swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from tanaydin/plain_output 

Better output for file.
pull/8/head^2
tanaydin sirin 2019-04-05 15:12:49 +02:00 committed by GitHub
parent bf86549569 0703843c4e
commit 6732d43099
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
detection.py
View File

@ -91,9 +91,12 @@ def analysis(path,plain):
# Run thru every files and subdirectories # Run thru every files and subdirectories
def recursive(dir,progress,plain): def recursive(dir,progress,plain):
progress += 1 progress += 1
progress_indicator = ''
if plain: progress_indicator = ""
try: try:
for name in os.listdir(dir): for name in os.listdir(dir):
print('\tAnalyzing : '+''*progress+'\r'),
print('\tAnalyzing : '+ progress_indicator * progress+'\r'),
# Targetting only PHP Files # Targetting only PHP Files
if os.path.isfile(os.path.join(dir, name)): if os.path.isfile(os.path.join(dir, name)):

15
functions.py
View File

@ -19,13 +19,13 @@ def nth_replace(string, old, new, n):
# Display the found vulnerability with basic informations like the line # Display the found vulnerability with basic informations like the line
def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence, plain): def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence, plain):
# Potential vulnerability found : SQL Injection # Potential vulnerability found : SQL Injection
header = "\033[{}mPotential vulnerability found : \033[{}m{}\033[0m".format('0' if plain else '1', '0' if plain else '92', payload[1]) header = "{}Potential vulnerability found : {}{}{}".format('' if plain else '\033[1m', '' if plain else '\033[92m', payload[1], '' if plain else '\033[0m')
# Line 25 in test/sqli.php # Line 25 in test/sqli.php
line = "\033[{}m{}\033[0m in {}".format('0' if plain else '92',line,path) line = "{}{}{} in {}".format('' if plain else '\033[92m',line, '' if plain else '\033[0m', path)
# Code : include($_GET['patisserie']) # Code : include($_GET['patisserie'])
vuln = nth_replace("".join(vulnerability), colored, "\033[{}m".format('0' if plain else '92')+colored+"\033[0m", occurence) vuln = nth_replace("".join(vulnerability), colored, "{}".format('' if plain else '\033[92m')+colored+"{}".format('' if plain else '\033[0m'), occurence)
vuln = "{}({})".format(payload[0], vuln) vuln = "{}({})".format(payload[0], vuln)
# Final Display # Final Display
@ -33,16 +33,17 @@ def display(path,payload,vulnerability,line,declaration_text,declaration_line, c
print "-" * (int(columns)-1) print "-" * (int(columns)-1)
print "Name \t{}".format(header) print "Name \t{}".format(header)
print "-" * (int(columns)-1) print "-" * (int(columns)-1)
print "\033[{}mLine \033[0m {}".format('0' if plain else '1', line) print "{}Line {} {}".format('' if plain else '\033[1m', '' if plain else '\033[0m', line)
print "\033[{}mCode \033[0m {}".format('0' if plain else '1', vuln) print "{}Code {} {}".format('' if plain else '\033[1m', '' if plain else '\033[0m', vuln)
# Declared at line 1 : $dest = $_GET['who']; # Declared at line 1 : $dest = $_GET['who'];
if not "$_" in colored: if not "$_" in colored:
declared = "Undeclared in the file" declared = "Undeclared in the file"
if declaration_text != "": if declaration_text != "":
declared = "Line n°\033[0;{}m{}\033[0m : {}".format('0' if plain else '92', declaration_line, declaration_text) declared = "Line n°{}{}{} : {}".format('' if plain else '\033[0;92m', declaration_line, '' if plain else '\033[0m', declaration_text)
#declared = "Line n°\033[0;{}m{}\033[0m : {}".format('0' if plain else '92', declaration_line, declaration_text)
print "\033[{}mDeclaration \033[0m {}".format('0' if plain else '1', declared) print "{}Declaration {} {}".format('' if plain else '\033[1m', '' if plain else '\033[0m', declared)
# Small delimiter # Small delimiter
print "" print ""

2
index.py
View File

@ -29,7 +29,7 @@ if __name__ == "__main__":
print "\-'\ / \ '-'(_ .' | |'| | \ | `-/ /` (_' '--'\ ' '-' '| '-' / | `---." print "\-'\ / \ '-'(_ .' | |'| | \ | `-/ /` (_' '--'\ ' '-' '| '-' / | `---."
print " `-' `-----' `-----' `--' `--' `--' `-----' `-----' `------' `------'" print " `-' `-----' `-----' `--' `--' `--' `-----' `-----' `------' `------'"
print " Copyright @pentest_swissky " print " Copyright @pentest_swissky "
print ("\n\033[{}mAnalyzing '{}' source code\033[{}m".format('0' if results.plain else '1', results.dir, '0')) print ("\n{}Analyzing '{}' source code{}".format('' if results.plain else '\033[1m', results.dir, '' if results.plain else '\033[0m'))
if os.path.isfile(results.dir): if os.path.isfile(results.dir):
analysis(results.dirm, results.plain) analysis(results.dirm, results.plain)