def start(**kwargs):
"""
:param kwargs:
:return:
"""
# TODO setup.py
code_dir = kwargs.get('code_dir', '')
file_name = kwargs.get('file_name', 'requirements.txt')
skipNewVerCheck = kwargs.get('skipNewVerCheck', False)
result_file_list = recursive_search_files(code_dir, '*/requirements.txt')
_ = glob.glob(os.path.join(code_dir, 'requirements', '*.txt'))
if _:
result_file_list.extend(_)
result = []
for item in result_file_list:
# FIXME
relative_path = item.replace('{0}'.format(code_dir), '')
relative_path = relative_path[1:] if relative_path.startswith(
'/') else relative_path
result.extend(_get_dependencies(file_name=item, origin=relative_path))
return result
def start(**kwargs):
"""
:param kwargs:
:return:
"""
code_dir = kwargs.get('code_dir', '')
file_list = recursive_search_files(code_dir, '*/build.gradle')
result = []
for item in file_list:
origin_file = item[len(code_dir) + 1:]
logger.info('[-] Start analysis "{0}" file...'.format(origin_file))
with open(item, 'rb') as fp:
content = fp.read().decode()
include_file = find_include_file(content)
if include_file:
path, _ = os.path.split(item)
for f in include_file:
full_path = os.path.join(path, f)
with open(full_path, 'rb') as fpi:
result.extend(
find_product_info(fpi.read().decode(),
full_path[len(code_dir) + 1:]))
dependencies = find_keyword_block(content)
for key, value in dependencies.items():
result.extend(find_product_info(value, origin_file))
return result
def start(**kwargs):
"""
:param kwargs:
:return:
"""
code_dir = kwargs.get('code_dir', '')
pom_file_list = recursive_search_files(code_dir, '*/pom.xml')
result = []
tree = {}
for try_main_pom in pom_file_list:
os.system('mvn dependency:tree -f ' + try_main_pom +
' -DoutputType=dot -DoutputFile=result > /dev/null')
for pom_file in pom_file_list:
pom_path = pom_file.rstrip('pom.xml').replace(';', '')
if not os.path.exists(pom_path + 'result'):
continue
with open(pom_path + 'result') as dot_file:
lines = dot_file.readlines()[1:-1]
for line in lines:
ret = re.match(r".*\"(\S+)\" -> \"(\S+)\" ;", line)
if not ret:
continue
parent, _self = ret.group(1), ret.group(2)
tree[_self] = parent
parent_file = parse_parent(parent, tree)
# print(_self, '|||',parent_file)
product_info = _self.split(':')
vendor, product, version, tag = product_info[0], product_info[
1], product_info[-2], product_info[-1]
if tag != 'test':
result.append({
'vendor':
vendor,
'product':
product,
'version':
version,
'new_version':
'',
'cve': {},
'parent_file':
parent_file,
'origin_file':
'/'.join(pom_file.split('/')[3:])
})
return result
def start(**kwargs):
"""
:param kwargs:
:return:
"""
code_dir = kwargs.get('code_dir', '')
file_name = kwargs.get('file_name', 'package.json')
skipNewVerCheck = kwargs.get('skipNewVerCheck', False)
result_file_list = recursive_search_files(code_dir, '*/package.json')
result = []
for item in result_file_list:
# FIXME
relative_path = item.replace('{0}'.format(code_dir), '')
relative_path = relative_path[1:] if relative_path.startswith('/') else relative_path
result.extend(_get_dependencies(file_name=item, origin=relative_path))
return result
def start(**kwargs):
"""
:param kwargs:
:return:
"""
code_dir = kwargs.get('code_dir', '')
enable_online_recursive = kwargs.get('enable_online_recursive', False)
deep_recursive = kwargs.get('deep_recursive', False)
pom_file_list = recursive_search_files(code_dir, '*/pom.xml')
pom_entity_list = []
result = []
for item in pom_file_list:
logger.info('[-] Start analysis "{0}" file...'.format(item))
with open(item, 'rb') as fp:
pom_content = fp.read()
pom = PomEntity(origin_file_name=item,
pom_content=pom_content.decode())
if not pom.parent:
if pom.key not in kb.dependencies:
kb.dependencies[pom.key] = pom
pom_entity_list.append(pom)
if enable_online_recursive:
_result = []
for pom in pom_entity_list:
for dep in pom.dependencies:
if dep['version']:
_url = '{0}{1}/{2}/{3}/{2}-{3}.pom'.format(
conf.mvn['repo'][0],
dep['group_id'].replace('.', '/'),
dep['artifact_id'],
dep['version'],
)
_result.extend(
recursive_online(url=_url,
parent_file=pom.file_name,
deep_recursive=deep_recursive))
pom_entity_list.extend(_result)
for pom in pom_entity_list:
parent_key = None
parent_file = ''
if pom.parent:
parent_key = '{0}:{1}'.format(pom.parent['groupId'],
pom.parent['artifactId'])
if parent_key and parent_key in kb.dependencies:
parent_file = kb.dependencies[parent_key].file_name
for item in pom.dependencies:
version = item['version']
ver = re.search(r'\$\{(.+?)\}', version, re.I)
if ver and parent_key and parent_key in kb.dependencies and ver.group(
1) in kb.dependencies[parent_key].properties:
version = kb.dependencies[parent_key].properties[ver.group(1)]
result.append({
'vendor': item['group_id'],
'product': item['artifact_id'],
'version': version,
'new_version': '',
'cve': {},
'parent_file': parent_file if parent_file else pom.parent_file,
'origin_file': pom.file_name,
})
return result