Precaution security static analysis command line

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License
  • Author: Secure Sauce
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Precaution CLI Build and Test Latest Version Python Versions PyPI - Downloads

Precli is the core of the Precaution App and Precaution Action. It also serves as a command line interface to demonstate its functionality. It is designed to do static code analysis of source code with a number of rules covering the standard library for the corresponding programming language.

If your needs go beyond the analysis of just the standard library, consider upgrading to Precaution Professional to get access to finding and fixing security vulnerabilities in third-party libraries. See https://www.securesauce.dev/ for more details.

Quick Start

To install:

pip install precli

Run precli on a single test example:

precli tests/unit/rules/python/stdlib/hmac/examples/hmac_timing_attack.py

Example code:

# level: ERROR
# start_line: 18
# end_line: 18
# start_column: 13
# end_column: 15
import hmac


received_digest = (
    b"\xe2\x93\x08\x19T8\xdc\x80\xef\x87\x90m\x1f\x9d\xf7\xf2"
    b"\xf5\x10>\xdbf\xa2\xaf\xf7x\xcdX\xdf"
)

key = b"my-super-duper-secret-key-string"
password = b"pass"
digest = hmac.digest(key, password, digest="sha224")

print(digest == received_digest)

Example result:

Example output

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License
  • Author: Secure Sauce
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.10

0.7.9

0.7.8

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.13 yanked

Reason this release was yanked:

Doesn't install the tree-sitter-<lang> dependencies properly.

0.5.12

0.5.11

0.5.10

0.5.9

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.14

0.3.13

0.3.12

0.3.11

0.3.10

0.3.9

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.0

0.2.4

0.2.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

precli-0.8.4.tar.gz (424.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

precli-0.8.4-py3-none-any.whl (247.9 kB view details)

Uploaded Python 3

File details

Details for the file precli-0.8.4.tar.gz.

File metadata

  • Download URL: precli-0.8.4.tar.gz
  • Upload date:
  • Size: 424.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for precli-0.8.4.tar.gz
Algorithm Hash digest
SHA256 5756e0899c75042eb8a338f613a2d2f4ccadf089f6365915454c208bedca8fc2
MD5 513b7f058d02a7d773e3d3958c15c4e6
BLAKE2b-256 1f7062fda96545d4dce3a0b92b45775b371d89472c79f03565700a89d2a7d897

See more details on using hashes here.

Provenance

The following attestation bundles were made for precli-0.8.4.tar.gz:

Publisher: publish-to-pypi.yml on securesauce/precli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file precli-0.8.4-py3-none-any.whl.

File metadata

  • Download URL: precli-0.8.4-py3-none-any.whl
  • Upload date:
  • Size: 247.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for precli-0.8.4-py3-none-any.whl
Algorithm Hash digest
SHA256 1c98d44c0bdb217b2885d75663ca273e69f1749f8827f76124e7a090de0651b9
MD5 bd14593119ab14b85d107f4e5629a7c9
BLAKE2b-256 c344d808059b7d5e901dc9699956ac1e8757e7291779e56ec2313bcc7be7595a

See more details on using hashes here.

Provenance

The following attestation bundles were made for precli-0.8.4-py3-none-any.whl:

Publisher: publish-to-pypi.yml on securesauce/precli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page