def run_analysis(self, path=None): if path: self.cfg_create_from_file(path) cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) initialize_constraint_table(cfg_list) analyse(cfg_list) return find_vulnerabilities(cfg_list, default_blackbox_mapping_file, default_trigger_word_file)
def run_analysis(self): cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) initialize_constraint_table(cfg_list) analyse(cfg_list) trigger_word_file = os.path.join('pyt', 'vulnerability_definitions', 'test_positions.pyt') return find_vulnerabilities(cfg_list, default_blackbox_mapping_file, trigger_word_file)
def test_find_triggers(self): self.cfg_create_from_file('examples/vulnerable_code/XSS.py') cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) XSS1 = cfg_list[1] trigger_words = [Source('get')] list_ = vulnerabilities.find_triggers(XSS1.nodes, trigger_words, nosec_lines=set()) self.assert_length(list_, expected_length=1)
def run_analysis(self, path): self.cfg_create_from_file(path) cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_function) initialize_constraint_table(cfg_list) analyse(cfg_list) trigger_word_file = os.path.join('pyt', 'vulnerability_definitions', 'all_trigger_words.pyt') return find_vulnerabilities(cfg_list, default_blackbox_mapping_file, trigger_word_file)
def test_build_sanitiser_node_dict(self): self.cfg_create_from_file('examples/vulnerable_code/XSS_sanitised.py') cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) cfg = cfg_list[1] cfg_node = Node(None, None, line_number=None, path=None) sink = Sink.from_json('replace', {'sanitisers': ['escape']}) sinks_in_file = [vulnerabilities.TriggerNode(sink, cfg_node)] sanitiser_dict = vulnerabilities.build_sanitiser_node_dict(cfg, sinks_in_file) self.assert_length(sanitiser_dict, expected_length=1) self.assertIn('escape', sanitiser_dict.keys()) self.assertEqual(sanitiser_dict['escape'][0], cfg.nodes[3])
def analyze(file): files = discover_files([file], "") nosec_lines = defaultdict(set) cfg_list = list() for path in sorted(files): directory = os.path.dirname(path) project_modules = get_modules(directory, prepend_module_root=True) local_modules = get_directory_modules(directory) tree = generate_ast(path) cfg = make_cfg( tree, project_modules, local_modules, path, allow_local_directory_imports=False ) cfg_list = [cfg] framework_route_criteria = is_fastapi_route_function # Add all the route functions to the cfg_list FrameworkAdaptor( cfg_list, project_modules, local_modules, framework_route_criteria ) initialize_constraint_table(cfg_list) analyse(cfg_list) vulnerabilities = find_vulnerabilities( cfg_list, default_blackbox_mapping_file, default_trigger_word_file, False, nosec_lines ) return vulnerabilities
def run_analysis(self, path): path = os.path.normpath(path) project_modules = get_modules(os.path.dirname(path)) local_modules = get_directory_modules(os.path.dirname(path)) self.cfg_create_from_file(path, project_modules, local_modules) cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) initialize_constraint_table(cfg_list) analyse(cfg_list) return find_vulnerabilities(cfg_list, default_blackbox_mapping_file, default_trigger_word_file)