hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

python: various fixes

Browse Source 
- compilation
- alerts
- some review comments
This commit is contained in:
yoff
2022-05-11 12:28:58 +00:00
committed by GitHub
parent f67be52b99
commit 4445cf152a
4 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
View File

@@ -65,13 +65,17 @@ private class DefaultSafeExternalApi extends SafeExternalApi {
/** A node representing data being passed to an external API through a call. */
class ExternalApiDataNode extends DataFlow::Node {
DataFlowPrivate::DataFlowSourceCall call;
DataFlowPrivate::NonLibraryDataFlowCallable callable;
int i;
ExternalApiDataNode() {
exists(call.getLocation().getFile().getRelativePath()) and
callable = call.getCallable() and
exists(DataFlowPrivate::DataFlowSourceCall call |
exists(call.getLocation().getFile().getRelativePath())
|
callable = call.getCallable() and
// TODO: this ignores some complexity of keyword arguments (especially keyword-only args)
this = call.getArg(i)
) and
not any(SafeExternalApi safe).getSafeCallable() = callable and
exists(Value cv | cv = callable.getCallableValue() |
cv.isAbsent()
@@ -82,8 +86,6 @@ class ExternalApiDataNode extends DataFlow::Node {
or
not exists(cv.(CallableValue).getScope().getLocation().getFile().getRelativePath())
) and
// TODO: this ignores some complexity of keyword arguments (especially keyword-only args)
this = call.getArg(i) and
// Not already modeled as a taint step
not exists(DataFlow::Node next | TaintTrackingPrivate::defaultAdditionalTaintStep(this, next)) and
// for `list.append(x)`, we have a additional taint step from x -> [post] list.