def process_taint(src: str, pattern: str, taint: str="tainted"):
tree = collect(dedent(src), minimal=True)
loc = ScanLocation(location="<unknown>")
p = ASTPattern({
"pattern": pattern,
"taint": taint
})
with patch.object(config, "get_ast_patterns", return_value=[p]) as mock:
v = Visitor.run_stages(location=loc, ast_tree=tree)
return v.tree[-1]
def process_source_code(src: str, single=True) -> NodeType:
tree = collect(dedent(src), minimal=True)
loc = ScanLocation(location="<unknown>")
v = Visitor.run_stages(location=loc,
stages=("convert", "rewrite"),
ast_tree=tree)
if single:
return v.tree[-1]
else:
return v.tree
def process_taint(src: str, pattern: str, cache_mock, taint: str="tainted"):
tree = collect(dedent(src), minimal=True)
loc = ScanLocation(location="<unknown>")
p = ASTPattern({
"pattern": pattern,
"taint": taint
})
cache_mock.return_value = [p]
v = Visitor.run_stages(location=loc, ast_tree=tree)
return v.tree[-1]
def get_full_ast(self, src):
"""
Get a full AST tree after all stages has been applied, e.g. rewrite & taint analysis
"""
from aura.analyzers.python.visitor import Visitor
from aura.uri_handlers.base import ScanLocation
with tempfile.NamedTemporaryFile() as fd:
fd.write(bytes(src, 'utf-8'))
loc = ScanLocation(location=Path(fd.name),
metadata={"source": "cli"})
visitor = Visitor.run_stages(location=loc)
return visitor.tree["ast_tree"]