init

Author: RedRaysTeam

.flake8

@@ -0,0 +1,25 @@
+[flake8]
+# Increase the max line length to 120 characters
+max-line-length = 120
+
+# Ignore specific errors/warnings:
+# E501: Line too long
+# W291: Trailing whitespace
+# E128: Continuation line under-indented for visual indent
+# E126: Continuation line over-indented for hanging indent
+# E127: Continuation line over-indented for visual indent
+# W503: Line break occurred before a binary operator
+# E266: Too many leading '#' for block comment
+ignore = E501, W291, E128, E126, E127, W503, E266, W605, C901
+
+# Exclude some directories from checking
+exclude =
+    .git,
+    __pycache__,
+    build,
+    dist,
+    .venv
+
+
+# Maximum allowed complexity for functions
+max-complexity = 10

.github/workflows/ci.yml

@@ -1,53 +1,79 @@
-stages:
-  - lint
-  - test
-  - build
-  - deploy
+name: CI/CD Pipeline
 
-variables:
-  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip-cache"
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
 
-cache:
-  paths:
-    - .pip-cache/
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8
+    - name: Lint with flake8
+      run: flake8 .
 
-lint:
-  stage: lint
-  image: python:3.9
-  before_script:
-    - pip install flake8
-  script:
-    - flake8 .
-
-test:
-  stage: test
-  image: python:3.9
-  before_script:
-    - pip install -r requirements.txt
-    - pip install pytest pytest-cov
-  script:
-    - pytest tests/ --cov=./ --cov-report=xml
-  artifacts:
-    reports:
-      coverage_report:
-        coverage_format: cobertura
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install pytest pytest-cov
+    - name: List directory contents
+      run: ls -R
+    - name: Run tests
+      run: |
+        export PYTHONPATH=$PYTHONPATH:$(pwd)
+        pytest tests/ -v --cov=./ --cov-report=xml
+    - name: Upload coverage report
+      uses: actions/upload-artifact@v2
+      with:
+        name: coverage-report
         path: coverage.xml
 
-build:
-  stage: build
-  image: python:3.9
-  script:
-    - pip install pyinstaller
-    - pyinstaller --onefile main.py
-  artifacts:
-    paths:
-      - dist/main
+  build:
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pyinstaller
+    - name: Build executable
+      run: pyinstaller --onefile main.py
+    - name: Upload artifact
+      uses: actions/upload-artifact@v2
+      with:
+        name: abap-code-scanner
+        path: dist/main
 
-deploy:
-  stage: deploy
-  image: python:3.9
-  script:
-    - echo "Deploying application..."
-    # Add your deployment steps here
-  only:
-    - main  # This job will only run on the main branch
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/main'
+    steps:
+    - name: Deploy application
+      run: |
+        echo "Deploying application..."
+        # Add your deployment steps here

checks/CheckAbapOutgoingFtpConn.py

@@ -1,16 +1,17 @@
-# checks/check_abap_outgoing_ftp_conn.py
-
 import re
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckAbapOutgoingFtpConn:
     title = "Outgoing FTP Connection"
+    confidence = "Definitive"
     severity = "Low"
     vulnerability_type = "Unencrypted Communications"
 
@@ -26,4 +27,3 @@ def run(self, file_content: str) -> List[CheckResult]:
             line_number = file_content[:match.start()].count('\n') + 1
             return [CheckResult(line_number, match.group().strip())]
         return []
-

checks/CheckBrokenAuthCheck.py

@@ -1,5 +1,3 @@
-# checks/check_broken_auth_check.py
-
 import re
 from dataclasses import dataclass
 from typing import List

checks/CheckCallTransformation.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckCallTransformation:
     title = "XML Injection via \"CALL TRANSFORMATION\""
     severity = "High"

checks/CheckCrossSiteScripting.py

@@ -1,14 +1,14 @@
-# checks/CheckCrossSiteScripting.py
-
 import re
 from dataclasses import dataclass
 from typing import List, Dict
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckCrossSiteScripting:
     title = "Potential Cross-Site Scripting vulnerability"
     severity = "High"
@@ -60,4 +60,4 @@ def run(self, file_content: str) -> List[CheckResult]:
                         results.append(CheckResult(i, line.strip()))
                         break  # Stop searching after finding the first vulnerability in the line
 
-        return results
+        return results

checks/CheckDangerousAbapCommands.py

@@ -1,14 +1,14 @@
-# checks/check_dangerous_abap_commands.py
-
 import re
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDangerousAbapCommands:
     title = "Dangerous ABAP statements"
     severity = "Medium"

checks/CheckDeleteDynpro.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDeleteDynpro:
     title = "Critical actions via deleting a screen"
     severity = "High"

checks/CheckDirectoryTraversalCRstrbReadBuffered.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalCRstrbReadBuffered:
     title = "Path Traversal - CALL C_RSTRB_READ_BUFFERED"
     severity = "Medium"
@@ -23,4 +25,4 @@ def run(self, file_content: str) -> List[CheckResult]:
             if self.pattern2.search(call_statement):
                 line_number = file_content[:match1.start()].count('\n') + 1
                 results.append(CheckResult(line_number, call_statement.strip()))
-        return results
+        return results

checks/CheckDirectoryTraversalCallAlerts.py

@@ -2,11 +2,13 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalCallAlerts:
     title = "Path Traversal - CALL ALERTS"
     severity = "Medium"
@@ -23,4 +25,4 @@ def run(self, file_content: str) -> List[CheckResult]:
             if self.pattern2.search(call_statement):
                 line_number = file_content[:match1.start()].count('\n') + 1
                 results.append(CheckResult(line_number, call_statement.strip()))
-        return results
+        return results

checks/CheckDirectoryTraversalDeleteDataset.py

@@ -1,15 +1,14 @@
-# checks/check_directory_traversal_read_dataset.py
-
 import re
 from dataclasses import dataclass
 from typing import List
-from enum import Enum
+
 
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalDeleteDataset:
     title = "Path Traversal - DELETE DATASET"
     severity = "HIGH"

checks/CheckDirectoryTraversalReadDataset.py

@@ -1,15 +1,14 @@
-# checks/check_directory_traversal_read_dataset.py
-
 import re
 from dataclasses import dataclass
 from typing import List
-from enum import Enum
+
 
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalReadDataset:
     title = "Path Traversal - READ DATASET"
     severity = "HIGH"

checks/CheckDirectoryTraversalRfcRemoteFile.py

@@ -1,21 +1,19 @@
-# checks/check_directory_traversal_rfc_remote_file.py
-
 import re
 from dataclasses import dataclass
 from typing import List
-from enum import Enum
+
 
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalRfcRemoteFile:
     title = "Potential Path Traversal detected - RFC_REMOTE_FILE"
     severity = "HIGH"
     vulnerability_type = "Path Traversal"
 
-
     def __init__(self):
         self.main_pattern = re.compile(
             r"(?ims)^[\s]*(\bCALL FUNCTION\b)(.+?\.)",

checks/CheckDirectoryTraversalTransfer.py

@@ -2,20 +2,24 @@
 from dataclasses import dataclass
 from typing import List
 
+
 @dataclass
 class CheckResult:
     line_number: int
     line_content: str
 
+
 class CheckDirectoryTraversalTransfer:
     title = "Directory traversal via \"TRANSFER\" statement"
     severity = "High"
     vulnerability_type = "Directory Traversal"
 
     def __init__(self):
-        self.transfer_pattern = re.compile(r'(^\s*|\.\s*)TRANSFER\s+[\S]+\s+TO\s+(\w+)\.?', re.IGNORECASE | re.MULTILINE)
+        self.transfer_pattern = re.compile(r'(^\s*|\.\s*)TRANSFER\s+[\S]+\s+TO\s+(\w+)\.?',
+                                           re.IGNORECASE | re.MULTILINE)
         self.validation_pattern = re.compile(r'CALL\s+FUNCTION\s+(\'|\`)FILE_VALIDATE_NAME(\'|\`)', re.IGNORECASE)
-        self.subrc_check_pattern = re.compile(r'(IF\s+sy(st)?-subrc\s*(=|EQ)\s*0|CHECK\s+sy(st)?-subrc\s*(=|EQ)\s*0)', re.IGNORECASE)
+        self.subrc_check_pattern = re.compile(r'(IF\s+sy(st)?-subrc\s*(=|EQ)\s*0|CHECK\s+sy(st)?-subrc\s*(=|EQ)\s*0)',
+                                              re.IGNORECASE)
 
     def run(self, file_content: str) -> List[CheckResult]:
         results = []
@@ -30,7 +34,8 @@ def run(self, file_content: str) -> List[CheckResult]:
 
     def is_filename_validated(self, file_content: str, filename_var: str) -> bool:
         # Check if FILE_VALIDATE_NAME is called with the filename variable
-        validation_call = re.search(rf'CALL\s+FUNCTION\s+(\'|\`)FILE_VALIDATE_NAME(\'|\`).*?{filename_var}', file_content, re.IGNORECASE | re.DOTALL)
+        validation_call = re.search(rf'CALL\s+FUNCTION\s+(\'|\`)FILE_VALIDATE_NAME(\'|\`).*?{filename_var}',
+                                    file_content, re.IGNORECASE | re.DOTALL)
         if validation_call:
             # Check if there's a proper subrc check after the validation
             validation_pos = validation_call.start()