Merge from main to resolve conflicts

This commit is contained in:
Dave Bartolomeo
2024-03-19 10:41:31 -04:00
1361 changed files with 222127 additions and 93308 deletions

View File

@@ -328,6 +328,9 @@ module API {
*/
DataFlow::Node getInducingNode() { this = Impl::MkUse(result) or this = Impl::MkDef(result) }
/** Gets the location of this node */
PY::Location getLocation() { result = this.getInducingNode().getLocation() }
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
@@ -335,7 +338,7 @@ module API {
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getInducingNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)

View File

@@ -24,6 +24,6 @@ private import python
module DataFlow {
private import internal.DataFlowImplSpecific
private import codeql.dataflow.DataFlow
import DataFlowMake<PythonDataFlow>
import DataFlowMake<Location, PythonDataFlow>
import internal.DataFlowImpl1
}

View File

@@ -2,7 +2,6 @@
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.frameworks.data.ModelsAsData
private import semmle.python.ApiGraphs
private import internal.FlowSummaryImpl as Impl
private import internal.DataFlowUtil
@@ -11,6 +10,7 @@ private import internal.DataFlowPrivate
// import all instances below
private module Summaries {
private import semmle.python.Frameworks
private import semmle.python.frameworks.data.ModelsAsData
}
deprecated class SummaryComponent = Impl::Private::SummaryComponent;
@@ -36,32 +36,3 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari
}
deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
private class SummarizedCallableFromModel extends SummarizedCallable {
string type;
string path;
SummarizedCallableFromModel() {
ModelOutput::relevantSummaryModel(type, path, _, _, _) and
this = type + ";" + path
}
override CallCfgNode getACall() { ModelOutput::resolvedSummaryBase(type, path, result) }
override ArgumentNode getACallback() {
exists(API::Node base |
ModelOutput::resolvedSummaryRefBase(type, path, base) and
result = base.getAValueReachableFromSource()
)
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind) |
kind = "value" and
preservesValue = true
or
kind = "taint" and
preservesValue = false
)
}
}

View File

@@ -19,6 +19,6 @@ module TaintTracking {
private import semmle.python.dataflow.new.internal.DataFlowImplSpecific
private import semmle.python.dataflow.new.internal.TaintTrackingImplSpecific
private import codeql.dataflow.TaintTracking
import TaintFlowMake<PythonDataFlow, PythonTaintTracking>
import TaintFlowMake<Location, PythonDataFlow, PythonTaintTracking>
import internal.tainttracking1.TaintTrackingImpl
}

View File

@@ -57,6 +57,9 @@ newtype TParameterPosition =
// parameter positions available.
FlowSummaryImpl::ParsePositions::isParsedPositionalArgumentPosition(_, index)
} or
TPositionalParameterLowerBoundPosition(int pos) {
FlowSummaryImpl::ParsePositions::isParsedArgumentLowerBoundPosition(_, pos)
} or
TKeywordParameterPosition(string name) {
name = any(Parameter p).getName()
or
@@ -91,6 +94,9 @@ class ParameterPosition extends TParameterPosition {
/** Holds if this position represents a positional parameter at (0-based) `index`. */
predicate isPositional(int index) { this = TPositionalParameterPosition(index) }
/** Holds if this position represents any positional parameter starting from position `pos`. */
predicate isPositionalLowerBound(int pos) { this = TPositionalParameterLowerBoundPosition(pos) }
/** Holds if this position represents a keyword parameter named `name`. */
predicate isKeyword(string name) { this = TKeywordParameterPosition(name) }
@@ -123,6 +129,8 @@ class ParameterPosition extends TParameterPosition {
or
exists(int index | this.isPositional(index) and result = "position " + index)
or
exists(int pos | this.isPositionalLowerBound(pos) and result = "position " + pos + "..")
or
exists(string name | this.isKeyword(name) and result = "keyword " + name)
or
exists(int index | this.isStarArgs(index) and result = "*args at " + index)
@@ -211,6 +219,10 @@ predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) {
or
exists(int index | ppos.isPositional(index) and apos.isPositional(index))
or
exists(int index1, int index2 |
ppos.isPositionalLowerBound(index1) and apos.isPositional(index2) and index2 >= index1
)
or
exists(string name | ppos.isKeyword(name) and apos.isKeyword(name))
or
exists(int index | ppos.isStarArgs(index) and apos.isStarArgs(index))
@@ -360,6 +372,10 @@ abstract class DataFlowFunction extends DataFlowCallable, TFunction {
result.getParameter() = func.getArg(index + this.positionalOffset())
)
or
exists(int index1, int index2 | ppos.isPositionalLowerBound(index1) and index2 >= index1 |
result.getParameter() = func.getArg(index2 + this.positionalOffset())
)
or
exists(string name | ppos.isKeyword(name) | result.getParameter() = func.getArgByName(name))
or
// `*args`
@@ -1595,7 +1611,7 @@ class FlowSummaryNode extends Node, TFlowSummaryNode {
override string toString() { result = this.getSummaryNode().toString() }
// Hack to return "empty location"
override predicate hasLocationInfo(
deprecated override predicate hasLocationInfo(
string file, int startline, int startcolumn, int endline, int endcolumn
) {
file = "" and

View File

@@ -1,3 +1,4 @@
private import DataFlowImplSpecific
private import codeql.dataflow.internal.DataFlowImpl
import MakeImpl<PythonDataFlow>
private import semmle.python.Files
import MakeImpl<Location, PythonDataFlow>

View File

@@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {
int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }
int accessPathLimit() { result = 5 }
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }
predicate sourceGrouping(Node source, string sourceGroup) {

View File

@@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {
int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }
int accessPathLimit() { result = 5 }
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }
predicate sourceGrouping(Node source, string sourceGroup) {

View File

@@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {
int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }
int accessPathLimit() { result = 5 }
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }
predicate sourceGrouping(Node source, string sourceGroup) {

View File

@@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {
int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }
int accessPathLimit() { result = 5 }
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }
predicate sourceGrouping(Node source, string sourceGroup) {

View File

@@ -1,3 +1,4 @@
private import DataFlowImplSpecific
private import codeql.dataflow.internal.DataFlowImplCommon
import MakeImplCommon<PythonDataFlow>
private import semmle.python.Files
import MakeImplCommon<Location, PythonDataFlow>

View File

@@ -15,7 +15,7 @@ module Public {
import DataFlowUtil
}
module PythonDataFlow implements InputSig {
module PythonDataFlow implements InputSig<Python::Location> {
import Private
import Public

View File

@@ -148,6 +148,7 @@ class Node extends TNode {
DataFlowCallable getEnclosingCallable() { result = getCallableScope(this.getScope()) }
/** Gets the location of this node */
cached
Location getLocation() { none() }
/**
@@ -157,8 +158,7 @@ class Node extends TNode {
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
cached
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
Stages::DataFlow::ref() and

View File

@@ -9,7 +9,7 @@ private import DataFlowImplSpecific as DataFlowImplSpecific
private import DataFlowImplSpecific::Private
private import DataFlowImplSpecific::Public
module Input implements InputSig<DataFlowImplSpecific::PythonDataFlow> {
module Input implements InputSig<Location, DataFlowImplSpecific::PythonDataFlow> {
class SummarizedCallableBase = string;
ArgumentPosition callbackSelfParameterPosition() { result.isLambdaSelf() }
@@ -27,6 +27,11 @@ module Input implements InputSig<DataFlowImplSpecific::PythonDataFlow> {
result = i.toString()
)
or
exists(int i |
pos.isPositionalLowerBound(i) and
result = i + ".."
)
or
exists(string name |
pos.isKeyword(name) and
result = name + ":"
@@ -83,7 +88,7 @@ module Input implements InputSig<DataFlowImplSpecific::PythonDataFlow> {
}
}
private import Make<DataFlowImplSpecific::PythonDataFlow, Input> as Impl
private import Make<Location, DataFlowImplSpecific::PythonDataFlow, Input> as Impl
private module StepsInput implements Impl::Private::StepsInputSig {
DataFlowCall getACall(Public::SummarizedCallable sc) {
@@ -195,6 +200,11 @@ module ParsePositions {
i = AccessPath::parseInt(c)
}
predicate isParsedArgumentLowerBoundPosition(string c, int i) {
isArgBody(c) and
i = AccessPath::parseLowerBound(c)
}
predicate isParsedKeywordArgumentPosition(string c, string argName) {
isArgBody(c) and
c = argName + ":"

View File

@@ -4,7 +4,8 @@
private import codeql.dataflow.TaintTracking
private import DataFlowImplSpecific
private import semmle.python.Files
module PythonTaintTracking implements InputSig<PythonDataFlow> {
module PythonTaintTracking implements InputSig<Location, PythonDataFlow> {
import TaintTrackingPrivate
}

View File

@@ -195,6 +195,8 @@ predicate copyStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
call = API::moduleImport("copy").getMember(["copy", "deepcopy"]).getACall() and
call.getArg(0) = nodeFrom
)
or
nodeTo.(DataFlow::MethodCallNode).calls(nodeFrom, "copy")
}
/**

View File

@@ -17,7 +17,7 @@ import Shared::ModelOutput as ModelOutput
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.ApiGraphs
private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.dataflow.new.FlowSummary
/**
* A remote flow source originating from a CSV source row.
@@ -28,20 +28,31 @@ private class RemoteFlowSourceFromCsv extends RemoteFlowSource {
override string getSourceType() { result = "Remote flow (from model)" }
}
/**
* Like `ModelOutput::summaryStep` but with API nodes mapped to data-flow nodes.
*/
private predicate summaryStepNodes(DataFlow::Node pred, DataFlow::Node succ, string kind) {
exists(API::Node predNode, API::Node succNode |
Specific::summaryStep(predNode, succNode, kind) and
pred = predNode.asSink() and
succ = succNode.asSource()
)
}
private class SummarizedCallableFromModel extends SummarizedCallable {
string type;
string path;
/** Taint steps induced by summary models of kind `taint`. */
private class TaintStepFromSummary extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
summaryStepNodes(pred, succ, "taint")
SummarizedCallableFromModel() {
ModelOutput::relevantSummaryModel(type, path, _, _, _) and
this = type + ";" + path
}
override DataFlow::CallCfgNode getACall() { ModelOutput::resolvedSummaryBase(type, path, result) }
override DataFlow::ArgumentNode getACallback() {
exists(API::Node base |
ModelOutput::resolvedSummaryRefBase(type, path, base) and
result = base.getAValueReachableFromSource()
)
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind) |
kind = "value" and
preservesValue = true
or
kind = "taint" and
preservesValue = false
)
}
}

View File

@@ -194,7 +194,7 @@ module Stages {
or
exists(any(DataFlowPublic::Node node).toString())
or
any(DataFlowPublic::Node node).hasLocationInfo(_, _, _, _, _)
exists(any(DataFlowPublic::Node node).getLocation())
or
DataFlowDispatch::resolveCall(_, _, _)
or