PySMT

v0.9.6 safe
4.0
Medium Risk

A solver-agnostic library for SMT Formulae manipulation and solving

πŸ€– AI Analysis

Final verdict: SAFE

The package shows moderate risks in network and shell execution but does not pose significant threats based on the provided analysis notes. There is no evidence of credential theft or severe obfuscation practices.

  • moderate network risk due to urllib usage
  • shell execution risk from git commands
Per-check LLM notes
  • Network: The use of urllib to fetch files and metadata is common for packages that need to download external resources or check version information.
  • Shell: Executing shell commands like 'git describe' is often used for version control operations but could indicate more risky behavior if not properly sanitized.
  • Obfuscation: The code appears to be obfuscated, but without additional context, it's hard to determine if this is malicious or part of a complex internal logic.
  • Credentials: No clear signs of credential harvesting observed.
  • Metadata: Low risk with some concerns about non-HTTPS links and lack of GitHub repository.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • iven file name""" u = urllib.request.urlopen(url) f = open(file_name, 'wb') meta
  • te_version response = urllib.request.urlopen(pypi_link) reader = codecs.getreader("utf-8"
⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • z3_res = self.z3_model.eval(titem, model_completion=model_completion) return sel
  • z3_res = self.z3.model().eval(titem, model_completion=True) res = self.converter.b
⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • try: git_version = subprocess.check_output(["git", "describe",
  • _output: output = subprocess.check_output(program, env=en
  • i") else: subprocess.check_call(program, env=environment,
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: pysmt.org

⚠ Suspicious Page Links score 10.0

Found 6 suspicious link(s) on the package page

  • Non-HTTPS external link: http://mathsat.fbk.eu/
  • Non-HTTPS external link: http://yices.csl.sri.com/
  • Non-HTTPS external link: http://vlsi.colorado.edu/~fabio/CUDD/
  • Non-HTTPS external link: http://fmv.jku.at/picosat/
  • Non-HTTPS external link: http://fmv.jku.at/boolector/
  • Non-HTTPS external link: http://www.pysmt.org
βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "PySMT Team" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with PySMT 
Your task is to develop a mini-application called 'SMT Formula Solver' using the PySMT library. This application will serve as a tool for users to input their Satisfiability Modulo Theories (SMT) problems and receive solutions directly from the application. Here’s a detailed breakdown of what your application should achieve:

1. **User Interface**: Design a simple and intuitive command-line interface (CLI) where users can input their SMT formulae.
2. **Formula Parsing**: Utilize PySMT to parse and validate the user-provided SMT formulae. Ensure the application can handle common theories like arithmetic, bit-vectors, arrays, etc.
3. **Solver Integration**: Implement a feature within the application that allows users to choose from different back-end solvers supported by PySMT, such as Z3, CVC4, or Yices. The application should dynamically select and use the chosen solver based on user input.
4. **Solution Display**: Once a solution is found, display it clearly to the user along with any relevant information about the satisfiability status of the formula (SAT/UNSAT).
5. **Error Handling**: Implement robust error handling to manage incorrect inputs or unsupported formulae, providing meaningful error messages to guide users.
6. **Documentation**: Include a help menu in the CLI that explains how to format input formulae and lists the available options for solver selection.
7. **Advanced Features** (Optional): Consider adding features like saving solved problems to a history file, allowing users to load previous problems, or even visualizing the structure of complex formulae.

In your development process, focus on leveraging PySMT’s capabilities for formula manipulation and solver agnosticism. Remember, the goal is to create a versatile tool that can handle a wide range of SMT problems efficiently and intuitively.