Astvuln
Astvuln is a simple AST scanner which recursively scans a directory, parses each file as AST and runs specified method. Some search methods are provided with the tool and can be found under ./src/visitors/ in common.py and custom.py but most methods are not included in the repository. To add a new search method edit one of existing files and add a new class. The simplest way is to extend it from AstVisitor class. Implement query logic using generic_visit/visit_{class}.
This tool was developed for research purposes with the idea to explore potential vulnerable patterns when a new type of bug is discovered in our code. We can use such patterns to potentially find new similar bugs. AST code patterns which have sufficiently low false positive rate should then be included in SAST automation.
Usage
Astvuln: Search Python code for AST patterns.
Usage:
[-a
][-h][-e
][-g][-c][-n][-p
][-s
] Options: -a|--args
Arguments for method -h|--help Show help and exit -e|--extensions
Extensions to process -g|--grepable Make results easier to grep -c|--no-colors Don't print colors -n|--no-source Don't print source code -p|--path
Starting directory -s|--skip
Paths to skip Common methods: assign Find assignements with matching names (name) call Find all function calls with matching name (name, path) class Find all classes with matching name (name) constant Find all constants with matching value (name) dict Find all dicts with matching item constant value (name) dump Dump AST function Find all functions and methods with matching name (name) list Find all lists with matching constant value (name) name Find all matching names (name) print Print node names test Do nothing Custom methods: forelse Search for `for` loops with `else` clause which seems to always trigger replace_with_substring Search for replace of a string with a substring or an empty string unused_classes Find classes which are never directly referenced by name (ignore) Reading methods from file: Run method "file" and pass filename in method arguments to run multiple methods in a single run. Each method needs to be specified in a single line and colon-seperated from arguments. E. g. "./astvuln foo -a bar,baz" would be translated to: foo:bar,baz Examples: ./astvuln -h # Print help ./astvuln print -c # Run method `print` without color output ./astvuln dump -p dir # Run method `dump` on directory `dir` ./astvuln call -a bytes # Run method `call` with argument `bytes` ./astvuln foo -a a=1,b=2 # Run method `foo` with arguments a = 1 and b = 2 ./astvuln file -a methods.txt # Run multiple methods specified in a file
License
Astvuln is released under the MIT License.
19 Oct 20, 2022
1 Oct 03, 2022
3 Nov 06, 2021
120 Dec 05, 2022
6 Nov 27, 2022
1.3k Dec 30, 2022
13 Dec 11, 2022
2 Feb 03, 2022
7 May 18, 2022
9 Jan 26, 2022
6 Jul 20, 2021
6 Oct 05, 2022
89 Dec 08, 2022
6 Jun 08, 2022
2 Oct 29, 2021
1 Nov 12, 2021
26 Dec 11, 2022
3.5k Jan 05, 2023
1 Nov 12, 2021
2 Jan 05, 2022