hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

continue to convert paramiko query to a more general query,

Browse Source 
the proxy command is not a secondary command execution
so we can add proxy command to SystemCommandExecution::Range, update QLDocs,
add a proper Paramiko test case
fix a typo
This commit is contained in:
amammad
2024-02-24 18:30:50 +04:00
committed by Taus
parent 5fea71e5d6
commit 4df73f9975
12 changed files with 105 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/DataflowQueryTest.ql
View File

@@ -1,4 +1,4 @@
import python
import experimental.dataflow.TestUtil.DataflowQueryTest
import experimental.semmle.python.security.SecondaryServerCmdInjection
import FromTaintTrackingConfig<ParamikoConfig>
import FromTaintTrackingConfig<SecondaryCommandInjectionConfig>

2
python/ql/test/experimental/query-tests/Security/CWE-074-SecondaryServerCmdInjection/paramiko.py
View File

@@ -23,5 +23,5 @@ async def read_item(cmd: str):
@app.get("/bad3")
async def read_item(cmd: str):
stdin, stdout, stderr = paramiko_ssh_client.connect('hostname', username='user',password='yourpassword',sock=paramiko.ProxyCommand(cmd)) # $ result=BAD
paramiko_ssh_client.connect('hostname', username='user',password='yourpassword',sock=paramiko.ProxyCommand(cmd)) # $ result=BAD
return {"success": "OK"}