Skip to content

Add CLI security review app for Chrome and WhatsApp#6

Open
umakarem82 wants to merge 1 commit into
codex/handle-connections-and-report-statusfrom
codex/create-security-review-application
Open

Add CLI security review app for Chrome and WhatsApp#6
umakarem82 wants to merge 1 commit into
codex/handle-connections-and-report-statusfrom
codex/create-security-review-application

Conversation

@umakarem82

@umakarem82 umakarem82 commented May 10, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Owner

Motivation

  • Provide a lightweight, repeatable CLI tool to perform quick security reviews of Chrome extensions and WhatsApp integrations.

Description

  • Add security_review_app.py, a CLI questionnaire that contains targeted control sets under REVIEW_QUESTIONS for chrome and whatsapp.
  • Implement interactive prompting via ask_boolean, weighted scoring, and a grade function that maps scores to LOW RISK/MODERATE RISK/HIGH RISK.
  • Support both human-readable summary output and machine-readable output via --json which emits a structured report object.

Testing

  • Ran python3 -m py_compile security_review_app.py and the file compiled without errors.
  • Ran python3 security_review_app.py --help and the CLI printed the expected usage/help text.

Codex Task

Note

Low Risk
Adds a standalone CLI script with interactive input and JSON output; no existing production logic is modified. Risk is low, mainly around usability/maintainability of the questionnaire/scoring thresholds.

Overview
Introduces security_review_app.py, a standalone interactive CLI questionnaire for Chrome extensions and WhatsApp integrations with weighted questions and a simple score-to-risk grading (LOW/MODERATE/HIGH).

Supports both a terminal summary and a --json mode that emits a structured report including score, risk rating, and passed/failed controls.

Reviewed by Cursor Bugbot for commit 2071da7. Bugbot is set up for automated code reviews on this repo. Configure here.

cursor[bot]
cursor Bot reviewed May 10, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 2071da7. Configure here.

Comment thread security_review_app.py
score = 0
max_score = sum(q.weight for q in questions)

print(f"Security Review: {args.target.title()}\n")

@cursor cursor Bot May 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JSON output polluted by stdout print statements

High Severity

When --json is used, the print() on line 76 ("Security Review: ...") and the print("Please enter y or n.") in ask_boolean both write to stdout before the JSON blob is emitted. This makes the --json output invalid — any downstream tool parsing stdout as JSON will fail. The header print is unconditionally called regardless of the --json flag, and the retry prompt in ask_boolean also goes to stdout.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 2071da7. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@umakarem82