fix: class method acl cannot be detected from class method route

src/lib/ACLAnalyzer.py

@@ -54,6 +54,7 @@ class ACLAnalyzer():
       # if start_node:
       # ctx.set_cfg(CFGGenerator().generate(ctx))
       ctx.set_cfg(CFG(f['ast'],f['ctx'],f['cursor'],route.cfg.source_code_method_list,route.cfg.source_code))
+      # print("CTX",ctx)
       result = self.analyze_function(ctx)
       class_acls.append([ctx.name,result])
     # print("class acl",class_acls)
@@ -88,7 +89,6 @@ class ACLAnalyzer():
     # Gak ada dekorator/dekorator gak cocok
     # Traverse fungsinya
     while node:
-#print("noda",node)
       # Cek detail untuk beberapa tipe node
       ##print("noda1",node)
       if node.type in ['call','assignment']:
@@ -336,6 +336,7 @@ class ACLAnalyzer():
         # Cek tiap componentnya
         fun_name = ""
         for i in range(len(components)):
+          # print("compa",components)
           if components[i] in ['and','or','not']:
             continue
           elif components[i] in ['(',')']:
@@ -355,6 +356,7 @@ class ACLAnalyzer():
                 # Cek
                 acl_result = None
                 if is_route:
+                  # print("fun",function_name,components)
                   acl_result =  self.check_acl_list(route,function_name,components[i+1:])
                 if acl_result!=None:
                   # Ada pengecekan
@@ -395,7 +397,7 @@ class ACLAnalyzer():
             # Tambahkan nama fungsinya
             fun_name += components[i]
       node = route.cfg.traverse()
-      ##print("node.js",node)
+    # print("result",principal_list)
     return principal_list
 
   def analyze_module(self,route:ElementContext)->list[list[str,list[str]]]:
@@ -461,7 +463,6 @@ class ACLAnalyzer():
           if k.startswith("Parent::"):
             # print("Name",name)
             parent_class = k.split("::")[1]
-            # print("Parent",parent_class)
         if acl_class.location==route.location:
           # Kelas/fungsi lokal
           # Kali aja ada di module ini
@@ -488,6 +489,13 @@ class ACLAnalyzer():
                 # if not acl_node:
                 #   break
             elif(acl_class.type=='function'):
+                    #      if method['type']=='class_method' and (f"{method['parent']}.{method['name']}"==f"{comparator}.{name}" or f"{parent_class}.{method['name']}"==f"{comparator}.{name}"):
+                    #   return True
+                    # # Fungsi tidal sesuai
+                    # elif method['type']!='module_function' or method['name']!=m['original']:
+                    #   continue         
+              # print("name",name)
+              # print("parent",parent_class)
               if(function['type']=='module_function' and function['name']==acl_class.get_base_element_name() and name==function['name']):
               # Cek si cfg kelas acl
                 acl_list = list(set(acl_list) & set(self.analyze_function(acl_class,False)))
@@ -504,10 +512,22 @@ class ACLAnalyzer():
         else:
           # Beda file, cek di import ada gak
           # Kali aja ada di module ini
+          # if name=='is_admin' and route.name=="Views.class_get_logs":
+          #   print("Parent",parent_class)
+          #   print("NAMA",name)
+          #   print("ACL",acl_class)
+          #   print("ROUTE",route)
+            # print(route.cfg.source_code)
           dependency_lists = route.cfg.source_code_dependency_list
           route_position =  route.cfg.get_line_index(route.name)
+          # print("MASUKK")
+          # print("deps",dependency_lists)
           for dependency in dependency_lists:
             if dependency[0 ]> route_position:
+              # if name=='is_admin' and route.name=="Views.class_get_logs":
+              #   print(dependency)
+              #   print(route_position)
+              # print("salahkah?")
               break
             dependency_parts = dependency[1]['original'] # Module name
             if dependency_parts not in acl_class.location.replace("\\","."):
@@ -515,6 +535,7 @@ class ACLAnalyzer():
               continue
             # Yang diimport class nya
             if(acl_class.type=='class'):
+                # print("kelas abangku")
               # Cukup cek apakah kelas atau fungsinya sama
                 for m in dependency[2]:
                   comparator = m['original']
@@ -545,18 +566,20 @@ class ACLAnalyzer():
                         acl_list = list(set(acl_list) & set(acl[1]))
             elif(acl_class.type=='function'):
               # Cukup cek apakah kelas atau fungsinya sama
+                # print("pake nanya")
                 for m in dependency[2]:
                   comparator = m['original']
                   if m["rename"]:
                     # Pake rename
                     comparator = m["rename"]
-                  # print("compa",comparator)
-                  # print("name",name)
+                  # print("compa1",comparator)
+                  # print("name1",name)
                   # print("kongteks",self.acl_info.acl_context)
                   tmp_name = name
                   if parent_class:
                     tmp_name = f"{parent_class}.{name}"
                   for method in acl_class.cfg.source_code_method_list:
+                    tmp_comparator = comparator
                     # print("metoda",method)
                     # if method['type']=='class_method' and (f"{method['parent']}.{method['name']}"==name or f"{parent_class}.{method['name']}"==name):
                     #   acl_list = self.acl_info.acl_context[acl_class.get_base_element_name()]
@@ -564,14 +587,18 @@ class ACLAnalyzer():
                     if method['type']=='module_function' and method['name']!=m['original']:
                       continue
                     elif method['type']=='class_method':
-                      comparator = f"{comparator}.{method['name']}"
+                      tmp_comparator = f"{tmp_comparator}.{method['name']}"
+                    # print("parento",parent_class)
                       # and function['name']==acl_class.get_base_element_name() and (name==f"{function['parent']}.{function['name']}" or function['parent']==parent_class)
-#print("compereteg",name,comparator)
-                    if(tmp_name==comparator):
+                    # print("compereteg",tmp_name,tmp_comparator)
+
+                    if(tmp_name==tmp_comparator):
                       # Cek apakah dia manggil fungsi yang diimport di acl
-#print(601)           
+                      # print(601)           
                       # if key in self.acl_info.acl_context
+                      # print("prev",acl_list)
                       acl_list = list(set(acl_list) & set(self.analyze_function(acl_class,False)))
+                      # print("after",acl_list)
 #print("aclku",acl_list)
                       # acl_list = self.acl_info.acl_context[acl_class.get_base_element_name()]
     return acl_list
@@ -598,4 +625,5 @@ class ACLAnalyzer():
 #print("var2",format_lib)
             return format_lib
 #print("else")
-    return ""
\ No newline at end of file
+    return ""
+  
\ No newline at end of file

src/lib/CFGGenerator.py

@@ -72,8 +72,13 @@ class CFG():
       return deps_list
 
   def get_line_index(self,text:str)->int:
+    parts = text.split(".")
+    # Pastikan tiap bagiannya terpanggi
     for i,line in enumerate(self.source_code.decode().split("\n")):
-      if text in line:
+      if parts[0] in line:
+        parts.pop(0)
+      if not parts:
+        # Dah habis
         return i
     return -1
 

src/lib/MainMenu.py

@@ -32,7 +32,7 @@ class MainMenu():
         format_log("ACL data acquired.")
         self.project_ctx = FileReader(self.project_path).analyze_project()
         format_log("ACL and routes context gathered...")
-        print("KONGTEKS",self.project_ctx)
+        # print("KONGTEKS",self.project_ctx)
       except FileNotFoundError:
         format_log("File not found. Exiting...",status='error')
       else:

src/lib/RouteSanitizationAnalyzer.py

@@ -14,6 +14,7 @@ class RouteSanitizationAnalyzer():
   def analyze(self)->list[str]:
     vuln_routes = []
     for route in self.project_info.route_class:
+      # print("ROUTE",route)
       format_log(f"Analyzing {route.get_base_element_name()} in {route.location}...")
       # Tentukan tipenya
       if(route.type == 'function'):
@@ -22,6 +23,7 @@ class RouteSanitizationAnalyzer():
           vuln_routes.append(f"{route.get_base_element_name()}() in {route.location}")
       elif(route.type=='class'):
         unsanitized_functions = self.analyze_class(route)
+        # print(unsanitized_functions)
         for func in unsanitized_functions:
           vuln_routes.append(f"{route.get_base_element_name()}.{func}() in {route.location}")
       elif(route.type=='module'):
@@ -52,6 +54,7 @@ class RouteSanitizationAnalyzer():
     return unsanitized_methods
 
   def analyze_function(self,route:ElementContext)->bool:
+    # print("rota",route)
     ##print(self.project_info.acl_class)
     # Cek parent nya untuk menentukaan apakah ada dekorator
     route.cfg.reset()
@@ -319,7 +322,7 @@ class RouteSanitizationAnalyzer():
   def is_in_acl_list(self,route:ElementContext,name:str,ctx:list[str]=[]):
     # Format name: fun atau self.fun
 #print(self.project_info.acl_class)
-#print("nama",name)
+    # print("nama",name)
     for acl_class in self.project_info.acl_class:
       acl_class.cfg.reset()
       if(acl_class.type=='library' and acl_class.location==route.location):
@@ -345,6 +348,7 @@ class RouteSanitizationAnalyzer():
         for k in acl_class.context:
           if k.startswith("Parent::"):
             parent_class = k.split("::")[1]
+        # print("parent",parent_class)
         if acl_class.location==route.location:
           # Kelas/fungsi lokal
           # Kali aja ada di module ini
@@ -430,9 +434,9 @@ class RouteSanitizationAnalyzer():
                     # call_template = f"{m['original']}.{name}"
                     #print("call",call_template)
                     # if name=='RoleCheck.is_admin':
-                    #   print("namae",name)
-                    #   print("compa",comparator)
-                    if method['type']=='class_method' and (f"{method['parent']}.{method['name']}"==name or f"{parent_class}.{method['name']}"==name):
+                    # print("namae",name)
+                    # print("compa",comparator)
+                    if method['type']=='class_method' and (f"{method['parent']}.{method['name']}"==f"{comparator}.{name}" or f"{parent_class}.{method['name']}"==f"{comparator}.{name}"):
                       return True
                     # Fungsi tidal sesuai
                     elif method['type']!='module_function' or method['name']!=m['original']:

tests/tc1/class_views.py

@@ -59,7 +59,7 @@ class Views():
         return jsonify({})
 
     @views.route('/note', methods=['GET'])
-    # @login_required
+    @login_required
     def class_get_note(self):
         notes = Note.query.filter(Note.user_id==current_user.id)
         return jsonify(notes)

tests/tc1/views.py

@@ -26,7 +26,7 @@ def add_note():
     return render_template("home.html")
 
 @views.route('/update', methods=['POST'])
-# @login_required
+@login_required
 def update_note():
     if request.method == 'POST':
         n = request.form.get('note')