From 333367c07d10e69cc2df68dfa52bc094c583662c Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Fri, 16 Aug 2024 11:15:51 +0200 Subject: [PATCH] Python: Add threat-modeling of `raw_input` --- python/ql/lib/semmle/python/frameworks/Stdlib.model.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml b/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml index 34b9dceb8b2..53d918d07ac 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml @@ -14,6 +14,8 @@ extensions: - ['sys', 'Member[stdin]', 'stdin'] - ['builtins', 'Member[input].ReturnValue', 'stdin'] + - ['builtins', 'Member[raw_input].ReturnValue', 'stdin'] # python 2 only + # if no argument is given, the default is to use sys.argv[1:] - ['argparse.ArgumentParser', 'Member[parse_args,parse_known_args].WithArity[0].ReturnValue', 'commandargs']