DakshSCRA 0.13 beta releases: Source Code Review Assist

Source Code Review

Daksh SCRA (Source Code Review Assist)

The tool currently offers the following functionalities:

  • Options to use programming language-specific rules specific for finding areas of interests
  • Option to extend or add new rules for any new or existing languages
  • Generate a raw output both in text and HTML format for inspection

Changelog v0.13 beta

  • Fixed ruamel.yaml.round_trip_load error.

    “round_trip_load_all()” has been removed, and replaced with

    yaml = YAML()
    yaml.load(…)

    Affected file: /DakshSCRA/modules/misclib.py”, line 32

Install

Pre-requisites

Python3 and all the libraries listed in requirements.txt

Setting up the environment to run this tool

1. Setup a virtual environment

$ pip install virtualenv

$ virtualenv -p python3 {name-of-virtual-env} // Create a virtualenv
Example: virtualenv -p python3 venv

$ source {name-of-virtual-env}/bin/activate // To activate virtual environment you just created
Example: source venv/bin/activate

After running the activate command you should see the name of your virtual env at the beginning of your terminal like this: (venv) $

2. Ensure all required libraries are installed within the virtual environment

You must run the below command after activating the virtual environment as mentioned in the previous steps.

pip install -r requirements.txt

Once the above step successfully installs all the required libraries, refer to the following tool usage commands to run the tool.

Use

Source Code Review

Reports

The tool generates reports in three formats: HTML, PDF, and TEXT. Although the HTML and PDF reports are still being improved, they are currently in a reasonably good state. With each subsequent iteration, these reports will continue to be refined and improved even further.

RAW TEXT-Based Reports:

  • Areas of Interest – Identified Patterns: DakshSCRA/reports/text/areas_of_interest.txt
  • Areas of Interest – Enumerated Project Files: DakshSCRA/reports/text/filepaths_aoi.txt
  • Identified Project Files: DakshSCRA/runtime/filepaths.txt

HTML Report:

  • DakshSCRA/reports/html/report.html

PDF Report:

  • DakshSCRA/reports/html/report.pdf

Copyright (C) 2023 coffeeandsecurity

Source: https://github.com/coffeeandsecurity/