-
Notifications
You must be signed in to change notification settings - Fork 1
/
js_sast.py
74 lines (59 loc) · 2.85 KB
/
js_sast.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import sys
import argparse
from core.scanner import Scanner
import report.js_statistics as stats
import datetime
from colorama import Fore
from colorama import Style
import subprocess
import git
import yaml
def arg_parser():
"""
This function gets the inputs from the user to use them in the tools
:return: the Namespace of the input arguments.
"""
parser = argparse.ArgumentParser(prog='js_sast.py', usage='%(prog)s [options]')
options = parser.add_argument_group('Argument options')
options.add_argument('-p', '--path', action='store',
help='file: file or directory path to be scanned')
options.add_argument('-g', '--gosec', action='store', help='-g gosec, to run gosec on the target repository to scan'
'for vulnerabilities in Go source code.')
options.add_argument('-b', '--bandit', action='store', help='-b bandit, to run bandit on the target repository to '
'scan for vulnerabilities in Python source code.')
options.add_argument('-c', '--clone', action='store', help='-c https://github.com/O72/JS_SAST.git, to clone remote'
'repository to the current directory to be scanned')
if len(sys.argv) < 2:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
return args
def main():
args = arg_parser()
if args.clone:
repo = args.clone.split("/")[-1].split(".")[0]
git.Repo.clone_from(f'{args.clone}', f'{repo}')
print(f"[INFO]: {Fore.GREEN}Repository {repo} has been cloned {Style.RESET_ALL}")
path = args.path
if path:
with open('core/ruleset.yaml', 'r') as ruleset:
rules = yaml.safe_load(ruleset) # loads rulesets to be used in ruleset_engine
print(f"[INFO] Scan Started: {Fore.GREEN}{datetime.datetime.utcnow()}{Style.RESET_ALL}")
if path.split(".")[-1] == "js": # checks if the input file is a single file
total_scan_lines = 0
line_number = Scanner(path=None, filename=path, rules=rules).scan_file()
total_scan_lines += line_number
stats.overall_stats(total_scan_lines)
else: # if it is a directory
js_files = Scanner(path=path, filename=None).get_js_files()
total_scan_lines = 0
for file in js_files:
line_number = Scanner(path=None, filename=file, rules=rules).scan_file()
total_scan_lines += line_number
stats.overall_stats(total_scan_lines)
if args.gosec: # gosec integration
subprocess.run(["gosec", f"{path}/..."], shell=False)
if args.bandit: # bandit integration
subprocess.run(["bandit", "-r", f"{path}"], shell=False)
if __name__ == '__main__':
main()