archdogma

v0.2.0 suspicious
6.0
Medium Risk

Honest analysis of one function at a time. Catalog of programming dogmas with real post-mortems.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant obfuscation risks due to the use of 'eval', which is commonly exploited for malicious purposes. While there are no direct signs of credential theft or active network threats, the unusual behavior associated with shell execution and questionable metadata raise concerns about potential misuse.

  • High obfuscation risk due to 'eval'
  • Suspicious shell execution attempts
  • Questionable package metadata
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution attempts to use TTS tools which may indicate unexpected behavior but not necessarily malicious intent without additional context.
  • Obfuscation: The presence of obfuscation techniques involving 'eval' suggests potential risk as it can be used for malicious purposes.
  • Credentials: No clear patterns of credential harvesting detected.
  • Metadata: The package shows some red flags including an author with a missing or short name and a new or inactive account, but no clear signs of typosquatting or malicious intent.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 26 test file(s) found

  • Test runner config found: pyproject.toml
  • 26 test file(s) detected (e.g. test_catalog_loader.py)
◈ Medium Documentation 7.0

Some documentation present

  • Detailed PyPI description (4706 chars)
  • Classifier: Documentation
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 172 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 5 unique contributor(s) across 20 commits in gaidar0yegor/ArchDogma
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 5 obfuscation pattern(s)

  • se func is a bare Name (e.g. `eval(...)`) # matching the target set. Attribute-qualified calls
  • ht() -> None: """builtins.eval(...) is not caught in v0.1 — documented limitation.""" s
  • builtins\n return builtins.eval(x)\n" assert detect_dynamic_magic(_first_func(source)) i
  • urce = "def f(s):\n return eval(s)\n" tag = detect_dynamic_magic(_first_func(source))
  • e = "def f(name):\n return __import__(name)\n" tag = detect_dynamic_magic(_first_func(source))
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • al input.""" try: subprocess.run( ["say", text], check=False,
  • as `say`.""" try: subprocess.run( ["espeak-ng", text], check=False,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archdogma 
Develop a code review tool called 'DogmaGuard' using the Python package 'archdogma'. This tool aims to analyze individual functions within a given Python script to identify potential issues based on common programming dogmas and provide detailed post-mortem analyses. The application should follow these steps and include the following features:

1. **Function Analysis**: Integrate 'archdogma' to perform a thorough analysis of each function in a provided Python script. This analysis should check against a catalog of common programming dogmas and identify any violations.
2. **Post-Mortem Reports**: For each identified issue, generate a detailed report that includes a description of the problem, its severity, and a recommendation for improvement. These reports should reference real-world examples from 'archdogma's post-mortem database.
3. **User Interface**: Develop a simple command-line interface (CLI) where users can input the path to their Python script. The CLI should display a summary of the analysis results and allow users to view detailed reports for specific functions.
4. **Configuration Options**: Allow users to customize which dogmas to check for during the analysis via configuration files or command-line flags.
5. **Integration with Version Control Systems**: Implement basic integration with Git to automatically run 'DogmaGuard' on pre-commit hooks, ensuring that no new issues are introduced into the repository before a commit is made.
6. **Testing Framework**: Create a set of test cases to validate the functionality of 'DogmaGuard', including edge cases such as empty scripts, scripts with no functions, and scripts that intentionally violate multiple dogmas.
7. **Documentation**: Provide comprehensive documentation detailing how to install and use 'DogmaGuard', including examples of common issues it can detect and how to address them.

By utilizing 'archdogma', 'DogmaGuard' will not only help developers write cleaner, more maintainable code but also serve as an educational tool, teaching best practices through practical examples.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!