ado-git-repo-insights

v101.28.1 suspicious
5.0
Medium Risk

Extract Azure DevOps Pull Request metrics to SQLite and generate PowerBI-compatible CSVs.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to incomplete metadata and potential shell command execution vulnerabilities, although it does not exhibit clear signs of malicious intent or obfuscation.

  • Incomplete author details and lack of associated GitHub repository
  • Use of subprocess for git operations
Per-check LLM notes
  • Network: The use of network requests with timeouts suggests legitimate API interactions, but URLs and purposes should be reviewed.
  • Shell: Use of subprocess to execute git commands could be legitimate for repository operations, but always risky due to potential command injection vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has no associated GitHub repository and the author's details are incomplete, suggesting potential unreliability.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • nfiguration (seconds) # Note: urllib.request.urlopen uses a single timeout for the entire operation # (co
  • try: response = requests.get(url, timeout=URL_TIMEOUT_SECONDS) response.raise
  • rsion=7.1" resp = requests.get(build_url, headers=headers, timeout=30) resp.rai
  • ) resp = requests.get(builds_url, headers=headers, timeout=30) resp.ra
  • 7.1" ) resp = requests.get(artifact_url, headers=headers, timeout=30) resp.rais
  • artifact...") resp = requests.get(download_url, headers=headers, timeout=300, stream=True)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • strings on code lines (e.g., os.system("cmd")) are kept because the code pattern (os.system) is
  • iew finding) - os.system, os.popen (always unsafe) For multi-line calls, scans forward up t
  • # Check for os.system / os.popen (always unsafe) if re.search(r"\bos\.(?:system|popen)
  • repo_root = Path( subprocess.check_output( ["git", "rev-parse", "--show-toplevel"],
  • gs) try: result = subprocess.run( ["git", "ls-files", "*.py", "*.ts"],
  • p in inputs) git_result = subprocess.run( argv, cwd=str(repo_root), capture_o
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: oddessentials.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ado-git-repo-insights 
Develop a mini-application named 'DevOpsMetricsVisualizer' using Python that leverages the 'ado-git-repo-insights' package to extract Azure DevOps Pull Request metrics. The application should perform the following steps:

1. Authenticate with Azure DevOps using personal access tokens.
2. Retrieve pull request data from specified repositories.
3. Store the retrieved data into an SQLite database.
4. Generate PowerBI-compatible CSV files from the stored data.
5. Allow users to specify which repositories and metrics they want to analyze.
6. Provide a simple command-line interface for user interaction.
7. Include error handling and logging for troubleshooting.

Suggested features for the application include:
- Support for filtering pull requests based on various criteria such as author, status, creation date, etc.
- Ability to schedule periodic data retrieval and storage tasks.
- Integration with other data visualization tools besides PowerBI.
- User-friendly documentation and examples for easy setup and use.

The 'ado-git-repo-insights' package will be utilized primarily for its functions related to extracting pull request metrics and saving them to an SQLite database. Additionally, the package's capabilities to generate CSV files compatible with PowerBI will be employed to facilitate data analysis and visualization outside of the application.