Fix undetected tests

2026-02-22 18:03:39 +01:00 · 2021-07-25 01:51:52 +02:00
parent b83b31cc7a
commit 1dd77f167a
4 changed files with 17 additions and 13 deletions
--- a/python/ql/src/experimental/semmle/python/frameworks/XML.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/XML.qll
@@ -142,6 +142,8 @@ private module XML {
      exists(XMLParser xmlParser |
        xmlParser.mayBeDangerous() and this.getArgByName("parser").getALocalSource() = xmlParser
      )
+      or
+      not exists(this.getArgByName("parser"))
    }
  }

--- a/python/ql/src/experimental/semmle/python/security/XXE.qll
+++ b/python/ql/src/experimental/semmle/python/security/XXE.qll
@@ -19,17 +19,19 @@ class XXEFlowConfig extends TaintTracking::Configuration {

  override predicate isSink(DataFlow::Node sink) {
    exists(XMLParsing xmlParsing | xmlParsing.mayBeDangerous() and sink = xmlParsing.getAnInput())
+    or
+    exists(XMLParser xmlParser | sink = xmlParser.getAnInput() and xmlParser.mayBeDangerous())
  }

  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
    guard instanceof StringConstCompare
  }

-  override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeIn) {
+  override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
    exists(DataFlow::CallCfgNode ioCalls |
      ioCalls = API::moduleImport("io").getMember(["StringIO", "BytesIO"]).getACall() and
-      nodeFrom = ioCalls and
-      nodeIn = ioCalls.getArg(0)
+      nodeFrom = ioCalls.getArg(0) and
+      nodeTo = ioCalls
    )
  }
 }