DEV Community

difcn@126.com
difcn@126.com

Posted on • Edited on

AgentGuard — The Python SAST That Actually Fixes Your Code (Now Powered by GLM-5.2)

I scanned 15 popular Python projects for security bugs. The oldest one had the worst issue.

TL;DR

463 findings. 120 critical. The worst offender wasn't some weekend hobby project — it was a library used by the Python Software Foundation. It had eval() in production code. I fixed it.

I ran AgentGuard (65 rules + GLM-5.2 verification) against 15 well-known Python projects. Here's what I found — and what I fixed.

The Setup

$ agentguard scan ./project --tier pro --format json
Enter fullscreen mode Exit fullscreen mode

AgentGuard is an open-source scanner with a twist: GLM-5.2 reviews every finding to filter false positives, then auto-generates fixes. Think Bandit + AI review + auto-fix in one command. GitHub | pip install agentguardp

The Results

15 projects, 1K to 30K lines of Python each:

Project Stars Findings Critical High Top Issue
paramiko 3.5K 185 52 4 Hardcoded keys, path traversal
httpx 13K 55 32 4 Hardcoded secrets, pickle
click 16K 41 0 5 while-True loops, PY050
flask 68K 36 3 12 eval/exec (by design), DEBUG=True
tqdm 28K 30 0 2 SSRF in examples
python-jose 1.7K 27 20 0 Private keys in test fixtures
rich 50K 25 0 0 while-True, weak random
data-diff 3K 25 2 22 MD5, SSRF
httpie 34K 14 0 6 SSRF, SSL verify=False
pydantic 20K 10 5 2 pickle, hardcoded secrets
requests-html 13K 7 5 0 eval() in production
arq 2K 5 0 0 assert statements
tweets_analyzer 3K 2 1 0 Hardcoded API keys (template)
wikipedia 3K 1 0 1 SSRF
m2cgen 3K 0 0 0 Clean!

Total: 463 findings / 120 critical / 58 high

The Best Find: eval() in a PSF Library

requests-html (13K Stars, maintained by the Python Software Foundation) had this in its core:

# requests_html.py:570
def __convert(cookiejar, key):
    try:
        v = eval("cookiejar." + key)  # <-- INJECTION RISK
Enter fullscreen mode Exit fullscreen mode

AgentGuard's GLM-5.2 cloud fix suggested replacing it with getattr():

# After fix
v = getattr(cookiejar, key, None)
Enter fullscreen mode Exit fullscreen mode

I submitted a PR: psf/requests-html#610

Top 5 Most Common Issues

  1. assert for security checks (107) — removed in python -O, check silently disappears
  2. Path traversal (82) — user-controlled paths without validation
  3. Hardcoded secrets (67) — API keys, passwords in source code
  4. Unbounded loops (42) — while True: without timeout
  5. Weak random (24) — random instead of secrets

Why GLM-5.2 Matters

Model F1 Score (Vuln Detection) Cost per Finding
Claude Code 32-37% ~$1.02
GLM-5.2 39% $0.17

GLM-5.2 outperforms Claude Code in security detection at 1/6 the cost. AgentGuard is the first tool to productize this.

Source: Semgrep security evaluation (cybernexora.com, paddo.dev)

The Pipeline

$ agentguard pipeline ./vulnerable.py --mode dry-run

[1/4] Scanning... 6 findings
[2/4] GLM-5.2 verifying... 6 confirmed, 0 rejected
[3/4] Fixing... 4 auto-fixed, 2 need manual review
[4/4] Validating... No new issues introduced
Enter fullscreen mode Exit fullscreen mode

Rules find suspects. GLM-5.2 confirms, fixes, and verifies.

Try It

pip install agentguardp
agentguard scan ./your-project
agentguard pipeline ./src --mode dry-run
Enter fullscreen mode Exit fullscreen mode

14-day Pro trial included. GLM-5.2 cloud fix activates automatically.


Scanned and auto-fixed by AgentGuard + GLM-5.2.

Top comments (0)