{"id":28489326,"url":"https://github.com/git-afsantos/bonsai","last_synced_at":"2025-09-13T16:15:52.159Z","repository":{"id":47338577,"uuid":"106196660","full_name":"git-afsantos/bonsai","owner":"git-afsantos","description":"Simplified interface for syntax trees and program models.","archived":false,"fork":false,"pushed_at":"2023-01-16T09:56:43.000Z","size":242,"stargazers_count":16,"open_issues_count":7,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-28T19:04:01.529Z","etag":null,"topics":["abstract-syntax-tree","ast","cpp","parsing","python","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/git-afsantos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["git-afsantos"]}},"created_at":"2017-10-08T17:43:34.000Z","updated_at":"2024-05-31T16:12:13.000Z","dependencies_parsed_at":"2023-02-10T02:31:12.909Z","dependency_job_id":null,"html_url":"https://github.com/git-afsantos/bonsai","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/git-afsantos/bonsai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git-afsantos%2Fbonsai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git-afsantos%2Fbonsai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git-afsantos%2Fbonsai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git-afsantos%2Fbonsai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/git-afsantos","download_url":"https://codeload.github.com/git-afsantos/bonsai/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git-afsantos%2Fbonsai/sbom","scorecard":{"id":427774,"data":{"date":"2025-08-11","repo":{"name":"github.com/git-afsantos/bonsai","commit":"262151cb94ad8e4f6af48c0d27dd127db1c091de"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 3/23 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.6.2 not signed: https://api.github.com/repos/git-afsantos/bonsai/releases/34507242","Warn: release artifact v0.6.2 does not have provenance: https://api.github.com/repos/git-afsantos/bonsai/releases/34507242"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T02:37:14.861Z","repository_id":47338577,"created_at":"2025-08-19T02:37:14.861Z","updated_at":"2025-08-19T02:37:14.861Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274989953,"owners_count":25386556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-13T02:00:10.085Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abstract-syntax-tree","ast","cpp","parsing","python","static-analysis"],"created_at":"2025-06-08T06:36:28.759Z","updated_at":"2025-09-13T16:15:52.151Z","avatar_url":"https://github.com/git-afsantos.png","language":"Python","readme":"# Bonsai\nBonsai is an attempt to provide a miniature and refined representation for the\noften cumbersome **syntax trees** and **program models**.\nThis idea, of providing a *smaller tree* that is more or less the same thing,\nis where the name comes from.\n\nThis work started as part of an analysis tool that I am developing for my own\nresearch. I am interested in analysing [ROS](http://www.ros.org/)\nrobotics applications, which are often written in C++.\nSince free C++ analysis tools are *rather scarce*, I tried\nto come up with my own, using the Python bindings of the `clang` compiler.\nAt the moment of this writing, I am aware that these bindings are incomplete\nin terms of AST information they provide.\n\nAs this analysis tool developed, I realized that the C++ analysis features\nare independent of ROS or any other framework, and that this kind of tool\nmight be useful for someone else, either as is, or as a starting point for\nsomething else.\n\n## Features\nBonsai provides an interface to represent, analyse or manipulate programs.\nThe model it uses is abstract enough to serve as a basis for specific language\nimplementations, although it focuses more on imperative/object-oriented\nlanguages for now.\n\nWhat to expect from **bonsai**:\n\n  - classes for the different **entities of a program** (e.g. variables, functions, etc.);\n  - extended classes for **specific programming languages** (only C++ for now);\n  - **parser implementations**, able to take a file and produce a model (e.g. `clang` for C++);\n  - extensible interface to **manipulate and query** the resulting model (e.g. find calls for a function);\n  - a console script to use as a standalone application.\n\n## Installation\nHere are some instructions to help you get bonsai.\nBonsai has been tested with *Linux Ubuntu* and *Python 2.7*,\nbut the platform should not make much of a difference.\nDependencies are minimal, and depend on what you want to analyse.\n\nSince at the moment there is only a single implementation for C++\nusing clang 3.8, you will need to install `libclang` and the\n[`clang.cindex` bindings](https://github.com/llvm-mirror/clang/tree/master/bindings/python)\n(`pip install clang`) to parse C++ files. Skip this if you want to use\nthe library in any other way.\n\n### Method 1: Running Without Installation\n\nOpen a terminal, and move to a directory where you want to clone this\nrepository.\n\n```bash\ngit clone https://github.com/git-afsantos/bonsai.git\n```\n\nThere is an executable script in the root of this repository to help you get started.\nIt allows you to run bonsai without installing it. Make sure that your terminal is at\nthe root of the repository.\n\n```bash\ncd bonsai\npython bonsai-runner.py \u003cargs\u003e\n```\n\nYou can also run it with the executable package syntax.\n\n```bash\npython -m bonsai \u003cargs\u003e\n```\n\n### Method 2: Installing Bonsai on Your Machine\n\nBonsai is now available on [PyPi](https://pypi.python.org/pypi/bonsai-code).\nYou can install it from source or from a wheel.\n\n```bash\n[sudo] pip install bonsai-code\n```\n\nThe above command will install bonsai for you. Alternatively, download and extract its\nsource, move to the project's root directory, and then execute the following.\n\n```bash\npython setup.py install\n```\n\nAfter installation, you should be able to run the command `bonsai` in your terminal\nfrom anywhere.\n\n## Examples\nThe `cpp_example.py` script at the root of this repository is a small example on\nhow to parse a C++ file and then find all references to a variable `a` in that file.\nIn it, you can see parser creation\n\n```python\nparser = CppAstParser(workspace = \"examples/cpp\")\n```\n\naccess to the global (top level, or root) scope of the program, and obtaining\na pretty string representation of everything that goes in it\n\n```python\nparser.global_scope.pretty_str()\n```\n\ngetting a list of all references to variable `a`, starting the search from\nthe top of the program (global scope)\n\n```python\nCodeQuery(parser.global_scope).all_references.where_name(\"a\").get()\n```\n\nand accessing diverse properties from the returned `CodeReference` objects,\nsuch as file line and column (`cppobj.line`, `cppobj.column`), the type of the\nobject (`cppobj.result`), what is it a reference of (`cppobj.reference`,\nin this case a `CodeVariable`) and an attempt to interpret the program and\nresolve the reference to a concrete value (`resolve_reference(cppobj)`).\n\nDo note that **resolving expressions and references is still experimental**,\nand more often that not will not be able to produce anything useful.\n\nThis is the pretty string output for a program that defines a class `C`\nand a couple of functions.\n\n```\nclass C:\n  C():\n    [declaration]\n\n  void m(int a):\n    [declaration]\n\n  int x_ = None\n\nC():\n  x_ = 0\n\nvoid m(int a):\n  a = (a + 2) * 3\n  this.x_ = a\n\nint main(int argc, char ** argv):\n  C c = new C()\n  c.m(42)\n  C * c1 = new C()\n  C * c2 = new C()\n  new C()\n  delete(c1)\n  delete(c2)\n  return 0\n```\n\nThe pretty string representation, as seen, is a sort of pseudo-language, inspired\nin the Python syntax, even though the parsed program is originally in C++.\n\nFor more details on what you can get from the various program entities, check out\nthe source for the [abstract model](bonsai/model.py) and then the language-specific\nimplementation of your choice.\n","funding_links":["https://github.com/sponsors/git-afsantos"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgit-afsantos%2Fbonsai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgit-afsantos%2Fbonsai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgit-afsantos%2Fbonsai/lists"}