guarddog 2.5.0__py3-none-any.whl → 2.6.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. guarddog/analyzer/analyzer.py +12 -2
  2. guarddog/analyzer/metadata/resources/top_pypi_packages.json +43984 -15984
  3. guarddog/analyzer/sourcecode/go-exec-base64.yml +40 -0
  4. guarddog/analyzer/sourcecode/go-exec-download.yml +85 -0
  5. guarddog/analyzer/sourcecode/go-exfiltrate-sensitive-data.yml +85 -0
  6. guarddog/analyzer/sourcecode/npm-obfuscation.yml +2 -1
  7. guarddog/analyzer/sourcecode/shady-links.yml +2 -0
  8. guarddog/cli.py +33 -107
  9. guarddog/reporters/__init__.py +28 -0
  10. guarddog/reporters/human_readable.py +138 -0
  11. guarddog/reporters/json.py +28 -0
  12. guarddog/reporters/reporter_factory.py +50 -0
  13. guarddog/reporters/sarif.py +179 -173
  14. guarddog/scanners/github_action_project_scanner.py +47 -8
  15. guarddog/scanners/go_project_scanner.py +42 -5
  16. guarddog/scanners/npm_project_scanner.py +54 -10
  17. guarddog/scanners/pypi_project_scanner.py +60 -19
  18. guarddog/scanners/scanner.py +247 -165
  19. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/METADATA +3 -3
  20. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/RECORD +25 -19
  21. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/WHEEL +1 -1
  22. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/LICENSE +0 -0
  23. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/LICENSE-3rdparty.csv +0 -0
  24. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/NOTICE +0 -0
  25. {guarddog-2.5.0.dist-info → guarddog-2.6.0.dist-info}/entry_points.txt +0 -0
guarddog/analyzer/analyzer.py CHANGED
@@ -13,9 +13,12 @@ from guarddog.analyzer.sourcecode import get_sourcecode_rules, SempgrepRule, Yar
13
13
  from guarddog.utils.config import YARA_EXT_EXCLUDE
14
14
  from guarddog.ecosystems import ECOSYSTEM
15
15
 
16
- SEMGREP_MAX_TARGET_BYTES = 10_000_000
17
- SOURCECODE_RULES_PATH = os.path.join(os.path.dirname(__file__), "sourcecode")
16
+ MAX_BYTES_DEFAULT = 10_000_000
17
+ SEMGREP_TIMEOUT_DEFAULT = 10
18
18
 
19
+ SOURCECODE_RULES_PATH = os.path.join(
20
+ os.path.dirname(__file__), "sourcecode"
21
+ )
19
22
  log = logging.getLogger("guarddog")
20
23
 
21
24
 
@@ -274,12 +277,17 @@ class Analyzer:
274
277
 
275
278
  def _invoke_semgrep(self, target: str, rules: Iterable[str]):
276
279
  try:
280
+ SEMGREP_MAX_TARGET_BYTES = int(
281
+ os.getenv("GUARDDOG_SEMGREP_MAX_TARGET_BYTES", MAX_BYTES_DEFAULT))
282
+ SEMGREP_TIMEOUT = int(
283
+ os.getenv("GUARDDOG_SEMGREP_TIMEOUT", SEMGREP_TIMEOUT_DEFAULT))
277
284
  cmd = ["semgrep"]
278
285
  for rule in rules:
279
286
  cmd.extend(["--config", rule])
280
287
 
281
288
  for excluded in self.exclude:
282
289
  cmd.append(f"--exclude='{excluded}'")
290
+ cmd.append(f"--timeout={SEMGREP_TIMEOUT}")
283
291
  cmd.append("--no-git-ignore")
284
292
  cmd.append("--json")
285
293
  cmd.append("--quiet")
@@ -302,6 +310,8 @@ output: {e.output}
302
310
  raise Exception(error_message)
303
311
  except json.JSONDecodeError as e:
304
312
  raise Exception("unable to parse semgrep JSON output: " + str(e))
313
+ except ValueError as e:
314
+ raise Exception("Invalid environment variable value: " + str(e))
305
315
 
306
316
  def _format_semgrep_response(self, response, rule=None, targetpath=None):
307
317
  """