Skip to content

HrushiYadav/ragGuard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
ragguard
ragguard
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

RAGGuard

Static security scanner for RAG pipelines. Finds injection vulnerabilities, hardcoded secrets, auth gaps, and more in Python codebases.

Built from real-world security audits of production RAG frameworks.

PyPI License Python

Install

pip install ragsec

Or from source:

git clone https://github.com/HrushiYadav/ragGuard.git
cd ragguard
pip install -e .

Usage

# Terminal output (default)
ragguard scan ./path/to/codebase

# Generate reports
ragguard scan ./path/to/codebase --output report.md --format markdown
ragguard scan ./path/to/codebase --output report.html --format html

# Filter by severity or category
ragguard scan ./path/to/codebase --severity high
ragguard scan ./path/to/codebase --category filter-injection

What it detects

11 scanners covering the most common vulnerability patterns in RAG/LLM codebases:

Scanner Severity CWE What it finds
Filter Injection HIGH CWE-94 f-string interpolation in Milvus, Valkey, Azure, Elasticsearch filter expressions
NoSQL Injection HIGH CWE-943 Unvalidated dict values in MongoDB/Elasticsearch queries
SQL Injection HIGH CWE-89 f-string SQL construction (INSERT, DELETE, SELECT, UPDATE)
Hardcoded Secrets HIGH CWE-798 API keys (OpenAI, AWS, GitHub, GitLab, Slack), hardcoded passwords
SSRF HIGH CWE-918 User-controlled URLs in requests, httpx, aiohttp, urllib
Insecure Deserialization HIGH CWE-502 yaml.load without SafeLoader, marshal, jsonpickle, shelve
Command Injection HIGH CWE-78 os.system/popen with f-strings, subprocess with shell=True
Secret Logging MEDIUM CWE-532 API keys, passwords, connection strings in logger calls
Auth Gaps MEDIUM CWE-306 FastAPI/Flask routes without auth (AST-based), client-controlled user IDs (IDOR)
Insecure TLS MEDIUM CWE-295 verify=False, disabled certificate validation, cleartext HTTP
Resource Safety MEDIUM-HIGH CWE-502 pickle deserialization, zip bombs, tar extraction, eval/exec

Example output

RAGGuard scanning ./my-rag-app

RG-001 [HIGH] Filter injection: Possible filter expression injection
  vector_stores/store.py:42
  > conditions.append(f'(metadata["{key}"] == "{value}")')

RG-002 [HIGH] NoSQL injection: Filter value passed into query
  vector_stores/mongo.py:89
  > filter_dict["payload." + key] = value

RG-003 [HIGH] Hardcoded secret: OpenAI API key
  config.py:12
  > OPENAI_KEY = "sk-proj-abc123..."

      Summary
+------------------+
| Severity | Count |
|----------+-------|
| HIGH     |    12 |
| MEDIUM   |     8 |
| LOW      |     5 |
| Total    |    25 |
+------------------+

HTML Report

Generate a styled HTML report for sharing:

ragguard scan ./my-rag-app --output report.html --format html

Dark theme with severity badges, code snippets, and remediation guidance.

Development

pip install -e .
pytest tests/ -v
ruff check ragguard/

See CONTRIBUTING.md for details on adding new scanners.

License

Apache-2.0

About

Static security scanner for RAG pipelines. Detects injection, secret logging, auth gaps, SSRF, and more in Python codebases.

pypi.org/project/ragsec/

Topics

python security static-analysis cybersecurity devsecops vulnerability-scanner sast rag vector-database llm

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages