cisco-ai-skill-scanner 1.0.0__py3-none-any.whl

skillanalyzer/core/reporters/json_reporter.py

@@ -0,0 +1,65 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+JSON format reporter for scan results.
+"""
+
+import json
+
+from ...core.models import Report, ScanResult
+
+
+class JSONReporter:
+    """Generates JSON format reports."""
+
+    def __init__(self, pretty: bool = True):
+        """
+        Initialize JSON reporter.
+
+        Args:
+            pretty: If True, format JSON with indentation
+        """
+        self.pretty = pretty
+
+    def generate_report(self, data: ScanResult | Report) -> str:
+        """
+        Generate JSON report.
+
+        Args:
+            data: ScanResult or Report object
+
+        Returns:
+            JSON string
+        """
+        report_dict = data.to_dict()
+
+        if self.pretty:
+            return json.dumps(report_dict, indent=2, default=str)
+        else:
+            return json.dumps(report_dict, default=str)
+
+    def save_report(self, data: ScanResult | Report, output_path: str):
+        """
+        Save JSON report to file.
+
+        Args:
+            data: ScanResult or Report object
+            output_path: Path to save file
+        """
+        report_json = self.generate_report(data)
+        with open(output_path, "w", encoding="utf-8") as f:
+            f.write(report_json)

skillanalyzer/core/reporters/markdown_reporter.py

@@ -0,0 +1,209 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Markdown format reporter for scan results.
+"""
+
+from ...core.models import Finding, Report, ScanResult, Severity
+
+
+class MarkdownReporter:
+    """Generates Markdown format reports."""
+
+    def __init__(self, detailed: bool = True):
+        """
+        Initialize Markdown reporter.
+
+        Args:
+            detailed: If True, include full finding details
+        """
+        self.detailed = detailed
+
+    def generate_report(self, data: ScanResult | Report) -> str:
+        """
+        Generate Markdown report.
+
+        Args:
+            data: ScanResult or Report object
+
+        Returns:
+            Markdown string
+        """
+        if isinstance(data, ScanResult):
+            return self._generate_scan_result_report(data)
+        else:
+            return self._generate_multi_skill_report(data)
+
+    def _generate_scan_result_report(self, result: ScanResult) -> str:
+        """Generate report for a single skill scan."""
+        lines = []
+
+        # Header
+        lines.append("# Claude Skill Security Scan Report")
+        lines.append("")
+        lines.append(f"**Skill:** {result.skill_name}")
+        lines.append(f"**Directory:** {result.skill_directory}")
+        lines.append(f"**Status:** {'[OK] SAFE' if result.is_safe else '[FAIL] ISSUES FOUND'}")
+        lines.append(f"**Max Severity:** {result.max_severity.value}")
+        lines.append(f"**Scan Duration:** {result.scan_duration_seconds:.2f}s")
+        lines.append(f"**Timestamp:** {result.timestamp.isoformat()}")
+        lines.append("")
+
+        # Summary
+        lines.append("## Summary")
+        lines.append("")
+        lines.append(f"- **Total Findings:** {len(result.findings)}")
+        lines.append(f"- **Critical:** {len(result.get_findings_by_severity(Severity.CRITICAL))}")
+        lines.append(f"- **High:** {len(result.get_findings_by_severity(Severity.HIGH))}")
+        lines.append(f"- **Medium:** {len(result.get_findings_by_severity(Severity.MEDIUM))}")
+        lines.append(f"- **Low:** {len(result.get_findings_by_severity(Severity.LOW))}")
+        lines.append(f"- **Info:** {len(result.get_findings_by_severity(Severity.INFO))}")
+        lines.append("")
+
+        # Findings
+        if result.findings:
+            lines.append("## Findings")
+            lines.append("")
+
+            # Group by severity
+            for severity in [Severity.CRITICAL, Severity.HIGH, Severity.MEDIUM, Severity.LOW, Severity.INFO]:
+                findings = result.get_findings_by_severity(severity)
+                if findings:
+                    lines.append(f"### {severity.value} Severity")
+                    lines.append("")
+
+                    for finding in findings:
+                        lines.extend(self._format_finding(finding))
+                        lines.append("")
+        else:
+            lines.append("## [OK] No Issues Found")
+            lines.append("")
+            lines.append("This skill passed all security checks.")
+            lines.append("")
+
+        # Analyzers used
+        lines.append("## Analyzers")
+        lines.append("")
+        lines.append("The following analyzers were used:")
+        lines.append("")
+        for analyzer in result.analyzers_used:
+            lines.append(f"- {analyzer}")
+        lines.append("")
+
+        return "\n".join(lines)
+
+    def _generate_multi_skill_report(self, report: Report) -> str:
+        """Generate report for multiple skills."""
+        lines = []
+
+        # Header
+        lines.append("# Claude Skills Security Scan Report")
+        lines.append("")
+        lines.append(f"**Timestamp:** {report.timestamp.isoformat()}")
+        lines.append("")
+
+        # Summary
+        lines.append("## Summary")
+        lines.append("")
+        lines.append(f"- **Total Skills Scanned:** {report.total_skills_scanned}")
+        lines.append(f"- **Safe Skills:** {report.safe_count}")
+        lines.append(f"- **Total Findings:** {report.total_findings}")
+        lines.append("")
+        lines.append("### Findings by Severity")
+        lines.append("")
+        lines.append(f"- **Critical:** {report.critical_count}")
+        lines.append(f"- **High:** {report.high_count}")
+        lines.append(f"- **Medium:** {report.medium_count}")
+        lines.append(f"- **Low:** {report.low_count}")
+        lines.append(f"- **Info:** {report.info_count}")
+        lines.append("")
+
+        # Individual skill results
+        lines.append("## Skill Results")
+        lines.append("")
+
+        for result in report.scan_results:
+            status_icon = "[OK]" if result.is_safe else "[FAIL]"
+            lines.append(f"### {status_icon} {result.skill_name}")
+            lines.append("")
+            lines.append(f"- **Max Severity:** {result.max_severity.value}")
+            lines.append(f"- **Findings:** {len(result.findings)}")
+            lines.append(f"- **Directory:** {result.skill_directory}")
+            lines.append("")
+
+            if self.detailed and result.findings:
+                for finding in result.findings:
+                    lines.extend(self._format_finding(finding, indent=1))
+                    lines.append("")
+
+        return "\n".join(lines)
+
+    def _format_finding(self, finding: Finding, indent: int = 0) -> list:
+        """Format a single finding as markdown lines."""
+        lines = []
+        indent_str = "  " * indent
+
+        # Severity prefix
+        severity_prefix = {
+            Severity.CRITICAL: "[CRITICAL]",
+            Severity.HIGH: "[HIGH]",
+            Severity.MEDIUM: "[MEDIUM]",
+            Severity.LOW: "[LOW]",
+            Severity.INFO: "[INFO]",
+        }
+        prefix = severity_prefix.get(finding.severity, "[INFO]")
+
+        lines.append(f"{indent_str}#### {prefix} {finding.title}")
+        lines.append(f"{indent_str}")
+        lines.append(f"{indent_str}**Severity:** {finding.severity.value}")
+        lines.append(f"{indent_str}**Category:** {finding.category.value}")
+        lines.append(f"{indent_str}**Rule ID:** {finding.rule_id}")
+
+        if finding.file_path:
+            location = f"{finding.file_path}"
+            if finding.line_number:
+                location += f":{finding.line_number}"
+            lines.append(f"{indent_str}**Location:** {location}")
+
+        lines.append(f"{indent_str}")
+        lines.append(f"{indent_str}**Description:** {finding.description}")
+
+        if self.detailed:
+            if finding.snippet:
+                lines.append(f"{indent_str}")
+                lines.append(f"{indent_str}**Code Snippet:**")
+                lines.append(f"{indent_str}```")
+                lines.append(f"{indent_str}{finding.snippet}")
+                lines.append(f"{indent_str}```")
+
+            if finding.remediation:
+                lines.append(f"{indent_str}")
+                lines.append(f"{indent_str}**Remediation:** {finding.remediation}")
+
+        return lines
+
+    def save_report(self, data: ScanResult | Report, output_path: str):
+        """
+        Save Markdown report to file.
+
+        Args:
+            data: ScanResult or Report object
+            output_path: Path to save file
+        """
+        report_md = self.generate_report(data)
+        with open(output_path, "w", encoding="utf-8") as f:
+            f.write(report_md)

skillanalyzer/core/reporters/sarif_reporter.py

@@ -0,0 +1,246 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+SARIF format reporter for GitHub Code Scanning integration.
+
+Implements SARIF 2.1.0 specification for security scan results.
+https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+"""
+
+import json
+from typing import Any
+
+from ...core.models import Finding, Report, ScanResult, Severity
+
+
+class SARIFReporter:
+    """Generates SARIF 2.1.0 format reports for GitHub Code Scanning."""
+
+    SARIF_VERSION = "2.1.0"
+    SARIF_SCHEMA = "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json"
+
+    # Map severity to SARIF levels
+    SEVERITY_TO_LEVEL = {
+        Severity.CRITICAL: "error",
+        Severity.HIGH: "error",
+        Severity.MEDIUM: "warning",
+        Severity.LOW: "note",
+        Severity.INFO: "note",
+        Severity.SAFE: "none",
+    }
+
+    def __init__(self, tool_name: str = "skill-analyzer", tool_version: str = "1.0.0"):
+        """
+        Initialize SARIF reporter.
+
+        Args:
+            tool_name: Name of the scanning tool
+            tool_version: Version of the scanning tool
+        """
+        self.tool_name = tool_name
+        self.tool_version = tool_version
+
+    def generate_report(self, data: ScanResult | Report) -> str:
+        """
+        Generate SARIF report.
+
+        Args:
+            data: ScanResult or Report object
+
+        Returns:
+            SARIF JSON string
+        """
+        if isinstance(data, ScanResult):
+            sarif = self._generate_from_scan_result(data)
+        else:
+            sarif = self._generate_from_report(data)
+
+        return json.dumps(sarif, indent=2, default=str)
+
+    def _generate_from_scan_result(self, result: ScanResult) -> dict[str, Any]:
+        """Generate SARIF from a single ScanResult."""
+        rules = self._extract_rules(result.findings)
+        results = self._convert_findings(result.findings, result.skill_directory)
+
+        return {
+            "$schema": self.SARIF_SCHEMA,
+            "version": self.SARIF_VERSION,
+            "runs": [
+                {
+                    "tool": self._create_tool_component(rules),
+                    "results": results,
+                    "invocations": [
+                        {
+                            "executionSuccessful": True,
+                            "endTimeUtc": result.timestamp.isoformat() + "Z",
+                        }
+                    ],
+                }
+            ],
+        }
+
+    def _generate_from_report(self, report: Report) -> dict[str, Any]:
+        """Generate SARIF from a Report with multiple scan results."""
+        all_findings = []
+        for scan_result in report.scan_results:
+            all_findings.extend(scan_result.findings)
+
+        rules = self._extract_rules(all_findings)
+
+        # Create results with proper artifact locations
+        all_results = []
+        for scan_result in report.scan_results:
+            results = self._convert_findings(scan_result.findings, scan_result.skill_directory)
+            all_results.extend(results)
+
+        return {
+            "$schema": self.SARIF_SCHEMA,
+            "version": self.SARIF_VERSION,
+            "runs": [
+                {
+                    "tool": self._create_tool_component(rules),
+                    "results": all_results,
+                    "invocations": [
+                        {
+                            "executionSuccessful": True,
+                            "endTimeUtc": report.timestamp.isoformat() + "Z",
+                        }
+                    ],
+                }
+            ],
+        }
+
+    def _create_tool_component(self, rules: list[dict[str, Any]]) -> dict[str, Any]:
+        """Create the tool component with rules."""
+        return {
+            "driver": {
+                "name": self.tool_name,
+                "version": self.tool_version,
+                "informationUri": "https://github.com/anthropics/skill-analyzer",
+                "rules": rules,
+            }
+        }
+
+    def _extract_rules(self, findings: list[Finding]) -> list[dict[str, Any]]:
+        """Extract unique rules from findings."""
+        seen_rules: set[str] = set()
+        rules = []
+
+        for finding in findings:
+            if finding.rule_id in seen_rules:
+                continue
+            seen_rules.add(finding.rule_id)
+
+            rule = {
+                "id": finding.rule_id,
+                "name": finding.rule_id.replace("_", " ").title(),
+                "shortDescription": {
+                    "text": finding.title,
+                },
+                "fullDescription": {
+                    "text": finding.description,
+                },
+                "defaultConfiguration": {
+                    "level": self.SEVERITY_TO_LEVEL.get(finding.severity, "warning"),
+                },
+                "properties": {
+                    "category": finding.category.value,
+                    "severity": finding.severity.value,
+                    "tags": [finding.category.value, "security"],
+                },
+            }
+
+            if finding.remediation:
+                rule["help"] = {
+                    "text": finding.remediation,
+                    "markdown": f"**Remediation**: {finding.remediation}",
+                }
+
+            rules.append(rule)
+
+        return rules
+
+    def _convert_findings(self, findings: list[Finding], base_path: str) -> list[dict[str, Any]]:
+        """Convert findings to SARIF results."""
+        results = []
+
+        for finding in findings:
+            result = {
+                "ruleId": finding.rule_id,
+                "level": self.SEVERITY_TO_LEVEL.get(finding.severity, "warning"),
+                "message": {
+                    "text": finding.description,
+                },
+                "properties": {
+                    "category": finding.category.value,
+                    "severity": finding.severity.value,
+                },
+            }
+
+            # Add location if file path is available
+            if finding.file_path:
+                location = {
+                    "physicalLocation": {
+                        "artifactLocation": {
+                            "uri": finding.file_path,
+                            "uriBaseId": "%SRCROOT%",
+                        },
+                    }
+                }
+
+                # Add region if line number is available
+                if finding.line_number:
+                    location["physicalLocation"]["region"] = {
+                        "startLine": finding.line_number,
+                    }
+                    if finding.snippet:
+                        location["physicalLocation"]["region"]["snippet"] = {
+                            "text": finding.snippet,
+                        }
+
+                result["locations"] = [location]
+
+            # Add fixes/remediation if available
+            if finding.remediation:
+                result["fixes"] = [
+                    {
+                        "description": {
+                            "text": finding.remediation,
+                        }
+                    }
+                ]
+
+            # Add fingerprint for deduplication
+            result["fingerprints"] = {
+                "primaryLocationLineHash": finding.id,
+            }
+
+            results.append(result)
+
+        return results
+
+    def save_report(self, data: ScanResult | Report, output_path: str):
+        """
+        Save SARIF report to file.
+
+        Args:
+            data: ScanResult or Report object
+            output_path: Path to save file
+        """
+        report_json = self.generate_report(data)
+        with open(output_path, "w", encoding="utf-8") as f:
+            f.write(report_json)