checkmate5 4.1.0.dev43__py3-none-any.whl → 4.1.0.dev45__py3-none-any.whl

checkmate/contrib/plugins/all/opengrep/analyzer.py

@@ -0,0 +1,150 @@
+# -*- coding: utf-8 -*-
+
+from checkmate.lib.analysis.base import BaseAnalyzer
+
+import logging
+import os
+import tempfile
+import json
+import subprocess
+
+logger = logging.getLogger(__name__)
+
+
+class OpengrepAnalyzer(BaseAnalyzer):
+    def __init__(self, *args, **kwargs):
+        super(OpengrepAnalyzer, self).__init__(*args, **kwargs)
+        try:
+            result = subprocess.check_output(
+                ["opengrep", "--version"], stderr=subprocess.DEVNULL
+            ).strip()
+        except subprocess.CalledProcessError:
+            logger.error(
+                "Cannot initialize opengrep analyzer: Executable is missing, please install it."
+            )
+            raise
+
+    def summarize(self, items):
+        pass
+
+    def analyze(self, file_revision):
+        issues = []
+        tmpdir = "/tmp/" + file_revision.project.pk
+
+        # This block handles directory creation. Note: It's often safer to use
+        # Python's tempfile module for secure temporary file/directory handling
+        # instead of constructing paths manually in /tmp/.
+        if not os.path.exists(os.path.dirname(tmpdir + "/" + file_revision.path)):
+            try:
+                os.makedirs(os.path.dirname(tmpdir + "/" + file_revision.path))
+            except OSError as exc:  # Guard against race condition
+                # Import 'errno' is missing for this check (import errno)
+                if exc.errno != 17:  # 17 corresponds to errno.EEXIST
+                    raise
+        
+        # Opened file handle. It's crucial to ensure this is closed properly.
+        # Using tempfile.NamedTemporaryFile for the entire process is generally
+        # safer and handles cleanup more robustly.
+        f = open(tmpdir + "/" + file_revision.path, "wb")
+
+        # This variable 'fout' is created but not used in the provided logic.
+        # It can likely be removed.
+        fout = tempfile.NamedTemporaryFile(suffix=".json", delete=False)
+        result = {}
+
+        try:
+            # The 'with f:' block ensures the file is properly closed,
+            # but 'f' was already opened outside this block.
+            # For best practice, open the file directly within the 'with' statement.
+            with f:
+                try:
+                    f.write(file_revision.get_file_content())
+                except UnicodeDecodeError:
+                    # Handle cases where the file content might not be decodable as text.
+                    # This often occurs with binary files.
+                    pass
+
+            # Get the file extension from the temporary file's name.
+            file_name = f.name
+            _, file_extension = os.path.splitext(file_name)
+
+            # Remove the leading dot from the extension (e.g., '.php' becomes 'php').
+            if file_extension:
+                file_extension = file_extension[1:]
+
+            # Construct the base rule path.
+            base_rules_path = "/root/opengrep-rules"
+
+            # Determine the specific rule folder based on the extension.
+            if file_extension:
+                rules_folder = file_extension.lower()  # Convert to lowercase for consistency
+                rules_path = os.path.join(base_rules_path, rules_folder)
+            else:
+                rules_path = base_rules_path # Use the base path if no extension
+
+            # Execute the opengrep command.
+            try:
+                result = subprocess.check_output(
+                    [
+                        "opengrep",
+                        "scan",
+                        "-f",
+                        rules_path,  # Dynamically set the rules path
+                        "--no-git-ignore",
+                        "--json",
+                        f.name,
+                    ],
+                    stderr=subprocess.DEVNULL,
+                ).strip()
+            except subprocess.CalledProcessError as e:
+                # Handle cases where opengrep command fails (e.g., non-zero exit code).
+                print(f"Opengrep command failed with error: {e}")
+                print(f"Output: {e.output.decode(errors='ignore')}") # Decode output for printing
+            except FileNotFoundError:
+                # Handle cases where 'opengrep' command itself is not found.
+                print("Error: 'opengrep' command not found. Make sure it's in your PATH.")
+
+            # Process the JSON result from opengrep.
+            # This 'try' block was originally at a different indentation level.
+            # It should ideally be part of the main analysis flow, possibly
+            # after the subprocess call.
+            try:
+                json_result = json.loads(result)
+
+                for issue in json_result["results"]:
+                    location = (
+                        ((issue["start"]["line"], None), (issue["start"]["line"], None)),
+                    )
+                    val = issue["check_id"]
+                    val = val.replace("root.", "")
+                    val = val.title().replace("_", "")
+
+                    issues.append(
+                        {
+                            "code": val,
+                            "location": location,
+                            "data": issue["extra"]["message"],
+                            "file": file_revision.path,
+                            "line": issue["start"]["line"],
+                            "fingerprint": self.get_fingerprint_from_code(
+                                file_revision, location, extra_data=issue["extra"]["message"]
+                            ),
+                        }
+                    )
+            except: # This is a bare except, which catches all exceptions.
+                    # It's better to catch specific exceptions, like json.JSONDecodeError,
+                    # and log errors instead of silently passing.
+                pass
+
+        except Exception as e:
+            # Catch any other unexpected errors during file writing or processing.
+            print(f"An unexpected error occurred: {e}")
+
+        finally:
+            # The 'finally' block must align with its 'try' block.
+            # Ensure the temporary file 'f' is closed and deleted here if it was opened.
+            # In your original code, 'f' was opened, but there was no explicit close
+            # or deletion in the finally block for the manual file creation.
+            # Using tempfile.NamedTemporaryFile with its own 'with' context usually
+            # handles this automatically.
+            return {"issues": issues}

checkmate/contrib/plugins/all/opengrep/issues_data.py

@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+
+
+issues_data = {
+}

checkmate/contrib/plugins/all/opengrep/setup.py

@@ -0,0 +1,13 @@
+from .analyzer import OpengrepAnalyzer
+from .issues_data import issues_data
+
+analyzers = {
+    'opengrep':
+        {
+            'name': 'opengrep',
+            'title': 'opengrep',
+            'class': OpengrepAnalyzer,
+            'language': 'all',
+            'issues_data': issues_data,
+        },
+}

checkmate/settings/defaults.py

@@ -21,6 +21,7 @@ plugins = {
     'brakeman': 'checkmate.contrib.plugins.ruby.brakeman',
     'tfsec': 'checkmate.contrib.plugins.iac.tfsec',
     'kubescape': 'checkmate.contrib.plugins.iac.kubescape',
+    'opengrep': 'checkmate.contrib.plugins.all.opengrep',
   
 }
 

{checkmate5-4.1.0.dev43.dist-info → checkmate5-4.1.0.dev45.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: checkmate5
-Version: 4.1.0.dev43
+Version: 4.1.0.dev45
 Summary: A meta-code checker written in Python.
 Author: Andreas Dewes
 License: AGPL-3.0

{checkmate5-4.1.0.dev43.dist-info → checkmate5-4.1.0.dev45.dist-info}/RECORD

@@ -6,6 +6,10 @@ checkmate/contrib/plugins/all/aigraphcodescan/__init__.py,sha256=47DEQpj8HBSa-_T
 checkmate/contrib/plugins/all/aigraphcodescan/analyzer.py,sha256=5CLYKjtKqxmtq5s9PYYrW8qnSN6eG55HoqWHQ4Kf7Nc,3189
 checkmate/contrib/plugins/all/aigraphcodescan/issues_data.py,sha256=pUC6pC33TEpgRProHoAJPvEr7wYaWgQvDXruWCTO_NE,252
 checkmate/contrib/plugins/all/aigraphcodescan/setup.py,sha256=ojrkDPRHVOC3mK34alu1d994uc0VpixFXsOJuZmr0pY,340
+checkmate/contrib/plugins/all/opengrep/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+checkmate/contrib/plugins/all/opengrep/analyzer.py,sha256=7_-rPDpSXuU9IemJ6aU5a5V7-_u8Y3ZSAMQ10tgcRdw,6502
+checkmate/contrib/plugins/all/opengrep/issues_data.py,sha256=XKspT10LzjPgE_euavpZGqR34evbvL-ctsIJn7_lrKw,44
+checkmate/contrib/plugins/all/opengrep/setup.py,sha256=axjstT1Dy3_2zVi_Gs8wFST-LOR08ZWzEghat0Kcv9M,305
 checkmate/contrib/plugins/cve/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 checkmate/contrib/plugins/cve/text4shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 checkmate/contrib/plugins/cve/text4shell/analyzer.py,sha256=RgYq1dIGLLRdn8GeehXbjmyaE5nJDh0qRfeI22xTO2g,1850
@@ -110,10 +114,10 @@ checkmate/scripts/__init__.py,sha256=XAi0y8z1NviyGvLB68Oxnzr6Nw5AP8xgbcSSnc1Zcvw
 checkmate/scripts/manage.py,sha256=vb4L171yfctLbZpQxn_kZ1hQLtCDqdQQGiq7BJlnQ2A,4494
 checkmate/settings/__init__.py,sha256=z32hPz-kGS-tTGa6dWCFjrrrbS_eagLd-YrqBP3gjWI,33
 checkmate/settings/base.py,sha256=3WBXZITqoWepIja96bo5JTi-TDpQALPTCugL0E8z-yE,4551
-checkmate/settings/defaults.py,sha256=JaR9H5fciWy4PMX3oqIeaui7HDzjWSIhsXZD3tj4mSc,2736
-checkmate5-4.1.0.dev43.dist-info/licenses/LICENSE.txt,sha256=SGQTFjJQjkYGoK1PCFfMKpfgRLm3yL0h9Mq2o26sm2E,151451
-checkmate5-4.1.0.dev43.dist-info/METADATA,sha256=10L_s4YCJSToO_TZu5NtzluPV9Lnooz2xoKPuwIYc3k,1286
-checkmate5-4.1.0.dev43.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-checkmate5-4.1.0.dev43.dist-info/entry_points.txt,sha256=FbGnau5C4z98WmBYpMJqUzobQEr1AIi9aZApSavNojQ,60
-checkmate5-4.1.0.dev43.dist-info/top_level.txt,sha256=tl6eIJXedpLZbcbmYEwlhEzuTaSt0TvIRUesOb8gtng,10
-checkmate5-4.1.0.dev43.dist-info/RECORD,,
+checkmate/settings/defaults.py,sha256=nkEvDEqr3fhoy8ewvMX2ehyGtbdtkqxyqFJInol8wPg,2794
+checkmate5-4.1.0.dev45.dist-info/licenses/LICENSE.txt,sha256=SGQTFjJQjkYGoK1PCFfMKpfgRLm3yL0h9Mq2o26sm2E,151451
+checkmate5-4.1.0.dev45.dist-info/METADATA,sha256=-3G-9NVkjK2ynmiQGXrzOX4FABbOIPBof5McE2Hnfm8,1286
+checkmate5-4.1.0.dev45.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+checkmate5-4.1.0.dev45.dist-info/entry_points.txt,sha256=FbGnau5C4z98WmBYpMJqUzobQEr1AIi9aZApSavNojQ,60
+checkmate5-4.1.0.dev45.dist-info/top_level.txt,sha256=tl6eIJXedpLZbcbmYEwlhEzuTaSt0TvIRUesOb8gtng,10
+checkmate5-4.1.0.dev45.dist-info/RECORD,,