Merge branch 'main' into promote-xxe

2026-04-28 02:05:14 +02:00 · 2022-05-02 11:25:55 +02:00
parent bb6969a175 811a2c0053
commit 5f01fc24e4
1367 changed files with 27801 additions and 13183 deletions
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.1.0
+
 ## 0.0.13

 ## 0.0.12
--- a/python/ql/src/Classes/DefineEqualsWhenAddingAttributes.ql
+++ b/python/ql/src/Classes/DefineEqualsWhenAddingAttributes.ql
@@ -11,7 +11,6 @@
 */

 import python
-import semmle.python.SelfAttribute
 import Equality

 predicate class_stores_to_attribute(ClassValue cls, SelfAttributeStore store, string name) {
--- a/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql
+++ b/python/ql/src/Classes/MaybeUndefinedClassAttribute.ql
@@ -11,7 +11,6 @@
 */

 import python
-import semmle.python.SelfAttribute
 import ClassAttributes

 predicate guarded_by_other_attribute(SelfAttributeRead a, CheckClass c) {
--- a/python/ql/src/Classes/UndefinedClassAttribute.ql
+++ b/python/ql/src/Classes/UndefinedClassAttribute.ql
@@ -11,7 +11,6 @@
 */

 import python
-import semmle.python.SelfAttribute
 import ClassAttributes

 predicate undefined_class_attribute(SelfAttributeRead a, CheckClass c, int line, string name) {
--- a/python/ql/src/Expressions/Formatting/UnusedArgumentIn3101Format.ql
+++ b/python/ql/src/Expressions/Formatting/UnusedArgumentIn3101Format.ql
@@ -10,7 +10,6 @@
 * @id py/str-format/surplus-argument
 */

-import python
 import python
 import AdvancedFormatting

--- a/python/ql/src/Lexical/FCommentedOutCode.ql
+++ b/python/ql/src/Lexical/FCommentedOutCode.ql
@@ -10,7 +10,6 @@

 import python
 import Lexical.CommentedOutCode
-import python

 from File f, int n
 where n = count(CommentedOutCodeLine c | not c.maybeExampleCode() and c.getLocation().getFile() = f)
--- a/python/ql/src/Numerics/Pythagorean.ql
+++ b/python/ql/src/Numerics/Pythagorean.ql
@@ -10,36 +10,30 @@
 */

 import python
+import semmle.python.dataflow.new.DataFlow
+import semmle.python.ApiGraphs

-predicate squareOp(BinaryExpr e) {
-  e.getOp() instanceof Pow and e.getRight().(IntegerLiteral).getN() = "2"
-}
-
-predicate squareMul(BinaryExpr e) {
-  e.getOp() instanceof Mult and e.getRight().(Name).getId() = e.getLeft().(Name).getId()
-}
-
-predicate squareRef(Name e) {
-  e.isUse() and
-  exists(SsaVariable v, Expr s | v.getVariable() = e.getVariable() |
-    s = v.getDefinition().getNode().getParentNode().(AssignStmt).getValue() and
-    square(s)
+DataFlow::ExprNode squareOp() {
+  exists(BinaryExpr e | e = result.asExpr() |
+    e.getOp() instanceof Pow and e.getRight().(IntegerLiteral).getN() = "2"
  )
 }

-predicate square(Expr e) {
-  squareOp(e)
-  or
-  squareMul(e)
-  or
-  squareRef(e)
+DataFlow::ExprNode squareMul() {
+  exists(BinaryExpr e | e = result.asExpr() |
+    e.getOp() instanceof Mult and e.getRight().(Name).getId() = e.getLeft().(Name).getId()
+  )
 }

-from Call c, BinaryExpr s
+DataFlow::ExprNode square() { result in [squareOp(), squareMul()] }
+
+from DataFlow::CallCfgNode c, BinaryExpr s, DataFlow::ExprNode left, DataFlow::ExprNode right
 where
-  c.getFunc().toString() = "sqrt" and
-  c.getArg(0) = s and
+  c = API::moduleImport("math").getMember("sqrt").getACall() and
+  c.getArg(0).asExpr() = s and
  s.getOp() instanceof Add and
-  square(s.getLeft()) and
-  square(s.getRight())
+  left.asExpr() = s.getLeft() and
+  right.asExpr() = s.getRight() and
+  left.getALocalSource() = square() and
+  right.getALocalSource() = square()
 select c, "Pythagorean calculation with sub-optimal numerics"
--- a/python/ql/src/Resources/FileOpen.qll
+++ b/python/ql/src/Resources/FileOpen.qll
@@ -1,7 +1,6 @@
 /** Contains predicates concerning when and where files are opened and closed. */

 import python
-import semmle.python.GuardedControlFlow
 import semmle.python.pointsto.Filters

 /** Holds if `open` is a call that returns a newly opened file */
--- a/python/ql/src/Security/CWE-215/FlaskDebug.ql
+++ b/python/ql/src/Security/CWE-215/FlaskDebug.ql
@@ -27,9 +27,9 @@ private DataFlow::TypeTrackingNode truthyLiteral(DataFlow::TypeTracker t) {
 /** Gets a reference to a truthy literal. */
 DataFlow::Node truthyLiteral() { truthyLiteral(DataFlow::TypeTracker::end()).flowsTo(result) }

-from DataFlow::CallCfgNode call, DataFlow::Node debugArg
+from API::CallNode call, DataFlow::Node debugArg
 where
-  call.getFunction() = Flask::FlaskApp::instance().getMember("run").getAUse() and
+  call = Flask::FlaskApp::instance().getMember("run").getACall() and
  debugArg in [call.getArg(2), call.getArgByName("debug")] and
  debugArg = truthyLiteral()
 select call,
--- a/python/ql/src/Security/CWE-730/PolynomialBackTracking.ql
+++ b/python/ql/src/Security/CWE-730/PolynomialBackTracking.ql
@@ -1,6 +0,0 @@
-import python
-import semmle.python.security.performance.SuperlinearBackTracking
-
-from PolynomialBackTrackingTerm t
-where t.getLocation().getFile().getBaseName() = "KnownCVEs.py"
-select t.getRegex(), t, t.getReason()
--- a/python/ql/src/analysis/ImportFailure.qhelp
+++ b/python/ql/src/analysis/ImportFailure.qhelp
@@ -21,7 +21,7 @@ Ensure that all required modules and packages can be found when running the extr
 </recommendation>
 <references>

-<li>Semmle Tutorial: <a href="https://help.semmle.com/codeql/codeql-cli/procedures/create-codeql-database.html">Creating a CodeQL database</a>.</li>
+<li>CodeQL Tutorial: <a href="https://codeql.github.com/docs/codeql-cli/creating-codeql-databases">Creating CodeQL databases</a>.</li>


 </references>
--- a/python/ql/src/change-notes/released/0.1.0.md
+++ b/python/ql/src/change-notes/released/0.1.0.md
@@ -0,0 +1 @@
+## 0.1.0
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.13
+lastReleaseVersion: 0.1.0
--- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
+++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
@@ -1,8 +1,8 @@
 private import python
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
-private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.dataflow.new.DataFlow

 /**
 * A data flow source of the client ip obtained according to the remote endpoint identifier specified
--- a/python/ql/src/experimental/semmle/python/frameworks/Flask.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Flask.qll
@@ -27,17 +27,8 @@ module ExperimentalFlask {
  }

  /** Gets a reference to a header instance. */
-  private DataFlow::LocalSourceNode headerInstance(DataFlow::TypeTracker t) {
-    t.start() and
-    result.(DataFlow::AttrRead).getObject().getALocalSource() =
-      [Flask::Response::classRef(), flaskMakeResponse()].getReturn().getAUse()
-    or
-    exists(DataFlow::TypeTracker t2 | result = headerInstance(t2).track(t2, t))
-  }
-
-  /** Gets a reference to a header instance use. */
-  private DataFlow::Node headerInstance() {
-    headerInstance(DataFlow::TypeTracker::end()).flowsTo(result)
+  private DataFlow::LocalSourceNode headerInstance() {
+    result = [Flask::Response::classRef(), flaskMakeResponse()].getReturn().getAMember().getAUse()
  }

  /** Gets a reference to a header instance call/subscript */
--- a/python/ql/src/experimental/semmle/python/frameworks/NoSQL.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/NoSQL.qll
@@ -64,7 +64,7 @@ private module NoSql {
      or
      result.(DataFlow::AttrRead).getObject() = mongoInstance().getAUse()
      or
-      result = mongoDBInstance().getAUse()
+      result = mongoDBInstance().getAnImmediateUse()
    )
    or
    exists(DataFlow::TypeTracker t2 | result = mongoDB(t2).track(t2, t))
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.1.0-dev
+version: 0.1.1-dev
 groups: 
  - python
  - queries