agraph-python

v105.1.0 suspicious
6.0
Medium Risk

AllegroGraph Python client

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its use of potentially dangerous functions like eval and incomplete metadata, suggesting it might be risky to use without thorough vetting.

  • High obfuscation risk due to the use of eval with read-from-string
  • Incomplete metadata and possibly inactive maintainer
Per-check LLM notes
  • Network: The detected network call patterns indicate standard HTTP request handling which could be legitimate for interacting with an API, but further investigation into the purpose and necessity of these calls is recommended.
  • Shell: No shell execution patterns were detected, suggesting no immediate risk related to shell command execution.
  • Obfuscation: The use of eval with read-from-string suggests potential for executing arbitrary code, which is a high risk for obfuscation and code injection attacks.
  • Credentials: No clear evidence of credential harvesting patterns detected.
  • Metadata: The author information is incomplete and the maintainer may be new or inactive, raising some concerns but not definitive evidence of malice.

πŸ“¦ Package Quality Overall: Medium (7.0/10)

✦ High Test Suite 9.0

Test suite present β€” 19 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 19 test file(s) detected (e.g. conftest.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "documentation" -> https://franz.com/agraph/support/documentation/current/pytho
  • Detailed PyPI description (4935 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 83 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 10 unique contributor(s) across 100 commits in franzinc/agraph-python
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ort}" self._session = requests.Session() self._session.headers["Content-Type"] = "applicati
  • ession: """ session = requests.Session() if obj.user is not None and obj.password is not None:
  • e server. """ requests.delete(self.url("anything")) self.thread.join(5.0)
  • blish("/", b"Hello!") r = requests.get(http_server.url("/")) assert r.text == "Hello!" def te
  • ) # register NLQ VDB requests.put( f"http://{USER}:{PASSWORD}@{HOST}:{PORT}/repositori
  • get shacl data response = requests.get( f"http://{USER}:{PASSWORD}@{HOST}:{PORT}/repositori
⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • er evaluates expressions via (eval (read-from-string expression)) and returns results formatted
  • For advanced users, the eval() method provides direct access to evaluate arbitrary Li
  • -------------------- def eval(self, expression: str, *, timeout: Optional[float] = None) -
  • try: self.eval("(progn (stop-eval-server) (excl:exit 0))") except S
  • ) result = self.eval(expr) return result.stdout.strip() def test_con
  • """ result = self.eval("(test-agraph-connection)") return result.parsed is
βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: franz.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository franzinc/agraph-python appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agraph-python 
Your task is to develop a simple yet powerful knowledge graph explorer using the AllegroGraph Python client library called 'agraph-python'. This application will allow users to create, query, and manage semantic data within an AllegroGraph server. Here’s a detailed breakdown of the steps and features you need to implement:

1. **Setup and Initialization**: Begin by setting up your development environment with Python and installing the 'agraph-python' package. Connect to an existing AllegroGraph server instance or set up a new one if necessary.
2. **Data Import**: Design a feature where users can import RDF data from various sources such as Turtle files or SPARQL endpoints. Ensure the data is correctly parsed and loaded into the AllegroGraph server.
3. **Query Interface**: Implement a user-friendly query interface that allows users to write SPARQL queries directly or choose predefined templates to explore their data. The application should return results in a readable format.
4. **Visualization**: Integrate a visualization component that transforms the queried data into graphs or charts for better understanding. Use libraries like NetworkX for graph representation.
5. **Management Tools**: Include tools for managing the graph, such as adding, updating, and deleting nodes and edges based on user input. Allow for the creation of named graphs and management of permissions if applicable.
6. **Documentation and Help**: Provide comprehensive documentation and help sections within the application to guide users through its features and functionalities.
7. **Testing and Validation**: Ensure all components are thoroughly tested, including data integrity checks and performance validation.

Use the 'agraph-python' package to interact with the AllegroGraph server, leveraging its capabilities for efficient data manipulation and querying. This project will serve as a versatile tool for anyone looking to explore, analyze, or manage semantic data efficiently.