guarddog 2.5.0__py3-none-any.whl → 2.7.0__py3-none-any.whl

guarddog/scanners/scanner.py

@@ -2,11 +2,12 @@ import concurrent.futures
 import json
 import logging
 import os
-import sys
 import tempfile
 import typing
 from abc import abstractmethod
 from concurrent.futures import ThreadPoolExecutor
+from dataclasses import dataclass
+from typing import List, Optional, Set, Tuple
 
 import requests
 
@@ -21,183 +22,66 @@ def noop(arg: typing.Any) -> None:
     pass
 
 
-class ProjectScanner:
-    def __init__(self, package_scanner):
-        super().__init__()
-        self.package_scanner = package_scanner
-
-    def _authenticate_by_access_token(self) -> tuple[str, str]:
-        """
-        Gives GitHub authentication through access token
-
-        Returns:
-            tuple[str, str]: username, personal access token
-        """
-
-        user = os.getenv("GIT_USERNAME")
-        personal_access_token = os.getenv("GH_TOKEN")
-        if not user or not personal_access_token:
-            log.error(
-                """WARNING: Please set GIT_USERNAME (Github handle) and GH_TOKEN
-                (generate a personal access token in Github settings > developer)
-                as environment variables before proceeding."""
-            )
-            exit(1)
-        return (user, personal_access_token)
-
-    def scan_requirements(
-        self,
-        requirements: str,
-        rules=None,
-        callback: typing.Callable[[dict], None] = noop,
-    ) -> dict:
-        """
-        Reads the requirements.txt file and scans each possible
-        dependency and version
-
-        Args:
-            requirements (str): contents of requirements.txt file
-            rules: list of rules to apply
-            callback: callback to call for each result
-
-        Returns:
-            dict: mapping of dependencies to scan results
-
-            ex.
-            {
-                ....
-                <dependency-name>: {
-                        issues: ...,
-                        results: {
-                            ...
-                        }
-                    },
-                ...
-            }
-        """
-
-        def scan_single_dependency(dependency, version):
-            log.debug(f"Scanning {dependency} version {version}")
-            result = self.package_scanner.scan_remote(dependency, version, rules)
-            return {"dependency": dependency, "version": version, "result": result}
-
-        dependencies = self.parse_requirements(requirements)
-        num_workers = PARALLELISM
-
-        log.info(
-            f"Scanning using at most {num_workers} parallel worker threads\n"
-        )
-        with ThreadPoolExecutor(max_workers=num_workers) as pool:
-            try:
-                futures: typing.List[concurrent.futures.Future] = []
-                for dependency, versions in dependencies.items():
-                    assert versions is None or len(versions) > 0
-                    if versions is None:
-                        # this will cause scan_remote to use the latest version
-                        futures.append(
-                            pool.submit(scan_single_dependency, dependency, None)
-                        )
-                    else:
-                        futures.extend(
-                            map(
-                                lambda version: pool.submit(
-                                    scan_single_dependency, dependency, version
-                                ),
-                                versions,
-                            )
-                        )
-
-                results = []
-                for future in concurrent.futures.as_completed(futures):
-                    result = future.result()
-                    if callback is not None:
-                        callback(result)
-                    results.append(result)
-            except KeyboardInterrupt:
-                log.warning("Received keyboard interrupt, cancelling scan\n")
-                pool.shutdown(wait=False, cancel_futures=True)
+@dataclass
+class DependencyVersion:
+    """
+    This class represents the identified dependency versions in a project,
+    usually defined in a specification file (requirements.txt, package.json, etc.)
 
-        return results  # type: ignore
+    Attributes:
+        version (str): The version of the dependency. e.g., "1.0.0"
+        location (int): This indicates the line number in the specification file where the dependency is defined.
+    """
 
-    def scan_remote(self, url: str, branch: str, requirements_name: str) -> dict:
-        """
-        Scans remote requirements.txt file
+    version: str  # the version number of the dependency
+    location: int
 
-        Args:
-            url (str): url of the GitHub repo
-            branch (str): branch containing requirements.txt
-            requirements_name (str, optional): name of requirements file.
-                Defaults to "requirements.txt".
+    def __eq__(self, other):
+        if isinstance(other, str):
+            return self.version == other
+        if isinstance(other, DependencyVersion):
+            return self.version == other.version
+        return NotImplemented
 
-        Returns:
-            dict: mapping of dependencies to scan results
+    def __hash__(self):
+        return hash(self.version)
 
-            ex.
-            {
-                ....
-                <dependency-name>: {
-                        issues: ...,
-                        results: {
-                            ...
-                        }
-                    },
-                ...
-            }
-        """
+    def __repr__(self):
+        return f"DependencyVersion({self.version!r})"
 
-        token = self._authenticate_by_access_token()
-        githubusercontent_url = url.replace("github", "raw.githubusercontent")
 
-        req_url = f"{githubusercontent_url}/{branch}/{requirements_name}"
-        resp = requests.get(url=req_url, auth=token)
+@dataclass
+class Dependency:
+    """
+    This class represents a dependency in a project, usually defined in a specification file
 
-        if resp.status_code == 200:
-            return self.scan_requirements(resp.content.decode())
-        else:
-            log.error(
-                f"{req_url} does not exist. Check your link or branch name."
-            )
-            sys.exit(255)
+    Attributes:
+        name (str): The name of the dependency. e.g., "requests"
+        versions (Set[DependencyVersion]): A set of identified versions of the dependency.
+    """
 
-    def scan_local(
-        self, path, rules=None, callback: typing.Callable[[dict], None] = noop
-    ):
-        """
-        Scans a local requirements.txt file
+    name: str
+    versions: Set[DependencyVersion]
 
-        Args:
-            path (str): path to requirements.txt file
-            rules: list of rules to apply
-            callback: callback to call for each result
+    def __eq__(self, other):
+        if isinstance(other, str):
+            return self.name == other
+        if isinstance(other, Dependency):
+            return self.name == other.name
+        return NotImplemented
 
-        Returns:
-            dict: mapping of dependencies to scan results
+    def __repr__(self):
+        return f"Dependency({self.name!r})"
 
-            ex.
-            {
-                ....
-                <dependency-name>: {
-                        issues: ...,
-                        results: {
-                            ...
-                        }
-                    },
-                ...
-            }
-        """
 
-        try:
-            with open(path, "r") as f:
-                return self.scan_requirements(f.read(), rules, callback)
-        except Exception as e:
-            log.error(f"Received {e}")
-            sys.exit(255)
+@dataclass
+class DependencyFile:
+    """
+    This class represents a specification file for a project (requirements.txt, package.json, etc.)
+    """
 
-    @abstractmethod
-    def parse_requirements(
-        self, raw_requirements: str
-    ) -> dict[str, set[str]]:  # returns { package: version }
-        pass
+    file_path: str
+    dependencies: List[Dependency]
 
 
 class PackageScanner:
@@ -324,3 +208,202 @@ class PackageScanner:
         finally:
             log.debug(f"Removing temporary archive file {archive_path}")
             os.remove(archive_path)
+
+
+class ProjectScanner:
+    def __init__(self, package_scanner: PackageScanner):
+        super().__init__()
+        self.package_scanner = package_scanner
+
+    def _authenticate_by_access_token(self) -> tuple[str, str]:
+        """
+        Gives GitHub authentication through access token
+
+        Returns:
+            tuple[str, str]: username, personal access token
+        """
+
+        user = os.getenv("GIT_USERNAME")
+        personal_access_token = os.getenv("GH_TOKEN")
+        if not user or not personal_access_token:
+            log.error(
+                """WARNING: Please set GIT_USERNAME (Github handle) and GH_TOKEN
+                (generate a personal access token in Github settings > developer)
+                as environment variables before proceeding."""
+            )
+            exit(1)
+        return (user, personal_access_token)
+
+    def scan_dependencies(
+        self,
+        dependencies: List[Dependency],
+        rules=None,
+        callback: typing.Callable[[dict], None] = noop,
+    ) -> list[dict]:
+        """
+        scans each possible dependency and version supplied
+
+        Args:
+            dependencies a list of dependencies to scan
+            rules: list of rules to apply
+            callback: callback to call for each result
+
+        Returns:
+            dict: mapping of dependencies to scan results
+
+            ex.
+            {
+                ....
+                <dependency-name>: {
+                        issues: ...,
+                        results: {
+                            ...
+                        }
+                    },
+                ...
+            }
+        """
+
+        def scan_single_dependency(dependency: str, version: Optional[str]) -> dict:
+            log.debug(f"Scanning {dependency} version {version}")
+            result = self.package_scanner.scan_remote(dependency, version, rules)
+            return {"dependency": dependency, "version": version, "result": result}
+
+        num_workers = PARALLELISM
+
+        log.info(f"Scanning using at most {num_workers} parallel worker threads\n")
+        with ThreadPoolExecutor(max_workers=num_workers) as pool:
+            try:
+                futures: typing.List[concurrent.futures.Future] = []
+                for dependency in dependencies:
+                    versions = dependency.versions
+                    if not versions:
+                        # this will cause scan_remote to use the latest version
+                        futures.append(
+                            pool.submit(scan_single_dependency, dependency.name, None)
+                        )
+                    else:
+                        futures.extend(
+                            map(
+                                lambda version: pool.submit(
+                                    scan_single_dependency,
+                                    dependency.name,
+                                    version.version,
+                                ),
+                                versions,
+                            )
+                        )
+
+                results = []
+                for future in concurrent.futures.as_completed(futures):
+                    result = future.result()
+                    if callback is not None:
+                        callback(result)
+                    results.append(result)
+            except KeyboardInterrupt:
+                log.warning("Received keyboard interrupt, cancelling scan\n")
+                pool.shutdown(wait=False, cancel_futures=True)
+
+        return results
+
+    def scan_remote(
+        self, url: str, branch: str, requirements_name: str
+    ) -> tuple[List[Dependency], list[dict]]:
+        """
+        Scans remote requirements.txt file
+
+        Args:
+            url (str): url of the GitHub repo
+            branch (str): branch containing requirements.txt
+            requirements_name (str, optional): name of requirements file.
+                Defaults to "requirements.txt".
+
+        Returns:
+            deps: list of dependencies to scan
+            results: mapping of dependencies to scan results
+            ex.
+            {
+                ....
+                <dependency-name>: {
+                        issues: ...,
+                        results: {
+                            ...
+                        }
+                    },
+                ...
+            }
+        """
+
+        token = self._authenticate_by_access_token()
+        githubusercontent_url = url.replace("github", "raw.githubusercontent")
+        req_url = f"{githubusercontent_url}/{branch}/{requirements_name}"
+        resp = requests.get(url=req_url, auth=token)
+        resp.raise_for_status()
+        dependencies = self.parse_requirements(resp.content.decode())
+        return dependencies, self.scan_dependencies(dependencies)
+
+    def scan_local(
+        self, path, rules=None, callback: typing.Callable[[dict], None] = noop
+    ) -> Tuple[List[DependencyFile], list[dict]]:
+        """
+        Scans a local requirements files (requirements.txt, package.json, etc.)
+
+        Args:
+            path (str): path to requirements file or directory to search
+            rules: list of rules to apply
+            callback: callback to call for each result
+
+        Returns:
+            deps: list of dependencies to scan
+            results: mapping of dependencies to scan results
+            ex.
+            {
+                ....
+                <dependency-name>: {
+                        issues: ...,
+                        results: {
+                            ...
+                        }
+                    },
+                ...
+            }
+
+        """
+
+        requirement_paths = []
+
+        try:
+            if os.path.isfile(path):
+                requirement_paths.append(path)
+            elif os.path.isdir(path):
+                requirement_paths.extend(self.find_requirements(path))
+            else:
+                raise ValueError(f"unable to find file or directory {path}")
+
+            dep_files: List[DependencyFile] = []
+
+            for req in requirement_paths:
+                with open(req, "r") as f:
+                    dep_files.append(
+                        DependencyFile(
+                            file_path=req,
+                            dependencies=self.parse_requirements(f.read()),
+                        )
+                    )
+            deps_to_scan = [d for d_file in dep_files for d in d_file.dependencies]
+            results = self.scan_dependencies(deps_to_scan, rules, callback)
+            return dep_files, results
+        except Exception as e:
+            log.error(f"Error while scanning. Received {e}")
+            raise e
+
+    @abstractmethod
+    def parse_requirements(self, raw_requirements: str) -> List[Dependency]:
+        pass
+
+    @abstractmethod
+    def find_requirements(
+        self,
+        directory: str,
+    ) -> list[str]:  # returns paths of files
+        pass

guarddog/utils/archives.py

@@ -20,6 +20,7 @@ def is_supported_archive(path: str) -> bool:
         bool: Represents the decision reached for the file
 
     """
+
     def is_tar_archive(path: str) -> bool:
         tar_exts = [".bz2", ".bzip2", ".gz", ".gzip", ".tgz", ".xz"]
 
@@ -68,7 +69,7 @@ def safe_extract(source_archive: str, target_directory: str) -> None:
         recurse_add_perms(target_directory)
 
     elif zipfile.is_zipfile(source_archive):
-        with zipfile.ZipFile(source_archive, 'r') as zip:
+        with zipfile.ZipFile(source_archive, "r") as zip:
             for file in zip.namelist():
                 # Note: zip.extract cleans up any malicious file name
                 # such as directory traversal attempts This is not the

guarddog/utils/package_info.py

@@ -25,7 +25,9 @@ def get_package_info(name: str) -> dict:
 
     # Check if package file exists
     if response.status_code != 200:
-        raise Exception("Received status code: " + str(response.status_code) + " from PyPI")
+        raise Exception(
+            "Received status code: " + str(response.status_code) + " from PyPI"
+        )
 
     data = response.json()
 

{guarddog-2.5.0.dist-info → guarddog-2.7.0.dist-info}/METADATA

@@ -1,8 +1,11 @@
-Metadata-Version: 2.3
+Metadata-Version: 2.4
 Name: guarddog
-Version: 2.5.0
-Summary: GuardDog is a CLI tool to Identify malicious PyPI packages
+Version: 2.7.0
+Summary: GuardDog is a CLI tool for identifying malicious open source packages
 License: Apache-2.0
+License-File: LICENSE
+License-File: LICENSE-3rdparty.csv
+License-File: NOTICE
 Author: Ellen Wang
 Requires-Python: >=3.10,<4
 Classifier: License :: OSI Approved :: Apache Software License
@@ -11,23 +14,21 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Requires-Dist: click (>=8.1.3,<9.0.0)
-Requires-Dist: click-option-group (>=0.5.5,<0.6.0)
-Requires-Dist: colorama (>=0.4.6,<0.5.0)
 Requires-Dist: configparser (>=5.3,<8.0)
-Requires-Dist: disposable-email-domains (>=0.0.103,<0.0.119)
+Requires-Dist: disposable-email-domains (>=0.0.103,<0.0.121)
 Requires-Dist: prettytable (>=3.6.0,<4.0.0)
-Requires-Dist: pygit2 (>=1.11,<1.18)
+Requires-Dist: pygit2 (>=1.11,<1.19)
 Requires-Dist: python-dateutil (>=2.8.2,<3.0.0)
 Requires-Dist: python-whois (>=0.8,<0.10)
 Requires-Dist: pyyaml (>=6.0,<7.0)
 Requires-Dist: requests (>=2.29.0,<3.0.0)
 Requires-Dist: semantic-version (>=2.10.0,<3.0.0)
-Requires-Dist: semgrep (>=1.102.0,<2.0.0)
-Requires-Dist: setuptools (>=70.3,<76.0)
+Requires-Dist: semgrep (==1.121.0)
 Requires-Dist: tarsafe (>=0.0.5,<0.0.6)
 Requires-Dist: termcolor (>=2.1.0,<3.0.0)
-Requires-Dist: urllib3 (==2.3.0)
+Requires-Dist: urllib3 (>=2.5.0,<3.0.0)
 Requires-Dist: yara-python (>=4.5.1,<5.0.0)
 Project-URL: Repository, https://github.com/DataDog/guarddog
 Description-Content-Type: text/x-rst

guarddog-2.7.0.dist-info/RECORD

@@ -0,0 +1,100 @@
+guarddog/__init__.py,sha256=reb53KZG9b1nFmsDxj2fropaOceOCyM9bVMUdmZ2wS8,227
+guarddog/__main__.py,sha256=GEdfW6I6g2c3H7bS0G43E4C-g7kXGUswzDCPFSwPgHY,246
+guarddog/analyzer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+guarddog/analyzer/analyzer.py,sha256=eeWbazqGWFJBeT_OHHmEndH3hG_6PMxUajof6T9jutM,15413
+guarddog/analyzer/metadata/__init__.py,sha256=tQTwWanifLsxfCdXIytPCO3chEIiTZ583uqKiQXQOog,855
+guarddog/analyzer/metadata/bundled_binary.py,sha256=Tfgbc-exhbfvYjpgFH_Aa5KtT4ugJhrTV9SavZw1pHs,2594
+guarddog/analyzer/metadata/deceptive_author.py,sha256=CLwntpSNBO4Bji3IEw2lctvNCMLiOxz0pG7KSEzIynM,2811
+guarddog/analyzer/metadata/detector.py,sha256=dFhmoPVtxoed-Lz3Bd8GXZhorOVajvo5sIl9Iw8oCOM,641
+guarddog/analyzer/metadata/empty_information.py,sha256=qswYDOrL3MxJ4VYq893Eiev5y56fgXrk5-CTKVXbkeA,1199
+guarddog/analyzer/metadata/github_action/__init__.py,sha256=hOtiXKW-v5slzYW2M3k35M_YFfuLm8CNv5MwNSdFYMM,311
+guarddog/analyzer/metadata/go/__init__.py,sha256=apwPnP9D4WEqgtR4RY0YIuFN7oNJXxJE_vYlp0ffRvQ,391
+guarddog/analyzer/metadata/go/typosquatting.py,sha256=gU7VK5agC9T4xrWzliMHbcUOf2opw2MtLdMEf8n1_vI,4019
+guarddog/analyzer/metadata/npm/__init__.py,sha256=j1Ng74bb1yD9XHFoYmJPzWL7vYMmLt6c2Lbc8lCqnUI,1326
+guarddog/analyzer/metadata/npm/bundled_binary.py,sha256=vxJLhaTS7wymbktvmfJsF3whz3DWisjdD4wqHlNXvhg,392
+guarddog/analyzer/metadata/npm/deceptive_author.py,sha256=RIBCWK3NjZiTf7tiz2V0ECy2Zr6Uwb69RQwIcWku380,366
+guarddog/analyzer/metadata/npm/direct_url_dependency.py,sha256=hjjTLIT0UVudSf9A9Hory2OAqUkdxoXfKGXDgMtnNso,2449
+guarddog/analyzer/metadata/npm/empty_information.py,sha256=Vpjr5Xe8JB4RIPzM0-BNmiqYiuY42LUbml7Yjig7Rcs,791
+guarddog/analyzer/metadata/npm/npm_metadata_mismatch.py,sha256=Fj9MT7XlO2iXis4Da-_0CmM0weQiv8bVzKUoSm8ntYU,4428
+guarddog/analyzer/metadata/npm/potentially_compromised_email_domain.py,sha256=Sm7fBfzayrbYXOpU5XzeCGKNfcX40hMOCSjKjhKwz-g,1719
+guarddog/analyzer/metadata/npm/release_zero.py,sha256=FNHYfxl52i0V3HydccspcfF82T5L9d3ZyE-_J-UVoS0,633
+guarddog/analyzer/metadata/npm/typosquatting.py,sha256=Roq7KeXO5P7DPtV9WivMhIgEXpBwoANr-nZo7VeGmCc,3146
+guarddog/analyzer/metadata/npm/unclaimed_maintainer_email_domain.py,sha256=B8olfxXiaSM8c47dyftIgxmMVuwg4s7dMuVxrMS0GNE,953
+guarddog/analyzer/metadata/npm/utils.py,sha256=QirjkoXhDcrGfoteh-V717TGq1xpXmvuC9dEp_5bt2s,454
+guarddog/analyzer/metadata/potentially_compromised_email_domain.py,sha256=p2KCIByv4dBNM8h_1xPJgAOL197LLDvSLalZQpsvadg,2960
+guarddog/analyzer/metadata/pypi/__init__.py,sha256=ef2tKnVzJPVy2eLgvBDII77t-zKOCPBOC6dmTCl_XBc,1381
+guarddog/analyzer/metadata/pypi/bundled_binary.py,sha256=J5FqMYPTYnmb2MX9BFextVM5P0IzR522fhWV8TuTYMg,393
+guarddog/analyzer/metadata/pypi/deceptive_author.py,sha256=KRbi7xfGYnEiq0p5HFazjV00a-3tIGe2ogXRvPhz9tI,367
+guarddog/analyzer/metadata/pypi/empty_information.py,sha256=Ppaa_aEIlFJ5VpRtcm2ozlBoRHrTs6CWpPyh82sTM7g,814
+guarddog/analyzer/metadata/pypi/potentially_compromised_email_domain.py,sha256=8zncGNsyfhWe04HRDF54rfP8y--_6l9ze-F-gH97pWo,1774
+guarddog/analyzer/metadata/pypi/release_zero.py,sha256=UNUAFeB34B88N0LRe-tnmoZ3Y4x4AVZbe7m0i9Q3W7U,789
+guarddog/analyzer/metadata/pypi/repository_integrity_mismatch.py,sha256=RB-Wf5Cbuh8KswkcCCHk7BVWvmOJccdHyb4mBjxiLhk,11903
+guarddog/analyzer/metadata/pypi/single_python_file.py,sha256=L-YlmlP1TYA9XBeTHBPfECWgVIPTenUWRRnqwCMyh-o,1402
+guarddog/analyzer/metadata/pypi/typosquatting.py,sha256=hqCBmmKL3_hp36iqsLYYYpqEQZYPQdFcAEpGn5b1F8w,4858
+guarddog/analyzer/metadata/pypi/unclaimed_maintainer_email_domain.py,sha256=zfT0qTyN83O-7Yevc6tYIjmCAgh8Y_dhE6oZlKdNmm0,421
+guarddog/analyzer/metadata/pypi/utils.py,sha256=UtG2JVep8bSOMz5LkrhXqS5Oy7Na19nHVct4IQMsQik,177
+guarddog/analyzer/metadata/release_zero.py,sha256=F0I8coYivya7zns0XI1xNY4LLtTDQXoBUmze1wjwW4g,439
+guarddog/analyzer/metadata/repository_integrity_mismatch.py,sha256=WGvck9JV2iCB8xaOc6X5cEGiu59juSWFfwbf6uEah3E,792
+guarddog/analyzer/metadata/resources/placeholder_email_domains.txt,sha256=o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUc,11
+guarddog/analyzer/metadata/resources/top_go_packages.json,sha256=HHOTcuWTGqlpXDOUgF7ejgmr8sGF_T5l7NQYdXmHcKQ,104044
+guarddog/analyzer/metadata/resources/top_npm_packages.json,sha256=eeqVkFNW8ltYcGbjAJBzZrdxBEKezxa6AVVYoEpFazs,192960
+guarddog/analyzer/metadata/resources/top_pypi_packages.json,sha256=7tN8yUTqbpq3HvNePK9IKrTIEeYblTMHXhUzyOdVN-w,1479906
+guarddog/analyzer/metadata/typosquatting.py,sha256=6xmqsB0oKwrsXfTJ9DE1z8-nUW8ukgk1ZSS32iJmapk,4587
+guarddog/analyzer/metadata/unclaimed_maintainer_email_domain.py,sha256=e-K9mSdph3y33fP_W7LNOlC7AnUVk28a1VfQJtG9vxo,2375
+guarddog/analyzer/metadata/utils.py,sha256=bOrkELPza4ScUx1DfQxlqU-9DQeA5weISF42c0QCtls,1768
+guarddog/analyzer/sourcecode/__init__.py,sha256=031VVi-DqTHxeYiI2mf2AuI76GaNUUyra_t0pRVqo5k,4631
+guarddog/analyzer/sourcecode/api-obfuscation.yml,sha256=y_m6PSh8CfF6nxMulj2Yx4XYxS1T5OO0Eos9WJiDR74,2137
+guarddog/analyzer/sourcecode/clipboard-access.yml,sha256=B36E7xKtAVgwZ29UWtvZa1AJcyfrhvehbLo6tlJqffk,524
+guarddog/analyzer/sourcecode/cmd-overwrite.yml,sha256=l-tE3_G-LqCuCZnHab6v0PpCdMpoHPutBYcijeMZEA0,682
+guarddog/analyzer/sourcecode/code-execution.yml,sha256=YyWBMhcXGzrM6JbXzRTBBFCs7bnoNGPFJJ_FIV2OYtc,5028
+guarddog/analyzer/sourcecode/dll-hijacking.yml,sha256=_lkYp0P4545aiGazC5lRBeCcMHhGWzaK-95zu5MfRLY,3721
+guarddog/analyzer/sourcecode/download-executable.yml,sha256=VuSNkpVh3DxHG7wfep3eAErGsOY9EL_268sNULYbfW4,3361
+guarddog/analyzer/sourcecode/exec-base64.yml,sha256=Wg1jI_ff9I58Xq8gt8wXOQMrwHcPnzkAPyAURxnKHgw,2371
+guarddog/analyzer/sourcecode/exfiltrate-sensitive-data.yml,sha256=hUxQEsJ4qF_25oMF8pdzAFOzq59m6k28WKz280uyaMg,2264
+guarddog/analyzer/sourcecode/go-exec-base64.yml,sha256=Y5TUfLrmU1e5FTYW2zRKwn8yluBARHSXPr6Mr5vMVOY,1554
+guarddog/analyzer/sourcecode/go-exec-download.yml,sha256=ZaZOvn3Xojsd2m8MQGLW1H7p28bPdpEbmDd37q2ZiX4,2931
+guarddog/analyzer/sourcecode/go-exfiltrate-sensitive-data.yml,sha256=sb5GI-523zgE1nxNCrnRVjBSeOp7IfPy7qTQPBJMkco,3697
+guarddog/analyzer/sourcecode/npm-dll-hijacking.yml,sha256=1TvI6UtCGCOMy4Ii-kM_oICYbMRGeOYdgXrG7-zmJ_Y,3460
+guarddog/analyzer/sourcecode/npm-exec-base64.yml,sha256=zc5w2FTlHoZ7ot1flzlmYBkQu1I8eG1E63S5Aki7Goc,814
+guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml,sha256=UYWXdkAab-dg_6UwVjiauHmy-9nlKiF86qcyxAwUoXg,3488
+guarddog/analyzer/sourcecode/npm-install-script.yml,sha256=6BLe_V0SGEi1C79Y-FEIcMYHl4vLOOz8bLPrCU5jre8,1329
+guarddog/analyzer/sourcecode/npm-obfuscation.yml,sha256=UxR5ezKr9sFcXEh2JKa20IYqq25J0JDfje82O3jUYMg,2174
+guarddog/analyzer/sourcecode/npm-serialize-environment.yml,sha256=gFpr58INp44ZwxYZlIHyzpOgbVMDLv1ZRPTGAczX5dw,835
+guarddog/analyzer/sourcecode/npm-silent-process-execution.yml,sha256=qnJHGesNPNpxGa8n2kQMpttLGck-6vZjI_SsweDyk7M,3513
+guarddog/analyzer/sourcecode/npm-steganography.yml,sha256=XH0udcriAQq_6WOHAG4TpIedw8GgKyWx9gsG_Q_Fki8,915
+guarddog/analyzer/sourcecode/obfuscation.yml,sha256=dp0BeCYShcTS8QiijSa9U53r6jkCjrFBW5jjNVoXdUU,1224
+guarddog/analyzer/sourcecode/shady-links.yml,sha256=uDYVWDh0u20oy2zbXTJns64lvrQzLi95CLWgnftvX6Y,3222
+guarddog/analyzer/sourcecode/silent-process-execution.yml,sha256=b6RjenMv7si7lXGak3uMmD7PMtQRuKPeJFggPW6UDNI,418
+guarddog/analyzer/sourcecode/steganography.yml,sha256=3ceO6SJhu4XpZEjfwelLdOxeZ4Ho1OgUjbcacwtOhR0,606
+guarddog/analyzer/sourcecode/suspicious_passwd_access_linux.yar,sha256=kplidsJ-ctg6W58VlYtLq10saZbcD1pm5_Xh4sqmHwk,422
+guarddog/analyzer/sourcecode/unicode.yml,sha256=7fAygEtYwJ1iNKsyCjmLAEu15CLMWApfWXx_t_W3sOA,5596
+guarddog/cli.py,sha256=Pk4WUD5a_TlPRpq2G4v_6FDGWu8IriXQPQ_ft8RXm5o,10692
+guarddog/ecosystems.py,sha256=I1XPAhPuv7OnfZT3z0xcgEecUY1tFJdrklV07sMYffg,582
+guarddog/reporters/__init__.py,sha256=lHNa5ZDsaIpjzS7SmheD5_GGAimGitXU-DNk-Wn97bI,749
+guarddog/reporters/human_readable.py,sha256=WEyjOPdBE8adxC-tdFgwxcyDijsppLk4gIiZOUO69O0,4548
+guarddog/reporters/json.py,sha256=gpbucxGoXBA6s7fNRzhQwZ4P6gWyz7BowsmQrnm4x6U,802
+guarddog/reporters/reporter_factory.py,sha256=JUagC2UFkN2TZGpZIkI1MwMHEbwT9Ja1goQP95-k9SM,1465
+guarddog/reporters/sarif.py,sha256=diOHJcN3CkSBxBDDg6l9DiZ3ebtUNCw0Rwd7QxCpM9k,7691
+guarddog/scanners/__init__.py,sha256=dyBzyKANxTQvyd-oTjgm43gPwRMqB80eOzZ6UFNOuO8,2157
+guarddog/scanners/extension_scanner.py,sha256=YdZ7Ai4U-MC83RJcnoo63m_aylAf3VnylwgvhGK3ktU,4915
+guarddog/scanners/github_action_project_scanner.py,sha256=ISoBqUurwN0lMBtXwcNoalo3ghlbOJkZs9vSNZOT0kk,4216
+guarddog/scanners/github_action_scanner.py,sha256=6lriTel3U7vNmCWBf0SWti9sLCv88RPlP8SVoAgpKJs,1781
+guarddog/scanners/go_package_scanner.py,sha256=OdCbwtjJow9AxEv34z7WBfgTamqKj5DxJh7dly_1NuY,2926
+guarddog/scanners/go_project_scanner.py,sha256=2suZJWvYBhiiBMIQXs38SR04E_Ast50jO44X27gEG10,3349
+guarddog/scanners/npm_package_scanner.py,sha256=ciOvpRViMIQvNFupe5-hdXv65QLU5ObmacRkR2pgp18,2056
+guarddog/scanners/npm_project_scanner.py,sha256=liz5Fyscab53IiSPg0T21Z0vT5eotcHPc_W5Xam4A88,4957
+guarddog/scanners/pypi_package_scanner.py,sha256=ZkuRRbNejnpfFpIHJJ42GH34khiG8CUKWEPvVh_M_uk,2449
+guarddog/scanners/pypi_project_scanner.py,sha256=O91c1UP2iZju84_N7cSE7pWGrY6rKapeUqXEVyKld3A,6435
+guarddog/scanners/scanner.py,sha256=F7FhN-BQWtcTvh_gdhvj-rXYLMslzeTNxPbJsw1he2s,13695
+guarddog/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+guarddog/utils/archives.py,sha256=OJBmRI3Gnr01_dUddI3MuTjXXlEyIjj3aLwffxBfMEc,2594
+guarddog/utils/config.py,sha256=Msz7altsmNKry0vBPtL2BJ_VdBXsBFZX5ksLvXc2ix4,1403
+guarddog/utils/exceptions.py,sha256=23Kzl3exqYK6X-bcGUeb8wPmSglWNX3GIDPkJ6lQzo4,54
+guarddog/utils/package_info.py,sha256=6fHJPeLn6-tHhKHw0Soedfv2ruPd8zhW2kbhlc3Aem0,975
+guarddog-2.7.0.dist-info/METADATA,sha256=GivoRFtvZAPGs4kqFkSePkEvpLgm87j4rqkA7DDz96I,1439
+guarddog-2.7.0.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
+guarddog-2.7.0.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
+guarddog-2.7.0.dist-info/licenses/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
+guarddog-2.7.0.dist-info/licenses/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
+guarddog-2.7.0.dist-info/licenses/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
+guarddog-2.7.0.dist-info/RECORD,,

{guarddog-2.5.0.dist-info → guarddog-2.7.0.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 2.1.1
+Generator: poetry-core 2.2.1
 Root-Is-Purelib: true
 Tag: py3-none-any