hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

all forms considered+ more unicode normalize sink

Browse Source
This commit is contained in:
Sim4n6
2023-05-02 21:18:37 +01:00
parent 083cd612cd
commit 6d3fdc3a07
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll
View File

@@ -54,9 +54,20 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
exists(API::CallNode cn |
cn = API::moduleImport("unicodedata").getMember("normalize").getACall() and
cn.getArg(0).asExpr().(Str).getS() = ["NFC", "NFKC"] and
sink = cn.getArg(1) and
state instanceof PostValidation
)
sink = cn.getArg(1)
or
cn = API::moduleImport("unidecode").getMember("unidecode").getACall() and
sink = cn.getArg(0)
or
cn = API::moduleImport("pyunormalize").getMember(["NFC", "NFD", "NFKC", "NFKD"]).getACall() and
sink = cn.getArg(0)
or
cn = API::moduleImport("pyunormalize").getMember(["normalize"]).getACall() and
sink = cn.getArg(1)
or
cn = API::moduleImport("textnorm").getMember(["normalize_unicode"]).getACall() and
sink = cn.getArg(0)
) and
state instanceof PostValidation
}
}