mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
This commit is contained in:
@@ -6,7 +6,6 @@ import json
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
import sqlite3
|
||||
from datetime import datetime, timezone
|
||||
|
||||
@@ -19,6 +18,8 @@ ANDROID_SENSITIVE_PATHS = [
|
||||
"/sdcard/Android/data/{package}/",
|
||||
]
|
||||
|
||||
_SAFE_TABLE_RE = re.compile(r'^[a-zA-Z_][a-zA-Z0-9_]*$')
|
||||
|
||||
SENSITIVE_PATTERNS = {
|
||||
"api_key": re.compile(r'["\']?api[_-]?key["\']?\s*[:=]\s*["\']([^"\']+)', re.I),
|
||||
"token": re.compile(r'["\']?(?:access|auth|bearer)[_-]?token["\']?\s*[:=]\s*["\']([^"\']+)', re.I),
|
||||
@@ -70,7 +71,9 @@ def scan_sqlite_databases(db_dir):
|
||||
cursor.execute("SELECT name FROM sqlite_master WHERE type='table'")
|
||||
tables = cursor.fetchall()
|
||||
for (table_name,) in tables:
|
||||
cursor.execute(f"PRAGMA table_info({table_name})")
|
||||
if not _SAFE_TABLE_RE.match(table_name):
|
||||
continue
|
||||
cursor.execute(f"PRAGMA table_info([{table_name}])")
|
||||
columns = cursor.fetchall()
|
||||
sensitive_cols = []
|
||||
for col in columns:
|
||||
@@ -79,7 +82,7 @@ def scan_sqlite_databases(db_dir):
|
||||
if sf in col_name:
|
||||
sensitive_cols.append(col[1])
|
||||
if sensitive_cols:
|
||||
cursor.execute(f"SELECT COUNT(*) FROM {table_name}")
|
||||
cursor.execute(f"SELECT COUNT(*) FROM [{table_name}]")
|
||||
row_count = cursor.fetchone()[0]
|
||||
findings.append({
|
||||
"file": fpath,
|
||||
@@ -141,7 +144,7 @@ def main():
|
||||
)
|
||||
parser.add_argument("--scan-dir", help="Directory containing app data to scan")
|
||||
parser.add_argument("--package", help="Android package name for ADB pull")
|
||||
parser.add_argument("--pull-dir", default="/tmp/mobile_audit")
|
||||
parser.add_argument("--pull-dir", default=os.environ.get("MOBILE_AUDIT_DIR", "/tmp/mobile_audit"))
|
||||
parser.add_argument("--output", "-o", help="Output JSON report")
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user