cisco-ai-skill-scanner 1.0.0__py3-none-any.whl

skillanalyzer/core/reporters/table_reporter.py

@@ -0,0 +1,195 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Table format reporter for scan results.
+"""
+
+from tabulate import tabulate
+
+from ...core.models import Report, ScanResult, Severity
+
+
+class TableReporter:
+    """Generates table format reports."""
+
+    def __init__(self, format_style: str = "grid", show_snippets: bool = False):
+        """
+        Initialize table reporter.
+
+        Args:
+            format_style: Table format (grid, simple, plain, etc.)
+            show_snippets: If True, include code snippets after table
+        """
+        self.format_style = format_style
+        self.show_snippets = show_snippets
+
+    def generate_report(self, data: ScanResult | Report) -> str:
+        """
+        Generate table report.
+
+        Args:
+            data: ScanResult or Report object
+
+        Returns:
+            Table string
+        """
+        if isinstance(data, ScanResult):
+            return self._generate_scan_result_report(data)
+        else:
+            return self._generate_multi_skill_report(data)
+
+    def _generate_scan_result_report(self, result: ScanResult) -> str:
+        """Generate table report for a single skill scan."""
+        lines = []
+
+        # Header
+        lines.append("=" * 80)
+        lines.append(f"Claude Skill Security Scan: {result.skill_name}")
+        lines.append("=" * 80)
+        lines.append("")
+
+        # Summary table
+        summary_data = [
+            ["Skill", result.skill_name],
+            ["Status", "[OK] SAFE" if result.is_safe else "[FAIL] ISSUES FOUND"],
+            ["Max Severity", result.max_severity.value],
+            ["Total Findings", len(result.findings)],
+            ["Scan Duration", f"{result.scan_duration_seconds:.2f}s"],
+        ]
+        lines.append(tabulate(summary_data, tablefmt=self.format_style))
+        lines.append("")
+
+        # Findings by severity
+        if result.findings:
+            severity_data = [
+                ["Critical", len(result.get_findings_by_severity(Severity.CRITICAL))],
+                ["High", len(result.get_findings_by_severity(Severity.HIGH))],
+                ["Medium", len(result.get_findings_by_severity(Severity.MEDIUM))],
+                ["Low", len(result.get_findings_by_severity(Severity.LOW))],
+                ["Info", len(result.get_findings_by_severity(Severity.INFO))],
+            ]
+            lines.append("Findings by Severity:")
+            lines.append(tabulate(severity_data, headers=["Severity", "Count"], tablefmt=self.format_style))
+            lines.append("")
+
+            # Detailed findings table
+            lines.append("Detailed Findings:")
+            findings_data = []
+            for finding in result.findings:
+                location = finding.file_path or "N/A"
+                if finding.line_number:
+                    location += f":{finding.line_number}"
+
+                findings_data.append(
+                    [
+                        finding.severity.value,
+                        finding.category.value,
+                        finding.title[:40] + "..." if len(finding.title) > 40 else finding.title,
+                        location[:30] + "..." if len(location) > 30 else location,
+                    ]
+                )
+
+            lines.append(
+                tabulate(
+                    findings_data, headers=["Severity", "Category", "Title", "Location"], tablefmt=self.format_style
+                )
+            )
+
+            # Add code snippets if requested
+            if self.show_snippets:
+                lines.append("")
+                lines.append("=" * 80)
+                lines.append("CODE EVIDENCE")
+                lines.append("=" * 80)
+                lines.append("")
+
+                for i, finding in enumerate(result.findings, 1):
+                    lines.append(f"Finding #{i}: {finding.title}")
+                    lines.append(f"  Location: {finding.file_path}:{finding.line_number or 'N/A'}")
+                    lines.append(f"  Severity: {finding.severity.value}")
+                    if finding.snippet:
+                        lines.append(f"  Code: {finding.snippet}")
+                    if finding.remediation:
+                        lines.append(f"  Fix: {finding.remediation}")
+                    lines.append("")
+        else:
+            lines.append("[OK] No security issues found!")
+
+        lines.append("")
+        return "\n".join(lines)
+
+    def _generate_multi_skill_report(self, report: Report) -> str:
+        """Generate table report for multiple skills."""
+        lines = []
+
+        # Header
+        lines.append("=" * 80)
+        lines.append("Claude Skills Security Scan Report")
+        lines.append("=" * 80)
+        lines.append("")
+
+        # Summary table
+        summary_data = [
+            ["Total Skills Scanned", report.total_skills_scanned],
+            ["Safe Skills", report.safe_count],
+            ["Total Findings", report.total_findings],
+            ["Critical", report.critical_count],
+            ["High", report.high_count],
+            ["Medium", report.medium_count],
+            ["Low", report.low_count],
+            ["Info", report.info_count],
+        ]
+        lines.append(tabulate(summary_data, tablefmt=self.format_style))
+        lines.append("")
+
+        # Skills overview table
+        lines.append("Skills Overview:")
+        skills_data = []
+        for result in report.scan_results:
+            skills_data.append(
+                [
+                    result.skill_name,
+                    "[OK] SAFE" if result.is_safe else "[FAIL] ISSUES",
+                    result.max_severity.value,
+                    len(result.findings),
+                    len(result.get_findings_by_severity(Severity.CRITICAL)),
+                    len(result.get_findings_by_severity(Severity.HIGH)),
+                ]
+            )
+
+        lines.append(
+            tabulate(
+                skills_data,
+                headers=["Skill", "Status", "Max Severity", "Total", "Critical", "High"],
+                tablefmt=self.format_style,
+            )
+        )
+        lines.append("")
+
+        return "\n".join(lines)
+
+    def save_report(self, data: ScanResult | Report, output_path: str):
+        """
+        Save table report to file.
+
+        Args:
+            data: ScanResult or Report object
+            output_path: Path to save file
+        """
+        report_table = self.generate_report(data)
+        with open(output_path, "w", encoding="utf-8") as f:
+            f.write(report_table)

skillanalyzer/core/rules/__init__.py

@@ -0,0 +1,19 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Security rule definitions and pattern matching.
+"""

skillanalyzer/core/rules/patterns.py

@@ -0,0 +1,165 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Pattern matching utilities for security rules.
+"""
+
+import re
+from pathlib import Path
+from typing import Any
+
+import yaml
+
+from ...core.models import Severity, ThreatCategory
+
+
+class SecurityRule:
+    """Represents a security detection rule."""
+
+    def __init__(self, rule_data: dict[str, Any]):
+        self.id = rule_data["id"]
+        self.category = ThreatCategory(rule_data["category"])
+        self.severity = Severity(rule_data["severity"])
+        self.patterns = rule_data["patterns"]
+        self.exclude_patterns = rule_data.get("exclude_patterns", [])
+        self.file_types = rule_data.get("file_types", [])
+        self.description = rule_data["description"]
+        self.remediation = rule_data.get("remediation", "")
+
+        # Compile regex patterns
+        self.compiled_patterns = []
+        for pattern in self.patterns:
+            try:
+                self.compiled_patterns.append(re.compile(pattern))
+            except re.error as e:
+                print(f"Warning: Failed to compile pattern '{pattern}' for rule {self.id}: {e}")
+
+        # Compile exclude patterns
+        self.compiled_exclude_patterns = []
+        for pattern in self.exclude_patterns:
+            try:
+                self.compiled_exclude_patterns.append(re.compile(pattern))
+            except re.error as e:
+                print(f"Warning: Failed to compile exclude pattern '{pattern}' for rule {self.id}: {e}")
+
+    def matches_file_type(self, file_type: str) -> bool:
+        """Check if this rule applies to the given file type."""
+        if not self.file_types:
+            return True  # Rule applies to all file types
+        return file_type in self.file_types
+
+    def scan_content(self, content: str, file_path: str | None = None) -> list[dict[str, Any]]:
+        """
+        Scan content for rule violations.
+
+        Returns:
+            List of matches with line numbers and snippets
+        """
+        matches = []
+        lines = content.split("\n")
+
+        for line_num, line in enumerate(lines, start=1):
+            # Check exclude patterns first
+            excluded = False
+            for exclude_pattern in self.compiled_exclude_patterns:
+                if exclude_pattern.search(line):
+                    excluded = True
+                    break
+
+            if excluded:
+                continue
+
+            for pattern in self.compiled_patterns:
+                match = pattern.search(line)
+                if match:
+                    matches.append(
+                        {
+                            "line_number": line_num,
+                            "line_content": line.strip(),
+                            "matched_pattern": pattern.pattern,
+                            "matched_text": match.group(0),
+                            "file_path": file_path,
+                        }
+                    )
+
+        return matches
+
+
+class RuleLoader:
+    """Loads security rules from YAML files."""
+
+    def __init__(self, rules_file: Path | None = None):
+        """
+        Initialize rule loader.
+
+        Args:
+            rules_file: Path to rules YAML file. If None, uses default.
+        """
+        if rules_file is None:
+            # Default to signatures.yaml in data/rules directory
+            from ...data import DATA_DIR
+
+            rules_file = DATA_DIR / "rules" / "signatures.yaml"
+
+        self.rules_file = rules_file
+        self.rules: list[SecurityRule] = []
+        self.rules_by_id: dict[str, SecurityRule] = {}
+        self.rules_by_category: dict[ThreatCategory, list[SecurityRule]] = {}
+
+    def load_rules(self) -> list[SecurityRule]:
+        """
+        Load rules from YAML file.
+
+        Returns:
+            List of SecurityRule objects
+        """
+        try:
+            with open(self.rules_file, encoding="utf-8") as f:
+                rules_data = yaml.safe_load(f)
+        except Exception as e:
+            raise RuntimeError(f"Failed to load rules from {self.rules_file}: {e}")
+
+        self.rules = []
+        self.rules_by_id = {}
+        self.rules_by_category = {}
+
+        for rule_data in rules_data:
+            try:
+                rule = SecurityRule(rule_data)
+                self.rules.append(rule)
+                self.rules_by_id[rule.id] = rule
+
+                # Group by category
+                if rule.category not in self.rules_by_category:
+                    self.rules_by_category[rule.category] = []
+                self.rules_by_category[rule.category].append(rule)
+            except Exception as e:
+                print(f"Warning: Failed to load rule {rule_data.get('id', 'unknown')}: {e}")
+
+        return self.rules
+
+    def get_rule(self, rule_id: str) -> SecurityRule | None:
+        """Get a specific rule by ID."""
+        return self.rules_by_id.get(rule_id)
+
+    def get_rules_for_file_type(self, file_type: str) -> list[SecurityRule]:
+        """Get all rules that apply to a specific file type."""
+        return [rule for rule in self.rules if rule.matches_file_type(file_type)]
+
+    def get_rules_for_category(self, category: ThreatCategory) -> list[SecurityRule]:
+        """Get all rules in a specific threat category."""
+        return self.rules_by_category.get(category, [])

skillanalyzer/core/rules/yara_scanner.py

@@ -0,0 +1,157 @@
+# Copyright 2026 Cisco Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+YARA rule scanner for detecting malicious patterns in Claude Skills.
+"""
+
+from pathlib import Path
+from typing import Any
+
+import yara
+
+
+class YaraScanner:
+    """Scanner that uses YARA rules to detect malicious patterns."""
+
+    def __init__(self, rules_dir: Path | None = None):
+        """
+        Initialize YARA scanner.
+
+        Args:
+            rules_dir: Path to directory containing .yara files
+        """
+        if rules_dir is None:
+            # Default to yara_rules directory
+            from ...data import YARA_RULES_DIR
+
+            rules_dir = YARA_RULES_DIR
+
+        self.rules_dir = Path(rules_dir)
+        self.rules = None
+        self._load_rules()
+
+    def _load_rules(self):
+        """Load all YARA rules from directory."""
+        if not self.rules_dir.exists():
+            raise FileNotFoundError(f"YARA rules directory not found: {self.rules_dir}")
+
+        # Find all .yara files
+        yara_files = list(self.rules_dir.glob("*.yara"))
+        if not yara_files:
+            raise FileNotFoundError(f"No .yara files found in {self.rules_dir}")
+
+        # Compile all rules
+        rules_dict = {}
+        for yara_file in yara_files:
+            namespace = yara_file.stem  # Use filename as namespace
+            rules_dict[namespace] = str(yara_file)
+
+        try:
+            self.rules = yara.compile(filepaths=rules_dict)
+        except yara.SyntaxError as e:
+            raise RuntimeError(f"Failed to compile YARA rules: {e}")
+
+    def scan_content(self, content: str, file_path: str | None = None) -> list[dict[str, Any]]:
+        """
+        Scan content with YARA rules.
+
+        Args:
+            content: Text content to scan
+            file_path: Optional file path for context
+
+        Returns:
+            List of matches with metadata
+        """
+        if not self.rules:
+            return []
+
+        matches = []
+
+        try:
+            yara_matches = self.rules.match(data=content)
+
+            for match in yara_matches:
+                # Extract metadata from the rule
+                meta = {
+                    "rule_name": match.rule,
+                    "namespace": match.namespace,
+                    "tags": match.tags,
+                    "meta": match.meta,
+                }
+
+                # Find which strings matched and their locations
+                matched_strings = []
+                for string in match.strings:
+                    for instance in string.instances:
+                        # Find line number for this match
+                        line_num = content[: instance.offset].count("\n") + 1
+                        line_start = content.rfind("\n", 0, instance.offset) + 1
+                        line_end = content.find("\n", instance.offset)
+                        if line_end == -1:
+                            line_end = len(content)
+                        line_content = content[line_start:line_end].strip()
+
+                        matched_strings.append(
+                            {
+                                "identifier": string.identifier,
+                                "offset": instance.offset,
+                                "matched_data": instance.matched_data.decode("utf-8", errors="ignore"),
+                                "line_number": line_num,
+                                "line_content": line_content,
+                            }
+                        )
+
+                matches.append(
+                    {
+                        "rule_name": match.rule,
+                        "namespace": match.namespace,
+                        "file_path": file_path,
+                        "meta": meta,
+                        "strings": matched_strings,
+                    }
+                )
+
+        except yara.Error as e:
+            print(f"Warning: YARA scanning error: {e}")
+
+        return matches
+
+    def scan_file(self, file_path: Path) -> list[dict[str, Any]]:
+        """
+        Scan a file with YARA rules.
+
+        Args:
+            file_path: Path to file to scan
+
+        Returns:
+            List of matches
+        """
+        try:
+            with open(file_path, encoding="utf-8") as f:
+                content = f.read()
+            return self.scan_content(content, str(file_path))
+        except (OSError, UnicodeDecodeError) as e:
+            print(f"Warning: Could not read file {file_path}: {e}")
+            return []
+
+    def get_loaded_rules(self) -> list[str]:
+        """Get list of loaded rule names."""
+        if not self.rules:
+            return []
+        # YARA doesn't provide easy access to rule names, return namespaces
+        yara_files = list(self.rules_dir.glob("*.yara"))
+        return [f.stem for f in yara_files]