c and python tagging enhancements (#110)

prabhu · web-flow · commit 496500095db2 · 2025-05-02T20:15:16.000+01:00
* Python enhancements

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;

---------

Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/build.sbt b/build.sbt
@@ -1,6 +1,6 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "2.3.8"
+ThisBuild / version      := "2.3.9"
 ThisBuild / scalaVersion := "3.6.2"
 
 val cpgVersion = "1.0.1"
diff --git a/codemeta.json b/codemeta.json
@@ -7,7 +7,7 @@
   "downloadUrl": "https://github.com/AppThreat/chen",
   "issueTracker": "https://github.com/AppThreat/chen/issues",
   "name": "chen",
-  "version": "2.3.8",
+  "version": "2.3.9",
   "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.",
   "applicationCategory": "code-analysis",
   "keywords": [
diff --git a/meta.yaml b/meta.yaml
@@ -1,4 +1,4 @@
-{% set version = "2.3.8" %}
+{% set version = "2.3.9" %}
 
 package:
   name: chen
diff --git a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala
@@ -43,6 +43,8 @@ class CdxPass(atom: Cpg) extends CpgPass(atom):
       )
 
   private def PY_REQUEST_PATTERNS = Array(".*views.py:<module>.*")
+  private def PY_RESPONSE_PATTERNS =
+      Array(".*views.py:.*HttpResponse.*", ".*views.py:.*render.*", ".*views.py:.*get_object_.*")
 
   private def containsRegex(str: String) =
     val reChars = "[](){}*+&|?.,\\$"
@@ -94,6 +96,12 @@ class CdxPass(atom: Cpg) extends CpgPass(atom):
                     dstGraph
                   )
               )
+          PY_RESPONSE_PATTERNS
+              .foreach(p =>
+                  atom.method.fullName(p).parameter.newTagNode("framework-output").store()(
+                    dstGraph
+                  )
+              )
         components.foreach { comp =>
           val PURL_TYPE = "purl"
           val compPurl  = comp.hcursor.downField(PURL_TYPE).as[String].getOrElse("")
diff --git a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/EasyTagsPass.scala b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/EasyTagsPass.scala
@@ -14,12 +14,17 @@ class EasyTagsPass(atom: Cpg) extends CpgPass(atom):
   override def run(dstGraph: DiffGraphBuilder): Unit =
     atom.method.internal.name(".*(valid|check).*").newTagNode("validation").store()(dstGraph)
     atom.method.internal.name("is[A-Z].*").newTagNode("validation").store()(dstGraph)
+    atom.method.internal.name("is_[a-z].*").newTagNode("validation").store()(dstGraph)
+    atom.method.internal.name("has_[a-z].*").newTagNode("validation").store()(dstGraph)
     atom.method.internal.name(".*(encode|escape|sanit).*").newTagNode("sanitization").store()(
       dstGraph
     )
     atom.method.internal.name(".*(login|authenti).*").newTagNode("authentication").store()(
       dstGraph
     )
+    atom.method.internal.name(".*(has_perm|get_perms).*").newTagNode("authentication").store()(
+      dstGraph
+    )
     atom.method.internal.name(".*(authori).*").newTagNode("authorization").store()(dstGraph)
     if language == Languages.JSSRC || language == Languages.JAVASCRIPT then
       // Tag cli source
@@ -65,6 +70,23 @@ class EasyTagsPass(atom: Cpg) extends CpgPass(atom):
     then
       atom.method.internal.name("main").parameter.newTagNode("cli-source").store()(dstGraph)
       atom.method.internal.name("wmain").parameter.newTagNode("cli-source").store()(dstGraph)
+      atom.method.internal.name(".*(ucm_|ucbuf_|event).*").parameter.newTagNode("event").store()(
+        dstGraph
+      )
+      atom.method.internal.name(".*(ucm_|ucbuf_|event).*").parameter.newTagNode("framework-input")
+          .store()(
+            dstGraph
+          )
+      // TODO: Find a way to make these generic
+      Seq("json", "glibc", "regex", "decode", "wasm", "execution", "unicode", "utf8").foreach {
+          stag =>
+            atom.method.external.name(s".*${stag}.*").callIn(NoResolve).argument.newTagNode(stag)
+                .store()(dstGraph)
+            atom.method.external.name(s".*${stag}.*").callIn(NoResolve).argument.newTagNode(
+              "library-call"
+            )
+                .store()(dstGraph)
+      }
       atom.method.external.name("(cuda|curl_|BIO_).*").parameter.newTagNode(
         "library-call"
       ).store()(
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "appthreat-chen"
-version = "2.3.8"
+version = "2.3.9"
 description = "Code Hierarchy Exploration Net (chen)"
 authors = ["Team AppThreat <cloud@appthreat.com>"]
 license = "Apache-2.0"

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-{% set version = "2.3.8" %}`
	`1`	`+{% set version = "2.3.9" %}`
`2`	`2`
`3`	`3`	`package:`
`4`	`4`	`name: chen`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,8 @@ class CdxPass(atom: Cpg) extends CpgPass(atom):`
`43`	`43`	`)`
`44`	`44`
`45`	`45`	`private def PY_REQUEST_PATTERNS = Array(".views.py:<module>.")`
	`46`	`+ private def PY_RESPONSE_PATTERNS =`
	`47`	`+ Array(".views.py:.HttpResponse.", ".views.py:.render.", ".views.py:.get_object_.*")`
`46`	`48`
`47`	`49`	`private def containsRegex(str: String) =`
`48`	`50`	`val reChars = "[](){}*+&\|?.,\\$"`
`@@ -94,6 +96,12 @@ class CdxPass(atom: Cpg) extends CpgPass(atom):`
`94`	`96`	`dstGraph`
`95`	`97`	`)`
`96`	`98`	`)`
	`99`	`+ PY_RESPONSE_PATTERNS`
	`100`	`+ .foreach(p =>`
	`101`	`+ atom.method.fullName(p).parameter.newTagNode("framework-output").store()(`
	`102`	`+ dstGraph`
	`103`	`+ )`
	`104`	`+ )`
`97`	`105`	`components.foreach { comp =>`
`98`	`106`	`val PURL_TYPE = "purl"`
`99`	`107`	`val compPurl = comp.hcursor.downField(PURL_TYPE).as[String].getOrElse("")`