Merge branch 'main' of github.com:github/codeql into python-support-pathlib

2026-04-29 18:55:14 +02:00 · 2021-04-22 15:04:21 +02:00
parent b724e51cab 2b8afe55e8
commit 5a4e661e60
237 changed files with 5083 additions and 3039 deletions
--- a/python/ql/test/library-tests/frameworks/stdlib/CodeExecution.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/CodeExecution.py
@@ -32,8 +32,8 @@ def test_additional_taint():
    cmd3 = builtins.compile(src, "<filename>", "exec")

    ensure_tainted(
-        src,
-        cmd1,
-        cmd2,
-        cmd3,
+        src, # $ tainted
+        cmd1, # $ tainted
+        cmd2, # $ tainted
+        cmd3, # $ tainted
    )
--- a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected
+++ b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected
@@ -0,0 +1,3 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+failures
--- a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.ql
+++ b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.ql
@@ -0,0 +1 @@
+import experimental.meta.InlineTaintTest
--- a/python/ql/test/library-tests/frameworks/stdlib/TestTaint.expected
+++ b/python/ql/test/library-tests/frameworks/stdlib/TestTaint.expected
@@ -1,37 +0,0 @@
-| CodeExecution.py:35 | ok   | test_additional_taint | src |
-| CodeExecution.py:36 | ok   | test_additional_taint | cmd1 |
-| CodeExecution.py:37 | ok   | test_additional_taint | cmd2 |
-| CodeExecution.py:38 | ok   | test_additional_taint | cmd3 |
-| http_server.py:22 | ok   | test_cgi_FieldStorage_taint | form |
-| http_server.py:24 | ok   | test_cgi_FieldStorage_taint | form['key'] |
-| http_server.py:25 | ok   | test_cgi_FieldStorage_taint | form['key'].value |
-| http_server.py:26 | ok   | test_cgi_FieldStorage_taint | form['key'].file |
-| http_server.py:27 | ok   | test_cgi_FieldStorage_taint | form['key'].filename |
-| http_server.py:28 | ok   | test_cgi_FieldStorage_taint | form['key'][0] |
-| http_server.py:29 | ok   | test_cgi_FieldStorage_taint | form['key'][0].value |
-| http_server.py:30 | ok   | test_cgi_FieldStorage_taint | form['key'][0].file |
-| http_server.py:31 | ok   | test_cgi_FieldStorage_taint | form['key'][0].filename |
-| http_server.py:32 | fail | test_cgi_FieldStorage_taint | ListComp |
-| http_server.py:34 | ok   | test_cgi_FieldStorage_taint | form.getvalue(..) |
-| http_server.py:35 | ok   | test_cgi_FieldStorage_taint | form.getvalue(..)[0] |
-| http_server.py:37 | ok   | test_cgi_FieldStorage_taint | form.getfirst(..) |
-| http_server.py:39 | ok   | test_cgi_FieldStorage_taint | form.getlist(..) |
-| http_server.py:40 | ok   | test_cgi_FieldStorage_taint | form.getlist(..)[0] |
-| http_server.py:41 | fail | test_cgi_FieldStorage_taint | ListComp |
-| http_server.py:50 | ok   | taint_sources | self |
-| http_server.py:52 | ok   | taint_sources | self.requestline |
-| http_server.py:54 | ok   | taint_sources | self.path |
-| http_server.py:56 | ok   | taint_sources | self.headers |
-| http_server.py:57 | ok   | taint_sources | self.headers['Foo'] |
-| http_server.py:58 | ok   | taint_sources | self.headers.get(..) |
-| http_server.py:59 | fail | taint_sources | self.headers.get_all(..) |
-| http_server.py:60 | fail | taint_sources | self.headers.keys() |
-| http_server.py:61 | ok   | taint_sources | self.headers.values() |
-| http_server.py:62 | ok   | taint_sources | self.headers.items() |
-| http_server.py:63 | fail | taint_sources | self.headers.as_bytes() |
-| http_server.py:64 | fail | taint_sources | self.headers.as_string() |
-| http_server.py:65 | ok   | taint_sources | str(..) |
-| http_server.py:66 | ok   | taint_sources | bytes(..) |
-| http_server.py:68 | ok   | taint_sources | self.rfile |
-| http_server.py:69 | fail | taint_sources | self.rfile.read() |
-| http_server.py:78 | ok   | taint_sources | form |
--- a/python/ql/test/library-tests/frameworks/stdlib/TestTaint.ql
+++ b/python/ql/test/library-tests/frameworks/stdlib/TestTaint.ql
@@ -1,9 +0,0 @@
-import experimental.dataflow.tainttracking.TestTaintLib
-import semmle.python.dataflow.new.RemoteFlowSources
-
-class WithRemoteFlowSources extends TestTaintTrackingConfiguration {
-  override predicate isSource(DataFlow::Node source) {
-    super.isSource(source) or
-    source instanceof RemoteFlowSource
-  }
-}
--- a/python/ql/test/library-tests/frameworks/stdlib/http_server.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/http_server.py
@@ -19,26 +19,28 @@ def test_cgi_FieldStorage_taint():
    form = cgi.FieldStorage()

    ensure_tainted(
-        form,
+        form, # $ tainted

-        form['key'], # will be a list, if multiple fields named "key" are provided
-        form['key'].value,
-        form['key'].file,
-        form['key'].filename,
-        form['key'][0],
-        form['key'][0].value,
-        form['key'][0].file,
-        form['key'][0].filename,
-        [field.value for field in form['key']],
+        # `form['key']` will be a list, if multiple fields named "key" are provided
+        form['key'], # $ tainted
+        form['key'].value, # $ tainted
+        form['key'].file, # $ tainted
+        form['key'].filename, # $ tainted
+        form['key'][0], # $ tainted
+        form['key'][0].value, # $ tainted
+        form['key'][0].file, # $ tainted
+        form['key'][0].filename, # $ tainted
+        [field.value for field in form['key']], # $ MISSING: tainted

-        form.getvalue('key'), # will be a list, if multiple fields named "key" are provided
-        form.getvalue('key')[0],
+        # `form.getvalue('key')` will be a list, if multiple fields named "key" are provided
+        form.getvalue('key'), # $ tainted
+        form.getvalue('key')[0], # $ tainted

-        form.getfirst('key'),
+        form.getfirst('key'), # $ tainted

-        form.getlist('key'),
-        form.getlist('key')[0],
-        [field.value for field in form.getlist('key')],
+        form.getlist('key'), # $ tainted
+        form.getlist('key')[0], # $ tainted
+        [field.value for field in form.getlist('key')], # $ MISSING: tainted
    )


@@ -47,26 +49,26 @@ class MyHandler(BaseHTTPRequestHandler):
    def taint_sources(self):

        ensure_tainted(
-            self,
+            self, # $ tainted

-            self.requestline,
+            self.requestline, # $ tainted

-            self.path,
+            self.path, # $ tainted

-            self.headers,
-            self.headers['Foo'],
-            self.headers.get('Foo'),
-            self.headers.get_all('Foo'),
-            self.headers.keys(),
-            self.headers.values(),
-            self.headers.items(),
-            self.headers.as_bytes(),
-            self.headers.as_string(),
-            str(self.headers),
-            bytes(self.headers),
+            self.headers, # $ tainted
+            self.headers['Foo'], # $ tainted
+            self.headers.get('Foo'), # $ tainted
+            self.headers.get_all('Foo'), # $ MISSING: tainted
+            self.headers.keys(), # $ MISSING: tainted
+            self.headers.values(), # $ tainted
+            self.headers.items(), # $ tainted
+            self.headers.as_bytes(), # $ MISSING: tainted
+            self.headers.as_string(), # $ MISSING: tainted
+            str(self.headers), # $ tainted
+            bytes(self.headers), # $ tainted

-            self.rfile,
-            self.rfile.read(),
+            self.rfile, # $ tainted
+            self.rfile.read(), # $ MISSING: tainted
        )

        form = cgi.FieldStorage(
@@ -75,7 +77,7 @@ class MyHandler(BaseHTTPRequestHandler):
            environ={'REQUEST_METHOD': 'POST', 'CONTENT_TYPE': self.headers.get('content-type')},
        )

-        ensure_tainted(form)
+        ensure_tainted(form) # $ tainted


    def do_GET(self): # $ requestHandler