Commit d4d2e95

authored

Merge pull request #166 from bcaller/shorter-reassignments

Remove extraneous reassignments in output

2 parents c0e6ace + c4893e7 commit d4d2e95Copy full SHA for d4d2e95

File tree

2 files changed

-60

lines changed

pyt/vulnerabilities
- vulnerability_helper.py
tests/vulnerabilities
- vulnerabilities_test.py

2 files changed

-60

lines changed

`‎pyt/vulnerabilities/vulnerability_helper.py`

Lines changed: 6 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`import json`
`4`	`4`	`from enum import Enum`
`5`	`5`	`from collections import namedtuple`
	`6`	`+from itertools import takewhile`
`6`	`7`
`7`	`8`	`from ..core.node_types import YieldNode`
`8`	`9`
`@@ -56,16 +57,13 @@ def __init__(`
`56`	`57`	`self.sink = sink`
`57`	`58`	`self.sink_trigger_word = sink_trigger_word`
`58`	`59`
`59`		`- self.reassignment_nodes = reassignment_nodes`
`60`		`- self._remove_sink_from_secondary_nodes()`
	`60`	`+ # Remove the sink node and all nodes after the sink from the list of reassignments.`
	`61`	`+ self.reassignment_nodes = list(takewhile(`
	`62`	`+ lambda node: node is not sink,`
	`63`	`+ reassignment_nodes`
	`64`	`+ ))`
`61`	`65`	`self._remove_non_propagating_yields()`
`62`	`66`
`63`		`- def _remove_sink_from_secondary_nodes(self):`
`64`		`- try:`
`65`		`- self.reassignment_nodes.remove(self.sink)`
`66`		`- except ValueError: # pragma: no cover`
`67`		`- pass`
`68`		`-`
`69`	`67`	`def _remove_non_propagating_yields(self):`
`70`	`68`	"""Remove yield with no variables e.g. `yield 123` and plain `yield` from vulnerability."""
`71`	`69`	`for node in list(self.reassignment_nodes):`

`‎tests/vulnerabilities/vulnerabilities_test.py`

Lines changed: 0 additions & 52 deletions

Original file line number	Diff line number	Diff line change
`@@ -150,12 +150,6 @@ def test_XSS_result(self):`
`150`	`150`	`Reassigned in:`
`151`	`151`	`File: examples/vulnerable_code/XSS.py`
`152`	`152`	`> Line 6: param = ~call_1`
`153`		`- File: examples/vulnerable_code/XSS.py`
`154`		`- > Line 9: ~call_3 = ret_make_response(~call_4)`
`155`		`- File: examples/vulnerable_code/XSS.py`
`156`		`- > Line 9: resp = ~call_3`
`157`		`- File: examples/vulnerable_code/XSS.py`
`158`		`- > Line 10: ret_XSS1 = resp`
`159`	`153`	`File: examples/vulnerable_code/XSS.py`
`160`	`154`	`> reaches line 9, sink "replace(":`
`161`	`155`	`~call_4 = ret_html.replace('{{ param }}', param)`
`@@ -274,8 +268,6 @@ def test_path_traversal_sanitised_result(self):`
`274`	`268`	`> Line 10: image_name = ~call_2`
`275`	`269`	`File: examples/vulnerable_code/path_traversal_sanitised.py`
`276`	`270`	`> Line 12: ~call_4 = ret_os.path.join(~call_5, image_name)`
`277`		`- File: examples/vulnerable_code/path_traversal_sanitised.py`
`278`		`- > Line 12: ret_cat_picture = ~call_3`
`279`	`271`	`File: examples/vulnerable_code/path_traversal_sanitised.py`
`280`	`272`	`> reaches line 12, sink "send_file(":`
`281`	`273`	`~call_3 = ret_send_file(~call_4)`
`@@ -297,8 +289,6 @@ def test_path_traversal_sanitised_2_result(self):`
`297`	`289`	`> Line 8: image_name = ~call_1`
`298`	`290`	`File: examples/vulnerable_code/path_traversal_sanitised_2.py`
`299`	`291`	`> Line 12: ~call_3 = ret_os.path.join(~call_4, image_name)`
`300`		`- File: examples/vulnerable_code/path_traversal_sanitised_2.py`
`301`		`- > Line 12: ret_cat_picture = ~call_2`
`302`	`292`	`File: examples/vulnerable_code/path_traversal_sanitised_2.py`
`303`	`293`	`> reaches line 12, sink "send_file(":`
`304`	`294`	`~call_2 = ret_send_file(~call_3)`
`@@ -318,8 +308,6 @@ def test_sql_result(self):`
`318`	`308`	`Reassigned in:`
`319`	`309`	`File: examples/vulnerable_code/sql/sqli.py`
`320`	`310`	`> Line 26: param = ~call_1`
`321`		`- File: examples/vulnerable_code/sql/sqli.py`
`322`		`- > Line 27: result = ~call_2`
`323`	`311`	`File: examples/vulnerable_code/sql/sqli.py`
`324`	`312`	`> reaches line 27, sink "execute(":`
`325`	`313`	`~call_2 = ret_db.engine.execute(param)`
`@@ -335,13 +323,6 @@ def test_XSS_form_result(self):`
`335`	`323`	`File: examples/vulnerable_code/XSS_form.py`
`336`	`324`	`> User input at line 14, source "form[":`
`337`	`325`	`data = request.form['my_text']`
`338`		`- Reassigned in:`
`339`		`- File: examples/vulnerable_code/XSS_form.py`
`340`		`- > Line 15: ~call_1 = ret_make_response(~call_2)`
`341`		`- File: examples/vulnerable_code/XSS_form.py`
`342`		`- > Line 15: resp = ~call_1`
`343`		`- File: examples/vulnerable_code/XSS_form.py`
`344`		`- > Line 17: ret_example2_action = resp`
`345`	`326`	`File: examples/vulnerable_code/XSS_form.py`
`346`	`327`	`> reaches line 15, sink "replace(":`
`347`	`328`	`~call_2 = ret_html1.replace('{{ data }}', data)`
`@@ -360,12 +341,6 @@ def test_XSS_url_result(self):`
`360`	`341`	`Reassigned in:`
`361`	`342`	`File: examples/vulnerable_code/XSS_url.py`
`362`	`343`	`> Line 6: param = url`
`363`		`- File: examples/vulnerable_code/XSS_url.py`
`364`		`- > Line 9: ~call_2 = ret_make_response(~call_3)`
`365`		`- File: examples/vulnerable_code/XSS_url.py`
`366`		`- > Line 9: resp = ~call_2`
`367`		`- File: examples/vulnerable_code/XSS_url.py`
`368`		`- > Line 10: ret_XSS1 = resp`
`369`	`344`	`File: examples/vulnerable_code/XSS_url.py`
`370`	`345`	`> reaches line 9, sink "replace(":`
`371`	`346`	`~call_3 = ret_html.replace('{{ param }}', param)`
`@@ -390,12 +365,6 @@ def test_XSS_reassign_result(self):`
`390`	`365`	`> Line 6: param = ~call_1`
`391`	`366`	`File: examples/vulnerable_code/XSS_reassign.py`
`392`	`367`	`> Line 8: param = param + ''`
`393`		`- File: examples/vulnerable_code/XSS_reassign.py`
`394`		`- > Line 11: ~call_3 = ret_make_response(~call_4)`
`395`		`- File: examples/vulnerable_code/XSS_reassign.py`
`396`		`- > Line 11: resp = ~call_3`
`397`		`- File: examples/vulnerable_code/XSS_reassign.py`
`398`		`- > Line 12: ret_XSS1 = resp`
`399`	`368`	`File: examples/vulnerable_code/XSS_reassign.py`
`400`	`369`	`> reaches line 11, sink "replace(":`
`401`	`370`	`~call_4 = ret_html.replace('{{ param }}', param)`
`@@ -418,12 +387,6 @@ def test_XSS_sanitised_result(self):`
`418`	`387`	`> Line 9: ~call_2 = ret_Markup.escape(param)`
`419`	`388`	`File: examples/vulnerable_code/XSS_sanitised.py`
`420`	`389`	`> Line 9: param = ~call_2`
`421`		`- File: examples/vulnerable_code/XSS_sanitised.py`
`422`		`- > Line 12: ~call_4 = ret_make_response(~call_5)`
`423`		`- File: examples/vulnerable_code/XSS_sanitised.py`
`424`		`- > Line 12: resp = ~call_4`
`425`		`- File: examples/vulnerable_code/XSS_sanitised.py`
`426`		`- > Line 13: ret_XSS1 = resp`
`427`	`390`	`File: examples/vulnerable_code/XSS_sanitised.py`
`428`	`391`	`> reaches line 12, sink "replace(":`
`429`	`392`	`~call_5 = ret_html.replace('{{ param }}', param)`
`@@ -449,12 +412,6 @@ def test_XSS_variable_assign_result(self):`
`449`	`412`	`> Line 6: param = ~call_1`
`450`	`413`	`File: examples/vulnerable_code/XSS_variable_assign.py`
`451`	`414`	`> Line 8: other_var = param + ''`
`452`		`- File: examples/vulnerable_code/XSS_variable_assign.py`
`453`		`- > Line 11: ~call_3 = ret_make_response(~call_4)`
`454`		`- File: examples/vulnerable_code/XSS_variable_assign.py`
`455`		`- > Line 11: resp = ~call_3`
`456`		`- File: examples/vulnerable_code/XSS_variable_assign.py`
`457`		`- > Line 12: ret_XSS1 = resp`
`458`	`415`	`File: examples/vulnerable_code/XSS_variable_assign.py`
`459`	`416`	`> reaches line 11, sink "replace(":`
`460`	`417`	`~call_4 = ret_html.replace('{{ param }}', other_var)`
`@@ -479,12 +436,6 @@ def test_XSS_variable_multiple_assign_result(self):`
`479`	`436`	`> Line 10: not_the_same_var = '' + other_var`
`480`	`437`	`File: examples/vulnerable_code/XSS_variable_multiple_assign.py`
`481`	`438`	`> Line 12: another_one = not_the_same_var + ''`
`482`		`- File: examples/vulnerable_code/XSS_variable_multiple_assign.py`
`483`		`- > Line 15: ~call_3 = ret_make_response(~call_4)`
`484`		`- File: examples/vulnerable_code/XSS_variable_multiple_assign.py`
`485`		`- > Line 15: resp = ~call_3`
`486`		`- File: examples/vulnerable_code/XSS_variable_multiple_assign.py`
`487`		`- > Line 17: ret_XSS1 = resp`
`488`	`439`	`File: examples/vulnerable_code/XSS_variable_multiple_assign.py`
`489`	`440`	`> reaches line 15, sink "replace(":`
`490`	`441`	`~call_4 = ret_html.replace('{{ param }}', another_one)`
`@@ -550,9 +501,6 @@ def test_django_view_param(self):`
`550`	`501`	`File: examples/vulnerable_code/django_XSS.py`
`551`	`502`	`> User input at line 4, source "Framework function URL parameter":`
`552`	`503`	`param`
`553`		`- Reassigned in:`
`554`		`- File: examples/vulnerable_code/django_XSS.py`
`555`		`- > Line 5: ret_xss1 = ~call_1`
`556`	`504`	`File: examples/vulnerable_code/django_XSS.py`
`557`	`505`	`> reaches line 5, sink "render(":`
`558`	`506`	`~call_1 = ret_render(request, 'templates/xss.html', 'param'param)`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit d4d2e95

File tree

2 files changed

2 files changed

`‎pyt/vulnerabilities/vulnerability_helper.py`

`‎tests/vulnerabilities/vulnerabilities_test.py`

0 commit comments