class libpastis.sast.SASTAlert[source]

Class representing an alert in a somewhat abstract SAST tool. Its used to perform alert driven testing.

file: str

Severity of the alert (e.g: Review, Error, Critical ..)

static from_json(data: dict) SASTAlert[source]

Create a SASTAlert object from the JSON data provided.


data – JSON data of the alert


SASTAlert instance, initialized with the JSON

function: str

line of code (in the file)

line: int

Source file impacted

params: list

Type of the alert BoF, UaF (in the convention of the SAST)

raw_line: str

Function impacted

severity: str

Taxonomy of the alert (e.g: CWE, CVE, MISRA checker, ..)

taxonomy: str

Additional parameters of the alert (list)

to_dict() dict[source]

Export the alert attribute to a valid JSON dictionnary that can be written to file.


JSON dict of the alert serialized

type: str

Unique ID of the alert


Validation: True if the alert has been validated (as a true positive by a checker)


Coverage: True if the alert has been covered (path leading there)

class libpastis.sast.SASTReport[source]

SAST report. Manages a list of SAST alerts taken from a report.

add_alert(alert: SASTAlert) None[source]

Add an alert in the report. This function is solely meant to be used by the report parser


alert – Alert object to add in the report

all_alerts_validated() bool[source]

Checks if all alerts have been validated (and thus covered)


True if all alerts are covered and vulns validated

static from_file(file: str | Path) SASTReport[source]

Parse the given file into a SAST report object.


file – path to report


SASTReport object

static from_json(data: str | bytes) SASTReport[source]

Parse the given string into a SAST report object.


data – serialized report in JSON


SASTReport object

get_stats() Tuple[int, int, int][source]

Get stats about the report. The results is a triple with the number of alerts covered, validated and total.


triple of covered, validated, totoal number of alerts

iter_alerts() List[SASTAlert][source]

Iterate all the alerts of the report. :return: list of alerts

to_json() str[source]

Export the current state of the alerts within a JSON dictionnary.


JSON serialized report

write(out_file) None[source]

Export the current state of the alerts within a JSON dictionary.


out_file – Output file path

write_csv(file: Path) None[source]

Write the report as a csv into the given file.


file – CSV file to write