Ejemplo n.º 1
0
 def analysisForm():
     form = MyForm()
     profileJson = profiles.getProfiles()
     form.source_code.data = form.source_code.data or defaultCode
     return render_template('analysis.html',
                            profiles=profileJson,
                            form=form)
Ejemplo n.º 2
0
 def analyzeEndpoint():
     form = MyForm()
     if form.validate_on_submit():
         profile = request.form.get('profile')
         start = time.time()
         CFGForest, taintedSink, stats, err = analyze(
             form.source_code.data, profile)
         end = time.time()
         timetaken = (end - start)
         if err:
             return json.dumps({"error": err.message}), 400
         sinks = []
         profileJson = profiles.getProfiles()
         if profile in profileJson:
             profile = profileJson[profile]
         for sink in taintedSink:
             sinkDict = dict()
             sinkDict['startLine'] = sink.startLine
             sinkDict['endLine'] = sink.endLine
             sinkDict['state'] = sink.state
             sinks.append(sinkDict)
         graph = ""
         if CFGForest:
             graphviz = Source(CFGForest.generateGraphViz(True))
             graphviz.format = 'svg'
             graph = graphviz.pipe().decode('utf-8')
     return json.dumps({
         'sinks': sinks,
         'graph': graph,
         'stats': stats,
         'profile': profile,
         'timetaken': timetaken
     })
Ejemplo n.º 3
0
 def viewProfile():
     profile = request.args.get('name')
     moduleList = modules.getModules()
     traversalList = modules.getTraversals()
     profileJson = profiles.getProfiles()
     if profile in profileJson:
         return render_template('profile.html',
                                traversals=traversalList,
                                modules=moduleList,
                                profile=profileJson[profile],
                                name=profile)
     else:
         return json.dumps({"error": "something went wrong."}), 400
Ejemplo n.º 4
0
def analyze(input, profile):
    (fd, filename) = tempfile.mkstemp()
    engine = PHPEngine()
    try:
        tfile = os.fdopen(fd, "wb")
        tfile.write(input.encode("utf-8"))
        tfile.close()

        profileMap = profiles.getProfiles()
        if profile in profileMap:
            profile = profileMap[profile]
        else:
            return None, [], {}, False

        stats = dict()
        taintedSink = []
        CFGForest = engine.generateCFG(filename)
        for i, traversal in enumerate(profile):
            stats[i] = dict()
            traversalName = traversal['traversal']
            traverser = __import__("Traverser.%s" % traversalName)
            traverser = traverser.__dict__[traversalName].__dict__[
                traversalName]()
            modules = []
            for module in traversal['modules']:
                temp = importlib.import_module(module[0])
                className = getAnalyzerClassName(temp)
                name = temp.name
                temp = temp.__dict__[className]()
                modules.append({'module': name, 'object': temp})
                traverser.addVisitor(temp)
            try:
                CFGForest = traverser.traverseForest(CFGForest)
            finally:
                for x, module in enumerate(modules):
                    stats[i][x] = module['object'].analyzedLines.keys()
                    if "taintedSink" in module['object'].__dict__:
                        taintedSink = module['object'].taintedSink

        return CFGForest, taintedSink, stats, False
    except Exception as e:
        print e
        return None, [], {}, e
    finally:
        os.remove(filename)
Ejemplo n.º 5
0
 def editProfile():
     profileName = request.form.get('profileName')
     delete = request.form.get('delete')
     module = request.form.get('module')
     traversal = request.form.get('traversal')
     profileJson = profiles.getProfiles()
     if profileName not in profileJson:
         return json.dumps({"error": "something went wrong."}), 400
     profile = profileJson[profileName]
     if delete == None:
         if module != None:
             temp = importlib.import_module("Module.%s" % module)
             className = getAnalyzerClassName(temp)
             if len(profile) == 0:
                 return json.dumps({"error": "Add a traversal first."}), 400
             profile[-1]['modules'].append(
                 ("Module.%s" % module, temp.name))
             if profiles.updateProfile(profileName, profile):
                 return ""
         elif traversal != None:
             profile.append({'traversal': traversal, 'modules': []})
             if profiles.updateProfile(profileName, profile):
                 return ""
     else:
         if module != None:
             traversal = int(traversal)
             module = int(module)
             if traversal <= len(
                     profile
             ) and traversal > 0 and module > 0 and module <= len(
                     profile[traversal - 1]['modules']):
                 del profile[traversal - 1]['modules'][module - 1]
                 print profile
                 if profiles.updateProfile(profileName, profile):
                     return ""
         elif traversal != None:
             traversal = int(traversal)
             if traversal <= len(profile) and traversal > 0:
                 del profile[traversal - 1]
                 if profiles.updateProfile(profileName, profile):
                     return ""
     return json.dumps({"error": "something went wrong."})
Ejemplo n.º 6
0
 def showProfiles():
     profileJson = profiles.getProfiles()
     return render_template('profiles.html', profiles=profileJson)