hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Make "..Call" modeling classes extend DataFlow::CfgNode

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-10-14 10:44:58 +02:00
parent b0e79890e6
commit 4d9d2155fc
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/experimental/semmle/python/frameworks/Invoke.qll
View File

@@ -131,11 +131,11 @@ private module Invoke {
* - `invoke.run` or `invoke.sudo` functions (http://docs.pyinvoke.org/en/stable/api/__init__.html)
* - `run` or `sudo` methods on a `invoke.context.Context` instance (http://docs.pyinvoke.org/en/stable/api/context.html#invoke.context.Context.run)
*/
private class InvokeRunCommandCall extends SystemCommandExecution::Range {
private class InvokeRunCommandCall extends SystemCommandExecution::Range, DataFlow::CfgNode {
override CallNode node;
InvokeRunCommandCall() {
exists(DataFlow::Node callFunction |
this.asCfgNode().(CallNode).getFunction() = callFunction.asCfgNode()
|
exists(DataFlow::Node callFunction | node.getFunction() = callFunction.asCfgNode() |
callFunction = invoke_attr(["run", "sudo"])
or
callFunction = invoke::context::Context::instanceRunMethods()
@@ -143,9 +143,7 @@ private module Invoke {
}
override DataFlow::Node getCommand() {
result.asCfgNode() = this.asCfgNode().(CallNode).getArg(0)
or
result.asCfgNode() = this.asCfgNode().(CallNode).getArgByName("command")
result.asCfgNode() in [node.getArg(0), node.getArgByName("command")]
}
}
}