Exemplo n.º 1
0
    def test_find_vulnerabilities_sanitised(self):
        self.cfg_create_from_file('../example/vulnerable_code/XSS_sanitised.py')
        cfg_list = [self.cfg]
        FlaskAdaptor(cfg_list, [], [])
        
        analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)

        vulnerability_log = vulnerabilities.find_vulnerabilities(cfg_list)
        self.assert_length(vulnerability_log.vulnerabilities, expected_length=1)
Exemplo n.º 2
0
    def main(self, dirname):  # noqa: C901
        command_line_args = [dirname, "-oVulnerabilityResultsTemp.txt", "-r"]
        args = parse_args(command_line_args)

        logging_level = (logging.ERROR if not args.verbose else
                         logging.WARN if args.verbose == 1 else
                         logging.INFO if args.verbose == 2 else logging.DEBUG)
        logging.basicConfig(level=logging_level,
                            format='[%(levelname)s] %(name)s: %(message)s')

        files = discover_files(args.targets, args.excluded_paths,
                               args.recursive)

        nosec_lines = defaultdict(set)

        if args.project_root:
            directory = os.path.normpath(args.project_root)
            project_modules = get_modules(
                directory, prepend_module_root=args.prepend_module_root)

        cfg_list = list()
        for path in sorted(files):
            print(path)
            log.info("Processing %s", path)
            try:
                if not args.ignore_nosec:
                    nosec_lines[path] = retrieve_nosec_lines(path)
                if not args.project_root:
                    directory = os.path.dirname(path)
                    project_modules = get_modules(
                        directory,
                        prepend_module_root=args.prepend_module_root)

                local_modules = get_directory_modules(directory)
                tree = generate_ast(path)
                connection_checker = ConnectionChecker()
                if True:  # connection_checker.check_for_connection(tree):
                    print("file passed connection check")
                    cfg = make_cfg(
                        tree,
                        project_modules,
                        local_modules,
                        path,
                        allow_local_directory_imports=args.allow_local_imports)
                    print("cfg made")
                    # draw.draw_cfg(cfg, "test_output")

                    cfg_list = [cfg]

                    framework_route_criteria = is_function  # is_user_input_function

                    # Add all the route functions to the cfg_list
                    FrameworkAdaptor(cfg_list, project_modules, local_modules,
                                     framework_route_criteria)
                    self.S += 1
                    '''
                    with open("result_cfg.txt", "w") as outFile:
                        for def_cfg in cfg_list:
                            outFile.write("New cfg in cfg_list \n")
                            outFile.write(def_cfg.__repr__())
                    '''
            except Exception as err:
                print("There was an error : " + "[" + str(path) + "] " +
                      str(err))
                traceback.print_exc()
                self.F += 1
        initialize_constraint_table(cfg_list)
        log.info("Analysing")
        print("Analysing")
        analyse(cfg_list)
        log.info("Finding vulnerabilities")
        print("Finding vulnerabilities")
        vulnerabilities = find_vulnerabilities(cfg_list,
                                               args.blackbox_mapping_file,
                                               args.trigger_word_file,
                                               args.interactive, nosec_lines)

        if args.baseline:
            vulnerabilities = get_vulnerabilities_not_in_baseline(
                vulnerabilities, args.baseline)

        args.formatter.report(vulnerabilities, args.output_file,
                              not args.only_unsanitised)
        args.output_file.close()
        has_unsanitised_vulnerabilities = any(
            not isinstance(v, SanitisedVulnerability) for v in vulnerabilities)
        if has_unsanitised_vulnerabilities:
            print("There are unsanitised vulnerabilities in " + dirname)
Exemplo n.º 3
0
        directory = os.path.dirname(path)
    project_modules = get_python_modules(directory)
    local_modules = get_directory_modules(directory)

    tree = generate_ast(path)
    cfg = build_cfg(tree, project_modules, local_modules, path)

    cfg_list = [cfg]

    adaptor_type = FlaskAdaptor(cfg_list, project_modules, local_modules)

    analyse(cfg_list, analysis_type=ReachingDefinitionsTaintAnalysis)

    vulnerability_log = None
    if args.trigger_word_file:
        vulnerability_log = find_vulnerabilities(cfg_list,
                                                 args.trigger_word_file)
    else:
        vulnerability_log = find_vulnerabilities(cfg_list)

    vulnerability_log.print_report()

    if args.draw_cfg:
        if args.output_filename:
            draw_cfgs(cfg_list, args.output_filename)
        else:
            draw_cfgs(cfg_list)
    if args.print:
        for i, e in enumerate(cfg_list):
            print('############## CFG number: ', i)
            print(e)
    if args.verbose_print:
Exemplo n.º 4
0
def main(dirname):  # noqa: C901
    global S
    global F
    command_line_args = [dirname, "-r"]
    args = parse_args(command_line_args)

    logging_level = (logging.ERROR
                     if not args.verbose else logging.WARN if args.verbose == 1
                     else logging.INFO if args.verbose == 2 else logging.DEBUG)
    logging.basicConfig(level=logging_level,
                        format='[%(levelname)s] %(name)s: %(message)s')

    files = discover_files(args.targets, args.excluded_paths, args.recursive)

    nosec_lines = defaultdict(set)

    if args.project_root:
        directory = os.path.normpath(args.project_root)
        project_modules = get_modules(
            directory, prepend_module_root=args.prepend_module_root)

    cfg_list = list()
    for path in sorted(files):
        print(path)
        log.info("Processing %s", path)
        if not args.ignore_nosec:
            nosec_lines[path] = retrieve_nosec_lines(path)
        if not args.project_root:
            directory = os.path.dirname(path)
            project_modules = get_modules(
                directory, prepend_module_root=args.prepend_module_root)

        local_modules = get_directory_modules(directory)
        tree = generate_ast(path)
        connection_checker = ConnectionChecker()
        if connection_checker.check_for_connection(tree):
            print("file passed connection check")
            cfg = make_cfg(
                tree,
                project_modules,
                local_modules,
                path,
                allow_local_directory_imports=args.allow_local_imports)
            try:
                cfg = make_cfg(
                    tree,
                    project_modules,
                    local_modules,
                    path,
                    allow_local_directory_imports=args.allow_local_imports)
                print("cfg made")
                # draw.draw_cfg(cfg, "test_output")
                S += 1
                call_nodes = []
                input_nodes = []
                for cfg_node in cfg.nodes:
                    ast_node = cfg_node.ast_node
                    if isinstance(ast_node, ast.Call):
                        if is_connection_method(ast_node):
                            call_nodes.append(cfg_node)
                        elif is_user_input(ast_node):
                            input_nodes.append(cfg_node)
                result_set = set()
                # for node in input_nodes:
                #    result_set.add(node)
                for x, n in enumerate(call_nodes):
                    # with open("Analysis.txt", "a") as outFile:
                    # outFile.write(path + " " + str(x) + "\n")
                    result_set.update(reverse_traverse(n))
                numHttps = 0
                numHttp = 0
                numUserInput = 0
                input_finder = ArgvChecker()
                # numUserInput += input_finder.find_args(tree)
                for node in result_set:
                    if node.label.count("https") > 0:
                        numHttps += 1
                    elif node.label.count("http") > 0:
                        numHttp += 1
                    else:
                        numUserInput += 1
                with open("Stats.txt", "a") as output:
                    output.write(path + ": http: " + str(numHttp) +
                                 " https: " + str(numHttps) + " UserInput: " +
                                 str(numUserInput) + "\n")
            except Exception as err:
                print("There was an error : " + "[" + str(path) + "]" +
                      str(err))
                F += 1
        cfg_list = [cfg]

        framework_route_criteria = is_function  # is_user_input_function

        # Add all the route functions to the cfg_list
        FrameworkAdaptor(cfg_list, project_modules, local_modules,
                         framework_route_criteria)
        with open("result_cfg.txt", "w") as outFile:
            for def_cfg in cfg_list:
                outFile.write("New cfg in cfg_list \n")
                outFile.write(def_cfg.__repr__())
    initialize_constraint_table(cfg_list)
    log.info("Analysing")
    analyse(cfg_list)
    log.info("Finding vulnerabilities")
    vulnerabilities = find_vulnerabilities(cfg_list,
                                           args.blackbox_mapping_file,
                                           args.trigger_word_file,
                                           args.interactive, nosec_lines)

    if args.baseline:
        vulnerabilities = get_vulnerabilities_not_in_baseline(
            vulnerabilities, args.baseline)

    args.formatter.report(vulnerabilities, args.output_file,
                          not args.only_unsanitised)

    has_unsanitised_vulnerabilities = any(
        not isinstance(v, SanitisedVulnerability) for v in vulnerabilities)
    if has_unsanitised_vulnerabilities:
        sys.exit(1)