Skip to content
/ pyt Public
forked from python-security/pyt

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

License

GPL-2.0 license
0 stars 239 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tdelam/pyt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,190 Commits
example
example
 
 
profiling
profiling
 
 
pyt
pyt
 
 
readme_static_files
readme_static_files
 
 
scan_results
scan_results
 
 
tests
tests
 
 
.codeclimate.yml
.codeclimate.yml
 
 
.coveragerc
.coveragerc
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.travis.yml
.travis.yml
 
 
CONTRIBUTIONS.md
CONTRIBUTIONS.md
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
Makefile
Makefile
 
 
README.rst
README.rst
 
 
analyse_scan_results.py
analyse_scan_results.py
 
 
django_open_source_apps.csv
django_open_source_apps.csv
 
 
flask_open_source_apps.csv
flask_open_source_apps.csv
 
 
func_counter.py
func_counter.py
 
 
make_dependency_graph.sh
make_dependency_graph.sh
 
 
pydocstyle.py
pydocstyle.py
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

https://travis-ci.org/python-security/pyt.svg?branch=master https://readthedocs.org/projects/pyt/badge/?version=latest

Python Taint

Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis)

Features

  • Detect Command injection
  • Detect SQL injection
  • Detect XSS
  • Detect directory traversal
  • Get a control flow graph
  • Get a def-use and/or a use-def chain
  • Search GitHub and analyse hits with PyT
  • Scan intraprocedural or interprocedural
  • A lot of customisation possible

Example usage and output:

https://raw.githubusercontent.com/python-security/pyt/master/readme_static_files/pyt_example.png

Install

  1. git clone https://github.com/python-security/pyt.git
  2. cd pyt/
  3. python setup.py install
  4. pyt -h

Usage from Source

Using it like a user python -m pyt -f example/vulnerable_code/XSS_call.py save -du

Running the tests python -m tests

Running an individual test file python -m unittest tests.import_test

Running an individual test python -m unittest tests.import_test.ImportTest.test_import

Contributions

Join our slack group: https://pyt-dev.slack.com/ - ask for invite: [email protected]

Guidelines

Virtual env setup guide