Code Analysis with Static Application Security Testing for Python Program

With the increasing popularity of Python for project development, code security and quality have become severe issues for the past few years. The cost of these coding vulnerabilities is hard to estimate and even more costly to fix once the product is released. Besides, the code security audit is inefficient only by manual work, which generally requires tool cooperation. Thus, a Python auditing tool based on Static Application Security Testing (SAST) was developed by integrating multiple technologies. Firstly, the tool preprocesses the code to be detected into the Abstract Syntax Tree (AST) and performs security analysis by studying the context of the AST and combining it with data flow relationships to determine the existence of vulnerabilities and code security by whether security rules are hit or not. Secondly, to enhance the vulnerabilities detection ability, the tool was designed with plug-in architecture, which allows users to redevelop or rewrite specific rules quickly and easily based on this architecture. Experiments have shown that the SAST technology is fast, efficient, and does not need to configure the environment of code running.