def test_get_modules_no_prepend_root(self):
project_folder = os.path.normpath(os.path.join('examples', 'test_project'))
folder = 'folder'
directory = 'directory'
modules = get_modules(project_folder, prepend_module_root=False)
app_path = os.path.join(project_folder, 'app.py')
__init__path = os.path.join(project_folder, folder)
indhold_path = os.path.join(project_folder, folder, directory, 'indhold.py')
app_name = 'app'
__init__name = folder
indhold_name = folder + '.' + directory + '.indhold'
app_tuple = (app_name, app_path)
__init__tuple = (__init__name, __init__path)
indhold_tuple = (indhold_name, indhold_path)
self.assertIn(app_tuple, modules)
self.assertIn(__init__tuple, modules)
self.assertIn(indhold_tuple, modules)
self.assertEqual(len(modules), 6)
def analyze(file):
files = discover_files([file], "")
nosec_lines = defaultdict(set)
cfg_list = list()
for path in sorted(files):
directory = os.path.dirname(path)
project_modules = get_modules(directory, prepend_module_root=True)
local_modules = get_directory_modules(directory)
tree = generate_ast(path)
cfg = make_cfg(
tree,
project_modules,
local_modules,
path,
allow_local_directory_imports=False
)
cfg_list = [cfg]
framework_route_criteria = is_fastapi_route_function
# Add all the route functions to the cfg_list
FrameworkAdaptor(
cfg_list,
project_modules,
local_modules,
framework_route_criteria
)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
vulnerabilities = find_vulnerabilities(
cfg_list,
default_blackbox_mapping_file,
default_trigger_word_file,
False,
nosec_lines
)
return vulnerabilities
def run_analysis(self, path):
path = os.path.normpath(path)
project_modules = get_modules(os.path.dirname(path))
local_modules = get_directory_modules(os.path.dirname(path))
self.cfg_create_from_file(path, project_modules, local_modules)
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
initialize_constraint_table(cfg_list)
analyse(cfg_list)
return find_vulnerabilities(cfg_list, default_blackbox_mapping_file,
default_trigger_word_file)
def test_get_modules(self):
project_folder = os.path.normpath(
os.path.join('examples', 'test_project'))
project_namespace = 'test_project'
folder = 'folder'
directory = 'directory'
modules = get_modules(project_folder)
app_path = os.path.join(project_folder, 'app.py')
utils_path = os.path.join(project_folder, 'utils.py')
exceptions_path = os.path.join(project_folder, 'exceptions.py')
some_path = os.path.join(project_folder, folder, 'some.py')
__init__path = os.path.join(project_folder, folder)
indhold_path = os.path.join(project_folder, folder, directory,
'indhold.py')
# relative_folder_name = '.' + folder
app_name = project_namespace + '.' + 'app'
utils_name = project_namespace + '.' + 'utils'
exceptions_name = project_namespace + '.' + 'exceptions'
some_name = project_namespace + '.' + folder + '.some'
__init__name = project_namespace + '.' + folder
indhold_name = project_namespace + '.' + folder + '.' + directory + '.indhold'
app_tuple = (app_name, app_path)
utils_tuple = (utils_name, utils_path)
exceptions_tuple = (exceptions_name, exceptions_path)
some_tuple = (some_name, some_path)
__init__tuple = (__init__name, __init__path)
indhold_tuple = (indhold_name, indhold_path)
self.assertIn(app_tuple, modules)
self.assertIn(utils_tuple, modules)
self.assertIn(exceptions_tuple, modules)
self.assertIn(some_tuple, modules)
self.assertIn(__init__tuple, modules)
self.assertIn(indhold_tuple, modules)
self.assertEqual(len(modules), 6)