master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
1.5 KiB
1.5 KiB
Entry-Point Runtime — Python
Signals to gather
argv0equalspython,python3,pypy, or an interpreter symlink.- WSGI/ASGI servers:
gunicorn,uvicorn,hypercorn,daphne. - Task runners:
celery -A app worker,rq worker,pytest. - Presence of
requirements.txt,pyproject.toml,setup.cfg, orPipfile. PYTHONPATH,PYTHONUNBUFFERED,DJANGO_SETTINGS_MODULE,FLASK_APP, or application-specific env vars.- Virtualenv detection (
/venv/bin/python,pyvenv.cfg).
Implementation notes
- When invoked as
python -m module, resolve the module to a path if possible. - For WSGI/ASGI servers, inspect command arguments (
app:app,module:create_app) and config files. - Recognise wrapper scripts such as
docker-entrypoint.pythat eventuallyexec "$@". - Support zipped apps or single-file bundles by checking
zipappsignatures.
Evidence & scoring
- Increase confidence when module or script exists and dependencies are present.
- Capture evidence for env variables, config files, or known server arguments.
- Penalise ambiguous invocations (e.g.,
python -c "..."without persistent service).
Edge cases
- Supervisors launching multiple Python workers fall back to
Supervisorclassification with Python listed as child. - Conda environments use different directory structures; look for
conda-metadirectories. - Alpine distroless images may ship
pythonsymlinks without standard libs—ensure script presence before final classification.