Combine multiple popular python security tools and generate reports or output into different formats
Project description
SimpleSecurity
Combine multiple popular python security tools and generate reports or output into different formats
Plugins (these require the plugin executable in the system path. e.g. bandit requires bandit to be in the system path...)
- bandit
- safety
- dodgy
- dlint
Formats
- ansi (for terminal)
- json
- md
- csv
Example Use
See below for the output if you run simplesecurity in this directory
>> simplesecurity
Findings
Find a list of findings below ordered by severity
B602: subprocess_popen_with_shell_equals_true
subprocess call with shell=True identified, security issue.
File: ./simplesecurity/plugins.py
>Severity: High (confidence: High)
>Evidence
Line: 45
44 """
45 with subprocess.Popen(split(command), shell=True, stdout=subprocess.PIPE,
46 stderr=subprocess.STDOUT, universal_newlines=True) as process:
47 out = process.communicate()[0]
DUO116: use of "shell=True" is insecure in "subprocess" module
use of "shell=True" is insecure in "subprocess" module
File: ./simplesecurity/plugins.py
>Severity: Medium (confidence: Medium)
>Evidence
Line: 45
Unknown
B404: blacklist
Consider possible security implications associated with subprocess module.
File: ./simplesecurity/plugins.py
>Severity: Low (confidence: High)
>Evidence
Line: 24
23
24 import subprocess
25 import warnings
Help
usage: __main__.py [-h] [--format FORMAT] [--plugin PLUGIN] [--file FILE]
Combine multiple popular python security tools and generate reports or output into different formats Plugins (these require the
plugin executable in the system path. e.g. bandit requires bandit to be in the system path...) - bandit - safety - dodgy -
dlint Formats - ansi (for terminal) - json - md - csv
optional arguments:
-h, --help show this help message and exit
--format FORMAT, -f FORMAT
Output format. One of ansi, json, md, csv. default=ansi
--plugin PLUGIN, -p PLUGIN
Plugin to use. One of bandit, safety, dodgy, dlint, all, default=all
--file FILE, -o FILE Filename to write to (omit for stdout)
You can also import this into your own project and use any of the functions in the DOCS
Table of Contents
- Example Use
- Changelog
- Install With PIP
- Language information
- Install Python on Windows
- Install Python on Linux
- How to run
- Community Files
Changelog
See the CHANGELOG for more information.
Install With PIP
pip install simplesecurity
Head to https://pypi.org/project/SimpleSecurity/ for more info
Language information
Built for
This program has been written for Python 3 and has been tested with Python version 3.9.0 https://www.python.org/downloads/release/python-380/.
Install Python on Windows
Chocolatey
choco install python
Download
To install Python, go to https://www.python.org/ and download the latest version.
Install Python on Linux
Apt
sudo apt install python3.9
How to run
With VSCode
- Open the .py file in vscode
- Ensure a python 3.9 interpreter is selected (Ctrl+Shift+P > Python:Select Interpreter > Python 3.9)
- Run by pressing Ctrl+F5 (if you are prompted to install any modules, accept)
From the Terminal
./[file].py
Community Files
Licence
MIT License Copyright (c) FredHappyface (See the LICENSE for more information.)
Changelog
See the Changelog for more information.
Code of Conduct
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone. Please see the Code of Conduct for more information.
Contributing
Contributions are welcome, please see the Contributing Guidelines for more information.
Security
Thank you for improving the security of the project, please see the Security Policy for more information.
Support
Thank you for using this project, I hope it is of use to you. Please be aware that those involved with the project often do so for fun along with other commitments (such as work, family, etc). Please see the Support Policy for more information.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file simplesecurity-2020.tar.gz.
File metadata
- Download URL: simplesecurity-2020.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.2 CPython/3.9.0 Windows/10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 80f9ff356fc439c446b2ca3eadc5153eab3d29ff5710e2805e18aa898d26f8e0 |
|
| MD5 | 70ff8004a2fa15d85dc864df24381f81 |
|
| BLAKE2b-256 | 81386ad0516b6f511700c2e4d26c85278f859171891912ba7b294d8621c5eb7f |
File details
Details for the file simplesecurity-2020-py3-none-any.whl.
File metadata
- Download URL: simplesecurity-2020-py3-none-any.whl
- Upload date:
- Size: 9.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.2 CPython/3.9.0 Windows/10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 93c60f85de479f9112de922ee8344547b3ca29d1e7b0a6a8d8d0c26b0ecdf8c1 |
|
| MD5 | b2795fe11c65c62197833b7a47a634c3 |
|
| BLAKE2b-256 | 85c4892baca4a8615cefea4260105052c1379fd26414db2dd93b401ac3c34089 |
