abicheck

v0.3.0 suspicious
5.0
Medium Risk

ABI compatibility checker for C/C++ shared libraries

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to unclear network calls and potential misuse of shell commands, despite having no evidence of obfuscation or credential theft.

  • network risk due to undocumented URL fetching
  • shell risk from executing potentially unsafe commands
Per-check LLM notes
  • Network: The network calls seem to be fetching URLs which could be for updates or resources, but lack of clear documentation increases suspicion.
  • Shell: Executing shell commands like 'git rev-parse' and 'c++filt' may be legitimate for version control checks or symbol demangling, but arbitrary command execution poses a higher risk.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author information is incomplete and the maintainer seems to be new or inactive, raising some concerns.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • eme!r}: {url}") req = urllib.request.Request(url) req.add_header("User-Agent", "abicheck-
  • p: http.client.HTTPResponse = urllib.request.urlopen(req, timeout=timeout) # nosec B310 # noqa: S310
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • try: result = subprocess.run( ["git", "rev-parse", "HEAD"],
  • ol) try: result = subprocess.run( ["c++filt", symbol], capture_output
  • False try: proc = subprocess.run( ["c++filt"], input="\n".join(remain
  • try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=120, check=Fals
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository napetrov/abicheck appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with abicheck 
Create a Python-based utility called 'ABICompatAnalyzer' that leverages the 'abicheck' package to ensure developers can easily verify the binary compatibility of their C/C++ shared libraries. This tool should allow users to specify two shared library files (e.g., .so or .dll files) and analyze whether they have compatible Application Binary Interfaces (ABIs). The application should provide a user-friendly command-line interface where users can input the paths to the two libraries they wish to compare.

Core Features:
1. Accept two file paths as inputs from the command line.
2. Utilize the 'abicheck' package to perform the ABI compatibility check between the specified libraries.
3. Display a clear result indicating if the ABIs are compatible or incompatible.
4. Optionally, provide detailed information about any incompatibilities found.
5. Include error handling to manage cases where files cannot be read or the 'abicheck' package fails to execute properly.

Suggested Enhancements:
- Implement a GUI front-end using PyQt or Tkinter to make the tool more accessible to non-command-line users.
- Allow users to save the results of their ABI checks to a log file for future reference.
- Integrate the tool with version control systems like Git to automatically check ABI compatibility during the commit process.
- Offer support for multiple operating systems (Linux, Windows, macOS) ensuring cross-platform functionality.