hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 13:46:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-23 12:18:56 +00:00
parent c01db23f58
commit 61bd8682df
20 changed files with 190 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/Security/CWE-022/PathInjection.ql
View File

@@ -26,8 +26,6 @@ import semmle.python.web.HttpRequest
import semmle.python.security.injection.Path
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "This path depends on $@.", src, "a user-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "This path depends on $@.", src.getSource(), "a user-provided value"

7
python/ql/src/Security/CWE-078/CommandInjection.ql
View File

@@ -23,7 +23,6 @@ import semmle.python.web.HttpRequest
/* Sinks */
import semmle.python.security.injection.Command
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "This command depends on $@.", src, "a user-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "This command depends on $@.", src.getSource(), "a user-provided value"

9
python/ql/src/Security/CWE-079/ReflectedXss.ql
View File

@@ -25,9 +25,6 @@ import semmle.python.web.HttpResponse
/* Flow */
import semmle.python.security.strings.Untrusted
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "Cross-site scripting vulnerability due to $@.",
src, "user-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "Cross-site scripting vulnerability due to $@.", src.getSource(), "user-provided value"

7
python/ql/src/Security/CWE-089/SqlInjection.ql
View File

@@ -23,7 +23,6 @@ import semmle.python.web.django.Db
import semmle.python.web.django.Model
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "This SQL query depends on $@.", src, "a user-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "This SQL query depends on $@.", src.getSource(), "a user-provided value"

7
python/ql/src/Security/CWE-094/CodeInjection.ql
View File

@@ -24,7 +24,6 @@ import semmle.python.web.HttpRequest
import semmle.python.security.injection.Exec
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "$@ flows to here and is interpreted as code.", src, "User-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "$@ flows to here and is interpreted as code.", src.getSource(), "User-provided value"

6
python/ql/src/Security/CWE-209/StackTraceExposure.ql
View File

@@ -18,6 +18,6 @@ import semmle.python.security.Paths
import semmle.python.security.Exceptions
import semmle.python.web.HttpResponse
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "$@ may be exposed to an external user", src, "Error information"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "$@ may be exposed to an external user", src.getSource(), "Error information"

7
python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
View File

@@ -25,7 +25,6 @@ import semmle.python.security.injection.Marshal
import semmle.python.security.injection.Yaml
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "Deserializing of $@.", src, "untrusted input"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "Deserializing of $@.", src.getSource(), "untrusted input"

7
python/ql/src/Security/CWE-601/UrlRedirect.ql
View File

@@ -28,8 +28,7 @@ class UntrustedPrefixStringKind extends UntrustedStringKind {
}
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "Untrusted URL redirection due to $@.", src, "a user-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "Untrusted URL redirection due to $@.", src.getSource(), "a user-provided value"