Pih.dZddlZddlZddlZddlZddlZddlmZddlm Z m Z m Z m Z GddZ dZedk(reyy) u Red Team Auto Review - 보안 취약점 분석 및 리스크 평가 도구 Usage: python3 memory/red-team-auto-review.py scan <파일경로> # 전체 보안 검사 python3 memory/red-team-auto-review.py vuln <파일경로> # 취약점만 검사 python3 memory/red-team-auto-review.py deps <파일경로> # 의존성 검사 python3 memory/red-team-auto-review.py risk <파일경로> # 리스크 평가 N)Path)AnyDictListOptionalceZdZdZgdgdgdgdgdgdgdZd d d d d ZdefdZdefdZ de ee ffdZ dedefdZ de ee ffdZdedefdZde ee ffdZdedefdZde ee ffdZy)RedTeamRevieweru6보안 취약점 분석 및 리스크 평가 클래스)z(execute\s*\(\s*[\"'].*%s.*[\"']\s*%\s*\(zcursor\.execute\s*\(\s*f[\"']z\.raw\s*\(\s*[\"'].*\+.*[\"']zSELECT.*FROM.*WHERE.*\+)z innerHTML\s*=zdocument\.write\s*\(z\.html\s*\(\s*[^\"']zrender_template_string\s*\()z password\s*=\s*[\"'][^\"']+[\"']zapi_key\s*=\s*[\"'][^\"']+[\"']zsecret\s*=\s*[\"'][^\"']+[\"']ztoken\s*=\s*[\"'][^\"']+[\"']z!private_key\s*=\s*[\"']-----BEGIN) eval\s*\(z exec\s*\(z compile\s*\(z__import__\s*\()z\.\./z\.\.\\zos\.path\.join\s*\([^)]*\+)zos\.system\s*\(z*subprocess\.call\s*\([^)]*shell\s*=\s*Truez+subprocess\.Popen\s*\([^)]*shell\s*=\s*Truer z SQL InjectionzXSS (Cross-Site Scripting)zHardcoded SecretzCode InjectionzPath TraversalzCommand InjectionInsecure Dependenciesrlowmediumhighcritical file_pathc\t||_d|_g|_g|_d|_y)u 초기화rN)rrcontentvulnerabilitiesdependency_issues risk_level)selfrs L/home/jay/workspace/.worktrees/task-2117-dev1/memory/red-team-auto-review.py__init__zRedTeamReviewer.__init__Ds+i !!#returnc  |jjs/ttjd|jddyt |jdd5}|j |_dddy #1swYy xYw#t$r7}ttjd t|ddYd}~yd}~wwxYw) u 파일 로드zFile not found: unknown)errorrFrzutf-8)encodingNTzFailed to read file: ) rexistsprintjsondumpsopenreadr Exceptionstr)rfes r load_filezRedTeamReviewer.load_fileLs >>((*djj-=dnn=M+N^g!hijdnncG< ( vvx  ( (  $**)>s1vh'GW`ab c s<AB B#B9BB B B C-C  Cc |jsgddSg}|jjD]\}}|dk(r |D]}tj||j tj tjz}|D]}|j d|jjddz}|j jd|dz }|j} | jds| jdr|j|||jdd |j|d ||_|t!|d S) u코드 취약점 스캔r")rrr N r #z//d)typelinesnippetseverity)rcount)r0VULNERABILITY_PATTERNSitemsrefinditerr IGNORECASE MULTILINEstartr9splitstrip startswithappend _get_severityrlen) rfound_vulnerabilities vuln_typepatternspatternmatchesmatchline_numr6strippeds rscan_vulnerabilitiesz$RedTeamReviewer.scan_vulnerabilitiesZsM~~')C C "#'#>#>#D#D#F  Ix33# ++gt||R]]R\\=YZ$E#||Oekkm<BB4H1LH<<--d3HqLAD $zz|H**3/83F3Ft3L )00$-$,'+zz|DS'9(,(:(:9(E    2 5#83G\C]^^rrHc:dddddddd}|j|dS)u취약점 심각도 반환rrrr rget)rrH severity_maps rrEzRedTeamReviewer._get_severity}s5$*2 &(&!+%-  511rc <dgdd}|jjj}d|jjjvs|dk(r;d|d<|j dr t j dd t|jd d gd d d }|jdk7r^|jrRtj|j}t|jdg|d<|jdg|d<n_|jrN|j j#dDcgc]5}|j%s|j'dr&|j%7}}|ddDcgc]}|dd c}|d<n|dk(rd|jjjvrd|d<|j dr t j gdd d d t|jj(}|jrTtj|j}|jdijdijdd|d<||_|S#t$rYwxYwcc}wcc}w#t$rY-wxYw)u의존성 취약점 검사rN)vulnerable_deps dependencies tool_used requirementsz.txtzpip-audit (simulated)rWz pip-auditz-rz--formatr(T)capture_outputtexttimeoutrrUrVr2r3r")namestatusz.jsonpackageznpm audit (simulated)npm)raauditz--json)rZr[r\cwdmetadatatotal)rsuffixlowerr^_check_tool_available subprocessrunr- returncodestdoutr(loadsrFrRr,r0rrArBrCparentr)rresultsfile_extoutput audit_resultsr6depsdeps rcheck_dependenciesz"RedTeamReviewer.check_dependenciessr&'$O>>((..0 T^^00668 8H>#151C1CD1I)-TZZ\bfbqbqrubv D^bbdcd]e.fVYy/Q.fGN+ Y$..2E2E2K2K2M%M#:GK ))%0'^^2'+! " 5 56 F}}(, 6==(A )--j"=AABSUWX\\]dfgh 12 ")?! /g&!s>.BI6<JJ$J? J BJ6 JJ JJtoolcX tjd|gddy#t$rYywxYw)u)외부 도구 사용 가능 여부 확인whichTr])rZr\F)rirjr,)rrvs rrhz%RedTeamReviewer._check_tool_availables0  NNGT?4 K  s  ))cd}ddddd}|jD]<}|jdd}|j|d|j|dkDs;|}>|jjdddkDr|dk(rd }t|j}|d kDr|d k(rd }n |d kDr|d k(rd }||_|||jjdd|j |dS)u전체 리스크 평가rrr rrrr8rUrr]r r)rvulnerability_countrrecommendation)rrRrrFr_get_recommendation)r max_severityseverity_scoresvuln vuln_severity vuln_counts r assess_riskzRedTeamReviewer.assess_risks "#q!K(( -D HHZ7M""=!47J7Jlh6!L "_!7%L&'#-!%!7!7!;!;!?)*:;!,/3DD  rN)__name__ __module__ __qualname____doc__r: RISK_LEVELSr-rboolr0rrrOrErurhrr}rrrr r s@ '     "$K&Rq!CK #  4 !_d38n!_F 2s 2s 25DcN5n#$ T#s(^ @AcAcA tCH~ rr cttjdkr8tt j dgddtj dtjd}tjd}t|}|dk(r|j}n|dk(r'|j}|jd |d <n|d k(r |j}|d d k(rd nd|d <nq|dk(r1|j|j|j}n;tt j d|gddtj dtt j ddy)u 메인 함수rz7Usage: python3 red-team-auto-review.py )scanrrsrisk)r#commandsr rrrrrsrUrrrrzUnknown command: F)indent ensure_asciiN) rFsysargvr'r(r)exitr rrOrru)commandrreviewerresults rmainr sB 388}q JJV @    hhqkG Iy)H&'') F ..0'335lC| F ,,.(./@(AQ(FuH| F %%'##%%%' djj%6wi#@Nnopq   $**VAE :;r__main__)rr(osr<rirpathlibrtypingrrrrr rrrrrrsK  ,,q q h"