Python: Update CWE-312 queries to use new taint-tracking configuration.

2026-05-05 21:55:19 +02:00 · 2019-08-30 11:21:04 +01:00
parent 811815aa4e
commit 3f740d6efe
6 changed files with 32 additions and 24 deletions
--- a/python/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/python/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -1,8 +1,6 @@
 edges
-| password_in_cookie.py:7:16:7:27 | dict of externally controlled string | password_in_cookie.py:7:16:7:43 | externally controlled string |
-| password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password |
-| password_in_cookie.py:7:16:7:43 | externally controlled string | password_in_cookie.py:9:33:9:40 | externally controlled string |
 | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
 #select
-| test.py:8:35:8:42 | Taint sink | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is logged here. | test.py:7:16:7:29 | Taint source | a call returning a password |
-| test.py:14:30:14:39 | Taint sink | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is logged here. | test.py:14:30:14:39 | Taint source | a call returning a certificate or key |
+| test.py:8:35:8:42 | password | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is logged here. | test.py:7:16:7:29 | get_password() | a call returning a password |
+| test.py:14:30:14:39 | get_cert() | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is logged here. | test.py:14:30:14:39 | get_cert() | a call returning a certificate or key |
+| test.py:17:11:17:24 | get_password() | test.py:17:11:17:24 | a password | test.py:17:11:17:24 | a password | Sensitive data returned by $@ is logged here. | test.py:17:11:17:24 | get_password() | a call returning a password |
--- a/python/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
+++ b/python/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
@@ -1,7 +1,6 @@
 edges
-| password_in_cookie.py:7:16:7:27 | dict of externally controlled string | password_in_cookie.py:7:16:7:43 | externally controlled string |
 | password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password |
-| password_in_cookie.py:7:16:7:43 | externally controlled string | password_in_cookie.py:9:33:9:40 | externally controlled string |
-| test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
+| test.py:20:12:20:21 | a certificate or key | test.py:22:20:22:23 | a certificate or key |
 #select
-| password_in_cookie.py:9:33:9:40 | Taint sink | password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password | Sensitive data from $@ is stored here. | password_in_cookie.py:7:16:7:43 | Taint source | a request parameter containing a password |
+| password_in_cookie.py:9:33:9:40 | password | password_in_cookie.py:7:16:7:43 | a password | password_in_cookie.py:9:33:9:40 | a password | Sensitive data from $@ is stored here. | password_in_cookie.py:7:16:7:43 | Attribute() | a request parameter containing a password |
+| test.py:22:20:22:23 | cert | test.py:20:12:20:21 | a certificate or key | test.py:22:20:22:23 | a certificate or key | Sensitive data from $@ is stored here. | test.py:20:12:20:21 | get_cert() | a call returning a certificate or key |
--- a/python/ql/test/query-tests/Security/CWE-312/test.py
+++ b/python/ql/test/query-tests/Security/CWE-312/test.py
@@ -13,3 +13,10 @@ def get_cert():
 def log_cert():
    logging.debug("Cert=%s", get_cert())

+def print_password():
+    print(get_password())
+
+def write_cert(filename):
+    cert = get_cert()
+    with open(filename, "w") as file:
+        file.write(cert)