hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Implement framework sinks

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2020-10-09 16:13:47 +02:00
parent 0d8bd01e10
commit 4bd56fdbe4
6 changed files with 165 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-502/ConceptsTest.expected
View File

@@ -1,4 +0,0 @@
| unsafe_deserialization.py:12:28:12:45 | Comment # $getData=payload | Missing result:getData=payload |
| unsafe_deserialization.py:13:25:13:42 | Comment # $getData=payload | Missing result:getData=payload |
| unsafe_deserialization.py:14:29:14:46 | Comment # $getData=payload | Missing result:getData=payload |
| unsafe_deserialization.py:16:26:16:43 | Comment # $getData=payload | Missing result:getData=payload |

13
python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-502/UnsafeDeserialization.expected
View File

@@ -1,3 +1,16 @@
edges
| unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:12:18:12:24 | ControlFlowNode for payload |
| unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:13:15:13:21 | ControlFlowNode for payload |
| unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:14:19:14:25 | ControlFlowNode for payload |
| unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:16:16:16:22 | ControlFlowNode for payload |
nodes
| unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| unsafe_deserialization.py:12:18:12:24 | ControlFlowNode for payload | semmle.label | ControlFlowNode for payload |
| unsafe_deserialization.py:13:15:13:21 | ControlFlowNode for payload | semmle.label | ControlFlowNode for payload |
| unsafe_deserialization.py:14:19:14:25 | ControlFlowNode for payload | semmle.label | ControlFlowNode for payload |
| unsafe_deserialization.py:16:16:16:22 | ControlFlowNode for payload | semmle.label | ControlFlowNode for payload |
#select
| unsafe_deserialization.py:12:18:12:24 | ControlFlowNode for payload | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:12:18:12:24 | ControlFlowNode for payload | Deserializing of $@. | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | untrusted input |
| unsafe_deserialization.py:13:15:13:21 | ControlFlowNode for payload | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:13:15:13:21 | ControlFlowNode for payload | Deserializing of $@. | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | untrusted input |
| unsafe_deserialization.py:14:19:14:25 | ControlFlowNode for payload | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:14:19:14:25 | ControlFlowNode for payload | Deserializing of $@. | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | untrusted input |
| unsafe_deserialization.py:16:16:16:22 | ControlFlowNode for payload | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | unsafe_deserialization.py:16:16:16:22 | ControlFlowNode for payload | Deserializing of $@. | unsafe_deserialization.py:11:15:11:26 | ControlFlowNode for Attribute | untrusted input |