hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Disregard module-time reads.

Browse Source
This commit is contained in:
Taus Brock-Nannestad
2020-09-15 18:25:24 +02:00
parent 2e737eda1e
commit 7cdd290b90
5 changed files with 47 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll
View File

@@ -169,7 +169,11 @@ class ModuleVariableNode extends Node, TModuleVariableNode {
GlobalVariable getVariable() { result = var }
/** Gets a node that reads this variable. */
Node getARead() { result.asCfgNode() = var.getALoad().getAFlowNode() }
Node getARead() {
result.asCfgNode() = var.getALoad().getAFlowNode() and
// Ignore reads that happen when the module is imported. These are only executed once.
not result.getScope() = mod
}
/** Gets an `EssaNode` that corresponds to an assignment of this global variable. */
Node getAWrite() {

10
python/ql/test/experimental/dataflow/coverage/dataflow.expected
View File

@@ -1,12 +1,4 @@
edges
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE |
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE |
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE |
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:73:18:73:23 | ControlFlowNode for SOURCE |
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:80:20:80:25 | ControlFlowNode for SOURCE |
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | datamodel.py:81:20:81:25 | ControlFlowNode for SOURCE |
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:13:1:13:6 | GSSA Variable SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:71:15:71:20 | ControlFlowNode for SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | datamodel.py:72:18:72:23 | ControlFlowNode for SOURCE |
@@ -153,8 +145,6 @@ edges
| test.py:504:9:504:14 | ControlFlowNode for SOURCE | test.py:506:10:506:10 | ControlFlowNode for a |
| test.py:504:9:504:14 | ControlFlowNode for SOURCE | test.py:511:10:511:10 | ControlFlowNode for b |
nodes
| datamodel.py:0:0:0:0 | ModuleVariableNode for Global Variable SOURCE in Module datamodel | semmle.label | ModuleVariableNode for Global Variable SOURCE in Module datamodel |
| datamodel.py:13:1:13:6 | GSSA Variable SOURCE | semmle.label | GSSA Variable SOURCE |
| datamodel.py:13:10:13:17 | ControlFlowNode for Str | semmle.label | ControlFlowNode for Str |
| datamodel.py:38:6:38:17 | ControlFlowNode for f() | semmle.label | ControlFlowNode for f() |
| datamodel.py:38:8:38:13 | ControlFlowNode for SOURCE | semmle.label | ControlFlowNode for SOURCE |

10
python/ql/test/experimental/dataflow/global-flow/test.py
View File

@@ -17,15 +17,17 @@ print(unreferenced_g)
# Modification by reassignment
g_mod = [10] # $writes=g_mod
print(g_mod) # $reads=g_mod
g_mod = []
# Immediate reassignment -- no modification possible.
g_mod = [10] # $f+:writes=g_mod
print(g_mod) # Could potentially be redefined here.
g_mod = [100] # $writes=g_mod
# Modification by mutation
g_ins = [50] # $writes=g_ins
print(g_ins) # $reads=g_ins
g_ins.insert(75) # $reads=g_ins
print(g_ins)
g_ins.insert(75)
# A global with multiple potential definitions

18
python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected
View File

@@ -1,7 +1,25 @@
| test.py:0:0:0:0 | GSSA Variable tainted3 | test.py:4:1:4:13 | GSSA Variable tainted3 |
| test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:1:4:13 | GSSA Variable tainted |
| test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted |
| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:20:12:20:17 | ControlFlowNode for SOURCE |
| test.py:4:1:4:4 | ControlFlowNode for SINK | test.py:14:1:14:4 | ControlFlowNode for SINK |
| test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func |
| test.py:6:1:6:11 | GSSA Variable tainted2 | test.py:8:5:8:22 | GSSA Variable tainted2 |
| test.py:6:1:6:11 | GSSA Variable tainted3 | test.py:8:5:8:22 | GSSA Variable tainted3 |
| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:5:8:22 | SSA variable also_tainted |
| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted |
| test.py:13:1:13:8 | GSSA Variable tainted2 | test.py:14:1:14:14 | GSSA Variable tainted2 |
| test.py:13:1:13:8 | GSSA Variable tainted2 | test.py:14:6:14:13 | ControlFlowNode for tainted2 |
| test.py:13:12:13:21 | ControlFlowNode for NON_SOURCE | test.py:13:1:13:8 | GSSA Variable tainted2 |
| test.py:13:12:13:21 | ControlFlowNode for NON_SOURCE | test.py:21:12:21:21 | ControlFlowNode for NON_SOURCE |
| test.py:14:1:14:4 | ControlFlowNode for SINK | test.py:22:1:22:4 | ControlFlowNode for SINK |
| test.py:14:1:14:14 | GSSA Variable tainted2 | test.py:22:1:22:14 | GSSA Variable tainted2 |
| test.py:16:1:16:19 | ControlFlowNode for FunctionExpr | test.py:16:5:16:16 | GSSA Variable write_global |
| test.py:18:16:18:21 | ControlFlowNode for SOURCE | test.py:18:5:18:12 | GSSA Variable tainted2 |
| test.py:21:1:21:8 | GSSA Variable tainted3 | test.py:22:1:22:14 | GSSA Variable tainted3 |
| test.py:21:1:21:8 | GSSA Variable tainted3 | test.py:22:6:22:13 | ControlFlowNode for tainted3 |
| test.py:21:12:21:21 | ControlFlowNode for NON_SOURCE | test.py:21:1:21:8 | GSSA Variable tainted3 |
| test.py:24:1:24:22 | ControlFlowNode for FunctionExpr | test.py:24:5:24:19 | GSSA Variable use_of_tainted3 |
| test.py:26:16:26:25 | ControlFlowNode for NON_SOURCE | test.py:26:5:26:12 | GSSA Variable tainted3 |

18
python/ql/test/experimental/dataflow/tainttracking/basic/test.py
View File

@@ -6,3 +6,21 @@ SINK(tainted)
def func():
also_tainted = SOURCE
SINK(also_tainted)
# Various instances where flow is undesirable
tainted2 = NON_SOURCE
SINK(tainted2)
def write_global():
global tainted2
tainted2 = SOURCE
tainted3 = SOURCE
tainted3 = NON_SOURCE
SINK(tainted3)
def use_of_tainted3():
global tainted3
tainted3 = NON_SOURCE