From fe00c5d2b2ab3c8994018b5cc12b892c17c27004 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 29 Jan 2024 20:09:25 -0800 Subject: [PATCH 1/2] Add more detail to the README Add a quick start section showing how to install and an example section showing an example running precli against one of the test samples. Signed-off-by: Eric Brown --- README.md | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e7f1cde7..f6c38eb1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,36 @@ -# precli +# Precli - precaution command line interface [![Build and Test](https://github.com/securesauce/precli/actions/workflows/unit-test.yml/badge.svg?branch=main)](https://github.com/securesauce/precli/actions/workflows/unit-test.yml) -Precaution command line interface +Precli is the core of the GitHub App [Precaution](https://github.com/marketplace/precaution) and also a command line interface to demonstate its functionality. + +**Quick Start** +```bash +pip install precli +``` + +**Example** + +``` +$ precli tests/unit/rules/python/stdlib/examples/hmac_timing_attack.py +⛔️ Error on line 18 in tests/unit/rules/python/stdlib/examples/hmac_timing_attack.py +PY005: Observable Timing Discrepancy +Comparing digests with the '==' operator is vulnerable to timing attacks. + 17 +❱ 18 return digest == received_digest + 19 +Suggested fix: Use the 'hmac.compare_digest' function instead of the '=='' operator to reduce the +vulnerability to timing attacks. + 17 +❱ 18 return hmac.compare_digest(digest, received_digest) + 19 + +┏━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┓ +┃ Files analyzed ┃ 1 ┃ Lines analyzed ┃ 18 ┃ +┃ Files skipped ┃ 0 ┃ ┃ ┃ +┣━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━╋━━━━━━━━━━━━━━━━━━━━━━╋━━━━━┫ +┃ Errors ┃ 1 ┃ ┃ ┃ +┃ Warnings ┃ 0 ┃ ┃ ┃ +┃ Notes ┃ 0 ┃ ┃ ┃ +┗━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━┻━━━━━━━━━━━━━━━━━━━━━━┻━━━━━┛ +``` From 3dfb5367817ee93b846c7229df254268222c14b7 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 29 Jan 2024 20:14:17 -0800 Subject: [PATCH 2/2] Update README.md Signed-off-by: Eric Brown --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f6c38eb1..c0e02601 100644 --- a/README.md +++ b/README.md @@ -16,14 +16,14 @@ $ precli tests/unit/rules/python/stdlib/examples/hmac_timing_attack.py ⛔️ Error on line 18 in tests/unit/rules/python/stdlib/examples/hmac_timing_attack.py PY005: Observable Timing Discrepancy Comparing digests with the '==' operator is vulnerable to timing attacks. - 17 -❱ 18 return digest == received_digest - 19 -Suggested fix: Use the 'hmac.compare_digest' function instead of the '=='' operator to reduce the + 17 +❱ 18 return digest == received_digest + 19 +Suggested fix: Use the 'hmac.compare_digest' function instead of the '=='' operator to reduce the vulnerability to timing attacks. - 17 -❱ 18 return hmac.compare_digest(digest, received_digest) - 19 + 17 +❱ 18 return hmac.compare_digest(digest, received_digest) + 19 ┏━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┓ ┃ Files analyzed ┃ 1 ┃ Lines analyzed ┃ 18 ┃