stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: add stella-callgraph-node for JavaScript/TypeScript call graph extraction

Browse Source 
- Implemented a new tool `stella-callgraph-node` that extracts call graphs from JavaScript/TypeScript projects using Babel AST.
- Added command-line interface with options for JSON output and help.
- Included functionality to analyze project structure, detect functions, and build call graphs.
- Created a package.json file for dependency management.

feat: introduce stella-callgraph-python for Python call graph extraction

- Developed `stella-callgraph-python` to extract call graphs from Python projects using AST analysis.
- Implemented command-line interface with options for JSON output and verbose logging.
- Added framework detection to identify popular web frameworks and their entry points.
- Created an AST analyzer to traverse Python code and extract function definitions and calls.
- Included requirements.txt for project dependencies.

chore: add framework detection for Python projects

- Implemented framework detection logic to identify frameworks like Flask, FastAPI, Django, and others based on project files and import patterns.
- Enhanced the AST analyzer to recognize entry points based on decorators and function definitions.
This commit is contained in:
master
2025-12-19 18:11:59 +02:00
parent 951a38d561
commit 8779e9226f
130 changed files with 19011 additions and 422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/SinkTaxonomy.cs
View File

@@ -44,7 +44,35 @@ public enum SinkCategory
/// <summary>Authorization bypass (e.g., JWT none alg, missing authz check)</summary>
[JsonStringEnumMemberName("AUTHZ_BYPASS")]
AuthzBypass
AuthzBypass,
/// <summary>LDAP injection (e.g., DirContext.search with user input)</summary>
[JsonStringEnumMemberName("LDAP_INJECTION")]
LdapInjection,
/// <summary>XPath injection (e.g., XPath.evaluate with user input)</summary>
[JsonStringEnumMemberName("XPATH_INJECTION")]
XPathInjection,
/// <summary>XML External Entity injection (XXE)</summary>
[JsonStringEnumMemberName("XXE")]
XxeInjection,
/// <summary>Code/expression injection (e.g., eval, ScriptEngine)</summary>
[JsonStringEnumMemberName("CODE_INJECTION")]
CodeInjection,
/// <summary>Log injection (e.g., unvalidated user input in logs)</summary>
[JsonStringEnumMemberName("LOG_INJECTION")]
LogInjection,
/// <summary>Reflection-based attacks (e.g., Class.forName with user input)</summary>
[JsonStringEnumMemberName("REFLECTION")]
Reflection,
/// <summary>Open redirect (e.g., sendRedirect with user-controlled URL)</summary>
[JsonStringEnumMemberName("OPEN_REDIRECT")]
OpenRedirect
}
/// <summary>