hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use dataflow instead of taint-tracking

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-02-14 14:52:37 +01:00
parent ba7dd38fc9
commit 69c8ef9898
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll
View File

@@ -73,8 +73,8 @@ module ZipFile {
* ``` * ```
*/ */
predicate zipFileDecompressionBombSanitizer(API::Node n) { predicate zipFileDecompressionBombSanitizer(API::Node n) {
TaintTracking::localExprTaint(n.getReturn().getMember("read").getParameter(0).asSink().asExpr(), DataFlow::localFlow(n.getReturn().getMember("read").getParameter(0).asSink(),
any(Compare i).getASubExpression*()) DataFlow::exprNode(any(Compare i).getASubExpression*()))
} }
/** /**

2
python/ql/src/experimental/semmle/python/security/FileAndFormRemoteFlowSource.qll
View File

@@ -37,7 +37,7 @@ module FileAndFormRemoteFlowSource {
exists(For f, Attribute attr | exists(For f, Attribute attr |
fastApiParam.getAValueReachableFromSource().asExpr() = f.getIter().getASubExpression*() fastApiParam.getAValueReachableFromSource().asExpr() = f.getIter().getASubExpression*()
| |
TaintTracking::localExprTaint(f.getIter(), attr.getObject()) and DataFlow::localFlow(DataFlow::exprNode(f.getIter()), DataFlow::exprNode(attr.getObject())) and
attr.getName() = ["filename", "content_type", "headers", "file", "read"] and attr.getName() = ["filename", "content_type", "headers", "file", "read"] and
this.asExpr() = attr this.asExpr() = attr
) )