Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove extraneous reassignments in output #166

Merged
merged 1 commit into from
Aug 16, 2018
Merged

Remove extraneous reassignments in output #166

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions pyt/vulnerabilities/vulnerability_helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import json
from enum import Enum
from collections import namedtuple
from itertools import takewhile

from ..core.node_types import YieldNode

Expand Down Expand Up @@ -56,16 +57,13 @@ def __init__(
self.sink = sink
self.sink_trigger_word = sink_trigger_word

self.reassignment_nodes = reassignment_nodes
self._remove_sink_from_secondary_nodes()
# Remove the sink node and all nodes after the sink from the list of reassignments.
Copy link
Collaborator

@KevinHock KevinHock Aug 16, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️
This is amazing, it used to be more confusing but I forgot about after the sink. Thanks so much for making this.

self.reassignment_nodes = list(takewhile(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL takewhile

lambda node: node is not sink,
reassignment_nodes
))
self._remove_non_propagating_yields()

def _remove_sink_from_secondary_nodes(self):
try:
self.reassignment_nodes.remove(self.sink)
except ValueError: # pragma: no cover
pass

def _remove_non_propagating_yields(self):
"""Remove yield with no variables e.g. `yield 123` and plain `yield` from vulnerability."""
for node in list(self.reassignment_nodes):
Expand Down
52 changes: 0 additions & 52 deletions tests/vulnerabilities/vulnerabilities_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,12 +150,6 @@ def test_XSS_result(self):
Reassigned in:
File: examples/vulnerable_code/XSS.py
> Line 6: param = ~call_1
File: examples/vulnerable_code/XSS.py
> Line 9: ~call_3 = ret_make_response(~call_4)
File: examples/vulnerable_code/XSS.py
> Line 9: resp = ~call_3
File: examples/vulnerable_code/XSS.py
> Line 10: ret_XSS1 = resp
File: examples/vulnerable_code/XSS.py
> reaches line 9, sink "replace(":
~call_4 = ret_html.replace('{{ param }}', param)
Expand Down Expand Up @@ -274,8 +268,6 @@ def test_path_traversal_sanitised_result(self):
> Line 10: image_name = ~call_2
File: examples/vulnerable_code/path_traversal_sanitised.py
> Line 12: ~call_4 = ret_os.path.join(~call_5, image_name)
File: examples/vulnerable_code/path_traversal_sanitised.py
> Line 12: ret_cat_picture = ~call_3
File: examples/vulnerable_code/path_traversal_sanitised.py
> reaches line 12, sink "send_file(":
~call_3 = ret_send_file(~call_4)
Expand All @@ -297,8 +289,6 @@ def test_path_traversal_sanitised_2_result(self):
> Line 8: image_name = ~call_1
File: examples/vulnerable_code/path_traversal_sanitised_2.py
> Line 12: ~call_3 = ret_os.path.join(~call_4, image_name)
File: examples/vulnerable_code/path_traversal_sanitised_2.py
> Line 12: ret_cat_picture = ~call_2
File: examples/vulnerable_code/path_traversal_sanitised_2.py
> reaches line 12, sink "send_file(":
~call_2 = ret_send_file(~call_3)
Expand All @@ -318,8 +308,6 @@ def test_sql_result(self):
Reassigned in:
File: examples/vulnerable_code/sql/sqli.py
> Line 26: param = ~call_1
File: examples/vulnerable_code/sql/sqli.py
> Line 27: result = ~call_2
File: examples/vulnerable_code/sql/sqli.py
> reaches line 27, sink "execute(":
~call_2 = ret_db.engine.execute(param)
Expand All @@ -335,13 +323,6 @@ def test_XSS_form_result(self):
File: examples/vulnerable_code/XSS_form.py
> User input at line 14, source "form[":
data = request.form['my_text']
Reassigned in:
File: examples/vulnerable_code/XSS_form.py
> Line 15: ~call_1 = ret_make_response(~call_2)
File: examples/vulnerable_code/XSS_form.py
> Line 15: resp = ~call_1
File: examples/vulnerable_code/XSS_form.py
> Line 17: ret_example2_action = resp
File: examples/vulnerable_code/XSS_form.py
> reaches line 15, sink "replace(":
~call_2 = ret_html1.replace('{{ data }}', data)
Expand All @@ -360,12 +341,6 @@ def test_XSS_url_result(self):
Reassigned in:
File: examples/vulnerable_code/XSS_url.py
> Line 6: param = url
File: examples/vulnerable_code/XSS_url.py
> Line 9: ~call_2 = ret_make_response(~call_3)
File: examples/vulnerable_code/XSS_url.py
> Line 9: resp = ~call_2
File: examples/vulnerable_code/XSS_url.py
> Line 10: ret_XSS1 = resp
File: examples/vulnerable_code/XSS_url.py
> reaches line 9, sink "replace(":
~call_3 = ret_html.replace('{{ param }}', param)
Expand All @@ -390,12 +365,6 @@ def test_XSS_reassign_result(self):
> Line 6: param = ~call_1
File: examples/vulnerable_code/XSS_reassign.py
> Line 8: param = param + ''
File: examples/vulnerable_code/XSS_reassign.py
> Line 11: ~call_3 = ret_make_response(~call_4)
File: examples/vulnerable_code/XSS_reassign.py
> Line 11: resp = ~call_3
File: examples/vulnerable_code/XSS_reassign.py
> Line 12: ret_XSS1 = resp
File: examples/vulnerable_code/XSS_reassign.py
> reaches line 11, sink "replace(":
~call_4 = ret_html.replace('{{ param }}', param)
Expand All @@ -418,12 +387,6 @@ def test_XSS_sanitised_result(self):
> Line 9: ~call_2 = ret_Markup.escape(param)
File: examples/vulnerable_code/XSS_sanitised.py
> Line 9: param = ~call_2
File: examples/vulnerable_code/XSS_sanitised.py
> Line 12: ~call_4 = ret_make_response(~call_5)
File: examples/vulnerable_code/XSS_sanitised.py
> Line 12: resp = ~call_4
File: examples/vulnerable_code/XSS_sanitised.py
> Line 13: ret_XSS1 = resp
File: examples/vulnerable_code/XSS_sanitised.py
> reaches line 12, sink "replace(":
~call_5 = ret_html.replace('{{ param }}', param)
Expand All @@ -449,12 +412,6 @@ def test_XSS_variable_assign_result(self):
> Line 6: param = ~call_1
File: examples/vulnerable_code/XSS_variable_assign.py
> Line 8: other_var = param + ''
File: examples/vulnerable_code/XSS_variable_assign.py
> Line 11: ~call_3 = ret_make_response(~call_4)
File: examples/vulnerable_code/XSS_variable_assign.py
> Line 11: resp = ~call_3
File: examples/vulnerable_code/XSS_variable_assign.py
> Line 12: ret_XSS1 = resp
File: examples/vulnerable_code/XSS_variable_assign.py
> reaches line 11, sink "replace(":
~call_4 = ret_html.replace('{{ param }}', other_var)
Expand All @@ -479,12 +436,6 @@ def test_XSS_variable_multiple_assign_result(self):
> Line 10: not_the_same_var = '' + other_var
File: examples/vulnerable_code/XSS_variable_multiple_assign.py
> Line 12: another_one = not_the_same_var + ''
File: examples/vulnerable_code/XSS_variable_multiple_assign.py
> Line 15: ~call_3 = ret_make_response(~call_4)
File: examples/vulnerable_code/XSS_variable_multiple_assign.py
> Line 15: resp = ~call_3
File: examples/vulnerable_code/XSS_variable_multiple_assign.py
> Line 17: ret_XSS1 = resp
File: examples/vulnerable_code/XSS_variable_multiple_assign.py
> reaches line 15, sink "replace(":
~call_4 = ret_html.replace('{{ param }}', another_one)
Expand Down Expand Up @@ -550,9 +501,6 @@ def test_django_view_param(self):
File: examples/vulnerable_code/django_XSS.py
> User input at line 4, source "Framework function URL parameter":
param
Reassigned in:
File: examples/vulnerable_code/django_XSS.py
> Line 5: ret_xss1 = ~call_1
File: examples/vulnerable_code/django_XSS.py
> reaches line 5, sink "render(":
~call_1 = ret_render(request, 'templates/xss.html', 'param'param)
Expand Down