一、功能概述
DeepseekScanner实现了扫描源代码项目中的所有代码文件发送给deepseek进行安全审计的功能。具体细节包括扫描所有子目录中的代码文件,然后依次将代码文件切片发送到deepseek api进行智能代码审计。审计结果包含存在安全问题的代码文件、代码位置行数、安全漏洞问题名称、存在安全漏洞的代码块。最后将审计结果保存到文件中方便查阅。
二、具体功能介绍
扫描指定的代码项目目录
//支持只扫描指定的文件后缀比如.php 只扫描.php文件 也可以扫描全部的文件类型
def scan_directory(directory, file_types=None, scan_all=False):
try:
if scan_all:
files_to_scan = [os.path.join(root, file) for root, _, files in os.walk(directory) for file in files]
else:
files_to_scan = [os.path.join(root, file) for root, _, files in os.walk(directory) for file in files if
any(file.endswith(ft) for ft in file_types)]
# Saving results to file
scan_results = []
filename = f"scan_results.txt"
directory = "./"
filepath = os.path.join(directory, filename)
for file_path in tqdm(files_to_scan, desc="Scanning files"):
file_scan_results = scan_file(file_path, scan_results, directory)
if file_scan_results is not None and len(file_scan_results) > 0:
save_results_to_file(filepath, file_scan_results)
except Exception as e:
print(e)2.代码文件切片发送给deepseek做安全审计
//从项目中的各个目录提取代码文件后,开始对代码进行切片发送给deepseek做安全审计
def scan_file(file_path, scan_results, directory):
try:
with open(file_path, 'r') as file:
content = file.readlines()
total_chunks = (len(content) - 1) // 100 + 100
file_scan_results = []
for chunk_start in range(0, len(content), 100):
chunk_end = min(chunk_start + 100, len(content))
code_chunk = ''.join(content[chunk_start:chunk_end])
response = analyze_security(code_chunk)
if hasattr(response, 'content'):
results = response.content
elif isinstance(response, dict) and 'content' in response:
results = response['content']
else:
results = response
if results:
# Split the result into individual issues using "@@@@", it can be unreliable depending on the output of the model
individual_results = results.split('@@@@')
for result in individual_results:
if "存在风险" in result:
try:
_, line_numbers, issue_description, code_snippet = result.split(' | ', 3)
adjusted_line_numbers = line_numbers.strip()
issue_description = issue_description.strip()
code_snippet = code_snippet.strip()
file_scan_results.append(
(file_path, adjusted_line_numbers, issue_description, code_snippet))
except ValueError:
continue
# Append this file's results to the main scan_results
# scan_results.extend(file_scan_results)
return file_scan_results
except Exception as e:
print(e)
return None3.deepseek代码审计功能
//严格定义prompt为资深安全专家实现代码安全审计
def analyze_security(content):
try:
completion = client.chat.completions.create(
model="deepseek-chat", # field is not currently used in LM studio
messages=[
{"role": "system", "content": '''你是一个安全专家严格分析以下代码片段,检查其中是否存在安全漏洞,请详细分析'''},
{"role": "user", "content": content}
],
temperature=0.7,
)
return completion.choices[0].message
except Exception as e:
print(e)
return None三、测试结果
1.命令执行
//对项目中的所有代码进行安全审计
python scanner.py E:\work\sqli-secound-order --all2.结果展示
四、总结
DeepseekScanner通过python+deepseek实现了python、php、java等语言项目代码审计,测试效果对于常见的安全问题甄别效果还是可以的,但可能也存在误报、错报等问题,需要再逐一帧对,不断完善。感兴趣的朋友可以在公众号回复"deepseekscanner"下载完整项目进行测试,包含代码项目和提供测试的漏洞代码项目。
