PR init

2025-12-20 10:46:30 +01:00 · 2021-03-30 17:51:17 +02:00
parent 7f16c52217
commit 517a9202ce
11 changed files with 169 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.qhelp
+++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.qhelp
@@ -0,0 +1,17 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+</overview>
+
+<recommendation>
+<recommendation>
+
+<example>
+<example>
+
+<references>
+</references>
+</qhelp>
--- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql
@@ -0,0 +1,20 @@
+/**
+ * @name NoSQL Injection
+ * @description Building a NoSQL query from user-controlled sources is vulnerable to insertion of
+ *              malicious NoSQL code by the user.
+ * @kind path-problem
+ * @problem.severity error
+ * @id python/nosql-injection
+ * @tags experimental
+ *       security
+ *       external/cwe/cwe-943
+ */
+
+import python
+import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+// https://ghsecuritylab.slack.com/archives/CQJU6RN49/p1617022135088100
+import semmle.python.dataflow.new.TaintTracking2
+import DataFlow::PathGraph
+// from, where, select statements
--- a/python/ql/src/experimental/semmle/python/Concepts.qll
+++ b/python/ql/src/experimental/semmle/python/Concepts.qll
@@ -13,3 +13,13 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.TaintTracking
 private import experimental.semmle.python.Frameworks
+
+/**
+ * To-Do:
+ *
+ * NoSQLExecution: Collects functions that execute nosql queries
+ *  getNoSQLNode - get (Sink) argument holding the query
+ * NoSQLEscape: Collects functions that escape nosql queries
+ *  getNoSQLEscapeNode - get argument holding the query to-sanitize
+ */
+module NoSQLExecution { }
--- a/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
@@ -9,3 +9,11 @@ private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import experimental.semmle.python.Concepts
 private import semmle.python.ApiGraphs
+
+/**
+ * PyMongoQuery
+ * MongoEngineQuery
+ * Custom escapes
+ */
+private module NoSQL { }
+// introduce more json libs like python\ql\src\semmle\python\frameworks\Stdlib.qll:941
--- a/python/ql/src/experimental/semmle/python/security/injection/NoSQLInjection.qll
+++ b/python/ql/src/experimental/semmle/python/security/injection/NoSQLInjection.qll
@@ -0,0 +1,13 @@
+import python
+import experimental.semmle.python.Concepts
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
+import semmle.python.dataflow.new.RemoteFlowSources
+
+/**
+ * Create custom sink to cast in main query
+ * This file will hold all configs
+ */
+class Foo extends DataFlow::Node {
+  Foo() { none() }
+}