import subprocess
import json
from utils.logger import LoggerUtils
class VulnerabilityScanner:
def scan_codebase(self, path='.'):
"""Scan for vulnerabilities using Bandit (Python) and ESLint (JS)."""
results = {}
# Python scan
try:
output = subprocess.check_output(['bandit', '-r', path, '-f', 'json'], text=True)
results['python'] = json.loads(output)
LoggerUtils.logInfo('Python Scan Complete', { 'issues': len(results['python']['results']) });
except subprocess.CalledProcessError as e:
LoggerUtils.logError('Python Scan Failed', e);
# JS scan (assuming ESLint installed)
try:
output = subprocess.check_output(['npx', 'eslint', path, '--format', 'json'], text=True)
results['javascript'] = json.loads(output)
LoggerUtils.logInfo('JS Scan Complete', { 'issues': len(results['javascript']) });
except subprocess.CalledProcessError as e:
LoggerUtils.logError('JS Scan Failed', e);
with open('security/scan_report.json', 'w') as f:
json.dump(results, f, indent=2)
return results
def check_dependencies(self):
"""Check for vulnerable dependencies."""
try:
output = subprocess.check_output(['npm', 'audit', '--json'], text=True)
audit = json.loads(output)
LoggerUtils.logInfo('Dependency Audit', { 'vulnerabilities': audit['metadata']['vulnerabilities'] });
return audit
except subprocess.CalledProcessError as e:
LoggerUtils.logError('Dependency Audit Failed', e);
# Example
scanner = VulnerabilityScanner()
scanner.scan_codebase()
scanner.check_dependencies()
