DeepseekScanner: Python与Deepseek实现代码审计实战

笔记哥 / 04-05 / 20点赞 / 0评论 / 174阅读
一、功能概述 DeepseekScanner实现了扫描源代码项目中的所有代码文件发送给deepseek进行安全审计的功能。具体细节包括扫描所有子目录中的代码文件,然后依次将代码文件切片发送到deepseek api进行智能代码审计。审计结果包含存在安全问题的代码文件、代码位置行数、安全漏洞问题名称、存在安全漏洞的代码块。最后将审计结果保存到文件中方便查阅。 二、具体功能介绍 扫描指定的代码项目目录 ```csharp //支持只扫描指定的文件后缀比如.php 只扫描.php文件 也可以扫描全部的文件类型 def scan_directory(directory, file_types=None, scan_all=False): try: if scan_all: files_to_scan = [os.path.join(root, file) for root, _, files in os.walk(directory) for file in files] else: files_to_scan = [os.path.join(root, file) for root, _, files in os.walk(directory) for file in files if any(file.endswith(ft) for ft in file_types)] # Saving results to file scan_results = [] filename = f"scan_results.txt" directory = "./" filepath = os.path.join(directory, filename) for file_path in tqdm(files_to_scan, desc="Scanning files"): file_scan_results = scan_file(file_path, scan_results, directory) if file_scan_results is not None and len(file_scan_results) > 0: save_results_to_file(filepath, file_scan_results) except Exception as e: print(e) ``` 2.代码文件切片发送给deepseek做安全审计 ```csharp //从项目中的各个目录提取代码文件后,开始对代码进行切片发送给deepseek做安全审计 def scan_file(file_path, scan_results, directory): try: with open(file_path, 'r') as file: content = file.readlines() total_chunks = (len(content) - 1) // 100 + 100 file_scan_results = [] for chunk_start in range(0, len(content), 100): chunk_end = min(chunk_start + 100, len(content)) code_chunk = ''.join(content[chunk_start:chunk_end]) response = analyze_security(code_chunk) if hasattr(response, 'content'): results = response.content elif isinstance(response, dict) and 'content' in response: results = response['content'] else: results = response if results: # Split the result into individual issues using "@@@@", it can be unreliable depending on the output of the model individual_results = results.split('@@@@') for result in individual_results: if "存在风险" in result: try: _, line_numbers, issue_description, code_snippet = result.split(' | ', 3) adjusted_line_numbers = line_numbers.strip() issue_description = issue_description.strip() code_snippet = code_snippet.strip() file_scan_results.append( (file_path, adjusted_line_numbers, issue_description, code_snippet)) except ValueError: continue # Append this file's results to the main scan_results # scan_results.extend(file_scan_results) return file_scan_results except Exception as e: print(e) return None ``` 3.deepseek代码审计功能 ```csharp //严格定义prompt为资深安全专家实现代码安全审计 def analyze_security(content): try: completion = client.chat.completions.create( model="deepseek-chat", # field is not currently used in LM studio messages=[ {"role": "system", "content": '''你是一个安全专家严格分析以下代码片段,检查其中是否存在安全漏洞,请详细分析'''}, {"role": "user", "content": content} ], temperature=0.7, ) return completion.choices[0].message except Exception as e: print(e) return None ``` 三、测试结果 1.命令执行 ```csharp //对项目中的所有代码进行安全审计 python scanner.py E:\work\sqli-secound-order --all ``` 2.结果展示 ![](https://cdn.res.knowhub.vip/c/2504/05/cfd7fa56.png?G1UAAOTcVkxw9wu2iOF0Q2CDZkAii6BSwnq956x9A3x%2fMLLmZ7Q%2bY3%2f4S%2bszQJypuAAjGyqSRiNk1UquSUo1u0jyGgE%3d) 四、总结 DeepseekScanner通过python+deepseek实现了python、php、java等语言项目代码审计,测试效果对于常见的安全问题甄别效果还是可以的,但可能也存在误报、错报等问题,需要再逐一帧对,不断完善。