threatpulse 0.1.0__tar.gz

threatpulse-0.1.0/PKG-INFO

@@ -0,0 +1,73 @@
+Metadata-Version: 2.4
+Name: threatpulse
+Version: 0.1.0
+Summary: Scan your dependencies for weaponized vulnerabilities. Powered by ThreatPulse x402.
+Project-URL: Homepage, https://threatpulse.waltsoft.net
+Project-URL: Repository, https://github.com/awsdataarchitect/threatpulse-cli
+Author-email: WaltSoft <vivek@waltsoft.net>
+License: MIT
+Keywords: cve,devsecops,exploit,sbom,security,vulnerability
+Classifier: Environment :: Console
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Requires-Dist: click>=8.0
+Requires-Dist: requests>=2.28
+Description-Content-Type: text/markdown
+
+# ThreatPulse CLI
+
+Scan your dependencies for **weaponized** vulnerabilities. Powered by [threatpulse.waltsoft.net](https://threatpulse.waltsoft.net).
+
+## Install
+
+```bash
+pip install threatpulse
+```
+
+## Usage
+
+```bash
+# Scan a lockfile
+threatpulse scan --file package-lock.json
+
+# Fail CI if urgency >= 80
+threatpulse scan --threshold 80
+
+# JSON output for piping
+threatpulse scan --format json | jq '.[] | select(.urgency_score > 70)'
+
+# SARIF for GitHub Code Scanning
+threatpulse scan --format sarif > results.sarif
+```
+
+## What makes this different
+
+Unlike Trivy/Snyk/Inspector, ThreatPulse tells you if a CVE is **actively weaponized**:
+
+```
+🔴 CVE-2024-45257   HIGH       weaponized   95   metasploit:exploit/unix/webapp/byob_unauth_rce
+🟡 CVE-2025-1234    MEDIUM     poc          45   github.com/user/CVE-2025-1234
+🟢 CVE-2025-5678    LOW        none         12   no known exploit
+```
+
+## Supported lockfiles
+
+- `package-lock.json` (npm)
+- `requirements.txt` (pip)
+- `Cargo.lock` (Rust)
+- `go.sum` (Go)
+- `Gemfile.lock` (Ruby)
+
+## GitHub Action
+
+```yaml
+- uses: awsdataarchitect/threatpulse-action@v1
+  with:
+    fail-on-urgency: 80
+```
+
+## Links
+
+- API: https://threatpulse.waltsoft.net
+- GitHub: https://github.com/awsdataarchitect/threatpulse-cli

threatpulse-0.1.0/README.md

@@ -0,0 +1,56 @@
+# ThreatPulse CLI
+
+Scan your dependencies for **weaponized** vulnerabilities. Powered by [threatpulse.waltsoft.net](https://threatpulse.waltsoft.net).
+
+## Install
+
+```bash
+pip install threatpulse
+```
+
+## Usage
+
+```bash
+# Scan a lockfile
+threatpulse scan --file package-lock.json
+
+# Fail CI if urgency >= 80
+threatpulse scan --threshold 80
+
+# JSON output for piping
+threatpulse scan --format json | jq '.[] | select(.urgency_score > 70)'
+
+# SARIF for GitHub Code Scanning
+threatpulse scan --format sarif > results.sarif
+```
+
+## What makes this different
+
+Unlike Trivy/Snyk/Inspector, ThreatPulse tells you if a CVE is **actively weaponized**:
+
+```
+🔴 CVE-2024-45257   HIGH       weaponized   95   metasploit:exploit/unix/webapp/byob_unauth_rce
+🟡 CVE-2025-1234    MEDIUM     poc          45   github.com/user/CVE-2025-1234
+🟢 CVE-2025-5678    LOW        none         12   no known exploit
+```
+
+## Supported lockfiles
+
+- `package-lock.json` (npm)
+- `requirements.txt` (pip)
+- `Cargo.lock` (Rust)
+- `go.sum` (Go)
+- `Gemfile.lock` (Ruby)
+
+## GitHub Action
+
+```yaml
+- uses: awsdataarchitect/threatpulse-action@v1
+  with:
+    fail-on-urgency: 80
+```
+
+## Links
+
+- API: https://threatpulse.waltsoft.net
+- GitHub: https://github.com/awsdataarchitect/threatpulse-cli

threatpulse-0.1.0/pyproject.toml

@@ -0,0 +1,26 @@
+[project]
+name = "threatpulse"
+version = "0.1.0"
+description = "Scan your dependencies for weaponized vulnerabilities. Powered by ThreatPulse x402."
+readme = "README.md"
+requires-python = ">=3.9"
+license = {text = "MIT"}
+authors = [{name = "WaltSoft", email = "vivek@waltsoft.net"}]
+dependencies = ["requests>=2.28", "click>=8.0"]
+keywords = ["security", "vulnerability", "cve", "exploit", "sbom", "devsecops"]
+classifiers = [
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+    "Environment :: Console",
+]
+
+[project.urls]
+Homepage = "https://threatpulse.waltsoft.net"
+Repository = "https://github.com/awsdataarchitect/threatpulse-cli"
+
+[project.scripts]
+threatpulse = "threatpulse.cli:main"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"

threatpulse-0.1.0/threatpulse/__init__.py

@@ -0,0 +1 @@
+"""ThreatPulse — weaponized vulnerability intelligence for your pipeline."""

threatpulse-0.1.0/threatpulse/cli.py

@@ -0,0 +1,163 @@
+"""ThreatPulse CLI — scan lockfiles for weaponized vulnerabilities."""
+
+import json
+import sys
+from pathlib import Path
+
+import click
+import requests
+
+API_BASE = "https://threatpulse.waltsoft.net"
+
+
+def parse_lockfile(path: str) -> list[str]:
+    """Extract package names from lockfiles."""
+    p = Path(path)
+    content = p.read_text()
+
+    if p.name == "package-lock.json":
+        data = json.loads(content)
+        deps = data.get("packages", data.get("dependencies", {}))
+        return [k.split("node_modules/")[-1] for k in deps if k]
+
+    if p.name in ("requirements.txt", "constraints.txt"):
+        return [l.split("==")[0].split(">=")[0].split("~=")[0].strip()
+                for l in content.splitlines() if l.strip() and not l.startswith("#")]
+
+    if p.name == "Cargo.lock":
+        return [l.split('"')[1] for l in content.splitlines() if l.startswith('name = "')]
+
+    if p.name in ("go.sum", "go.mod"):
+        return [l.split()[0] for l in content.splitlines()
+                if l.strip() and not l.startswith("module") and not l.startswith("go ")]
+
+    if p.name == "Gemfile.lock":
+        return [l.strip().split()[0] for l in content.splitlines()
+                if l.startswith("    ") and not l.strip().startswith("(")]
+
+    # Fallback: one package per line
+    return [l.strip() for l in content.splitlines() if l.strip()]
+
+
+def scan_packages(packages: list[str], threshold: int, payment_key: str | None) -> list[dict]:
+    """Call ThreatPulse /v1/scan endpoint."""
+    headers = {}
+    if payment_key:
+        headers["X-Payment-Proof"] = payment_key
+
+    resp = requests.post(f"{API_BASE}/v1/scan", json={"packages": packages}, headers=headers)
+
+    if resp.status_code == 402:
+        # Show pricing info for free tier users
+        click.echo("⚡ Free tier: showing cached results only. Set THREATPULSE_KEY for full access.", err=True)
+        return []
+
+    if resp.status_code != 200:
+        click.echo(f"Error: {resp.status_code} {resp.text}", err=True)
+        return []
+
+    return resp.json().get("vulnerabilities", [])
+
+
+URGENCY_COLORS = {
+    "CRITICAL": "red",
+    "HIGH": "yellow",
+    "MEDIUM": "cyan",
+    "LOW": "green",
+}
+
+EXPLOIT_ICONS = {
+    "weaponized": "🔴",
+    "poc": "🟡",
+    "none": "🟢",
+}
+
+
+@click.command()
+@click.argument("path", default=".")
+@click.option("--file", "-f", help="Lockfile path (auto-detected if not specified)")
+@click.option("--threshold", "-t", default=0, help="Fail if any CVE urgency >= threshold")
+@click.option("--format", "fmt", type=click.Choice(["table", "json", "sarif"]), default="table")
+@click.option("--key", envvar="THREATPULSE_KEY", help="Payment key (or set THREATPULSE_KEY env)")
+def main(path: str, file: str | None, threshold: int, fmt: str, key: str | None):
+    """Scan dependencies for weaponized vulnerabilities.
+
+    \b
+    Examples:
+      threatpulse scan .
+      threatpulse scan --file package-lock.json --threshold 80
+      threatpulse scan --format json | jq '.[] | select(.urgency_score > 70)'
+    """
+    # Find lockfile
+    if file:
+        lockfile = file
+    else:
+        p = Path(path)
+        candidates = ["package-lock.json", "yarn.lock", "requirements.txt",
+                      "Cargo.lock", "go.sum", "Gemfile.lock", "pnpm-lock.yaml"]
+        lockfile = next((str(p / c) for c in candidates if (p / c).exists()), None)
+        if not lockfile:
+            click.echo("No lockfile found. Use --file to specify.", err=True)
+            sys.exit(1)
+
+    click.echo(f"📦 Scanning {lockfile}...", err=True)
+    packages = parse_lockfile(lockfile)
+    click.echo(f"   Found {len(packages)} packages", err=True)
+
+    vulns = scan_packages(packages, threshold, key)
+
+    if not vulns:
+        click.echo("✅ No known vulnerabilities found.", err=True)
+        sys.exit(0)
+
+    # Sort by urgency
+    vulns.sort(key=lambda v: v.get("urgency_score", 0), reverse=True)
+
+    if fmt == "json":
+        click.echo(json.dumps(vulns, indent=2))
+    elif fmt == "sarif":
+        click.echo(json.dumps(to_sarif(vulns), indent=2))
+    else:
+        # Table output
+        click.echo(f"\n{'CVE':<20} {'Severity':<10} {'Exploit':<12} {'Urgency':<8} {'Package'}", err=True)
+        click.echo("─" * 75, err=True)
+        for v in vulns:
+            icon = EXPLOIT_ICONS.get(v.get("exploit_status", "none"), "⚪")
+            sev = v.get("severity", "?")
+            color = URGENCY_COLORS.get(sev, "white")
+            click.echo(
+                f"{icon} {v.get('cve_id', '?'):<18} "
+                f"{click.style(sev, fg=color):<19} "
+                f"{v.get('exploit_status', '?'):<12} "
+                f"{v.get('urgency_score', '?'):<8} "
+                f"{', '.join(v.get('affected_products', [])[:2])}"
+            , err=True)
+
+    # Exit code based on threshold
+    max_urgency = max((v.get("urgency_score", 0) for v in vulns), default=0)
+    if threshold > 0 and max_urgency >= threshold:
+        click.echo(f"\n❌ FAILED: urgency {max_urgency} >= threshold {threshold}", err=True)
+        sys.exit(1)
+
+    click.echo(f"\n⚠️  {len(vulns)} vulnerabilities found (max urgency: {max_urgency})", err=True)
+
+
+def to_sarif(vulns: list[dict]) -> dict:
+    """Convert to SARIF format for GitHub Code Scanning."""
+    return {
+        "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
+        "version": "2.1.0",
+        "runs": [{
+            "tool": {"driver": {"name": "ThreatPulse", "version": "0.1.0",
+                "informationUri": "https://threatpulse.waltsoft.net"}},
+            "results": [{
+                "ruleId": v.get("cve_id", ""),
+                "level": "error" if v.get("urgency_score", 0) >= 70 else "warning",
+                "message": {"text": f"{v.get('cve_id')}: {v.get('exploit_status')} (urgency {v.get('urgency_score')})"},
+            } for v in vulns],
+        }],
+    }
+
+
+if __name__ == "__main__":
+    main()