guarddog 2.3.0__py3-none-any.whl → 2.5.0__py3-none-any.whl

guarddog/analyzer/analyzer.py

@@ -333,15 +333,19 @@ output: {e.output}
 
         for result in response["results"]:
             rule_name = rule or result["check_id"].split(".")[-1]
-            code_snippet = result["extra"]["lines"]
-            line = result["start"]["line"]
+            start_line = result["start"]["line"]
+            end_line = result["end"]["line"]
 
             file_path = os.path.abspath(result["path"])
+            code = self.trim_code_snippet(
+                self.get_snippet(
+                    file_path=file_path, start_line=start_line, end_line=end_line
+                )
+            )
             if targetpath:
                 file_path = os.path.relpath(file_path, targetpath)
 
-            location = file_path + ":" + str(line)
-            code = self.trim_code_snippet(code_snippet)
+            location = file_path + ":" + str(start_line)
 
             finding = {
                 'location': location,
@@ -356,6 +360,33 @@ output: {e.output}
 
         return results
 
+    def get_snippet(self, file_path: str, start_line: int, end_line: int) -> str:
+        """
+        Returns the code snippet between start_line and stop_line in a file
+
+        Args:
+            path (str): path to file
+            start_line (int): starting line number
+            end_line (int): ending line number
+
+        Returns:
+            str: code snippet
+        """
+        snippet = []
+        try:
+            with open(file_path, 'r') as file:
+                for current_line_number, line in enumerate(file, start=1):
+                    if start_line <= current_line_number <= end_line:
+                        snippet.append(line)
+                    elif current_line_number > end_line:
+                        break
+        except FileNotFoundError:
+            log.error(f"File not found: {file_path}")
+        except Exception as e:
+            log.error(f"Error reading file {file_path}: {str(e)}")
+
+        return ''.join(snippet)
+
     # Makes sure the matching code to be displayed isn't too long
     def trim_code_snippet(self, code):
         THRESHOLD = 250

guarddog/analyzer/metadata/__init__.py

@@ -2,6 +2,7 @@ from guarddog.analyzer.metadata.detector import Detector
 from guarddog.analyzer.metadata.npm import NPM_METADATA_RULES
 from guarddog.analyzer.metadata.pypi import PYPI_METADATA_RULES
 from guarddog.analyzer.metadata.go import GO_METADATA_RULES
+from guarddog.analyzer.metadata.github_action import GITHUB_ACTION_METADATA_RULES
 from guarddog.ecosystems import ECOSYSTEM
 
 
@@ -13,3 +14,5 @@ def get_metadata_detectors(ecosystem: ECOSYSTEM) -> dict[str, Detector]:
             return NPM_METADATA_RULES
         case ECOSYSTEM.GO:
             return GO_METADATA_RULES
+        case ECOSYSTEM.GITHUB_ACTION:
+            return GITHUB_ACTION_METADATA_RULES

guarddog/analyzer/metadata/bundled_binary.py

@@ -14,7 +14,12 @@ class BundledBinary(Detector):
 
     # magic bytes are the first few bytes of a file that can be used to identify the file type
     # regardless of their extension
-    magic_bytes = {"exe": b"\x4D\x5A", "elf": b"\x7F\x45\x4C\x46"}
+    magic_bytes = {
+        "exe": b"\x4D\x5A",
+        "elf": b"\x7F\x45\x4C\x46",
+        "macho32": b"\xFE\xED\xFA\xCE",
+        "macho64": b"\xFE\xED\xFA\xCF",
+    }
 
     def __init__(self):
         super().__init__(

guarddog/analyzer/metadata/github_action/__init__.py

@@ -0,0 +1,11 @@
+from typing import Type
+
+from guarddog.analyzer.metadata import Detector
+
+GITHUB_ACTION_METADATA_RULES = {}
+
+classes: list[Type[Detector]] = []
+
+for detectorClass in classes:
+    detectorInstance = detectorClass()  # type: ignore
+    GITHUB_ACTION_METADATA_RULES[detectorInstance.get_name()] = detectorInstance

guarddog/analyzer/metadata/pypi/typosquatting.py

@@ -39,7 +39,7 @@ class PypiTyposquatDetector(TyposquatDetector):
                 }
         """
 
-        popular_packages_url = "https://hugovk.github.io/top-pypi-packages/top-pypi-packages-30-days.min.json"
+        popular_packages_url = "https://hugovk.github.io/top-pypi-packages/top-pypi-packages.min.json"
 
         top_packages_filename = "top_pypi_packages.json"
         resources_dir = TOP_PACKAGES_CACHE_LOCATION

guarddog/analyzer/sourcecode/__init__.py

@@ -71,34 +71,36 @@ for file_name in semgrep_rule_file_names:
         data = yaml.load(fd, Loader=SafeLoader)
         for rule in data["rules"]:
             for lang in rule["languages"]:
-                ecosystem = None
+                ecosystems = set()
                 match lang:
                     case "python":
-                        ecosystem = ECOSYSTEM.PYPI
+                        ecosystems.add(ECOSYSTEM.PYPI)
                     case "javascript" | "typescript" | "json":
-                        ecosystem = ECOSYSTEM.NPM
+                        ecosystems.add(ECOSYSTEM.NPM)
+                        ecosystems.add(ECOSYSTEM.GITHUB_ACTION)
                     case "go":
-                        ecosystem = ECOSYSTEM.GO
+                        ecosystems.add(ECOSYSTEM.GO)
                     case _:
                         continue
 
-                # avoids duplicates when multiple languages are supported by a rule
-                if not next(
-                    filter(
-                        lambda r: r.id == rule["id"],
-                        get_sourcecode_rules(ecosystem, SempgrepRule),
-                    ),
-                    None,
-                ):
-                    SOURCECODE_RULES.append(
-                        SempgrepRule(
-                            id=rule["id"],
-                            ecosystem=ecosystem,
-                            description=rule.get("metadata", {}).get("description", ""),
-                            file=file_name,
-                            rule_content=rule,
+                for ecosystem in ecosystems:
+                    # avoids duplicates when multiple languages are supported by a rule
+                    if not next(
+                        filter(
+                            lambda r: r.id == rule["id"],
+                            get_sourcecode_rules(ecosystem, SempgrepRule),
+                        ),
+                        None,
+                    ):
+                        SOURCECODE_RULES.append(
+                            SempgrepRule(
+                                id=rule["id"],
+                                ecosystem=ecosystem,
+                                description=rule.get("metadata", {}).get("description", ""),
+                                file=file_name,
+                                rule_content=rule,
+                            )
                         )
-                    )
 
 yara_rule_file_names = list(
     filter(lambda x: x.endswith("yar"), os.listdir(current_dir))

guarddog/analyzer/sourcecode/dll-hijacking.yml

@@ -62,11 +62,17 @@ rules:
       - patterns:
         # write a library to disk
         - patterns:
-            - pattern: |
-                ...
-                open($DLL,'wb')
-                ...
-                $FN(...,$EXE,...)
+            - pattern-either:
+              - pattern: |
+                  ...
+                  with open($DLL,'wb') as $FILE:
+                    ...
+                  $FN(...,$EXE,...)
+              - pattern: |
+                  ...
+                  $FILE = open($DLL,'wb')
+                  ...
+                  $FN(...,$EXE,...)
             - metavariable-pattern:
                 metavariable: $EXE
                 patterns:
@@ -82,5 +88,3 @@ rules:
             - focus-metavariable: $DLL
 
     severity: WARNING
-    options:
-      symbolic_propagation: true

guarddog/analyzer/sourcecode/download-executable.yml

@@ -12,6 +12,10 @@ rules:
               - pattern-either:
                   - pattern: (...).urlretrieve(...,$EXE)
                   - pattern: open($EXE, ...).write($REQUEST)
+                  - pattern: |
+                      $FILE = open($EXE, ...)
+                      ...
+                      $FILE.write($REQUEST)
                   - pattern: |
                       with open($EXE, ...) as $FILE:
                         ...
@@ -30,6 +34,12 @@ rules:
                       ...
                       $MAKE_EXEC
 
+                  - pattern: |
+                      $FILE = open($LOC, ...)
+                      ...
+                      $FILE.write($REQUEST)
+                      ...
+                      $MAKE_EXEC
                   - pattern: |
                       open($LOC, ...).write($REQUEST)
                       ...
@@ -93,5 +103,3 @@ rules:
           requests.get(...)
           ...
     severity: WARNING
-    options: 
-      symbolic_propagation: true

guarddog/analyzer/sourcecode/npm-dll-hijacking.yml

@@ -86,5 +86,3 @@ rules:
             - focus-metavariable: $DLL
 
     severity: WARNING
-    options:
-      symbolic_propagation: true

guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml

@@ -84,12 +84,14 @@ rules:
             - pattern: $HTTP. ... .request(...)
             - pattern: $HTTP. ... .get(...)
             - pattern: $HTTP. ... .post(...)
-            - pattern: $HTTP. ... .push(...)
+            - pattern: |
+                $FIRE=$HTTP.child(...)
+                ...
+                $FIRE.push(...)
             - pattern: $HTTP. ... .write(...)
             - pattern: $HTTP(...)
     languages:
       - javascript
       - typescript
     severity: WARNING
-    options:
-      symbolic_propagation: true
+

guarddog/analyzer/sourcecode/npm-obfuscation.yml

@@ -57,8 +57,14 @@ rules:
           - pattern-not-inside: //...
           - pattern-regex: ^(.*?);?[\h]{150,};?.{10,}$
 
+        # Packer
+        - pattern: | 
+            eval(function(...){ 
+            ...
+            $VAR.replace(new RegExp(...),...)
+            ... 
+            }(...))
+
     languages:
       - javascript
     severity: WARNING
-    options: 
-      symbolic_propagation: true

guarddog/analyzer/sourcecode/shady-links.yml

@@ -33,15 +33,15 @@ rules:
             # complete domains: shorteners
             - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(bit\.ly)\b)
             # complete domains: ephimerals,tunnels
-            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(workers\.dev|appdomain\.cloud|ngrok\.io|termbin\.com|localhost\.run|webhook\.site|oastify\.com|burpcollaborator\.(me|net)|trycloudflare\.com)\b)
-            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(oast\.(pro|live|site|online|fun|me)|ply\.gg|pipedream\.net|dnslog\.cn|ngrok-free\.(app|dev))\b)
+            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(workers\.dev|appdomain\.cloud|ngrok\.io|termbin\.com|localhost\.run|webhook\.(site|cool)|oastify\.com|burpcollaborator\.(me|net)|trycloudflare\.com)\b)
+            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(oast\.(pro|live|site|online|fun|me)|ply\.gg|pipedream\.net|dnslog\.cn|webhook-test\.com|typedwebhook\.tools|beeceptor\.com|ngrok-free\.(app|dev))\b)
             # complete domains: exfil
-            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(discord\.com|transfer\.sh|filetransfer\.io|sendspace\.com|backblazeb2\.com|paste\.ee|pastebin\.com|api\.telegram\.org|rentry\.co)\b)
+            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(discord\.com|transfer\.sh|filetransfer\.io|sendspace\.com|backblazeb2\.com|paste\.ee|pastebin\.com|hastebin\.com|ghostbin.site|api\.telegram\.org|rentry\.co)\b)
             # complete domains: intel 
-            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(ipinfo\.io)\b)
+            - pattern-regex: ((?:https?:\/\/)?[^\n\[\/\?#"']*?(ipinfo\.io|checkip\.dyndns\.org|\bip\.me|jsonip\.com|ipify\.org|ifconfig\.me)\b)
 
             # top-level domains
-            - pattern-regex: (https?:\/\/[^\n\[\/\?#"']*?\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream)\/)
+            - pattern-regex: (https?:\/\/[^\n\[\/\?#"']*?\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream|zip)\/)
             # IPv4
             - pattern-regex: (https?:\/\/[^\n\[\/\?#"']*?(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))
             # IPv6

guarddog/ecosystems.py

@@ -5,6 +5,7 @@ class ECOSYSTEM(Enum):
     PYPI = "pypi"
     NPM = "npm"
     GO = "go"
+    GITHUB_ACTION = "github-action"
 
 
 def get_friendly_name(ecosystem: ECOSYSTEM) -> str:
@@ -15,5 +16,7 @@ def get_friendly_name(ecosystem: ECOSYSTEM) -> str:
             return "npm"
         case ECOSYSTEM.GO:
             return "go"
+        case ECOSYSTEM.GITHUB_ACTION:
+            return "GitHub Action"
         case _:
             return ecosystem.value

guarddog/scanners/__init__.py

@@ -1,11 +1,13 @@
 from typing import Optional
 
+from .github_action_project_scanner import GitHubActionDependencyScanner
 from .npm_package_scanner import NPMPackageScanner
 from .npm_project_scanner import NPMRequirementsScanner
 from .pypi_package_scanner import PypiPackageScanner
 from .pypi_project_scanner import PypiRequirementsScanner
 from .go_package_scanner import GoModuleScanner
 from .go_project_scanner import GoDependenciesScanner
+from .github_action_scanner import GithubActionScanner
 from .scanner import PackageScanner, ProjectScanner
 from ..ecosystems import ECOSYSTEM
 
@@ -29,6 +31,8 @@ def get_package_scanner(ecosystem: ECOSYSTEM) -> Optional[PackageScanner]:
             return NPMPackageScanner()
         case ECOSYSTEM.GO:
             return GoModuleScanner()
+        case ECOSYSTEM.GITHUB_ACTION:
+            return GithubActionScanner()
     return None
 
 
@@ -51,4 +55,6 @@ def get_project_scanner(ecosystem: ECOSYSTEM) -> Optional[ProjectScanner]:
             return NPMRequirementsScanner()
         case ECOSYSTEM.GO:
             return GoDependenciesScanner()
+        case ECOSYSTEM.GITHUB_ACTION:
+            return GitHubActionDependencyScanner()
     return None

guarddog/scanners/github_action_project_scanner.py

@@ -0,0 +1,101 @@
+import logging
+from typing import List, Dict, TypedDict
+from typing_extensions import NotRequired
+
+import yaml
+import re
+
+from guarddog.scanners.github_action_scanner import GithubActionScanner
+from guarddog.scanners.scanner import ProjectScanner
+
+log = logging.getLogger("guarddog")
+
+
+class GitHubWorkflowStep(TypedDict):
+    name: NotRequired[str]
+    uses: NotRequired[str]
+
+
+class GitHubWorkflowJob(TypedDict):
+    name: str
+    uses: str
+    runs_on: str
+    steps: List[GitHubWorkflowStep]
+
+
+class GitHubWorkflowFile(TypedDict):
+    name: str
+    jobs: Dict[str, GitHubWorkflowJob]
+
+
+class GitHubAction(TypedDict):
+    name: str
+    ref: str
+
+
+def parse_action_from_step(step: GitHubWorkflowStep) -> GitHubAction | None:
+    """
+    Parses a step in a GitHub workflow file and returns a GitHub action reference if it exists.
+
+    Args:
+        step (GitHubWorkflowStep): Step in a GitHub workflow file
+
+    Returns:
+        GitHubAction | None: GitHub action reference if it exists, None otherwise
+    """
+    if "uses" not in step:
+        return None
+
+    if step["uses"].startswith("/") or step["uses"].startswith("./"):
+        return None
+    parts = step["uses"].split("@", 1)
+    if len(parts) != 2:
+        log.debug(f"Invalid action reference: {step['uses']}")
+        return None
+
+    if re.search(r"^([\w-])+/([\w./-])+$", parts[0]):
+        return GitHubAction(name=parts[0], ref=parts[1])
+    return None
+
+
+class GitHubActionDependencyScanner(ProjectScanner):
+    """
+    Scans all 3rd party actions in a GitHub workflow file.
+    """
+
+    def __init__(self) -> None:
+        super().__init__(GithubActionScanner())
+
+    def parse_requirements(self, raw_requirements: str) -> dict[str, set[str]]:
+        actions = self.parse_workflow_3rd_party_actions(raw_requirements)
+
+        requirements: dict[str, set[str]] = {}
+        for action in actions:
+            repo, version = action["name"], action["ref"]
+            if repo in requirements:
+                requirements[repo].add(version)
+            else:
+                requirements[repo] = {version}
+        return requirements
+
+    def parse_workflow_3rd_party_actions(
+        self, workflow_file: str
+    ) -> List[GitHubAction]:
+        """
+        Parses a GitHub workflow file and returns a list of 3rd party actions
+        used in the workflow.
+
+        Args:
+            workflow_file (str): Contents of the GitHub workflow file
+
+        Returns:
+            List[GitHubAction]: List of 3rd party actions used in the workflow
+        """
+        f: GitHubWorkflowFile = yaml.safe_load(workflow_file)
+        actions = []
+        for job in f.get("jobs", {}).values():
+            for step in job.get("steps", []):
+                action = parse_action_from_step(step)
+                if action:
+                    actions.append(action)
+        return actions

guarddog/scanners/github_action_scanner.py

@@ -0,0 +1,51 @@
+import logging
+import os
+import pathlib
+import typing
+from urllib.parse import urlparse
+
+from guarddog.analyzer.analyzer import Analyzer
+from guarddog.ecosystems import ECOSYSTEM
+from guarddog.scanners.scanner import PackageScanner
+
+log = logging.getLogger("guarddog")
+
+
+class GithubActionScanner(PackageScanner):
+    def __init__(self) -> None:
+        super().__init__(Analyzer(ECOSYSTEM.GITHUB_ACTION))
+
+    def download_and_get_package_info(self, directory: str, package_name: str, version=None) -> typing.Tuple[dict, str]:
+        repo = self._get_repo(package_name)
+        tarball_url = self._get_git_tarball_url(repo, version)
+
+        log.debug(f"Downloading GitHub Action source from {tarball_url}")
+
+        file_extension = pathlib.Path(tarball_url).suffix
+        if file_extension == "":
+            file_extension = ".zip"
+
+        zippath = os.path.join(directory, package_name.replace("/", "-") + file_extension)
+        unzippedpath = zippath.removesuffix(file_extension)
+        self.download_compressed(tarball_url, zippath, unzippedpath)
+
+        return {}, unzippedpath
+
+    def _get_repo(self, url: str) -> str:
+        parsed_url = urlparse(url)
+
+        if parsed_url.hostname and parsed_url.hostname != "github.com":
+            raise ValueError("Invalid GitHub repo URL: " + url)
+
+        path = parsed_url.path.removesuffix(".git").strip("/")
+
+        if path.count("/") != 1:
+            raise ValueError("Invalid GitHub repo name: " + path)
+
+        return path
+
+    def _get_git_tarball_url(self, repo: str, version=None) -> str:
+        if not version:
+            return f"https://api.github.com/repos/{repo}/zipball"
+        else:
+            return f"https://github.com/{repo}/archive/refs/tags/{version}.zip"

{guarddog-2.3.0.dist-info → guarddog-2.5.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: guarddog
-Version: 2.3.0
+Version: 2.5.0
 Summary: GuardDog is a CLI tool to Identify malicious PyPI packages
 License: Apache-2.0
 Author: Ellen Wang
@@ -15,15 +15,15 @@ Requires-Dist: click (>=8.1.3,<9.0.0)
 Requires-Dist: click-option-group (>=0.5.5,<0.6.0)
 Requires-Dist: colorama (>=0.4.6,<0.5.0)
 Requires-Dist: configparser (>=5.3,<8.0)
-Requires-Dist: disposable-email-domains (>=0.0.103,<0.0.115)
+Requires-Dist: disposable-email-domains (>=0.0.103,<0.0.119)
 Requires-Dist: prettytable (>=3.6.0,<4.0.0)
-Requires-Dist: pygit2 (>=1.11,<1.17)
+Requires-Dist: pygit2 (>=1.11,<1.18)
 Requires-Dist: python-dateutil (>=2.8.2,<3.0.0)
 Requires-Dist: python-whois (>=0.8,<0.10)
 Requires-Dist: pyyaml (>=6.0,<7.0)
 Requires-Dist: requests (>=2.29.0,<3.0.0)
 Requires-Dist: semantic-version (>=2.10.0,<3.0.0)
-Requires-Dist: semgrep (==1.97.0)
+Requires-Dist: semgrep (>=1.102.0,<2.0.0)
 Requires-Dist: setuptools (>=70.3,<76.0)
 Requires-Dist: tarsafe (>=0.0.5,<0.0.6)
 Requires-Dist: termcolor (>=2.1.0,<3.0.0)

{guarddog-2.3.0.dist-info → guarddog-2.5.0.dist-info}/RECORD

@@ -1,12 +1,13 @@
 guarddog/__init__.py,sha256=reb53KZG9b1nFmsDxj2fropaOceOCyM9bVMUdmZ2wS8,227
 guarddog/__main__.py,sha256=GEdfW6I6g2c3H7bS0G43E4C-g7kXGUswzDCPFSwPgHY,246
 guarddog/analyzer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-guarddog/analyzer/analyzer.py,sha256=pwzXHgPbpYpfeM-nkzMXl_l0y_3iCaDf2UrD6AvtcOM,13477
-guarddog/analyzer/metadata/__init__.py,sha256=LH4oLBr2vtkGdUXkb8C6JgN35h4NmpswxE7wOOmOdrQ,581
-guarddog/analyzer/metadata/bundled_binary.py,sha256=6YvVcV8MqkTpM4z-kma7wmnMEeXh1nsAnnSJ0Xf0B-Q,2493
+guarddog/analyzer/analyzer.py,sha256=GADeg_zWJYGXYtCv8NJYxIl3QhP204CYFTeJX4QZK2U,14575
+guarddog/analyzer/metadata/__init__.py,sha256=xaN-DlSHgudKDjKkfpNFue8ANmq1QUmEoAvU_Bc2OUo,749
+guarddog/analyzer/metadata/bundled_binary.py,sha256=8i5ZPnyPyaLv6MG3KNMDVAElv5bDCOlnlsDt9SGUFsg,2596
 guarddog/analyzer/metadata/deceptive_author.py,sha256=nuFyQqKpOuBKAJxpgbcjwXt3FVLzdmOg2mioUZ1D2TI,2789
 guarddog/analyzer/metadata/detector.py,sha256=6yGyOK6BW_J-yrInoRlbaKNTC0HudezZABzkn2MnDJc,609
 guarddog/analyzer/metadata/empty_information.py,sha256=etCU6LUdIzE4dS90vin45cjtVGPt963nFPJ_OzikwI4,1166
+guarddog/analyzer/metadata/github_action/__init__.py,sha256=hOtiXKW-v5slzYW2M3k35M_YFfuLm8CNv5MwNSdFYMM,311
 guarddog/analyzer/metadata/go/__init__.py,sha256=apwPnP9D4WEqgtR4RY0YIuFN7oNJXxJE_vYlp0ffRvQ,391
 guarddog/analyzer/metadata/go/typosquatting.py,sha256=8Ln-DoGWto6tnihUPNaQ6qITp7z0tmFVf1BMC6hdMUo,4004
 guarddog/analyzer/metadata/npm/__init__.py,sha256=j1Ng74bb1yD9XHFoYmJPzWL7vYMmLt6c2Lbc8lCqnUI,1326
@@ -29,7 +30,7 @@ guarddog/analyzer/metadata/pypi/potentially_compromised_email_domain.py,sha256=3
 guarddog/analyzer/metadata/pypi/release_zero.py,sha256=GSHap4VSVF9_s3gD95kUD_5eZDHxrqQQoV5aFTgzrCw,716
 guarddog/analyzer/metadata/pypi/repository_integrity_mismatch.py,sha256=HNVEOj3cz43qHD47Chul05vpX_9uhfaPgjo6Q-fuCfA,11635
 guarddog/analyzer/metadata/pypi/single_python_file.py,sha256=CLAWaOJ_JNofGmtuCOT-37saryHeZzZAjfJQp31H6jU,1369
-guarddog/analyzer/metadata/pypi/typosquatting.py,sha256=Cn3r_2apz2rP2UGMggYNmtQlrDCq3ZDS_ix5TVj9FIk,4726
+guarddog/analyzer/metadata/pypi/typosquatting.py,sha256=Lk0MoIfsMw557PrpUxLAynqNhWSjZDSVI7GJPdyvoG8,4718
 guarddog/analyzer/metadata/pypi/unclaimed_maintainer_email_domain.py,sha256=4u3s4Jq51arMznv-_0NwZst40x7jGtLJQIEd3Pp2U30,406
 guarddog/analyzer/metadata/pypi/utils.py,sha256=7ipsnFN1KHcFwU9u1GK8wqINKDCXJ1vQEpTwwZfJFp4,199
 guarddog/analyzer/metadata/release_zero.py,sha256=7cIdReF3TU3XJq6ALemK81tqaG3Cz1HNwwtH65Y9uPU,438
@@ -41,31 +42,33 @@ guarddog/analyzer/metadata/resources/top_pypi_packages.json,sha256=DWSWEOEsZs6Ri
 guarddog/analyzer/metadata/typosquatting.py,sha256=EMtHwKWWEYUs7ikyaPNtXH0FGPNDPDc2IFMZSDiv3Mg,4560
 guarddog/analyzer/metadata/unclaimed_maintainer_email_domain.py,sha256=qy8AZqbVxD1U3Q--h0FYV7lKPFNlhSzfZK0GwjvQxdQ,2343
 guarddog/analyzer/metadata/utils.py,sha256=bOrkELPza4ScUx1DfQxlqU-9DQeA5weISF42c0QCtls,1768
-guarddog/analyzer/sourcecode/__init__.py,sha256=A2mbib72TDZkMIWb94Yq9lf_3xU5WOY_Gva0wHGqObE,3769
+guarddog/analyzer/sourcecode/__init__.py,sha256=6TsFMVYmL3nuAJjBplbAInQp7coldAxz1qdrZvZGcBc,3960
 guarddog/analyzer/sourcecode/clipboard-access.yml,sha256=B36E7xKtAVgwZ29UWtvZa1AJcyfrhvehbLo6tlJqffk,524
 guarddog/analyzer/sourcecode/cmd-overwrite.yml,sha256=l-tE3_G-LqCuCZnHab6v0PpCdMpoHPutBYcijeMZEA0,682
 guarddog/analyzer/sourcecode/code-execution.yml,sha256=gbnbvpnmSCY3Q5BANziWCRA-JXIH2LQ8-5ZaFralqbM,5002
-guarddog/analyzer/sourcecode/dll-hijacking.yml,sha256=GwsOIN8lgmKhMk9IibDm1lHE6roPNYVnTx62Cd470qc,3337
-guarddog/analyzer/sourcecode/download-executable.yml,sha256=8Q1Swughd3xuYA_yYfrWJItJOaZet2-xO8pc5WMCjk8,3055
+guarddog/analyzer/sourcecode/dll-hijacking.yml,sha256=SH1lJ_-EoPfZKrsut9smnEmKPOiXc1c5qzqEBo6ubgQ,3497
+guarddog/analyzer/sourcecode/download-executable.yml,sha256=VuSNkpVh3DxHG7wfep3eAErGsOY9EL_268sNULYbfW4,3361
 guarddog/analyzer/sourcecode/exec-base64.yml,sha256=Wg1jI_ff9I58Xq8gt8wXOQMrwHcPnzkAPyAURxnKHgw,2371
 guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml,sha256=hUxQEsJ4qF_25oMF8pdzAFOzq59m6k28WKz280uyaMg,2264
-guarddog/analyzer/sourcecode/npm-dll-hijacking.yml,sha256=TPIXvWm8Ot9RVtDXWFmoNZw9-3PH7NuXK6x1fQCiRt4,3506
+guarddog/analyzer/sourcecode/npm-dll-hijacking.yml,sha256=1TvI6UtCGCOMy4Ii-kM_oICYbMRGeOYdgXrG7-zmJ_Y,3460
 guarddog/analyzer/sourcecode/npm-exec-base64.yml,sha256=zc5w2FTlHoZ7ot1flzlmYBkQu1I8eG1E63S5Aki7Goc,814
-guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml,sha256=saKpH8qhxS-icKSEgseLhInRbwGo94Zcq4w9hlSBNz0,3462
+guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml,sha256=UYWXdkAab-dg_6UwVjiauHmy-9nlKiF86qcyxAwUoXg,3488
 guarddog/analyzer/sourcecode/npm-install-script.yml,sha256=6BLe_V0SGEi1C79Y-FEIcMYHl4vLOOz8bLPrCU5jre8,1329
-guarddog/analyzer/sourcecode/npm-obfuscation.yml,sha256=FAW9toHYU8adzKv5E68M29OQ4sLO89GwORsXpSr2-50,2026
+guarddog/analyzer/sourcecode/npm-obfuscation.yml,sha256=27lTt_Dy0G_ogD6woktg1t__R77vpOa-_8LJPQ1XU1k,2151
 guarddog/analyzer/sourcecode/npm-serialize-environment.yml,sha256=gFpr58INp44ZwxYZlIHyzpOgbVMDLv1ZRPTGAczX5dw,835
 guarddog/analyzer/sourcecode/npm-silent-process-execution.yml,sha256=qnJHGesNPNpxGa8n2kQMpttLGck-6vZjI_SsweDyk7M,3513
 guarddog/analyzer/sourcecode/npm-steganography.yml,sha256=XH0udcriAQq_6WOHAG4TpIedw8GgKyWx9gsG_Q_Fki8,915
 guarddog/analyzer/sourcecode/obfuscation.yml,sha256=dp0BeCYShcTS8QiijSa9U53r6jkCjrFBW5jjNVoXdUU,1224
-guarddog/analyzer/sourcecode/shady-links.yml,sha256=RuPLPxQh6T0mbkb1QVFvUv9AeENoaxR151qsQ2EaM34,2929
+guarddog/analyzer/sourcecode/shady-links.yml,sha256=Jl2XO6O9vwyhfaj7K3u7-OtB4oQxKcdyb6-_qCrBdUo,3087
 guarddog/analyzer/sourcecode/silent-process-execution.yml,sha256=b6RjenMv7si7lXGak3uMmD7PMtQRuKPeJFggPW6UDNI,418
 guarddog/analyzer/sourcecode/steganography.yml,sha256=3ceO6SJhu4XpZEjfwelLdOxeZ4Ho1OgUjbcacwtOhR0,606
 guarddog/cli.py,sha256=TJT2yxoUokhoDm7P_FF-x0B9zbtxgDou5BFbu4vSWm4,13168
-guarddog/ecosystems.py,sha256=kgM4v5E8PZBQksWgzuWwODS5R7P16klDi1SGWKLy1e0,380
+guarddog/ecosystems.py,sha256=1-emct9cGLU3V0drEdNmGFEmxMEmJHEQOuyOiuuoCGA,489
 guarddog/reporters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 guarddog/reporters/sarif.py,sha256=92HjvASZFyv5otB1qbsUqj6423tNgZbmSQS4qApffAw,5820
-guarddog/scanners/__init__.py,sha256=yEsDvThkIAhFkP59gSCFxYe5HTLmoSzfjAkDrtFT1LY,1628
+guarddog/scanners/__init__.py,sha256=KNZcGjKNPOs60qpOE8Hr_HsiaRIpJLNzA8qbyvebRIk,1924
+guarddog/scanners/github_action_project_scanner.py,sha256=FY5UEIGeQlmyyjh2Z1LDXsHnzfs2gCQ-wIurpbPvXN4,2847
+guarddog/scanners/github_action_scanner.py,sha256=GxhUSetLvT8YxKUIZue9MWOE_IVugM2MdiluOy4f068,1745
 guarddog/scanners/go_package_scanner.py,sha256=OdCbwtjJow9AxEv34z7WBfgTamqKj5DxJh7dly_1NuY,2926
 guarddog/scanners/go_project_scanner.py,sha256=3D5dYSA7FVqc7IIM7uAHlCJZalshP_WhagWmOcYirog,2123
 guarddog/scanners/npm_package_scanner.py,sha256=qBU0tCbW2pTL3cy5Y4JVAJyAGdvb-HY69qSQmjWbPxU,1968
@@ -78,10 +81,10 @@ guarddog/utils/archives.py,sha256=jOXAhxZx-mTtpDidGGKxQg052CvaQOAVklvOeUn9HTQ,25
 guarddog/utils/config.py,sha256=Msz7altsmNKry0vBPtL2BJ_VdBXsBFZX5ksLvXc2ix4,1403
 guarddog/utils/exceptions.py,sha256=23Kzl3exqYK6X-bcGUeb8wPmSglWNX3GIDPkJ6lQzo4,54
 guarddog/utils/package_info.py,sha256=TFjE1xsGNf60SuHlIeDV2pzMUbogl5TKJdSzswat6jI,953
-guarddog-2.3.0.dist-info/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
-guarddog-2.3.0.dist-info/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
-guarddog-2.3.0.dist-info/METADATA,sha256=2uRo486G0w2WROtGFETEOfkVS1XEunCgxhPbQyPb8Po,1424
-guarddog-2.3.0.dist-info/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
-guarddog-2.3.0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
-guarddog-2.3.0.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
-guarddog-2.3.0.dist-info/RECORD,,
+guarddog-2.5.0.dist-info/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
+guarddog-2.5.0.dist-info/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
+guarddog-2.5.0.dist-info/METADATA,sha256=ZqDqDVCnZh05Dgy9jpJ4SKqEX9ltSWJR15Qd5ATC9QI,1432
+guarddog-2.5.0.dist-info/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
+guarddog-2.5.0.dist-info/WHEEL,sha256=XbeZDeTWKc1w7CSIyre5aMDU_-PohRwTQceYnisIYYY,88
+guarddog-2.5.0.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
+guarddog-2.5.0.dist-info/RECORD,,

{guarddog-2.3.0.dist-info → guarddog-2.5.0.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 2.0.1
+Generator: poetry-core 2.1.1
 Root-Is-Purelib: true
 Tag: py3-none-any