hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Remove flow through stdlib

Browse Source 
This means tests can pass on any machine now 👍
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-14 11:55:22 +02:00
parent 794d04e4c0
commit 1c3cc1fa29
2 changed files with 2 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.ql
View File

@@ -33,6 +33,8 @@ module WebAppConstantSecretKeyConfig implements DataFlow::StateConfigSig {
state = Django() and DjangoConstantSecretKeyConfig::isSource(source)
}
predicate isBarrier(DataFlow::Node node) { node.getLocation().getFile().inStdlib() }
predicate isSink(DataFlow::Node sink, FlowState state) {
state = Flask() and FlaskConstantSecretKeyConfig::isSink(sink)
or

15
python/ql/test/experimental/query-tests/Security/CWE-287-ConstantSecretKey/ConstantSecretKey.expected
View File

@@ -12,10 +12,7 @@ edges
| config.py:12:18:12:26 | ControlFlowNode for aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant |
| config.py:17:38:17:46 | ControlFlowNode for aConstant | config.py:17:18:17:47 | ControlFlowNode for Attribute() |
| config.py:17:38:17:46 | ControlFlowNode for aConstant | config.py:18:43:18:51 | ControlFlowNode for aConstant |
| config.py:17:38:17:46 | ControlFlowNode for aConstant | file:///usr/lib/python3.8/os.py:766:17:766:23 | ControlFlowNode for default |
| config.py:18:43:18:51 | ControlFlowNode for aConstant | config.py:18:18:18:52 | ControlFlowNode for Attribute() |
| file:///usr/lib/python3.8/os.py:766:17:766:23 | ControlFlowNode for default | file:///usr/lib/python3.8/os.py:770:29:770:35 | ControlFlowNode for default |
| file:///usr/lib/python3.8/os.py:770:29:770:35 | ControlFlowNode for default | file:///usr/lib/python3.8/os.py:770:12:770:36 | ControlFlowNode for Attribute() |
nodes
| app_safe.py:5:28:5:37 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
@@ -26,21 +23,13 @@ nodes
| config2.py:5:14:5:24 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| config.py:7:1:7:9 | GSSA Variable aConstant | semmle.label | GSSA Variable aConstant |
| config.py:7:13:7:23 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| config.py:11:18:11:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| config.py:12:18:12:26 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant |
| config.py:12:18:12:26 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant |
| config.py:13:18:13:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| config.py:14:18:14:41 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| config.py:17:18:17:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| config.py:17:38:17:46 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant |
| config.py:18:18:18:52 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| config.py:18:43:18:51 | ControlFlowNode for aConstant | semmle.label | ControlFlowNode for aConstant |
| config.py:19:18:19:37 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
| file:///usr/lib/python3.8/os.py:766:17:766:23 | ControlFlowNode for default | semmle.label | ControlFlowNode for default |
| file:///usr/lib/python3.8/os.py:770:12:770:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| file:///usr/lib/python3.8/os.py:770:29:770:35 | ControlFlowNode for default | semmle.label | ControlFlowNode for default |
subpaths
| config.py:17:38:17:46 | ControlFlowNode for aConstant | file:///usr/lib/python3.8/os.py:766:17:766:23 | ControlFlowNode for default | file:///usr/lib/python3.8/os.py:770:12:770:36 | ControlFlowNode for Attribute() | config.py:17:18:17:47 | ControlFlowNode for Attribute() |
#select
| app_safe.py:5:28:5:37 | ControlFlowNode for Str | app_safe.py:5:28:5:37 | ControlFlowNode for Str | app_safe.py:5:28:5:37 | ControlFlowNode for Str | The SECRET_KEY config variable is assigned by $@. | app_safe.py:5:28:5:37 | ControlFlowNode for Str | this constant String |
| app_unsafe.py:5:28:5:36 | ControlFlowNode for aConstant | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | app_unsafe.py:5:28:5:36 | ControlFlowNode for aConstant | The SECRET_KEY config variable is assigned by $@. | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | this constant String |
@@ -48,10 +37,6 @@ subpaths
| app_unsafe.py:7:30:7:38 | ControlFlowNode for aConstant | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | app_unsafe.py:7:30:7:38 | ControlFlowNode for aConstant | The SECRET_KEY config variable is assigned by $@. | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | this constant String |
| app_unsafe.py:8:36:8:44 | ControlFlowNode for aConstant | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | app_unsafe.py:8:36:8:44 | ControlFlowNode for aConstant | The SECRET_KEY config variable is assigned by $@. | app_unsafe.py:4:13:4:23 | ControlFlowNode for Str | this constant String |
| config2.py:5:14:5:24 | ControlFlowNode for Str | config2.py:5:14:5:24 | ControlFlowNode for Str | config2.py:5:14:5:24 | ControlFlowNode for Str | The SECRET_KEY config variable is assigned by $@. | config2.py:5:14:5:24 | ControlFlowNode for Str | this constant String |
| config.py:11:18:11:38 | ControlFlowNode for Attribute() | config.py:11:18:11:38 | ControlFlowNode for Attribute() | config.py:11:18:11:38 | ControlFlowNode for Attribute() | The SECRET_KEY config variable is assigned by $@. | config.py:11:18:11:38 | ControlFlowNode for Attribute() | this constant String |
| config.py:12:18:12:26 | ControlFlowNode for aConstant | config.py:7:13:7:23 | ControlFlowNode for Str | config.py:12:18:12:26 | ControlFlowNode for aConstant | The SECRET_KEY config variable is assigned by $@. | config.py:7:13:7:23 | ControlFlowNode for Str | this constant String |
| config.py:13:18:13:36 | ControlFlowNode for Attribute() | config.py:13:18:13:36 | ControlFlowNode for Attribute() | config.py:13:18:13:36 | ControlFlowNode for Attribute() | The SECRET_KEY config variable is assigned by $@. | config.py:13:18:13:36 | ControlFlowNode for Attribute() | this constant String |
| config.py:14:18:14:41 | ControlFlowNode for Attribute() | config.py:14:18:14:41 | ControlFlowNode for Attribute() | config.py:14:18:14:41 | ControlFlowNode for Attribute() | The SECRET_KEY config variable is assigned by $@. | config.py:14:18:14:41 | ControlFlowNode for Attribute() | this constant String |
| config.py:17:18:17:47 | ControlFlowNode for Attribute() | config.py:7:13:7:23 | ControlFlowNode for Str | config.py:17:18:17:47 | ControlFlowNode for Attribute() | The SECRET_KEY config variable is assigned by $@. | config.py:7:13:7:23 | ControlFlowNode for Str | this constant String |
| config.py:18:18:18:52 | ControlFlowNode for Attribute() | config.py:7:13:7:23 | ControlFlowNode for Str | config.py:18:18:18:52 | ControlFlowNode for Attribute() | The SECRET_KEY config variable is assigned by $@. | config.py:7:13:7:23 | ControlFlowNode for Str | this constant String |
| config.py:19:18:19:37 | ControlFlowNode for Subscript | config.py:19:18:19:37 | ControlFlowNode for Subscript | config.py:19:18:19:37 | ControlFlowNode for Subscript | The SECRET_KEY config variable is assigned by $@. | config.py:19:18:19:37 | ControlFlowNode for Subscript | this constant String |