hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: New query to test for requests without validation.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-22 17:31:45 +00:00
parent f0206a2ff4
commit 45e864a395
4 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
python/ql/src/Security/CWE-295/RequestWithoutValidation.ql Normal file
View File

@@ -0,0 +1,30 @@
/**
* @name Request Without Certificate Validation
* @description Making a request without certificate validation can allow man-in-the-middle attacks.
* @kind problem
* @problem.severity error
* @precision medium
* @id py/request-without-cert-validation
* @tags security
* external/cwe/cwe-295
*/
import python
import semmle.python.web.Http
FunctionObject requestFunction() {
exists(ModuleObject req |
req.getName() = "requests" and
result = req.getAttribute(httpVerbLower())
)
}
from CallNode call, FunctionObject func, ControlFlowNode false_
where
func = requestFunction() and
func.getACall() = call and
call.getArgByName("verify").refersTo(theFalseObject(), false_)
select call, "Call to $@ with verify=$@", func, "requests." + func.getName(), false_, "False"

4
python/ql/test/query-tests/Security/CWE-295/RequestWithoutValidation.expected Normal file
View File

@@ -0,0 +1,4 @@
| make_request.py:5:1:5:48 | ControlFlowNode for Attribute() | Call to $@ with verify=$@ | ../lib/requests.py:2:1:2:36 | Function get | requests.get | make_request.py:5:43:5:47 | ControlFlowNode for False | False |
| make_request.py:7:1:7:49 | ControlFlowNode for Attribute() | Call to $@ with verify=$@ | ../lib/requests.py:11:1:11:46 | Function post | requests.post | make_request.py:7:44:7:48 | ControlFlowNode for False | False |
| make_request.py:12:1:12:39 | ControlFlowNode for put() | Call to $@ with verify=$@ | ../lib/requests.py:14:1:14:34 | Function put | requests.put | make_request.py:12:34:12:38 | ControlFlowNode for False | False |
| make_request.py:28:5:28:46 | ControlFlowNode for patch() | Call to $@ with verify=$@ | ../lib/requests.py:17:1:17:36 | Function patch | requests.patch | make_request.py:30:6:30:10 | ControlFlowNode for False | False |

1
python/ql/test/query-tests/Security/CWE-295/RequestWithoutValidation.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-295/RequestWithoutValidation.ql

1
python/ql/test/query-tests/Security/CWE-295/options Normal file
View File

@@ -0,0 +1 @@
semmle-extractor-options: -p ../lib/ --max-import-depth=3