├── README.md
├── flaskapp.py
├── sastgrep.py
├── static
    └── logo_sast.png
└── templates
    ├── demo.html
    ├── index.html
    └── uf.html


/README.md:
--------------------------------------------------------------------------------
 1 | # sastgriper
 2 | A simple grep user interface for searching code which can be used for SAST.
 3 | 
 4 | Before you start reading this I want to make sure the whole project is based upon this grep command.
 5 | 
 6 | grep -irnE  “regexp” ./pathtoFolder. 
 7 | 
 8 | I haven’t done anything new or I m not even bragging. I m starting and posting this for feedbacks and features which are going to be added in the upcoming versions. Feel free to give any suggestions, feedback.
 9 | I have only added a user interface where you can click a button which is mentioning your desired file and a visual studio code’s window will be opened and the cursor will directly point to that line number. You can add a breakpoint directly to the line number it in visual studio code.
10 | 
11 | # Requirements
12 | 
13 | 1.Flask Must be installed.
14 | 
15 | 2.Make sure you have visual studio code installed on your system and 'code' command for visual studio code must be configured with your environment.
16 | 
17 | # WriteUp
18 | 
19 | https://mohitdabas.wordpress.com/2019/09/20/sastgriper-finding-vulnerable-code-via-grep/
20 | 


--------------------------------------------------------------------------------
/flaskapp.py:
--------------------------------------------------------------------------------
 1 | from flask import Flask,render_template,jsonify,request,json
 2 | import sastgrep
 3 | import os
 4 | import pickle
 5 | app=Flask(__name__)
 6 | 
 7 | FolderMark=''
 8 | 
 9 | @app.route('/')
10 | def index_page():
11 |     return render_template('index.html')
12 | 
13 | @app.route('/demo')
14 | def demo():
15 |     return render_template('demo.html')
16 | 
17 | @app.route('/uf')
18 | def uf():
19 |     return render_template('uf.html')
20 | 
21 | 
22 | @app.route('/folder_mark',methods=['GET','POST'])
23 | def folder_mark():
24 |     global FolderMark
25 |     FolderMark=request.form['FolderMarked']
26 |     FileObject=open("fm",'wb')
27 |     pickle.dump(FolderMark,FileObject)
28 |     FileObject.close()
29 |     return jsonify(FolderMark)
30 | 
31 | @app.route('/get_regex',methods=['GET','POST'])
32 | def get_regex():
33 |     RegExp=request.form['Regexp']
34 |     FileObject=open("fm",'rb')
35 |     FolderMark=pickle.load(FileObject)
36 |     print(FolderMark)
37 |     Data=sastgrep.command_rec(RegExp,FolderMark)
38 |     return jsonify(Data)
39 | 
40 | @app.route('/open_viscode',methods=['GET','POST'])
41 | def open_viscode():
42 |     PathNLineNum=request.form['PathNLineNum']
43 |     os.system("code -g "+PathNLineNum)
44 |     return jsonify(PathNLineNum)
45 | 
46 | 
47 | if __name__=='__main__':
48 |     app.run(debug=True)
49 | 
50 | 


--------------------------------------------------------------------------------
/sastgrep.py:
--------------------------------------------------------------------------------
 1 | 
 2 | import shlex,subprocess,html
 3 | import re
 4 | def initate_grep_command(Args):
 5 |    try: 
 6 |     Output=subprocess.check_output(Args)
 7 |     return Output
 8 |    except:
 9 |        Output="Grep Command Was Insuccessful"
10 |        return Output
11 | 
12 | 
13 | def sort_data_from_grep_command(CommandOutput):
14 |     SastDataDict={}
15 |     SastDataDict['data']=[]
16 |     CommandOutput=CommandOutput.decode('utf-8')
17 |     CommandOutput=CommandOutput.split('\n')
18 |     for EachLine in CommandOutput:
19 |        if len(EachLine)>2:
20 |          
21 |          try:   
22 |            TempList=[]
23 |            SplitInfo=re.split("(\d{1,}:)",EachLine)
24 |           
25 |            TempFileName=SplitInfo[0].replace(':','')
26 |            TempLineNumber=SplitInfo[1].replace(':','')
27 |            TempCode=html.escape(SplitInfo[2])
28 |            TempList.append(TempFileName)
29 |            TempList.append(TempLineNumber)
30 |            TempList.append(TempCode)
31 |        
32 |            SastDataDict['data'].append(TempList)
33 |          except:
34 |             pass   
35 |     print (SastDataDict)       
36 |     return SastDataDict       
37 | 
38 | def command_rec(Command,FolderMarked):
39 |     Command='''grep -irnE '''+''' --exclude=*.sample "'''+Command+'" '+FolderMarked
40 |     print(Command)
41 |     Args=shlex.split(Command)
42 |     print(Args)
43 |     CommandOutput=initate_grep_command(Args)
44 |     print(CommandOutput)
45 |     if CommandOutput=="Grep Command Was Insuccessful":
46 |         return "Grep Command Was Insuccessful"
47 |     Data=sort_data_from_grep_command(CommandOutput)
48 |     return Data
49 | 
50 | 
51 | 
52 | 
53 | 
54 | 


--------------------------------------------------------------------------------
/static/logo_sast.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MohitDabas/sastgriper/c553cd7cba15ba3dd04d8e049e0bb23ec78e870c/static/logo_sast.png


--------------------------------------------------------------------------------
/templates/demo.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1">
 6 |     <title>SASTGriper</title>
 7 |     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.5/css/bulma.min.css">
 8 |     <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
 9 |     <script src="https://code.jquery.com/jquery-1.10.2.js"></script>
10 |     
11 |     <style>
12 |         #lol {
13 |                  background: url("{{url_for('static',filename='logo_sast.png')}}") no-repeat center center;
14 |                  background-size: cover;
15 |                  width: 200px;
16 |                  height: 200px;
17 |                      }
18 |     </style>
19 |   </head>
20 |   <body>
21 | 
22 | 
23 |         <nav class="navbar" role="navigation" aria-label="main navigation">
24 |                 <div class="navbar-brand">
25 |                   <a class="navbar-item" href="/">
26 |                     <img src="{{url_for('static',filename='logo_sast.png')}}" id="lol">
27 |                   </a>
28 |               
29 |                   <a role="button" class="navbar-burger burger" aria-label="menu" aria-expanded="false" data-target="navbarBasicExample">
30 |                     <span aria-hidden="true"></span>
31 |                     <span aria-hidden="true"></span>
32 |                     <span aria-hidden="true"></span>
33 |                   </a>
34 |                 </div>
35 |               
36 |                 <div id="navbarBasicExample" class="navbar-menu">
37 |                   <div class="navbar-start">
38 |                     <a class="navbar-item" href="/">
39 |                       Home
40 |                     </a>
41 |               
42 |                     <a class="navbar-item" href="/demo">
43 |                       Demo
44 |                     </a>
45 | 
46 |                     <a class="navbar-item" href="/uf">
47 |                             Upcoming Features
48 |                           </a>
49 |               
50 |                     
51 |                   </div>
52 |               
53 |                   <div class="navbar-end">
54 |                     <div class="navbar-item">
55 |                       <div class="buttons">
56 |                             <a class="button" href="https://github.com/MohitDabas/sastgriper">
57 |                                     <span class="icon">
58 |                                       <i class="fab fa-github"></i>
59 |                                     </span>
60 |                                     <span>GitHub</span>
61 |                                   </a>
62 |                        
63 |                       </div>
64 |                     </div>
65 |                   </div>
66 |                 </div>
67 |             </nav>
68 |             
69 | 
70 |             <div class="columns">
71 |                
72 |                     <div class="column is-three-fifths is-offset-one-fifth">
73 |                       <div class="box">
74 |                         <p class="title is-5">For Demo and Working Please Visit This Url.</p>
75 |                         <a href="https://mohitdabas.wordpress.com/2019/09/20/sastgriper-finding-vulnerable-code-via-grep/">Writeup</a>
76 |                       </div>
77 |                     </div>
78 |                   </div>
79 | 
80 | 
81 | 
82 | 
83 | 
84 | 
85 |       
86 | 
87 | 
88 | 
89 | 
90 | 
91 |   </body>
92 |   </html>  


--------------------------------------------------------------------------------
/templates/index.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html>
  3 |   <head>
  4 |     <meta charset="utf-8">
  5 |     <meta name="viewport" content="width=device-width, initial-scale=1">
  6 |     <title>SASTGriper</title>
  7 |     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.5/css/bulma.min.css">
  8 |     <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
  9 |     <script src="https://code.jquery.com/jquery-1.10.2.js"></script>
 10 |     <script>
 11 |       function open_visual_code(PathNLineNum){
 12 |           var FormFormat= new FormData();
 13 |           FormFormat.append('PathNLineNum',PathNLineNum);
 14 |           $.ajax({
 15 |             url:"/open_viscode",
 16 |             type:'POST',
 17 |             data:FormFormat,
 18 |             success:function (data){
 19 |               console.log(data);
 20 |             },
 21 |             cache:false,
 22 |             contentType:false,
 23 |             processData:false
 24 | 
 25 |         });
 26 |       } 
 27 |     
 28 |     
 29 |     </script>
 30 |     <script>
 31 |     $(function(){
 32 |       $('#FolderMark').on('click',function(){
 33 |         var FolderMark=$('input[name="FolderMarkInput"]').val();
 34 |         console.log(FolderMark);
 35 |         var FormFormat= new FormData(); //form data formating to be sent in ajax
 36 |         FormFormat.append('FolderMarked',FolderMark);
 37 | 
 38 |         $.ajax({
 39 |            url:"/folder_mark",
 40 |            type:'POST',
 41 |            data:FormFormat,
 42 |            success:function(data){
 43 |               console.log(data);
 44 |            },
 45 |            cache:false,
 46 |            contentType:false,
 47 |            processData:false
 48 |         });
 49 |       })
 50 | 
 51 | 
 52 |       $('#RegexButton').on('click',function(){
 53 |         var Regexpr=$('input[name="Regex"]').val();
 54 |         console.log(Regexpr);
 55 |         HtmlForFileName=document.getElementsByClassName('box')[2];
 56 |         HtmlForFileName.innerHTML='';
 57 |         var FormFormat= new FormData();
 58 |         FormFormat.append('Regexp',Regexpr);
 59 |         $.ajax({
 60 |            url:"/get_regex",
 61 |            type:'POST',
 62 |            data:FormFormat,
 63 |            success:function(data){
 64 |               console.log(data);
 65 |               if(data=="Grep Command Was Insuccessful")
 66 |               {
 67 |                   alert("Grep Command Failed");
 68 |               }
 69 |               else{
 70 |               for (i=0;i<data['data'].length;i++)
 71 |               {
 72 |                 for(j=0;j<data['data'][i].length;j++)
 73 |                 {
 74 |                   if (j==0)
 75 |                   {
 76 |                   console.log('FileName:'+data['data'][i][j]);
 77 |                   HtmlForFileName=document.getElementsByClassName('box')[2];
 78 |                   HtmlForFileName.innerHTML+= '<p class="subtitle is-5">'+data['data'][i][j]+'</p><a class="button"  id='+data['data'][i][j]+':'+data['data'][i][j+1]+' onClick="open_visual_code(this.id)">Open This File In Visual Studio</a><br/><br/>';
 79 |                   
 80 |                   }
 81 |                   if(j==1)
 82 |                   {
 83 |                     console.log('Linenum:'+data['data'][i][j]);
 84 |                     HtmlForFileName.innerHTML+='<table class="table">   <tr class="is-selected"><th>'+data['data'][i][j]+'.</th>';
 85 |                   }
 86 |                   if(j==2)
 87 |                   {
 88 |                     console.log('Code:'+data['data'][i][j]);
 89 |                     HTMLForCode=document.getElementsByClassName('is-selected')[i];
 90 |                     HTMLForCode.innerHTML+='<td>'+data['data'][i][j]+'</td>';
 91 |                   }
 92 | 
 93 |                 }
 94 |               }
 95 |               }
 96 | 
 97 | 
 98 | 
 99 | 
100 | 
101 | 
102 | 
103 | 
104 |            },
105 |            cache:false,
106 |            contentType:false,
107 |            processData:false
108 |         });
109 | 
110 | 
111 | 
112 |       })
113 | 
114 | 
115 |     });
116 |     
117 |     
118 |     
119 |     </script>
120 |     <style>
121 |         #lol {
122 |                  background: url("{{url_for('static',filename='logo_sast.png')}}") no-repeat center center;
123 |                  background-size: cover;
124 |                  width: 200px;
125 |                  height: 200px;
126 |                      }
127 |     </style>
128 |   </head>
129 |   <body>
130 | 
131 | 
132 |         <nav class="navbar" role="navigation" aria-label="main navigation">
133 |                 <div class="navbar-brand">
134 |                   <a class="navbar-item" href="/">
135 |                     <img src="{{url_for('static',filename='logo_sast.png')}}" id="lol">
136 |                   </a>
137 |               
138 |                   <a role="button" class="navbar-burger burger" aria-label="menu" aria-expanded="false" data-target="navbarBasicExample">
139 |                     <span aria-hidden="true"></span>
140 |                     <span aria-hidden="true"></span>
141 |                     <span aria-hidden="true"></span>
142 |                   </a>
143 |                 </div>
144 |               
145 |                 <div id="navbarBasicExample" class="navbar-menu">
146 |                   <div class="navbar-start">
147 |                     <a class="navbar-item" href="/">
148 |                       Home
149 |                     </a>
150 |               
151 |                     <a class="navbar-item" href="demo">
152 |                       Demo
153 |                     </a>
154 | 
155 |                     <a class="navbar-item" href="uf">
156 |                             Upcoming Features
157 |                           </a>
158 |               
159 |                     
160 |                   </div>
161 |               
162 |                   <div class="navbar-end">
163 |                     <div class="navbar-item">
164 |                       <div class="buttons">
165 |                             <a class="button" href="https://github.com/MohitDabas/sastgriper">
166 |                                     <span class="icon">
167 |                                       <i class="fab fa-github"></i>
168 |                                     </span>
169 |                                     <span>GitHub</span>
170 |                                   </a>
171 |                        
172 |                       </div>
173 |                     </div>
174 |                   </div>
175 |                 </div>
176 |             </nav>
177 |             
178 | 
179 |             <div class="columns">
180 |                
181 |                     <div class="column is-three-fifths is-offset-one-fifth">
182 |                       <div class="box">
183 |                         <p class="title is-5">Mark Your Folder Here</p>
184 |                         <input class="input" type="text"  placeholder="Folder Path" name="FolderMarkInput"><br/><br/>
185 |                         <a class="button" id ="FolderMark">MarkIt!</a>
186 |                       </div>
187 |                     </div>
188 |                   </div>
189 | 
190 | 
191 | 
192 | 
193 | 
194 |                   <div class="columns">
195 |                
196 |                         <div class="column is-three-fifths is-offset-one-fifth">
197 |                           <div class="box">
198 |                             <p class="title is-5">Fire your Filters Here</p>
199 |                             <a class="button" id="RegexButton">Filter!</a><br/><br/>
200 |                             <input class="input" type="text" name="Regex" placeholder="Regex Filters">
201 |                             
202 |                           </div>
203 |                         </div>
204 |                       </div>
205 | 
206 | 
207 |                       <div class="columns">
208 |                
209 |                           <div class="column is-three-fifths is-offset-one-fifth">
210 |                             <div class="box">
211 |                               <p class="title is-5">Results</p>
212 |                             
213 |                             
214 | 
215 |                              
216 |                               
217 |                             </div>
218 |                           </div>
219 |                         </div>
220 |       
221 | 
222 | 
223 | 
224 | 
225 | 
226 |   </body>
227 |   </html>  


--------------------------------------------------------------------------------
/templates/uf.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1">
 6 |     <title>SASTGriper</title>
 7 |     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.5/css/bulma.min.css">
 8 |     <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
 9 |     <script src="https://code.jquery.com/jquery-1.10.2.js"></script>
10 |     
11 |     <style>
12 |         #lol {
13 |                  background: url("{{url_for('static',filename='logo_sast.png')}}") no-repeat center center;
14 |                  background-size: cover;
15 |                  width: 200px;
16 |                  height: 200px;
17 |                      }
18 |     </style>
19 |   </head>
20 |   <body>
21 | 
22 | 
23 |         <nav class="navbar" role="navigation" aria-label="main navigation">
24 |                 <div class="navbar-brand">
25 |                   <a class="navbar-item" href="/">
26 |                     <img src="{{url_for('static',filename='logo_sast.png')}}" id="lol">
27 |                   </a>
28 |               
29 |                   <a role="button" class="navbar-burger burger" aria-label="menu" aria-expanded="false" data-target="navbarBasicExample">
30 |                     <span aria-hidden="true"></span>
31 |                     <span aria-hidden="true"></span>
32 |                     <span aria-hidden="true"></span>
33 |                   </a>
34 |                 </div>
35 |               
36 |                 <div id="navbarBasicExample" class="navbar-menu">
37 |                   <div class="navbar-start">
38 |                     <a class="navbar-item" href="/">
39 |                       Home
40 |                     </a>
41 |               
42 |                     <a class="navbar-item" href="/demo">
43 |                       Demo
44 |                     </a>
45 | 
46 |                     <a class="navbar-item" href="/uf">
47 |                             Upcoming Features
48 |                           </a>
49 |               
50 |                     
51 |                   </div>
52 |               
53 |                   <div class="navbar-end">
54 |                     <div class="navbar-item">
55 |                       <div class="buttons">
56 |                             <a class="button" href="https://github.com/MohitDabas/sastgriper">
57 |                                     <span class="icon">
58 |                                       <i class="fab fa-github"></i>
59 |                                     </span>
60 |                                     <span>GitHub</span>
61 |                                   </a>
62 |                        
63 |                       </div>
64 |                     </div>
65 |                   </div>
66 |                 </div>
67 |             </nav>
68 |             
69 | 
70 |             <div class="columns">
71 |                
72 |                     <div class="column is-three-fifths is-offset-one-fifth">
73 |                       <div class="box">
74 |                         <p class="title is-5">Collecting Feedback.Will be updated shortly.</p>
75 |                         
76 |                       </div>
77 |                     </div>
78 |                   </div>
79 | 
80 | 
81 | 
82 | 
83 | 
84 | 
85 |       
86 | 
87 | 
88 | 
89 | 
90 | 
91 |   </body>
92 |   </html>  


--------------------------------------------------------------------------------