kodeagent.pattern_detector

---

Advanced AST-based security pattern detection. This provides a static analysis layer to catch malicious patterns that might bypass LLM review.

analyze_code_patterns	Perform AST-based pattern analysis on code.
SecurityPatternDetector	Detects suspicious patterns in Python code using AST analysis.

Advanced AST-based security pattern detection. This provides a static analysis layer to catch malicious patterns that might bypass LLM review.

class kodeagent.pattern_detector.SecurityPatternDetector

Bases: NodeVisitor

Detects suspicious patterns in Python code using AST analysis. This acts as a backup to LLM-based security review.

The following patterns are detected: - Dangerous builtins (exec, eval, compile, __import__) - Potential obfuscation (base64/hex decoding) - System command execution (subprocess, os.system) - Environment variable access - Infinite loops - Path traversal

Initialize the detector.

visit_Attribute(node: Attribute) → None

Detect suspicious attribute access.

visit_BinOp(node: BinOp) → None

Detect suspicious operations.

visit_Call(node: Call) → None

Detect suspicious function calls.

visit_Constant(node: Constant) → None

Detect suspicious constants.

visit_For(node: For) → None

Detect suspicious loops.

visit_Import(node: Import) → None

Detect suspicious imports.

visit_ImportFrom(node: ImportFrom) → None

Detect suspicious from-imports.

visit_Str(node: Str) → None

Detect suspicious strings (Python < 3.8).

visit_While(node: While) → None

Detect potential infinite loops.

kodeagent.pattern_detector.analyze_code_patterns(code: str) → tuple[bool, str, int]

Perform AST-based pattern analysis on code.

Parameters:

code – Python source code to analyze

Returns:

Tuple of (is_safe, reason, risk_score) - is_safe: False if critical violations found - reason: Description of violations - risk_score: Numeric risk score (0-100)