def test_get_modules_no_prepend_root(self): project_folder = os.path.normpath(os.path.join('examples', 'test_project')) folder = 'folder' directory = 'directory' modules = get_modules(project_folder, prepend_module_root=False) app_path = os.path.join(project_folder, 'app.py') __init__path = os.path.join(project_folder, folder) indhold_path = os.path.join(project_folder, folder, directory, 'indhold.py') app_name = 'app' __init__name = folder indhold_name = folder + '.' + directory + '.indhold' app_tuple = (app_name, app_path) __init__tuple = (__init__name, __init__path) indhold_tuple = (indhold_name, indhold_path) self.assertIn(app_tuple, modules) self.assertIn(__init__tuple, modules) self.assertIn(indhold_tuple, modules) self.assertEqual(len(modules), 6)
def analyze(file): files = discover_files([file], "") nosec_lines = defaultdict(set) cfg_list = list() for path in sorted(files): directory = os.path.dirname(path) project_modules = get_modules(directory, prepend_module_root=True) local_modules = get_directory_modules(directory) tree = generate_ast(path) cfg = make_cfg( tree, project_modules, local_modules, path, allow_local_directory_imports=False ) cfg_list = [cfg] framework_route_criteria = is_fastapi_route_function # Add all the route functions to the cfg_list FrameworkAdaptor( cfg_list, project_modules, local_modules, framework_route_criteria ) initialize_constraint_table(cfg_list) analyse(cfg_list) vulnerabilities = find_vulnerabilities( cfg_list, default_blackbox_mapping_file, default_trigger_word_file, False, nosec_lines ) return vulnerabilities
def run_analysis(self, path): path = os.path.normpath(path) project_modules = get_modules(os.path.dirname(path)) local_modules = get_directory_modules(os.path.dirname(path)) self.cfg_create_from_file(path, project_modules, local_modules) cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) initialize_constraint_table(cfg_list) analyse(cfg_list) return find_vulnerabilities(cfg_list, default_blackbox_mapping_file, default_trigger_word_file)
def test_get_modules(self): project_folder = os.path.normpath( os.path.join('examples', 'test_project')) project_namespace = 'test_project' folder = 'folder' directory = 'directory' modules = get_modules(project_folder) app_path = os.path.join(project_folder, 'app.py') utils_path = os.path.join(project_folder, 'utils.py') exceptions_path = os.path.join(project_folder, 'exceptions.py') some_path = os.path.join(project_folder, folder, 'some.py') __init__path = os.path.join(project_folder, folder) indhold_path = os.path.join(project_folder, folder, directory, 'indhold.py') # relative_folder_name = '.' + folder app_name = project_namespace + '.' + 'app' utils_name = project_namespace + '.' + 'utils' exceptions_name = project_namespace + '.' + 'exceptions' some_name = project_namespace + '.' + folder + '.some' __init__name = project_namespace + '.' + folder indhold_name = project_namespace + '.' + folder + '.' + directory + '.indhold' app_tuple = (app_name, app_path) utils_tuple = (utils_name, utils_path) exceptions_tuple = (exceptions_name, exceptions_path) some_tuple = (some_name, some_path) __init__tuple = (__init__name, __init__path) indhold_tuple = (indhold_name, indhold_path) self.assertIn(app_tuple, modules) self.assertIn(utils_tuple, modules) self.assertIn(exceptions_tuple, modules) self.assertIn(some_tuple, modules) self.assertIn(__init__tuple, modules) self.assertIn(indhold_tuple, modules) self.assertEqual(len(modules), 6)