repotoire 0.8.0

Graph-powered code analysis CLI. 110 detectors for security, architecture, bus factor, and code quality.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

//! Security detectors — vulnerabilities, injection, auth, crypto.
//!
//! 28 detectors covering OWASP Top 10, taint analysis, and framework-specific security.

mod ast_helpers;
pub(crate) mod dual_branch_annotation;

// Re-export the structural Python "library opt-out" predicate so the
// postprocess pass `demote_param_gated_security_branches` (in
// `cli::analyze::postprocess`) can use it without making `ast_helpers`
// itself public. The helper only depends on tree-sitter so it has no
// outward coupling.
pub(crate) use ast_helpers::{node_at_line, python_param_gated_branch_param_name};

mod cleartext_credentials;
mod command_injection;
mod cors_misconfig;
mod dep_audit;
mod django_security;
mod eval_detector;
mod express_security;
mod gh_actions;
mod hardcoded_ips;
mod insecure_cookie;
mod insecure_crypto;
mod insecure_deserialize;
mod insecure_random;
mod insecure_tls;
mod jwt_weak;
mod log_injection;
mod nosql_injection;
mod path_traversal;
mod pickle_detector;
mod prototype_pollution;
mod python_imports;
mod react_hooks;
mod regex_dos;
mod scan_inputs;
mod secrets;
pub mod sql_injection;
mod ssrf;
pub mod taint;
mod unsafe_template;
mod xss;
mod xxe;

pub use cleartext_credentials::CleartextCredentialsDetector;
pub use command_injection::CommandInjectionDetector;
pub use cors_misconfig::CorsMisconfigDetector;
pub use dep_audit::DepAuditDetector;
pub use django_security::DjangoSecurityDetector;
pub use eval_detector::EvalDetector;
pub use express_security::ExpressSecurityDetector;
pub use gh_actions::GHActionsInjectionDetector;
pub use hardcoded_ips::HardcodedIpsDetector;
pub use insecure_cookie::InsecureCookieDetector;
pub use insecure_crypto::InsecureCryptoDetector;
pub use insecure_deserialize::InsecureDeserializeDetector;
pub use insecure_random::InsecureRandomDetector;
pub use insecure_tls::InsecureTlsDetector;
pub use jwt_weak::JwtWeakDetector;
pub use log_injection::LogInjectionDetector;
pub use nosql_injection::NosqlInjectionDetector;
pub use path_traversal::PathTraversalDetector;
pub use pickle_detector::PickleDeserializationDetector;
pub use prototype_pollution::PrototypePollutionDetector;
pub use react_hooks::ReactHooksDetector;
pub use regex_dos::RegexDosDetector;
pub use secrets::SecretDetector;
pub use sql_injection::SQLInjectionDetector;
pub use ssrf::SsrfDetector;
pub use unsafe_template::UnsafeTemplateDetector;
pub use xss::XssDetector;
pub use xxe::XxeDetector;