diff --git a/src/lib/ACLAnalyzer.py b/src/lib/ACLAnalyzer.py
index 98a85d0eed6eefb8f5e47949614e830914195421..a183a7043d69d942c3bdd707c253bbd43e289c71 100644
--- a/src/lib/ACLAnalyzer.py
+++ b/src/lib/ACLAnalyzer.py
@@ -2,7 +2,7 @@ from lib.FileReader import ProjectInfo,ElementContext
from lib.ACReader import ACLData
from lib.utils import format_log,flatten_node
from tree_sitter import Node
-from .CFGGenerator import CFGGenerator,CFG
+from .CFGGenerator import CFG
from .Const import PATH_SEPARATOR
class ACLAnalyzer():
def __init__(self,project:ProjectInfo,acl_info:ACLData) -> None:
@@ -64,14 +64,7 @@ class ACLAnalyzer():
node:Node = route.cfg.traverse()
if(node.parent.type=='decorated_definition'):
# Cari fungsi dekorator yang dipanggil
- # if "profile" in route.name:
- # print("NODA",node,node.parent)
- # print(principal_list)
- # print("A",set(principal_list))
- # print(node.parent.children)
for dec in node.parent.children:
- # if "profile" in route.name:
- # print("PRINCIP",principal_list)
if dec.type=='decorator':
if dec.children[-1].type=='call':
dekorator = dec.children[-1].children[0]
@@ -81,22 +74,13 @@ class ACLAnalyzer():
acl_result = None
if is_route:
acl_result = self.check_acl_list(route,dekorator.text.decode().split("(")[0].replace("@","").strip())
- # if "profile" in route.name:
- # print(is_route,dekorator,dekorator.text.decode().split("(")[0].replace("@","").strip())
- # print("RES",acl_result)
- # if acl_result!=None:
- # print(set(acl_result))
if(acl_result!=None):
# Ini memang fungsi acl
- # if "profile" in route.name:
- # print("inyong",list(set(principal_list) & set(acl_result)),principal_list,set(principal_list))
principal_list = list(set(principal_list) & set(acl_result))
# Gak ada dekorator/dekorator gak cocok
# Traverse fungsinya
while node:
# Cek detail untuk beberapa tipe node
- # if "auth" in route.name:
- # print(node)
if node.type in ['call','assignment']:
# Cek call method
# Format: [attribute,argument_list] | [identifier,argument_list]
@@ -105,13 +89,11 @@ class ACLAnalyzer():
var_name = ""
for i in range(len(child_list)):
if child_list[i] in [':',',',]:
- #TODO handle buat variabel
continue
elif child_list[i] in [')']:
fun_name = ""
elif child_list[i] == '=':
# Simpan nama variabel di left hand side
- #TODO simpan line
var_name = fun_name
var_list.append({'name':fun_name,'type':child_list[i+1]})
fun_name = ""
@@ -119,7 +101,6 @@ class ACLAnalyzer():
# Cek left side
left_side = child_list[i-1]
right_side = child_list[i+1]
- pass
elif child_list[i] in ['(']:
# Cek apakah fungsinya ada
if fun_name:
@@ -164,7 +145,6 @@ class ACLAnalyzer():
mode = ''
role_name = ""
var_key = ""
- # print(var_list)
for var in var_list:
if var=='==':
mode = 'eq'
@@ -196,7 +176,6 @@ class ACLAnalyzer():
for elmt in node.children:
# Skip kalau dah ':'
if elmt.type==':':
- #TODO handle variabel
break
elif elmt.type=='while':
continue
@@ -316,64 +295,10 @@ class ACLAnalyzer():
# Tambahkan nama fungsinya
fun_name += components[i]
elif node.type in ['try_statement','finally_clause','else_clause']:
- #TODO langsung jalan
pass
elif node.type=='except_clause':
# Dapatkan identifier
identifier = node.children[1]
- #TODO handle variabel
- # elif node.type=='expression_statement':
- # components = []
- # for child in node.children:
- # if child.type in ['elif',':','block']:
- # continue
- # elif child.type=='identifier':
- # components.append(child.text.decode())
- # else:
- # components += flatten_node(child.children)
- # if "auth" in route.name:
- # print(components)
- # # Cek tiap componentnya
- # fun_name = ""
- # # if "reasult" in route.name:
- # # print("KOMP",components)
- # for i in range(len(components)):
- # if components[i] in ['(',')']:
- # # Cek apakah fungsinya dipanggil
- # if fun_name:
- # parts = fun_name.split(".")
- # # Coba konversi dulu
- # if len(parts)>1:
- # #TODO hanya handle yg paling awal aja
- # for var in var_list:
- # if parts[0]==var['name']:
- # parts[0] = var['type']
- # fun_name = ".".join(parts)
- # for rute in file_method_list:
- # function_name = ""
- # if parts[0]!='self' and rute['type']=='module_function' and rute['name']==fun_name:
- # function_name = fun_name
- # elif rute['type']=='class_method' and rute['name']==parts[-1]:
- # if parts[0]!='self':
- # function_name = fun_name
- # else:
- # function_name = parts[-1]
- # else:
- # function_name = fun_name
- # # Cek
- # acl_result = None
-
- # if is_route:
- # acl_result = self.check_acl_list(route,function_name,components[i+1:])
- # if acl_result!=None:
- # # Ada pengecekan
- # principal_list = list(set(principal_list) & set(acl_result))
- # fun_name = ""
- # elif components[i]=='=':
- # fun_name = ""
- # else:
- # # Tambahkan nama fungsinya
- # fun_name += components[i]
elif node.type in ['if_statement','elif_clause']:
# Cek kondisinya dulu
components = []
@@ -386,8 +311,6 @@ class ACLAnalyzer():
components += flatten_node(child.children)
# Cek tiap componentnya
fun_name = ""
- # if "reasult" in route.name:
- # print("KOMP",components)
for i in range(len(components)):
if components[i] in ['and','or','not']:
continue
@@ -397,7 +320,6 @@ class ACLAnalyzer():
parts = fun_name.split(".")
# Coba konversi dulu
if len(parts)>1:
- #TODO hanya handle yg paling awal aja
for var in var_list:
if parts[0]==var['name']:
parts[0] = var['type']
@@ -425,11 +347,6 @@ class ACLAnalyzer():
# Cek apakah variabel sebelum atau sesudanya adalah acl context
left_var_name = self.search_acl_var(fun_name,route)
right_var_name = self.search_acl_var(components[i+1],route)
- # if "admin_mail" in route.name:
- # print(fun_name)
- # print(components[i+1])
- # print(left_var_name)
- # print(right_var_name)
if right_var_name in self.acl_info.acl_context:
# Sanitasi left var name
left_var_name = left_var_name.replace('\"',"").replace("\'","")
@@ -449,11 +366,9 @@ class ACLAnalyzer():
# Sanitasi
right_var_name = right_var_name.replace('\"',"").replace("\'","")
components[i+1] = components[i+1].replace('\"',"").replace("\'","")
- # print(right_var_name)
# Cek apakah right var name adalah string
if type(self.acl_info.acl_context[left_var_name])==dict:
# Cek nilainya
- # print("masuk")
if components[i+1] in self.acl_info.acl_context[left_var_name]:
if components[i]=='==':
principal_list = list(set(principal_list) & set([self.acl_info.acl_context[left_var_name][components[i+1]]]))
@@ -465,9 +380,7 @@ class ACLAnalyzer():
elif components[i] in ['in']:
# Cek apakah variaabel kiri merupakan key yang di kanan
fun_name = fun_name.replace('\"',"").replace("\'","")
- # print(f"{components[i+1]}.{fun_name}")
acl_key = self.search_acl_var(f"{components[i+1]}.{fun_name}",route)
- # print(acl_key)
if acl_key:
#Langsung cari yg terkecil
principal_list = list(set(principal_list) & set(self.acl_info.acl_context[acl_key]))
@@ -477,8 +390,6 @@ class ACLAnalyzer():
# Tambahkan nama fungsinya
fun_name += components[i]
node = route.cfg.traverse()
- # if "profile" in route.name:
- # print("PRINCIPAL",principal_list)
return principal_list
def analyze_module(self,route:ElementContext)->list[list[str,list[str]]]:
@@ -497,7 +408,6 @@ class ACLAnalyzer():
service_acls = []
for f in method_lists:
if f['type']=='class_method':
- #TODO class method
ctx = ElementContext(f"{f['parent']}.{f['name']}",'function',route.location,[])
ctx.set_cfg(CFG(f['ast'],f['ctx'],f['cursor'],route.cfg.source_code))
result = self.analyze_function(ctx)
@@ -510,23 +420,17 @@ class ACLAnalyzer():
return service_acls
def check_acl_list(self,route:ElementContext,name:str,ctx:list[str]=[])->list[str]|None:
- #TODO handle variabel dan kelas dan import
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
# Format name: fun atau self.fun
acl_list = [role for role in self.acl_info.principal_list]
for acl_class in self.project_info.acl_class:
- # if "profile" in route.name:
- # print("NOW",set(acl_list))
acl_class.cfg.reset()
if(acl_class.type=='library' and acl_class.location==route.location):
- # if "profile" in route.name:
- # print("a",acl_class.context)
if(acl_class.context):
# Cek apakah fungsi yang merupakan acl digunakan
# context berisi daftar fungsi yang merupakan fungsi untuk cek ACL
while True:
acl_node:Node|None = acl_class.cfg.traverse()
- # print("tuduh",acl_node)
if not acl_node:
break
# Handle kasus antara gak ada context fungsi mana yang acl maupun ada
@@ -536,17 +440,12 @@ class ACLAnalyzer():
# Cek apakah dia manggil fungsi yang diimport di acl
elmt = acl_class.get_base_element_name().split(" ")
formatted_key = f"lib:{elmt[-1]}::{name}"
- # if "profile" in route.name:
- # print(formatted_key,self.acl_info.acl_context)
if formatted_key not in self.acl_info.acl_context:
acl_list = None
else:
acl_list = self.acl_info.acl_context[formatted_key]
- # print("SEKARANG",acl_list)
# Kasus kalau acl nya kelas atau fungsi
elif acl_class.type in ['class','function']:
- # if "profile" in route.name:
- # print("b")
# Cek apakah ada parent context
parent_class = ""
for k in acl_class.context:
@@ -581,8 +480,6 @@ class ACLAnalyzer():
elif(function['type']=='class_method' and function['name']==acl_class.get_base_element_name() and (name==f"{function['parent']}.{function['name']}" or function['parent']==parent_class)):
acl_list = list(set(acl_list) & set(self.analyze_function(acl_class,False)))
else:
- # if "profile" in route.name:
- # print("c")
# Beda file, cek di import ada gak
# Kali aja ada di module ini
dependency_lists = self.project_info.dependency_manager.get(route.location).dependency_list
@@ -644,8 +541,6 @@ class ACLAnalyzer():
if(tmp_name==tmp_comparator):
# Cek apakah dia manggil fungsi yang diimport di acl
acl_list = list(set(acl_list) & set(self.analyze_function(acl_class,False)))
- # if "profile" in route.name:
- # print("baiknya",acl_list)
return acl_list
def search_acl_var(self,var_name:str,route:ElementContext)->str:
@@ -658,9 +553,6 @@ class ACLAnalyzer():
for dep in self.project_info.dependency_manager.get(route.location).dependency_list:
lib_name = dep[1]['original']
format_lib = f'lib:{lib_name}::{check_var}'
- # if "reasult" in route.name:
- # print("ASU",components,check_var)
- # print(format_lib)
if (components[0]==dep[1]['rename'] or components[0]==dep[1]['original']) and format_lib in self.acl_info.acl_context:
return format_lib
elif format_lib in self.acl_info.acl_context:
diff --git a/src/lib/ACReader.py b/src/lib/ACReader.py
index ddc9e3c7c8ca144dc16859bc9a8991325b770d1a..be0a59870789c3b88ab270b7ee77f666bf72a918 100644
--- a/src/lib/ACReader.py
+++ b/src/lib/ACReader.py
@@ -1,5 +1,4 @@
from lib.utils import format_log
-from typing import Optional,Dict,Any,Type
import re
class ACLData():
@@ -18,7 +17,6 @@ class ACReader():
def __init__(self,path:str,req_file:str|None=None) -> None:
self.acl_path:str = path
self.req_file:str = req_file
- # @ACL
def read(self) -> ACLData:
format_log("Reading ACL File...")
principal_list:list[str] = []
@@ -84,5 +82,4 @@ class ACReader():
content = detail[1].replace(" ","").split(",")
acl_context[detail[0]] = content
acl_data = ACLData(principal_list,service_acl,acl_context)
- # print(acl_data)
return acl_data
\ No newline at end of file
diff --git a/src/lib/ASTGenerator.py b/src/lib/ASTGenerator.py
index 97e78e416a967d8edfe26b707ed55755dce509c5..3a5dea9706645c4841e7527395789795544bbfe1 100644
--- a/src/lib/ASTGenerator.py
+++ b/src/lib/ASTGenerator.py
@@ -1,7 +1,6 @@
from tree_sitter import Language, Parser,Node,TreeCursor,Tree
import tree_sitter_python as tspython
from lib.custom_class import ElementContext
-from .DependencyManager import DependencyManager
from lib.utils import format_log
import re
class ASTGenerator():
@@ -154,13 +153,6 @@ class ASTGenerator():
ast = self.parser.parse(file_content).root_node
cursor = ast.walk()
return (ast,cursor,file_content)
-
-# Kasus Import Python:
-# import a
-# import a as b
-# from a import c,d
-# from a import *
-# from a import c as b
def parse_library(self,ctx:ElementContext)->tuple[Node|None,TreeCursor|None]:
# Tentukan jenis import nya
diff --git a/src/lib/CFGGenerator.py b/src/lib/CFGGenerator.py
index 939b06097ed74634a3f4f8c7941c1a1aa7dca4e8..9db2b2bec611f8126abb77dddbcaef0154ae224f 100644
--- a/src/lib/CFGGenerator.py
+++ b/src/lib/CFGGenerator.py
@@ -80,26 +80,13 @@ class CFG():
have_sibling = self.cursor.goto_next_sibling()
return None
-# Rules sementara
-
- # (V) trt_statement | except_statement (V)
- # (V) funct -> body (V)
- # if_statement | (V)
- # if_statement -> consequence | alternative (V)
- # alternative: elif_clause -> consequence (V)
- #alternative: else_clause -> body (V)
- # with_statement -> body (V)
- # for statement -> block (V)
- # while statement -> block (V)
def traverse_function(self)->Node|None:
- # print("initial",self.cursor.node)
# Terminate
if self.is_node_equal(self.cursor.node,self.original_cursor.node) and self.is_traversing:
return None
if self.is_node_equal(self.cursor.node,self.original_cursor.node):
self.is_traversing = True
-
if(self.cursor.node.type=='function_definition'):
# Simpan next branch
tmp_ptr = self.cursor.copy()
@@ -112,7 +99,6 @@ class CFG():
elif(self.cursor.node.type=='block'):
# Blok fungsi
self.cursor.goto_first_child()
- # print("return",self.cursor.node,self.cursor.node.parent.children)
return self.cursor.node
elif(self.cursor.node.type=='try_statement'):
# Blok try-catch
@@ -130,24 +116,18 @@ class CFG():
self.cursor.reset_to(self.next_branch)
return self.cursor.node
elif(self.cursor.node.type in ['except_clause','finally_clause']):
- # return block
self.cursor.goto_last_child()
return self.cursor.node
elif(self.cursor.node.type=='if_statement'):
# Ada percabangan
# cari block node
self.cursor.goto_first_child()
- # while self.cursor.node.type in ["if",":"]:
while self.cursor.node.type !='block':
self.cursor.goto_next_sibling()
node = self.cursor.node
# simpan branch berikutnya
- # self.cursor.goto_parent()
- # while has_sibling and self.cursor.node.type not in ['elif_clause','else_clause']:
- # has_sibling = self.cursor.goto_next_sibling()
tmp_ptr = self.cursor.copy()
has_sibling = True
- # while not has_sibling:
while has_sibling and tmp_ptr.node.type not in ['elif_clause','else_clause']:
has_sibling = tmp_ptr.goto_next_sibling()
if(not has_sibling):
@@ -158,10 +138,8 @@ class CFG():
if CFG.is_node_equal(prev_node,tmp_ptr.node):
break
self.next_branch = tmp_ptr.copy()
- # self.cursor.reset_to(tmp_ptr)
else:
self.next_branch = tmp_ptr.copy()
- # print("if return",node,self.cursor.node)
return node
elif(self.cursor.node.type=='elif_clause'):
# Ada percabangan
@@ -232,7 +210,6 @@ class CFG():
# reset next branch
self.next_branch = None
return self.cursor.node
- #TODO call
elif self.cursor.node.type=='return_statement':
# Dapatkan yang di return statement
self.cursor.goto_first_child()
@@ -243,7 +220,6 @@ class CFG():
# Ada percabangan
# cari block node
self.cursor.goto_first_child()
- # while self.cursor.node.type in ["if",":"]:
while self.cursor.node.type in ['match',':']:
self.cursor.goto_next_sibling()
node = self.cursor.node
@@ -317,9 +293,6 @@ class CFG():
self.cursor.goto_next_sibling()
return self.cursor.node # return a
elif(self.cursor.node.children[i].type=="dotted_name"):
- # format: from a import b
- # print("MASUK")
- # print("SU",self.cursor.node.children)
self.cursor.goto_last_child()
while self.cursor.node.type in [')',',','comment']:
self.cursor.goto_previous_sibling()
diff --git a/src/lib/FileReader.py b/src/lib/FileReader.py
index 8308946b0c50ae5650b981aad934b8c1487519ce..b90e943e80690b0630e7a7c5a3360c416c7cafc3 100644
--- a/src/lib/FileReader.py
+++ b/src/lib/FileReader.py
@@ -1,11 +1,10 @@
import os
import re
from lib.utils import format_log
-from typing import Optional
from lib.CFGGenerator import CFGGenerator,CFG
from lib.custom_class import ElementContext
from .Const import PATH_SEPARATOR
-from .DependencyManager import DependencyManager,FileInformation
+from .DependencyManager import DependencyManager
class FileReader:
ANNOTATION_PATTERN = "\S*@.+"
def __init__(self, project_path:str)->None:
@@ -45,11 +44,9 @@ class FileReader:
# Cari tahu jenis acl nya
i+=1
while re.search(FileReader.ANNOTATION_PATTERN,lines[i]):
- #TODO handle kalau ketemu yang lain
i+=1
# Baca nama modul
# import_name:flask_login
- # print(additional_context)
module_name = additional_context[0].split(":")[1].strip()
self.dependency_names.append({"name":module_name,"ctx":additional_context})
i+=1
@@ -60,12 +57,7 @@ class FileReader:
project_info:ProjectInfo = ProjectInfo()
for file in files:
with open(file,'rb') as source_code:
- # print(file)
- # print(source_code.read().decode())
- # import time
- # time.sleep(20)
lines = source_code.read().decode().split("\n")
- # lines = source_code.readlines()
i = 0
while i < len(lines):
is_skipped = False
@@ -78,7 +70,6 @@ class FileReader:
# Cari tahu jenis yang di-excempt
i+=1
stripped_lines = lines[i].strip()
- # print("A",lines[i])
while not is_skipped and (re.search(FileReader.ANNOTATION_PATTERN,lines[i]) or not stripped_lines or stripped_lines[0] in ["#","@"]):
next_annotations = self.have_annotation(lines[i])
for annon in next_annotations:
@@ -86,15 +77,12 @@ class FileReader:
# Skip fungsi ini
is_skipped = True
break
- #TODO handle sisanya
i+=1
- # print("B",lines[i])
stripped_lines = lines[i].strip()
if is_skipped:
continue
# Kalau next line nya class, ya class, kalau def yg fungsi, selain itu type nya module
curr_node = None
- # print("C",lines[i])
if re.search("\S*class +",lines[i]):
curr_node = ElementContext(lines[i].strip().split(" ")[1],'class',file,additional_context)
elif re.search("\S*def +",lines[i]):
@@ -117,7 +105,6 @@ class FileReader:
if route.location==file and (CFG.is_node_equal(route.cfg.ast,tmp_parent)):
route.context.append(f"Exempt::{curr_node.name.split('(')[0]}")
elif("@ACL" in annotation):
- # print("MASUK")
# Ini kelas acl
# Cek jika ada keterangan tambahan
match = re.search(r'\(.*\)',lines[i])
@@ -127,7 +114,6 @@ class FileReader:
# Cari tahu jenis acl nya
i+=1
while re.search(FileReader.ANNOTATION_PATTERN,lines[i]):
- #TODO handle kalau ketemu yang lain
i+=1
if re.search("\S*class +",lines[i]):
# ACL nya kelas
@@ -141,12 +127,11 @@ class FileReader:
else:
# Ini kelas biasa
continue
- # Generate CFG jika ini acl
+ # Generate CFG jika ini acl
cfg,deps = self.cfg_generator.generate(project_info.acl_class[-1])
project_info.acl_class[-1].set_cfg(cfg)
- #Daftarkan dependency
+ # Daftarkan dependency
project_info.dependency_manager.add(deps)
- # project_info.dependency_manager.add(FileInformation("","",))
# Cek jika ini fungsi dalam kelas
if(project_info.acl_class[-1].type=='function'):
parent = project_info.acl_class[-1].cfg.ast.parent.parent
@@ -164,7 +149,6 @@ class FileReader:
# Cari tahu jenis rute nya
i+=1
have_annotation = self.have_annotation(lines[i])
- # print(lines[i])
while not is_skipped and re.search(FileReader.ANNOTATION_PATTERN,lines[i]) and not have_annotation:
next_annotations = self.have_annotation(lines[i])
for annon in next_annotations:
@@ -172,7 +156,6 @@ class FileReader:
# Skip fungsi ini
is_skipped = True
break
- #TODO handle sisanya
i+=1
if have_annotation:
subanot = None if len(have_annotation)==0 else have_annotation[0]
diff --git a/src/lib/HandlerSanitizationAnalyzer.py b/src/lib/HandlerSanitizationAnalyzer.py
index 2c6402ab1a2ae008f13bd5d6971d4ba3536e9f58..df9626c5af7b30fe7605181a19ca9e4529a56c05 100644
--- a/src/lib/HandlerSanitizationAnalyzer.py
+++ b/src/lib/HandlerSanitizationAnalyzer.py
@@ -70,15 +70,11 @@ class HandlerSanitizationAnalyzer():
else:
dekorator = dec.children[-1]
# Cek apakah ada di fungsi atau library
- # print("kimitachi",dekorator.text.decode().split("(")[0].replace("@","").strip())
if self.is_in_acl_list(route,dekorator.text.decode().split("(")[0].replace("@","").strip()):
return True
# Gak ada dekorator/dekorator gak cocok
# Traverse fungsinya
while node:
- # if "profile" in route.name:
- # print(node)
- # print("KOMP",components)
# Cek detail untuk beberapa tipe node
if node.type in ['call','assignment']:
# Cek call method
@@ -92,7 +88,6 @@ class HandlerSanitizationAnalyzer():
fun_name = ""
elif child_list[i] == '=':
# Simpan nama variabel di left hand side
- #TODO simpan line
var_list.append({'name':fun_name,'type':child_list[i+1]})
fun_name = ""
elif child_list[i] in ['(']:
@@ -163,9 +158,6 @@ class HandlerSanitizationAnalyzer():
components += flatten_node(child.children)
# Cek tiap componentnya
child_list = flatten_node(node.children)
- # if "search" in route.name:
- # print(node)
- # print("KOMP",components)
fun_name = ""
for child in child_list:
if child in [':',',']:
@@ -234,18 +226,12 @@ class HandlerSanitizationAnalyzer():
# Cek kondisinya dulu
components = []
for child in node.children:
- # if child.type in ['with','block',":"]:
- # continue
if child.type in ['identifier','in']:
components.append(child.text.decode())
elif child.type in ['string']:
components.append(child.text.decode().replace('"','').replace("'",""))
else:
components += flatten_node(child.children)
- if "adminPanel" in route.name:
- print(node.children)
- print(node,node.text,components)
- # var_name = ""
for i in range(len(components)):
if components[i] in ['in']:
# Cek kanan kirinya
@@ -253,12 +239,8 @@ class HandlerSanitizationAnalyzer():
right_side = components[i+1]
# Cek apakah ini acl
if self.is_in_acl_list(route,right_side):
- print("masuk")
return True
- # else:
- # var_name = components[i]
elif node.type in ['try_statement','finally_clause','else_clause']:
- #TODO langsung jalan
pass
elif node.type=='except_clause':
# Dapatkan identifier
@@ -274,8 +256,6 @@ class HandlerSanitizationAnalyzer():
else:
components += flatten_node(child.children)
# Cek tiap componentnya
- # if "profile" in route.name:
- # print(components)
fun_name = ""
for i in range(len(components)):
if components[i] in ['and','or','not']:
@@ -286,7 +266,6 @@ class HandlerSanitizationAnalyzer():
parts = fun_name.split(".")
# Coba konversi dulu
if len(parts)>1:
- #TODO hanya handle yg paling awal aja
for var in var_list:
if parts[0]==var['name']:
parts[0] = var['type']
@@ -314,12 +293,10 @@ class HandlerSanitizationAnalyzer():
if fun_name:
# Cek jika ini nama library yg diimpor
parts = fun_name.split(".")
- # print(self.is_in_acl_list(route,parts[0]))
node = route.cfg.traverse()
return False
def analyze_module(self,route:ElementContext)->list[str]:
- #TODO CFG
format_log(f"Analyzing module {route.get_base_element_name()} in {route.location}...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
# Cari info semua fungsi di module
@@ -347,39 +324,18 @@ class HandlerSanitizationAnalyzer():
def is_in_acl_list(self,route:ElementContext,name:str,ctx:list[str]=[]):
# Format name: fun atau self.fun
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
- # print(self.project_info.acl_class)
for acl_class in self.project_info.acl_class:
acl_class.cfg.reset()
- # print("AA",acl_class)
- if "adminPanel" in route.name:
- print("kena pala")
- print(acl_class,acl_class.type)
- print(acl_class.location)
if(acl_class.type=='library' and acl_class.location==route.location):
- # print("acl",acl_class)
if(acl_class.context):
# Cek apakah fungsi yang merupakan acl digunakan
# context berisi daftar fungsi yang merupakan fungsi untuk cek ACL
- # if "new_content" in route.name:
- # # print("a")
- # print(acl_class.cfg.ast,acl_class.context)
while True:
acl_node:Node|None = acl_class.cfg.traverse()
- # if "new_content" in route.name:
- # # print("a")
- # print(acl_class.cfg.ast,acl_node)
if not acl_node:
break
- if "adminPanel" in route.name:
- print(name)
- print(acl_class.context)
- print(acl_node)
- print(acl_node.text)
- # acl_node = None
- # print("asu",acl_class.context,acl_node.text.decode())
# Handle kasus antara gak ada context fungsi mana yang acl maupun ada
if(not acl_class.context or (acl_node.text.decode().split(".")[0] in acl_class.context)):
- # print(name, acl_class.cfg.get_name(acl_node))
# Cek jika ini fungsi ataupun kelas
if(name==acl_class.cfg.get_name(acl_node) or name.split(".")[0]==acl_class.cfg.get_name(acl_node)):
# Cek apakah dia manggil fungsi yang diimport di acl
@@ -396,7 +352,6 @@ class HandlerSanitizationAnalyzer():
# Kali aja ada di module ini
for function in file_method_list:
if(acl_class.type=='class' and function['type']=='class_method' and function['parent']==acl_class.get_base_element_name()):
- #TODO hanya handle 1 accessing misal a.b, a.b.c gak bisa
full_name = name
if len(name.split("."))==1 and ctx:
j = 0
@@ -441,7 +396,6 @@ class HandlerSanitizationAnalyzer():
if m["rename"]:
# Pake rename
comparator = m["rename"]
- #TODO hanya handle 1 accessing misal a.b, a.b.c gak bisa
if len(name.split("."))==1 and ctx:
j = 0
elmt = ctx[j]
diff --git a/src/lib/MainMenu.py b/src/lib/MainMenu.py
index ddcca81e3c200b789b489869a02cd5e1b696b0c5..81be73aa5778f5cd45b05229179bdec10474197f 100644
--- a/src/lib/MainMenu.py
+++ b/src/lib/MainMenu.py
@@ -5,20 +5,17 @@ from lib.HandlerSanitizationAnalyzer import HandlerSanitizationAnalyzer
from lib.ACLAnalyzer import ACLAnalyzer
from lib.VulnerabilitReporter import VulnerabilityReporter
import time
-# @ACL(explore_decorator_no_args)
-from lib.experiment import explore_decorator_no_args,explore_decorator
# Supaya support up arrow di linux, perlu import readlines
from sys import platform
if platform=='linux':
import readline
-def roue():
- return True
+
class MainMenu():
def __init__(self):
self.project_path:str = ""
self.acl_path:str = ""
- # @Service
+
def start(self):
self.print_header()
# Dapatkan Path Menuju File dan Konfigurasi ACL
@@ -38,10 +35,8 @@ class MainMenu():
try:
self.acl_data = ACReader(self.acl_path).read()
format_log("ACL data acquired.")
- # print(self.acl_data.acl_context)
self.project_ctx = FileReader(self.project_path).analyze_project()
format_log("ACL and routes context gathered...")
- # print(self.project_ctx)
except FileNotFoundError:
format_log("File not found. Exiting...",status='error')
generation_end_time = time.time()
@@ -65,9 +60,7 @@ class MainMenu():
detection_time = round(detection_end_time-detection_start_time,6)
generation_time = round(generation_end_time-generation_start_time,6)
format_log(f"Analysis finished in {round(time.time()-generation_start_time,6)} seconds. (generation: {generation_time} seconds, detection: {detection_time} seconds)",end="\n\n")
- # @Service
- @explore_decorator_no_args
- # @explore_decorator
+
def print_header(self):
print("Welcome to SCA Tool")
print("V.1.0")
diff --git a/src/lib/experiment.py b/src/lib/experiment.py
deleted file mode 100644
index a79666992ccc9a0577bb170a60d277ebaa84870b..0000000000000000000000000000000000000000
--- a/src/lib/experiment.py
+++ /dev/null
@@ -1,16 +0,0 @@
-def explore_decorator(*args,**kwargs):
- def inner(func):
- '''
- do operations with func
- '''
- return func
- return inner #this is the fun_obj mentioned in the above content
-
-def explore_decorator_no_args(func):
- ##print("Inside decorator")
- # def inner(*args,**kwargs):
- ##print("Inside inner function")
- ##print("Decorated the function")
- # # do operations with func
- # func(None)
- return func
\ No newline at end of file
diff --git a/src/lib/utils.py b/src/lib/utils.py
index 24693219a29cd2eb027af359fe0ef9e50da9b5a6..6bd0755cbefae28430c831e46649dc7dab734790 100644
--- a/src/lib/utils.py
+++ b/src/lib/utils.py
@@ -49,47 +49,3 @@ def flatten_node(nodes: list[Node]) -> list[str]:
if res[-1].endswith("."):
res[-1] = res[-1][:-1]
return res
-
-
-if __name__ == "__main__":
- format_log("Hello World",status='error')
- from tree_sitter import Parser, Language
- import tree_sitter_python as tspython
-
- PY_LANGUAGE = Language(tspython.language(), "python")
- parser = Parser()
- parser.set_language(PY_LANGUAGE)
-
- tree = parser.parse(
- bytes(
- """
- qux() and jan and not 1 or 1>=2
-""",
- "utf8",
- )
- )
- cursor = tree.walk()
- cursor.goto_first_child()
- cursor.goto_first_child()
-#print(cursor.node)
-#print(cursor.node.children)
-#print("TEST")
-#print("Res",flatten_node(cursor.node.children))
-#print("attribute")
- cursor.goto_first_child()
-#print(cursor.node)
-#print(cursor.node.children)
-#print("call")
- cursor.goto_next_sibling()
- cursor.goto_next_sibling()
-#print(cursor.node)
-#print(cursor.node.children)
-#print("call attr")
- cursor.goto_first_child()
-#print(cursor.node)
-#print(cursor.node.children)
-#print("call attr call")
- cursor.goto_first_child()
-#print(cursor.node)
-#print(cursor.node.children)
-