Python: Add threat-modeling of raw_input

2026-04-06 15:44:01 +02:00 · 2024-08-16 11:15:51 +02:00
parent 7d3793e718
commit 333367c07d
1 changed files with 2 additions and 0 deletions
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml
@@ -14,6 +14,8 @@ extensions:

      - ['sys', 'Member[stdin]', 'stdin']
      - ['builtins', 'Member[input].ReturnValue', 'stdin']
+      - ['builtins', 'Member[raw_input].ReturnValue', 'stdin'] # python 2 only
+

      # if no argument is given, the default is to use sys.argv[1:]
      - ['argparse.ArgumentParser', 'Member[parse_args,parse_known_args].WithArity[0].ReturnValue', 'commandargs']