Add initial set of PQ and AI checks, auth'n/z updates (#573)

* Add initial set of PQ and AI checks, auth'n/z updates * Add Python semantic_kernel. * Add AI tag group to html report * Remove code scope definition from txt rules --------- Co-authored-by: Gabe Stocco <[email protected]>
microsoft · Feb 16, 2024 · 6d539ef · 6d539ef
1 parent 00ad48b
commit 6d539ef
Show file tree

Hide file tree

Showing 12 changed files with 936 additions and 7 deletions.
diff --git a/AppInspector.CLI/preferences/tagreportgroups.json b/AppInspector.CLI/preferences/tagreportgroups.json
@@ -36,6 +36,11 @@
             "searchPattern": "^OS.Process.DynamicExecution.*",
             "displayName": "Dynamic command execution",
             "detectedIcon": "fab fa-audible"
+          },
+          {
+            "searchPattern": "^AI\\..*$",
+            "displayName": "AI",
+            "detectedIcon": "fa-solid fa-robot"
           }
         ]
       },

diff --git a/AppInspector/rules/default/ai/deep_learning.json b/AppInspector/rules/default/ai/deep_learning.json
@@ -0,0 +1,43 @@
+[
+    {
+      "name": "Deep Learning AI Library (requirements.txt)",
+      "id": "AI070040",
+      "description": "Deep Learning AI Library (requirements.txt)",
+      "tags": [
+        "AI.Library.DeepLearning"
+      ],
+      "severity": "unspecified",
+      "applies_to_file_regex": [
+        "requirements\\.txt"
+      ],
+      "patterns": [
+        {
+          "confidence": "high",
+          "pattern": "caffe|chainer|cntk|deepy|keras|keras_cv|mxnet|tensorly|tensor2tensor|torch|torchaudio|torchtext|torchvision",
+          "type": "regexword"
+        }
+      ]
+    },
+    {
+        "name": "Deep Learning AI Library (import)",
+        "id": "AI070041",
+        "description": "Deep Learning AI Library (import)",
+        "tags": [
+          "AI.Library.DeepLearning"
+        ],
+        "severity": "unspecified",
+        "applies_to": [
+          "python"
+        ],
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(from|import)\\s+(caffe|chainer|cntk|deepy|keras|keras_cv|mxnet|tensorly|tensor2tensor|torch|torchaudio|torchtext|torchvision)[^\\s]",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          }
+        ]
+      }
+  ]
diff --git a/AppInspector/rules/default/ai/general.json b/AppInspector/rules/default/ai/general.json
@@ -0,0 +1,35 @@
+[
+    {
+      "name": "Generative AI - General Term",
+      "id": "AI070201",
+      "description": "Generative AI - General Term",
+      "tags": [
+        "AI.Library.GenerativeAI"
+      ],
+      "severity": "unspecified",
+      "patterns": [
+        {
+          "confidence": "high",
+          "pattern": "GAN|Generative Adversarial Network|VAE|Variational Autoencoder|Seq2Seq|Sequence-to-Sequence|Transformer|GAN[0-9]+|Generational Adversarial Network[0-9]+|RNN|Recurrent Neural Network|LSTM|Long Short-Term Memory|GANs|Generational Adversarial Networks|VQ-VAQ|Vector Quantized Variational Autoencoder|DCGAN|Deep Convolutional Generative Adversarial Network",
+          "type": "regexword",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [
+            "i"
+          ]
+        },
+        {
+          "confidence": "high",
+          "pattern": "gpt[-]?[234]",
+          "type": "regexword",
+          "scopes": [
+            "code"
+          ],
+          "modifiers": [
+            "i"
+          ]
+        }
+      ]
+    }
+  ]
diff --git a/AppInspector/rules/default/ai/generative_ai_libraries.json b/AppInspector/rules/default/ai/generative_ai_libraries.json
@@ -0,0 +1,140 @@
+[
+    {
+      "name": "Generative AI Library (requirements.txt)",
+      "id": "AI070001",
+      "description": "Generative AI Library (requirements.txt)",
+      "tags": [
+        "AI.Library.GenerativeAI"
+      ],
+      "severity": "unspecified",
+      "applies_to_file_regex": [
+        "requirements\\.txt"
+      ],
+      "patterns": [
+        {
+          "confidence": "high",
+          "pattern": "adapters|transformers|asteroid|bertopic|diffusers|doctr|espnet|gpt2|fastai|gpt_2_simple|huggingface_hub|openai|textgenrnn|langchain|langchain_community|semantic_kernel|t5|t5x|tensorflow",
+          "type": "regexword"
+        }
+      ],
+      "must-match": [
+        "langchain",
+        "openai==1.6.0"
+      ]
+
+    },
+    {
+        "name": "Generative AI Library (import)",
+        "id": "AI070002",
+        "description": "Generative AI Library (import)",
+        "tags": [
+          "AI.Library.GenerativeAI"
+        ],
+        "severity": "unspecified",
+        "applies_to": [
+          "python"
+        ],
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(from|import)\\s+(adapters|transformers|asteroid|bertopic|diffusers|doctr|espnet|gpt2|fastai|gpt_2_simple|huggingface_hub|openai|textgenrnn|langchain|langchain_community|semantic_kernel|t5|t5x|tensorflow)\\s?",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          },
+          {
+            "confidence": "high",
+            "pattern": "tensorflow|keras|pytorch",
+            "type": "regexword",
+            "scopes": [
+              "code"
+            ]
+          }
+        ],
+        "must-match": [
+          "from tensorflow.keras.layers import Dense, Flatten, Reshape"
+        ]
+      },
+      {
+        "name": "Generative AI Library (*.csproj)",
+        "id": "AI070003",
+        "description": "Generative AI Library (*.csproj)",
+        "tags": [
+          "AI.Library.GenerativeAI"
+        ],
+        "applies_to": [
+            "VSProject"
+        ],
+        "severity": "unspecified",
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(Microsoft\\.SemanticKernel|OpenAI|OpenAI-DotNet|Azure\\.AI\\.OpenAI)",
+            "xpaths": [
+                "/Project/ItemGroup/PackageReference/@Include"
+            ],
+            "type": "regex"
+          }
+        ]
+      },
+      {
+        "name": "Generative AI Library (Semantic Kernel)",
+        "id": "AI070004",
+        "description": "Generative AI Library (Semantic Kernel)",
+        "tags": [
+          "AI.Library.GenerativeAI.SemanticKernel"
+        ],
+        "applies_to": [
+            "csharp"
+        ],
+        "severity": "unspecified",
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "using Microsoft\\.SemanticKernel.*;",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          }
+        ],
+        "must-match": [
+          "using Microsoft.SemanticKernel.Connectors.OpenAI;"
+        ]
+      },
+      {
+        "name": "Generative AI Library (Semantic Kernel)",
+        "id": "AI070005",
+        "description": "Generative AI Library (Semantic Kernel)",
+        "tags": [
+          "AI.Library.GenerativeAI.SemanticKernel"
+        ],
+        "applies_to": [
+            "python"
+        ],
+        "severity": "unspecified",
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(from|import) semantic_kernel",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          },
+          {
+            "confidence": "high",
+            "pattern": "AzureChatCompletion|register_semantic_function|SemanticFunctionConfig|ChatPromptTemplate|PromptTemplateConfig",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          },
+        ],
+        "must-match": [
+          "import semantic_kernel.connectors.ai.open_ai as sk_oai",
+          "pc = sk.PromptTemplateConfig.from_completion_parameters()"
+        ]
+      }
+  ]
diff --git a/AppInspector/rules/default/ai/machine_learning.json b/AppInspector/rules/default/ai/machine_learning.json
@@ -0,0 +1,43 @@
+[
+    {
+      "name": "Machine Learning AI Library (requirements.txt)",
+      "id": "AI070030",
+      "description": "Machine Learning AI Library (requirements.txt)",
+      "tags": [
+        "AI.Library.MachineLearning"
+      ],
+      "severity": "unspecified",
+      "applies_to_file_regex": [
+        "requirements\\.txt"
+      ],
+      "patterns": [
+        {
+          "confidence": "high",
+          "pattern": "sklearn|seaborn|gym|gymnasium|pycaret|xgboost|yellowbrick",
+          "type": "regexword"
+        }
+      ]
+    },
+    {
+        "name": "Machine Learning AI Library (import)",
+        "id": "AI070031",
+        "description": "Machine Learning AI Library (import)",
+        "tags": [
+          "AI.Library.MachineLearning"
+        ],
+        "severity": "unspecified",
+        "applies_to": [
+          "python"
+        ],
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(from|import)\\s+(sklearn|seaborn|gym|gymnasium|pycaret|xgboost|yellowbrick)[^\\s]",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          }
+        ]
+      }
+  ]
diff --git a/AppInspector/rules/default/ai/neural_networks.json b/AppInspector/rules/default/ai/neural_networks.json
@@ -0,0 +1,43 @@
+[
+    {
+      "name": "Neural Network AI Library (requirements.txt)",
+      "id": "AI070010",
+      "description": "Neural Network AI Library (requirements.txt)",
+      "tags": [
+        "AI.Library.NeuralNetwork"
+      ],
+      "severity": "unspecified",
+      "applies_to_file_regex": [
+        "requirements\\.txt"
+      ],
+      "patterns": [
+        {
+          "confidence": "high",
+          "pattern": "blocks|pylearn2|lasagne|onnx",
+          "type": "regexword"
+        }
+      ]
+    },
+    {
+        "name": "Neural Network AI Library (import)",
+        "id": "AI070011",
+        "description": "Neural Network AI Library (import)",
+        "tags": [
+          "AI.Library.NeuralNetwork"
+        ],
+        "severity": "unspecified",
+        "applies_to": [
+          "python"
+        ],
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(from|import)\\s+(blocks|pylearn2|lasagne|onnx)[^\\s]",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          }
+        ]
+      }
+  ]
diff --git a/AppInspector/rules/default/ai/nlp.json b/AppInspector/rules/default/ai/nlp.json
@@ -0,0 +1,43 @@
+[
+    {
+      "name": "NLP AI Library (requirements.txt)",
+      "id": "AI070020",
+      "description": "NLP AI Library (requirements.txt)",
+      "tags": [
+        "AI.Library.NLP"
+      ],
+      "severity": "unspecified",
+      "applies_to_file_regex": [
+        "requirements\\.txt"
+      ],
+      "patterns": [
+        {
+          "confidence": "high",
+          "pattern": "allennlp|cltk|corenlp|flair|gensim|keras_nlp|nlp_architect|nltk|polyglot|pynlpl|quepy|spacy|textblob",
+          "type": "regexword"
+        }
+      ]
+    },
+    {
+        "name": "NLP AI Library (import)",
+        "id": "AI070021",
+        "description": "NLP AI Library (import)",
+        "tags": [
+          "AI.Library.NLP"
+        ],
+        "severity": "unspecified",
+        "applies_to": [
+          "python"
+        ],
+        "patterns": [
+          {
+            "confidence": "high",
+            "pattern": "(from|import)\\s+(allennlp|cltk|corenlp|flair|gensim|keras_nlp|nlp_architect|nltk|polyglot|pynlpl|quepy|spacy|textblob)[^\\s]",
+            "type": "regex",
+            "scopes": [
+              "code"
+            ]
+          }
+        ]
+      }
+  ]