merge in main

2026-04-30 11:15:13 +02:00 · 2022-06-23 09:05:32 +00:00
parent 8bf60301da
commit 140dc1a61e
4448 changed files with 340100 additions and 31408 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql
+++ b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql
@@ -2,7 +2,5 @@ import experimental.meta.InlineTaintTest
 import semmle.python.dataflow.new.BarrierGuards

 class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {
-  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof StringConstCompare
-  }
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof StringConstCompareBarrier }
 }
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
@@ -4,20 +4,14 @@ failures
 isSanitizer
 | TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
 | TestTaintTrackingConfiguration | test.py:34:39:34:39 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test.py:52:28:52:28 | ControlFlowNode for s |
 | TestTaintTrackingConfiguration | test.py:66:10:66:29 | ControlFlowNode for emulated_escaping() |
-isSanitizerGuard
-| TestTaintTrackingConfiguration | test.py:51:8:51:26 | ControlFlowNode for emulated_is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:29:8:29:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:44:8:44:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:49:8:49:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:59:8:59:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:67:12:67:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:87:8:87:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:95:12:95:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:119:8:119:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:142:12:142:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:147:16:147:25 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:152:20:152:29 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_reference.py:30:8:30:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_reference.py:40:8:40:25 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_reference.py:55:8:55:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:30:28:30:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:45:28:45:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:50:28:50:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:89:28:89:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:100:28:100:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:145:28:145:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:148:28:148:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_logical.py:155:28:155:28 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test_reference.py:31:28:31:28 | ControlFlowNode for s |
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql
@@ -1,14 +1,9 @@
 import experimental.meta.InlineTaintTest

-class IsSafeCheck extends DataFlow::BarrierGuard {
-  IsSafeCheck() {
-    this.(CallNode).getNode().getFunc().(Name).getId() in ["is_safe", "emulated_is_safe"]
-  }
-
-  override predicate checks(ControlFlowNode node, boolean branch) {
-    node = this.(CallNode).getAnArg() and
-    branch = true
-  }
+predicate isSafeCheck(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
+  g.(CallNode).getNode().getFunc().(Name).getId() in ["is_safe", "emulated_is_safe"] and
+  node = g.(CallNode).getAnArg() and
+  branch = true
 }

 class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {
@@ -19,17 +14,12 @@ class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {
    )
    or
    node.asExpr().(Call).getFunc().(Name).getId() = "emulated_escaping"
+    or
+    node = DataFlow::BarrierGuard<isSafeCheck/3>::getABarrierNode()
  }
-
-  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { guard instanceof IsSafeCheck }
 }

 query predicate isSanitizer(TestTaintTrackingConfiguration conf, DataFlow::Node node) {
  exists(node.getLocation().getFile().getRelativePath()) and
  conf.isSanitizer(node)
 }
-
-query predicate isSanitizerGuard(TestTaintTrackingConfiguration conf, DataFlow::BarrierGuard guard) {
-  exists(guard.getLocation().getFile().getRelativePath()) and
-  conf.isSanitizerGuard(guard)
-}