hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5670 from tausbn/python-use-api-graphs-in-dill

Browse Source 
Python: Use API graphs in Dill model
This commit is contained in:
Rasmus Wriedt Larsen
2021-04-14 10:08:02 +02:00
committed by GitHub
parent 419d25cbcf 079c7e089d
commit 2d0c9b6bf2
1 changed files with 4 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
python/ql/src/semmle/python/frameworks/Dill.qll
View File

@@ -7,50 +7,19 @@ private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.Concepts
private module Dill {
/** Gets a reference to the `dill` module. */
private DataFlow::Node dill(DataFlow::TypeTracker t) {
t.start() and
result = DataFlow::importNode("dill")
or
exists(DataFlow::TypeTracker t2 | result = dill(t2).track(t2, t))
}
/** Gets a reference to the `dill` module. */
DataFlow::Node dill() { result = dill(DataFlow::TypeTracker::end()) }
/** Provides models for the `dill` module. */
module dill {
/** Gets a reference to the `dill.loads` function. */
private DataFlow::Node loads(DataFlow::TypeTracker t) {
t.start() and
result = DataFlow::importNode("dill.loads")
or
t.startInAttr("loads") and
result = dill()
or
exists(DataFlow::TypeTracker t2 | result = loads(t2).track(t2, t))
}
/** Gets a reference to the `dill.loads` function. */
DataFlow::Node loads() { result = loads(DataFlow::TypeTracker::end()) }
}
}
private import semmle.python.ApiGraphs
/**
* A call to `dill.loads`
* See https://pypi.org/project/dill/ (which currently refers you
* to https://docs.python.org/3/library/pickle.html#pickle.loads)
*/
private class DillLoadsCall extends Decoding::Range, DataFlow::CfgNode {
override CallNode node;
DillLoadsCall() { node.getFunction() = Dill::dill::loads().asCfgNode() }
private class DillLoadsCall extends Decoding::Range, DataFlow::CallCfgNode {
DillLoadsCall() { this = API::moduleImport("dill").getMember("loads").getACall() }
override predicate mayExecuteInput() { any() }
override DataFlow::Node getAnInput() { result.asCfgNode() = node.getArg(0) }
override DataFlow::Node getAnInput() { result = this.getArg(0) }
override DataFlow::Node getOutput() { result = this }