def visit_FunctionDef(self, node): if node.name in functions: node.name += '¤' functions[node.name] = len(node.body) for n in node.body: self.visit(n) def visit_ClassDef(self, node): if node.name in classes: node.name += '¤' classes[node.name] = len(node.body) for n in node.body: self.visit(n) if __name__ == '__main__': module_paths = (m[1] for m in get_python_modules('../flaskbb/flaskbb')) for p in module_paths: print(p) t = generate_ast(p) c = Counter() c.visit(t) max_func_len = max(functions.values()) max_class_len = max(classes.values()) restore_stuff = 6 #varies print(len(function_calls)) print('estimate stuff: ', max_func_len * len(function_calls)) print('estimate stuff: ', max_class_len * len(function_calls))
def test_import_from(self): path = '../example/import_test/import_from.py' tree = generate_ast(path) v = Visitor(tree, get_python_modules(path), get_directory_modules(path), path)
import os import sys sys.path.insert(0, os.path.abspath('../pyt')) from cfg import CFG, print_CFG, generate_ast ast = generate_ast('example_inputs/example.py') cfg = CFG() cfg.create(ast) print_CFG(cfg)
args = parser.parse_args() if __name__ == '__main__': log.set_logger(args.log_level, show_path=False) path = os.path.normpath(args.filepath) directory = None if args.project_root: directory = os.path.normpath(args.project_root) else: directory = os.path.dirname(path) project_modules = get_python_modules(directory) local_modules = get_directory_modules(directory) tree = generate_ast(path) cfg = build_cfg(tree, project_modules, local_modules, path) cfg_list = [cfg] adaptor_type = FlaskAdaptor(cfg_list, project_modules, local_modules) analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis) vulnerability_log = None if args.trigger_word_file: vulnerability_log = find_vulnerabilities(cfg_list, args.trigger_word_file) else: vulnerability_log = find_vulnerabilities(cfg_list)
def analyse(cfg_list, *, analysis_type): """Analyse a list of control flow graphs with a given analysis type.""" for cfg in cfg_list: analysis = FixedPointAnalysis(cfg, analysis_type) analysis.fixpoint_runner() if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('filename', help='Filename of the file that should be analysed.', type=str) parser.add_argument('-l', '--liveness', help='Toggle liveness analysis.', action='store_true') parser.add_argument('-r', '--reaching', help='Toggle reaching definitions analysis', action='store_true') args = parser.parse_args() tree = generate_ast(args.filename) cfg = CFG() cfg.create(tree) def run_analysis(cfg, analysis_type): analysis = fixed_point_analysis(cfg, analysis_type) analysis.fixpoint_runner() for cfg_node in cfg.nodes: print(cfg_node) print(cfg_node.new_constraint) if args.liveness: run_analysis(cfg, LivenessAnalysis) if args.reaching: run_analysis(cfg, ReachingDefinitionsAnalysis)