def uses_unencrypted_sockets(code_dest: str, exclude: list = None, lang_specs: dict = None) -> bool: """ Check if there are unencrypted web sockets URI schemes in code (`ws://`). :param code_dest: Path to the file or directory to be tested. :param exclude: Paths that contains any string from this list are ignored. :param lang_specs: Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example. """ encrypted_re = re.compile(r'^wss://.*$', flags=re.I) unencrypted_re = re.compile(r'^ws://.*$', flags=re.I) encrypted_grammar = MatchFirst([QuotedString('"'), QuotedString("'")]) unencrypted_grammar = MatchFirst([QuotedString('"'), QuotedString("'")]) encrypted_grammar.addCondition(lambda x: encrypted_re.search(x[0])) unencrypted_grammar.addCondition(lambda x: unencrypted_re.search(x[0])) try: unencrypted = lang.path_contains_grammar(unencrypted_grammar, code_dest, LANGUAGE_SPECS, exclude) except FileNotFoundError: show_unknown('File does not exist', details=dict(code_dest=code_dest)) return False if unencrypted: show_open('Code uses web sockets over an unencrypted channel', details=dict(vulnerable_uris=unencrypted)) return True encrypted = lang.path_contains_grammar(encrypted_grammar, code_dest, LANGUAGE_SPECS, exclude) if encrypted: msg = 'Code uses web sockets over an encrypted channel' else: msg = 'Cose does not use web sockets' show_close(msg, details=dict(code_dest=code_dest, checked_uris=encrypted)) return False