hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixing NumpyLoadCall

Browse Source
This commit is contained in:
Maiky
2023-09-17 19:44:48 +02:00
parent 8254d0dd10
commit 1764aa0caf
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
python/ql/lib/semmle/python/frameworks/Numpy.qll
View File

@@ -17,22 +17,26 @@ private module Numpy {
/** /**
* A call to `numpy.load` * A call to `numpy.load`
* See https://pypi.org/project/numpy/ * See https://pypi.org/project/numpy/
*
*/ */
private class PandasReadPickleCall extends Decoding::Range, DataFlow::CallCfgNode { private class NumpyLoadCall extends Decoding::Range, API::CallNode {
PandasReadPickleCall() { NumpyLoadCall() { this = API::moduleImport("numpy").getMember("load").getACall() }
this = API::moduleImport("numpy").getMember("load").getACall() and
this.getArgByName("allow_pickle").asExpr() = any(True t) override predicate mayExecuteInput() {
this.getParameter(2, "allow_pickle")
.getAValueReachingSink()
.asExpr()
.(ImmutableLiteral)
.booleanValue() = true
} }
override predicate mayExecuteInput() { any() } override DataFlow::Node getAnInput() { result = this.getParameter(0, "filename").asSink() }
override DataFlow::Node getAnInput() {
result in [this.getArg(0), this.getArgByName("filename")]
}
override DataFlow::Node getOutput() { result = this } override DataFlow::Node getOutput() { result = this }
override string getFormat() { result = "numpy" } override string getFormat() {
result = "numpy"
or
this.mayExecuteInput() and result = "pickle"
}
} }
} }