hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Polish qhelp and libraries

Browse Source
This commit is contained in:
jorgectf
2021-10-27 18:47:19 +02:00
parent f9b244ecad
commit 350cbb4c5d
5 changed files with 9 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.qhelp
View File

@@ -27,4 +27,4 @@ empty key. Both examples leave the payload insecurely encoded.
<li>Python-Jose: <a href="https://github.com/mpdavis/python-jose">Documentation</a>.</li>
<li>Auth0 Blog: <a href="https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/#Meet-the--None--Algorithm">Meet the "None" Algorithm</a>.</li>
</references>
</qhelp>
</qhelp>

2
python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.qhelp
View File

@@ -27,4 +27,4 @@ argument set to <code>False</code>.
<li>Authlib JWT: <a href="https://docs.authlib.org/en/latest/specs/rfc7519.html">Documentation</a>.</li>
<li>Python-Jose: <a href="https://github.com/mpdavis/python-jose">Documentation</a>.</li>
</references>
</qhelp>
</qhelp>

8
python/ql/src/experimental/semmle/python/libraries/Authlib.qll
View File

@@ -4,12 +4,12 @@ private import semmle.python.ApiGraphs
private import experimental.semmle.python.frameworks.JWT
private module Authlib {
/** Gets a reference to `authlib.jose` */
private API::Node authlib() { result = API::moduleImport("authlib.jose") }
/** Gets a reference to `authlib.jose.(jwt|JsonWebToken)` */
private API::Node authlibJWT() {
result in [authlib().getMember("jwt"), authlib().getMember("JsonWebToken").getReturn()]
result in [
API::moduleImport("authlib.jose").getMember("jwt"),
API::moduleImport("authlib.jose").getMember("JsonWebToken").getReturn()
]
}
/** Gets a reference to `jwt.encode` */

7
python/ql/src/experimental/semmle/python/libraries/PyJWT.qll
View File

@@ -4,14 +4,11 @@ private import semmle.python.ApiGraphs
private import experimental.semmle.python.frameworks.JWT
private module PyJWT {
/** Gets a reference to `jwt` */
private API::Node pyjwt() { result = API::moduleImport("jwt") }
/** Gets a reference to `jwt.encode` */
private API::Node pyjwtEncode() { result = pyjwt().getMember("encode") }
private API::Node pyjwtEncode() { result = API::moduleImport("jwt").getMember("encode") }
/** Gets a reference to `jwt.decode` */
private API::Node pyjwtDecode() { result = pyjwt().getMember("decode") }
private API::Node pyjwtDecode() { result = API::moduleImport("jwt").getMember("decode") }
// def encode(self, payload, key, algorithm="HS256", headers=None, json_encoder=None)
private class PyJWTEncodeCall extends DataFlow::CallCfgNode, JWTEncoding::Range {

5
python/ql/src/experimental/semmle/python/libraries/PythonJose.qll
View File

@@ -4,11 +4,8 @@ private import semmle.python.ApiGraphs
private import experimental.semmle.python.frameworks.JWT
private module PythonJose {
/** Gets a reference to `jose` */
private API::Node jose() { result = API::moduleImport("jose") }
/** Gets a reference to `jwt` */
private API::Node joseJWT() { result = jose().getMember("jwt") }
private API::Node joseJWT() { result = API::moduleImport("jose").getMember("jwt") }
/** Gets a reference to `jwt.encode` */
private API::Node joseJWTEncode() { result = joseJWT().getMember("encode") }