hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use dataflow instead of taint-tracking

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-02-14 14:52:37 +01:00
parent ba7dd38fc9
commit 69c8ef9898
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll
View File

@@ -73,8 +73,8 @@ module ZipFile {
* ```
*/
predicate zipFileDecompressionBombSanitizer(API::Node n) {
TaintTracking::localExprTaint(n.getReturn().getMember("read").getParameter(0).asSink().asExpr(),
any(Compare i).getASubExpression*())
DataFlow::localFlow(n.getReturn().getMember("read").getParameter(0).asSink(),
DataFlow::exprNode(any(Compare i).getASubExpression*()))
}
/**

2
python/ql/src/experimental/semmle/python/security/FileAndFormRemoteFlowSource.qll
View File

@@ -37,7 +37,7 @@ module FileAndFormRemoteFlowSource {
exists(For f, Attribute attr |
fastApiParam.getAValueReachableFromSource().asExpr() = f.getIter().getASubExpression*()
|
TaintTracking::localExprTaint(f.getIter(), attr.getObject()) and
DataFlow::localFlow(DataFlow::exprNode(f.getIter()), DataFlow::exprNode(attr.getObject())) and
attr.getName() = ["filename", "content_type", "headers", "file", "read"] and
this.asExpr() = attr
)