Argus Pro — Code Intelligence Scanner — Argus Pro — 代码智能扫描器

Argus Pro — 全面的代码智能 Argus 的所有功能，再加上 40+ 规则、性能模式、CI/CD 集成、自定义忽略路径和趋势 JSON 以跟踪随时间的债务。 Pro 功能与免费 Argus 功能对比 Argus 功能 Argus（免费） Argus Pro 规则 20 40+ 语言 Python 或 JS Python + JS 同时 性能规则 — √ N+1、阻塞调用、内存泄漏 CI 退出代码 — √ FAIL_ON_CRITICAL 忽略路径 — √ JSON 输出 可选 √ 总是（CI 准备就绪） 发现去重 基本 √ 跨文件智能去重 自定义严重性过滤器 √ √ + 每个规则覆盖 升级：openclaw skills install argus-pro + key at ko-fi.com/occupythemilkyway 步骤 1 — 安装 pip3 install rich --break-system-packages --quiet 步骤 2 — 全代码扫描（Pro） ```python import os, re, json, sys from pathlib import Path from datetime import date from rich.console import Console from rich.table import Table from rich.panel import Panel from rich import box console = Console() LICENSE_KEY = os.environ.get("LICENSE_KEY","").strip() if not LICENSE_KEY: console.print(Panel( "[red bold] Argus Pro 需要许可密钥。[/red bold]\n\n" "获取您的密钥：[bold cyan]ko-fi.com/occupythemilkyway[/bold cyan]\n\n" "或使用免费版本：[dim]openclaw skills install argus1[/dim]", title="许可密钥要求", border_style="red" )) raise SystemExit(1) SRC_PATH = os.environ.get("SOURCE_PATH",".").strip() LANGUAGE = os.environ.get("LANGUAGE","auto").lower() SEV_FILTER = os.environ.get("SEVERITY_FILTER","all").lower() try: MAX_FINDINGS = int(os.environ.get("MAX_FINDINGS","100")) except: MAX_FINDINGS = 100 OUTPUT_JSON = os.environ.get("OUTPUT_JSON","true").lower() == "true" FAIL_CRITICAL = os.environ.get("FAIL_ON_CRITICAL","false").lower() == "true" IGNORE_RAW = os.environ.get("IGNORE_PATHS","") IGNORE_PATHS = [p.strip() for p in IGNORE_RAW.split(",") if p.strip()] TODAY = date.today() src = Path(SRC_PATH) if not src.exists(): console.print(f"[red] Path 未找到：{SRC_PATH}[/red]") raise SystemExit(1) def detect_lang(path): py = len(list(path.rglob(".py") if path.is_dir() else ([path] if str(path).endswith(".py") else []))) js = len(list(path.rglob(".js") if path.is_dir() else ([path] if str(path).endswith(".js") else []))) return "python" if py >= js else "javascript" lang = LANGUAGE if LANGUAGE != "auto" else detect_lang(src) # Pro：扫描两个语言 SCAN_LANGS = ["python","javascript"] if src.is_dir() and LANGUAGE == "auto" else [lang] # 扩展规则集 PYTHON_RULES = [ # 安全 ("PY001","critical","security", r"\beval\s\(", "eval() 执行任意代码。", "使用 ast.literal_eval() 进行安全的字面值评估。"), ("PY002","critical","security", r"\bexec\s\(", "exec() 执行任意代码。", "重构以消除动态代码执行。"), ("PY003","critical","security", r"\bpickle\.loads?\s\(", "pickle.load() 使用不受信任的数据启用代码执行。", "使用 json.loads() 代替。"), ("PY004","high","security", r"(?i)(password|secret|api_key|token|auth_key)\s=\s['\"].+['\"]", "硬编码凭据。", "使用环境变量。"), ("PY005","high","security", r"shell\s=\sTrue", "shell=True 是命令注入风险。", "使用列表参数：subprocess.run(['cmd','arg'])"), ("PY006","high","security", r"\.execute\s\(.(%|\.format\(|f['\"])", "潜在的 SQL 注入通过字符串格式化。", "使用参数化查询。"), ("PY016","medium","security", r"hashlib\.(md5|sha1)\s\(", "MD5/SHA1 是密码学上弱的。", "使用 hashlib.sha256() 或 bcrypt 进行密码哈希。"), ("PY017","high","security", r"\brandom\.(random|randint|choice)\s\(", "random 模块不安全。", "使用 secrets 模块进行安全敏感值。"), # Bug ("PY007","medium","bug", r"def\s+\w+\s\([^)]=\s\[\s\]", "可变默认参数 []。", "使用 None 作为默认值；在函数内部初始化。"), ("PY008","medium","bug", r"def\s+\w+\s\([^)]=\s\{\s\}", "可变默认参数 {}。", "使用 None 作为默认值；在函数内部初始化。"), ("PY009","medium","bug", r"except\s:", "裸 except 捕获 SystemExit/KeyboardInterrupt。", "捕获特定异常：except ValueError: 或 except Exception:"), ("PY010","medium","bug", r"==\sNone\b|\bNone\s==", "使用 'is None' 而不是 '== None'。", "替换为 'is None'。"),