-
Notifications
You must be signed in to change notification settings - Fork 249
-r Recursive option #129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
-r Recursive option #129
Changes from all commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
2ebe595
new args
omergunal ef3a21d
added recursive args
omergunal 38be6e2
Update __main__.py
omergunal 759f632
Update __main__.py
omergunal ed38dbb
Created discover_files() function
omergunal fcf4638
Merge branch 'master' into patch-4
omergunal 3ac883c
added recursive option
omergunal e246104
discover_files
omergunal 2cbac72
added recursive, targets
omergunal 7875c82
update discover_files()
omergunal ca0b2d7
removed file_list
omergunal d9db9dd
"targets" must be required
omergunal c35ae81
created loop for discover_files()
omergunal 9c54d8c
new params
omergunal 40c0f8f
Update __main__.py
omergunal 42759f0
Update __main__.py
omergunal 5931faf
Merge branch 'master' into patch-4
omergunal 5546c3d
changed func. and added baseline
omergunal 8d1d805
new parameters for discover_files
omergunal 35b8001
test_valid_args_but_no_targets()
omergunal 2e4d07a
edited expected values
omergunal 0c6b082
changed vulnerabilities list location
omergunal ae84a44
Update usage_test.py
omergunal 1944b4a
Update usage_test.py
omergunal ba3d438
changed location of "recursive control"
omergunal 6a25e25
Update usage.py
omergunal f42d283
de-dent some lines
omergunal c7b2f73
test_no_args
omergunal 2afc177
test_no_args passed
omergunal File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,7 +30,25 @@ | |
| ) | ||
|
|
||
|
|
||
| def main(command_line_args=sys.argv[1:]): # noqa: C901 | ||
| def discover_files(targets, excluded_files, recursive=False): | ||
| included_files = list() | ||
| excluded_list = excluded_files.split(",") | ||
| for target in targets: | ||
| if os.path.isdir(target): | ||
| for root, dirs, files in os.walk(target): | ||
| for f in files: | ||
| fullpath = os.path.join(root, f) | ||
| if os.path.splitext(fullpath)[1] == '.py' and fullpath.split("/")[-1] not in excluded_list: | ||
| included_files.append(fullpath) | ||
| if not recursive: | ||
| break | ||
| else: | ||
| if target not in excluded_list: | ||
| included_files.append(target) | ||
| return included_files | ||
|
|
||
|
|
||
| def main(command_line_args=sys.argv[1:]): | ||
| args = parse_args(command_line_args) | ||
|
|
||
| ui_mode = UImode.NORMAL | ||
|
|
@@ -39,60 +57,67 @@ def main(command_line_args=sys.argv[1:]): # noqa: C901 | |
| elif args.trim_reassigned_in: | ||
| ui_mode = UImode.TRIM | ||
|
|
||
| path = os.path.normpath(args.filepath) | ||
| files = discover_files( | ||
| args.targets, | ||
| args.excluded_paths, | ||
| args.recursive | ||
| ) | ||
|
|
||
| for path in files: | ||
| vulnerabilities = list() | ||
| if args.ignore_nosec: | ||
| nosec_lines = set() | ||
| else: | ||
| file = open(path, 'r') | ||
| lines = file.readlines() | ||
| nosec_lines = set( | ||
| lineno for | ||
| (lineno, line) in enumerate(lines, start=1) | ||
| if '#nosec' in line or '# nosec' in line | ||
| ) | ||
|
|
||
| if args.ignore_nosec: | ||
| nosec_lines = set() | ||
| else: | ||
| file = open(path, 'r') | ||
| lines = file.readlines() | ||
| nosec_lines = set( | ||
| lineno for | ||
| (lineno, line) in enumerate(lines, start=1) | ||
| if '#nosec' in line or '# nosec' in line | ||
| ) | ||
| if args.project_root: | ||
| directory = os.path.normpath(args.project_root) | ||
| else: | ||
| directory = os.path.dirname(path) | ||
| project_modules = get_modules(directory) | ||
| local_modules = get_directory_modules(directory) | ||
| tree = generate_ast(path) | ||
|
|
||
| if args.project_root: | ||
| directory = os.path.normpath(args.project_root) | ||
| else: | ||
| directory = os.path.dirname(path) | ||
| project_modules = get_modules(directory) | ||
| local_modules = get_directory_modules(directory) | ||
| cfg = make_cfg( | ||
| tree, | ||
| project_modules, | ||
| local_modules, | ||
| path | ||
| ) | ||
| cfg_list = [cfg] | ||
|
|
||
| tree = generate_ast(path) | ||
|
|
||
| cfg = make_cfg( | ||
| tree, | ||
| project_modules, | ||
| local_modules, | ||
| path | ||
| ) | ||
| cfg_list = [cfg] | ||
| framework_route_criteria = is_flask_route_function | ||
| if args.adaptor: | ||
| if args.adaptor.lower().startswith('e'): | ||
| framework_route_criteria = is_function | ||
| elif args.adaptor.lower().startswith('p'): | ||
| framework_route_criteria = is_function_without_leading_ | ||
| elif args.adaptor.lower().startswith('d'): | ||
| framework_route_criteria = is_django_view_function | ||
| # Add all the route functions to the cfg_list | ||
| FrameworkAdaptor( | ||
| cfg_list, | ||
| project_modules, | ||
| local_modules, | ||
| framework_route_criteria | ||
| ) | ||
| framework_route_criteria = is_flask_route_function | ||
| if args.adaptor: | ||
| if args.adaptor.lower().startswith('e'): | ||
| framework_route_criteria = is_function | ||
| elif args.adaptor.lower().startswith('p'): | ||
| framework_route_criteria = is_function_without_leading_ | ||
| elif args.adaptor.lower().startswith('d'): | ||
| framework_route_criteria = is_django_view_function | ||
| # Add all the route functions to the cfg_list | ||
| FrameworkAdaptor( | ||
| cfg_list, | ||
| project_modules, | ||
| local_modules, | ||
| framework_route_criteria | ||
| ) | ||
|
|
||
| initialize_constraint_table(cfg_list) | ||
| analyse(cfg_list) | ||
| vulnerabilities = find_vulnerabilities( | ||
| cfg_list, | ||
| ui_mode, | ||
| args.blackbox_mapping_file, | ||
| args.trigger_word_file, | ||
| nosec_lines | ||
| ) | ||
| initialize_constraint_table(cfg_list) | ||
| analyse(cfg_list) | ||
| vulnerabilities.extend(find_vulnerabilities( | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Look good to you? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No, there are no vulnerability in a.py b.py and c.py but it printing from xss.py There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I didn't figure out the bug yet, gonna look more tomorrow 😁 This is harder than expected to track down There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ok, i fixed it. its about |
||
| cfg_list, | ||
| ui_mode, | ||
| args.blackbox_mapping_file, | ||
| args.trigger_word_file, | ||
| nosec_lines | ||
| )) | ||
|
|
||
| if args.baseline: | ||
| vulnerabilities = get_vulnerabilities_not_in_baseline( | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.