A Python package with tools for the detection of SQL injection vulnerabilities in projects.
Project description
Evase Analysis Library
This library intends to help users detect SQL Injection vulnerabilities from their source code. It has several structures that take-in Python source code and use abstract-syntax trees (ASTs) to analyze for such vulnerabilities. The code was initially part of a much bigger project, but as to provide separation of concerns, the functionality for detecting the SQL injection-related vulnerabilities was separated out into this package.
Usage
This package was developed initially with the intention that it be used in the Backend for the Evase web-application, so it is structured as such. To use it in a program, the user first needs to specify information pertaining to the project.
The user is able to analyze the project with an instance of the AnalysisPerformer
class.
from evase.structures.analysisperformer import AnalysisPerformer
code_analyzer = AnalysisPerformer(
project_name="myProject",
project_root="<filepath to root>"
)
code_analyzer.perform_analysis()
print(code_analyzer.get_results())
# optionally, output to JSON
code_analyzer.results_to_JSON("<output directory>")
Behind the scenes, this instance is performing multiple traversals of the abstract syntax trees (ASTs) generated from the source code in the project.
Installation
The package will be installable via PyPI. For now clone the repository, and run the following command:
pip install .
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for evase_analysis-1.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0428ffc766f14946c9a0f285311f80b4fcc8d9f3b907ee6415b876b02d9e495c |
|
MD5 | ae1baaa8eecca6642306d8b49422ee98 |
|
BLAKE2b-256 | 0beaa295897dbef598481b8dd33127ece7904d353f4cfb7795f91e249ddfed10 |