guarddog 2.0.5__py3-none-any.whl → 2.0.6__py3-none-any.whl

guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml

@@ -5,7 +5,7 @@ rules:
     metadata:
       description: Identify when a package reads and exfiltrates sensitive data from the local system
     pattern-sources:
-      - pattern: os.environ.items()
+      - pattern: os.environ
       - pattern: '[... for ... in os.environ.items()]'
       - pattern: socket.gethostname()
       - pattern: getpass.getuser()

guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml

@@ -10,6 +10,19 @@ rules:
           - patterns:              
             - pattern-either:
               - pattern: process.env
+
+          - patterns:  
+            - pattern-either: # after defining fs
+                - pattern-inside: |
+                    $OS = require('os')
+                    ...
+            - pattern-either: 
+                # match use of ootb functions
+                - pattern: $OS. ... .homedir()
+                - pattern: $OS. ... .hostname()
+                - pattern: $OS. ... .userInfo()
+
+
           - patterns:  
             - pattern-either: # after defining fs
                 - pattern-inside: |
@@ -31,11 +44,6 @@ rules:
                     import $FS from 'fs/promises'
                     ...
             - pattern-either: 
-                # match use of ootb functions
-                - pattern: $FS. ... .homedir()
-                - pattern: $FS. ... .hostname()
-                - pattern: $FS. ... .userInfo()
-
                 # match access to sensitive files
                 - patterns:
                     - pattern-either:

guarddog/analyzer/sourcecode/shady-links.yml

@@ -31,8 +31,8 @@ rules:
         - pattern: ("...")
         - pattern-either:
             # complete domains
-            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(bit\.ly|discord\.com|workers\.dev|transfer\.sh|filetransfer\.io|sendspace\.com|appdomain\.cloud|backblazeb2\.com\|paste\.ee|ngrok\.io|termbin\.com|localhost\.run|webhook\.site|oastify\.com|burpcollaborator\.me)\/)
-            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(oast\.(pro|live|site|online|fun|me)|api\.telegram\.org|rentry\.co)\/)
+            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(bit\.ly|discord\.com|workers\.dev|transfer\.sh|filetransfer\.io|sendspace\.com|appdomain\.cloud|backblazeb2\.com\|paste\.ee|ngrok\.io|termbin\.com|localhost\.run|webhook\.site|oastify\.com|burpcollaborator\.me)\b)
+            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(oast\.(pro|live|site|online|fun|me)|api\.telegram\.org|rentry\.co|ngrok-free\.(app|dev))\b)
             # top-level domains
             - pattern-regex: (https?:\/\/[^\n\[\/\?#"']*?\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream)\/)
             # IPv4
@@ -46,6 +46,7 @@ rules:
         - "*/test_*"
     languages:
       - javascript
+      - json
       - python
       - typescript
       - go

{guarddog-2.0.5.dist-info → guarddog-2.0.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: guarddog
-Version: 2.0.5
+Version: 2.0.6
 Summary: GuardDog is a CLI tool to Identify malicious PyPI packages
 Home-page: https://github.com/DataDog/guarddog
 License: Apache-2.0
@@ -18,7 +18,7 @@ Requires-Dist: colorama (>=0.4.6,<0.5.0)
 Requires-Dist: configparser (>=5.3,<8.0)
 Requires-Dist: disposable-email-domains (>=0.0.103,<0.0.108)
 Requires-Dist: prettytable (>=3.6.0,<4.0.0)
-Requires-Dist: pygit2 (>=1.11,<1.16)
+Requires-Dist: pygit2 (>=1.11,<1.17)
 Requires-Dist: python-dateutil (>=2.8.2,<3.0.0)
 Requires-Dist: python-whois (>=0.8,<0.10)
 Requires-Dist: pyyaml (>=6.0,<7.0)

{guarddog-2.0.5.dist-info → guarddog-2.0.6.dist-info}/RECORD

@@ -47,17 +47,17 @@ guarddog/analyzer/sourcecode/code-execution.yml,sha256=gbnbvpnmSCY3Q5BANziWCRA-J
 guarddog/analyzer/sourcecode/dll-hijacking.yml,sha256=GwsOIN8lgmKhMk9IibDm1lHE6roPNYVnTx62Cd470qc,3337
 guarddog/analyzer/sourcecode/download-executable.yml,sha256=8Q1Swughd3xuYA_yYfrWJItJOaZet2-xO8pc5WMCjk8,3055
 guarddog/analyzer/sourcecode/exec-base64.yml,sha256=Wg1jI_ff9I58Xq8gt8wXOQMrwHcPnzkAPyAURxnKHgw,2371
-guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml,sha256=e8dj10HABb36rSgvZlqsIaiJkMehjQwrvauQusknZeQ,2272
+guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml,sha256=hUxQEsJ4qF_25oMF8pdzAFOzq59m6k28WKz280uyaMg,2264
 guarddog/analyzer/sourcecode/npm-dll-hijacking.yml,sha256=TPIXvWm8Ot9RVtDXWFmoNZw9-3PH7NuXK6x1fQCiRt4,3506
 guarddog/analyzer/sourcecode/npm-exec-base64.yml,sha256=zc5w2FTlHoZ7ot1flzlmYBkQu1I8eG1E63S5Aki7Goc,814
-guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml,sha256=UP-GlZ5VykHWFebgIiHrkrQL9PdtjxR99_m2FZddmuw,3011
+guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml,sha256=0FO91YbLuy0t4YwzE-g6fPfHPYMU4GW9TS3gbRS6Ras,3218
 guarddog/analyzer/sourcecode/npm-install-script.yml,sha256=6BLe_V0SGEi1C79Y-FEIcMYHl4vLOOz8bLPrCU5jre8,1329
 guarddog/analyzer/sourcecode/npm-obfuscation.yml,sha256=FAW9toHYU8adzKv5E68M29OQ4sLO89GwORsXpSr2-50,2026
 guarddog/analyzer/sourcecode/npm-serialize-environment.yml,sha256=gFpr58INp44ZwxYZlIHyzpOgbVMDLv1ZRPTGAczX5dw,835
 guarddog/analyzer/sourcecode/npm-silent-process-execution.yml,sha256=qnJHGesNPNpxGa8n2kQMpttLGck-6vZjI_SsweDyk7M,3513
 guarddog/analyzer/sourcecode/npm-steganography.yml,sha256=XH0udcriAQq_6WOHAG4TpIedw8GgKyWx9gsG_Q_Fki8,915
 guarddog/analyzer/sourcecode/obfuscation.yml,sha256=EwGwmQSftIvyDZ0BZZBT37kS7chtO99s36MfXeZ6hHw,1091
-guarddog/analyzer/sourcecode/shady-links.yml,sha256=NbfafE139JDiZyk6Hsh6WH5_gKTacXr9EgasFgLmQ2U,2469
+guarddog/analyzer/sourcecode/shady-links.yml,sha256=ESosXckp2cFJl3Qr_cLDjw6kn_7mKzuWNlQJIfPH0ps,2504
 guarddog/analyzer/sourcecode/silent-process-execution.yml,sha256=b6RjenMv7si7lXGak3uMmD7PMtQRuKPeJFggPW6UDNI,418
 guarddog/analyzer/sourcecode/steganography.yml,sha256=3ceO6SJhu4XpZEjfwelLdOxeZ4Ho1OgUjbcacwtOhR0,606
 guarddog/cli.py,sha256=TPSKAb9b6AHZB3rqtqd4zZeoCYWMYhEdCOzwFvMJQYI,13185
@@ -77,10 +77,10 @@ guarddog/utils/archives.py,sha256=jOXAhxZx-mTtpDidGGKxQg052CvaQOAVklvOeUn9HTQ,25
 guarddog/utils/config.py,sha256=Msz7altsmNKry0vBPtL2BJ_VdBXsBFZX5ksLvXc2ix4,1403
 guarddog/utils/exceptions.py,sha256=23Kzl3exqYK6X-bcGUeb8wPmSglWNX3GIDPkJ6lQzo4,54
 guarddog/utils/package_info.py,sha256=TFjE1xsGNf60SuHlIeDV2pzMUbogl5TKJdSzswat6jI,953
-guarddog-2.0.5.dist-info/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
-guarddog-2.0.5.dist-info/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
-guarddog-2.0.5.dist-info/METADATA,sha256=L7yDHe2VUivW3vm-GLg5D9KeuHOXoDHU1QAVmhbkPMQ,1471
-guarddog-2.0.5.dist-info/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
-guarddog-2.0.5.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
-guarddog-2.0.5.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
-guarddog-2.0.5.dist-info/RECORD,,
+guarddog-2.0.6.dist-info/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
+guarddog-2.0.6.dist-info/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
+guarddog-2.0.6.dist-info/METADATA,sha256=x8uspSp2ai-CjVt_DYzsMrb9QUWL27k6ojs6gODlhK8,1471
+guarddog-2.0.6.dist-info/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
+guarddog-2.0.6.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
+guarddog-2.0.6.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
+guarddog-2.0.6.dist-info/RECORD,,