def test_find_vulnerabilities_sanitised(self):
self.cfg_create_from_file('../example/vulnerable_code/XSS_sanitised.py')
cfg_list = [self.cfg]
FlaskAdaptor(cfg_list, [], [])
analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)
vulnerability_log = vulnerabilities.find_vulnerabilities(cfg_list)
self.assert_length(vulnerability_log.vulnerabilities, expected_length=1)
def main(self, dirname): # noqa: C901
command_line_args = [dirname, "-oVulnerabilityResultsTemp.txt", "-r"]
args = parse_args(command_line_args)
logging_level = (logging.ERROR if not args.verbose else
logging.WARN if args.verbose == 1 else
logging.INFO if args.verbose == 2 else logging.DEBUG)
logging.basicConfig(level=logging_level,
format='[%(levelname)s] %(name)s: %(message)s')
files = discover_files(args.targets, args.excluded_paths,
args.recursive)
nosec_lines = defaultdict(set)
if args.project_root:
directory = os.path.normpath(args.project_root)
project_modules = get_modules(
directory, prepend_module_root=args.prepend_module_root)
cfg_list = list()
for path in sorted(files):
print(path)
log.info("Processing %s", path)
try:
if not args.ignore_nosec:
nosec_lines[path] = retrieve_nosec_lines(path)
if not args.project_root:
directory = os.path.dirname(path)
project_modules = get_modules(
directory,
prepend_module_root=args.prepend_module_root)
local_modules = get_directory_modules(directory)
tree = generate_ast(path)
connection_checker = ConnectionChecker()
if True: # connection_checker.check_for_connection(tree):
print("file passed connection check")
cfg = make_cfg(
tree,
project_modules,
local_modules,
path,
allow_local_directory_imports=args.allow_local_imports)
print("cfg made")
# draw.draw_cfg(cfg, "test_output")
cfg_list = [cfg]
framework_route_criteria = is_function # is_user_input_function
# Add all the route functions to the cfg_list
FrameworkAdaptor(cfg_list, project_modules, local_modules,
framework_route_criteria)
self.S += 1
'''
with open("result_cfg.txt", "w") as outFile:
for def_cfg in cfg_list:
outFile.write("New cfg in cfg_list \n")
outFile.write(def_cfg.__repr__())
'''
except Exception as err:
print("There was an error : " + "[" + str(path) + "] " +
str(err))
traceback.print_exc()
self.F += 1
initialize_constraint_table(cfg_list)
log.info("Analysing")
print("Analysing")
analyse(cfg_list)
log.info("Finding vulnerabilities")
print("Finding vulnerabilities")
vulnerabilities = find_vulnerabilities(cfg_list,
args.blackbox_mapping_file,
args.trigger_word_file,
args.interactive, nosec_lines)
if args.baseline:
vulnerabilities = get_vulnerabilities_not_in_baseline(
vulnerabilities, args.baseline)
args.formatter.report(vulnerabilities, args.output_file,
not args.only_unsanitised)
args.output_file.close()
has_unsanitised_vulnerabilities = any(
not isinstance(v, SanitisedVulnerability) for v in vulnerabilities)
if has_unsanitised_vulnerabilities:
print("There are unsanitised vulnerabilities in " + dirname)
directory = os.path.dirname(path)
project_modules = get_python_modules(directory)
local_modules = get_directory_modules(directory)
tree = generate_ast(path)
cfg = build_cfg(tree, project_modules, local_modules, path)
cfg_list = [cfg]
adaptor_type = FlaskAdaptor(cfg_list, project_modules, local_modules)
analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)
vulnerability_log = None
if args.trigger_word_file:
vulnerability_log = find_vulnerabilities(cfg_list,
args.trigger_word_file)
else:
vulnerability_log = find_vulnerabilities(cfg_list)
vulnerability_log.print_report()
if args.draw_cfg:
if args.output_filename:
draw_cfgs(cfg_list, args.output_filename)
else:
draw_cfgs(cfg_list)
if args.print:
for i, e in enumerate(cfg_list):
print('############## CFG number: ', i)
print(e)
if args.verbose_print:
def main(dirname): # noqa: C901
global S
global F
command_line_args = [dirname, "-r"]
args = parse_args(command_line_args)
logging_level = (logging.ERROR
if not args.verbose else logging.WARN if args.verbose == 1
else logging.INFO if args.verbose == 2 else logging.DEBUG)
logging.basicConfig(level=logging_level,
format='[%(levelname)s] %(name)s: %(message)s')
files = discover_files(args.targets, args.excluded_paths, args.recursive)
nosec_lines = defaultdict(set)
if args.project_root:
directory = os.path.normpath(args.project_root)
project_modules = get_modules(
directory, prepend_module_root=args.prepend_module_root)
cfg_list = list()
for path in sorted(files):
print(path)
log.info("Processing %s", path)
if not args.ignore_nosec:
nosec_lines[path] = retrieve_nosec_lines(path)
if not args.project_root:
directory = os.path.dirname(path)
project_modules = get_modules(
directory, prepend_module_root=args.prepend_module_root)
local_modules = get_directory_modules(directory)
tree = generate_ast(path)
connection_checker = ConnectionChecker()
if connection_checker.check_for_connection(tree):
print("file passed connection check")
cfg = make_cfg(
tree,
project_modules,
local_modules,
path,
allow_local_directory_imports=args.allow_local_imports)
try:
cfg = make_cfg(
tree,
project_modules,
local_modules,
path,
allow_local_directory_imports=args.allow_local_imports)
print("cfg made")
# draw.draw_cfg(cfg, "test_output")
S += 1
call_nodes = []
input_nodes = []
for cfg_node in cfg.nodes:
ast_node = cfg_node.ast_node
if isinstance(ast_node, ast.Call):
if is_connection_method(ast_node):
call_nodes.append(cfg_node)
elif is_user_input(ast_node):
input_nodes.append(cfg_node)
result_set = set()
# for node in input_nodes:
# result_set.add(node)
for x, n in enumerate(call_nodes):
# with open("Analysis.txt", "a") as outFile:
# outFile.write(path + " " + str(x) + "\n")
result_set.update(reverse_traverse(n))
numHttps = 0
numHttp = 0
numUserInput = 0
input_finder = ArgvChecker()
# numUserInput += input_finder.find_args(tree)
for node in result_set:
if node.label.count("https") > 0:
numHttps += 1
elif node.label.count("http") > 0:
numHttp += 1
else:
numUserInput += 1
with open("Stats.txt", "a") as output:
output.write(path + ": http: " + str(numHttp) +
" https: " + str(numHttps) + " UserInput: " +
str(numUserInput) + "\n")
except Exception as err:
print("There was an error : " + "[" + str(path) + "]" +
str(err))
F += 1
cfg_list = [cfg]
framework_route_criteria = is_function # is_user_input_function
# Add all the route functions to the cfg_list
FrameworkAdaptor(cfg_list, project_modules, local_modules,
framework_route_criteria)
with open("result_cfg.txt", "w") as outFile:
for def_cfg in cfg_list:
outFile.write("New cfg in cfg_list \n")
outFile.write(def_cfg.__repr__())
initialize_constraint_table(cfg_list)
log.info("Analysing")
analyse(cfg_list)
log.info("Finding vulnerabilities")
vulnerabilities = find_vulnerabilities(cfg_list,
args.blackbox_mapping_file,
args.trigger_word_file,
args.interactive, nosec_lines)
if args.baseline:
vulnerabilities = get_vulnerabilities_not_in_baseline(
vulnerabilities, args.baseline)
args.formatter.report(vulnerabilities, args.output_file,
not args.only_unsanitised)
has_unsanitised_vulnerabilities = any(
not isinstance(v, SanitisedVulnerability) for v in vulnerabilities)
if has_unsanitised_vulnerabilities:
sys.exit(1)