hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Re-introduce old dataflow configs .qll files

Browse Source 
and move all the old deprecated aliases to that file. We now have a
situation where all queries should work as they did before, and we just
have these new Query.qll files that contain the implementation.

(deprecation comes later)
This commit is contained in:
Rasmus Wriedt Larsen
2022-03-21 14:32:17 +01:00
parent 1bf8fa6a3b
commit 0125aea91b
25 changed files with 544 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
python/ql/lib/semmle/python/security/dataflow/CleartextLogging.qll Normal file
View File

@@ -0,0 +1,22 @@
/**
* Provides a taint-tracking configuration for "Clear-text logging of sensitive information".
*
* Note, for performance reasons: only import this file if
* `CleartextLogging::Configuration` is needed, otherwise
* `CleartextLoggingCustomizations` should be imported instead.
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.Concepts
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.BarrierGuards
private import semmle.python.dataflow.new.SensitiveDataSources
/**
* Provides a taint-tracking configuration for detecting "Clear-text logging of sensitive information".
*/
module CleartextLogging {
import CleartextLoggingQuery // ignore-query-import
}

22
python/ql/lib/semmle/python/security/dataflow/CleartextStorage.qll Normal file
View File

@@ -0,0 +1,22 @@
/**
* Provides a taint-tracking configuration for "Clear-text storage of sensitive information".
*
* Note, for performance reasons: only import this file if
* `CleartextStorage::Configuration` is needed, otherwise
* `CleartextStorageCustomizations` should be imported instead.
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.Concepts
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.BarrierGuards
private import semmle.python.dataflow.new.SensitiveDataSources
/**
* Provides a taint-tracking configuration for detecting "Clear-text storage of sensitive information".
*/
module CleartextStorage {
import CleartextStorageQuery // ignore-query-import
}

25
python/ql/lib/semmle/python/security/dataflow/CodeInjection.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Provides a taint-tracking configuration for detecting "code injection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `CodeInjection::Configuration` is needed, otherwise
* `CodeInjectionCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "code injection" vulnerabilities.
*/
module CodeInjection {
import CodeInjectionQuery // ignore-query-import
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `CodeInjectionCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class CodeInjectionConfiguration = CodeInjection::Configuration;

7
python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll
View File

@@ -28,10 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `CodeInjectionCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class CodeInjectionConfiguration = CodeInjection::Configuration;

25
python/ql/lib/semmle/python/security/dataflow/CommandInjection.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Provides a taint-tracking configuration for detecting "command injection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `CommandInjection::Configuration` is needed, otherwise
* `CommandInjectionCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "command injection" vulnerabilities.
*/
module CommandInjection {
import CommandInjectionQuery // ignore-query-import
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `CommandInjectionCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class CommandInjectionConfiguration = CommandInjection::Configuration;

7
python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
View File

@@ -28,10 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `CommandInjectionCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class CommandInjectionConfiguration = CommandInjection::Configuration;

24
python/ql/lib/semmle/python/security/dataflow/LdapInjection.qll Normal file
View File

@@ -0,0 +1,24 @@
/**
* Provides taint-tracking configurations for detecting LDAP injection vulnerabilities
*
* Note, for performance reasons: only import this file if
* `LdapInjection::Configuration` is needed, otherwise
* `LdapInjectionCustomizations` should be imported instead.
*/
import python
import semmle.python.Concepts
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.RemoteFlowSources
/**
* Provides aint-tracking configurations for detecting LDAP injection vulnerabilities.class
*
* Two configurations are provided. One is for detecting LDAP injection
* via the distinguished name (DN). The other is for detecting LDAP injection
* via the filter. These require different escapings.
*/
module LdapInjection {
import LdapInjectionQuery // ignore-query-import
}

18
python/ql/lib/semmle/python/security/dataflow/LogInjection.qll Normal file
View File

@@ -0,0 +1,18 @@
/**
* Provides a taint-tracking configuration for tracking untrusted user input used in log entries.
*
* Note, for performance reasons: only import this file if
* `LogInjection::Configuration` is needed, otherwise
* `LogInjectionCustomizations` should be imported instead.
*/
import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for tracking untrusted user input used in log entries.
*/
module LogInjection {
import LogInjectionQuery // ignore-query-import
}

140
python/ql/lib/semmle/python/security/dataflow/PathInjection.qll Normal file
View File

@@ -0,0 +1,140 @@
/**
* Provides taint-tracking configurations for detecting "path injection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `PathInjection::Configuration` is needed, otherwise
* `PathInjectionCustomizations` should be imported instead.
*/
private import python
private import semmle.python.Concepts
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "path injection" vulnerabilities.
*/
module PathInjection {
import PathInjectionQuery // ignore-query-import
}
// ---------------------------------------------------------------------------
// Old, deprecated code
// ---------------------------------------------------------------------------
private import semmle.python.dataflow.new.DataFlow2
private import semmle.python.dataflow.new.TaintTracking2
private import ChainedConfigs12
import PathInjectionCustomizations::PathInjection
// ---------------------------------------------------------------------------
// Case 1. The path is never normalized.
// ---------------------------------------------------------------------------
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Configuration to find paths from sources to sinks that contain no normalization.
*/
deprecated class PathNotNormalizedConfiguration extends TaintTracking::Configuration {
PathNotNormalizedConfiguration() { this = "PathNotNormalizedConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) {
node instanceof Sanitizer
or
node instanceof Path::PathNormalization
}
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Holds if there is a path injection from source to sink, where the (python) path is
* not normalized.
*/
deprecated predicate pathNotNormalized(CustomPathNode source, CustomPathNode sink) {
any(PathNotNormalizedConfiguration config).hasFlowPath(source.asNode1(), sink.asNode1())
}
// ---------------------------------------------------------------------------
// Case 2. The path is normalized at least once, but never checked afterwards.
// ---------------------------------------------------------------------------
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Configuration to find paths from sources to normalizations that contain no prior normalizations.
*/
deprecated class FirstNormalizationConfiguration extends TaintTracking::Configuration {
FirstNormalizationConfiguration() { this = "FirstNormalizationConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Path::PathNormalization }
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
override predicate isSanitizerOut(DataFlow::Node node) { node instanceof Path::PathNormalization }
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Configuration to find paths from normalizations to sinks that do not go through a check.
*/
deprecated class NormalizedPathNotCheckedConfiguration extends TaintTracking2::Configuration {
NormalizedPathNotCheckedConfiguration() { this = "NormalizedPathNotCheckedConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof Path::PathNormalization }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof Path::SafeAccessCheck
or
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Holds if there is a path injection from source to sink, where the (python) path is
* normalized at least once, but never checked afterwards.
*/
deprecated predicate pathNotCheckedAfterNormalization(CustomPathNode source, CustomPathNode sink) {
exists(
FirstNormalizationConfiguration config, DataFlow::PathNode mid1, DataFlow2::PathNode mid2,
NormalizedPathNotCheckedConfiguration config2
|
config.hasFlowPath(source.asNode1(), mid1) and
config2.hasFlowPath(mid2, sink.asNode2()) and
mid1.getNode().asCfgNode() = mid2.getNode().asCfgNode()
)
}
// ---------------------------------------------------------------------------
// Query: Either case 1 or case 2.
// ---------------------------------------------------------------------------
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Holds if there is a path injection from source to sink
*/
deprecated predicate pathInjection(CustomPathNode source, CustomPathNode sink) {
pathNotNormalized(source, sink)
or
pathNotCheckedAfterNormalization(source, sink)
}

121
python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
View File

@@ -75,124 +75,3 @@ import semmle.python.dataflow.new.TaintTracking
class NormalizedUnchecked extends DataFlow::FlowState {
NormalizedUnchecked() { this = "NormalizedUnchecked" }
}
// ---------------------------------------------------------------------------
// Old, deprecated code
// ---------------------------------------------------------------------------
private import semmle.python.dataflow.new.DataFlow2
private import semmle.python.dataflow.new.TaintTracking2
private import ChainedConfigs12
import PathInjectionCustomizations::PathInjection
// ---------------------------------------------------------------------------
// Case 1. The path is never normalized.
// ---------------------------------------------------------------------------
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Configuration to find paths from sources to sinks that contain no normalization.
*/
deprecated class PathNotNormalizedConfiguration extends TaintTracking::Configuration {
PathNotNormalizedConfiguration() { this = "PathNotNormalizedConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) {
node instanceof Sanitizer
or
node instanceof Path::PathNormalization
}
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Holds if there is a path injection from source to sink, where the (python) path is
* not normalized.
*/
deprecated predicate pathNotNormalized(CustomPathNode source, CustomPathNode sink) {
any(PathNotNormalizedConfiguration config).hasFlowPath(source.asNode1(), sink.asNode1())
}
// ---------------------------------------------------------------------------
// Case 2. The path is normalized at least once, but never checked afterwards.
// ---------------------------------------------------------------------------
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Configuration to find paths from sources to normalizations that contain no prior normalizations.
*/
deprecated class FirstNormalizationConfiguration extends TaintTracking::Configuration {
FirstNormalizationConfiguration() { this = "FirstNormalizationConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Path::PathNormalization }
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
override predicate isSanitizerOut(DataFlow::Node node) { node instanceof Path::PathNormalization }
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Configuration to find paths from normalizations to sinks that do not go through a check.
*/
deprecated class NormalizedPathNotCheckedConfiguration extends TaintTracking2::Configuration {
NormalizedPathNotCheckedConfiguration() { this = "NormalizedPathNotCheckedConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof Path::PathNormalization }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof Path::SafeAccessCheck
or
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Holds if there is a path injection from source to sink, where the (python) path is
* normalized at least once, but never checked afterwards.
*/
deprecated predicate pathNotCheckedAfterNormalization(CustomPathNode source, CustomPathNode sink) {
exists(
FirstNormalizationConfiguration config, DataFlow::PathNode mid1, DataFlow2::PathNode mid2,
NormalizedPathNotCheckedConfiguration config2
|
config.hasFlowPath(source.asNode1(), mid1) and
config2.hasFlowPath(mid2, sink.asNode2()) and
mid1.getNode().asCfgNode() = mid2.getNode().asCfgNode()
)
}
// ---------------------------------------------------------------------------
// Query: Either case 1 or case 2.
// ---------------------------------------------------------------------------
/**
* DEPRECATED: Use `PathInjection::Configuration` instead
*
* Holds if there is a path injection from source to sink
*/
deprecated predicate pathInjection(CustomPathNode source, CustomPathNode sink) {
pathNotNormalized(source, sink)
or
pathNotCheckedAfterNormalization(source, sink)
}

18
python/ql/lib/semmle/python/security/dataflow/PolynomialReDoS.qll Normal file
View File

@@ -0,0 +1,18 @@
/**
* Provides a taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `PolynomialReDoS::Configuration` is needed, otherwise
* `PolynomialReDoSCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities.
*/
module PolynomialReDoS {
import PolynomialReDoSQuery // ignore-query-import
}

28
python/ql/lib/semmle/python/security/dataflow/ReflectedXSS.qll Normal file
View File

@@ -0,0 +1,28 @@
/**
* Provides a taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `ReflectedXSS::Configuration` is needed, otherwise
* `ReflectedXSSCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
*/
module ReflectedXss {
import ReflectedXSSQuery // ignore-query-import
}
/** DEPRECATED: Alias for ReflectedXss */
deprecated module ReflectedXSS = ReflectedXss;
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `ReflectedXSSCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class ReflectedXssConfiguration = ReflectedXss::Configuration;

10
python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll
View File

@@ -28,13 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
guard instanceof SanitizerGuard
}
}
/** DEPRECATED: Alias for ReflectedXss */
deprecated module ReflectedXSS = ReflectedXss;
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `ReflectedXSSCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class ReflectedXssConfiguration = ReflectedXss::Configuration;

20
python/ql/lib/semmle/python/security/dataflow/RegexInjection.qll Normal file
View File

@@ -0,0 +1,20 @@
/**
* Provides a taint-tracking configuration for detecting regular expression injection
* vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `RegexInjection::Configuration` is needed, otherwise
* `RegexInjectionCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting regular expression injection
* vulnerabilities.
*/
module RegexInjection {
import RegexInjectionQuery // ignore-query-import
}

45
python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgery.qll Normal file
View File

@@ -0,0 +1,45 @@
/**
* Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `ServerSideRequestForgery::Configuration` is needed, otherwise
* `ServerSideRequestForgeryCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.Concepts
import ServerSideRequestForgeryQuery as ServerSideRequestForgeryQuery // ignore-query-import
/**
* Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
*
* This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
* See `PartialServerSideRequestForgery` for a variant without this requirement.
*
* You should use the `partOfFullyControlledRequest` to only select results where all
* URL parts are fully controlled.
*/
module FullServerSideRequestForgery {
import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
class Configuration = ServerSideRequestForgeryQuery::FullServerSideRequestForgeryConfiguration;
}
/**
* Holds if all URL parts of `request` is fully user controlled.
*/
predicate fullyControlledRequest = ServerSideRequestForgeryQuery::fullyControlledRequest/1;
/**
* Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
*
* This configuration has results, even when the attacker does not have full control over the URL.
* See `FullServerSideRequestForgery` for variant that has this requirement.
*/
module PartialServerSideRequestForgery {
import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
class Configuration = ServerSideRequestForgeryQuery::PartialServerSideRequestForgeryConfiguration;
}

28
python/ql/lib/semmle/python/security/dataflow/SqlInjection.qll Normal file
View File

@@ -0,0 +1,28 @@
/**
* Provides a taint-tracking configuration for detecting "SQL injection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `SqlInjection::Configuration` is needed, otherwise
* `SqlInjectionCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "SQL injection" vulnerabilities.
*/
module SqlInjection {
import SqlInjectionQuery // ignore-query-import
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `SqlInjectionCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class SqlInjectionConfiguration = SqlInjection::Configuration;
/** DEPRECATED: Alias for SqlInjectionConfiguration */
deprecated class SQLInjectionConfiguration = SqlInjectionConfiguration;

10
python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll
View File

@@ -28,13 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `SqlInjectionCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class SqlInjectionConfiguration = SqlInjection::Configuration;
/** DEPRECATED: Alias for SqlInjectionConfiguration */
deprecated class SQLInjectionConfiguration = SqlInjectionConfiguration;

25
python/ql/lib/semmle/python/security/dataflow/StackTraceExposure.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Provides a taint-tracking configuration for detecting "stack trace exposure" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `StackTraceExposure::Configuration` is needed, otherwise
* `StackTraceExposureCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "stack trace exposure" vulnerabilities.
*/
module StackTraceExposure {
import StackTraceExposureQuery // ignore-query-import
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `StackTraceExposureCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class StackTraceExposureConfiguration = StackTraceExposure::Configuration;

7
python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll
View File

@@ -37,10 +37,3 @@ import semmle.python.dataflow.new.TaintTracking
)
}
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `StackTraceExposureCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class StackTraceExposureConfiguration = StackTraceExposure::Configuration;

25
python/ql/lib/semmle/python/security/dataflow/UnsafeDeserialization.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Provides a taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `UnsafeDeserialization::Configuration` is needed, otherwise
* `UnsafeDeserializationCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities.
*/
module UnsafeDeserialization {
import UnsafeDeserializationQuery // ignore-query-import
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `UnsafeDeserializationCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class UnsafeDeserializationConfiguration = UnsafeDeserialization::Configuration;

7
python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll
View File

@@ -28,10 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `UnsafeDeserializationCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class UnsafeDeserializationConfiguration = UnsafeDeserialization::Configuration;

25
python/ql/lib/semmle/python/security/dataflow/UrlRedirect.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Provides a taint-tracking configuration for detecting "URL redirection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `UrlRedirect::Configuration` is needed, otherwise
* `UrlRedirectCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "URL redirection" vulnerabilities.
*/
module UrlRedirect {
import UrlRedirectQuery // ignore-query-import
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `UrlRedirectCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class UrlRedirectConfiguration = UrlRedirect::Configuration;

7
python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll
View File

@@ -28,10 +28,3 @@ import semmle.python.dataflow.new.TaintTracking
guard instanceof SanitizerGuard
}
}
/**
* DEPRECATED: Don't extend this class for customization, since this will lead to bad
* performance, instead use the new `UrlRedirectCustomizations.qll` file, and extend
* its' classes.
*/
deprecated class UrlRedirectConfiguration = UrlRedirect::Configuration;

36
python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashing.qll Normal file
View File

@@ -0,0 +1,36 @@
/**
* Provides a taint-tracking configuration for detecting use of a broken or weak
* cryptographic hashing algorithm on sensitive data.
*
* Note, for performance reasons: only import this file if
* `WeakSensitiveDataHashing::Configuration` is needed, otherwise
* `WeakSensitiveDataHashingCustomizations` should be imported instead.
*/
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.Concepts
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.BarrierGuards
private import semmle.python.dataflow.new.SensitiveDataSources
/**
* Provides a taint-tracking configuration for detecting use of a broken or weak
* cryptographic hash function on sensitive data, that does NOT require a
* computationally expensive hash function.
*/
module NormalHashFunction {
import WeakSensitiveDataHashingQuery::NormalHashFunction // ignore-query-import
}
/**
* Provides a taint-tracking configuration for detecting use of a broken or weak
* cryptographic hashing algorithm on passwords.
*
* Passwords has stricter requirements on the hashing algorithm used (must be
* computationally expensive to prevent brute-force attacks).
*/
module ComputationallyExpensiveHashFunction {
import WeakSensitiveDataHashingQuery::ComputationallyExpensiveHashFunction // ignore-query-import
}

18
python/ql/lib/semmle/python/security/dataflow/XpathInjection.qll Normal file
View File

@@ -0,0 +1,18 @@
/**
* Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `XpathInjection::Configuration` is needed, otherwise
* `XpathInjectionCustomizations` should be imported instead.
*/
private import python
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
/**
* Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
*/
module XpathInjection {
import XpathInjectionQuery // ignore-query-import
}