cve-sentinel 0.1.2__py3-none-any.whl

cve_sentinel/utils/__init__.py

@@ -0,0 +1,5 @@
+"""Utility modules for CVE Sentinel."""
+
+from cve_sentinel.utils.cache import Cache
+
+__all__ = ["Cache"]

cve_sentinel/utils/cache.py

@@ -0,0 +1,61 @@
+"""File-based cache for CVE data."""
+
+from __future__ import annotations
+
+import json
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+from typing import Any, Optional
+
+
+class Cache:
+    """File-based cache with TTL support."""
+
+    def __init__(self, cache_dir: Path, ttl_hours: int = 24) -> None:
+        """Initialize cache with directory and TTL."""
+        self.cache_dir = cache_dir
+        self.ttl = timedelta(hours=ttl_hours)
+        self.cache_dir.mkdir(parents=True, exist_ok=True)
+
+    def _get_cache_path(self, key: str) -> Path:
+        """Get file path for a cache key."""
+        # Sanitize key for filesystem
+        safe_key = key.replace("/", "_").replace(":", "_")
+        return self.cache_dir / f"{safe_key}.json"
+
+    def get(self, key: str) -> Optional[Any]:
+        """Get value from cache if not expired."""
+        cache_path = self._get_cache_path(key)
+
+        if not cache_path.exists():
+            return None
+
+        try:
+            data = json.loads(cache_path.read_text())
+            cached_at = datetime.fromisoformat(data["cached_at"])
+            now = datetime.now(timezone.utc)
+
+            if now - cached_at > self.ttl:
+                # Cache expired
+                cache_path.unlink()
+                return None
+
+            return data["value"]
+        except (json.JSONDecodeError, KeyError, ValueError):
+            return None
+
+    def set(self, key: str, value: Any) -> None:
+        """Set value in cache."""
+        cache_path = self._get_cache_path(key)
+
+        data = {
+            "cached_at": datetime.now(timezone.utc).isoformat(),
+            "value": value,
+        }
+
+        cache_path.write_text(json.dumps(data, ensure_ascii=False))
+
+    def clear(self) -> None:
+        """Clear all cached data."""
+        for cache_file in self.cache_dir.glob("*.json"):
+            cache_file.unlink()

cve_sentinel-0.1.2.dist-info/METADATA

@@ -0,0 +1,454 @@
+Metadata-Version: 2.4
+Name: cve-sentinel
+Version: 0.1.2
+Summary: CVE auto-detection and remediation proposal system for Claude Code
+Project-URL: Homepage, https://github.com/cawa102/cveSentinel
+Project-URL: Documentation, https://github.com/cawa102/cveSentinel#readme
+Project-URL: Repository, https://github.com/cawa102/cveSentinel
+Project-URL: Issues, https://github.com/cawa102/cveSentinel/issues
+Author: CVE Sentinel Team
+License-Expression: MIT
+License-File: LICENSE
+Keywords: claude-code,cve,scanner,security,vulnerability
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Requires-Python: >=3.9
+Requires-Dist: packaging>=21.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: requests>=2.28.0
+Requires-Dist: tomli>=2.0.0; python_version < '3.11'
+Provides-Extra: dev
+Requires-Dist: mypy>=1.0.0; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0.0; extra == 'dev'
+Requires-Dist: pytest>=7.0.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Requires-Dist: types-pyyaml>=6.0.0; extra == 'dev'
+Requires-Dist: types-requests>=2.28.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+<p align="center">
+  <img src="assets/icon.png" alt="CVE Sentinel" width="180" height="180">
+</p>
+
+<h1 align="center">CVE Sentinel</h1>
+
+<p align="center">
+  <strong>Your AI-Powered Vulnerability Detector</strong>
+</p>
+
+<p align="center">
+  Automatically detect vulnerabilities in your dependencies before they become threats.
+</p>
+
+<p align="center">
+  <!-- CI & Coverage -->
+  <a href="https://github.com/cawa102/cveSentinel/actions/workflows/ci.yml">
+    <img src="https://github.com/cawa102/cveSentinel/actions/workflows/ci.yml/badge.svg" alt="CI">
+  </a>
+  <a href="https://codecov.io/gh/cawa102/cveSentinel">
+    <img src="https://codecov.io/gh/cawa102/cveSentinel/branch/main/graph/badge.svg" alt="Coverage">
+  </a>
+  <!-- Package Info -->
+  <a href="https://pypi.org/project/cve-sentinel/">
+    <img src="https://img.shields.io/pypi/v/cve-sentinel.svg" alt="PyPI">
+  </a>
+  <a href="https://pypi.org/project/cve-sentinel/">
+    <img src="https://img.shields.io/pypi/pyversions/cve-sentinel.svg" alt="Python Versions">
+  </a>
+  <a href="https://pepy.tech/project/cve-sentinel">
+    <img src="https://pepy.tech/badge/cve-sentinel" alt="Downloads">
+  </a>
+</p>
+
+<p align="center">
+  <!-- Community -->
+  <a href="https://github.com/cawa102/cveSentinel/stargazers">
+    <img src="https://img.shields.io/github/stars/cawa102/cveSentinel.svg?style=social" alt="Stars">
+  </a>
+  <a href="https://github.com/cawa102/cveSentinel/issues">
+    <img src="https://img.shields.io/github/issues/cawa102/cveSentinel.svg" alt="Issues">
+  </a>
+  <a href="https://opensource.org/licenses/MIT">
+    <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT">
+  </a>
+  <!-- Security -->
+  <a href="https://github.com/cawa102/cveSentinel/security/policy">
+    <img src="https://img.shields.io/badge/Security-Policy-blue.svg" alt="Security Policy">
+  </a>
+</p>
+
+---
+
+## Demo
+
+<p align="center">
+  <img src="assets/cveSentinel.gif" alt="CVE Sentinel Demo" width="800">
+</p>
+
+https://github.com/user-attachments/assets/25634a88-8ed0-4da4-9b11-4e924ad87adf
+
+---
+
+## Why CVE Sentinel?
+
+### Built for the AI Coding Era
+
+Traditional vulnerability scanners run periodically in CI/CD pipelines — but AI-driven development moves faster. When you're building with Claude Code, new dependencies get added in real-time. **CVE Sentinel** provides always-on protection that activates the moment you start coding, catching vulnerabilities before they ever reach your repository.
+
+### Superior Coverage with Multi-Source Intelligence
+
+Most scanners rely on a single vulnerability database. CVE Sentinel combines **NVD (National Vulnerability Database)** and **Google OSV (Open Source Vulnerabilities)** to deliver broader coverage:
+
+| Source | Strength |
+|--------|----------|
+| **NVD** | Industry standard, detailed CVSS scores, comprehensive CVE data |
+| **Google OSV** | Faster updates, ecosystem-specific advisories (npm, PyPI, Go, etc.) |
+
+By querying both sources, CVE Sentinel catches vulnerabilities that single-source tools miss.
+
+### Key Features
+
+- **Always-On Detection** - Automatically scans when you start Claude Code sessions
+- **Multi-Source Intelligence** - NVD + Google OSV for maximum coverage
+- **7+ Languages** - JavaScript, Python, Go, Java, Ruby, Rust, PHP and more
+- **3 Analysis Levels** - From quick manifest scans to deep source code analysis
+- **Actionable Fixes** - Get specific upgrade commands, not just vulnerability reports
+
+---
+
+## Quick Start
+
+### Installation
+
+```bash
+# Install from PyPI
+pip install cve-sentinel
+
+# Or install from GitHub (latest development version)
+pip install git+https://github.com/cawa102/cveSentinel.git
+```
+
+### Scan Your Project
+
+```bash
+# Scan current directory
+cve-sentinel scan
+
+# Scan a specific directory
+cve-sentinel scan /path/to/project
+
+# Scan with options
+cve-sentinel scan /path/to/project --level 2 --exclude node_modules --exclude .venv
+```
+
+No configuration file required - just run and scan!
+
+### Auto-scan with Claude Code (Optional)
+
+```bash
+cve-sentinel init
+```
+
+This sets up a **SessionStart Hook** - CVE Sentinel will automatically scan your project every time you launch Claude Code.
+
+---
+
+## NVD API Key (Recommended)
+
+For faster scanning, get a free API key from [NVD](https://nvd.nist.gov/developers/request-an-api-key):
+
+```bash
+export NVD_API_KEY=your-api-key-here
+```
+
+Without an API key, requests are rate-limited to 5 per 30 seconds.
+
+
+---
+
+## How It Works
+
+```
+┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
+│  Your Project   │────▶│  CVE Sentinel   │────▶│  Security Report│
+│                 │     │                 │     │                 │
+│ package.json    │     │ ┌─────────────┐ │     │ 3 Critical      │
+│ requirements.txt│     │ │ NVD API 2.0 │ │     │ 5 High          │
+│ go.mod          │     │ └─────────────┘ │     │ 2 Medium        │
+│ Cargo.toml      │     │ ┌─────────────┐ │     │                 │
+│ ...             │     │ │ Google OSV  │ │     │ + Fix Commands  │
+│                 │     │ └─────────────┘ │     │                 │
+└─────────────────┘     └─────────────────┘     └─────────────────┘
+```
+
+---
+
+## Supported Languages (Default)
+
+| Language | Package Managers | Files Analyzed |
+|:--------:|:-----------------|:---------------|
+| **JavaScript** | npm, yarn, pnpm | `package.json`, `package-lock.json`, `yarn.lock` |
+| **Python** | pip, poetry, pipenv | `requirements.txt`, `pyproject.toml`, `Pipfile` |
+| **Go** | go mod | `go.mod`, `go.sum` |
+| **Java** | Maven, Gradle | `pom.xml`, `build.gradle` |
+| **Ruby** | Bundler | `Gemfile`, `Gemfile.lock` |
+| **Rust** | Cargo | `Cargo.toml`, `Cargo.lock` |
+| **PHP** | Composer | `composer.json`, `composer.lock` |
+
+---
+
+## Analysis Levels
+
+Choose the depth of analysis that fits your needs:
+
+| Level | What It Scans | Best For |
+|:-----:|:--------------|:---------|
+| **1** | Manifest files only | Quick CI checks |
+| **2** | + Lock files (transitive deps) | Regular development (default) |
+| **3** | + Source code imports | Pre-release audits |
+
+```bash
+# Quick scan - manifest files only (Level 1)
+cve-sentinel scan --level 1
+
+# Standard scan - includes lock files (Level 2, default)
+cve-sentinel scan
+
+# Deep scan - includes source code analysis (Level 3)
+cve-sentinel scan --level 3
+
+# Scan specific directory with level
+cve-sentinel scan /path/to/project --level 3
+```
+
+---
+
+## Usage
+
+```bash
+cve-sentinel scan [PATH] [OPTIONS]
+```
+
+| Option | Description |
+|--------|-------------|
+| `PATH` | Target directory to scan (default: current directory) |
+| `--level`, `-l` | Analysis level: 1, 2, or 3 (default: 2) |
+| `--exclude`, `-e` | Paths to exclude (can be specified multiple times) |
+| `--verbose`, `-v` | Enable verbose output |
+| `--fail-on` | Exit with error if vulnerabilities at or above this severity (default: HIGH) |
+
+### Examples
+
+```bash
+# Basic scan
+cve-sentinel scan
+
+# Scan with exclusions
+cve-sentinel scan --exclude node_modules --exclude dist
+
+# CI/CD usage - fail on critical vulnerabilities only
+cve-sentinel scan --fail-on CRITICAL
+
+# Verbose deep scan
+cve-sentinel scan /path/to/project --level 3 --verbose
+```
+
+---
+
+## Configuration (Optional)
+
+For persistent settings, create `.cve-sentinel.yaml` in your project root:
+
+```yaml
+# Scan settings
+analysis_level: 2
+
+# Exclude paths (e.g., test fixtures)
+exclude:
+  - node_modules/
+  - vendor/
+  - .venv/
+
+# Cache settings
+cache_ttl_hours: 24
+
+# Auto-scan on Claude Code startup
+auto_scan_on_startup: true
+```
+
+CLI options override configuration file settings.
+
+---
+
+## Custom File Patterns
+
+Your unique projects sometimes use non-standard file names for their dependencies. CVE Sentinel lets you specify additional file patterns to scan:
+
+```yaml
+# .cve-sentinel.yaml
+custom_patterns:
+  python:
+    manifests:
+      - "deps/*.txt"
+      - "requirements-*.txt"
+    locks:
+      - "custom.lock"
+  javascript:
+    manifests:
+      - "dependencies.json"
+```
+
+### Supported Ecosystems
+
+| Config Key | Aliases | Default Files |
+|:-----------|:--------|:--------------|
+| `javascript` | `npm` | `package.json`, `package-lock.json`, `yarn.lock` |
+| `python` | `pypi` | `requirements.txt`, `pyproject.toml`, `Pipfile` |
+| `go` | - | `go.mod`, `go.sum` |
+| `java` | `maven`, `gradle` | `pom.xml`, `build.gradle` |
+| `ruby` | `rubygems` | `Gemfile`, `Gemfile.lock` |
+| `rust` | `crates.io` | `Cargo.toml`, `Cargo.lock` |
+| `php` | `packagist` | `composer.json`, `composer.lock` |
+
+Custom patterns **extend** the defaults - your standard files are always scanned.
+
+---
+
+## Claude Code Integration
+
+CVE Sentinel is designed to work seamlessly with [Claude Code](https://claude.ai/code). After running `cve-sentinel init`, it will:
+
+1. Automatically scan your project when you start a Claude Code session
+2. Report vulnerabilities directly in your conversation
+3. Suggest fixes that Claude can help you implement
+
+---
+
+## Sample Output
+
+```
+⚠ CVE Scan Complete: 73 vulnerabilities found
+
+[CVE-2025-xxxxx] (Description)
+Severity: 
+Description: 
+Affected Files: '/path/where/this/vuln/exists'
+Fix:
+...
+```
+
+---
+
+## Troubleshooting
+
+#### API Rate Limiting
+
+```
+Error querying OSV for npm: OSV API bad request: {"code":3,"message":"Too many queries."}
+```
+
+**Cause:** Too many requests to OSV API in a short period.
+
+**Solution:** The tool automatically retries with exponential backoff. For large projects, the scan may take longer. If errors persist, wait a few minutes and try again.
+
+---
+
+#### CVSS Score Parsing Error
+
+```
+could not convert string to float: 'CVSS:3.1/AV:N/AC:L/...'
+```
+
+**Cause:** Older version of CVE Sentinel. This was fixed in recent updates.
+
+**Solution:** Update to the latest version:
+```bash
+pip install --upgrade cve-sentinel
+```
+
+---
+
+#### Configuration Errors
+
+| Error | Cause | Solution |
+|-------|-------|----------|
+| `analysis_level must be between 1 and 3` | Invalid analysis level | Use `--level 1`, `2`, or `3` |
+| `target_path does not exist` | Invalid scan path | Check the path exists |
+| `Failed to parse YAML config file` | Invalid YAML syntax | Check `.cve-sentinel.yaml` syntax |
+
+---
+
+#### NVD API Errors
+
+```
+NVD API rate limit exceeded
+```
+
+**Cause:** NVD API has strict rate limits without an API key (5 requests per 30 seconds).
+
+**Solution:** Get a free API key from [NVD](https://nvd.nist.gov/developers/request-an-api-key) and set it:
+```bash
+export CVE_SENTINEL_NVD_API_KEY=your-api-key-here
+```
+
+---
+
+#### Python Version Error
+
+```
+Package 'cve-sentinel' requires a different Python: 3.8.x not in '>=3.9'
+```
+
+**Cause:** Python version is too old.
+
+**Solution:** Use Python 3.9 or later:
+```bash
+python3.9 -m pip install cve-sentinel
+```
+
+---
+
+## Development
+
+```bash
+# Clone and install
+git clone https://github.com/cawa102/cveSentinel.git
+cd cveSentinel
+pip install -e ".[dev]"
+
+# Run tests
+pytest
+
+# Run linting
+ruff check .
+```
+
+---
+
+## Contributing
+
+Contributions are welcome! Whether it's:
+- Adding support for new languages
+- Improving vulnerability detection
+- Enhancing the user experience
+
+Please feel free to submit a Pull Request.
+
+---
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.
+
+---
+
+<p align="center">
+  <sub>Built with security in mind. Powered by Claude Code.</sub>
+</p>

cve_sentinel-0.1.2.dist-info/RECORD

@@ -0,0 +1,28 @@
+cve_sentinel/__init__.py,sha256=HowscLA_5Sy5_ptiYrtKGLjAefEwi0mFpQzNt27EnEM,129
+cve_sentinel/__main__.py,sha256=Vy6kHEjA5oh3SqGVNTzHchb60RBfrKXv4HCYN9Qlc_Y,418
+cve_sentinel/cli.py,sha256=W8npIMXiITeu5Za9zTSGd3JiqFpohweCTASeDYJTfAI,15386
+cve_sentinel/config.py,sha256=CrxwXp4kojy95JCu2wcCDEVRzchXT-A-ma-oqyhZw6Q,10728
+cve_sentinel/matcher.py,sha256=YuYLf4Tl9kvt3-Y7eB00V2JOK7pz-2YVrZK8tb7OR_0,16208
+cve_sentinel/reporter.py,sha256=3LfremgiTpcJ9Pl-FPgMKUwTWes24asnrURyWnZKdaU,17205
+cve_sentinel/scanner.py,sha256=wcCDeOkMUvkNUhxwnIextDT-GMOs-9arXuS6M0yM_d4,16956
+cve_sentinel/analyzers/__init__.py,sha256=tsT2Fdi5vCJ-uZBDMVRAJKlW3ogmiRRMP--XS4kMnAk,388
+cve_sentinel/analyzers/base.py,sha256=UJE_G4gHv-vAjFOkZ7nt6jBgeue7I8zN_gqmCblfcEs,8500
+cve_sentinel/analyzers/go.py,sha256=GTzAPmeh7Q2_mNf9YWhr8zMyut0C2Wlq8CM5hugJmbU,6232
+cve_sentinel/analyzers/maven.py,sha256=cMd6tTJNp8GEeqp7YC65ThCnqnj6FbgvrwxY7lXsDdo,10209
+cve_sentinel/analyzers/npm.py,sha256=i8e08omv9Wchz32QRnIhpteifoNA7h23Z2TfsTAvAdM,19100
+cve_sentinel/analyzers/php.py,sha256=OBeytOrXumkZ6W5MiMHnhWZBFdV95mf3suooRScYP2k,7461
+cve_sentinel/analyzers/python.py,sha256=MKBHJLuhr7ceMgTtT3xlTXl1xAIrpg7r_XqnxMX_vg4,15379
+cve_sentinel/analyzers/ruby.py,sha256=zFwsUNavYaOBiD6MdDeFlyMg_TXSrJRkQ_4j1PAzNZk,6111
+cve_sentinel/analyzers/rust.py,sha256=6IH4wqIgdMOGHoPowb4VXyFcM0X0GfdjFegX0hFR--g,6137
+cve_sentinel/fetchers/__init__.py,sha256=lqAp52R6EyYC7MfgYo287Ymh_gtik8vAJ3dqLv327M8,485
+cve_sentinel/fetchers/nvd.py,sha256=ovzzo1y0CR1QF5daEvwPeUqjgEPvPCdW3VTIpWyl6Fw,17618
+cve_sentinel/fetchers/osv.py,sha256=cBvJVqY15ful94UvwWZ_l5fKfp1j4v2S12A8EtTQNfg,25061
+cve_sentinel/scanners/__init__.py,sha256=htV1OmddHB-vEKSbCp3sN3zizXqI_Kqeg21jkiNKKsc,262
+cve_sentinel/scanners/import_scanner.py,sha256=bXUjFptC63ah7BRbiY_JyPSvqvQ2GK3iSpPJRIy58AU,31249
+cve_sentinel/utils/__init__.py,sha256=i6d_QBSU-o16PBsc8jf4SkbafpQgxLhxhTKyCmDk4bA,105
+cve_sentinel/utils/cache.py,sha256=M5T0U4tsDXqYOLx1YBhTcOkrGPpWZMWkqa8AwGJhTV8,1884
+cve_sentinel-0.1.2.dist-info/METADATA,sha256=N7XlhmseWWD68oClZ7YnopErkw8QHdxzFEHj1ipRfl8,13146
+cve_sentinel-0.1.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cve_sentinel-0.1.2.dist-info/entry_points.txt,sha256=OCiZ0R3t_49TrRPZ0sjAifNLGZf_tX3t-XI6Mf8S7sM,55
+cve_sentinel-0.1.2.dist-info/licenses/LICENSE,sha256=nKogRyhTBgdwgF4EvPOB_H4RPcUROXPDbhJr0UYmPdk,1074
+cve_sentinel-0.1.2.dist-info/RECORD,,

cve_sentinel-0.1.2.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any

cve_sentinel-0.1.2.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+cve-sentinel = cve_sentinel.cli:main

cve_sentinel-0.1.2.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 CVE Sentinel Team
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.