-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
90169ec
commit c34e4bf
Showing
74 changed files
with
502 additions
and
268 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
[flake8] | ||
# Increase the max line length to 120 characters | ||
max-line-length = 120 | ||
|
||
# Ignore specific errors/warnings: | ||
# E501: Line too long | ||
# W291: Trailing whitespace | ||
# E128: Continuation line under-indented for visual indent | ||
# E126: Continuation line over-indented for hanging indent | ||
# E127: Continuation line over-indented for visual indent | ||
# W503: Line break occurred before a binary operator | ||
# E266: Too many leading '#' for block comment | ||
ignore = E501, W291, E128, E126, E127, W503, E266, W605, C901, E303 | ||
|
||
# Exclude some directories from checking | ||
exclude = | ||
.git, | ||
__pycache__, | ||
build, | ||
dist, | ||
.venv | ||
|
||
|
||
# Maximum allowed complexity for functions | ||
max-complexity = 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,79 @@ | ||
stages: | ||
- lint | ||
- test | ||
- build | ||
- deploy | ||
name: CI/CD Pipeline | ||
|
||
variables: | ||
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip-cache" | ||
on: | ||
push: | ||
branches: [ master ] | ||
pull_request: | ||
branches: [ master ] | ||
|
||
cache: | ||
paths: | ||
- .pip-cache/ | ||
jobs: | ||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Python | ||
uses: actions/setup-python@v2 | ||
with: | ||
python-version: 3.9 | ||
- name: Install dependencies | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install flake8 | ||
- name: Lint with flake8 | ||
run: flake8 . | ||
|
||
lint: | ||
stage: lint | ||
image: python:3.9 | ||
before_script: | ||
- pip install flake8 | ||
script: | ||
- flake8 . | ||
|
||
test: | ||
stage: test | ||
image: python:3.9 | ||
before_script: | ||
- pip install -r requirements.txt | ||
- pip install pytest pytest-cov | ||
script: | ||
- pytest tests/ --cov=./ --cov-report=xml | ||
artifacts: | ||
reports: | ||
coverage_report: | ||
coverage_format: cobertura | ||
test: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Python | ||
uses: actions/setup-python@v2 | ||
with: | ||
python-version: 3.9 | ||
- name: Install dependencies | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install -r requirements.txt | ||
pip install pytest pytest-cov | ||
- name: List directory contents | ||
run: ls -R | ||
- name: Run tests | ||
run: | | ||
export PYTHONPATH=$PYTHONPATH:$(pwd) | ||
pytest tests/ -v --cov=./ --cov-report=xml | ||
- name: Upload coverage report | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: coverage-report | ||
path: coverage.xml | ||
|
||
build: | ||
stage: build | ||
image: python:3.9 | ||
script: | ||
- pip install pyinstaller | ||
- pyinstaller --onefile main.py | ||
artifacts: | ||
paths: | ||
- dist/main | ||
build: | ||
runs-on: ubuntu-latest | ||
needs: [lint, test] | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Python | ||
uses: actions/setup-python@v2 | ||
with: | ||
python-version: 3.9 | ||
- name: Install dependencies | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install pyinstaller | ||
- name: Build executable | ||
run: pyinstaller --onefile main.py | ||
- name: Upload artifact | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: abap-code-scanner | ||
path: dist/main | ||
|
||
deploy: | ||
stage: deploy | ||
image: python:3.9 | ||
script: | ||
- echo "Deploying application..." | ||
# Add your deployment steps here | ||
only: | ||
- main # This job will only run on the main branch | ||
deploy: | ||
runs-on: ubuntu-latest | ||
needs: build | ||
if: github.ref == 'refs/heads/main' | ||
steps: | ||
- name: Deploy application | ||
run: | | ||
echo "Deploying application..." | ||
# Add your deployment steps here |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
# ABAP Code Scanner Framework | ||
|
||
## Overview | ||
|
||
The ABAP Code Scanner Framework is a powerful tool designed to analyze ABAP (Advanced Business Application Programming) code for potential security vulnerabilities, code quality issues, and best practice violations. This framework provides a flexible and extensible way to scan ABAP code and generate comprehensive reports on various aspects of code security and quality. | ||
|
||
## Features | ||
|
||
- Multiple security checks including: | ||
- Cross-Site Scripting (XSS) vulnerabilities | ||
- Directory Traversal vulnerabilities | ||
- Hardcoded credentials | ||
- Weak cryptographic algorithms | ||
- And many more... | ||
- Customizable and extensible architecture | ||
- Command-line interface for easy integration into CI/CD pipelines | ||
- Detailed reporting in XLSX format | ||
- Configurable scan settings | ||
|
||
## Upcoming Feature: Dataflow Analysis | ||
|
||
We are excited to announce that we are working on implementing a dataflow analysis feature. This enhancement will significantly improve the accuracy and depth of our security scans. | ||
|
||
### What is Dataflow Analysis? | ||
|
||
Dataflow analysis is a technique used to track how data moves through an application. In the context of security, it helps identify how potentially tainted data (e.g., user inputs) propagates through the system and whether it reaches sensitive sinks (e.g., database queries, output functions) without proper sanitization. | ||
|
||
### Planned Functionality | ||
|
||
Our dataflow analysis will: | ||
|
||
- Track parameters and their contents from the beginning of functions, reports, forms, includes, or other ABAP structures. | ||
- Follow the data as it flows through the code, monitoring transformations and assignments. | ||
- Identify potential injection points where tainted data might be used unsafely. | ||
- Provide more accurate and context-aware vulnerability detection. | ||
|
||
This feature will enable the framework to: | ||
- Reduce false positives by understanding the context and transformations of data. | ||
- Detect complex vulnerabilities that simple pattern matching might miss. | ||
- Offer more detailed and actionable reports on potential security issues. | ||
|
||
We're working hard to integrate this feature and will update the framework once it's ready. Stay tuned for updates! | ||
|
||
## Prerequisites | ||
|
||
- Python 3.9 or higher | ||
- pip (Python package installer) | ||
|
||
## Installation | ||
|
||
1. Clone the repository: | ||
``` | ||
git clone https://github.com/yourusername/AbapCodeScannerFramework.git | ||
cd AbapCodeScannerFramework | ||
``` | ||
|
||
2. Install the required dependencies: | ||
``` | ||
pip install -r requirements.txt | ||
``` | ||
|
||
## Usage | ||
|
||
To run the ABAP Code Scanner: | ||
|
||
``` | ||
python main.py path/to/abap/code | ||
``` | ||
|
||
Optional arguments: | ||
- `-c`, `--config`: Path to the configuration file (default: config.yml) | ||
|
||
## Configuration | ||
|
||
The scanner can be configured using a YAML file. By default, it looks for `config.yml` in the project root. You can specify a different configuration file using the `-c` or `--config` option. | ||
|
||
Example configuration: | ||
|
||
```yaml | ||
checks: | ||
- CheckCrossSiteScripting | ||
- CheckSQLInjection | ||
- CheckDirectoryTraversal | ||
|
||
file_extensions: | ||
- .abap | ||
- .txt | ||
|
||
exclude_patterns: | ||
- "**/test/**" | ||
``` | ||
## Adding New Checks | ||
To add a new security check: | ||
1. Create a new Python file in the `checks` directory. | ||
2. Define a class that inherits from a base check class. | ||
3. Implement the required methods, including the main `run` method. | ||
4. Add the new check to the configuration file. | ||
|
||
## Running Tests | ||
|
||
To run the test suite: | ||
|
||
On Windows: | ||
``` | ||
run_tests.bat | ||
``` | ||
|
||
On Unix-like systems: | ||
``` | ||
./run_tests.sh | ||
``` | ||
|
||
## Contributing | ||
|
||
Contributions to the ABAP Code Scanner Framework are welcome! Please feel free to submit pull requests, create issues or spread the word. | ||
|
||
## License | ||
|
||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. | ||
|
||
## Acknowledgments | ||
|
||
- Thanks to all contributors who have helped to improve this framework. | ||
- Special thanks to the ABAP community for their invaluable resources and documentation. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,3 @@ | ||
# checks/check_broken_auth_check.py | ||
|
||
import re | ||
from dataclasses import dataclass | ||
from typing import List | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.