empathy-framework 4.6.6__py3-none-any.whl → 4.7.0__py3-none-any.whl

empathy_software_plugin/wizards/security/exploit_analyzer.py

@@ -1,290 +0,0 @@
-"""Exploit Analyzer (Level 4)
-
-Analyzes which vulnerabilities are actually exploitable.
-
-This is Level 4 Anticipatory Empathy - predicting which security issues
-will actually be exploited in the wild.
-
-Copyright 2025 Smart AI Memory, LLC
-Licensed under Fair Source 0.9
-"""
-
-from dataclasses import dataclass
-from typing import Any
-
-
-@dataclass
-class ExploitabilityAssessment:
-    """Assessment of how exploitable a vulnerability is"""
-
-    vulnerability: dict[str, Any]
-    exploitability: str  # "CRITICAL", "HIGH", "MEDIUM", "LOW"
-    accessibility: str  # "public", "authenticated", "internal"
-    attack_complexity: str  # "low", "medium", "high"
-    exploit_likelihood: float  # 0.0 to 1.0
-    reasoning: list[str]
-    real_world_examples: list[str]
-    mitigation_urgency: str
-
-
-class ExploitAnalyzer:
-    """Analyzes exploitability of security vulnerabilities.
-
-    Level 4: Predicts which vulnerabilities will actually be exploited.
-    """
-
-    def __init__(self):
-        # Known attack patterns from real-world incidents
-        self.active_attack_patterns = {
-            "SQL Injection": {
-                "likelihood": 0.9,
-                "reason": "Actively scanned by automated tools",
-                "examples": ["SQLMap", "Havij", "automated bots"],
-            },
-            "Command Injection": {
-                "likelihood": 0.95,
-                "reason": "Direct remote code execution - high value target",
-                "examples": ["Log4Shell", "Shellshock"],
-            },
-            "Hardcoded Credentials": {
-                "likelihood": 0.85,
-                "reason": "Credentials harvested from GitHub leaks",
-                "examples": ["GitHub scanning bots", "credential stuffing"],
-            },
-            "Cross-Site Scripting": {
-                "likelihood": 0.7,
-                "reason": "Common in web apps, automated scanners detect",
-                "examples": ["BeEF", "XSS Hunter"],
-            },
-            "Insecure Deserialization": {
-                "likelihood": 0.8,
-                "reason": "Remote code execution vector",
-                "examples": ["Java deserialization attacks"],
-            },
-            "Path Traversal": {
-                "likelihood": 0.75,
-                "reason": "File system access, automated detection",
-                "examples": ["Directory traversal attacks"],
-            },
-        }
-
-    def assess_exploitability(
-        self,
-        vulnerability: dict[str, Any],
-        context: dict[str, Any] | None = None,
-    ) -> ExploitabilityAssessment:
-        """Assess how exploitable a vulnerability is.
-
-        Args:
-            vulnerability: Detected vulnerability
-            context: Additional context (endpoint exposure, auth, etc.)
-
-        Returns:
-            ExploitabilityAssessment
-
-        Example:
-            >>> vuln = {"name": "SQL Injection", "severity": "CRITICAL", ...}
-            >>> assessment = analyzer.assess_exploitability(vuln, {
-            ...     "endpoint_public": True,
-            ...     "has_auth": False
-            ... })
-            >>> print(f"Exploitability: {assessment.exploitability}")
-
-        """
-        context = context or {}
-
-        vuln_name = vulnerability.get("name", "Unknown")
-
-        # Get base attack pattern info
-        attack_info = self.active_attack_patterns.get(
-            vuln_name,
-            {"likelihood": 0.5, "reason": "Unknown attack pattern", "examples": []},
-        )
-
-        # Determine accessibility
-        accessibility = self._determine_accessibility(vulnerability, context)
-
-        # Determine attack complexity
-        attack_complexity = self._determine_attack_complexity(vulnerability, context)
-
-        # Calculate exploit likelihood
-        exploit_likelihood = self._calculate_exploit_likelihood(
-            attack_info["likelihood"],
-            accessibility,
-            attack_complexity,
-            vulnerability.get("severity", "MEDIUM"),
-        )
-
-        # Generate reasoning
-        reasoning = self._generate_reasoning(
-            vulnerability,
-            accessibility,
-            attack_complexity,
-            attack_info,
-        )
-
-        # Determine exploitability rating
-        exploitability = self._determine_exploitability_rating(exploit_likelihood)
-
-        # Determine mitigation urgency
-        mitigation_urgency = self._determine_mitigation_urgency(
-            exploitability,
-            accessibility,
-            vulnerability.get("severity", "MEDIUM"),
-        )
-
-        return ExploitabilityAssessment(
-            vulnerability=vulnerability,
-            exploitability=exploitability,
-            accessibility=accessibility,
-            attack_complexity=attack_complexity,
-            exploit_likelihood=exploit_likelihood,
-            reasoning=reasoning,
-            real_world_examples=attack_info.get("examples", []),
-            mitigation_urgency=mitigation_urgency,
-        )
-
-    def _determine_accessibility(
-        self,
-        vulnerability: dict[str, Any],
-        context: dict[str, Any],
-    ) -> str:
-        """Determine if vulnerability is publicly accessible"""
-        # Check context clues
-        if context.get("endpoint_public") is True:
-            return "public"
-
-        if context.get("endpoint_public") is False:
-            return "internal"
-
-        if context.get("requires_authentication"):
-            return "authenticated"
-
-        # Infer from file path
-        file_path = vulnerability.get("file_path", "")
-
-        if any(p in file_path.lower() for p in ["api", "public", "web", "routes"]):
-            return "public"
-
-        if any(p in file_path.lower() for p in ["admin", "internal"]):
-            return "internal"
-
-        # Default to public for web-related vulnerabilities
-        if vulnerability.get("category") in ["injection", "cross_site_scripting"]:
-            return "public"
-
-        return "authenticated"
-
-    def _determine_attack_complexity(
-        self,
-        vulnerability: dict[str, Any],
-        context: dict[str, Any],
-    ) -> str:
-        """Determine attack complexity"""
-        vuln_name = vulnerability.get("name", "")
-
-        # Low complexity attacks
-        if any(
-            v in vuln_name for v in ["SQL Injection", "Command Injection", "Hardcoded Credentials"]
-        ):
-            return "low"
-
-        # Medium complexity
-        if any(v in vuln_name for v in ["XSS", "CSRF", "Path Traversal"]):
-            return "medium"
-
-        # High complexity
-        if any(v in vuln_name for v in ["Deserialization", "Race Condition"]):
-            return "high"
-
-        return "medium"
-
-    def _calculate_exploit_likelihood(
-        self,
-        base_likelihood: float,
-        accessibility: str,
-        attack_complexity: str,
-        severity: str,
-    ) -> float:
-        """Calculate overall exploit likelihood"""
-        likelihood = base_likelihood
-
-        # Adjust for accessibility
-        if accessibility == "public":
-            likelihood *= 1.2  # More likely if publicly accessible
-        elif accessibility == "authenticated":
-            likelihood *= 0.8
-        elif accessibility == "internal":
-            likelihood *= 0.5
-
-        # Adjust for attack complexity
-        complexity_multipliers = {"low": 1.2, "medium": 1.0, "high": 0.7}
-        likelihood *= complexity_multipliers.get(attack_complexity, 1.0)
-
-        # Adjust for severity
-        if severity == "CRITICAL":
-            likelihood *= 1.1
-
-        # Cap at 1.0
-        return min(likelihood, 1.0)
-
-    def _generate_reasoning(
-        self,
-        vulnerability: dict[str, Any],
-        accessibility: str,
-        attack_complexity: str,
-        attack_info: dict[str, Any],
-    ) -> list[str]:
-        """Generate reasoning for exploitability assessment"""
-        reasoning = []
-
-        # Accessibility reasoning
-        if accessibility == "public":
-            reasoning.append("Endpoint is publicly accessible")
-        elif accessibility == "authenticated":
-            reasoning.append("Requires authentication - reduces attack surface")
-        else:
-            reasoning.append("Internal access only - limited exposure")
-
-        # Attack complexity reasoning
-        if attack_complexity == "low":
-            reasoning.append("Low attack complexity - easy to exploit")
-        elif attack_complexity == "high":
-            reasoning.append("High attack complexity - requires expertise")
-
-        # Pattern-based reasoning
-        if attack_info.get("reason"):
-            reasoning.append(f"In our experience: {attack_info['reason']}")
-
-        return reasoning
-
-    def _determine_exploitability_rating(self, exploit_likelihood: float) -> str:
-        """Determine exploitability rating"""
-        if exploit_likelihood > 0.8:
-            return "CRITICAL"
-        if exploit_likelihood > 0.6:
-            return "HIGH"
-        if exploit_likelihood > 0.4:
-            return "MEDIUM"
-        return "LOW"
-
-    def _determine_mitigation_urgency(
-        self,
-        exploitability: str,
-        accessibility: str,
-        severity: str,
-    ) -> str:
-        """Determine how urgently to mitigate"""
-        if exploitability == "CRITICAL" and accessibility == "public":
-            return "IMMEDIATE - Fix before next deployment"
-
-        if exploitability == "CRITICAL" or (exploitability == "HIGH" and accessibility == "public"):
-            return "URGENT - Fix within 24 hours"
-
-        if exploitability == "HIGH" or severity == "CRITICAL":
-            return "HIGH - Fix within 1 week"
-
-        if exploitability == "MEDIUM":
-            return "MEDIUM - Fix in next sprint"
-
-        return "LOW - Schedule for future sprint"

empathy_software_plugin/wizards/security/owasp_patterns.py

@@ -1,241 +0,0 @@
-"""OWASP Top 10 Pattern Detection
-
-Detects security vulnerabilities based on OWASP Top 10.
-
-Copyright 2025 Smart AI Memory, LLC
-Licensed under Fair Source 0.9
-"""
-
-import re
-from dataclasses import dataclass
-from enum import Enum
-from typing import Any
-
-
-class OWASPCategory(Enum):
-    """OWASP Top 10 categories"""
-
-    INJECTION = "injection"
-    BROKEN_AUTH = "broken_authentication"
-    SENSITIVE_DATA = "sensitive_data_exposure"
-    CRYPTOGRAPHIC_FAILURES = "cryptographic_failures"
-    XML_EXTERNAL = "xml_external_entities"
-    BROKEN_ACCESS = "broken_access_control"
-    SECURITY_MISCONFIG = "security_misconfiguration"
-    XSS = "cross_site_scripting"
-    INSECURE_DESERIALIZATION = "insecure_deserialization"
-    COMPONENTS_VULNS = "components_with_known_vulnerabilities"
-    INSUFFICIENT_LOGGING = "insufficient_logging"
-
-
-@dataclass
-class SecurityPattern:
-    """Security vulnerability pattern"""
-
-    category: OWASPCategory
-    name: str
-    patterns: list[str]  # Regex patterns
-    severity: str  # "CRITICAL", "HIGH", "MEDIUM", "LOW"
-    description: str
-    example_vulnerable: str
-    example_safe: str
-
-
-class OWASPPatternDetector:
-    """Detects OWASP Top 10 vulnerability patterns in code."""
-
-    def __init__(self):
-        self.patterns = self._build_pattern_library()
-
-    def _build_pattern_library(self) -> list[SecurityPattern]:
-        """Build library of OWASP patterns"""
-        return [
-            # SQL Injection
-            SecurityPattern(
-                category=OWASPCategory.INJECTION,
-                name="SQL Injection",
-                patterns=[
-                    r"f['\"]SELECT .+?\{.+?\}",  # F-string with SQL
-                    r"f['\"]INSERT .+?\{.+?\}",
-                    r"f['\"]UPDATE .+?\{.+?\}",
-                    r"f['\"]DELETE .+?\{.+?\}",
-                    r"['\"]SELECT.*['\"][\s]*\+",  # String concatenation with SQL
-                    r"['\"]INSERT.*['\"][\s]*\+",
-                    r"['\"]UPDATE.*['\"][\s]*\+",
-                    r"['\"]DELETE.*['\"][\s]*\+",
-                    r"execute\s*\(\s*f['\"]",  # execute with f-string
-                    r"cursor\.execute.*?%.*?%",  # Old-style formatting
-                ],
-                severity="CRITICAL",
-                description="SQL query built with string concatenation - vulnerable to injection",
-                example_vulnerable="cursor.execute(f\"SELECT * FROM users WHERE name='{username}'\")",
-                example_safe="cursor.execute('SELECT * FROM users WHERE name = ?', (username,))",
-            ),
-            # Command Injection
-            SecurityPattern(
-                category=OWASPCategory.INJECTION,
-                name="Command Injection",
-                patterns=[
-                    r"os\.system\s*\(.*?\+",  # os.system with concatenation
-                    r"subprocess\.\w+\(.*?shell\s*=\s*True",  # shell=True is dangerous
-                    r"eval\s*\(",  # eval() is very dangerous
-                    r"exec\s*\(",  # exec() is very dangerous
-                ],
-                severity="CRITICAL",
-                description="Command execution with unsanitized input",
-                example_vulnerable="os.system('rm ' + user_file)",
-                example_safe="subprocess.run(['rm', user_file])",
-            ),
-            # XSS (Cross-Site Scripting)
-            SecurityPattern(
-                category=OWASPCategory.XSS,
-                name="Cross-Site Scripting",
-                patterns=[
-                    r"innerHTML\s*=",  # Direct innerHTML assignment
-                    r"document\.write\s*\(",  # document.write with user input
-                    r"\.html\s*\(.*?\+",  # jQuery .html() with concatenation
-                    r"dangerouslySetInnerHTML",  # React dangerous prop
-                ],
-                severity="HIGH",
-                description="User input rendered without sanitization",
-                example_vulnerable="element.innerHTML = userInput",
-                example_safe="element.textContent = userInput",
-            ),
-            # Hardcoded Credentials
-            SecurityPattern(
-                category=OWASPCategory.BROKEN_AUTH,
-                name="Hardcoded Credentials",
-                patterns=[
-                    r"password\s*=\s*['\"][^'\"]+['\"]",  # password = "secret"
-                    r"api_key\s*=\s*['\"][^'\"]+['\"]",
-                    r"secret[\w_]*\s*=\s*['\"][^'\"]+['\"]",  # secret or secret_token or secret_key
-                    r"token\s*=\s*['\"][A-Za-z0-9]{20,}['\"]",
-                ],
-                severity="CRITICAL",
-                description="Hardcoded credentials in source code",
-                example_vulnerable="password = 'admin123'",
-                example_safe="password = os.environ.get('DB_PASSWORD')",
-            ),
-            # Weak Cryptography
-            SecurityPattern(
-                category=OWASPCategory.CRYPTOGRAPHIC_FAILURES,
-                name="Weak Cryptography",
-                patterns=[
-                    r"MD5\(",  # MD5 is broken
-                    r"SHA1\(",  # SHA1 is weak
-                    r"DES\(",  # DES is obsolete
-                    r"Random\(",  # Not cryptographically secure
-                ],
-                severity="HIGH",
-                description="Weak or broken cryptographic algorithm",
-                example_vulnerable="hashlib.md5(password)",
-                example_safe="hashlib.sha256(password)",
-            ),
-            # Missing Authentication
-            SecurityPattern(
-                category=OWASPCategory.BROKEN_AUTH,
-                name="Missing Authentication Check",
-                patterns=[
-                    r"@app\.route.*?\n(?!.*@.*require.*auth).*?def",  # Flask route without auth
-                    r"router\.\w+\(.*?\).*?\n(?!.*auth).*?function",  # Express route without auth
-                ],
-                severity="CRITICAL",
-                description="Endpoint lacks authentication check",
-                example_vulnerable="@app.route('/admin')\\ndef admin_panel():",
-                example_safe="@app.route('/admin')\\n@require_auth\\ndef admin_panel():",
-            ),
-            # Insecure Deserialization
-            SecurityPattern(
-                category=OWASPCategory.INSECURE_DESERIALIZATION,
-                name="Insecure Deserialization",
-                patterns=[
-                    r"pickle\.loads?\(",  # Python pickle is unsafe
-                    r"yaml\.load\((?!.*Loader\s*=)",  # PyYAML unsafe load
-                    r"eval\(",  # Deserializing code
-                ],
-                severity="CRITICAL",
-                description="Deserializing untrusted data",
-                example_vulnerable="pickle.loads(user_data)",
-                example_safe="json.loads(user_data)",
-            ),
-            # Sensitive Data Logging
-            SecurityPattern(
-                category=OWASPCategory.SENSITIVE_DATA,
-                name="Sensitive Data in Logs",
-                patterns=[
-                    r"log.*password",
-                    r"print.*password",
-                    r"console\.log.*password",
-                    r"log.*credit.*card",
-                ],
-                severity="HIGH",
-                description="Logging sensitive data",
-                example_vulnerable="logger.info(f'Login: {username}:{password}')",
-                example_safe="logger.info(f'Login: {username}:***')",
-            ),
-            # Path Traversal
-            SecurityPattern(
-                category=OWASPCategory.BROKEN_ACCESS,
-                name="Path Traversal",
-                patterns=[
-                    r"open\s*\(.*?user.*?\)",  # open() with user input
-                    r"file_path\s*=.*?\+",  # Path concatenation
-                ],
-                severity="HIGH",
-                description="File path built from user input",
-                example_vulnerable="open('/uploads/' + user_file)",
-                example_safe="open(os.path.join(UPLOAD_DIR, secure_filename(user_file)))",
-            ),
-            # CSRF Missing Protection
-            SecurityPattern(
-                category=OWASPCategory.BROKEN_ACCESS,
-                name="Missing CSRF Protection",
-                patterns=[
-                    r"@app\.route.*?methods\s*=\s*\[.*?POST.*?\].*?\n(?!.*csrf).*?def",
-                ],
-                severity="MEDIUM",
-                description="POST endpoint without CSRF protection",
-                example_vulnerable="@app.route('/transfer', methods=['POST'])\\ndef transfer():",
-                example_safe="@app.route('/transfer', methods=['POST'])\\n@csrf_protect\\ndef transfer():",
-            ),
-        ]
-
-    def detect_vulnerabilities(self, code: str, file_path: str = "") -> list[dict[str, Any]]:
-        """Detect vulnerabilities in code.
-
-        Args:
-            code: Source code to analyze
-            file_path: Path to file (for context)
-
-        Returns:
-            List of detected vulnerabilities
-
-        """
-        vulnerabilities = []
-
-        for pattern_def in self.patterns:
-            for regex_pattern in pattern_def.patterns:
-                matches = re.finditer(regex_pattern, code, re.MULTILINE | re.IGNORECASE)
-
-                for match in matches:
-                    # Find line number
-                    line_number = code[: match.start()].count("\n") + 1
-
-                    vulnerabilities.append(
-                        {
-                            "category": pattern_def.category.value,
-                            "name": pattern_def.name,
-                            "severity": pattern_def.severity,
-                            "file_path": file_path,
-                            "line_number": line_number,
-                            "matched_code": match.group(0),
-                            "description": pattern_def.description,
-                            "example_safe": pattern_def.example_safe,
-                        },
-                    )
-
-        return vulnerabilities
-
-    def get_pattern_by_category(self, category: OWASPCategory) -> list[SecurityPattern]:
-        """Get all patterns for a category"""
-        return [p for p in self.patterns if p.category == category]