Feature/python pack2 (#28)

* Tag django views Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Oct 29, 2023 · 3452d89 · 3452d89
1 parent db5291f
commit 3452d89
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 28 deletions.
diff --git a/build.sbt b/build.sbt
@@ -1,6 +1,6 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "0.5.3"
+ThisBuild / version      := "0.5.4"
 ThisBuild / scalaVersion := "3.3.1"
 
 val cpgVersion = "1.4.22"

diff --git a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala
@@ -42,6 +42,8 @@ class CdxPass(atom: Cpg) extends CpgPass(atom) {
       "(?s)(?i).*(\\s|\\.)(list|create|upload|delete|execute|command|invoke|submit|send)"
     )
 
+  private def PY_REQUEST_PATTERNS = Array(".*views.py:<module>.*")
+
   private def containsRegex(str: String) = Pattern.quote(str) == str || str.contains("*")
 
   private val BOM_JSON_FILE = ".*(bom|cdx).json"
@@ -69,6 +71,10 @@ class CdxPass(atom: Cpg) extends CpgPass(atom) {
         JS_REQUEST_PATTERNS.foreach(p => atom.call.code(p).newTagNode("framework-input").store()(dstGraph))
         JS_RESPONSE_PATTERNS.foreach(p => atom.call.code(p).newTagNode("framework-output").store()(dstGraph))
       }
+      if (language == Languages.PYTHON || language == Languages.PYTHONSRC) {
+        PY_REQUEST_PATTERNS
+          .foreach(p => atom.method.fullName(p).parameter.newTagNode("framework-input").store()(dstGraph))
+      }
       components.foreach { comp =>
         val PURL_TYPE               = "purl"
         val compPurl                = comp.hcursor.downField(PURL_TYPE).as[String].getOrElse("")
@@ -115,6 +121,7 @@ class CdxPass(atom: Cpg) extends CpgPass(atom) {
                   }
                   if (language == Languages.PYTHON || language == Languages.PYTHONSRC) {
                     atom.call.where(_.methodFullName(bpkg)).argument.newTagNode(compPurl).store()(dstGraph)
+                    atom.identifier.typeFullName(bpkg).newTagNode(compPurl).store()(dstGraph)
                   }
                 }
                 if (compType != "library") {

diff --git a/...rm/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/ChennaiTagsPass.scala b/...rm/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/ChennaiTagsPass.scala
@@ -20,11 +20,12 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom) {
   private val FRAMEWORK_OUTPUT = "framework-output"
 
   private val PYTHON_ROUTES_CALL_REGEXES =
-    Array("django/(conf/)?urls.py:<module>.(path|re_path|url).*", ".*(route|web\\.).*")
+    Array("django/(conf/)?urls.py:<module>.(path|re_path|url).*", ".*(route|web\\.|add_resource).*")
   private val PYTHON_ROUTES_DECORATORS_REGEXES = Array(
-    ".*(route|endpoint|_request|require_http_methods|require_GET|require_POST|require_safe|_required)\\(.*"
+    ".*(route|endpoint|_request|require_http_methods|require_GET|require_POST|require_safe|_required)\\(.*",
+    ".*def\\s(get|post|put)\\(.*"
   )
-  private val HTTP_METHODS_REGEX = ".*(request|session)\\.(args|get|post|form).*"
+  private val HTTP_METHODS_REGEX = ".*(request|session)\\.(args|get|post|put|form).*"
   private def tagPythonRoutes(dstGraph: DiffGraphBuilder): Unit = {
     PYTHON_ROUTES_CALL_REGEXES.foreach { r =>
       atom.call
@@ -33,28 +34,23 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom) {
         .isLiteral
         .newTagNode(FRAMEWORK_ROUTE)
         .store()(dstGraph)
-
-      PYTHON_ROUTES_DECORATORS_REGEXES.foreach { r =>
-        def decoratedMethods = atom.methodRef
-          .where(_.inCall.code(r).argument)
-          ._refOut
-          .collectAll[Method]
-        decoratedMethods.call.assignment
-          .code(HTTP_METHODS_REGEX)
-          .argument
-          .isIdentifier
-          .newTagNode(FRAMEWORK_INPUT)
-          .store()(dstGraph)
-        decoratedMethods
-          .newTagNode(FRAMEWORK_INPUT)
-          .store()(dstGraph)
-        decoratedMethods.parameter
-          .newTagNode(FRAMEWORK_INPUT)
-          .store()(dstGraph)
-      }
-      atom.ret
-        .where(_.method.tag.name(FRAMEWORK_INPUT))
-        .newTagNode(FRAMEWORK_OUTPUT)
+    }
+    PYTHON_ROUTES_DECORATORS_REGEXES.foreach { r =>
+      def decoratedMethods = atom.methodRef
+        .where(_.inCall.code(r).argument)
+        ._refOut
+        .collectAll[Method]
+      decoratedMethods.call.assignment
+        .code(HTTP_METHODS_REGEX)
+        .argument
+        .isIdentifier
+        .newTagNode(FRAMEWORK_INPUT)
+        .store()(dstGraph)
+      decoratedMethods
+        .newTagNode(FRAMEWORK_INPUT)
+        .store()(dstGraph)
+      decoratedMethods.parameter
+        .newTagNode(FRAMEWORK_INPUT)
         .store()(dstGraph)
     }
   }

diff --git a/project/build.properties b/project/build.properties
@@ -1 +1 @@
-sbt.version=1.9.6
+sbt.version=1.9.7
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "appthreat-chen"
-version = "0.5.3"
+version = "0.5.4"
 description = "Code Hierarchy Exploration Net (chen)"
 authors = ["Team AppThreat <cloud@appthreat.com>"]
 license = "Apache-2.0"