コード例 #1
0
    def run_analysis(self, path):
        path = os.path.normpath(path)

        project_modules = get_modules(os.path.dirname(path))
        local_modules = get_directory_modules(os.path.dirname(path))

        self.cfg_create_from_file(path, project_modules, local_modules)

        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)

        initialize_constraint_table(cfg_list)

        analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)

        return vulnerabilities.find_vulnerabilities(
            cfg_list,
            ReachingDefinitionsTaintAnalysis,
            UImode.NORMAL,
            VulnerabilityFiles(
                default_blackbox_mapping_file,
                default_trigger_word_file
            )
        )
コード例 #2
0
ファイル: vulnerabilities_test.py プロジェクト: rgedagit/pyt
    def run_analysis(self, path):
        self.cfg_create_from_file(path)
        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
        initialize_constraint_table(cfg_list)

        analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)

        return vulnerabilities.find_vulnerabilities(cfg_list, ReachingDefinitionsTaintAnalysis)
コード例 #3
0
ファイル: vulnerabilities_test.py プロジェクト: tdelam/pyt
    def test_find_triggers(self):
        self.cfg_create_from_file('example/vulnerable_code/XSS.py')

        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)

        XSS1 = cfg_list[1]
        trigger_words = [('get', [])]

        l = vulnerabilities.find_triggers(XSS1.nodes, trigger_words)
        self.assert_length(l, expected_length=1)
コード例 #4
0
ファイル: vulnerabilities_test.py プロジェクト: rgedagit/pyt
    def run_analysis(self, path):
        self.cfg_create_from_file(path)
        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_django_view_function)
        initialize_constraint_table(cfg_list)

        analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)

        trigger_word_file = os.path.join('pyt', 'trigger_definitions', 'django_trigger_words.pyt')

        return vulnerabilities.find_vulnerabilities(cfg_list, ReachingDefinitionsTaintAnalysis, trigger_word_file=trigger_word_file)
コード例 #5
0
ファイル: vulnerabilities_test.py プロジェクト: tdelam/pyt
    def run_analysis(self, path):
        self.cfg_create_from_file(path)
        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
        initialize_constraint_table(cfg_list)

        analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)

        return vulnerabilities.find_vulnerabilities(
            cfg_list, ReachingDefinitionsTaintAnalysis, UImode.NORMAL,
            VulnerabilityFiles(default_blackbox_mapping_file,
                               default_trigger_word_file))
コード例 #6
0
ファイル: vulnerabilities_test.py プロジェクト: rgedagit/pyt
    def test_build_sanitiser_node_dict(self):
        self.cfg_create_from_file('example/vulnerable_code/XSS_sanitised.py')
        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)

        cfg = cfg_list[1]

        cfg_node = Node(None, None,  line_number=None, path=None)
        sinks_in_file = [vulnerabilities.TriggerNode('replace', ['escape'], cfg_node)]

        sanitiser_dict = vulnerabilities.build_sanitiser_node_dict(cfg, sinks_in_file)
        self.assert_length(sanitiser_dict, expected_length=1)
        self.assertIn('escape', sanitiser_dict.keys())

        self.assertEqual(sanitiser_dict['escape'][0], cfg.nodes[3])