DevSecOps in Practice

Understanding Abstract Syntax Trees (ASTs)

An Abstract Syntax Tree (AST) is a hierarchical, tree-like representation of a program's source code. It captures the essential structure and logic of the code, with each node in the tree symbolizing a specific construct or element from the source.

When source code is transformed into an AST, only the structural and semantic details are retained, while extraneous information is omitted. Key elements preserved in an AST include:

• Variable types and the locations where they are declared.
• The order and definition of executable statements.
• The left and right operands of binary operations.
• Identifiers and the values assigned to them.

ASTs play a critical role in representing the structure of source code in a way that is easy to analyze. Typically generated during the syntax analysis phase of compilation, an AST acts as an intermediate representation of the program. It guides us through various stages of processing and significantly influences the final output. ASTs are used in static code analysis. Tools can traverse the AST to detect syntax errors, identify problematic code patterns, and perform optimizations—all without executing it.

To better understand how an AST works, consider the following Python code snippet:

while b != 0:
    if a > b:
        a = a - b
    else:
        b = b - a
return a

A simplified AST visual representation of this code snippet would look like this:

To get the AST programmatically in Python, you can use the ast module, which is part of the Python standard library. This is an example:

# Run a python script from the command line
python3 <<END
import