pyt icon indicating copy to clipboard operation
pyt copied to clipboard

Published 20 hours ago verified publisher icon python-security

Support class-based views

Open KevinHock opened this issue 7 years ago • 4 comments

I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

KevinHock avatar Aug 03 '18 02:08 KevinHock

cc @davidoc

KevinHock avatar Aug 03 '18 02:08 KevinHock

Hi @KevinHock , I am new to projects ,how can i contribute to this issue? Need some help to start

nightwarriorftw avatar Aug 19 '18 20:08 nightwarriorftw

Hi @nightwarrior-xxx, nice to meet you. Let me know if this helps, it's a rough idea on how to do this:

Read the framework part of the docs

__usage__.py Making https://github.com/python-security/pyt/blob/master/pyt/usage.py#L34 'Flask(Default), Django, Every or Pylons' -> 'Flask(Default), Class-Based Views, Django, Every or Pylons'

__main__.py Adding

    elif args.adaptor and args.adaptor.lower().startswith('c'):
        framework_route_criteria = is_class_based_view_function

See https://github.com/python-security/pyt/pull/75/files for something similar

The part I will leave up to you, unless you would like me to try to figure it out: framework_adaptor.py Use my _get_class_nodes function to iterate through all classes in FrameworkAdaptor. when the is_class_based_view_function function is passed

framework_helper.py Make an is_class_based_view_function function with something that checks endswith, similar to if definition.name.endswith('.get') or definition.name.endswith('.post'):

Extra/Optional, check the class being inherited from ends in View. Do this in _get_class_nodes (to check if it is MethodView/TemplateView etc.) (Or find a counter-example, a base view class that does not end in View, from Flask or Django etc.)

Use my examples/class_based_views/flask_bb.py test file or something similar to write tests

Update the framework part of the docs

KevinHock avatar Aug 21 '18 01:08 KevinHock

It may be possible to look at the class hierarchy of a ClassDef node recursively until you find the View class (or object) since it seems like every view type in Flask ends up inheriting from flask.views.View.

Then if the class does not have flask.views.MethodView in their base classes, look for a method called dispatch_request. On the other hand, if it is a descendant of MethodView then you need to look for methods named as HTTP verbs (as per https://github.com/pallets/flask/blob/master/flask/views.py#L16).

I'm not very familiar with pyt so I'm not sure if this idea fits its current design.

adrianbn avatar Nov 20 '18 00:11 adrianbn