diff --git a/exploration/treesitter.py b/exploration/treesitter.py
index d2598e21c46823e382c036da059bce5b6168eca4..63ef0c3fc7e81280e277f472311e499014edadd2 100644
--- a/exploration/treesitter.py
+++ b/exploration/treesitter.py
@@ -364,53 +364,14 @@ print(cusor.node.children)
# print(cusor.node)
# print(cusor.node.children)
# print()
-print()
-tree = parser.parse(bytes("""
-@Sanitization(isAuthenticated=True)
-def a(self):
- print("Oke Gas")
- """,'utf-8'))
-print(tree.root_node.sexp())
-cusor = tree.walk()
-cusor.goto_first_child()
-print(cusor.node)
-print(cusor.node.children)
-
-cusor.reset(cusor.node)
-cusor.goto_first_child()
-print()
-print(cusor.node)
-print(cusor.node.children)
-print(cusor.node.parent)
-print(cusor.node.parent.parent)
-print(cusor.node.parent.parent.parent)
tree = parser.parse(bytes("""
-from modules import (
- Log, # A class for logging messages
- abort, # Function to abort the request
- Delete, # Function to delete user from the database
- request, # Module for handling HTTP requests
- sqlite3, # SQLite database module
- session, # Session handling module
- redirect, # Function to redirect
- Blueprint, # Blueprint for defining routes
- RECAPTCHA, # Flag indicating whether reCAPTCHA is enabled
- requestsPost, # Function to make POST requests
- DB_USERS_ROOT, # Path to the users database
- render_template, # Function to render HTML templates
- RECAPTCHA_SITE_KEY, # reCAPTCHA site key
- RECAPTCHA_VERIFY_URL, # reCAPTCHA verification URL
- RECAPTCHA_SECRET_KEY, # reCAPTCHA secret key
- RECAPTCHA_DELETE_USER, # Flag indicating whether reCAPTCHA is required for deleting user
-)
+def accountSettings():
+ # Check if the user is logged in
+ match "userName" in session:
+ case True:
+ Log.sql(
""",'utf-8'))
-cursor = tree.walk()
-cursor.goto_first_child()
-# cursor.goto_last_child()
-# cursor.goto_first_child()
-print("kimi")
-print(cursor.node)
-print(cursor.node.children)
\ No newline at end of file
+print(tree.root_node.sexp())
\ No newline at end of file
diff --git a/makefile b/makefile
index 628498672a637220b650a990fcb96fbf14838ec4..ec0d890497ea8d3757e73e569cb1d4ae08f7dc40 100644
--- a/makefile
+++ b/makefile
@@ -1,2 +1,5 @@
run:
- python src/main.py
\ No newline at end of file
+ python src/main.py
+
+run-py:
+ py -3.10 src/main.py
\ No newline at end of file
diff --git a/src/lib/ACLAnalyzer.py b/src/lib/ACLAnalyzer.py
index ff41bb00a06c7cbc74f5579e5b4cbf0109766cbc..5ee9f0f54f094c8dd0f1a7b7911e1457f15d9917 100644
--- a/src/lib/ACLAnalyzer.py
+++ b/src/lib/ACLAnalyzer.py
@@ -13,7 +13,7 @@ class ACLAnalyzer():
real_acl:ACLData = ACLData(self.acl_info.principal_list,{},self.acl_info.acl_context)
for route in self.project_info.service_class:
- format_log(f"Start Analyzing Service {route.get_base_element_name()} in {route.location} Control Access...")
+ format_log(f"Analyzing Service {route.get_base_element_name()} in {route.location} Control Access...")
# Tentukan tipenya
if(route.type == 'function'):
service_acl = self.analyze_function(route)
@@ -34,7 +34,7 @@ class ACLAnalyzer():
def analyze_class(self,route:ElementContext)->list[str]:
- format_log(f"Start Analyzing class {route.get_base_element_name()} in {route.location} Control Access...")
+ format_log(f"Analyzing class {route.get_base_element_name()} in {route.location} Control Access...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
method_lists = list(filter(lambda x:x['name']!='__init__' and x['type']=='class_method' and x['parent']==route.get_base_element_name(),file_method_list))
# Remove yang ada di no check list
@@ -54,7 +54,7 @@ class ACLAnalyzer():
return class_acls
def analyze_function(self,route:ElementContext,is_route=True)->list[str]:
- format_log(f"Start Analyzing function {route.get_base_element_name()} in {route.location} Control Access...")
+ format_log(f"Analyzing function {route.get_base_element_name()} in {route.location} Control Access...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
# Cek parent nya untuk menentukaan apakah ada dekorator
# Inisialisasi principal_list
@@ -482,7 +482,7 @@ class ACLAnalyzer():
return principal_list
def analyze_module(self,route:ElementContext)->list[list[str,list[str]]]:
- format_log(f"Start Analyzing module {route.get_base_element_name()} in {route.location} Control Access...")
+ format_log(f"Analyzing module {route.get_base_element_name()} in {route.location} Control Access...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
# Cari info semua fungsi di module
method_lists = [m for m in file_method_list if not (m['type']=='class_method' and m['name']=='__init__')]
diff --git a/src/lib/CFGGenerator.py b/src/lib/CFGGenerator.py
index 6ff09f94584251f2bf421a553fd77f5f23755d29..939b06097ed74634a3f4f8c7941c1a1aa7dca4e8 100644
--- a/src/lib/CFGGenerator.py
+++ b/src/lib/CFGGenerator.py
@@ -244,7 +244,7 @@ class CFG():
# cari block node
self.cursor.goto_first_child()
# while self.cursor.node.type in ["if",":"]:
- while self.cursor.node.type in ['match','comparison_operator',':']:
+ while self.cursor.node.type in ['match',':']:
self.cursor.goto_next_sibling()
node = self.cursor.node
return node
@@ -318,7 +318,11 @@ class CFG():
return self.cursor.node # return a
elif(self.cursor.node.children[i].type=="dotted_name"):
# format: from a import b
+ # print("MASUK")
+ # print("SU",self.cursor.node.children)
self.cursor.goto_last_child()
+ while self.cursor.node.type in [')',',','comment']:
+ self.cursor.goto_previous_sibling()
for _ in range(len(self.cursor.node.children)-i):
self.cursor.goto_previous_sibling()
node = self.cursor.node
diff --git a/src/lib/MainMenu.py b/src/lib/MainMenu.py
index 5ea32f2fd1c63cd3544d3ed665d5aa945a28fa27..3f053182c5e657bae5c00e89d32256893fe0332c 100644
--- a/src/lib/MainMenu.py
+++ b/src/lib/MainMenu.py
@@ -35,7 +35,7 @@ class MainMenu():
try:
self.acl_data = ACReader(self.acl_path).read()
format_log("ACL data acquired.")
- # print(self.acl_data)
+ # print(self.acl_data.acl_context)
self.project_ctx = FileReader(self.project_path).analyze_project()
format_log("ACL and routes context gathered...")
# print(self.project_ctx)
diff --git a/src/lib/ServiceSanitizationAnalyzer.py b/src/lib/ServiceSanitizationAnalyzer.py
index fe48dcb307ebf63e062411362858d2eff7b04f0c..e2f513cbe7c030a4fa044359e749e8e569cfc51e 100644
--- a/src/lib/ServiceSanitizationAnalyzer.py
+++ b/src/lib/ServiceSanitizationAnalyzer.py
@@ -35,7 +35,7 @@ class ServiceSanitizationAnalyzer():
return vuln_routes
def analyze_class(self,route:ElementContext)->list[str]:
- format_log(f"Start analyzing class {route.get_base_element_name()} in {route.location}...")
+ format_log(f"Analyzing class {route.get_base_element_name()} in {route.location}...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
method_lists = list(filter(lambda x:x['name']!='__init__' and x['type']=='class_method' and x['parent']==route.get_base_element_name(),file_method_list))
# Remove yang ada di no check list
@@ -55,7 +55,7 @@ class ServiceSanitizationAnalyzer():
return unsanitized_methods
def analyze_function(self,route:ElementContext)->bool:
- format_log(f"Start analyzing function {route.get_base_element_name()} in {route.location}...")
+ format_log(f"Analyzing function {route.get_base_element_name()} in {route.location}...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
var_list = []
# Cek parent nya untuk menentukaan apakah ada dekorator
@@ -230,6 +230,33 @@ class ServiceSanitizationAnalyzer():
else:
# Tambahkan nama fungsinya
fun_name += components[i]
+ elif node.type == 'comparison_operator':
+ # Cek kondisinya dulu
+ components = []
+ for child in node.children:
+ # if child.type in ['with','block',":"]:
+ # continue
+ if child.type in ['identifier','in']:
+ components.append(child.text.decode())
+ elif child.type in ['string']:
+ components.append(child.text.decode().replace('"','').replace("'",""))
+ else:
+ components += flatten_node(child.children)
+ if "adminPanel" in route.name:
+ print(node.children)
+ print(node,node.text,components)
+ # var_name = ""
+ for i in range(len(components)):
+ if components[i] in ['in']:
+ # Cek kanan kirinya
+ left_side = components[i-1]
+ right_side = components[i+1]
+ # Cek apakah ini acl
+ if self.is_in_acl_list(route,right_side):
+ print("masuk")
+ return True
+ # else:
+ # var_name = components[i]
elif node.type in ['try_statement','finally_clause','else_clause']:
#TODO langsung jalan
pass
@@ -293,7 +320,7 @@ class ServiceSanitizationAnalyzer():
def analyze_module(self,route:ElementContext)->list[str]:
#TODO CFG
- format_log(f"Start analyzing module {route.get_base_element_name()} in {route.location}...")
+ format_log(f"Analyzing module {route.get_base_element_name()} in {route.location}...")
file_method_list = self.project_info.dependency_manager.get(route.location).method_list
# Cari info semua fungsi di module
method_lists = [m for m in file_method_list if not (m['type']=='class_method' and m['name']=='__init__')]
@@ -324,18 +351,30 @@ class ServiceSanitizationAnalyzer():
for acl_class in self.project_info.acl_class:
acl_class.cfg.reset()
# print("AA",acl_class)
+ if "adminPanel" in route.name:
+ print("kena pala")
+ print(acl_class,acl_class.type)
+ print(acl_class.location)
if(acl_class.type=='library' and acl_class.location==route.location):
# print("acl",acl_class)
if(acl_class.context):
# Cek apakah fungsi yang merupakan acl digunakan
# context berisi daftar fungsi yang merupakan fungsi untuk cek ACL
+ # if "new_content" in route.name:
+ # # print("a")
+ # print(acl_class.cfg.ast,acl_class.context)
while True:
acl_node:Node|None = acl_class.cfg.traverse()
+ # if "new_content" in route.name:
+ # # print("a")
+ # print(acl_class.cfg.ast,acl_node)
if not acl_node:
break
- # if "profile" in route.name:
- # print("a")
- # print(acl_node,acl_node.text)
+ if "adminPanel" in route.name:
+ print(name)
+ print(acl_class.context)
+ print(acl_node)
+ print(acl_node.text)
# acl_node = None
# print("asu",acl_class.context,acl_node.text.decode())
# Handle kasus antara gak ada context fungsi mana yang acl maupun ada
diff --git a/tests/dummy/auth.py b/tests/dummy/auth.py
index 2ac01a1a15f63646977fc85726a19d1eeaa6d315..41a85688cc9d068c30dbcd0215dafeac1e2c499a 100644
--- a/tests/dummy/auth.py
+++ b/tests/dummy/auth.py
@@ -2,7 +2,7 @@ from flask import Blueprint, render_template, request, flash, redirect, url_for
from .models import User
from werkzeug.security import generate_password_hash, check_password_hash
from . import db
-#@A\CL(login_required)
+#@ACL(login_required)
from flask_login import login_user, login_required, logout_user, current_user
diff --git a/tests/dummy/message_view.py b/tests/dummy/message_view.py
index 108f5c4801025cae9aec815cc66aeb911e751776..1c8265be01c1af074d371ba1e8052c53fb131b7e 100644
--- a/tests/dummy/message_view.py
+++ b/tests/dummy/message_view.py
@@ -1,5 +1,5 @@
from flask import Blueprint, render_template, request, flash, jsonify,abort
-# @\ACL(login_required)
+# @ACL(login_required)
from flask_login import login_required, current_user
from .models import Message,Log
from .db import db
diff --git a/tests/dummy/views.py b/tests/dummy/views.py
index 521d8d84077e03bc569f26c4b04098a66801c702..d91fc8bcfb6cc0504e21e82fd15a4995d9af1d85 100644
--- a/tests/dummy/views.py
+++ b/tests/dummy/views.py
@@ -1,6 +1,6 @@
# @Service
from flask import Blueprint, render_template, request, flash, jsonify,abort
-# @A\CL(login_required)
+# @ACL(login_required)
from flask_login import login_required, current_user
from .models import Note,Log
from .db import db