- Installation
- Usage
- Inspiration
- What it does
- How we built it
- Challenges we ran into
- Accomplishments that we're proud of
- What's next for EnvProtecc
Please refer to our CONTRIBUTING.md file.
Our package is publicly available on PyPi.
To install using pip, run the command:
$ pip install envprotecc $ protecc init --search-path .config # Puts the config into a folder to avoid collisionsRuns the static analysis.
$ protecc analyzeWe wanted to create the ultimate tool for finding environment variable leakages - and thats how EnvProtecc was born.
Using a few modest, but useful underlying packages, EnvProtecc is the only dependency you need for env security.
EnvProtecc is a Python package which uses dataflow analysis tools to check for leakages of any of the environment variables. In case leakages are found, they're displayed at runtime after running the analyze command.
EnvProtecc is build on top of pysa, a part of the pyre-check project package (see more about pysa here).
Additionally, since it's a CLI tool, we also make use of click (see more here).
At integration time, we stumbled upon an undocumented pyre-check exception which took roughly 48 hours off our time. (Turned out the fix was elementary, but we were shooting in the dark before getting there).
We wrote an issue on Github about it (link), but the repository seems to be not so well-maintained as there are many open issues without any follow-up discussion at all, including 3 issues which had the same exception code as this one.
- Dataflow and usage of
pyre-check'spysafor static analysis - How to use
click, the python CLI tool - How to submit devpost projects :)
EnvProtecc is published on PyPi and is ready for use. It has no security issues and doesn't need any additional documentation apart from this one.
It's also public on GitHub. Anyone can contribute following our contribution rules and guidelines.