v1

2026-05-04 21:25:44 +02:00 · 2023-02-16 17:14:32 +01:00
parent 7cfe15c304
commit 54582031d8
6 changed files with 169 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-074/paramiko/paramiko.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074/paramiko/paramiko.expected
@@ -0,0 +1,16 @@
+edges
+| paramiko.py:15:21:15:23 | ControlFlowNode for cmd | paramiko.py:16:62:16:64 | ControlFlowNode for cmd |
+| paramiko.py:20:21:20:23 | ControlFlowNode for cmd | paramiko.py:21:70:21:72 | ControlFlowNode for cmd |
+| paramiko.py:25:21:25:23 | ControlFlowNode for cmd | paramiko.py:26:114:26:139 | ControlFlowNode for Attribute() |
+nodes
+| paramiko.py:15:21:15:23 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
+| paramiko.py:16:62:16:64 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
+| paramiko.py:20:21:20:23 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
+| paramiko.py:21:70:21:72 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
+| paramiko.py:25:21:25:23 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
+| paramiko.py:26:114:26:139 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+subpaths
+#select
+| paramiko.py:16:62:16:64 | ControlFlowNode for cmd | paramiko.py:15:21:15:23 | ControlFlowNode for cmd | paramiko.py:16:62:16:64 | ControlFlowNode for cmd | This code execution depends on a $@. | paramiko.py:15:21:15:23 | ControlFlowNode for cmd | a user-provided value |
+| paramiko.py:21:70:21:72 | ControlFlowNode for cmd | paramiko.py:20:21:20:23 | ControlFlowNode for cmd | paramiko.py:21:70:21:72 | ControlFlowNode for cmd | This code execution depends on a $@. | paramiko.py:20:21:20:23 | ControlFlowNode for cmd | a user-provided value |
+| paramiko.py:26:114:26:139 | ControlFlowNode for Attribute() | paramiko.py:25:21:25:23 | ControlFlowNode for cmd | paramiko.py:26:114:26:139 | ControlFlowNode for Attribute() | This code execution depends on a $@. | paramiko.py:25:21:25:23 | ControlFlowNode for cmd | a user-provided value |
--- a/python/ql/test/experimental/query-tests/Security/CWE-074/paramiko/paramiko.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074/paramiko/paramiko.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+
+from fastapi import FastAPI
+import paramiko
+from paramiko import SSHClient
+paramiko_ssh_client = SSHClient()
+paramiko_ssh_client.load_system_host_keys()
+paramiko_ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+paramiko_ssh_client.connect(hostname="127.0.0.1", port="22", username="ssh_user_name", pkey="k", timeout=11, banner_timeout=200)
+
+app = FastAPI()
+
+
+@app.get("/bad1")
+async def read_item(cmd: str):
+    stdin, stdout, stderr = paramiko_ssh_client.exec_command(cmd)
+    return {"success": stdout}
+
+@app.get("/bad2")
+async def read_item(cmd: str):
+    stdin, stdout, stderr = paramiko_ssh_client.exec_command(command=cmd)
+    return {"success": "OK"}
+
+@app.get("/bad3")
+async def read_item(cmd: str):
+    stdin, stdout, stderr = paramiko_ssh_client.connect('hostname', username='user',password='yourpassword',sock=paramiko.ProxyCommand(cmd))
+    return {"success": "OK"}
--- a/python/ql/test/experimental/query-tests/Security/CWE-074/paramiko/paramiko.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074/paramiko/paramiko.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-074/paramiko/paramiko.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-074/paramiko/paramiko.ql`