Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Python Boosts JAR File Auditor Functionality : Page 3

A Python port of a Java jar file auditor is cleaner in its implementation and more complete in its auditing capabilities. This article presents the Python port, discusses its advantages, and highlights some of the great Python features that allow you to produce robust functionality with minimal code.




Application Security Testing: An Integral Part of DevOps

Python's Dictionary Data Type
To capture and interrelate all of the data elements that I determined, the four dictionaries shown in Table 1 were required.

Table 1. Auditor Dictionaries Used to Track Audit Progress and Report Results
VariableName: Key: Values: Purpose:
master_jar_list Jar file name Tuple(Full jar file name, time modified) Master inventory of all jar file names audited
dup_jar_list Tuple(Full jar file path name, Jar file name) master_jar_list[jarfile] - lookup to the master_jar_list to retrieve this value. Listing of all duplicated jar file names
master_class_name_list Class name Tuple(Full filename, package_name, date modified) Master inventory of all class names audited
dup_class_name_list Tuple(Class name, package name) Tuple(full jar name, date class modified, [List of all jar file locations that contain this class] Listing of all duplicate class names, whether or not the packaging matches

These four data structures suffice to keep a running inventory of the audit process. In the addToAudit( ) method, the following code performs the necessary checks to add the jar file to either the master jar file inventory or the list of duplicate jars:

if(master_jar_list.has_key(jarfile)): #duplicate jar dictionary uses the full file name as the key #the value is a tuple of the *****ADD time modified ********* dup_jar_list[(full_jarname, jarfile)] = master_jar_list[jarfile] else: #master list can use just the X.jar name as the key whereas
the duplicate list must distinguish between #potentially multiple copies of the same file. master_jar_list[jarfile] = (full_jarname, time_modified) #check class files archived in the .jar file readZip(full_jarname, jarfile)

Once the jar file name is evaluated, the last line passes the jar file along to the readZip( ) method, which interrogates the contents of the jar and uses the class-name-specific dictionaries for appropriate auditing:

for aFile in z.filelist: #Master class name list is keyed by class name only and Dup's show
#packaging #this way classes of the same name but with different packaging will be identified
#as duplicates. The file_locations list is an aggregate listing of all the
#places that a class of this exact name and packaging occur. If just the class
#name is the same but the packaging is different then the class will be listed as
#a separate duplicate entry. file_locations = [] if(master_class_list.has_key(class_name)): full_jarname, mod_date = master_jar_list[jar_name_only] if(dup_class_list.has_key(lookup_key)): file_locations = dup_class_list[lookup_key][2] file_locations.append(full_filename) dup_class_list[lookup_key] = (full_jarname, formatted_modified_date,
file_locations) else: #the master_class_list call below returns a tuple of
which the first element is needed file_locations.append(master_class_list[class_name][0]) dup_class_list[lookup_key] = (full_jarname, formatted_modified_date,
file_locations) else: #add to the master class list for the first occurrence master_class_list[class_name]=(full_filename, package_name,

After assembling all the necessary audit results into four dictionaries, the buildXML( ) method loads the dictionaries into an instance of the DictionaryHolder class. This simple manipulation allows an XML document to be generated from the DictionaryHolder object by means of the Gnosis Python XML binding libraries. The following line of code is all that is required to create a valid XML document from the contents of the dictionaries:

#variable o is the reference to the DictionaryHolder object xml_string = xml_pickle.XML_Pickler(o).dumps(deepcopy=1)

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date