websec-validator 0.4.1__tar.gz → 0.4.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. {websec_validator-0.4.1/src/websec_validator.egg-info → websec_validator-0.4.2}/PKG-INFO +9 -3
  2. {websec_validator-0.4.1 → websec_validator-0.4.2}/README.md +8 -2
  3. {websec_validator-0.4.1 → websec_validator-0.4.2}/pyproject.toml +1 -1
  4. {websec_validator-0.4.1 → websec_validator-0.4.2/src/websec_validator.egg-info}/PKG-INFO +9 -3
  5. {websec_validator-0.4.1 → websec_validator-0.4.2}/LICENSE +0 -0
  6. {websec_validator-0.4.1 → websec_validator-0.4.2}/setup.cfg +0 -0
  7. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/__init__.py +0 -0
  8. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/briefing.py +0 -0
  9. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/calibration.json +0 -0
  10. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/calibration.py +0 -0
  11. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/cli.py +0 -0
  12. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/constitution.py +0 -0
  13. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/corpus.json +0 -0
  14. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/dynamic.py +0 -0
  15. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/__init__.py +0 -0
  16. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/auth.py +0 -0
  17. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/authz.py +0 -0
  18. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/base.py +0 -0
  19. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/client_exposure.py +0 -0
  20. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/client_integrity.py +0 -0
  21. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/graphql.py +0 -0
  22. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/iac_ci.py +0 -0
  23. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/integrations.py +0 -0
  24. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/pii_exposure.py +0 -0
  25. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/policy_consistency.py +0 -0
  26. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/routes.py +0 -0
  27. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/schemas.py +0 -0
  28. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/stack.py +0 -0
  29. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/surface.py +0 -0
  30. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/tenant.py +0 -0
  31. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/extractors/upload_security.py +0 -0
  32. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/findings.py +0 -0
  33. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/probes.py +0 -0
  34. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/proof.py +0 -0
  35. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/recon.py +0 -0
  36. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/report.py +0 -0
  37. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/rules/error-stack-disclosure.yml +0 -0
  38. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/rules/insecure-default-secret.yml +0 -0
  39. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/scanners.py +0 -0
  40. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/_lib.py +0 -0
  41. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/appsync-cswsh.sh +0 -0
  42. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/appsync-introspection.sh +0 -0
  43. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/appsync-subscription-bola.sh +0 -0
  44. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/bola-cross-tenant.sh +0 -0
  45. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/bola-write-verbs.py +0 -0
  46. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/client-integrity-checklist.sh +0 -0
  47. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/compare-roles.sh +0 -0
  48. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/dlp-bypass-offline.py +0 -0
  49. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/error-disclosure-probe.sh +0 -0
  50. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/forged-token.sh +0 -0
  51. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/hs256-brute-force.py +0 -0
  52. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/jwt-attacks.sh +0 -0
  53. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/mass-assignment.py +0 -0
  54. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/password-reuse.sh +0 -0
  55. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/pii-output-diff.sh +0 -0
  56. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/race-conditions.py +0 -0
  57. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/rate-limit-burst.sh +0 -0
  58. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/s3-assess.sh +0 -0
  59. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/ssrf-probes.sh +0 -0
  60. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/unauth-baseline.sh +0 -0
  61. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/upload-matrix.sh +0 -0
  62. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/probes/webhook-forgery.py +0 -0
  63. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/reports/FINDINGS-SUMMARY.md.template +0 -0
  64. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/reports/access-control-matrix.md.template +0 -0
  65. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/reports/findings-triage.md.template +0 -0
  66. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/reports/pentest-handover-brief.md.template +0 -0
  67. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator/templates/reports/per-tool-FINDINGS.md.template +0 -0
  68. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator.egg-info/SOURCES.txt +0 -0
  69. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator.egg-info/dependency_links.txt +0 -0
  70. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator.egg-info/entry_points.txt +0 -0
  71. {websec_validator-0.4.1 → websec_validator-0.4.2}/src/websec_validator.egg-info/top_level.txt +0 -0
  72. {websec_validator-0.4.1 → websec_validator-0.4.2}/tests/test_hardening.py +0 -0
  73. {websec_validator-0.4.1 → websec_validator-0.4.2}/tests/test_pentest_regressions.py +0 -0
  74. {websec_validator-0.4.1 → websec_validator-0.4.2}/tests/test_recon.py +0 -0
{websec_validator-0.4.1/src/websec_validator.egg-info → websec_validator-0.4.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: websec-validator
3
- Version: 0.4.1
3
+ Version: 0.4.2
4
4
  Summary: Local-first security recon that briefs your AI coding agent: facts + tailored probe scripts, code-in / artifacts-out. No LLM, no server, no running app.
5
5
  Author: Ricardo Accioly
6
6
  License: MIT
@@ -12,6 +12,8 @@ Dynamic: license-file
12
12
 
13
13
  # websec-validator
14
14
 
15
+ <!-- docguard:quality negation-load off — "no LLM / no server / no running app / not a SaaS / never touches prod" is this tool's core positioning; defining it by contrast with the scanners-and-SaaS it deliberately is NOT is intentional, not a phrasing defect. -->
16
+
15
17
  > Local-first security recon that **briefs your AI coding agent**. It does the deterministic
16
18
  > half — read the repo, map the full attack surface, run + de-duplicate the static scanners, and
17
19
  > stage a probe library tailored to what it found — then hands your agent (Claude Code, Codex,
@@ -69,7 +71,7 @@ docker run --rm --user "$(id -u):$(id -g)" -v "$PWD:/scan" websec-validator run
69
71
  The image carries Noir + Trivy + Gitleaks + Semgrep + Checkov; mount your repo at `/scan` and the
70
72
  artifacts land in `/scan/websec-out`.
71
73
 
72
- ## Use
74
+ ## Usage
73
75
 
74
76
  ```bash
75
77
  websec run ./my-app # ← the one command: recon + stage tailored probes + emit the briefing
@@ -182,7 +184,7 @@ upload, cross-tenant BOLA, role/authz gaps).
182
184
  ## Tests
183
185
 
184
186
  ```bash
185
- python3 -m unittest discover -s tests # stdlib only, no Noir/network — 23 tests
187
+ python3 -m unittest discover -s tests # stdlib only, no Noir/network — 103 tests
186
188
  ```
187
189
 
188
190
  ## Releasing (maintainer)
@@ -259,3 +261,7 @@ works the findings with you. For other agents the universal interface is unchang
259
261
 
260
262
  Methodology + probe library are distilled from a real authenticated penetration-testing pass.
261
263
  This tool productizes that hand-written methodology into something an AI agent can run on any repo.
264
+
265
+ ## License
266
+
267
+ [MIT](LICENSE) © Ricardo Accioly
{websec_validator-0.4.1 → websec_validator-0.4.2}/README.md RENAMED
@@ -1,5 +1,7 @@
1
1
  # websec-validator
2
2
 
3
+ <!-- docguard:quality negation-load off — "no LLM / no server / no running app / not a SaaS / never touches prod" is this tool's core positioning; defining it by contrast with the scanners-and-SaaS it deliberately is NOT is intentional, not a phrasing defect. -->
4
+
3
5
  > Local-first security recon that **briefs your AI coding agent**. It does the deterministic
4
6
  > half — read the repo, map the full attack surface, run + de-duplicate the static scanners, and
5
7
  > stage a probe library tailored to what it found — then hands your agent (Claude Code, Codex,
@@ -57,7 +59,7 @@ docker run --rm --user "$(id -u):$(id -g)" -v "$PWD:/scan" websec-validator run
57
59
  The image carries Noir + Trivy + Gitleaks + Semgrep + Checkov; mount your repo at `/scan` and the
58
60
  artifacts land in `/scan/websec-out`.
59
61
 
60
- ## Use
62
+ ## Usage
61
63
 
62
64
  ```bash
63
65
  websec run ./my-app # ← the one command: recon + stage tailored probes + emit the briefing
@@ -170,7 +172,7 @@ upload, cross-tenant BOLA, role/authz gaps).
170
172
  ## Tests
171
173
 
172
174
  ```bash
173
- python3 -m unittest discover -s tests # stdlib only, no Noir/network — 23 tests
175
+ python3 -m unittest discover -s tests # stdlib only, no Noir/network — 103 tests
174
176
  ```
175
177
 
176
178
  ## Releasing (maintainer)
@@ -247,3 +249,7 @@ works the findings with you. For other agents the universal interface is unchang
247
249
 
248
250
  Methodology + probe library are distilled from a real authenticated penetration-testing pass.
249
251
  This tool productizes that hand-written methodology into something an AI agent can run on any repo.
252
+
253
+ ## License
254
+
255
+ [MIT](LICENSE) © Ricardo Accioly
{websec_validator-0.4.1 → websec_validator-0.4.2}/pyproject.toml RENAMED
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "websec-validator"
7
- version = "0.4.1"
7
+ version = "0.4.2"
8
8
  description = "Local-first security recon that briefs your AI coding agent: facts + tailored probe scripts, code-in / artifacts-out. No LLM, no server, no running app."
9
9
  readme = "README.md"
10
10
  requires-python = ">=3.11"
{websec_validator-0.4.1 → websec_validator-0.4.2/src/websec_validator.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: websec-validator
3
- Version: 0.4.1
3
+ Version: 0.4.2
4
4
  Summary: Local-first security recon that briefs your AI coding agent: facts + tailored probe scripts, code-in / artifacts-out. No LLM, no server, no running app.
5
5
  Author: Ricardo Accioly
6
6
  License: MIT
@@ -12,6 +12,8 @@ Dynamic: license-file
12
12
 
13
13
  # websec-validator
14
14
 
15
+ <!-- docguard:quality negation-load off — "no LLM / no server / no running app / not a SaaS / never touches prod" is this tool's core positioning; defining it by contrast with the scanners-and-SaaS it deliberately is NOT is intentional, not a phrasing defect. -->
16
+
15
17
  > Local-first security recon that **briefs your AI coding agent**. It does the deterministic
16
18
  > half — read the repo, map the full attack surface, run + de-duplicate the static scanners, and
17
19
  > stage a probe library tailored to what it found — then hands your agent (Claude Code, Codex,
@@ -69,7 +71,7 @@ docker run --rm --user "$(id -u):$(id -g)" -v "$PWD:/scan" websec-validator run
69
71
  The image carries Noir + Trivy + Gitleaks + Semgrep + Checkov; mount your repo at `/scan` and the
70
72
  artifacts land in `/scan/websec-out`.
71
73
 
72
- ## Use
74
+ ## Usage
73
75
 
74
76
  ```bash
75
77
  websec run ./my-app # ← the one command: recon + stage tailored probes + emit the briefing
@@ -182,7 +184,7 @@ upload, cross-tenant BOLA, role/authz gaps).
182
184
  ## Tests
183
185
 
184
186
  ```bash
185
- python3 -m unittest discover -s tests # stdlib only, no Noir/network — 23 tests
187
+ python3 -m unittest discover -s tests # stdlib only, no Noir/network — 103 tests
186
188
  ```
187
189
 
188
190
  ## Releasing (maintainer)
@@ -259,3 +261,7 @@ works the findings with you. For other agents the universal interface is unchang
259
261
 
260
262
  Methodology + probe library are distilled from a real authenticated penetration-testing pass.
261
263
  This tool productizes that hand-written methodology into something an AI agent can run on any repo.
264
+
265
+ ## License
266
+
267
+ [MIT](LICENSE) © Ricardo Accioly