search

SourceCode-AI / aura

Python source code auditing and static analysis on a large scale
GNU General Public License v3.0
487 stars 31 forks source link

Main file to run AURA #20

Open KarthickRaja2002 opened 1 year ago

KarthickRaja2002 commented 1 year ago

@RootLUG @mirzazulfan

I need to embed AURA with my project. I want to run aura through my project without installing it. For that I need to know which is the main file to run aura. May I know which is the main file to run aura without installing it?

Thank you.

RootLUG commented 1 year ago

Hello @KarthickRaja2002 , It may not be entirely functional if you run it that way. Aura has a modular/plug-in architecture and this is used also for a lot of built-in functionality/analyzers. It's using the "entrypoints" underneath to load every analyzer, output formats etc... Those entrypoints would be missing if you run aura without installing, it would probably run but won't detect anything as most of the functionality would be missing due to missing entrypoints to load them. You can see a a list of all entrypoints bundled by default in the pyprojects.toml file under sections "tool.poetry.plugins.*". So you would need to find a way how to register entrypoints without installing Aura or monkey-patch the function that loads them to load them in some other way.

Anyway, if you want to run the Aura as a library/module, the main scripts are located under aura/cli.py which is where the cli interface is implemented (using click). I suggest to first take a look there at the function "scan" which is the main thing from cli if you want to scan some file via Aura to see what arguments it is taking from cli and how to format/convert them for Aura. This function is then calling aura.commands.scan_uri which does the actual scanning and everything around and this is the function you want to call if you want to use aura as a module/library in some other project. Almost all the possible functions used by Aura are defined under the aura.commands module while aura.cli is just exposing them via click/cli interface, converting arguments into more suitable format/objects and then calling corresponding functions ifrom the aura.commands

This is how you can run Aura as a library/integrating it, but like I mentioned you will most likely have an issue with entrypoints missing. Entrypoints are loaded in the aura.plugins module, specifically get_analyzers function and you would most likely need to patch it to load all the builtin analyzers without existing entrypoints.