def test_export_to_xml(): write_to_file(target=target, sid='abcdefg', output_format='xml', filename='test.xml') assert os.path.exists(os.path.join(EXPORT_PATH, 'test.xml')) with open(os.path.join(EXPORT_PATH, 'test.xml')) as f: xml_string = f.read() # XML tag assert "</" in xml_string # code_content assert "127.0.1.1" in xml_string # line_number assert "294" in xml_string # file_path assert "common.py" in xml_string # commit_author assert "Sunny" in xml_string # commit_time assert "2015-01-31" in xml_string # rule_name assert "硬编码IP" in xml_string os.remove(os.path.join(EXPORT_PATH, 'test.xml'))
def test_export_to_json(): write_to_file(target=target, sid='abcdefg', output_format='json', filename='test.json') assert os.path.exists(os.path.join(EXPORT_PATH, 'test.json')) with open(os.path.join(EXPORT_PATH, 'test.json')) as f: json_string = f.read() # JSON format assert isinstance(json.loads(json_string), dict) # code_content assert "127.0.1.1" in json_string # line_number assert "294" in json_string # file_path assert "common.py" in json_string # commit_author assert "Sunny" in json_string # commit_time assert "2015-01-31" in json_string # rule_name assert "硬编码IP" in json_string os.remove(os.path.join(EXPORT_PATH, 'test.json'))
def start(target, formatter, output, special_rules, a_sid=None, language=None, tamper_name=None, black_path=None, is_unconfirm=False, is_unprecom=False): """ Start CLI :param black_path: :param tamper_name: :param language: :param target: File, FOLDER, GIT :param formatter: :param output: :param special_rules: :param a_sid: all scan id :return: """ global ast_object # generate single scan id s_sid = get_sid(target) r = Running(a_sid) data = (s_sid, target) r.init_list(data=target) r.list(data) report = '?sid={a_sid}'.format(a_sid=a_sid) d = r.status() d['report'] = report r.status(d) task_id = a_sid # 加载 kunlunmignore load_kunlunmignore() # parse target mode and output mode pa = ParseArgs(target, formatter, output, special_rules, language, black_path, a_sid=None) target_mode = pa.target_mode output_mode = pa.output_mode black_path_list = pa.black_path_list # target directory try: target_directory = pa.target_directory(target_mode) logger.info('[CLI] Target : {d}'.format(d=target_directory)) # static analyse files info files, file_count, time_consume = Directory(target_directory, black_path_list).collect_files() # vendor check project_id = get_and_check_scantask_project_id(task_id) Vendors(project_id, target_directory, files) # detection main language and framework if not language: dt = Detection(target_directory, files) main_language = dt.language main_framework = dt.framework else: main_language = pa.language main_framework = pa.language logger.info('[CLI] [STATISTIC] Language: {l} Framework: {f}'.format(l=",".join(main_language), f=main_framework)) logger.info('[CLI] [STATISTIC] Files: {fc}, Extensions:{ec}, Consume: {tc}'.format(fc=file_count, ec=len(files), tc=time_consume)) if pa.special_rules is not None: logger.info('[CLI] [SPECIAL-RULE] only scan used by {r}'.format(r=','.join(pa.special_rules))) # Pretreatment ast object ast_object.init_pre(target_directory, files) ast_object.pre_ast_all(main_language, is_unprecom=is_unprecom) # scan scan(target_directory=target_directory, a_sid=a_sid, s_sid=s_sid, special_rules=pa.special_rules, language=main_language, framework=main_framework, file_count=file_count, extension_count=len(files), files=files, tamper_name=tamper_name, is_unconfirm=is_unconfirm) except KeyboardInterrupt as e: logger.error("[!] KeyboardInterrupt, exit...") exit() except Exception: result = { 'code': 1002, 'msg': 'Exception' } Running(s_sid).data(result) raise # 输出写入文件 write_to_file(target=target, sid=s_sid, output_format=formatter, filename=output)