Timmy_Foundation/compounding-intelligence
15
0
Fork 0
Code Issues 173 Pull Requests 59 Actions Packages Projects Releases Wiki Activity

feat: add security linter (#158) — 9.4: Security Linter #245

Open
Rockachopa wants to merge 1 commits from step35/158-9-4-security-linter into main
pull from: step35/158-9-4-security-linter
merge into: Timmy_Foundation:main
Conversation 0 Commits 1 Files Changed 2 +269
Rockachopa commented 2026-04-26 06:55:13 +00:00
Owner
Copy Link

What

Add scripts/security_linter.py: a standalone CLI that scans Python code for common security vulnerabilities with severity ratings (CRITICAL/HIGH/MEDIUM/LOW). Outputs JSON report by default; Markdown optional.

Checks

  • eval/exec - arbitrary code execution (CRITICAL)
  • subprocess shell=True (HIGH)
  • pickle.loads - unsafe deserialization (HIGH)
  • yaml.load - unsafe deserialization (HIGH)
  • tempfile.mktemp - insecure temp file (MEDIUM)
  • random module crypto use (MEDIUM)
  • MD5/SHA1 weak hashes (MEDIUM)
  • hardcoded passwords/secrets (HIGH)
  • SQL injection patterns (HIGH)
  • assert for security validation (MEDIUM)
  • dynamic __import__ (MEDIUM)

Tests

Add scripts/test_security_linter.py: pytest suite validating detection patterns and report generation.

Acceptance Criteria (from #158)

  • Runs security litters
  • Reports: security findings
  • Severity ratings
  • Output: security lint report

Closes #158

## What Add `scripts/security_linter.py`: a standalone CLI that scans Python code for common security vulnerabilities with severity ratings (CRITICAL/HIGH/MEDIUM/LOW). Outputs JSON report by default; Markdown optional. ## Checks - eval/exec - arbitrary code execution (CRITICAL) - subprocess shell=True (HIGH) - pickle.loads - unsafe deserialization (HIGH) - yaml.load - unsafe deserialization (HIGH) - tempfile.mktemp - insecure temp file (MEDIUM) - random module crypto use (MEDIUM) - MD5/SHA1 weak hashes (MEDIUM) - hardcoded passwords/secrets (HIGH) - SQL injection patterns (HIGH) - assert for security validation (MEDIUM) - dynamic `__import__` (MEDIUM) ## Tests Add `scripts/test_security_linter.py`: pytest suite validating detection patterns and report generation. ## Acceptance Criteria (from #158) - Runs security litters - Reports: security findings - Severity ratings - Output: security lint report Closes #158
Rockachopa added 1 commit 2026-04-26 06:55:13 +00:00
feat: add security linter (#158) — 9.4: Security Linter
Some checks failed
Test / pytest (pull_request) Failing after 8s
Details
eec2ab2642 
Add scripts/security_linter.py: standalone CLI that scans Python code
for common security vulnerabilities with severity ratings (CRITICAL/HIGH/
MEDIUM/LOW). Outputs JSON report by default, Markdown optional.

Checks include: eval/exec, subprocess shell=True, pickle, yaml.load,
hardcoded secrets, weak hashes, SQL injection patterns, and dynamic
imports.

Add scripts/test_security_linter.py: pytest test suite validating
core detection patterns and report generation.

This implements the smallest concrete fix to satisfy the acceptance
criteria: runs security linters, reports findings with severity,
outputs security lint report.

Closes #158
Some checks failed
Test / pytest (pull_request) Failing after 8s
Details
Checking for merge conflicts…
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin step35/158-9-4-security-linter:step35/158-9-4-security-linter
git checkout step35/158-9-4-security-linter
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
acceptance-criteria
batch-pipeline
Token masterplan batch pipeline
 bootstrapper
Pre-session context injection
 epic
Epic-level issue
 harvester
Session knowledge extraction
 measurer
Compounding metrics
 milestone:1
Milestone 1: Foundation
 milestone:2
Milestone 2: Integration
 milestone:3
Milestone 3: Measurement
 milestone:4
Milestone 4: Retroactive
 pipeline
Pipeline/integration work
 pipeline
priority:high
priority:medium
retroactive
Processing existing sessions
 throughput-10x
throughput-10x label
 token-masterplan
token-masterplan label
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Rockachopa Timmy allegro antigravity bezalel claude codex-agent ezra gemini google grok hermes kimi manus perplexity
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/compounding-intelligence#245
Delete Branch "step35/158-9-4-security-linter"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?