hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Port missing host key query

Browse Source
This commit is contained in:
Taus Brock-Nannestad
2021-02-23 22:26:03 +01:00
parent f65843a273
commit 002d0fe565
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
View File

@@ -10,25 +10,23 @@
*/
import python
import semmle.python.ApiGraphs
private ModuleValue theParamikoClientModule() { result = Value::named("paramiko.client") }
private ClassValue theParamikoSSHClientClass() {
result = theParamikoClientModule().attr("SSHClient")
private API::Node unsafe_paramiko_policy(string name) {
name in ["AutoAddPolicy", "WarningPolicy"] and
result = API::moduleImport("paramiko").getMember("client").getMember(name)
}
private ClassValue unsafe_paramiko_policy(string name) {
(name = "AutoAddPolicy" or name = "WarningPolicy") and
result = theParamikoClientModule().attr(name)
private API::Node paramikoSSHClientInstance() {
result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn()
}
from CallNode call, ControlFlowNode arg, string name
where
call =
theParamikoSSHClientClass().lookup("set_missing_host_key_policy").(FunctionValue).getACall() and
call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall().asCfgNode() and
arg = call.getAnArg() and
(
arg.pointsTo(unsafe_paramiko_policy(name)) or
arg.pointsTo().getClass() = unsafe_paramiko_policy(name)
arg = unsafe_paramiko_policy(name).getAUse().asCfgNode() or
arg = unsafe_paramiko_policy(name).getReturn().getAUse().asCfgNode()
)
select call, "Setting missing host key policy to " + name + " may be unsafe."