hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6884 from geoffw0/setliterals

Browse Source 
Replace or chains with set literals.
This commit is contained in:
Geoffrey White
2021-10-18 16:46:55 +01:00
committed by GitHub
parent b67032d1cc a0e501c3a9
commit 3f3c79f48f
53 changed files with 908 additions and 2750 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll
View File

@@ -15,72 +15,35 @@
*/
private module AlgorithmNames {
predicate isStrongHashingAlgorithm(string name) {
name = "DSA" or
name = "ED25519" or
name = "ES256" or
name = "ECDSA256" or
name = "ES384" or
name = "ECDSA384" or
name = "ES512" or
name = "ECDSA512" or
name = "SHA2" or
name = "SHA224" or
name = "SHA256" or
name = "SHA384" or
name = "SHA512" or
name = "SHA3" or
name = "SHA3224" or
name = "SHA3256" or
name = "SHA3384" or
name = "SHA3512"
name =
[
"DSA", "ED25519", "ES256", "ECDSA256", "ES384", "ECDSA384", "ES512", "ECDSA512", "SHA2",
"SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512"
]
}
predicate isWeakHashingAlgorithm(string name) {
name = "HAVEL128" or
name = "MD2" or
name = "MD4" or
name = "MD5" or
name = "PANAMA" or
name = "RIPEMD" or
name = "RIPEMD128" or
name = "RIPEMD256" or
name = "RIPEMD160" or
name = "RIPEMD320" or
name = "SHA0" or
name = "SHA1"
name =
[
"HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", "RIPEMD256", "RIPEMD160",
"RIPEMD320", "SHA0", "SHA1"
]
}
predicate isStrongEncryptionAlgorithm(string name) {
name = "AES" or
name = "AES128" or
name = "AES192" or
name = "AES256" or
name = "AES512" or
name = "RSA" or
name = "RABBIT" or
name = "BLOWFISH"
name = ["AES", "AES128", "AES192", "AES256", "AES512", "RSA", "RABBIT", "BLOWFISH"]
}
predicate isWeakEncryptionAlgorithm(string name) {
name = "DES" or
name = "3DES" or
name = "TRIPLEDES" or
name = "TDEA" or
name = "TRIPLEDEA" or
name = "ARC2" or
name = "RC2" or
name = "ARC4" or
name = "RC4" or
name = "ARCFOUR" or
name = "ARC5" or
name = "RC5"
name =
[
"DES", "3DES", "TRIPLEDES", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4", "ARCFOUR",
"ARC5", "RC5"
]
}
predicate isStrongPasswordHashingAlgorithm(string name) {
name = "ARGON2" or
name = "PBKDF2" or
name = "BCRYPT" or
name = "SCRYPT"
name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
}
predicate isWeakPasswordHashingAlgorithm(string name) { none() }

29
python/ql/lib/semmle/python/objects/TObject.qll
View File

@@ -387,7 +387,7 @@ private predicate concrete_class(PythonClassObjectInternal cls) {
not exists(Raise r, Name ex |
r.getScope() = f and
(r.getException() = ex or r.getException().(Call).getFunc() = ex) and
(ex.getId() = "NotImplementedError" or ex.getId() = "NotImplemented")
ex.getId() = ["NotImplementedError", "NotImplemented"]
)
)
)
@@ -437,11 +437,7 @@ predicate missing_imported_module(ControlFlowNode imp, Context ctx, string name)
* Helper for missing modules to determine if name `x.y` is a module `x.y` or
* an attribute `y` of module `x`. This list should be added to as required.
*/
predicate common_module_name(string name) {
name = "zope.interface"
or
name = "six.moves"
}
predicate common_module_name(string name) { name = ["zope.interface", "six.moves"] }
/**
* A declaration of a class, either a built-in class or a source definition
@@ -482,16 +478,11 @@ library class ClassDecl extends @py_object {
*/
predicate isSpecial() {
exists(string name | this = Builtin::special(name) |
name = "type" or
name = "super" or
name = "bool" or
name = "NoneType" or
name = "tuple" or
name = "property" or
name = "ClassMethod" or
name = "StaticMethod" or
name = "MethodType" or
name = "ModuleType"
name =
[
"type", "super", "bool", "NoneType", "tuple", "property", "ClassMethod", "StaticMethod",
"MethodType", "ModuleType"
]
)
}
@@ -514,11 +505,7 @@ library class ClassDecl extends @py_object {
/** Holds if this class is the abstract base class */
predicate isAbstractBaseClass(string name) {
exists(Module m |
m.getName() = "_abcoll"
or
m.getName() = "_collections_abc"
|
exists(Module m | m.getName() = ["_abcoll", "_collections_abc"] |
this.getClass().getScope() = m and
this.getName() = name
)

6
python/ql/lib/semmle/python/security/ClearText.qll
View File

@@ -47,11 +47,7 @@ module ClearTextLogging {
meth.getObject(name).(NameNode).getId().matches("logg%") and
call.getAnArg() = this
|
name = "error" or
name = "warn" or
name = "warning" or
name = "debug" or
name = "info"
name = ["error", "warn", "warning", "debug", "info"]
)
}
}

14
python/ql/lib/semmle/python/security/injection/Command.qll
View File

@@ -13,18 +13,11 @@ import semmle.python.security.strings.Untrusted
/** Abstract taint sink that is potentially vulnerable to malicious shell commands. */
abstract class CommandSink extends TaintSink { }
private ModuleObject osOrPopenModule() {
result.getName() = "os" or
result.getName() = "popen2"
}
private ModuleObject osOrPopenModule() { result.getName() = ["os", "popen2"] }
private Object makeOsCall() {
exists(string name | result = ModuleObject::named("subprocess").attr(name) |
name = "Popen" or
name = "call" or
name = "check_call" or
name = "check_output" or
name = "run"
name = ["Popen", "call", "check_call", "check_output", "run"]
)
}
@@ -65,8 +58,7 @@ class ShellCommand extends CommandSink {
call.getAnArg() = this and
call.getFunction().refersTo(osOrPopenModule().attr(name))
|
name = "system" or
name = "popen" or
name = ["system", "popen"] or
name.matches("popen_")
)
or