From 21d5fa836b3a7d020ba45e8b8168b145a9772131 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 17 Feb 2023 12:22:20 +0100 Subject: [PATCH] Python: Autoformat --- python/ql/lib/semmle/python/Concepts.qll | 3 +- .../dataflow/new/internal/DataFlowPrivate.qll | 3 +- .../lib/semmle/python/frameworks/Aiohttp.qll | 24 +++++--- .../semmle/python/frameworks/Cryptodome.qll | 18 ++++-- .../semmle/python/frameworks/Cryptography.qll | 15 +++-- .../lib/semmle/python/frameworks/Django.qll | 45 +++++++++----- .../lib/semmle/python/frameworks/Fabric.qll | 9 ++- .../lib/semmle/python/frameworks/FastApi.qll | 24 +++++--- .../ql/lib/semmle/python/frameworks/Flask.qll | 12 ++-- .../ql/lib/semmle/python/frameworks/Lxml.qll | 3 +- .../semmle/python/frameworks/MarkupSafe.qll | 6 +- .../lib/semmle/python/frameworks/Peewee.qll | 3 +- .../python/frameworks/RestFramework.qll | 16 +++-- .../ql/lib/semmle/python/frameworks/Rsa.qll | 6 +- .../semmle/python/frameworks/Starlette.qll | 3 +- .../lib/semmle/python/frameworks/Stdlib.qll | 60 ++++++++++++------- .../lib/semmle/python/frameworks/Tornado.qll | 12 ++-- .../lib/semmle/python/frameworks/Twisted.qll | 18 ++++-- .../lib/semmle/python/frameworks/Werkzeug.qll | 3 +- python/ql/src/Security/CWE-327/PyOpenSSL.qll | 3 +- ...ClientSuppliedIpUsedInSecurityCheckLib.qll | 9 ++- 21 files changed, 196 insertions(+), 99 deletions(-) diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll index b4d2a64cb45..c8c900eb03d 100644 --- a/python/ql/lib/semmle/python/Concepts.qll +++ b/python/ql/lib/semmle/python/Concepts.qll @@ -1019,7 +1019,8 @@ module Http { * Extend this class to refine existing API models. If you want to model new APIs, * extend `CsrfLocalProtectionSetting::Range` instead. */ - class CsrfLocalProtectionSetting extends DataFlow::Node instanceof CsrfLocalProtectionSetting::Range { + class CsrfLocalProtectionSetting extends DataFlow::Node instanceof CsrfLocalProtectionSetting::Range + { /** * Gets a request handler whose CSRF protection is changed. */ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll index 12ced9d4fdd..7b3234bfedb 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll @@ -110,7 +110,8 @@ class SyntheticPreUpdateNode extends Node, TSyntheticPreUpdateNode { * func(1, 2, 3) */ class SynthStarArgsElementParameterNode extends ParameterNodeImpl, - TSynthStarArgsElementParameterNode { + TSynthStarArgsElementParameterNode +{ DataFlowCallable callable; SynthStarArgsElementParameterNode() { this = TSynthStarArgsElementParameterNode(callable) } diff --git a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll index d9a1f4c519f..54decc5dcb8 100644 --- a/python/ql/lib/semmle/python/frameworks/Aiohttp.qll +++ b/python/ql/lib/semmle/python/frameworks/Aiohttp.qll @@ -59,7 +59,8 @@ module AiohttpWebModel { * Extend this class to refine existing API models. If you want to model new APIs, * extend `AiohttpRouteSetup::Range` instead. */ - class AiohttpRouteSetup extends Http::Server::RouteSetup::Range instanceof AiohttpRouteSetup::Range { + class AiohttpRouteSetup extends Http::Server::RouteSetup::Range instanceof AiohttpRouteSetup::Range + { override Parameter getARoutedParameter() { none() } override string getFramework() { result = "aiohttp.web" } @@ -252,7 +253,8 @@ module AiohttpWebModel { } /** A request handler defined in an `aiohttp.web` view class, that has no known route. */ - private class AiohttpViewClassRequestHandlerWithoutKnownRoute extends Http::Server::RequestHandler::Range { + private class AiohttpViewClassRequestHandlerWithoutKnownRoute extends Http::Server::RequestHandler::Range + { AiohttpViewClassRequestHandlerWithoutKnownRoute() { exists(AiohttpViewClass vc | vc.getARequestHandler() = this) and not exists(AiohttpRouteSetup setup | setup.getARequestHandler() = this) @@ -440,7 +442,8 @@ module AiohttpWebModel { * handler is invoked. */ class AiohttpRequestHandlerRequestParam extends Request::InstanceSource, RemoteFlowSource::Range, - DataFlow::ParameterNode { + DataFlow::ParameterNode + { AiohttpRequestHandlerRequestParam() { exists(Function requestHandler | requestHandler = any(AiohttpCoroutineRouteSetup setup).getARequestHandler() and @@ -470,7 +473,8 @@ module AiohttpWebModel { * which is the request being processed currently. */ class AiohttpViewClassRequestAttributeRead extends Request::InstanceSource, - RemoteFlowSource::Range, DataFlow::Node { + RemoteFlowSource::Range, DataFlow::Node + { AiohttpViewClassRequestAttributeRead() { this.(DataFlow::AttrRead).getObject() = any(AiohttpViewClass vc).getASelfRef() and this.(DataFlow::AttrRead).getAttributeName() = "request" @@ -494,7 +498,8 @@ module AiohttpWebModel { * - https://docs.aiohttp.org/en/stable/web_quickstart.html#aiohttp-web-exceptions */ class AiohttpWebResponseInstantiation extends Http::Server::HttpResponse::Range, - Response::InstanceSource, DataFlow::CallCfgNode { + Response::InstanceSource, DataFlow::CallCfgNode + { API::Node apiNode; AiohttpWebResponseInstantiation() { @@ -562,7 +567,8 @@ module AiohttpWebModel { * See the part about redirects at https://docs.aiohttp.org/en/stable/web_quickstart.html#aiohttp-web-exceptions */ class AiohttpRedirectExceptionInstantiation extends AiohttpWebResponseInstantiation, - Http::Server::HttpRedirectResponse::Range { + Http::Server::HttpRedirectResponse::Range + { AiohttpRedirectExceptionInstantiation() { exists(string httpRedirectExceptionClassName | httpRedirectExceptionClassName in [ @@ -585,7 +591,8 @@ module AiohttpWebModel { /** * A call to `set_cookie` on a HTTP Response. */ - class AiohttpResponseSetCookieCall extends Http::Server::CookieWrite::Range, DataFlow::CallCfgNode { + class AiohttpResponseSetCookieCall extends Http::Server::CookieWrite::Range, DataFlow::CallCfgNode + { AiohttpResponseSetCookieCall() { this = aiohttpResponseInstance().getMember("set_cookie").getACall() } @@ -600,7 +607,8 @@ module AiohttpWebModel { /** * A call to `del_cookie` on a HTTP Response. */ - class AiohttpResponseDelCookieCall extends Http::Server::CookieWrite::Range, DataFlow::CallCfgNode { + class AiohttpResponseDelCookieCall extends Http::Server::CookieWrite::Range, DataFlow::CallCfgNode + { AiohttpResponseDelCookieCall() { this = aiohttpResponseInstance().getMember("del_cookie").getACall() } diff --git a/python/ql/lib/semmle/python/frameworks/Cryptodome.qll b/python/ql/lib/semmle/python/frameworks/Cryptodome.qll index 0c3e8968c23..1adca253271 100644 --- a/python/ql/lib/semmle/python/frameworks/Cryptodome.qll +++ b/python/ql/lib/semmle/python/frameworks/Cryptodome.qll @@ -23,7 +23,8 @@ private module CryptodomeModel { * See https://pycryptodome.readthedocs.io/en/latest/src/public_key/rsa.html#Crypto.PublicKey.RSA.generate */ class CryptodomePublicKeyRsaGenerateCall extends Cryptography::PublicKey::KeyGeneration::RsaRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { CryptodomePublicKeyRsaGenerateCall() { this = API::moduleImport(["Crypto", "Cryptodome"]) @@ -44,7 +45,8 @@ private module CryptodomeModel { * See https://pycryptodome.readthedocs.io/en/latest/src/public_key/dsa.html#Crypto.PublicKey.DSA.generate */ class CryptodomePublicKeyDsaGenerateCall extends Cryptography::PublicKey::KeyGeneration::DsaRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { CryptodomePublicKeyDsaGenerateCall() { this = API::moduleImport(["Crypto", "Cryptodome"]) @@ -65,7 +67,8 @@ private module CryptodomeModel { * See https://pycryptodome.readthedocs.io/en/latest/src/public_key/ecc.html#Crypto.PublicKey.ECC.generate */ class CryptodomePublicKeyEccGenerateCall extends Cryptography::PublicKey::KeyGeneration::EccRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { CryptodomePublicKeyEccGenerateCall() { this = API::moduleImport(["Crypto", "Cryptodome"]) @@ -105,7 +108,8 @@ private module CryptodomeModel { * A cryptographic operation on an instance from the `Cipher` subpackage of `Cryptodome`/`Crypto`. */ class CryptodomeGenericCipherOperation extends Cryptography::CryptographicOperation::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { string methodName; string cipherName; API::CallNode newCall; @@ -175,7 +179,8 @@ private module CryptodomeModel { * A cryptographic operation on an instance from the `Signature` subpackage of `Cryptodome`/`Crypto`. */ class CryptodomeGenericSignatureOperation extends Cryptography::CryptographicOperation::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { string methodName; string signatureName; @@ -214,7 +219,8 @@ private module CryptodomeModel { * A cryptographic operation on an instance from the `Hash` subpackage of `Cryptodome`/`Crypto`. */ class CryptodomeGenericHashOperation extends Cryptography::CryptographicOperation::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { string hashName; CryptodomeGenericHashOperation() { diff --git a/python/ql/lib/semmle/python/frameworks/Cryptography.qll b/python/ql/lib/semmle/python/frameworks/Cryptography.qll index d3e03083c09..07d80aad7f5 100644 --- a/python/ql/lib/semmle/python/frameworks/Cryptography.qll +++ b/python/ql/lib/semmle/python/frameworks/Cryptography.qll @@ -82,7 +82,8 @@ private module CryptographyModel { * See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa.html#cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key */ class CryptographyRsaGeneratePrivateKeyCall extends Cryptography::PublicKey::KeyGeneration::RsaRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { CryptographyRsaGeneratePrivateKeyCall() { this = API::moduleImport("cryptography") @@ -105,7 +106,8 @@ private module CryptographyModel { * See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/dsa.html#cryptography.hazmat.primitives.asymmetric.dsa.generate_private_key */ class CryptographyDsaGeneratePrivateKeyCall extends Cryptography::PublicKey::KeyGeneration::DsaRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { CryptographyDsaGeneratePrivateKeyCall() { this = API::moduleImport("cryptography") @@ -128,7 +130,8 @@ private module CryptographyModel { * See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#cryptography.hazmat.primitives.asymmetric.ec.generate_private_key */ class CryptographyEcGeneratePrivateKeyCall extends Cryptography::PublicKey::KeyGeneration::EccRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { CryptographyEcGeneratePrivateKeyCall() { this = API::moduleImport("cryptography") @@ -204,7 +207,8 @@ private module CryptographyModel { * An encrypt or decrypt operation from `cryptography.hazmat.primitives.ciphers`. */ class CryptographyGenericCipherOperation extends Cryptography::CryptographicOperation::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { string algorithmName; string modeName; @@ -262,7 +266,8 @@ private module CryptographyModel { * An hashing operation from `cryptography.hazmat.primitives.hashes`. */ class CryptographyGenericHashOperation extends Cryptography::CryptographicOperation::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { string algorithmName; CryptographyGenericHashOperation() { diff --git a/python/ql/lib/semmle/python/frameworks/Django.qll b/python/ql/lib/semmle/python/frameworks/Django.qll index db9c7bba763..f1300c34a6e 100644 --- a/python/ql/lib/semmle/python/frameworks/Django.qll +++ b/python/ql/lib/semmle/python/frameworks/Django.qll @@ -1271,7 +1271,8 @@ module PrivateDjango { } /** An attribute read on an django request that is a `MultiValueDict` instance. */ - private class DjangoHttpRequestMultiValueDictInstances extends Django::MultiValueDict::InstanceSource { + private class DjangoHttpRequestMultiValueDictInstances extends Django::MultiValueDict::InstanceSource + { DjangoHttpRequestMultiValueDictInstances() { this.(DataFlow::AttrRead).getObject() = instance() and this.(DataFlow::AttrRead).getAttributeName() in ["GET", "POST", "FILES"] @@ -1279,7 +1280,8 @@ module PrivateDjango { } /** An attribute read on an django request that is a `ResolverMatch` instance. */ - private class DjangoHttpRequestResolverMatchInstances extends Django::ResolverMatch::InstanceSource { + private class DjangoHttpRequestResolverMatchInstances extends Django::ResolverMatch::InstanceSource + { DjangoHttpRequestResolverMatchInstances() { this.(DataFlow::AttrRead).getObject() = instance() and this.(DataFlow::AttrRead).getAttributeName() = "resolver_match" @@ -1287,7 +1289,8 @@ module PrivateDjango { } /** An `UploadedFile` instance that originates from a django request. */ - private class DjangoHttpRequestUploadedFileInstances extends Django::UploadedFile::InstanceSource { + private class DjangoHttpRequestUploadedFileInstances extends Django::UploadedFile::InstanceSource + { DjangoHttpRequestUploadedFileInstances() { // TODO: this currently only works in local-scope, since writing type-trackers for // this is a little too much effort. Once API-graphs are available for more @@ -1421,7 +1424,8 @@ module PrivateDjango { * Use the predicate `HttpResponseRedirect::instance()` to get references to instances of `django.http.response.HttpResponseRedirect`. */ abstract class InstanceSource extends HttpResponse::InstanceSource, - Http::Server::HttpRedirectResponse::Range, DataFlow::Node { } + Http::Server::HttpRedirectResponse::Range, DataFlow::Node + { } /** A direct instantiation of `django.http.response.HttpResponseRedirect`. */ private class ClassInstantiation extends InstanceSource, DataFlow::CallCfgNode { @@ -1483,7 +1487,8 @@ module PrivateDjango { * Use the predicate `HttpResponsePermanentRedirect::instance()` to get references to instances of `django.http.response.HttpResponsePermanentRedirect`. */ abstract class InstanceSource extends HttpResponse::InstanceSource, - Http::Server::HttpRedirectResponse::Range, DataFlow::Node { } + Http::Server::HttpRedirectResponse::Range, DataFlow::Node + { } /** A direct instantiation of `django.http.response.HttpResponsePermanentRedirect`. */ private class ClassInstantiation extends InstanceSource, DataFlow::CallCfgNode { @@ -2086,7 +2091,8 @@ module PrivateDjango { * * See https://docs.djangoproject.com/en/3.1/ref/request-response/#django.http.HttpResponse.write */ - class HttpResponseWriteCall extends Http::Server::HttpResponse::Range, DataFlow::CallCfgNode { + class HttpResponseWriteCall extends Http::Server::HttpResponse::Range, DataFlow::CallCfgNode + { DjangoImpl::DjangoHttp::Response::HttpResponse::InstanceSource instance; HttpResponseWriteCall() { this.getFunction() = write(instance) } @@ -2106,7 +2112,8 @@ module PrivateDjango { * A call to `set_cookie` on a HTTP Response. */ class DjangoResponseSetCookieCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { DjangoResponseSetCookieCall() { this.calls(DjangoImpl::DjangoHttp::Response::HttpResponse::instance(), "set_cookie") } @@ -2126,7 +2133,8 @@ module PrivateDjango { * A call to `delete_cookie` on a HTTP Response. */ class DjangoResponseDeleteCookieCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { DjangoResponseDeleteCookieCall() { this.calls(DjangoImpl::DjangoHttp::Response::HttpResponse::instance(), "delete_cookie") } @@ -2429,7 +2437,8 @@ module PrivateDjango { /** A request handler defined in a django view class, that has no known route. */ private class DjangoViewClassHandlerWithoutKnownRoute extends Http::Server::RequestHandler::Range, - DjangoRouteHandler { + DjangoRouteHandler + { DjangoViewClassHandlerWithoutKnownRoute() { exists(DjangoViewClass vc | vc.getARequestHandler() = this) and not exists(DjangoRouteSetup setup | setup.getARequestHandler() = this) @@ -2587,7 +2596,8 @@ module PrivateDjango { // --------------------------------------------------------------------------- /** A parameter that will receive the django `HttpRequest` instance when a request handler is invoked. */ private class DjangoRequestHandlerRequestParam extends DjangoImpl::DjangoHttp::Request::HttpRequest::InstanceSource, - RemoteFlowSource::Range, DataFlow::ParameterNode { + RemoteFlowSource::Range, DataFlow::ParameterNode + { DjangoRequestHandlerRequestParam() { this.getParameter() = any(DjangoRouteSetup setup).getARequestHandler().getRequestParam() or @@ -2604,7 +2614,8 @@ module PrivateDjango { * See https://docs.djangoproject.com/en/3.1/topics/class-based-views/generic-display/#dynamic-filtering */ private class DjangoViewClassRequestAttributeRead extends DjangoImpl::DjangoHttp::Request::HttpRequest::InstanceSource, - RemoteFlowSource::Range, DataFlow::Node { + RemoteFlowSource::Range, DataFlow::Node + { DjangoViewClassRequestAttributeRead() { exists(DataFlow::AttrRead read | this = read | read.getObject() = any(DjangoViewClass vc).getASelfRef() and @@ -2624,7 +2635,8 @@ module PrivateDjango { * See https://docs.djangoproject.com/en/3.1/topics/class-based-views/generic-display/#dynamic-filtering */ private class DjangoViewClassRoutedParamsAttributeRead extends RemoteFlowSource::Range, - DataFlow::Node { + DataFlow::Node + { DjangoViewClassRoutedParamsAttributeRead() { exists(DataFlow::AttrRead read | this = read | read.getObject() = any(DjangoViewClass vc).getASelfRef() and @@ -2652,7 +2664,8 @@ module PrivateDjango { * - https://docs.djangoproject.com/en/3.1/topics/http/file-uploads/#handling-uploaded-files-with-a-model */ private class DjangoFileFieldUploadToFunctionFilenameParam extends RemoteFlowSource::Range, - DataFlow::ParameterNode { + DataFlow::ParameterNode + { DjangoFileFieldUploadToFunctionFilenameParam() { exists(DataFlow::CallCfgNode call, DataFlow::Node uploadToArg, Function func | this.getParameter() = func.getArg(1) and @@ -2679,7 +2692,8 @@ module PrivateDjango { * See https://docs.djangoproject.com/en/3.1/topics/http/shortcuts/#redirect */ private class DjangoShortcutsRedirectCall extends Http::Server::HttpRedirectResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { DjangoShortcutsRedirectCall() { this = DjangoImpl::Shortcuts::redirect().getACall() } /** @@ -2713,7 +2727,8 @@ module PrivateDjango { * See https://docs.djangoproject.com/en/3.1/ref/class-based-views/base/#redirectview */ private class DjangoRedirectViewGetRedirectUrlReturn extends Http::Server::HttpRedirectResponse::Range, - DataFlow::CfgNode { + DataFlow::CfgNode + { DjangoRedirectViewGetRedirectUrlReturn() { node = any(GetRedirectUrlFunction f).getAReturnValueFlowNode() } diff --git a/python/ql/lib/semmle/python/frameworks/Fabric.qll b/python/ql/lib/semmle/python/frameworks/Fabric.qll index 5fd9d2afe18..184d362f216 100644 --- a/python/ql/lib/semmle/python/frameworks/Fabric.qll +++ b/python/ql/lib/semmle/python/frameworks/Fabric.qll @@ -44,7 +44,8 @@ private module FabricV1 { * - https://docs.fabfile.org/en/1.14/api/core/operations.html#fabric.operations.sudo */ private class FabricApiLocalRunSudoCall extends SystemCommandExecution::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { FabricApiLocalRunSudoCall() { this = api().getMember(["local", "run", "sudo"]).getACall() } override DataFlow::Node getCommand() { @@ -153,7 +154,8 @@ private module FabricV2 { * - https://docs.fabfile.org/en/2.5/api/connection.html#fabric.connection.Connection.local */ private class FabricConnectionRunSudoLocalCall extends SystemCommandExecution::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { FabricConnectionRunSudoLocalCall() { this.getFunction() = Fabric::Connection::ConnectionClass::instanceRunMethods() } @@ -176,7 +178,8 @@ private module FabricV2 { } class FabricTaskFirstParamConnectionInstance extends Fabric::Connection::ConnectionClass::InstanceSource, - DataFlow::ParameterNode { + DataFlow::ParameterNode + { FabricTaskFirstParamConnectionInstance() { exists(Function func | func.getADecorator() = Fabric::Tasks::task().getAValueReachableFromSource().asExpr() and diff --git a/python/ql/lib/semmle/python/frameworks/FastApi.qll b/python/ql/lib/semmle/python/frameworks/FastApi.qll index b45ef81f88a..d6f5bba6d9f 100644 --- a/python/ql/lib/semmle/python/frameworks/FastApi.qll +++ b/python/ql/lib/semmle/python/frameworks/FastApi.qll @@ -88,7 +88,8 @@ private module FastApi { * Pydantic model. */ private class PydanticModelRequestHandlerParam extends Pydantic::BaseModel::InstanceSource, - DataFlow::ParameterNode { + DataFlow::ParameterNode + { PydanticModelRequestHandlerParam() { this.getParameter().getAnnotation() = Pydantic::BaseModel::subclassRef().getAValueReachableFromSource().asExpr() and @@ -103,7 +104,8 @@ private module FastApi { * A parameter to a request handler that has a WebSocket type-annotation. */ private class WebSocketRequestHandlerParam extends Starlette::WebSocket::InstanceSource, - DataFlow::ParameterNode { + DataFlow::ParameterNode + { WebSocketRequestHandlerParam() { this.getParameter().getAnnotation() = Starlette::WebSocket::classRef().getAValueReachableFromSource().asExpr() and @@ -196,7 +198,8 @@ private module FastApi { /** A direct instantiation of a response class. */ private class ResponseInstantiation extends InstanceSource, Http::Server::HttpResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { API::Node baseApiNode; API::Node responseClass; @@ -223,7 +226,8 @@ private module FastApi { * A direct instantiation of a redirect response. */ private class RedirectResponseInstantiation extends ResponseInstantiation, - Http::Server::HttpRedirectResponse::Range { + Http::Server::HttpRedirectResponse::Range + { RedirectResponseInstantiation() { baseApiNode = getModeledResponseClass("RedirectResponse") } override DataFlow::Node getRedirectLocation() { @@ -246,7 +250,8 @@ private module FastApi { * An implicit response from a return of FastAPI request handler. */ private class FastApiRequestHandlerReturn extends Http::Server::HttpResponse::Range, - DataFlow::CfgNode { + DataFlow::CfgNode + { FastApiRouteSetup routeSetup; FastApiRequestHandlerReturn() { @@ -273,7 +278,8 @@ private module FastApi { * `response_class` set to a `FileResponse`. */ private class FastApiRequestHandlerFileResponseReturn extends FastApiRequestHandlerReturn, - FileSystemAccess::Range { + FileSystemAccess::Range + { FastApiRequestHandlerFileResponseReturn() { exists(API::Node responseClass | responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and @@ -291,7 +297,8 @@ private module FastApi { * `response_class` set to a `RedirectResponse`. */ private class FastApiRequestHandlerRedirectReturn extends FastApiRequestHandlerReturn, - Http::Server::HttpRedirectResponse::Range { + Http::Server::HttpRedirectResponse::Range + { FastApiRequestHandlerRedirectReturn() { exists(API::Node responseClass | responseClass.getAValueReachableFromSource() = routeSetup.getResponseClassArg() and @@ -349,7 +356,8 @@ private module FastApi { * header-key. */ private class HeadersAppendCookie extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { HeadersAppendCookie() { exists(DataFlow::AttrRead headers, DataFlow::Node keyArg | headers.accesses(instance(), "headers") and diff --git a/python/ql/lib/semmle/python/frameworks/Flask.qll b/python/ql/lib/semmle/python/frameworks/Flask.qll index d264b085fc4..940af5000ab 100644 --- a/python/ql/lib/semmle/python/frameworks/Flask.qll +++ b/python/ql/lib/semmle/python/frameworks/Flask.qll @@ -447,7 +447,8 @@ module Flask { // --------------------------------------------------------------------------- // Implicit response from returns of flask request handlers // --------------------------------------------------------------------------- - private class FlaskRouteHandlerReturn extends Http::Server::HttpResponse::Range, DataFlow::CfgNode { + private class FlaskRouteHandlerReturn extends Http::Server::HttpResponse::Range, DataFlow::CfgNode + { FlaskRouteHandlerReturn() { exists(Function routeHandler | routeHandler = any(FlaskRouteSetup rs).getARequestHandler() and @@ -471,7 +472,8 @@ module Flask { * See https://flask.palletsprojects.com/en/1.1.x/api/#flask.redirect */ private class FlaskRedirectCall extends Http::Server::HttpRedirectResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { FlaskRedirectCall() { this = API::moduleImport("flask").getMember("redirect").getACall() } override DataFlow::Node getRedirectLocation() { @@ -499,7 +501,8 @@ module Flask { * See https://flask.palletsprojects.com/en/2.0.x/api/#flask.Response.set_cookie */ class FlaskResponseSetCookieCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { FlaskResponseSetCookieCall() { this.calls(Flask::Response::instance(), "set_cookie") } override DataFlow::Node getHeaderArg() { none() } @@ -515,7 +518,8 @@ module Flask { * See https://flask.palletsprojects.com/en/2.0.x/api/#flask.Response.delete_cookie */ class FlaskResponseDeleteCookieCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { FlaskResponseDeleteCookieCall() { this.calls(Flask::Response::instance(), "delete_cookie") } override DataFlow::Node getHeaderArg() { none() } diff --git a/python/ql/lib/semmle/python/frameworks/Lxml.qll b/python/ql/lib/semmle/python/frameworks/Lxml.qll index 63c71a67110..c7807eb027a 100644 --- a/python/ql/lib/semmle/python/frameworks/Lxml.qll +++ b/python/ql/lib/semmle/python/frameworks/Lxml.qll @@ -307,7 +307,8 @@ private module Lxml { * - https://lxml.de/apidoc/lxml.etree.html?highlight=parseids#lxml.etree.iterparse */ private class LxmlIterparseCall extends API::CallNode, XML::XmlParsing::Range, - FileSystemAccess::Range { + FileSystemAccess::Range + { LxmlIterparseCall() { this = API::moduleImport("lxml").getMember("etree").getMember("iterparse").getACall() } diff --git a/python/ql/lib/semmle/python/frameworks/MarkupSafe.qll b/python/ql/lib/semmle/python/frameworks/MarkupSafe.qll index 5679a23910f..e77b92a40dc 100644 --- a/python/ql/lib/semmle/python/frameworks/MarkupSafe.qll +++ b/python/ql/lib/semmle/python/frameworks/MarkupSafe.qll @@ -101,7 +101,8 @@ private module MarkupSafeModel { /** A call to any of the escaping functions in `markupsafe` */ private class MarkupSafeEscapeCall extends Markup::InstanceSource, MarkupSafeEscape, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { MarkupSafeEscapeCall() { this = API::moduleImport("markupsafe").getMember(["escape", "escape_silent"]).getACall() or @@ -141,7 +142,8 @@ private module MarkupSafeModel { /** A escape from %-style string format with `markupsafe.Markup` as the format string. */ private class MarkupEscapeFromPercentStringFormat extends MarkupSafeEscape, - Markup::PercentStringFormat { + Markup::PercentStringFormat + { override DataFlow::Node getAnInput() { result.asCfgNode() = node.getRight() and not result = Markup::instance() diff --git a/python/ql/lib/semmle/python/frameworks/Peewee.qll b/python/ql/lib/semmle/python/frameworks/Peewee.qll index 977428fb98b..1179371be76 100644 --- a/python/ql/lib/semmle/python/frameworks/Peewee.qll +++ b/python/ql/lib/semmle/python/frameworks/Peewee.qll @@ -164,7 +164,8 @@ private module Peewee { * https://docs.peewee-orm.com/en/latest/peewee/api.html#Database.connection. */ class PeeweeDatabaseConnectionCall extends PEP249::Connection::InstanceSource, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { PeeweeDatabaseConnectionCall() { this = Database::instance().getMember("connection").getACall() } diff --git a/python/ql/lib/semmle/python/frameworks/RestFramework.qll b/python/ql/lib/semmle/python/frameworks/RestFramework.qll index 8406ee51e27..dcbd247a1c5 100644 --- a/python/ql/lib/semmle/python/frameworks/RestFramework.qll +++ b/python/ql/lib/semmle/python/frameworks/RestFramework.qll @@ -159,7 +159,8 @@ private module RestFramework { * known route setup. */ class RestFrameworkFunctionBasedViewWithoutKnownRoute extends Http::Server::RequestHandler::Range, - PrivateDjango::DjangoRouteHandler instanceof RestFrameworkFunctionBasedView { + PrivateDjango::DjangoRouteHandler instanceof RestFrameworkFunctionBasedView + { RestFrameworkFunctionBasedViewWithoutKnownRoute() { not exists(PrivateDjango::DjangoRouteSetup setup | setup.getARequestHandler() = this) } @@ -183,7 +184,8 @@ private module RestFramework { * request handler is invoked. */ private class RestFrameworkRequestHandlerRequestParam extends Request::InstanceSource, - RemoteFlowSource::Range, DataFlow::ParameterNode { + RemoteFlowSource::Range, DataFlow::ParameterNode + { RestFrameworkRequestHandlerRequestParam() { // rest_framework.views.APIView subclass exists(RestFrameworkApiViewClass vc | @@ -220,8 +222,8 @@ private module RestFramework { * * Use the predicate `Request::instance()` to get references to instances of `rest_framework.request.Request`. */ - abstract class InstanceSource extends PrivateDjango::DjangoImpl::DjangoHttp::Request::HttpRequest::InstanceSource { - } + abstract class InstanceSource extends PrivateDjango::DjangoImpl::DjangoHttp::Request::HttpRequest::InstanceSource + { } /** A direct instantiation of `rest_framework.request.Request`. */ private class ClassInstantiation extends InstanceSource, DataFlow::CallCfgNode { @@ -297,7 +299,8 @@ private module RestFramework { /** A direct instantiation of `rest_framework.response.Response`. */ private class ClassInstantiation extends PrivateDjango::DjangoImpl::DjangoHttp::Response::HttpResponse::InstanceSource, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { ClassInstantiation() { this = classRef().getACall() } override DataFlow::Node getBody() { result in [this.getArg(0), this.getArgByName("data")] } @@ -321,7 +324,8 @@ private module RestFramework { module ApiException { /** A direct instantiation of `rest_framework.exceptions.ApiException` or subclass. */ private class ClassInstantiation extends Http::Server::HttpResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { string className; ClassInstantiation() { diff --git a/python/ql/lib/semmle/python/frameworks/Rsa.qll b/python/ql/lib/semmle/python/frameworks/Rsa.qll index e82581d46b6..1c582eaa799 100644 --- a/python/ql/lib/semmle/python/frameworks/Rsa.qll +++ b/python/ql/lib/semmle/python/frameworks/Rsa.qll @@ -20,7 +20,8 @@ private module Rsa { * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.newkeys */ class RsaNewkeysCall extends Cryptography::PublicKey::KeyGeneration::RsaRange, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { RsaNewkeysCall() { this = API::moduleImport("rsa").getMember("newkeys").getACall() } override DataFlow::Node getKeySizeArg() { @@ -116,7 +117,8 @@ private module Rsa { * See https://stuvel.eu/python-rsa-doc/reference.html#rsa.compute_hash */ class RsaComputeHashCall extends Cryptography::CryptographicOperation::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { RsaComputeHashCall() { this = API::moduleImport("rsa").getMember("compute_hash").getACall() } override Cryptography::CryptographicAlgorithm getAlgorithm() { diff --git a/python/ql/lib/semmle/python/frameworks/Starlette.qll b/python/ql/lib/semmle/python/frameworks/Starlette.qll index a105d62c5b7..cee5100d436 100644 --- a/python/ql/lib/semmle/python/frameworks/Starlette.qll +++ b/python/ql/lib/semmle/python/frameworks/Starlette.qll @@ -152,7 +152,8 @@ module Starlette { } /** An attribute read on a `starlette.requests.URL` instance that is a `urllib.parse.SplitResult` instance. */ - private class UrlSplitInstances extends Stdlib::SplitResult::InstanceSource instanceof DataFlow::AttrRead { + private class UrlSplitInstances extends Stdlib::SplitResult::InstanceSource instanceof DataFlow::AttrRead + { UrlSplitInstances() { super.getObject() = instance() and super.getAttributeName() = "components" diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index 4a4b34af422..49cb23ef9f6 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -1092,7 +1092,8 @@ private module StdlibPrivate { * See https://docs.python.org/3.8/library/os.html#os.execl */ private class OsExecCall extends SystemCommandExecution::Range, FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { OsExecCall() { exists(string name | name in ["execl", "execle", "execlp", "execlpe", "execv", "execve", "execvp", "execvpe"] and @@ -1110,7 +1111,8 @@ private module StdlibPrivate { * See https://docs.python.org/3.8/library/os.html#os.spawnl */ private class OsSpawnCall extends SystemCommandExecution::Range, FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { OsSpawnCall() { exists(string name | name in [ @@ -1136,7 +1138,8 @@ private module StdlibPrivate { * See https://docs.python.org/3.8/library/os.html#os.posix_spawn */ private class OsPosixSpawnCall extends SystemCommandExecution::Range, FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { OsPosixSpawnCall() { this = os().getMember(["posix_spawn", "posix_spawnp"]).getACall() } override DataFlow::Node getCommand() { result in [this.getArg(0), this.getArgByName("path")] } @@ -1348,7 +1351,8 @@ private module StdlibPrivate { * argument as being deserialized... */ private class ShelveOpenCall extends Decoding::Range, FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { ShelveOpenCall() { this = API::moduleImport("shelve").getMember("open").getACall() } override predicate mayExecuteInput() { any() } @@ -1452,7 +1456,8 @@ private module StdlibPrivate { * See https://docs.python.org/3/library/functions.html#open */ private class OpenCall extends FileSystemAccess::Range, Stdlib::FileLikeObject::InstanceSource, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { OpenCall() { this = getOpenFunctionRef().getACall() } override DataFlow::Node getAPathArgument() { @@ -1712,7 +1717,8 @@ private module StdlibPrivate { * if it turns out to be a problem, we'll have to refine. */ private class ClassInstantiation extends InstanceSource, RemoteFlowSource::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { ClassInstantiation() { this = classRef().getACall() } override string getSourceType() { result = "cgi.FieldStorage" } @@ -1970,7 +1976,8 @@ private module StdlibPrivate { abstract class InstanceSource extends DataFlow::Node { } /** The `self` parameter in a method on the `BaseHttpRequestHandler` class or any subclass. */ - private class SelfParam extends InstanceSource, RemoteFlowSource::Range, DataFlow::ParameterNode { + private class SelfParam extends InstanceSource, RemoteFlowSource::Range, DataFlow::ParameterNode + { SelfParam() { exists(HttpRequestHandlerClassDef cls | cls.getAMethod().getArg(0) = this.getParameter()) } @@ -2008,14 +2015,16 @@ private module StdlibPrivate { } /** An `HttpMessage` instance that originates from a `BaseHttpRequestHandler` instance. */ - private class BaseHttpRequestHandlerHeadersInstances extends Stdlib::HttpMessage::InstanceSource { + private class BaseHttpRequestHandlerHeadersInstances extends Stdlib::HttpMessage::InstanceSource + { BaseHttpRequestHandlerHeadersInstances() { this.(DataFlow::AttrRead).accesses(instance(), "headers") } } /** A file-like object that originates from a `BaseHttpRequestHandler` instance. */ - private class BaseHttpRequestHandlerFileLikeObjectInstances extends Stdlib::FileLikeObject::InstanceSource { + private class BaseHttpRequestHandlerFileLikeObjectInstances extends Stdlib::FileLikeObject::InstanceSource + { BaseHttpRequestHandlerFileLikeObjectInstances() { this.(DataFlow::AttrRead).accesses(instance(), "rfile") } @@ -2167,7 +2176,8 @@ private module StdlibPrivate { * See https://github.com/python/cpython/blob/b567b9d74bd9e476a3027335873bb0508d6e450f/Lib/wsgiref/handlers.py#L276 */ class WsgirefSimpleServerApplicationWriteCall extends Http::Server::HttpResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { WsgirefSimpleServerApplicationWriteCall() { this.getFunction() = writeFunction() } override DataFlow::Node getBody() { result in [this.getArg(0), this.getArgByName("data")] } @@ -2181,7 +2191,8 @@ private module StdlibPrivate { * A return from a `WsgirefSimpleServerApplication`, which is included in the response body. */ class WsgirefSimpleServerApplicationReturn extends Http::Server::HttpResponse::Range, - DataFlow::CfgNode { + DataFlow::CfgNode + { WsgirefSimpleServerApplicationReturn() { exists(WsgirefSimpleServerApplication requestHandler | node = requestHandler.getAReturnValueFlowNode() @@ -2292,7 +2303,8 @@ private module StdlibPrivate { /** A call to the `getresponse` method. */ private class HttpConnectionGetResponseCall extends DataFlow::MethodCallNode, - HttpResponse::InstanceSource { + HttpResponse::InstanceSource + { HttpConnectionGetResponseCall() { this.calls(instance(_), "getresponse") } } @@ -2351,7 +2363,8 @@ private module StdlibPrivate { * Use the predicate `HTTPResponse::instance()` to get references to instances of `http.client.HTTPResponse`. */ abstract class InstanceSource extends Stdlib::FileLikeObject::InstanceSource, - DataFlow::LocalSourceNode { } + DataFlow::LocalSourceNode + { } /** A direct instantiation of `http.client.HttpResponse`. */ private class ClassInstantiation extends InstanceSource, DataFlow::CallCfgNode { @@ -2722,7 +2735,8 @@ private module StdlibPrivate { * `HashlibNewCall` and `HashlibNewUpdateCall`. */ abstract class HashlibGenericHashOperation extends Cryptography::CryptographicOperation::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { string hashName; API::Node hashClass; @@ -2768,7 +2782,8 @@ private module StdlibPrivate { // hmac // --------------------------------------------------------------------------- abstract class HmacCryptographicOperation extends Cryptography::CryptographicOperation::Range, - API::CallNode { + API::CallNode + { abstract API::Node getDigestArg(); override Cryptography::CryptographicAlgorithm getAlgorithm() { @@ -2996,7 +3011,8 @@ private module StdlibPrivate { } /** Extra taint-step such that the result of `urllib.parse.urlsplit(tainted_string)` is tainted. */ - private class UrllibParseUrlsplitCallAdditionalTaintStep extends TaintTracking::AdditionalTaintStep { + private class UrllibParseUrlsplitCallAdditionalTaintStep extends TaintTracking::AdditionalTaintStep + { override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { nodeTo.(UrllibParseUrlsplitCall).getUrl() = nodeFrom } @@ -3027,7 +3043,8 @@ private module StdlibPrivate { * See https://docs.python.org/3/library/tempfile.html#tempfile.NamedTemporaryFile */ private class TempfileNamedTemporaryFileCall extends FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { TempfileNamedTemporaryFileCall() { this = API::moduleImport("tempfile").getMember("NamedTemporaryFile").getACall() } @@ -3064,7 +3081,8 @@ private module StdlibPrivate { * See https://docs.python.org/3/library/tempfile.html#tempfile.SpooledTemporaryFile */ private class TempfileSpooledTemporaryFileCall extends FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { TempfileSpooledTemporaryFileCall() { this = API::moduleImport("tempfile").getMember("SpooledTemporaryFile").getACall() } @@ -3099,7 +3117,8 @@ private module StdlibPrivate { * See https://docs.python.org/3/library/tempfile.html#tempfile.TemporaryDirectory */ private class TempfileTemporaryDirectoryCall extends FileSystemAccess::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { TempfileTemporaryDirectoryCall() { this = API::moduleImport("tempfile").getMember("TemporaryDirectory").getACall() } @@ -3556,7 +3575,8 @@ private module StdlibPrivate { * See https://docs.python.org/3/library/xml.sax.reader.html#xml.sax.xmlreader.XMLReader.parse */ private class XmlSaxInstanceParsing extends DataFlow::MethodCallNode, XML::XmlParsing::Range, - FileSystemAccess::Range { + FileSystemAccess::Range + { XmlSaxInstanceParsing() { this = API::moduleImport("xml") diff --git a/python/ql/lib/semmle/python/frameworks/Tornado.qll b/python/ql/lib/semmle/python/frameworks/Tornado.qll index f78adca8074..29bd4fa2279 100644 --- a/python/ql/lib/semmle/python/frameworks/Tornado.qll +++ b/python/ql/lib/semmle/python/frameworks/Tornado.qll @@ -200,7 +200,8 @@ module Tornado { override string getAsyncMethodName() { none() } } - private class RequestAttrAccess extends TornadoModule::HttpUtil::HttpServerRequest::InstanceSource { + private class RequestAttrAccess extends TornadoModule::HttpUtil::HttpServerRequest::InstanceSource + { RequestAttrAccess() { this.(DataFlow::AttrRead).getObject() = instance() and this.(DataFlow::AttrRead).getAttributeName() = "request" @@ -463,7 +464,8 @@ module Tornado { * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.redirect */ private class TornadoRequestHandlerRedirectCall extends Http::Server::HttpRedirectResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { TornadoRequestHandlerRedirectCall() { this.getFunction() = TornadoModule::Web::RequestHandler::redirectMethod() } @@ -485,7 +487,8 @@ module Tornado { * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.write */ private class TornadoRequestHandlerWriteCall extends Http::Server::HttpResponse::Range, - DataFlow::CallCfgNode { + DataFlow::CallCfgNode + { TornadoRequestHandlerWriteCall() { this.getFunction() = TornadoModule::Web::RequestHandler::writeMethod() } @@ -503,7 +506,8 @@ module Tornado { * See https://www.tornadoweb.org/en/stable/web.html#tornado.web.RequestHandler.set_cookie */ class TornadoRequestHandlerSetCookieCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { TornadoRequestHandlerSetCookieCall() { this.calls(TornadoModule::Web::RequestHandler::instance(), "set_cookie") } diff --git a/python/ql/lib/semmle/python/frameworks/Twisted.qll b/python/ql/lib/semmle/python/frameworks/Twisted.qll index 34218c7543f..c66f80770c4 100644 --- a/python/ql/lib/semmle/python/frameworks/Twisted.qll +++ b/python/ql/lib/semmle/python/frameworks/Twisted.qll @@ -143,7 +143,8 @@ private module Twisted { * when a twisted request handler is called. */ class TwistedResourceRequestHandlerRequestParam extends RemoteFlowSource::Range, - Request::InstanceSource, DataFlow::ParameterNode { + Request::InstanceSource, DataFlow::ParameterNode + { TwistedResourceRequestHandlerRequestParam() { this.getParameter() = any(TwistedResourceRequestHandler handler).getRequestParameter() } @@ -156,7 +157,8 @@ private module Twisted { * that is also given remote user input. (a bit like RoutedParameter). */ class TwistedResourceRequestHandlerExtraSources extends RemoteFlowSource::Range, - DataFlow::ParameterNode { + DataFlow::ParameterNode + { TwistedResourceRequestHandlerExtraSources() { exists(TwistedResourceRequestHandler func, int i | func.getName() in ["getChild", "getChildWithDefault"] and i = 1 @@ -177,7 +179,8 @@ private module Twisted { * Implicit response from returns of render methods. */ private class TwistedResourceRenderMethodReturn extends Http::Server::HttpResponse::Range, - DataFlow::CfgNode { + DataFlow::CfgNode + { TwistedResourceRenderMethodReturn() { this.asCfgNode() = any(TwistedResourceRenderMethod meth).getAReturnValueFlowNode() } @@ -212,7 +215,8 @@ private module Twisted { * See https://twistedmatrix.com/documents/21.2.0/api/twisted.web.http.Request.html#redirect */ class TwistedRequestRedirectCall extends Http::Server::HttpRedirectResponse::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { TwistedRequestRedirectCall() { this.calls(Request::instance(), "redirect") } override DataFlow::Node getBody() { none() } @@ -232,7 +236,8 @@ private module Twisted { * See https://twistedmatrix.com/documents/21.2.0/api/twisted.web.http.Request.html#addCookie */ class TwistedRequestAddCookieCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { TwistedRequestAddCookieCall() { this.calls(Twisted::Request::instance(), "addCookie") } override DataFlow::Node getHeaderArg() { none() } @@ -248,7 +253,8 @@ private module Twisted { * See https://twistedmatrix.com/documents/21.2.0/api/twisted.web.http.Request.html#cookies */ class TwistedRequestCookiesAppendCall extends Http::Server::CookieWrite::Range, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode + { TwistedRequestCookiesAppendCall() { exists(DataFlow::AttrRead cookiesLookup | cookiesLookup.getObject() = Twisted::Request::instance() and diff --git a/python/ql/lib/semmle/python/frameworks/Werkzeug.qll b/python/ql/lib/semmle/python/frameworks/Werkzeug.qll index 66cea37020e..fb9a4e42c49 100644 --- a/python/ql/lib/semmle/python/frameworks/Werkzeug.qll +++ b/python/ql/lib/semmle/python/frameworks/Werkzeug.qll @@ -83,7 +83,8 @@ module Werkzeug { // possible to do storage.read() instead of the long form storage.stream.read(). So // that's why InstanceSource also extends `Stdlib::FileLikeObject::InstanceSource` abstract class InstanceSource extends Stdlib::FileLikeObject::InstanceSource, - DataFlow::LocalSourceNode { } + DataFlow::LocalSourceNode + { } /** Gets a reference to an instance of `werkzeug.datastructures.FileStorage`. */ private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) { diff --git a/python/ql/src/Security/CWE-327/PyOpenSSL.qll b/python/ql/src/Security/CWE-327/PyOpenSSL.qll index 534f7c474e5..b2052ff5d05 100644 --- a/python/ql/src/Security/CWE-327/PyOpenSSL.qll +++ b/python/ql/src/Security/CWE-327/PyOpenSSL.qll @@ -51,7 +51,8 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode { } } -class UnspecificPyOpenSslContextCreation extends PyOpenSslContextCreation, UnspecificContextCreation { +class UnspecificPyOpenSslContextCreation extends PyOpenSslContextCreation, UnspecificContextCreation +{ // UnspecificPyOpenSslContextCreation() { library instanceof PyOpenSsl } } diff --git a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll index 39b69b10004..9167e300ac5 100644 --- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll +++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll @@ -16,7 +16,8 @@ private import semmle.python.frameworks.Tornado abstract class ClientSuppliedIpUsedInSecurityCheck extends DataFlow::Node { } private class FlaskClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIpUsedInSecurityCheck, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode +{ FlaskClientSuppliedIpUsedInSecurityCheck() { this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and this.getArg(0).asExpr().(StrConst).getText().toLowerCase() = clientIpParameterName() @@ -24,7 +25,8 @@ private class FlaskClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIpU } private class DjangoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIpUsedInSecurityCheck, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode +{ DjangoClientSuppliedIpUsedInSecurityCheck() { exists(DataFlow::Node req, DataFlow::AttrRead headers | // a call to request.headers.get or request.META.get @@ -38,7 +40,8 @@ private class DjangoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIp } private class TornadoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIpUsedInSecurityCheck, - DataFlow::MethodCallNode { + DataFlow::MethodCallNode +{ TornadoClientSuppliedIpUsedInSecurityCheck() { // a call to self.request.headers.get or self.request.headers.get_list inside a tornado requesthandler exists(