This repository has been archived by the owner on Oct 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
config.ini
54 lines (50 loc) · 2.27 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
[aura]
log-level = info
# Path to the location of the offline PyPI mirror
# This option can be safely disabled if you don't have a local mirror, some advanced features require this
mirror = /var/pypi_mirror/pypi/web/
# Path to the yara rules for scanning data blobs
# See example_rules.yara for documentation on format and examples
yara-rules = rules.yara
# Path to the semantic rules used by python code analyzer
# See the example_signatures.json for documentation on format and examples
semantic-rules = signatures.json
# This file is needed for typosquatting detections
pypi_stats = pypi_stats.json
# Default minimum score for outputting scan hits
min-score = 10
# You can enable/disable forking for async processing of files here
# Async processing is using the python's multiprocessing module
async = false
# Limit heap size of the process
# 4G
rlimit-memory = 4294967296
# Limit maximum file size the framework can create
# This is also used as a limit when unpacking archive content to prevent for example zip bombs
# 4G
rlimit-fsize = 4294967296
# Aura recursively unpack archives, this specifies the maximum depth of recursion
max-depth = 3
# Set preferred output format for cli commands that supports it
# Supported formats: text, json
output-format = json
# If defined, dedicated log file for exceptions and errors would be created
error-log = "aura_errors.log"
[api_tokens]
# You can define api tokens for integrations here
# Another option is to configure them via an environment variable using:
# AURA_TOKENNAME_TOKEN = "your token"
# List of supported tokens, just uncomment and replace the following lines:
#librariesio = "insert_token_here"
[score]
# Score assigned when a package contain a suspicious file inside such as python bytecode (*.pyc)
contain-suspicious-file = 5
# Score assigned when a package contain a sensitive file inside such as accidently including .pypirc
contain-sensitive-file = 100
[interpreters]
# Configure python interpreters for parsing AST code
# `python2` must point to the py2.7.* version (versions under 2.7 are not supported but might work)
# `python3` must point to the py3.6.* (at least) or ideally py3.7.* due to compatibility
# All other interpreters are optional, AST parsing will try them in the defined order
python2 = /usr/bin/python2
python3 = /usr/bin/python3