fluidasserts.lang.core module

This module allows to check generic Code vulnerabilities.

fluidasserts.lang.core.file_does_not_exist(code_file)

Check if the given file doesn’t exist.

Parameters

code_file (str) – Path to the file to be tested.

Return type

fluidasserts.Result

fluidasserts.lang.core.file_exists(code_file)

Check if the given file exists.

Parameters

code_file (str) – Path to the file to be tested.

Return type

fluidasserts.Result

fluidasserts.lang.core.generic_c_has_if_without_else(location, conditions, use_regex=False, lang_specs=None, exclude=None)

Perform a generic has_if_without_else that can be reused.

Return type

tuple

fluidasserts.lang.core.generic_c_has_switch_without_default(location, lang_specs=None, exclude=None)

Check if all switches have a default clause.

See REQ.161.

See CWE-478.

Parameters
  • location (str) – Path to a source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_all_text(code_dest, expected_list, use_regex=False, exclude=None, lang_specs=None)

Check if a list of bad text is present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • expected_list (list) – List of bad text to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_any_secret(code_dest, secrets_list, use_regex=False, exclude=None, lang_specs=None)

Check if any on a list of secrets is present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • secrets_list (list) – List of secrets to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_any_text(code_dest, expected_list, use_regex=False, exclude=None, lang_specs=None)

Check if any on a list of bad text is present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • expected_list (list) – List of bad text to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_not_any_text(code_dest, expected_list, use_regex=False, exclude=None, lang_specs=None)

Check if not any on a list of bad text is present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • expected_list (list) – List of bad text to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_not_text(code_dest, expected_text, use_regex=False, exclude=None, lang_specs=None)

Check if a required text is not present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • expected_text (str) – Bad text to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_secret(code_dest, secret, use_regex=False, exclude=None, lang_specs=None)

Check if a secret is present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • secret (str) – Secret to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_text(code_dest, expected_text, use_regex=False, exclude=None, lang_specs=None)

Check if a bad text is present in given source file.

if use_regex equals True, Search is (case-insensitively) performed by re.search().

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • expected_text (str) – Bad text to look for in the file.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.has_weak_cipher(code_dest, expected_text, exclude=None, lang_specs=None)

Check if code uses base 64 to cipher confidential data.

See REQ.185.

Parameters
  • code_dest (str) – Path to a code source file or package.

  • expected_text (str) – Text that might be in source file or package

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result

fluidasserts.lang.core.is_file_hash_in_list(path, hash_list)

Check if the given file hash is in a list of given hashes.

Parameters
  • path (str) – Path to the file to be tested.

  • hash_list (typing.List[str]) – List of expected hashes.

Return type

fluidasserts.Result

fluidasserts.lang.core.uses_unencrypted_sockets(code_dest, exclude=None, lang_specs=None)

Check if there are unencrypted web sockets URI schemes in code (ws://).

Parameters
  • code_dest (str) – Path to the file or directory to be tested.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

  • lang_specs (typing.Optional[dict]) – Specifications of the language, see fluidasserts.lang.java.LANGUAGE_SPECS for an example.

Return type

fluidasserts.Result