codejury 0.10.5__tar.gz → 0.10.6__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (208) hide show
  1. {codejury-0.10.5 → codejury-0.10.6}/PKG-INFO +1 -1
  2. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ag_arbitrary_tool_vuln.yaml +1 -0
  3. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authn_sha256_password.yaml +1 -0
  4. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authz_idor_vuln.yaml +1 -0
  5. codejury-0.10.6/codejury/data/golden/business_logic_atomic_safe.yaml +15 -0
  6. codejury-0.10.6/codejury/data/golden/business_logic_toctou_vuln.yaml +14 -0
  7. codejury-0.10.6/codejury/data/golden/crypto_aesgcm_nonce_safe.yaml +13 -0
  8. codejury-0.10.6/codejury/data/golden/crypto_static_iv_vuln.yaml +14 -0
  9. codejury-0.10.6/codejury/data/golden/data_protection_cleartext_http_vuln.yaml +11 -0
  10. codejury-0.10.6/codejury/data/golden/data_protection_encrypted_at_rest_safe.yaml +11 -0
  11. codejury-0.10.6/codejury/data/golden/dependency_config_debug_off_safe.yaml +12 -0
  12. codejury-0.10.6/codejury/data/golden/dependency_config_debug_true_vuln.yaml +11 -0
  13. codejury-0.10.6/codejury/data/golden/error_logging_reraise_safe.yaml +15 -0
  14. codejury-0.10.6/codejury/data/golden/error_logging_swallow_vuln.yaml +14 -0
  15. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ioh_exec_output_vuln.yaml +1 -0
  16. codejury-0.10.6/codejury/data/golden/output_encoding_header_injection_vuln.yaml +11 -0
  17. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/pi_system_concat_vuln.yaml +1 -0
  18. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sc_trust_remote_code_vuln.yaml +1 -0
  19. codejury-0.10.6/codejury/data/golden/secrets_from_config_safe.yaml +12 -0
  20. codejury-0.10.6/codejury/data/golden/secrets_hardcoded_token_vuln.yaml +13 -0
  21. codejury-0.10.6/codejury/data/golden/session_cookie_flags_safe.yaml +10 -0
  22. codejury-0.10.6/codejury/data/golden/session_insecure_cookie_vuln.yaml +11 -0
  23. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xss_innerhtml_vuln.yaml +1 -0
  24. {codejury-0.10.5 → codejury-0.10.6}/codejury.egg-info/PKG-INFO +1 -1
  25. {codejury-0.10.5 → codejury-0.10.6}/codejury.egg-info/SOURCES.txt +15 -0
  26. {codejury-0.10.5 → codejury-0.10.6}/pyproject.toml +1 -1
  27. {codejury-0.10.5 → codejury-0.10.6}/LICENSE +0 -0
  28. {codejury-0.10.5 → codejury-0.10.6}/README.md +0 -0
  29. {codejury-0.10.5 → codejury-0.10.6}/codejury/__init__.py +0 -0
  30. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/__init__.py +0 -0
  31. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/base.py +0 -0
  32. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/debate.py +0 -0
  33. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/mock.py +0 -0
  34. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/parsing.py +0 -0
  35. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/refuter.py +0 -0
  36. {codejury-0.10.5 → codejury-0.10.6}/codejury/agents/verifier.py +0 -0
  37. {codejury-0.10.5 → codejury-0.10.6}/codejury/analysis/__init__.py +0 -0
  38. {codejury-0.10.5 → codejury-0.10.6}/codejury/analysis/provenance.py +0 -0
  39. {codejury-0.10.5 → codejury-0.10.6}/codejury/analysis/taint.py +0 -0
  40. {codejury-0.10.5 → codejury-0.10.6}/codejury/assembly.py +0 -0
  41. {codejury-0.10.5 → codejury-0.10.6}/codejury/baseline.py +0 -0
  42. {codejury-0.10.5 → codejury-0.10.6}/codejury/cli.py +0 -0
  43. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/authentication.yaml +0 -0
  44. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/authorization.yaml +0 -0
  45. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/business_logic.yaml +0 -0
  46. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/crypto.yaml +0 -0
  47. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/data_protection.yaml +0 -0
  48. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/dependency_config.yaml +0 -0
  49. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/error_logging.yaml +0 -0
  50. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/excessive_agency.yaml +0 -0
  51. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/input_validation.yaml +0 -0
  52. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/insecure_output_handling.yaml +0 -0
  53. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/model_supply_chain.yaml +0 -0
  54. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/output_encoding.yaml +0 -0
  55. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/prompt_injection.yaml +0 -0
  56. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/secrets.yaml +0 -0
  57. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/capabilities/session.yaml +0 -0
  58. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ag_allowlist_safe.yaml +0 -0
  59. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ag_destructive_no_confirm_vuln.yaml +0 -0
  60. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ag_fixed_enum_safe.yaml +0 -0
  61. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ag_human_approval_safe.yaml +0 -0
  62. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ag_model_confirmed_vuln.yaml +0 -0
  63. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authn_bcrypt_password.yaml +0 -0
  64. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authn_jwt_noverify_vuln.yaml +0 -0
  65. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authn_jwt_verified_safe.yaml +0 -0
  66. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authn_sha256_checksum_safe.yaml +0 -0
  67. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authn_weak_hash_indirect_vuln.yaml +0 -0
  68. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/authz_owner_safe.yaml +0 -0
  69. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/business_logic_price_tamper_vuln.yaml +0 -0
  70. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/business_logic_server_checked_safe.yaml +0 -0
  71. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/cmdi_fixed_argv_safe.yaml +0 -0
  72. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/cmdi_ossystem_vuln.yaml +0 -0
  73. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/cmdi_subprocess_safe.yaml +0 -0
  74. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/crypto_aesgcm_safe.yaml +0 -0
  75. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/crypto_ecb_vuln.yaml +0 -0
  76. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/data_protection_plaintext_pii_vuln.yaml +0 -0
  77. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/data_protection_tokenized_safe.yaml +0 -0
  78. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/dependency_config_tls_verify_off_vuln.yaml +0 -0
  79. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/dependency_config_tls_verify_on_safe.yaml +0 -0
  80. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/deserialize_json_safe.yaml +0 -0
  81. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/deserialize_pickle_vuln.yaml +0 -0
  82. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/error_logging_redacted_safe.yaml +0 -0
  83. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/error_logging_secret_leak_vuln.yaml +0 -0
  84. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ioh_escaped_output_safe.yaml +0 -0
  85. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ioh_innerhtml_output_vuln.yaml +0 -0
  86. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ioh_json_response_safe.yaml +0 -0
  87. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ioh_output_to_sql_vuln.yaml +0 -0
  88. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ioh_schema_validated_safe.yaml +0 -0
  89. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/literal_eval_safe.yaml +0 -0
  90. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/path_basename_safe.yaml +0 -0
  91. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/path_contained_safe.yaml +0 -0
  92. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/path_traversal_vuln.yaml +0 -0
  93. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/pi_delimited_data_safe.yaml +0 -0
  94. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/pi_format_role_vuln.yaml +0 -0
  95. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/pi_indirect_rag_vuln.yaml +0 -0
  96. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/pi_user_content_concat_safe.yaml +0 -0
  97. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/pi_user_role_safe.yaml +0 -0
  98. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sc_pinned_safe.yaml +0 -0
  99. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sc_safetensors_safe.yaml +0 -0
  100. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sc_torch_load_vuln.yaml +0 -0
  101. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/secrets_env_safe.yaml +0 -0
  102. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/secrets_hardcoded_vuln.yaml +0 -0
  103. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/session_fixation_vuln.yaml +0 -0
  104. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/session_secure_cookie_safe.yaml +0 -0
  105. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sql_constant_concat_safe.yaml +0 -0
  106. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sqli_format_vuln.yaml +0 -0
  107. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sqli_fstring_query.yaml +0 -0
  108. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sqli_indirect_var_vuln.yaml +0 -0
  109. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/sqli_parameterized_query.yaml +0 -0
  110. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ssrf_allowlist_safe.yaml +0 -0
  111. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ssrf_constant_url_safe.yaml +0 -0
  112. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ssrf_substring_allowlist_bypass_vuln.yaml +0 -0
  113. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/ssrf_user_url_vuln.yaml +0 -0
  114. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xfile_idor_no_check_vuln.yaml +0 -0
  115. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xfile_idor_owner_checked_safe.yaml +0 -0
  116. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xfile_path_sanitized_safe.yaml +0 -0
  117. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xfile_path_tainted_vuln.yaml +0 -0
  118. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xss_innerhtml_constant_safe.yaml +0 -0
  119. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/golden/xss_textcontent_safe.yaml +0 -0
  120. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/suppressions.yaml +0 -0
  121. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/taint.yaml +0 -0
  122. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/tasks/audit_diff_debate.yaml +0 -0
  123. {codejury-0.10.5 → codejury-0.10.6}/codejury/data/tasks/quick_scan_single.yaml +0 -0
  124. {codejury-0.10.5 → codejury-0.10.6}/codejury/domain/__init__.py +0 -0
  125. {codejury-0.10.5 → codejury-0.10.6}/codejury/domain/artifact.py +0 -0
  126. {codejury-0.10.5 → codejury-0.10.6}/codejury/domain/capability.py +0 -0
  127. {codejury-0.10.5 → codejury-0.10.6}/codejury/domain/context.py +0 -0
  128. {codejury-0.10.5 → codejury-0.10.6}/codejury/domain/observation.py +0 -0
  129. {codejury-0.10.5 → codejury-0.10.6}/codejury/domain/result.py +0 -0
  130. {codejury-0.10.5 → codejury-0.10.6}/codejury/evaluation.py +0 -0
  131. {codejury-0.10.5 → codejury-0.10.6}/codejury/infrastructure/__init__.py +0 -0
  132. {codejury-0.10.5 → codejury-0.10.6}/codejury/infrastructure/cache.py +0 -0
  133. {codejury-0.10.5 → codejury-0.10.6}/codejury/infrastructure/json_parse.py +0 -0
  134. {codejury-0.10.5 → codejury-0.10.6}/codejury/integrations/__init__.py +0 -0
  135. {codejury-0.10.5 → codejury-0.10.6}/codejury/integrations/github.py +0 -0
  136. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/__init__.py +0 -0
  137. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/adaptive.py +0 -0
  138. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/base.py +0 -0
  139. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/challenge.py +0 -0
  140. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/debate.py +0 -0
  141. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/pipeline.py +0 -0
  142. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/reflexion.py +0 -0
  143. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/single.py +0 -0
  144. {codejury-0.10.5 → codejury-0.10.6}/codejury/orchestrators/taint_gate.py +0 -0
  145. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/__init__.py +0 -0
  146. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/anthropic.py +0 -0
  147. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/base.py +0 -0
  148. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/litellm.py +0 -0
  149. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/mock.py +0 -0
  150. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/openai.py +0 -0
  151. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/openai_format.py +0 -0
  152. {codejury-0.10.5 → codejury-0.10.6}/codejury/providers/retry.py +0 -0
  153. {codejury-0.10.5 → codejury-0.10.6}/codejury/reporting.py +0 -0
  154. {codejury-0.10.5 → codejury-0.10.6}/codejury/resources.py +0 -0
  155. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/__init__.py +0 -0
  156. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/base.py +0 -0
  157. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/callers.py +0 -0
  158. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/chunker.py +0 -0
  159. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/diff.py +0 -0
  160. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/function.py +0 -0
  161. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/mock.py +0 -0
  162. {codejury-0.10.5 → codejury-0.10.6}/codejury/sources/repo.py +0 -0
  163. {codejury-0.10.5 → codejury-0.10.6}/codejury/suppression.py +0 -0
  164. {codejury-0.10.5 → codejury-0.10.6}/codejury/tasks/__init__.py +0 -0
  165. {codejury-0.10.5 → codejury-0.10.6}/codejury/tasks/base.py +0 -0
  166. {codejury-0.10.5 → codejury-0.10.6}/codejury/tasks/registry.py +0 -0
  167. {codejury-0.10.5 → codejury-0.10.6}/codejury.egg-info/dependency_links.txt +0 -0
  168. {codejury-0.10.5 → codejury-0.10.6}/codejury.egg-info/entry_points.txt +0 -0
  169. {codejury-0.10.5 → codejury-0.10.6}/codejury.egg-info/requires.txt +0 -0
  170. {codejury-0.10.5 → codejury-0.10.6}/codejury.egg-info/top_level.txt +0 -0
  171. {codejury-0.10.5 → codejury-0.10.6}/setup.cfg +0 -0
  172. {codejury-0.10.5 → codejury-0.10.6}/tests/test_adaptive.py +0 -0
  173. {codejury-0.10.5 → codejury-0.10.6}/tests/test_anthropic_provider.py +0 -0
  174. {codejury-0.10.5 → codejury-0.10.6}/tests/test_assembly.py +0 -0
  175. {codejury-0.10.5 → codejury-0.10.6}/tests/test_audit_pipeline.py +0 -0
  176. {codejury-0.10.5 → codejury-0.10.6}/tests/test_baseline.py +0 -0
  177. {codejury-0.10.5 → codejury-0.10.6}/tests/test_cache.py +0 -0
  178. {codejury-0.10.5 → codejury-0.10.6}/tests/test_callers.py +0 -0
  179. {codejury-0.10.5 → codejury-0.10.6}/tests/test_capability.py +0 -0
  180. {codejury-0.10.5 → codejury-0.10.6}/tests/test_challenge.py +0 -0
  181. {codejury-0.10.5 → codejury-0.10.6}/tests/test_cli_audit.py +0 -0
  182. {codejury-0.10.5 → codejury-0.10.6}/tests/test_context.py +0 -0
  183. {codejury-0.10.5 → codejury-0.10.6}/tests/test_debate_agents.py +0 -0
  184. {codejury-0.10.5 → codejury-0.10.6}/tests/test_debate_orchestrator.py +0 -0
  185. {codejury-0.10.5 → codejury-0.10.6}/tests/test_diff_source.py +0 -0
  186. {codejury-0.10.5 → codejury-0.10.6}/tests/test_evaluation.py +0 -0
  187. {codejury-0.10.5 → codejury-0.10.6}/tests/test_function_source.py +0 -0
  188. {codejury-0.10.5 → codejury-0.10.6}/tests/test_integrations.py +0 -0
  189. {codejury-0.10.5 → codejury-0.10.6}/tests/test_json_parse.py +0 -0
  190. {codejury-0.10.5 → codejury-0.10.6}/tests/test_litellm_provider.py +0 -0
  191. {codejury-0.10.5 → codejury-0.10.6}/tests/test_openai_format.py +0 -0
  192. {codejury-0.10.5 → codejury-0.10.6}/tests/test_openai_provider.py +0 -0
  193. {codejury-0.10.5 → codejury-0.10.6}/tests/test_orchestrator.py +0 -0
  194. {codejury-0.10.5 → codejury-0.10.6}/tests/test_parsing.py +0 -0
  195. {codejury-0.10.5 → codejury-0.10.6}/tests/test_pipeline_orchestrator.py +0 -0
  196. {codejury-0.10.5 → codejury-0.10.6}/tests/test_provenance.py +0 -0
  197. {codejury-0.10.5 → codejury-0.10.6}/tests/test_reflexion_orchestrator.py +0 -0
  198. {codejury-0.10.5 → codejury-0.10.6}/tests/test_repo_source.py +0 -0
  199. {codejury-0.10.5 → codejury-0.10.6}/tests/test_reporting.py +0 -0
  200. {codejury-0.10.5 → codejury-0.10.6}/tests/test_retry_provider.py +0 -0
  201. {codejury-0.10.5 → codejury-0.10.6}/tests/test_review_fixes.py +0 -0
  202. {codejury-0.10.5 → codejury-0.10.6}/tests/test_sarif.py +0 -0
  203. {codejury-0.10.5 → codejury-0.10.6}/tests/test_suppression.py +0 -0
  204. {codejury-0.10.5 → codejury-0.10.6}/tests/test_taint.py +0 -0
  205. {codejury-0.10.5 → codejury-0.10.6}/tests/test_taint_crossfile.py +0 -0
  206. {codejury-0.10.5 → codejury-0.10.6}/tests/test_taint_gate.py +0 -0
  207. {codejury-0.10.5 → codejury-0.10.6}/tests/test_tasks.py +0 -0
  208. {codejury-0.10.5 → codejury-0.10.6}/tests/test_verifier.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codejury
3
- Version: 0.10.5
3
+ Version: 0.10.6
4
4
  Summary: General-purpose Application Security AI audit framework: five-layer architecture, capabilities as first-class data
5
5
  Author: AISecLabs
6
6
  License-Expression: MIT
@@ -1,4 +1,5 @@
1
1
  capability: excessive_agency
2
+ split: held-out
2
3
  vulnerable: true
3
4
  expected_verdict: VULNERABLE
4
5
  cwe: CWE-862
@@ -1,4 +1,5 @@
1
1
  capability: authn
2
+ split: held-out
2
3
  vulnerable: true
3
4
  code: |
4
5
  def store_password(pwd: str) -> str:
@@ -1,4 +1,5 @@
1
1
  capability: authz
2
+ split: held-out
2
3
  vulnerable: true
3
4
  code: |
4
5
  def get_invoice(request):
@@ -0,0 +1,15 @@
1
+ capability: business_logic
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ notes: >
7
+ A single atomic conditional update debits only when the balance suffices, so
8
+ there is no check-then-act race.
9
+ code: |
10
+ def withdraw(account, amount):
11
+ result = db.execute(
12
+ "UPDATE accounts SET balance = balance - %s WHERE id = %s AND balance >= %s",
13
+ (amount, account.id, amount),
14
+ )
15
+ return result.rowcount == 1
@@ -0,0 +1,14 @@
1
+ capability: business_logic
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-367
5
+ source: synthetic
6
+ notes: >
7
+ The balance is checked and then debited without a lock or atomic update, so two
8
+ concurrent withdrawals both pass the check and overdraw the account.
9
+ code: |
10
+ def withdraw(account, amount):
11
+ if account.balance >= amount:
12
+ account.balance -= amount
13
+ return True
14
+ return False
@@ -0,0 +1,13 @@
1
+ capability: crypto
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ split: held-out
7
+ notes: >
8
+ Authenticated encryption (AES-GCM) with a fresh random nonce per message. No
9
+ fixed IV, no unauthenticated mode.
10
+ code: |
11
+ def encrypt(data, key):
12
+ nonce = os.urandom(12)
13
+ return nonce + AESGCM(key).encrypt(nonce, data, None)
@@ -0,0 +1,14 @@
1
+ capability: crypto
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-329
5
+ source: synthetic
6
+ notes: >
7
+ A fixed all-zero IV with CBC makes encryption deterministic, so identical
8
+ plaintexts produce identical ciphertexts and patterns leak. The IV must be
9
+ random per message.
10
+ code: |
11
+ def encrypt(data, key):
12
+ iv = b"\x00" * 16
13
+ cipher = AES.new(key, AES.MODE_CBC, iv)
14
+ return cipher.encrypt(pad(data))
@@ -0,0 +1,11 @@
1
+ capability: data_protection
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-319
5
+ source: synthetic
6
+ notes: >
7
+ PII is posted over plaintext http, so it can be read by anyone on the network
8
+ path. It must travel over TLS.
9
+ code: |
10
+ def sync(user):
11
+ requests.post("http://crm.internal/contacts", json={"ssn": user.ssn, "email": user.email})
@@ -0,0 +1,11 @@
1
+ capability: data_protection
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ notes: >
7
+ The SSN is encrypted before it is stored, so no plaintext PII is persisted.
8
+ code: |
9
+ def save(user):
10
+ ciphertext = AESGCM(KEY).encrypt(os.urandom(12), user.ssn.encode(), None)
11
+ db.store(user.id, ciphertext)
@@ -0,0 +1,12 @@
1
+ capability: dependency_config
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ split: held-out
7
+ notes: >
8
+ An ordinary run with the debugger left at its safe default. A normal app.run
9
+ must not be flagged.
10
+ code: |
11
+ def main():
12
+ app.run(host="127.0.0.1")
@@ -0,0 +1,11 @@
1
+ capability: dependency_config
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-489
5
+ source: synthetic
6
+ notes: >
7
+ Running with the debugger enabled in production exposes an interactive console
8
+ that can execute code on the server.
9
+ code: |
10
+ def main():
11
+ app.run(host="0.0.0.0", debug=True)
@@ -0,0 +1,15 @@
1
+ capability: error_logging
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ split: held-out
7
+ notes: >
8
+ The error is logged and re-raised, so the failure is recorded and not hidden.
9
+ code: |
10
+ def charge(card):
11
+ try:
12
+ gateway.charge(card)
13
+ except PaymentError:
14
+ logger.exception("charge failed")
15
+ raise
@@ -0,0 +1,14 @@
1
+ capability: error_logging
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-390
5
+ source: synthetic
6
+ notes: >
7
+ The bare except discards every error, including security-relevant failures, so
8
+ a failed charge looks like a success and nothing is logged.
9
+ code: |
10
+ def charge(card):
11
+ try:
12
+ gateway.charge(card)
13
+ except Exception:
14
+ pass
@@ -1,4 +1,5 @@
1
1
  capability: insecure_output_handling
2
+ split: held-out
2
3
  vulnerable: true
3
4
  expected_verdict: VULNERABLE
4
5
  cwe: CWE-94
@@ -0,0 +1,11 @@
1
+ capability: output_encoding
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-113
5
+ source: synthetic
6
+ notes: >
7
+ User input is concatenated into a response header without stripping CR or LF, so
8
+ a crafted value can inject extra headers or split the response.
9
+ code: |
10
+ def download(response, filename):
11
+ response.headers["Content-Disposition"] = "attachment; filename=" + filename
@@ -1,4 +1,5 @@
1
1
  capability: prompt_injection
2
+ split: held-out
2
3
  vulnerable: true
3
4
  expected_verdict: VULNERABLE
4
5
  cwe: CWE-1427
@@ -1,4 +1,5 @@
1
1
  capability: model_supply_chain
2
+ split: held-out
2
3
  vulnerable: true
3
4
  expected_verdict: VULNERABLE
4
5
  cwe: CWE-494
@@ -0,0 +1,12 @@
1
+ capability: secrets
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ split: held-out
7
+ notes: >
8
+ The token is read from settings at runtime, not a literal. A variable named
9
+ token that holds a config lookup must not be flagged.
10
+ code: |
11
+ def client():
12
+ return Service(token=settings.API_TOKEN)
@@ -0,0 +1,13 @@
1
+ capability: secrets
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-798
5
+ source: synthetic
6
+ notes: >
7
+ A credential literal committed in source is exposed to everyone with repo
8
+ access and lives forever in version history. It belongs in the environment.
9
+ code: |
10
+ API_TOKEN = "9c1185a5c5e9fc54612808977ee8f548b2258d31"
11
+
12
+ def client():
13
+ return Service(token=API_TOKEN)
@@ -0,0 +1,10 @@
1
+ capability: session
2
+ vulnerable: false
3
+ expected_verdict: SECURE
4
+ cwe: ""
5
+ source: synthetic
6
+ notes: >
7
+ The session cookie sets Secure, HttpOnly, and SameSite.
8
+ code: |
9
+ def set_session(response, sid):
10
+ response.set_cookie("session", sid, secure=True, httponly=True, samesite="Lax")
@@ -0,0 +1,11 @@
1
+ capability: session
2
+ vulnerable: true
3
+ expected_verdict: VULNERABLE
4
+ cwe: CWE-614
5
+ source: synthetic
6
+ notes: >
7
+ The session cookie is set without Secure, HttpOnly, or SameSite, so it is
8
+ readable by JavaScript and sent over plaintext.
9
+ code: |
10
+ def set_session(response, sid):
11
+ response.set_cookie("session", sid)
@@ -1,4 +1,5 @@
1
1
  capability: output_encoding
2
+ split: held-out
2
3
  vulnerable: true
3
4
  code: |
4
5
  function render(name) {
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codejury
3
- Version: 0.10.5
3
+ Version: 0.10.6
4
4
  Summary: General-purpose Application Security AI audit framework: five-layer architecture, capabilities as first-class data
5
5
  Author: AISecLabs
6
6
  License-Expression: MIT
@@ -56,21 +56,31 @@ codejury/data/golden/authn_sha256_password.yaml
56
56
  codejury/data/golden/authn_weak_hash_indirect_vuln.yaml
57
57
  codejury/data/golden/authz_idor_vuln.yaml
58
58
  codejury/data/golden/authz_owner_safe.yaml
59
+ codejury/data/golden/business_logic_atomic_safe.yaml
59
60
  codejury/data/golden/business_logic_price_tamper_vuln.yaml
60
61
  codejury/data/golden/business_logic_server_checked_safe.yaml
62
+ codejury/data/golden/business_logic_toctou_vuln.yaml
61
63
  codejury/data/golden/cmdi_fixed_argv_safe.yaml
62
64
  codejury/data/golden/cmdi_ossystem_vuln.yaml
63
65
  codejury/data/golden/cmdi_subprocess_safe.yaml
66
+ codejury/data/golden/crypto_aesgcm_nonce_safe.yaml
64
67
  codejury/data/golden/crypto_aesgcm_safe.yaml
65
68
  codejury/data/golden/crypto_ecb_vuln.yaml
69
+ codejury/data/golden/crypto_static_iv_vuln.yaml
70
+ codejury/data/golden/data_protection_cleartext_http_vuln.yaml
71
+ codejury/data/golden/data_protection_encrypted_at_rest_safe.yaml
66
72
  codejury/data/golden/data_protection_plaintext_pii_vuln.yaml
67
73
  codejury/data/golden/data_protection_tokenized_safe.yaml
74
+ codejury/data/golden/dependency_config_debug_off_safe.yaml
75
+ codejury/data/golden/dependency_config_debug_true_vuln.yaml
68
76
  codejury/data/golden/dependency_config_tls_verify_off_vuln.yaml
69
77
  codejury/data/golden/dependency_config_tls_verify_on_safe.yaml
70
78
  codejury/data/golden/deserialize_json_safe.yaml
71
79
  codejury/data/golden/deserialize_pickle_vuln.yaml
72
80
  codejury/data/golden/error_logging_redacted_safe.yaml
81
+ codejury/data/golden/error_logging_reraise_safe.yaml
73
82
  codejury/data/golden/error_logging_secret_leak_vuln.yaml
83
+ codejury/data/golden/error_logging_swallow_vuln.yaml
74
84
  codejury/data/golden/ioh_escaped_output_safe.yaml
75
85
  codejury/data/golden/ioh_exec_output_vuln.yaml
76
86
  codejury/data/golden/ioh_innerhtml_output_vuln.yaml
@@ -78,6 +88,7 @@ codejury/data/golden/ioh_json_response_safe.yaml
78
88
  codejury/data/golden/ioh_output_to_sql_vuln.yaml
79
89
  codejury/data/golden/ioh_schema_validated_safe.yaml
80
90
  codejury/data/golden/literal_eval_safe.yaml
91
+ codejury/data/golden/output_encoding_header_injection_vuln.yaml
81
92
  codejury/data/golden/path_basename_safe.yaml
82
93
  codejury/data/golden/path_contained_safe.yaml
83
94
  codejury/data/golden/path_traversal_vuln.yaml
@@ -92,8 +103,12 @@ codejury/data/golden/sc_safetensors_safe.yaml
92
103
  codejury/data/golden/sc_torch_load_vuln.yaml
93
104
  codejury/data/golden/sc_trust_remote_code_vuln.yaml
94
105
  codejury/data/golden/secrets_env_safe.yaml
106
+ codejury/data/golden/secrets_from_config_safe.yaml
107
+ codejury/data/golden/secrets_hardcoded_token_vuln.yaml
95
108
  codejury/data/golden/secrets_hardcoded_vuln.yaml
109
+ codejury/data/golden/session_cookie_flags_safe.yaml
96
110
  codejury/data/golden/session_fixation_vuln.yaml
111
+ codejury/data/golden/session_insecure_cookie_vuln.yaml
97
112
  codejury/data/golden/session_secure_cookie_safe.yaml
98
113
  codejury/data/golden/sql_constant_concat_safe.yaml
99
114
  codejury/data/golden/sqli_format_vuln.yaml
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "codejury"
3
- version = "0.10.5"
3
+ version = "0.10.6"
4
4
  description = "General-purpose Application Security AI audit framework: five-layer architecture, capabilities as first-class data"
5
5
  readme = "README.md"
6
6
  requires-python = ">=3.12"
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes