checkmate5 5.1.0.dev1__py3-none-any.whl → 5.1.0.dev3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checkmate/contrib/plugins/all/aigraphcodescan/analyzer.py +1 -0
- checkmate/settings/defaults.py +0 -28
- {checkmate5-5.1.0.dev1.dist-info → checkmate5-5.1.0.dev3.dist-info}/METADATA +1 -1
- {checkmate5-5.1.0.dev1.dist-info → checkmate5-5.1.0.dev3.dist-info}/RECORD +8 -57
- checkmate/contrib/plugins/all/opengrep/__init__.py +0 -0
- checkmate/contrib/plugins/all/opengrep/analyzer.py +0 -150
- checkmate/contrib/plugins/all/opengrep/issues_data.py +0 -5
- checkmate/contrib/plugins/all/opengrep/opengrep_manylinux_x86 +0 -0
- checkmate/contrib/plugins/all/opengrep/setup.py +0 -13
- checkmate/contrib/plugins/cve/__init__.py +0 -0
- checkmate/contrib/plugins/cve/text4shell/__init__.py +0 -0
- checkmate/contrib/plugins/cve/text4shell/analyzer.py +0 -64
- checkmate/contrib/plugins/cve/text4shell/issues_data.py +0 -8
- checkmate/contrib/plugins/cve/text4shell/setup.py +0 -13
- checkmate/contrib/plugins/golang/__init__.py +0 -0
- checkmate/contrib/plugins/golang/gostaticcheck/__init__.py +0 -0
- checkmate/contrib/plugins/golang/gostaticcheck/analyzer.py +0 -94
- checkmate/contrib/plugins/golang/gostaticcheck/issues_data.py +0 -1246
- checkmate/contrib/plugins/golang/gostaticcheck/setup.py +0 -13
- checkmate/contrib/plugins/iac/__init__.py +0 -0
- checkmate/contrib/plugins/iac/kubescape/__init__.py +0 -0
- checkmate/contrib/plugins/iac/kubescape/analyzer.py +0 -115
- checkmate/contrib/plugins/iac/kubescape/issues_data.py +0 -636
- checkmate/contrib/plugins/iac/kubescape/setup.py +0 -14
- checkmate/contrib/plugins/iac/tfsec/__init__.py +0 -0
- checkmate/contrib/plugins/iac/tfsec/analyzer.py +0 -92
- checkmate/contrib/plugins/iac/tfsec/issues_data.py +0 -1917
- checkmate/contrib/plugins/iac/tfsec/setup.py +0 -13
- checkmate/contrib/plugins/java/__init__.py +0 -0
- checkmate/contrib/plugins/java/semgrepjava/__init__.py +0 -0
- checkmate/contrib/plugins/java/semgrepjava/analyzer.py +0 -96
- checkmate/contrib/plugins/java/semgrepjava/issues_data.py +0 -5
- checkmate/contrib/plugins/java/semgrepjava/setup.py +0 -13
- checkmate/contrib/plugins/javascript/__init__.py +0 -0
- checkmate/contrib/plugins/javascript/semgrepeslint/__init__.py +0 -0
- checkmate/contrib/plugins/javascript/semgrepeslint/analyzer.py +0 -95
- checkmate/contrib/plugins/javascript/semgrepeslint/issues_data.py +0 -6
- checkmate/contrib/plugins/javascript/semgrepeslint/setup.py +0 -13
- checkmate/contrib/plugins/perl/__init__.py +0 -0
- checkmate/contrib/plugins/perl/graudit/__init__.py +0 -0
- checkmate/contrib/plugins/perl/graudit/analyzer.py +0 -70
- checkmate/contrib/plugins/perl/graudit/issues_data.py +0 -8
- checkmate/contrib/plugins/perl/graudit/setup.py +0 -13
- checkmate/contrib/plugins/python/__init__.py +0 -0
- checkmate/contrib/plugins/python/bandit/__init__.py +0 -0
- checkmate/contrib/plugins/python/bandit/analyzer.py +0 -74
- checkmate/contrib/plugins/python/bandit/issues_data.py +0 -426
- checkmate/contrib/plugins/python/bandit/setup.py +0 -13
- checkmate/contrib/plugins/ruby/__init__.py +0 -0
- checkmate/contrib/plugins/ruby/brakeman/__init__.py +0 -0
- checkmate/contrib/plugins/ruby/brakeman/analyzer.py +0 -96
- checkmate/contrib/plugins/ruby/brakeman/issues_data.py +0 -518
- checkmate/contrib/plugins/ruby/brakeman/setup.py +0 -13
- {checkmate5-5.1.0.dev1.dist-info → checkmate5-5.1.0.dev3.dist-info}/WHEEL +0 -0
- {checkmate5-5.1.0.dev1.dist-info → checkmate5-5.1.0.dev3.dist-info}/entry_points.txt +0 -0
- {checkmate5-5.1.0.dev1.dist-info → checkmate5-5.1.0.dev3.dist-info}/licenses/LICENSE.txt +0 -0
- {checkmate5-5.1.0.dev1.dist-info → checkmate5-5.1.0.dev3.dist-info}/top_level.txt +0 -0
|
File without changes
|
|
File without changes
|
|
@@ -1,96 +0,0 @@
|
|
|
1
|
-
# -*- coding: utf-8 -*-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
from checkmate.lib.analysis.base import BaseAnalyzer
|
|
5
|
-
|
|
6
|
-
import logging
|
|
7
|
-
import os
|
|
8
|
-
import tempfile
|
|
9
|
-
import json
|
|
10
|
-
|
|
11
|
-
import subprocess
|
|
12
|
-
|
|
13
|
-
logger = logging.getLogger(__name__)
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
class SemgrepjavaAnalyzer(BaseAnalyzer):
|
|
17
|
-
|
|
18
|
-
def __init__(self, *args, **kwargs):
|
|
19
|
-
super(SemgrepjavaAnalyzer, self).__init__(*args, **kwargs)
|
|
20
|
-
try:
|
|
21
|
-
result = subprocess.check_output(
|
|
22
|
-
["semgrep", "--version"],stderr=subprocess.DEVNULL).strip()
|
|
23
|
-
except subprocess.CalledProcessError:
|
|
24
|
-
logger.error(
|
|
25
|
-
"Cannot initialize semgrep analyzer: Executable is missing, please install it.")
|
|
26
|
-
raise
|
|
27
|
-
|
|
28
|
-
def summarize(self, items):
|
|
29
|
-
pass
|
|
30
|
-
|
|
31
|
-
def analyze(self, file_revision):
|
|
32
|
-
issues = []
|
|
33
|
-
tmpdir = "/tmp/"+file_revision.project.pk
|
|
34
|
-
|
|
35
|
-
if not os.path.exists(os.path.dirname(tmpdir+"/"+file_revision.path)):
|
|
36
|
-
try:
|
|
37
|
-
os.makedirs(os.path.dirname(tmpdir+"/"+file_revision.path))
|
|
38
|
-
except OSError as exc: # Guard against race condition
|
|
39
|
-
if exc.errno != errno.EEXIST:
|
|
40
|
-
raise
|
|
41
|
-
f = open(tmpdir+"/"+file_revision.path, "wb")
|
|
42
|
-
|
|
43
|
-
fout = tempfile.NamedTemporaryFile(suffix=".json", delete=False)
|
|
44
|
-
result = {}
|
|
45
|
-
try:
|
|
46
|
-
with f:
|
|
47
|
-
try:
|
|
48
|
-
f.write(file_revision.get_file_content())
|
|
49
|
-
except UnicodeDecodeError:
|
|
50
|
-
pass
|
|
51
|
-
try:
|
|
52
|
-
result = subprocess.check_output(["semgrep",
|
|
53
|
-
"--config",
|
|
54
|
-
"/root/find_sec_bugs.yml",
|
|
55
|
-
"--no-git-ignore",
|
|
56
|
-
"--json",
|
|
57
|
-
f.name],
|
|
58
|
-
stderr=subprocess.DEVNULL).strip()
|
|
59
|
-
|
|
60
|
-
except subprocess.CalledProcessError as e:
|
|
61
|
-
if e.returncode == 4:
|
|
62
|
-
result = e.output
|
|
63
|
-
elif e.returncode == 3:
|
|
64
|
-
result = []
|
|
65
|
-
pass
|
|
66
|
-
else:
|
|
67
|
-
result = e.output
|
|
68
|
-
pass
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
try:
|
|
72
|
-
json_result = json.loads(result)
|
|
73
|
-
|
|
74
|
-
for issue in json_result['results']:
|
|
75
|
-
|
|
76
|
-
location = (((issue['start']['line'], None),
|
|
77
|
-
(issue['start']['line'], None)),)
|
|
78
|
-
|
|
79
|
-
if ".java" in file_revision.path or ".jsp" in file_revision.path or ".scala" in file_revision.path:
|
|
80
|
-
val = issue['check_id']
|
|
81
|
-
val = val.replace("root.","")
|
|
82
|
-
val = val.title().replace("_","")
|
|
83
|
-
|
|
84
|
-
issues.append({
|
|
85
|
-
'code': val,
|
|
86
|
-
'location': location,
|
|
87
|
-
'data': issue['extra']['message'],
|
|
88
|
-
'file': file_revision.path,
|
|
89
|
-
'line': issue['start']['line'],
|
|
90
|
-
'fingerprint': self.get_fingerprint_from_code(file_revision, location, extra_data=issue['extra']['message'])
|
|
91
|
-
})
|
|
92
|
-
except:
|
|
93
|
-
pass
|
|
94
|
-
|
|
95
|
-
finally:
|
|
96
|
-
return {'issues': issues}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
from .analyzer import SemgrepjavaAnalyzer
|
|
2
|
-
from .issues_data import issues_data
|
|
3
|
-
|
|
4
|
-
analyzers = {
|
|
5
|
-
'semgrepjava':
|
|
6
|
-
{
|
|
7
|
-
'name': 'semgrepjava',
|
|
8
|
-
'title': 'semgrepjava',
|
|
9
|
-
'class': SemgrepjavaAnalyzer,
|
|
10
|
-
'language': 'java',
|
|
11
|
-
'issues_data': issues_data,
|
|
12
|
-
},
|
|
13
|
-
}
|
|
File without changes
|
|
File without changes
|
|
@@ -1,95 +0,0 @@
|
|
|
1
|
-
# -*- coding: utf-8 -*-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
from checkmate.lib.analysis.base import BaseAnalyzer
|
|
5
|
-
|
|
6
|
-
import logging
|
|
7
|
-
import os
|
|
8
|
-
import tempfile
|
|
9
|
-
import json
|
|
10
|
-
import subprocess
|
|
11
|
-
|
|
12
|
-
logger = logging.getLogger(__name__)
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
class SemgrepeslintAnalyzer(BaseAnalyzer):
|
|
16
|
-
|
|
17
|
-
def __init__(self, *args, **kwargs):
|
|
18
|
-
super(SemgrepeslintAnalyzer, self).__init__(*args, **kwargs)
|
|
19
|
-
try:
|
|
20
|
-
result = subprocess.check_output(
|
|
21
|
-
["semgrep", "--version"],stderr=subprocess.DEVNULL).strip()
|
|
22
|
-
except subprocess.CalledProcessError:
|
|
23
|
-
logger.error(
|
|
24
|
-
"Cannot initialize semgrep analyzer: Executable is missing, please install it.")
|
|
25
|
-
raise
|
|
26
|
-
|
|
27
|
-
def summarize(self, items):
|
|
28
|
-
pass
|
|
29
|
-
|
|
30
|
-
def analyze(self, file_revision):
|
|
31
|
-
issues = []
|
|
32
|
-
tmpdir = "/tmp/"+file_revision.project.pk
|
|
33
|
-
|
|
34
|
-
if not os.path.exists(os.path.dirname(tmpdir+"/"+file_revision.path)):
|
|
35
|
-
try:
|
|
36
|
-
os.makedirs(os.path.dirname(tmpdir+"/"+file_revision.path))
|
|
37
|
-
except OSError as exc: # Guard against race condition
|
|
38
|
-
if exc.errno != errno.EEXIST:
|
|
39
|
-
raise
|
|
40
|
-
f = open(tmpdir+"/"+file_revision.path, "wb")
|
|
41
|
-
|
|
42
|
-
fout = tempfile.NamedTemporaryFile(suffix=".json", delete=False)
|
|
43
|
-
result = {}
|
|
44
|
-
try:
|
|
45
|
-
with f:
|
|
46
|
-
try:
|
|
47
|
-
f.write(file_revision.get_file_content())
|
|
48
|
-
except UnicodeDecodeError:
|
|
49
|
-
pass
|
|
50
|
-
try:
|
|
51
|
-
result = subprocess.check_output(["semgrep",
|
|
52
|
-
"--config",
|
|
53
|
-
"/root/eslint.yml",
|
|
54
|
-
"--no-git-ignore",
|
|
55
|
-
"--json",
|
|
56
|
-
f.name],
|
|
57
|
-
stderr=subprocess.DEVNULL).strip()
|
|
58
|
-
|
|
59
|
-
except subprocess.CalledProcessError as e:
|
|
60
|
-
if e.returncode == 4:
|
|
61
|
-
result = e.output
|
|
62
|
-
elif e.returncode == 3:
|
|
63
|
-
result = []
|
|
64
|
-
pass
|
|
65
|
-
else:
|
|
66
|
-
result = e.output
|
|
67
|
-
pass
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
try:
|
|
71
|
-
json_result = json.loads(result)
|
|
72
|
-
|
|
73
|
-
for issue in json_result['results']:
|
|
74
|
-
|
|
75
|
-
location = (((issue['start']['line'], None),
|
|
76
|
-
(issue['start']['line'], None)),)
|
|
77
|
-
|
|
78
|
-
if ".js" in file_revision.path or ".ts" in file_revision.path:
|
|
79
|
-
val = issue['check_id']
|
|
80
|
-
val = val.replace("root.","")
|
|
81
|
-
val = val.title().replace("_","")
|
|
82
|
-
|
|
83
|
-
issues.append({
|
|
84
|
-
'code': val,
|
|
85
|
-
'location': location,
|
|
86
|
-
'data': issue['extra']['message'],
|
|
87
|
-
'file': file_revision.path,
|
|
88
|
-
'line': issue['start']['line'],
|
|
89
|
-
'fingerprint': self.get_fingerprint_from_code(file_revision, location, extra_data=issue['extra']['message'])
|
|
90
|
-
})
|
|
91
|
-
except:
|
|
92
|
-
pass
|
|
93
|
-
|
|
94
|
-
finally:
|
|
95
|
-
return {'issues': issues}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
from .analyzer import SemgrepeslintAnalyzer
|
|
2
|
-
from .issues_data import issues_data
|
|
3
|
-
|
|
4
|
-
analyzers = {
|
|
5
|
-
'semgrepeslint':
|
|
6
|
-
{
|
|
7
|
-
'name': 'semgrepeslint',
|
|
8
|
-
'title': 'semgrepeslint',
|
|
9
|
-
'class': SemgrepeslintAnalyzer,
|
|
10
|
-
'language': 'javascript',
|
|
11
|
-
'issues_data': issues_data,
|
|
12
|
-
},
|
|
13
|
-
}
|
|
File without changes
|
|
File without changes
|
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
# -*- coding: utf-8 -*-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
from checkmate.lib.analysis.base import BaseAnalyzer
|
|
5
|
-
|
|
6
|
-
import logging
|
|
7
|
-
import os
|
|
8
|
-
import tempfile
|
|
9
|
-
import json
|
|
10
|
-
import subprocess
|
|
11
|
-
|
|
12
|
-
logger = logging.getLogger(__name__)
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
class GrauditAnalyzer(BaseAnalyzer):
|
|
16
|
-
|
|
17
|
-
def __init__(self, *args, **kwargs):
|
|
18
|
-
super(GrauditAnalyzer, self).__init__(*args, **kwargs)
|
|
19
|
-
|
|
20
|
-
def summarize(self, items):
|
|
21
|
-
pass
|
|
22
|
-
|
|
23
|
-
def analyze(self, file_revision):
|
|
24
|
-
issues = []
|
|
25
|
-
result = ""
|
|
26
|
-
f = tempfile.NamedTemporaryFile(delete=False)
|
|
27
|
-
try:
|
|
28
|
-
with f:
|
|
29
|
-
try:
|
|
30
|
-
f.write(file_revision.get_file_content())
|
|
31
|
-
except UnicodeDecodeError:
|
|
32
|
-
pass
|
|
33
|
-
try:
|
|
34
|
-
result = subprocess.check_output(["/root/graudit/graudit",
|
|
35
|
-
"-d",
|
|
36
|
-
"/root/graudit/signatures/perl.db",
|
|
37
|
-
f.name],
|
|
38
|
-
stderr=subprocess.DEVNULL).strip()
|
|
39
|
-
except subprocess.CalledProcessError as e:
|
|
40
|
-
pass
|
|
41
|
-
try:
|
|
42
|
-
json_result = json.loads(result)
|
|
43
|
-
except ValueError:
|
|
44
|
-
json_result = {}
|
|
45
|
-
pass
|
|
46
|
-
|
|
47
|
-
try:
|
|
48
|
-
for issue in json_result:
|
|
49
|
-
line = issue["line"]
|
|
50
|
-
line = int(line)
|
|
51
|
-
location = (((line, line),
|
|
52
|
-
(line, None)),)
|
|
53
|
-
|
|
54
|
-
if ".pl" in file_revision.path:
|
|
55
|
-
issues.append({
|
|
56
|
-
'code': "I001",
|
|
57
|
-
'location': location,
|
|
58
|
-
'data': issue["data"],
|
|
59
|
-
'file': file_revision.path,
|
|
60
|
-
'line': line,
|
|
61
|
-
'fingerprint': self.get_fingerprint_from_code(file_revision, location, extra_data=issue["data"])
|
|
62
|
-
})
|
|
63
|
-
|
|
64
|
-
except KeyError:
|
|
65
|
-
pass
|
|
66
|
-
|
|
67
|
-
finally:
|
|
68
|
-
os.unlink(f.name)
|
|
69
|
-
return {'issues': issues}
|
|
70
|
-
|
|
File without changes
|
|
File without changes
|
|
@@ -1,74 +0,0 @@
|
|
|
1
|
-
# -*- coding: utf-8 -*-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
from checkmate.lib.analysis.base import BaseAnalyzer
|
|
5
|
-
|
|
6
|
-
import logging
|
|
7
|
-
import os
|
|
8
|
-
import tempfile
|
|
9
|
-
import json
|
|
10
|
-
import subprocess
|
|
11
|
-
|
|
12
|
-
logger = logging.getLogger(__name__)
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
class BanditAnalyzer(BaseAnalyzer):
|
|
16
|
-
|
|
17
|
-
def __init__(self, *args, **kwargs):
|
|
18
|
-
super(BanditAnalyzer, self).__init__(*args, **kwargs)
|
|
19
|
-
try:
|
|
20
|
-
result = subprocess.check_output(["bandit", "--version"],stderr=subprocess.DEVNULL).strip()
|
|
21
|
-
except subprocess.CalledProcessError:
|
|
22
|
-
logger.error(
|
|
23
|
-
"Cannot initialize Bandit analyzer: Executable is missing, please install it.")
|
|
24
|
-
raise
|
|
25
|
-
|
|
26
|
-
def summarize(self, items):
|
|
27
|
-
pass
|
|
28
|
-
|
|
29
|
-
def analyze(self, file_revision):
|
|
30
|
-
issues = []
|
|
31
|
-
f = tempfile.NamedTemporaryFile(delete=False)
|
|
32
|
-
try:
|
|
33
|
-
with f:
|
|
34
|
-
try:
|
|
35
|
-
f.write(file_revision.get_file_content())
|
|
36
|
-
except UnicodeDecodeError:
|
|
37
|
-
pass
|
|
38
|
-
try:
|
|
39
|
-
result = subprocess.check_output(["bandit",
|
|
40
|
-
f.name,
|
|
41
|
-
"-f",
|
|
42
|
-
"json"],
|
|
43
|
-
stderr=subprocess.DEVNULL).strip()
|
|
44
|
-
except subprocess.CalledProcessError as e:
|
|
45
|
-
if e.returncode == 2:
|
|
46
|
-
result = e.output
|
|
47
|
-
pass
|
|
48
|
-
elif e.returncode == 1:
|
|
49
|
-
result = e.output
|
|
50
|
-
pass
|
|
51
|
-
else:
|
|
52
|
-
result = []
|
|
53
|
-
pass
|
|
54
|
-
|
|
55
|
-
json_result = json.loads(result)
|
|
56
|
-
|
|
57
|
-
for issue in json_result['results']:
|
|
58
|
-
|
|
59
|
-
location = (((issue['line_number'], None),
|
|
60
|
-
(issue['line_number'], None)),)
|
|
61
|
-
|
|
62
|
-
if ".py" in file_revision.path:
|
|
63
|
-
issues.append({
|
|
64
|
-
'code': issue['test_id'],
|
|
65
|
-
'location': location,
|
|
66
|
-
'data': issue['issue_text'],
|
|
67
|
-
'file': file_revision.path,
|
|
68
|
-
'line': issue['line_number'],
|
|
69
|
-
'fingerprint': self.get_fingerprint_from_code(file_revision, location, extra_data=issue['issue_text'])
|
|
70
|
-
})
|
|
71
|
-
|
|
72
|
-
finally:
|
|
73
|
-
os.unlink(f.name)
|
|
74
|
-
return {'issues': issues}
|