aura
aura copied to clipboard
SourceCode-AI
Python source code auditing and static analysis on a large scale
With the recent news on attacks leveraging the non-ascii characters, implement a new analyzer that would flag such characters as suspicious, namely: - strings containing non-ascii characters - variable names...
**Describe the bug** The HTML report for PyPI package faiss needs a bit more explanation. When there are no detections, it is probably worth providing the user a bit more...
Hi @RootLUG, One thing that could be helpful is to place a numeric count of each indicator severity level by the filter buttons in the HTML output. It would be...
@RootLUG, I'm sure you've thought of this and it would probably be a pain. But I find myself clicking on the indicators in the HTML view hoping that I get...
Aura has support for defining output plugins to output the data in various formats. There are already several output formats built-in such as JSON, SQLite, text etc... however the documentation...
This repository: https://github.com/Yara-Rules/rules looks like a very good candidate for including built-in yara rules, especially the packer and obfuscation detection rules. As this is a third-party repo, an update mechanism...
Add raw file analyzer to data pipeline that integrates with the ClamAV for scanning input files, this would be particularly helpful during global PyPI scans. Preliminary research however shows that...
As part of the ML roadmap, add a new feature extractor to the AST visitor to extract the data suitable for code2vec and related ML tasks.
There is already an experimental `ngram.py` in the repository root that is able to extract n-gram features from the source code in the JSON format. This extractor needs to be...
@RootLUG I haven't got any **source** and **_Tainted path in the output file_**. Is there any **possibility to get the tainted path (flow)** from the tainted **source to sink**? So...
Metadata
Owner
Metadata
Python source code auditing and static analysis on a large scale