A secure Python pre-validation library for AI/ML playgrounds that purifies code.
Project description
PuriPy Security Validator
A fast, comprehensive security validation system for Python code, designed to perform pre-execution security checks in cloud environments. This tool helps reduce costs and latency by validating code before spinning up sandbox VMs.
Overview
The PuriPy Security Validator provides a robust first line of defense for environments that execute arbitrary Python code. It performs quick security and syntax validation before committing resources to full sandbox execution, helping to:
- Reduce costs by catching issues before VM provisioning
- Minimize latency by failing fast on problematic code
- Prevent common security vulnerabilities
- Validate code structure and dependencies
Key Features
- Fast preliminary security validation
- Comprehensive static code analysis
- Multi-tool security scanning
- Parallel tool execution for speed
- Configurable security policies
- Dependency analysis and validation
- Support for popular data science libraries
- Detailed security reports
Architecture
The system consists of three main components:
-
FastSecurityAPI (
security_api.py)- Quick validation interface
- Security policy enforcement
- Execution policy decisions
-
CodeValidator (
security_validator.py)- Comprehensive code analysis
- External tool integration
- Parallel security scanning
- Detailed report generation
-
UnifiedSecurityVisitor (
security.py)- AST-based code analysis
- Security rule enforcement
- Vulnerability detection
Installation
pip install puripy
# Install required dependencies
pip install -r requirements.txt
If editing the package, install in editable mode:
git clone https://github.com/ndavidson19/PyPurify
pip install -e .
Usage
Basic Usage
from puripy import FastSecurityAPI
api = FastSecurityAPI()
result = api.validate_code(code)
print(f"Validation Result: {result.result}")
print(f"Message: {result.message}")
print(f"Execution Policy: {result.execution_policy}")
Command Line Usage
python security_validator.py path/to/code.py --json
Security Checks
The validator performs multiple levels of security checks:
1. Quick Checks
- Syntax validation
- Code size limits
- Blocked imports
- Dangerous function calls
- Known vulnerability patterns
2. Comprehensive Analysis
- Static code analysis
- Dependency scanning
- Security vulnerability detection
- Style and quality checks
- Custom security rules
3. Tool Integration
- Bandit (security scanner)
- Flake8 (style checker)
- MyPy (type checker)
- Pylint (code analysis)
- Custom security tools
Security Policies
Three levels of execution policies:
ALLOW: Code passes all security checksALLOW_WITH_MONITORING: Code requires runtime monitoringBLOCKED: Code contains security violations
Allowed Libraries
The system maintains a whitelist of common data science and analysis libraries:
- pandas, numpy, scipy
- sklearn, tensorflow, torch
- matplotlib, seaborn
- nltk, spacy, transformers
- Standard Python libraries
Configuration
Security rules can be configured through the SecurityConfig class:
from security import SecurityConfig
config = SecurityConfig()
config.BLOCKED_IMPORTS.add('dangerous_module')
config.DANGEROUS_FUNCTIONS.add('risky_function')
Response Format
@dataclass
class CodeValidationResponse:
result: ValidationResult
message: str
details: Optional[List[str]]
line_numbers: Optional[List[int]]
execution_policy: Optional[ExecutionPolicy]
Best Practices
- Always run in fast mode first for quick validation
- Use parallel tool execution for larger codebases
- Configure security rules based on your environment
- Monitor and log validation results
- Update security rules regularly
Limitations
- Cannot catch all runtime security issues
- Some false positives in security detection
- Limited to Python code analysis
- Requires external tool installation
- May miss sophisticated attack vectors
Contributing
- Fork the repository
- Create a feature branch
- Add tests for new features
- Submit a pull request
License
MIT License - See LICENSE file for details
Support
For issues and feature requests, please create an issue in the repository.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file puripy-0.1.0.tar.gz.
File metadata
- Download URL: puripy-0.1.0.tar.gz
- Upload date:
- Size: 16.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
10bf58a32cd2181fae542750907d5a399f18b207cca794c5b0d4068850c66e49
|
|
| MD5 |
ace7299936f1409bc1401c003bc4b40c
|
|
| BLAKE2b-256 |
38efc99e17779897a4ebdb277dc039a5231227f8020ae387815dac92bdd21762
|
File details
Details for the file PuriPy-0.1.0-py3-none-any.whl.
File metadata
- Download URL: PuriPy-0.1.0-py3-none-any.whl
- Upload date:
- Size: 16.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
78d86bd2fe664946f62b281f3c285719824d70fe77f276fc74f7bdb3b8b62595
|
|
| MD5 |
0234c31431f2b854bd82345ea641a937
|
|
| BLAKE2b-256 |
4191ac20f9693f37baedf05930dd9732ecf400641b29ff7c76d517fba4b32bfc
|
