(Ready for review) Support for beautiful relative imports

.gitignore

@@ -1,3 +1,6 @@
+# OS X
+.DS_Store
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
@@ -61,4 +64,4 @@ target/
 #Ipython Notebook
 .ipynb_checkpoints
 *~
-*#
+*#

example/import_test_project/A.py

@@ -1,2 +1,8 @@
 def B(s):
     return s
+
+def C(s):
+    return s + "see"
+
+def D(s):
+    return s + "dee"

example/import_test_project/all.py

@@ -0,0 +1,6 @@
+from all_folder.has_all import *
+
+
+LemonGrass()
+# MangoYuzu is not defined because it is not in __all__
+MangoYuzu()

example/import_test_project/all_folder/has_all.py

@@ -0,0 +1,9 @@
+__all__ = [
+    'LemonGrass'
+]
+
+def LemonGrass():
+    print ('LemonGrass')
+
+def MangoYuzu():
+    print ('MangoYuzu')

example/import_test_project/all_folder/no_all.py

@@ -0,0 +1,5 @@
+def _LemonGrass():
+    print ('LemonGrass')
+
+def MangoYuzu():
+    print ('MangoYuzu')

example/import_test_project/foo/bar.py

@@ -0,0 +1,2 @@
+def H(s):
+    return s + "end"

example/import_test_project/from_directory.py

@@ -0,0 +1,3 @@
+from foo import bar
+
+bar.H('hey')

example/import_test_project/from_dot.py

@@ -0,0 +1,4 @@
+from . import A
+
+
+c = A.B('sss')

example/import_test_project/import_as.py

@@ -0,0 +1,4 @@
+from A import B
+import A as foo
+b = B('str')
+c = foo.B('sss')

example/import_test_project/init.py

@@ -0,0 +1,4 @@
+import init_file_folder
+
+
+init_file_folder.Eataly()

example/import_test_project/init_file_folder/__init__.py

@@ -0,0 +1 @@
+from .nested_folder import StarbucksVisitor as Eataly

example/import_test_project/init_file_folder/nested_folder/__init__.py

@@ -0,0 +1 @@
+from .starbucks import StarbucksVisitor

example/import_test_project/init_file_folder/nested_folder/starbucks.py

@@ -0,0 +1,3 @@
+class StarbucksVisitor(object):
+  def __init__(self):
+    print ("Iced Mocha")

example/import_test_project/multiple_files/A.py

@@ -0,0 +1,2 @@
+def cosme(s):
+    return s + "aaa"

example/import_test_project/multiple_files/B.py

@@ -0,0 +1,2 @@
+def foo(s):
+    return s + "bee"

example/import_test_project/multiple_files/C.py

@@ -0,0 +1,2 @@
+def foo(s):
+    return s + "see"

example/import_test_project/multiple_files/D.py

@@ -0,0 +1,2 @@
+def foo(s):
+    return s + "dee"

example/import_test_project/multiple_files_with_aliases.py

@@ -0,0 +1,7 @@
+from .multiple_files import A, B as keens, C as per_se, D as duck_house
+
+
+a = A.cosme('tlayuda')
+b = keens.foo('mutton')
+c = per_se.foo('tasting')
+d = duck_house.foo('peking')

example/import_test_project/multiple_functions_with_aliases.py

@@ -0,0 +1,6 @@
+from .A import B as keens, C, D as duck_house
+
+
+a = keens('mutton')
+b = C('tasting')
+c = duck_house('peking')

example/import_test_project/no_all.py

@@ -0,0 +1,6 @@
+from all_folder.no_all import *
+
+
+# _LemonGrass is not defined because it starts with _
+_LemonGrass()
+MangoYuzu()

example/import_test_project/other_dir/from_dot_dot.py

@@ -0,0 +1,4 @@
+from .. import A
+
+
+c = A.B('sss')

example/import_test_project/other_dir/relative_between_folders.py

@@ -0,0 +1,3 @@
+from ..foo.bar import H
+
+result = H('hey')

example/import_test_project/relative_from_directory.py

@@ -0,0 +1,5 @@
+# Must be run as module via -m
+from .foo import bar
+
+
+bar.H('hey')

example/import_test_project/relative_level_1.py

@@ -0,0 +1,4 @@
+from .A import B
+import A
+b = B('str')
+c = A.B('sss')

example/import_test_project/relative_level_2.py

@@ -0,0 +1,4 @@
+from ..A import B
+import A
+b = B('str')
+c = A.B('sss')

example/nested_functions_code/nested_function_calls.py

@@ -0,0 +1 @@
+abc = print(foo('bar'))

example/vulnerable_code/command_injection.py

@@ -1,5 +1,5 @@
-from flask import Flask, request, render_template
 import subprocess
+from flask import Flask, render_template, request
 
 app = Flask(__name__)
 
@@ -28,7 +28,7 @@ def clean():
 
     with open('menu.txt','r') as f:
         menu = f.read()
-    
+
     return render_template('command_injection.html', menu=menu)
 
 if __name__ == '__main__':

example/vulnerable_code/inter_command_injection.py

@@ -0,0 +1,38 @@
+import subprocess
+from flask import Flask, render_template, request
+
+
+app = Flask(__name__)
+
+@app.route('/')
+def index():
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+def shell_the_arg(arg):
+    subprocess.call(arg, shell=True)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    shell_the_arg('echo ' + param + ' >> ' + 'menu.txt')
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+@app.route('/clean')
+def clean():
+    subprocess.call('echo Menu: > menu.txt', shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code/inter_command_injection_2.py

@@ -0,0 +1,39 @@
+import subprocess
+from flask import Flask, render_template, request
+
+
+app = Flask(__name__)
+
+@app.route('/')
+def index():
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+def return_the_arg(foo):
+    return foo
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    command = return_the_arg('echo ' + param + ' >> ' + 'menu.txt')
+    subprocess.call(command, shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+@app.route('/clean')
+def clean():
+    subprocess.call('echo Menu: > menu.txt', shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/absolute_from_file_command_injection.py

@@ -0,0 +1,20 @@
+from flask import Flask, render_template, request
+
+from other_file import shell_the_arg
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    shell_the_arg('echo ' + param + ' >> ' + 'menu.txt')
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/absolute_from_file_command_injection_2.py

@@ -0,0 +1,22 @@
+import subprocess
+from flask import Flask, render_template, request
+
+from other_file import return_the_arg
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    command = return_the_arg('echo ' + param + ' >> ' + 'menu.txt')
+    subprocess.call(command, shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/absolute_from_file_does_not_exist.py

@@ -0,0 +1,22 @@
+import subprocess
+from flask import Flask, render_template, request
+
+from other_file import does_not_exist
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    command = does_not_exist('echo ' + param + ' >> ' + 'menu.txt')
+    subprocess.call(command, shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/import_file_command_injection.py

@@ -0,0 +1,20 @@
+from flask import Flask, render_template, request
+
+import other_file
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    other_file.shell_the_arg('echo ' + param + ' >> ' + 'menu.txt')
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/import_file_command_injection_2.py

@@ -0,0 +1,22 @@
+import subprocess
+from flask import Flask, render_template, request
+
+import other_file
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    command = other_file.return_the_arg('echo ' + param + ' >> ' + 'menu.txt')
+    subprocess.call(command, shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/import_file_does_not_exist.py

@@ -0,0 +1,22 @@
+import subprocess
+from flask import Flask, render_template, request
+
+import other_file
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    command = other_file.does_not_exist('echo ' + param + ' >> ' + 'menu.txt')
+    subprocess.call(command, shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)

example/vulnerable_code_across_files/no_false_positive_absolute_from_file_command_injection_3.py

@@ -0,0 +1,22 @@
+import subprocess
+from flask import Flask, render_template, request
+
+from other_file import return_constant_string
+
+
+app = Flask(__name__)
+
+@app.route('/menu', methods=['POST'])
+def menu():
+    param = request.form['suggestion']
+
+    command = return_constant_string('echo ' + param + ' >> ' + 'menu.txt')
+    subprocess.call(command, shell=True)
+
+    with open('menu.txt','r') as f:
+        menu = f.read()
+
+    return render_template('command_injection.html', menu=menu)
+
+if __name__ == '__main__':
+    app.run(debug=True)