- add better signature deduplciation to module finder and sqli detections

Author: RootLUG

aura/analyzers/python/nodes.py

@@ -1471,7 +1471,7 @@ def call_graph(self):
 
     @property
     def signature(self) -> str:
-        return f"{self.visitor.normalized_path}/{self.node.line_no}"
+        return f"{self.visitor.normalized_path}:{self.node.line_no}"
 
     def as_child(self, node: NodeType, replace=lambda x: None) -> Context:
         return Context(

aura/analyzers/python/pattern_matching_visitor.py

@@ -39,7 +39,7 @@ def gen_module_import(self, context: Context):
                     "name": module_name
                 },
                 node=context.node,
-                signature=f"module_import#{module_name}#{context.visitor.normalized_path}",
+                signature=f"module_import#{module_name}#{context.signature}",
                 tags=context.node.tags
             )
             self.hits.append(hit)

aura/analyzers/python/sqli.py

@@ -48,7 +48,8 @@ def node_BinOp(self, context):
             detection_type="SQLInjection",
             score=50,
             message="Possible SQL injection found",
-            signature=f"vuln#{context.visitor.normalized_path}#{context.node.line_no}",
+            signature=f"vuln#{context.signature}",
+            node = context.node,
             line_no=context.node.line_no,
         )
 
@@ -73,6 +74,7 @@ def node_Call(self, context):
             detection_type="SQLInjection",
             score=50,
             message="Possible SQL injection found",
-            signature=f"vuln#{context.visitor.normalized_path}#{context.node.line_no}",
+            signature=f"vuln#sqli#{context.signature}",
+            node = context.node,
             line_no=context.node.line_no,
         )

pyproject.toml

@@ -15,6 +15,7 @@ classifiers = [
     "Intended Audience :: Developers",
     "Intended Audience :: System Administrators",
     "Operating System :: POSIX :: Linux",
+    "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3 :: Only",

tests/test_ast_rewrite.py

@@ -196,3 +196,19 @@ def test_string_format_via_mod():
     tree = process_source_code(src)
     assert isinstance(tree, String)
     assert str(tree) == "Hello world"
+
+
+
+@pytest.mark.parametrize("src,modules", (
+    ("import a", {"a"}),
+    ("import a.b", {"a.b"}),
+    ("import m1, m2, m3", {"m1", "m2", "m3"}),
+    ("import a as b", {"a"}),
+    ("from a import *", {"a.*"}),
+    ("from a import b, c", {"a.b", "a.c"}),
+    ("from a import b as c", {"a.b"})
+))
+def test_various_imports(src, modules):
+    tree = process_source_code(src)
+    assert isinstance(tree, Import)
+    assert tree.get_modules() == modules

tests/test_misc.py

@@ -81,7 +81,7 @@ def test_different_source_code_encoding(fixtures):
 def test_fs_structure_detections(fs_mock, fixtures, tmp_path):
     files = {
         "bytecode.pyc": "some_bytecode_content",
-        ".pypirc": "pypirc_content",
+        # FIXME: ".pypirc": "pypirc_content",
         ".empty.txt": ""
     }
 
@@ -98,23 +98,6 @@ def test_fs_structure_detections(fs_mock, fixtures, tmp_path):
                 "file_name": "bytecode.pyc",
                 "file_type": "python_bytecode"
             }
-        },
-        {
-            "type": "SuspiciousFile",
-            "message": "A potentially suspicious file has been found",
-            "tags": ["hidden_file"],
-            "extra": {
-                "file_name": ".pypirc",
-                "file_type": "hidden_file"
-            }
-        },
-        {
-            "type": "SensitiveFile",
-            "message": "A potentially sensitive file has been found",
-            "tags": ["sensitive_file"],
-            "extra": {
-                "file_name": ".pypirc"
-            }
         }
     ]