Feature/custom checks tags (#34)

* Assign some tags based on method naming conventions

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Python

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

build.sbt

@@ -1,6 +1,6 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "1.0.1"
+ThisBuild / version      := "1.0.2"
 ThisBuild / scalaVersion := "3.3.1"
 
 val cpgVersion = "1.4.22"

ci/Dockerfile

@@ -70,7 +70,7 @@ RUN set -e; \
     && rm graphviz-devel-2.44.0-25.el9.${ARCH_NAME}.rpm \
     && curl -s "https://get.sdkman.io" | bash \
     && source "$HOME/.sdkman/bin/sdkman-init.sh" \
-    && echo -e "sdkman_auto_answer=true\nsdkman_selfupdate_feature=false\nsdkman_auto_env=true" >> $HOME/.sdkman/etc/config \
+    && echo -e "sdkman_auto_answer=true\nsdkman_selfupdate_feature=false\nsdkman_auto_env=true\nsdkman_curl_connect_timeout=20\nsdkman_curl_max_time=0" >> $HOME/.sdkman/etc/config \
     && sdk install java $JAVA_VERSION \
     && sdk install maven $MAVEN_VERSION \
     && sdk install gradle $GRADLE_VERSION \

codemeta.json

@@ -7,7 +7,7 @@
   "downloadUrl": "https://github.com/AppThreat/chen",
   "issueTracker": "https://github.com/AppThreat/chen/issues",
   "name": "chen",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.",
   "applicationCategory": "code-analysis",
   "keywords": [

console/src/main/scala/io/appthreat/console/Console.scala

@@ -525,7 +525,27 @@ class Console[T <: Project](
             table.add_column("File Name")
             table.add_column("Methods")
             atom.file.whereNot(_.name("<unknown>")).foreach { f =>
-                table.add_row(f.name, f.method.fullName.l.mkString("\n"))
+                table.add_row(
+                  f.name,
+                  f.method.filterNot(m =>
+                      m.fullName.endsWith("<metaClassCallHandler>") || m.fullName.endsWith(
+                        "<fakeNew>"
+                      ) || m.fullName.endsWith(
+                        "<metaClassAdapter>"
+                      )
+                  ).map(m =>
+                      var methodDisplayStr = if m.tag.nonEmpty then
+                          s"""${m.fullName}\n[info]Tags: ${m.tag.name.mkString(", ")}[/info]"""
+                      else m.fullName
+                      if m.tag.nonEmpty && (m.tag.name.contains(
+                            "validation"
+                          ) || m.tag.name.contains("sanitization") || m.tag.name.contains(
+                            "authentication"
+                          ) || m.tag.name.contains("authorization"))
+                      then methodDisplayStr = s"[green]$methodDisplayStr[/green]"
+                      methodDisplayStr
+                  ).l.mkString("\n")
+                )
             }
             richConsole.print(table)
             if as_text then richConsole.export_text().as[String] else ""

console/src/main/scala/io/appthreat/console/cpgcreation/AtomGenerator.scala

@@ -2,7 +2,7 @@ package io.appthreat.console.cpgcreation
 
 import io.appthreat.console.FrontendConfig
 import io.shiftleft.codepropertygraph.Cpg
-import io.appthreat.x2cpg.passes.taggers.{CdxPass, ChennaiTagsPass}
+
 import java.nio.file.Path
 import scala.util.Try
 

platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/ChennaiTagsPass.scala

@@ -56,6 +56,9 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom):
                 .newTagNode(FRAMEWORK_INPUT)
                 .store()(dstGraph)
         }
+        atom.file.name(".*views.py.*").method.parameter.name("request").method.newTagNode(
+          FRAMEWORK_INPUT
+        ).store()(dstGraph)
     end tagPythonRoutes
 
     override def run(dstGraph: DiffGraphBuilder): Unit =

platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/EasyTagsPass.scala

@@ -0,0 +1,30 @@
+package io.appthreat.x2cpg.passes.taggers
+
+import io.circe.*
+import io.circe.parser.*
+import io.shiftleft.codepropertygraph.Cpg
+import io.shiftleft.codepropertygraph.generated.Languages
+import io.shiftleft.codepropertygraph.generated.nodes.Method
+import io.shiftleft.passes.CpgPass
+import io.shiftleft.semanticcpg.language.*
+
+import java.util.regex.Pattern
+
+/** Creates tags on any node
+  */
+class EasyTagsPass(atom: Cpg) extends CpgPass(atom):
+
+    val language: String = atom.metaData.language.head
+
+    override def run(dstGraph: DiffGraphBuilder): Unit =
+        atom.method.internal.name(".*(valid|check).*").newTagNode("validation").store()(dstGraph)
+        atom.method.internal.name("is[A-Z].*").newTagNode("validation").store()(dstGraph)
+        if language == Languages.PYTHON || language == Languages.PYTHONSRC then
+            atom.method.internal.name("is_[a-z].*").newTagNode("validation").store()(dstGraph)
+        atom.method.internal.name(".*(encode|escape|sanit).*").newTagNode("sanitization").store()(
+          dstGraph
+        )
+        atom.method.internal.name(".*(login|authenti).*").newTagNode("authentication").store()(
+          dstGraph
+        )
+        atom.method.internal.name(".*(authori).*").newTagNode("authorization").store()(dstGraph)

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "appthreat-chen"
-version = "1.0.1"
+version = "1.0.2"
 description = "Code Hierarchy Exploration Net (chen)"
 authors = ["Team AppThreat <cloud@appthreat.com>"]
 license = "Apache-2.0"