checkmate5 4.1.0.dev44__py3-none-any.whl → 4.1.0.dev46__py3-none-any.whl

checkmate/contrib/plugins/all/opengrep/analyzer.py

@@ -1,28 +1,27 @@
 # -*- coding: utf-8 -*-
 
-
 from checkmate.lib.analysis.base import BaseAnalyzer
 
 import logging
 import os
 import tempfile
 import json
-
 import subprocess
 
 logger = logging.getLogger(__name__)
 
 
 class OpengrepAnalyzer(BaseAnalyzer):
-
     def __init__(self, *args, **kwargs):
         super(OpengrepAnalyzer, self).__init__(*args, **kwargs)
         try:
             result = subprocess.check_output(
-                ["opengrep", "--version"],stderr=subprocess.DEVNULL).strip()
+                ["opengrep", "--version"], stderr=subprocess.DEVNULL
+            ).strip()
         except subprocess.CalledProcessError:
             logger.error(
-                "Cannot initialize opengrep analyzer: Executable is missing, please install it.")
+                "Cannot initialize opengrep analyzer: Executable is missing, please install it."
+            )
             raise
 
     def summarize(self, items):
@@ -30,66 +29,122 @@ class OpengrepAnalyzer(BaseAnalyzer):
 
     def analyze(self, file_revision):
         issues = []
-        tmpdir = "/tmp/"+file_revision.project.pk
+        tmpdir = "/tmp/" + file_revision.project.pk
 
-        if not os.path.exists(os.path.dirname(tmpdir+"/"+file_revision.path)):
+        # This block handles directory creation. Note: It's often safer to use
+        # Python's tempfile module for secure temporary file/directory handling
+        # instead of constructing paths manually in /tmp/.
+        if not os.path.exists(os.path.dirname(tmpdir + "/" + file_revision.path)):
             try:
-                os.makedirs(os.path.dirname(tmpdir+"/"+file_revision.path))
+                os.makedirs(os.path.dirname(tmpdir + "/" + file_revision.path))
             except OSError as exc:  # Guard against race condition
-                if exc.errno != errno.EEXIST:
+                # Import 'errno' is missing for this check (import errno)
+                if exc.errno != 17:  # 17 corresponds to errno.EEXIST
                     raise
-        f = open(tmpdir+"/"+file_revision.path, "wb")
-
+        
+        # Opened file handle. It's crucial to ensure this is closed properly.
+        # Using tempfile.NamedTemporaryFile for the entire process is generally
+        # safer and handles cleanup more robustly.
+        f = open(tmpdir + "/" + file_revision.path, "wb")
+
+        # This variable 'fout' is created but not used in the provided logic.
+        # It can likely be removed.
         fout = tempfile.NamedTemporaryFile(suffix=".json", delete=False)
         result = {}
+
         try:
+            # The 'with f:' block ensures the file is properly closed,
+            # but 'f' was already opened outside this block.
+            # For best practice, open the file directly within the 'with' statement.
             with f:
                 try:
-                  f.write(file_revision.get_file_content())
+                    f.write(file_revision.get_file_content())
                 except UnicodeDecodeError:
-                  pass
-            try:
-                result = subprocess.check_output(["opengrep",
-                                                  "scan",
-                                                  "-f",
-                                                  "/root/opengrep-rules"
-                                                  "--no-git-ignore",
-                                                  "--json",
-                                                  f.name],
-                                                  stderr=subprocess.DEVNULL).strip()
-                
-            except subprocess.CalledProcessError as e:
-                if e.returncode == 4:
-                    result = e.output
-                elif e.returncode == 3:
-                    result = []
-                    pass
-                else:
-                    result = e.output
+                    # Handle cases where the file content might not be decodable as text.
+                    # This often occurs with binary files.
                     pass
 
-            
+            # Get the file extension from the temporary file's name.
+            file_name = f.name
+            _, file_extension = os.path.splitext(file_name)
+
+            # Remove the leading dot from the extension (e.g., '.php' becomes 'php').
+            if file_extension:
+                file_extension = file_extension[1:]
+
+            # Construct the base rule path.
+            base_rules_path = "/root/opengrep-rules"
+
+            # Determine the specific rule folder based on the extension.
+            if file_extension:
+                rules_folder = file_extension.lower()  # Convert to lowercase for consistency
+                rules_path = os.path.join(base_rules_path, rules_folder)
+            else:
+                rules_path = base_rules_path # Use the base path if no extension
+
+            # Execute the opengrep command.
+            try:
+                result = subprocess.check_output(
+                    [
+                        "opengrep",
+                        "scan",
+                        "-f",
+                        rules_path,  # Dynamically set the rules path
+                        "--no-git-ignore",
+                        "--json",
+                        f.name,
+                    ],
+                    stderr=subprocess.DEVNULL,
+                ).strip()
+            except subprocess.CalledProcessError as e:
+                # Handle cases where opengrep command fails (e.g., non-zero exit code).
+                print(f"Opengrep command failed with error: {e}")
+                print(f"Output: {e.output.decode(errors='ignore')}") # Decode output for printing
+            except FileNotFoundError:
+                # Handle cases where 'opengrep' command itself is not found.
+                print("Error: 'opengrep' command not found. Make sure it's in your PATH.")
+
+            # Process the JSON result from opengrep.
+            # This 'try' block was originally at a different indentation level.
+            # It should ideally be part of the main analysis flow, possibly
+            # after the subprocess call.
             try:
                 json_result = json.loads(result)
 
-                for issue in json_result['results']:
-
-                    location = (((issue['start']['line'], None),
-                                 (issue['start']['line'], None)),)
-                    val = issue['check_id']
-                    val = val.replace("root.","")
-                    val = val.title().replace("_","")
-
-                    issues.append({
-                            'code': val,
-                            'location': location,
-                            'data': issue['extra']['message'],
-                            'file': file_revision.path,
-                            'line': issue['start']['line'],
-                            'fingerprint': self.get_fingerprint_from_code(file_revision, location, extra_data=issue['extra']['message'])
-                        })
-            except:
+                for issue in json_result["results"]:
+                    location = (
+                        ((issue["start"]["line"], None), (issue["start"]["line"], None)),
+                    )
+                    val = issue["check_id"]
+                    val = val.replace("root.", "")
+                    val = val.title().replace("_", "")
+
+                    issues.append(
+                        {
+                            "code": val,
+                            "location": location,
+                            "data": issue["extra"]["message"],
+                            "file": file_revision.path,
+                            "line": issue["start"]["line"],
+                            "fingerprint": self.get_fingerprint_from_code(
+                                file_revision, location, extra_data=issue["extra"]["message"]
+                            ),
+                        }
+                    )
+            except: # This is a bare except, which catches all exceptions.
+                    # It's better to catch specific exceptions, like json.JSONDecodeError,
+                    # and log errors instead of silently passing.
                 pass
 
-        finally:     
-            return {'issues': issues}
+        except Exception as e:
+            # Catch any other unexpected errors during file writing or processing.
+            print(f"An unexpected error occurred: {e}")
+
+        finally:
+            # The 'finally' block must align with its 'try' block.
+            # Ensure the temporary file 'f' is closed and deleted here if it was opened.
+            # In your original code, 'f' was opened, but there was no explicit close
+            # or deletion in the finally block for the manual file creation.
+            # Using tempfile.NamedTemporaryFile with its own 'with' context usually
+            # handles this automatically.
+            return {"issues": issues}

{checkmate5-4.1.0.dev44.dist-info → checkmate5-4.1.0.dev46.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: checkmate5
-Version: 4.1.0.dev44
+Version: 4.1.0.dev46
 Summary: A meta-code checker written in Python.
 Author: Andreas Dewes
 License: AGPL-3.0

{checkmate5-4.1.0.dev44.dist-info → checkmate5-4.1.0.dev46.dist-info}/RECORD

@@ -7,8 +7,9 @@ checkmate/contrib/plugins/all/aigraphcodescan/analyzer.py,sha256=5CLYKjtKqxmtq5s
 checkmate/contrib/plugins/all/aigraphcodescan/issues_data.py,sha256=pUC6pC33TEpgRProHoAJPvEr7wYaWgQvDXruWCTO_NE,252
 checkmate/contrib/plugins/all/aigraphcodescan/setup.py,sha256=ojrkDPRHVOC3mK34alu1d994uc0VpixFXsOJuZmr0pY,340
 checkmate/contrib/plugins/all/opengrep/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-checkmate/contrib/plugins/all/opengrep/analyzer.py,sha256=WhoTaagC8IAbWtf0VX2aBb3NIGC94ls_x41mybpdX_Y,3312
+checkmate/contrib/plugins/all/opengrep/analyzer.py,sha256=7_-rPDpSXuU9IemJ6aU5a5V7-_u8Y3ZSAMQ10tgcRdw,6502
 checkmate/contrib/plugins/all/opengrep/issues_data.py,sha256=XKspT10LzjPgE_euavpZGqR34evbvL-ctsIJn7_lrKw,44
+checkmate/contrib/plugins/all/opengrep/opengrep_manylinux_x86,sha256=OcYISWcyhsWIZ9A_XDOn1GJ-BNzLc8nuOCUshlx-aVU,45796896
 checkmate/contrib/plugins/all/opengrep/setup.py,sha256=axjstT1Dy3_2zVi_Gs8wFST-LOR08ZWzEghat0Kcv9M,305
 checkmate/contrib/plugins/cve/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 checkmate/contrib/plugins/cve/text4shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -115,9 +116,9 @@ checkmate/scripts/manage.py,sha256=vb4L171yfctLbZpQxn_kZ1hQLtCDqdQQGiq7BJlnQ2A,4
 checkmate/settings/__init__.py,sha256=z32hPz-kGS-tTGa6dWCFjrrrbS_eagLd-YrqBP3gjWI,33
 checkmate/settings/base.py,sha256=3WBXZITqoWepIja96bo5JTi-TDpQALPTCugL0E8z-yE,4551
 checkmate/settings/defaults.py,sha256=nkEvDEqr3fhoy8ewvMX2ehyGtbdtkqxyqFJInol8wPg,2794
-checkmate5-4.1.0.dev44.dist-info/licenses/LICENSE.txt,sha256=SGQTFjJQjkYGoK1PCFfMKpfgRLm3yL0h9Mq2o26sm2E,151451
-checkmate5-4.1.0.dev44.dist-info/METADATA,sha256=QTdZMt2b0vB4-RKiQkHnznoUuIhB3QEHAZO4jcGhNZw,1286
-checkmate5-4.1.0.dev44.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-checkmate5-4.1.0.dev44.dist-info/entry_points.txt,sha256=FbGnau5C4z98WmBYpMJqUzobQEr1AIi9aZApSavNojQ,60
-checkmate5-4.1.0.dev44.dist-info/top_level.txt,sha256=tl6eIJXedpLZbcbmYEwlhEzuTaSt0TvIRUesOb8gtng,10
-checkmate5-4.1.0.dev44.dist-info/RECORD,,
+checkmate5-4.1.0.dev46.dist-info/licenses/LICENSE.txt,sha256=SGQTFjJQjkYGoK1PCFfMKpfgRLm3yL0h9Mq2o26sm2E,151451
+checkmate5-4.1.0.dev46.dist-info/METADATA,sha256=qhYS5VA4gbJzek44wnI9sAvVqFSWXDirSLTezx5Q97k,1286
+checkmate5-4.1.0.dev46.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+checkmate5-4.1.0.dev46.dist-info/entry_points.txt,sha256=FbGnau5C4z98WmBYpMJqUzobQEr1AIi9aZApSavNojQ,60
+checkmate5-4.1.0.dev46.dist-info/top_level.txt,sha256=tl6eIJXedpLZbcbmYEwlhEzuTaSt0TvIRUesOb8gtng,10
+checkmate5-4.1.0.dev46.dist-info/RECORD,,