Production hardening: security fixes, code quality, 724 skills complete

- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
This commit is contained in:
mukul975
2026-03-19 13:26:49 +01:00
parent 63b442d347
commit c47eed6a64
900 changed files with 23085 additions and 2720 deletions
@@ -1,11 +1,11 @@
#!/usr/bin/env python3
"""Agent for managing Falco rules and parsing alerts for container forensics."""
import os
import json
import argparse
from datetime import datetime
import os
from collections import defaultdict
from datetime import datetime
from pathlib import Path
import yaml
@@ -116,7 +116,8 @@ def summarize_alerts(alerts):
}
def check_falco_health(falco_url="http://localhost:8765"):
def check_falco_health(falco_url=None):
falco_url = falco_url or os.environ.get("FALCO_URL", "http://localhost:8765")
"""Check Falco health via HTTP endpoint."""
try:
resp = requests.get(f"{falco_url}/healthz", timeout=5)
@@ -126,7 +127,8 @@ def check_falco_health(falco_url="http://localhost:8765"):
return {"status": "unreachable", "error": str(e)}
def get_falco_version(falco_url="http://localhost:8765"):
def get_falco_version(falco_url=None):
falco_url = falco_url or os.environ.get("FALCO_URL", "http://localhost:8765")
"""Get Falco version information."""
try:
resp = requests.get(f"{falco_url}/version", timeout=5)
@@ -155,7 +157,7 @@ def main():
parser = argparse.ArgumentParser(description="Falco Cloud Native Forensics Agent")
parser.add_argument("--alert-file", help="Path to Falco JSON alert log")
parser.add_argument("--rules-output", default="custom_falco_rules.yaml")
parser.add_argument("--falco-url", default="http://localhost:8765")
parser.add_argument("--falco-url", default=os.environ.get("FALCO_URL", "http://localhost:8765"))
parser.add_argument("--output", default="falco_report.json")
parser.add_argument("--action", choices=[
"generate_rules", "parse_alerts", "health", "full_analysis"