def run_analysis(self, path=None):
if path:
self.cfg_create_from_file(path)
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
return find_vulnerabilities(cfg_list, default_blackbox_mapping_file,
default_trigger_word_file)
def run_analysis(self):
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
trigger_word_file = os.path.join('pyt', 'vulnerability_definitions',
'test_positions.pyt')
return find_vulnerabilities(cfg_list, default_blackbox_mapping_file,
trigger_word_file)
def test_find_triggers(self):
self.cfg_create_from_file('examples/vulnerable_code/XSS.py')
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
XSS1 = cfg_list[1]
trigger_words = [Source('get')]
list_ = vulnerabilities.find_triggers(XSS1.nodes,
trigger_words,
nosec_lines=set())
self.assert_length(list_, expected_length=1)
def run_analysis(self, path):
self.cfg_create_from_file(path)
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_function)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
trigger_word_file = os.path.join('pyt', 'vulnerability_definitions',
'all_trigger_words.pyt')
return find_vulnerabilities(cfg_list, default_blackbox_mapping_file,
trigger_word_file)
def test_build_sanitiser_node_dict(self):
self.cfg_create_from_file('examples/vulnerable_code/XSS_sanitised.py')
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
cfg = cfg_list[1]
cfg_node = Node(None, None, line_number=None, path=None)
sink = Sink.from_json('replace', {'sanitisers': ['escape']})
sinks_in_file = [vulnerabilities.TriggerNode(sink, cfg_node)]
sanitiser_dict = vulnerabilities.build_sanitiser_node_dict(cfg, sinks_in_file)
self.assert_length(sanitiser_dict, expected_length=1)
self.assertIn('escape', sanitiser_dict.keys())
self.assertEqual(sanitiser_dict['escape'][0], cfg.nodes[3])
def analyze(file):
files = discover_files([file], "")
nosec_lines = defaultdict(set)
cfg_list = list()
for path in sorted(files):
directory = os.path.dirname(path)
project_modules = get_modules(directory, prepend_module_root=True)
local_modules = get_directory_modules(directory)
tree = generate_ast(path)
cfg = make_cfg(
tree,
project_modules,
local_modules,
path,
allow_local_directory_imports=False
)
cfg_list = [cfg]
framework_route_criteria = is_fastapi_route_function
# Add all the route functions to the cfg_list
FrameworkAdaptor(
cfg_list,
project_modules,
local_modules,
framework_route_criteria
)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
vulnerabilities = find_vulnerabilities(
cfg_list,
default_blackbox_mapping_file,
default_trigger_word_file,
False,
nosec_lines
)
return vulnerabilities
def run_analysis(self, path):
path = os.path.normpath(path)
project_modules = get_modules(os.path.dirname(path))
local_modules = get_directory_modules(os.path.dirname(path))
self.cfg_create_from_file(path, project_modules, local_modules)
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
return find_vulnerabilities(cfg_list, default_blackbox_mapping_file,
default_trigger_word_file)