sangge-redmi
f0a915c0fd
Some checks failed
Python application test / build (pull_request) Failing after 15m14s
40 lines
1.3 KiB
Python
40 lines
1.3 KiB
Python
import re
|
|
from typing import Dict, List, Tuple
|
|
from .utils import remove_comments
|
|
|
|
|
|
def find_dangerous_functions(
|
|
file_content: str, file_extension: str
|
|
) -> Dict[str, List[Tuple[int, str]]]:
|
|
patterns = {
|
|
".py": {
|
|
r"\bsystem\(": "high",
|
|
r"\bexec\(": "high",
|
|
r"\bpopen\(": "medium",
|
|
r"\beval\(": "high",
|
|
r"\bsubprocess\.run\(": "medium",
|
|
r"\b__getattribute__\(": "high",
|
|
r"\bgetattr\(": "medium",
|
|
r"\b__import__\(": "high",
|
|
},
|
|
".js": {
|
|
r"\beval\(": "high",
|
|
r"\bexec\(": "high",
|
|
r"\bchild_process\.exec\(": "high",
|
|
},
|
|
".cpp": {
|
|
r"\bsystem\(": "high",
|
|
},
|
|
}
|
|
risk_patterns = patterns.get(file_extension, {})
|
|
classified_results = {"high": [], "medium": [], "low": [], "none": []}
|
|
for line_number, line in enumerate(file_content.split("\n"), start=1):
|
|
clean_line = remove_comments(line, file_extension)
|
|
if not clean_line:
|
|
continue
|
|
for pattern, risk_level in risk_patterns.items():
|
|
if re.search(pattern, clean_line):
|
|
classified_results[risk_level].append((line_number, clean_line))
|
|
return classified_results
|
|
|
粤公网安备44010602013451号