python: add machinery for MaD barriers

and reinstate previously removed barrier now as a MaD row
2026-04-28 10:15:14 +02:00 · 2025-12-10 01:43:14 +01:00
parent 699ed50432
commit 3dbfb9fa4b
56 changed files with 606 additions and 82 deletions
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -584,10 +584,6 @@ class GuardNode extends ControlFlowNode {

 /**
 * Holds if the guard `g` validates `node` upon evaluating to `branch`.
- *
- * The expression `e` is expected to be a syntactic part of the guard `g`.
- * For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
- * the argument `x`.
 */
 signature predicate guardChecksSig(GuardNode g, ControlFlowNode node, boolean branch);

@@ -600,15 +596,65 @@ signature predicate guardChecksSig(GuardNode g, ControlFlowNode node, boolean br
 module BarrierGuard<guardChecksSig/3 guardChecks> {
  /** Gets a node that is safely guarded by the given guard check. */
  ExprNode getABarrierNode() {
+    result = ParameterizedBarrierGuard<Unit, extendedGuardChecks/4>::getABarrierNode(_)
+  }
+
+  private predicate extendedGuardChecks(GuardNode g, ControlFlowNode node, boolean branch, Unit u) {
+    guardChecks(g, node, branch) and
+    u = u
+  }
+}
+
+bindingset[this]
+private signature class ParamSig;
+
+private module WithParam<ParamSig P> {
+  signature predicate guardChecksSig(GuardNode g, ControlFlowNode node, boolean branch, P param);
+}
+
+/**
+ * Provides a set of barrier nodes for a guard that validates a node.
+ *
+ * This is expected to be used in `isBarrier`/`isSanitizer` definitions
+ * in data flow and taint tracking.
+ */
+module ParameterizedBarrierGuard<ParamSig P, WithParam<P>::guardChecksSig/4 guardChecks> {
+  /** Gets a node that is safely guarded by the given guard check with parameter `param`. */
+  ExprNode getABarrierNode(P param) {
    exists(GuardNode g, EssaDefinition def, ControlFlowNode node, boolean branch |
      AdjacentUses::useOfDef(def, node) and
-      guardChecks(g, node, branch) and
+      guardChecks(g, node, branch, param) and
      AdjacentUses::useOfDef(def, result.asCfgNode()) and
      g.controlsBlock(result.asCfgNode().getBasicBlock(), branch)
    )
  }
 }

+/**
+ * Provides a set of barrier nodes for a guard that validates a node as described by an external predicate.
+ *
+ * This is expected to be used in `isBarrier`/`isSanitizer` definitions
+ * in data flow and taint tracking.
+ */
+module ExternalBarrierGuard {
+  private import semmle.python.ApiGraphs
+
+  private predicate guardCheck(GuardNode g, ControlFlowNode node, boolean branch, string kind) {
+    exists(API::CallNode call, API::Node parameter |
+      parameter = call.getAParameter() and
+      parameter = ModelOutput::getABarrierGuardNode(kind, branch)
+    |
+      g = call.asCfgNode() and
+      node = parameter.asSink().asCfgNode()
+    )
+  }
+
+  /** Gets a node that is an external barrier of the given kind. */
+  ExprNode getAnExternalBarrierNode(string kind) {
+    result = ParameterizedBarrierGuard<string, guardCheck/4>::getABarrierNode(kind)
+  }
+}
+
 /**
 * Algebraic datatype for tracking data content associated with values.
 * Content can be collection elements or object attributes.
--- a/python/ql/lib/semmle/python/frameworks/Django.model.yml
+++ b/python/ql/lib/semmle/python/frameworks/Django.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/python-all
+      extensible: barrierGuardModel
+    data:
+      - ['django', 'Member[utils].Member[http].Member[url_has_allowed_host_and_scheme].Argument[0,url:]', "true", 'url-redirection']
--- a/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll
@@ -24,9 +24,9 @@ private import semmle.python.Concepts
 * A threat-model flow source originating from a data extension.
 */
 private class ThreatModelSourceFromDataExtension extends ThreatModelSource::Range {
-  ThreatModelSourceFromDataExtension() { this = ModelOutput::getASourceNode(_).asSource() }
+  ThreatModelSourceFromDataExtension() { ModelOutput::sourceNode(this, _) }

-  override string getThreatModel() { this = ModelOutput::getASourceNode(result).asSource() }
+  override string getThreatModel() { ModelOutput::sourceNode(this, result) }

  override string getSourceType() {
    result = "Source node (" + this.getThreatModel() + ") [from data-extension]"
--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
@@ -344,6 +344,26 @@ private predicate sinkModel(string type, string path, string kind, string model)
  )
 }

+/** Holds if a barrier model exists for the given parameters. */
+private predicate barrierModel(string type, string path, string kind, string model) {
+  // No deprecation adapter for barrier models, they were not around back then.
+  exists(QlBuiltins::ExtensionId madId |
+    Extensions::barrierModel(type, path, kind, madId) and
+    model = "MaD:" + madId.toString()
+  )
+}
+
+/** Holds if a barrier guard model exists for the given parameters. */
+private predicate barrierGuardModel(
+  string type, string path, string branch, string kind, string model
+) {
+  // No deprecation adapter for barrier models, they were not around back then.
+  exists(QlBuiltins::ExtensionId madId |
+    Extensions::barrierGuardModel(type, path, branch, kind, madId) and
+    model = "MaD:" + madId.toString()
+  )
+}
+
 /** Holds if a summary model `row` exists for the given parameters. */
 private predicate summaryModel(
  string type, string path, string input, string output, string kind, string model
@@ -400,6 +420,8 @@ predicate isRelevantType(string type) {
  (
    sourceModel(type, _, _, _) or
    sinkModel(type, _, _, _) or
+    barrierModel(type, _, _, _) or
+    barrierGuardModel(type, _, _, _, _) or
    summaryModel(type, _, _, _, _, _) or
    typeModel(_, type, _)
  ) and
@@ -427,6 +449,8 @@ predicate isRelevantFullPath(string type, string path) {
  (
    sourceModel(type, path, _, _) or
    sinkModel(type, path, _, _) or
+    barrierModel(type, path, _, _) or
+    barrierGuardModel(type, path, _, _, _) or
    summaryModel(type, path, _, _, _, _) or
    typeModel(_, type, path)
  )
@@ -747,6 +771,32 @@ module ModelOutput {
      )
    }

+    /**
+     * Holds if a barrier model contributed `barrier` with the given `kind`.
+     */
+    cached
+    API::Node getABarrierNode(string kind, string model) {
+      exists(string type, string path |
+        barrierModel(type, path, kind, model) and
+        result = getNodeFromPath(type, path)
+      )
+    }
+
+    /**
+     * Holds if a barrier model contributed `barrier` with the given `kind` for the given `branch`.
+     */
+    cached
+    API::Node getABarrierGuardNode(string kind, boolean branch, string model) {
+      exists(string type, string path, string branch_str |
+        branch = true and branch_str = "true"
+        or
+        branch = false and branch_str = "false"
+      |
+        barrierGuardModel(type, path, branch_str, kind, model) and
+        result = getNodeFromPath(type, path)
+      )
+    }
+
    /**
     * Holds if a relevant summary exists for these parameters.
     */
@@ -789,15 +839,46 @@ module ModelOutput {
  private import codeql.mad.ModelValidation as SharedModelVal

  /**
-   * Holds if a CSV source model contributed `source` with the given `kind`.
+   * Holds if an external model contributed `source` with the given `kind`.
   */
  API::Node getASourceNode(string kind) { result = getASourceNode(kind, _) }

  /**
-   * Holds if a CSV sink model contributed `sink` with the given `kind`.
+   * Holds if an external model contributed `sink` with the given `kind`.
   */
  API::Node getASinkNode(string kind) { result = getASinkNode(kind, _) }

+  /**
+   * Holds if an external model contributed `barrier` with the given `kind`.
+   */
+  API::Node getABarrierNode(string kind) { result = getABarrierNode(kind, _) }
+
+  /**
+   * Holds if an external model contributed `barrier-guard` with the given `kind` and `branch`.
+   */
+  API::Node getABarrierGuardNode(string kind, boolean branch) {
+    result = getABarrierGuardNode(kind, branch, _)
+  }
+
+  /**
+   * Holds if `node` is specified as a source with the given kind in an external model.
+   */
+  predicate sourceNode(DataFlow::Node node, string kind) { node = getASourceNode(kind).asSource() }
+
+  /**
+   * Holds if `node` is specified as a sink with the given kind in an external model.
+   */
+  predicate sinkNode(DataFlow::Node node, string kind) { node = getASinkNode(kind).asSink() }
+
+  /**
+   * Holds if `node` is specified as a barrier with the given kind in an external model.
+   */
+  predicate barrierNode(DataFlow::Node node, string kind) {
+    node = getABarrierNode(kind).asSource()
+    or
+    node = DataFlow::ExternalBarrierGuard::getAnExternalBarrierNode(kind)
+  }
+
  private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
    predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind, _) }

--- a/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -20,6 +20,26 @@ extensible predicate sourceModel(
 */
 extensible predicate sinkModel(string type, string path, string kind, QlBuiltins::ExtensionId madId);

+/**
+ * Holds if the value at `(type, path)` should be seen as a barrier
+ * of the given `kind` and `madId` is the data extension row number.
+ */
+extensible predicate barrierModel(
+  string type, string path, string kind, QlBuiltins::ExtensionId madId
+);
+
+/**
+ * Holds if the value at `(type, path)` should be seen as a barrier guard
+ * of the given `kind` and `madId` is the data extension row number.
+ * `path` is assumed to lead to a parameter of a call (possibly `self`), and
+ * the call is guarding the parameter.
+ * `branch` is either `true` or `false`, indicating which branch of the guard
+ * is protecting the parameter.
+ */
+extensible predicate barrierGuardModel(
+  string type, string path, string branch, string kind, QlBuiltins::ExtensionId madId
+);
+
 /**
 * Holds if in calls to `(type, path)`, the value referred to by `input`
 * can flow to the value referred to by `output` and `madId` is the data
--- a/python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml
+++ b/python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml
@@ -11,6 +11,16 @@ extensions:
      extensible: sinkModel
    data: []

+  - addsTo:
+      pack: codeql/python-all
+      extensible: barrierModel
+    data: []
+
+  - addsTo:
+      pack: codeql/python-all
+      extensible: barrierGuardModel
+    data: []
+
  - addsTo:
      pack: codeql/python-all
      extensible: summaryModel
--- a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll
@@ -50,7 +50,7 @@ module CodeInjection {
  }

  private class SinkFromModel extends Sink {
-    SinkFromModel() { this = ModelOutput::getASinkNode("code-injection").asSink() }
+    SinkFromModel() { ModelOutput::sinkNode(this, "code-injection") }
  }

  /**
--- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll
@@ -85,7 +85,7 @@ module CommandInjection {
  }

  private class SinkFromModel extends Sink {
-    SinkFromModel() { this = ModelOutput::getASinkNode("command-injection").asSink() }
+    SinkFromModel() { ModelOutput::sinkNode(this, "command-injection") }
  }

  /**
--- a/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
@@ -78,7 +78,7 @@ module LogInjection {
  }

  private class SinkFromModel extends Sink {
-    SinkFromModel() { this = ModelOutput::getASinkNode("log-injection").asSink() }
+    SinkFromModel() { ModelOutput::sinkNode(this, "log-injection") }
  }

  /**
--- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
@@ -88,7 +88,7 @@ module PathInjection {
  private import semmle.python.frameworks.data.ModelsAsData

  private class DataAsFileSink extends Sink {
-    DataAsFileSink() { this = ModelOutput::getASinkNode("path-injection").asSink() }
+    DataAsFileSink() { ModelOutput::sinkNode(this, "path-injection") }
  }

  /**
--- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
@@ -46,9 +46,7 @@ module ReflectedXss {
   * A data flow sink for "reflected cross-site scripting" vulnerabilities.
   */
  private class SinkFromModel extends Sink {
-    SinkFromModel() {
-      this = ModelOutput::getASinkNode(["html-injection", "js-injection"]).asSink()
-    }
+    SinkFromModel() { ModelOutput::sinkNode(this, ["html-injection", "js-injection"]) }
  }

  /**
--- a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll
@@ -67,6 +67,6 @@ module SqlInjection {

  /** A sink for sql-injection from model data. */
  private class DataAsSqlSink extends Sink {
-    DataAsSqlSink() { this = ModelOutput::getASinkNode("sql-injection").asSink() }
+    DataAsSqlSink() { ModelOutput::sinkNode(this, "sql-injection") }
  }
 }
--- a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll
@@ -55,7 +55,7 @@ module UnsafeDeserialization {
  }

  private class SinkFromModel extends Sink {
-    SinkFromModel() { this = ModelOutput::getASinkNode("unsafe-deserialization").asSink() }
+    SinkFromModel() { ModelOutput::sinkNode(this, "unsafe-deserialization") }
  }

  /**
--- a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll
@@ -7,6 +7,7 @@
 private import python
 private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.frameworks.data.ModelsAsData
@@ -95,8 +96,11 @@ module UrlRedirect {
    }
  }

+  /**
+   * A sink for URL redirection defined via models-as-data.
+   */
  private class SinkFromModel extends Sink {
-    SinkFromModel() { this = ModelOutput::getASinkNode("url-redirection").asSink() }
+    SinkFromModel() { ModelOutput::sinkNode(this, "url-redirection") }
  }

  /**
@@ -156,4 +160,18 @@ module UrlRedirect {

  /** DEPRECATED: Use ConstCompareAsSanitizerGuard instead. */
  deprecated class StringConstCompareAsSanitizerGuard = ConstCompareAsSanitizerGuard;
+
+  /**
+   * A sanitizer defined via models-as-data with kind "url-redirection".
+   */
+  class SanitizerFromModel extends Sanitizer {
+    SanitizerFromModel() {
+      this = DataFlow::ExternalBarrierGuard::getAnExternalBarrierNode("url-redirection")
+    }
+
+    override predicate sanitizes(FlowState state) {
+      // sanitize all flow states
+      any()
+    }
+  }
 }