Skip to main content

A Python package with tools for the detection of SQL injection vulnerabilities in projects.

Project description

CI Backend Tests

Evase Analysis Library

This library intends to help users detect SQL Injection vulnerabilities from their source code. It has several structures that take-in Python source code and use abstract-syntax trees (ASTs) to analyze for such vulnerabilities. The code was initially part of a much bigger project, but as to provide separation of concerns, the functionality for detecting the SQL injection-related vulnerabilities was separated out into this package.

Usage

This package was developed initially with the intention that it be used in the Backend for the Evase web-application, so it is structured as such. To use it in a program, the user first needs to specify information pertaining to the project.

The user is able to analyze the project with an instance of the AnalysisPerformer class.

from evase.structures.analysisperformer import AnalysisPerformer

code_analyzer = AnalysisPerformer(
    project_name="myProject",
    project_root="<filepath to root>"
)

code_analyzer.perform_analysis()

print(code_analyzer.get_results())

# optionally, output to JSON
code_analyzer.results_to_JSON("<output directory>")

Behind the scenes, this instance is performing multiple traversals of the abstract syntax trees (ASTs) generated from the source code in the project.

Installation

The package will be installable via PyPI. For now clone the repository, and run the following command:

pip install .

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

evase-analysis-1.0.4.tar.gz (27.0 kB view hashes)

Uploaded Source

Built Distribution

evase_analysis-1.0.4-py3-none-any.whl (38.0 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page