Calls to external program from Python

Introduction

Python, often used to glue together different components of an application, provides various mechanisms to call external programs. By supporting these calls the analyzer can provide the linkage between different technology layers:

Supported API methods Link Type Caller Callee
os.system callLink Python callable artifact Python Call to Java Program, Python Call to Generic Program
os.popen callLink Python callable artifact Python Call to Java Program, Python Call to Generic Program
subprocess.call callLink Python callable artifact Python Call to Java Program, Python Call to Generic Program
subprocess.check_call callLink Python callable artifact Python Call to Java Program, Python Call to Generic Program
subprocess.run callLink Python callable artifact Python Call to Java Program, Python Call to Generic Program
subprocess.Popen callLink Python callable artifact Python Call to Java Program, Python Call to Generic Program

Technologies currently handled by the Python Analyzer

The Python analyzer currently supports calls to the following technologies

  • Cobol
  • Java: classes and .jar
  • Python
  • Shell

The Java technology is specific and has its own object because links are made using the fullname of the class, package and class name. Furthermore, the link is not made to the class object but directly to its main method. Indeed, Java program can only be called if they contain a main method.

Examples

When a call to an external program is analyzed by the Python analyzer, the following transactions can be found at the end of analysis:

Example of call to an external program

import subprocess
from subprocess import Popen

subprocess.call('/bin/java com.cast.Classe')
cmd = './hello.sh'
popen = Popen(cmd)

CAST Enlighten screenshot of call to an external program

Python code can also call a different Python program via the python (or jython) executable. Then the analyzer will create, as shown before, “Python Call to Generic Program” objects and they will be linked to the corresponding “Python Main” objects during application level analysis via web service linker extension. For example launch.py will invoke the run.py script in the code below

# launch.py

import subprocess
from subprocess import Popen

cmd = 'python run.py'
popen = Popen(cmd)

where the target code contains a code block in the top-level script environment (signaled by the “if __name__ …” structure).

# run.py

def run():
    print("running...")

if __name__=="__main__":
    run()

so as a results we would have