def get_sink_node(sink, sink_apis, all_sinks):
# The sink name may not be in apis, but in all_sinks
sink_node = AstNode()
info = get_matching_info(node=sink, info_nodes=all_sinks)
if not info:
return sink_node
sink_node.type = AstNode.FUNCTION_DECL_REF_EXPR
# set the name and other information
api = get_matching_api(node=sink, apis=sink_apis)
if api:
sink_node.id = api.id
sink_node.name = api.name
sink_node.base_type = api.base_type
sink_node.full_name = api.full_name
sink_node.source = sink['name']
else:
sink_node.name = info['name']
if 'instanceof' in info:
sink_node.base_type = info['instanceof']
sink_node.full_name = get_progpilot_name(entry=info)
sink_node.source = sink['name']
# set the location
sink_file_info = FileInfo()
sink_file_info.filename = basename(sink['file'])
sink_file_info.relpath = dirname(sink['file'])
sink_node.range.start.row = sink['row']
sink_node.range.start.column = sink['column']
sink_node.range.start.file_info.CopyFrom(sink_file_info)
sink_node.range.end.CopyFrom(sink_node.range.start)
return sink_node
def get_source_node(src, source_apis, all_sources):
# The source name may not be in apis, but in all_sources
source_node = AstNode()
info = get_matching_info(node=src, info_nodes=all_sources, fuzzy=True)
if not info:
return source_node
if 'is_function' in info and info['is_function']:
source_node.type = AstNode.FUNCTION_DECL_REF_EXPR
else:
source_node.type = AstNode.VARIABLE_DECL_REF_EXPR
# set the name and other information
api = get_matching_api(node=src, apis=source_apis, fuzzy=True)
if api:
source_node.id = api.id
source_node.name = api.name
source_node.base_type = api.base_type
source_node.full_name = api.full_name
source_node.source = src['name']
else:
source_node.name = info['name']
if 'instanceof' in info:
source_node.base_type = info['instanceof']
source_node.full_name = get_progpilot_name(entry=info)
source_node.source = src['name']
# set the location
source_file_info = FileInfo()
source_file_info.filename = basename(src['file'])
source_file_info.relpath = dirname(src['file'])
source_node.range.start.row = src['row']
source_node.range.start.column = src['column']
source_node.range.start.file_info.CopyFrom(source_file_info)
source_node.range.end.CopyFrom(source_node.range.start)
return source_node
def _get_api_result(base, name, args, source_text, source_range, filepb):
api_result = AstNode()
api_result.type = ast_pb2.AstNode.FUNCTION_DECL_REF_EXPR
api_result.name = name
if base is None:
api_result.full_name = name
else:
api_result.base_type = base
api_result.full_name = '%s.%s' % (base, name)
for arg in args:
api_result.arguments.append(arg)
api_result.source = source_text
source_start, source_end = source_range
api_result.range.start.row = source_start[0]
api_result.range.start.column = source_start[1]
api_result.range.start.file_info.CopyFrom(filepb)
api_result.range.end.row = source_end[0]
api_result.range.end.column = source_end[1]
api_result.range.end.file_info.CopyFrom(filepb)
return api_result
def get_sink_node(sink):
sink_node = AstNode()
if sink['user_input']:
sink_node.full_name = sink['user_input']
if sink['code']:
sink_node.source = sink['code']
sink_file_info = FileInfo()
if sink['file']:
sink_file_info.filename = basename(sink['file'])
sink_file_info.relpath = dirname(sink['file'])
if sink['row']:
sink_node.range.start.row = sink['row']
sink_node.range.start.file_info.CopyFrom(sink_file_info)
return sink_node
def get_source_node(src, apis, source_dict, vuln_files_ASTs):
source_node = AstNode()
# search apis dictionary to find source_node.name in values
# invocation detail
source_node.type = AstNode.FUNCTION_DECL_REF_EXPR
#source_node.name = next(entry.name for entry in config.apis if entry.id == id)
temp = src.sensitive_api
stripped_name = temp.replace('(', '').replace('[', '')
source_node.name = stripped_name
id = -1
for key, val in source_dict.items():
if source_node.name in val:
id = key
source_node.full_name = next(entry.full_name for entry in apis
if entry.id == id)
source_node.base_type = next(entry.base_type for entry in apis
if entry.id == id)
source_node.id = id
source_node.source_type = next(entry.source_type for entry in apis
if entry.id == id)
# use ast to parse out arguments
tree, asttok = vuln_files_ASTs[src.path]
visitor = PythonVisitor(asttok=asttok)
src_arglist = []
visitor.specify_search(src.line_number, src.sensitive_api, src_arglist,
True)
visitor.visit(tree)
source_node.arguments.extend(src_arglist)
# source code location
source_file_info = FileInfo()
source_file_info.filename = basename(src.path)
source_file_info.relpath = dirname(src.path)
source_node.range.start.row = src.line_number
# source_node.range.start.column = 20 # OPTIONAL
source_node.range.start.file_info.CopyFrom(source_file_info)
source_node.range.end.row = src.line_number
# source_node.range.end.column = 40 # OPTIONAL
source_node.range.end.file_info.CopyFrom(source_file_info)
return source_node
def get_sink_node(snk, apis, sink_dict, vuln_files_ASTs):
sink_node = AstNode()
# invocation detail
sink_node.type = AstNode.FUNCTION_DECL_REF_EXPR
temp = snk.sensitive_api
stripped_name = temp.replace('(', '').replace('[', '')
sink_node.name = stripped_name
id = -1
for key, val in sink_dict.items():
#print "sink_node.name = ", sink_node.name
#print "name = ", val
if sink_node.name in val:
id = key
sink_node.full_name = next(entry.full_name for entry in apis
if entry.id == id)
sink_node.base_type = next(entry.base_type for entry in apis
if entry.id == id)
sink_node.id = id
sink_node.sink_type = next(entry.sink_type for entry in apis
if entry.id == id)
# use ast to parse out arguments
tree, asttok = vuln_files_ASTs[snk.path]
visitor = PythonVisitor(asttok=asttok)
snk_arglist = []
visitor.specify_search(snk.line_number, snk.sensitive_api, snk_arglist,
True)
visitor.visit(tree)
sink_node.arguments.extend(snk_arglist)
# source code location
sink_file_info = FileInfo()
sink_file_info.filename = basename(snk.path)
sink_file_info.relpath = dirname(snk.path)
sink_node.range.start.row = snk.line_number
# sink_node.range.start.column = 8 # OPTIONAL
sink_node.range.start.file_info.CopyFrom(sink_file_info)
sink_node.range.end.row = snk.line_number
# sink_node.range.end.column = 100 # OPTIONAL
sink_node.range.end.file_info.CopyFrom(sink_file_info)
return sink_node
def get_mock_danger_node():
danger_node = AstNode()
danger_node.type = AstNode.FUNCTION_DECL_REF_EXPR
danger_node.name = "exec"
danger_node.full_name = "subprocess.exec"
danger_node.base_type = "subprocess"
danger_node.arguments.extend(["\"rm\"", "\"-rf\"", "\"/\""])
# TODO: look up the id in the config protobuf
danger_node.id = 66
# source code location
danger_file_info = FileInfo()
danger_file_info.filename = "danger_filename.py"
danger_file_info.relpath = "relpath/to/dir"
danger_node.range.start.row = 888
danger_node.range.start.column = 0
danger_node.range.start.file_info.CopyFrom(danger_file_info)
danger_node.range.end.row = 888
danger_node.range.end.column = 99
danger_node.range.end.file_info.CopyFrom(danger_file_info)
return danger_node
def get_mock_source_node():
source_node = AstNode()
# invocation detail
source_node.type = AstNode.FUNCTION_DECL_REF_EXPR
source_node.name = "read"
source_node.full_name = "file.read"
source_node.base_type = "file"
source_node.arguments.extend(["\"/home/maloss/.ssh/id_rsa\"", "\"r\""])
# TODO: look up the id in the config protobuf
source_node.id = 22
# source code location
source_file_info = FileInfo()
source_file_info.filename = "source_filename.py"
source_file_info.relpath = "relpath/to/dir"
source_node.range.start.row = 10
source_node.range.start.column = 20
source_node.range.start.file_info.CopyFrom(source_file_info)
source_node.range.end.row = 10
source_node.range.end.column = 40
source_node.range.end.file_info.CopyFrom(source_file_info)
return source_node
def get_mock_sink_node():
sink_node = AstNode()
# invocation detail
sink_node.type = AstNode.FUNCTION_DECL_REF_EXPR
sink_node.name = "send"
sink_node.full_name = "network.send"
sink_node.base_type = "network"
sink_node.arguments.extend(
["\"https://www.malicious.com\"", "\"non-blocking\""])
# TODO: look up the id in the config protobuf
sink_node.id = 88
# source code location
sink_file_info = FileInfo()
sink_file_info.filename = "sink_filename.py"
sink_file_info.relpath = "relpath/to/dir"
sink_node.range.start.row = 200
sink_node.range.start.column = 8
sink_node.range.start.file_info.CopyFrom(sink_file_info)
sink_node.range.end.row = 200
sink_node.range.end.column = 100
sink_node.range.end.file_info.CopyFrom(sink_file_info)
return sink_node