hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Tarslip query: Fix up sanitizers.

Browse Source
This commit is contained in:
Mark Shannon
2019-06-19 15:00:02 +01:00
parent a15a89206e
commit 39b7a69abd
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/Security/CWE-022/TarSlip.ql
View File

@@ -90,6 +90,8 @@ class ExcludeTarFilePy extends Sanitizer {
taint instanceof OpenTarFile
or
taint instanceof TarFileInfo
or
taint.(SequenceKind).getItem() instanceof TarFileInfo
)
}
@@ -162,9 +164,9 @@ class TarFileInfoSanitizer extends Sanitizer {
private predicate path_sanitizing_test(ControlFlowNode test) {
/* Assume that any test with "path" in it is a sanitizer */
test.getAChild+().(AttrNode).getName() = "path"
test.getAChild+().(AttrNode).getName().matches("%path")
or
test.getAChild+().(NameNode).getId() = "path"
test.getAChild+().(NameNode).getId().matches("%path")
}
class TarSlipConfiguration extends TaintTracking::Configuration {

2
python/ql/src/semmle/python/security/Paths.qll
View File

@@ -5,7 +5,7 @@ import semmle.python.security.TaintTracking
query predicate edges(TaintedNode fromnode, TaintedNode tonode) {
fromnode.getASuccessor() = tonode and
/* Don't record flow past sinks */
not fromnode.isVulnerableSink()
not fromnode.isSink()
}
private TaintedNode first_child(TaintedNode parent) {