Skip to content

Python detector + dependency-addition detector#4

Closed
Conalh wants to merge 1 commit into
codey/harden-action-runtimefrom
feat/python-and-dep-detectors
Closed

Python detector + dependency-addition detector#4
Conalh wants to merge 1 commit into
codey/harden-action-runtimefrom
feat/python-and-dep-detectors

Conversation

@Conalh
Copy link
Copy Markdown
Owner

@Conalh Conalh commented May 21, 2026

Summary

Closes the audit's biggest coverage gap and addresses the missing manifest-layer capability signal. Stacked on top of #3 (Harden GitHub Action runtime) — merge #3 first, then this.

What changed

Python detector (src/detectors/py-capability.ts)

Why: agents that ship Python were previously invisible to CapabilityEcho even though Python is the dominant agent runtime.

  • Network: requests/httpx/urllib calls (requests.get, httpx.post, urllib.request.urlopen, bare urlopen after from urllib.request import urlopen, aiohttp.ClientSession), gated on a literal URL on the same line — parallels the JS gate.
  • Subprocess: subprocess.run/call/Popen/check_*, os.system/popen/execv*/spawn*, pty.spawn, legacy commands.getoutput — high severity.
  • Dynamic exec: eval, exec, compile, __import__, importlib.import_module — critical (medium in test files).
  • Unsafe deserialization (new finding kind): pickle.load/loads, marshal.load/loads, yaml.load without SafeLoader — critical.
  • Comment lines (#) and test files (tests/, test_*.py, *_test.py) handled.

Dependency-addition detector (src/detectors/package-deps.ts)

Why: a PR that adds puppeteer to dependencies is materially more interesting than a PR that just imports something already declared.

Diffs package.json across dependencies / devDependencies / optionalDependencies / peerDependencies on both sides:

  • high_capability_dep_added (high) — headless browsers (puppeteer, playwright, cypress, webdriverio, selenium-webdriver, nightwatch), subprocess/PTY wrappers (execa, cross-spawn, node-pty, shelljs, zx), arbitrary HTTP clients (node-fetch, undici, got, axios, request, superagent), VM/eval libs (vm2, isolated-vm), SSH/proxy primitives.
  • telemetry_dep_added (medium) — Sentry/Segment/Mixpanel/Amplitude/PostHog SDKs (ship outbound network by default).

Reuses package-scripts.ts diff infrastructure (PackageDiffMode, readPackageTextAt, listChangedPackageJsonFiles are now exported).

Plumbing

  • paths.ts recognizes .py/.pyw in isScannable, adds isPyFile, treats # as a comment, extends isTestFile for Python conventions.
  • diff.ts wires both new detectors in. detectPackageScripts and detectPackageDeps run in parallel via Promise.all.

Verification

  • `npm run build` — clean.
  • `npm test` — 30/30 passing (14 prior + 11 Python + 5 dependency).
  • README updated to describe Python coverage and dependency surface.

Test plan

  • CI build-test job passes
  • CapabilityEcho self-dogfood detects: this PR adds no risky deps but does compile new detector code

@Conalh
Python detector + dependency-addition detector
dfe9a70 
Closes the audit's biggest coverage gap and addresses the missing
manifest-layer capability signal.

Python detector (src/detectors/py-capability.ts):
- requests / httpx / urllib network calls, gated on a literal URL on
  the same line (parallel to the JS gate, same false-positive posture).
- subprocess, os.system, os.popen, pty.spawn — high severity.
- eval, exec, compile, __import__, importlib.import_module —
  critical when not in test files.
- pickle.load/loads, marshal.load/loads, yaml.load without
  SafeLoader — separate 'unsafe_deserialize_added' finding kind.
- Test-file downgrade applies to .py via the existing isTestFile,
  extended to recognize 'tests/', 'test_*.py', and '*_test.py'.
- isScannable and the comment-line check were extended to include
  .py/.pyw and '#' comments respectively.

Dependency-addition detector (src/detectors/package-deps.ts):
- Diffs package.json across dependencies / devDependencies /
  optionalDependencies / peerDependencies on both sides of the change.
- Emits 'high_capability_dep_added' (high) for headless browsers
  (puppeteer, playwright, cypress, etc.), subprocess/PTY wrappers
  (execa, cross-spawn, node-pty, shelljs, zx), arbitrary HTTP clients
  (node-fetch, undici, got, axios), VM/eval libs (vm2, isolated-vm),
  and SSH/proxy primitives.
- Emits 'telemetry_dep_added' (medium) for Sentry/Segment/Mixpanel/
  Amplitude/PostHog SDKs.
- Reuses the diff infrastructure from package-scripts.ts (PackageDiffMode,
  readPackageTextAt, listChangedPackageJsonFiles are now exported).

Diff pipeline wires both detectors in. Python adds 11 unit tests and
the dependency detector adds 5 fixture-based tests; total suite is
30/30 green.

Why this matters: agents that ship Python were previously invisible to
CapabilityEcho even though Python is the dominant agent runtime. And a
PR that adds 'puppeteer' to dependencies is materially more interesting
than a PR that just imports something already declared.
@Conalh Conalh deleted the branch codey/harden-action-runtime May 21, 2026 20:28
@Conalh Conalh closed this May 21, 2026
@Conalh Conalh mentioned this pull request May 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Conalh