MCPcopy Create free account
hub / github.com/SourceCode-AI/aura / analyze

Function analyze

aura/analyzers/pypirc.py:11–54  ·  view source on GitHub ↗

Scans for exposure of credentials inside the `.pypirc` file

(*, location: ScanLocation)

Source from the content-addressed store, hash-verified

9
10@Analyzer.ID("pypirc")
11def analyze(*, location: ScanLocation) -> AnalyzerReturnType:
12 """
13 Scans for exposure of credentials inside the `.pypirc` file
14 """
15 if location.location.name != ".pypirc":
16 return
17 try:
18 pypirc = configparser.ConfigParser()
19 pypirc.read(str(location.location))
20 except configparser.ParsingError:
21 # TODO: generate a detection
22 return
23
24 # Filter on these values, some pregenerated configurations use them and we don't want to generate false positives on these
25 user_blacklist = config.CFG.get("pypirc", {}).get("username_blacklist", [])
26 pwd_blacklist = config.CFG.get("pypirc", {}).get("password_blacklist", [])
27
28 for section_name in pypirc.sections():
29 section = pypirc[section_name]
30
31 if "username" in section and "password" in section:
32 username = section.get("username")
33 password = section.get("password")
34
35 if username in user_blacklist or password in pwd_blacklist:
36 continue
37 elif not (password and username): # Filter blank values
38 continue
39
40 sig = fast_checksum(f"{section_name}#{username}#{password}")
41
42 yield Detection(
43 detection_type="LeakingPyPIrc",
44 message = "Leaking credentials in the `.pypirc` file",
45 signature = f"pypirc#{sig}",
46 location = location.location,
47 score = 100, # TODO: make the score configurable
48 extra = {
49 "section": section_name,
50 "username": username,
51 "password": password
52 },
53 tags = {"sensitive_file", "secrets_leak", "pypirc"}
54 )
55

Callers

nothing calls this directly

Calls 4

fast_checksumFunction · 0.85
DetectionClass · 0.85
readMethod · 0.80
getMethod · 0.80

Tested by

no test coverage detected