = subprocess.check_output(
|
|
22
|
+
["opengrep", "--version"],stderr=subprocess.DEVNULL).strip()
|
|
23
|
+
except subprocess.CalledProcessError:
|
|
24
|
+
logger.error(
|
|
25
|
+
"Cannot initialize opengrep analyzer: Executable is missing, please install it.")
|
|
26
|
+
raise
|
|
27
|
+
|
|
28
|
+
def summarize(self, items):
|
|
29
|
+
pass
|
|
30
|
+
|
|
31
|
+
def analyze(self, file_revision):
|
|
32
|
+
issues = []
|
|
33
|
+
tmpdir = "/tmp/"+file_revision.project.pk
|
|
34
|
+
|
|
35
|
+
if not os.path.exists(os.path.dirname(tmpdir+"/"+file_revision.path)):
|
|
36
|
+
try:
|
|
37
|
+
os.makedirs(os.path.dirname(tmpdir+"/"+file_revision.path))
|
|
38
|
+
except OSError as exc: # Guard against race condition
|
|
39
|
+
if exc.errno != errno.EEXIST:
|
|
40
|
+
raise
|
|
41
|
+
f = open(tmpdir+"/"+file_revision.path, "wb")
|
|
42
|
+
|
|
43
|
+
fout = tempfile.NamedTemporaryFile(suffix=".json", delete=False)
|
|
44
|
+
result = {}
|
|
45
|
+
try:
|
|
46
|
+
with f:
|
|
47
|
+
try:
|
|
48
|
+
f.write(file_revision.get_file_content())
|
|
49
|
+
except UnicodeDecodeError:
|
|
50
|
+
pass
|
|
51
|
+
try:
|
|
52
|
+
result = subprocess.check_output(["opengrep",
|
|
53
|
+
"scan",
|
|
54
|
+
"-f",
|
|
55
|
+
"/root/opengrep-rules"
|
|
56
|
+
"--no-git-ignore",
|
|
57
|
+
"--json",
|
|
58
|
+
f.name],
|
|
59
|
+
stderr=subprocess.DEVNULL).strip()
|
|
60
|
+
|
|
61
|
+
except subprocess.CalledProcessError as e:
|
|
62
|
+
if e.returncode == 4:
|
|
63
|
+
result = e.output
|
|
64
|
+
elif e.returncode == 3:
|
|
65
|
+
result = []
|
|
66
|
+
pass
|
|
67
|
+
else:
|
|
68
|
+
result = e.output
|
|
69
|
+
pass
|
|
70
|
+
|
|
71
|
+
|
|
72
|
+
try:
|
|
73
|
+
json_result = json.loads(result)
|
|
74
|
+
|
|
75
|
+
for issue in json_result['results']:
|
|
76
|
+
|
|
77
|
+
location = (((issue['start']['line'], None),
|
|
78
|
+
(issue['start']['line'], None)),)
|
|
79
|
+
val = issue['check_id']
|
|
80
|
+
val = val.replace("root.","")
|
|
81
|
+
val = val.title().replace("_","")
|
|
82
|
+
|
|
83
|
+
issues.append({
|
|
84
|
+
'code': val,
|
|
85
|
+
'location': location,
|
|
86
|
+
'data': issue['extra']['message'],
|
|
87
|
+
'file': file_revision.path,
|
|
88
|
+
'line': issue['start']['line'],
|
|
89
|
+
'fingerprint': self.get_fingerprint_from_code(file_revision, location, extra_data=issue['extra']['message'])
|
|
90
|
+
})
|
|
91
|
+
except:
|
|
92
|
+
pass
|
|
93
|
+
|
|
94
|
+
finally:
|
|
95
|
+
return {'issues': issues}
|
checkmate/scripts/manage.py
CHANGED
|
@@ -46,6 +46,7 @@ root.addHandler(ch)
|
|
|
46
46
|
|
|
47
47
|
|
|
48
48
|
def load_command_class(settings):
|
|
49
|
+
"""Parses sys.argv to find and load the appropriate command class."""
|
|
49
50
|
i = 1
|
|
50
51
|
command_chain = []
|
|
51
52
|
current_commands = settings.commands
|
|
@@ -57,7 +58,7 @@ def load_command_class(settings):
|
|
|
57
58
|
cmd = sys.argv[i]
|
|
58
59
|
command_chain.append(cmd)
|
|
59
60
|
i += 1
|
|
60
|
-
if not
|
|
61
|
+
if cmd not in current_commands:
|
|
61
62
|
sys.stderr.write("Unknown command: %s\n" % " ".join(command_chain))
|
|
62
63
|
exit(-1)
|
|
63
64
|
if not isinstance(current_commands[cmd], dict):
|
|
@@ -65,19 +66,19 @@ def load_command_class(settings):
|
|
|
65
66
|
command_module_name, command_class_name = current_commands[cmd].rsplit(".", 1)
|
|
66
67
|
command_module = importlib.import_module(command_module_name)
|
|
67
68
|
return getattr(command_module, command_class_name), command_chain
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
69
|
+
else: # it is a class
|
|
70
|
+
return current_commands[cmd], command_chain
|
|
71
|
+
current_commands = current_commands[cmd]
|
|
71
72
|
|
|
72
73
|
|
|
73
74
|
def main():
|
|
74
75
|
|
|
75
76
|
if not os.path.isdir('.git'):
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
if
|
|
79
|
-
|
|
80
|
-
|
|
77
|
+
sys.stderr.write("Not a git repository.\nTry running: \"git init && git add . && git commit -m \"init\" \" in the folder\n")
|
|
78
|
+
exit(-1)
|
|
79
|
+
if "CODE_DIR" not in os.environ:
|
|
80
|
+
sys.stderr.write("CODE_DIR env not set. Please set it to directory of your code.\nTry running: \"export CODE_DIR=/path/to/code\" before\n")
|
|
81
|
+
exit(-1)
|
|
81
82
|
|
|
82
83
|
project_path = get_project_path()
|
|
83
84
|
|
|
@@ -105,13 +106,19 @@ def main():
|
|
|
105
106
|
prog=sys.argv[0]+" "+" ".join(command_chain),
|
|
106
107
|
args=sys.argv[1+len(command_chain):])
|
|
107
108
|
try:
|
|
109
|
+
# Check for the 'help' command first
|
|
108
110
|
if 'help' in command.opts and command.opts['help']:
|
|
109
111
|
print((command.help_message()))
|
|
110
112
|
exit(0)
|
|
113
|
+
|
|
114
|
+
# Execute the command's main logic
|
|
111
115
|
result = command.run()
|
|
116
|
+
|
|
117
|
+
# Serialize and print the result if the command supports it
|
|
112
118
|
if hasattr(command, 'serialize'):
|
|
113
119
|
result_str = command.serialize(result, 'text')
|
|
114
120
|
print(result_str)
|
|
121
|
+
|
|
115
122
|
except KeyboardInterrupt:
|
|
116
123
|
print("[CTRL-C pressed, aborting]")
|
|
117
124
|
exit(-1)
|
checkmate/settings/defaults.py
CHANGED
|
@@ -6,6 +6,10 @@ checkmate/contrib/plugins/all/aigraphcodescan/__init__.py,sha256=47DEQpj8HBSa-_T
|
|
|
6
6
|
checkmate/contrib/plugins/all/aigraphcodescan/analyzer.py,sha256=5CLYKjtKqxmtq5s9PYYrW8qnSN6eG55HoqWHQ4Kf7Nc,3189
|
|
7
7
|
checkmate/contrib/plugins/all/aigraphcodescan/issues_data.py,sha256=pUC6pC33TEpgRProHoAJPvEr7wYaWgQvDXruWCTO_NE,252
|
|
8
8
|
checkmate/contrib/plugins/all/aigraphcodescan/setup.py,sha256=ojrkDPRHVOC3mK34alu1d994uc0VpixFXsOJuZmr0pY,340
|
|
9
|
+
checkmate/contrib/plugins/all/opengrep/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
10
|
+
checkmate/contrib/plugins/all/opengrep/analyzer.py,sha256=WhoTaagC8IAbWtf0VX2aBb3NIGC94ls_x41mybpdX_Y,3312
|
|
11
|
+
checkmate/contrib/plugins/all/opengrep/issues_data.py,sha256=XKspT10LzjPgE_euavpZGqR34evbvL-ctsIJn7_lrKw,44
|
|
12
|
+
checkmate/contrib/plugins/all/opengrep/setup.py,sha256=axjstT1Dy3_2zVi_Gs8wFST-LOR08ZWzEghat0Kcv9M,305
|
|
9
13
|
checkmate/contrib/plugins/cve/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
10
14
|
checkmate/contrib/plugins/cve/text4shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
11
15
|
checkmate/contrib/plugins/cve/text4shell/analyzer.py,sha256=RgYq1dIGLLRdn8GeehXbjmyaE5nJDh0qRfeI22xTO2g,1850
|
|
@@ -107,13 +111,13 @@ checkmate/management/commands/props/delete.py,sha256=skrsBtAz-w_4_ZpX88AADWBGcmg
|
|
|
107
111
|
checkmate/management/commands/props/get.py,sha256=YsvE_sr8ViIvpjLJ7sPMp6UoujKGWMrcaZMnAVfQnNs,763
|
|
108
112
|
checkmate/management/commands/props/set.py,sha256=VEoFbHletPqZXeHdiqXOGbgLArf4FHBZNupNH4DaRIo,728
|
|
109
113
|
checkmate/scripts/__init__.py,sha256=XAi0y8z1NviyGvLB68Oxnzr6Nw5AP8xgbcSSnc1Zcvw,766
|
|
110
|
-
checkmate/scripts/manage.py,sha256=
|
|
114
|
+
checkmate/scripts/manage.py,sha256=vb4L171yfctLbZpQxn_kZ1hQLtCDqdQQGiq7BJlnQ2A,4494
|
|
111
115
|
checkmate/settings/__init__.py,sha256=z32hPz-kGS-tTGa6dWCFjrrrbS_eagLd-YrqBP3gjWI,33
|
|
112
116
|
checkmate/settings/base.py,sha256=3WBXZITqoWepIja96bo5JTi-TDpQALPTCugL0E8z-yE,4551
|
|
113
|
-
checkmate/settings/defaults.py,sha256=
|
|
114
|
-
checkmate5-4.1.0.
|
|
115
|
-
checkmate5-4.1.0.
|
|
116
|
-
checkmate5-4.1.0.
|
|
117
|
-
checkmate5-4.1.0.
|
|
118
|
-
checkmate5-4.1.0.
|
|
119
|
-
checkmate5-4.1.0.
|
|
117
|
+
checkmate/settings/defaults.py,sha256=nkEvDEqr3fhoy8ewvMX2ehyGtbdtkqxyqFJInol8wPg,2794
|
|
118
|
+
checkmate5-4.1.0.dev44.dist-info/licenses/LICENSE.txt,sha256=SGQTFjJQjkYGoK1PCFfMKpfgRLm3yL0h9Mq2o26sm2E,151451
|
|
119
|
+
checkmate5-4.1.0.dev44.dist-info/METADATA,sha256=QTdZMt2b0vB4-RKiQkHnznoUuIhB3QEHAZO4jcGhNZw,1286
|
|
120
|
+
checkmate5-4.1.0.dev44.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
121
|
+
checkmate5-4.1.0.dev44.dist-info/entry_points.txt,sha256=FbGnau5C4z98WmBYpMJqUzobQEr1AIi9aZApSavNojQ,60
|
|
122
|
+
checkmate5-4.1.0.dev44.dist-info/top_level.txt,sha256=tl6eIJXedpLZbcbmYEwlhEzuTaSt0TvIRUesOb8gtng,10
|
|
123
|
+
checkmate5-4.1.0.dev44.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|