From 0425d4934e5774a6423081ca6ee7be39f9764fc7 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 29 Jan 2024 20:15:37 -0800 Subject: [PATCH] Add more detail to the README (#253) Add a quick start section showing how to install and an example section showing an example running precli against one of the test samples. --------- Signed-off-by: Eric Brown --- README.md | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e7f1cde7..c0e02601 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,36 @@ -# precli +# Precli - precaution command line interface [![Build and Test](https://github.com/securesauce/precli/actions/workflows/unit-test.yml/badge.svg?branch=main)](https://github.com/securesauce/precli/actions/workflows/unit-test.yml) -Precaution command line interface +Precli is the core of the GitHub App [Precaution](https://github.com/marketplace/precaution) and also a command line interface to demonstate its functionality. + +**Quick Start** +```bash +pip install precli +``` + +**Example** + +``` +$ precli tests/unit/rules/python/stdlib/examples/hmac_timing_attack.py +⛔️ Error on line 18 in tests/unit/rules/python/stdlib/examples/hmac_timing_attack.py +PY005: Observable Timing Discrepancy +Comparing digests with the '==' operator is vulnerable to timing attacks. + 17 +❱ 18 return digest == received_digest + 19 +Suggested fix: Use the 'hmac.compare_digest' function instead of the '=='' operator to reduce the +vulnerability to timing attacks. + 17 +❱ 18 return hmac.compare_digest(digest, received_digest) + 19 + +┏━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━┓ +┃ Files analyzed ┃ 1 ┃ Lines analyzed ┃ 18 ┃ +┃ Files skipped ┃ 0 ┃ ┃ ┃ +┣━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━╋━━━━━━━━━━━━━━━━━━━━━━╋━━━━━┫ +┃ Errors ┃ 1 ┃ ┃ ┃ +┃ Warnings ┃ 0 ┃ ┃ ┃ +┃ Notes ┃ 0 ┃ ┃ ┃ +┗━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━┻━━━━━━━━━━━━━━━━━━━━━━┻━━━━━┛ +```