mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
Python: Autoformat
This commit is contained in:
Rasmus Wriedt Larsen
@@ -8,24 +8,23 @@
|
||||
* @tags security
|
||||
* external/cwe/cwe-327
|
||||
*/
|
||||
|
||||
import python
|
||||
import semmle.python.security.Paths
|
||||
import semmle.python.security.SensitiveData
|
||||
import semmle.python.security.Crypto
|
||||
|
||||
class BrokenCryptoConfiguration extends TaintTracking::Configuration {
|
||||
|
||||
BrokenCryptoConfiguration() { this = "Broken crypto configuration" }
|
||||
|
||||
override predicate isSource(TaintTracking::Source source) { source instanceof SensitiveDataSource }
|
||||
|
||||
override predicate isSink(TaintTracking::Sink sink) {
|
||||
sink instanceof WeakCryptoSink
|
||||
override predicate isSource(TaintTracking::Source source) {
|
||||
source instanceof SensitiveDataSource
|
||||
}
|
||||
|
||||
override predicate isSink(TaintTracking::Sink sink) { sink instanceof WeakCryptoSink }
|
||||
}
|
||||
|
||||
|
||||
from BrokenCryptoConfiguration config, TaintedPathSource src, TaintedPathSink sink
|
||||
where config.hasFlowPath(src, sink)
|
||||
select sink.getSink(), src, sink, "$@ is used in a broken or weak cryptographic algorithm.", src.getSource(), "Sensitive data"
|
||||
select sink.getSink(), src, sink, "$@ is used in a broken or weak cryptographic algorithm.",
|
||||
src.getSource(), "Sensitive data"
|
||||
|
||||
@@ -17,18 +17,15 @@ import semmle.python.security.TaintTracking
|
||||
import semmle.python.filters.Tests
|
||||
|
||||
class HardcodedValue extends TaintKind {
|
||||
|
||||
HardcodedValue() {
|
||||
this = "hard coded value"
|
||||
}
|
||||
|
||||
HardcodedValue() { this = "hard coded value" }
|
||||
}
|
||||
|
||||
bindingset[char, fraction]
|
||||
predicate fewer_characters_than(StrConst str, string char, float fraction) {
|
||||
exists(string text, int chars |
|
||||
text = str.getText() and
|
||||
chars = count(int i | text.charAt(i) = char) |
|
||||
chars = count(int i | text.charAt(i) = char)
|
||||
|
|
||||
/* Allow one character */
|
||||
chars = 1 or
|
||||
chars < text.length() * fraction
|
||||
@@ -47,22 +44,15 @@ predicate possible_reflective_name(string name) {
|
||||
exists(Object::builtin(name))
|
||||
}
|
||||
|
||||
int char_count(StrConst str) {
|
||||
result = count(string c | c = str.getText().charAt(_))
|
||||
}
|
||||
int char_count(StrConst str) { result = count(string c | c = str.getText().charAt(_)) }
|
||||
|
||||
predicate capitalized_word(StrConst str) {
|
||||
str.getText().regexpMatch("[A-Z][a-z]+")
|
||||
}
|
||||
predicate capitalized_word(StrConst str) { str.getText().regexpMatch("[A-Z][a-z]+") }
|
||||
|
||||
predicate format_string(StrConst str) {
|
||||
str.getText().matches("%{%}%")
|
||||
}
|
||||
predicate format_string(StrConst str) { str.getText().matches("%{%}%") }
|
||||
|
||||
predicate maybeCredential(ControlFlowNode f) {
|
||||
/* A string that is not too short and unlikely to be text or an identifier. */
|
||||
exists(StrConst str |
|
||||
str = f.getNode() |
|
||||
exists(StrConst str | str = f.getNode() |
|
||||
/* At least 10 characters */
|
||||
str.getText().length() > 9 and
|
||||
/* Not too much whitespace */
|
||||
@@ -70,10 +60,9 @@ predicate maybeCredential(ControlFlowNode f) {
|
||||
/* or underscores */
|
||||
fewer_characters_than(str, "_", 0.2) and
|
||||
/* Not too repetitive */
|
||||
exists(int chars |
|
||||
chars = char_count(str) |
|
||||
exists(int chars | chars = char_count(str) |
|
||||
chars > 15 or
|
||||
chars*3 > str.getText().length()*2
|
||||
chars * 3 > str.getText().length() * 2
|
||||
) and
|
||||
not possible_reflective_name(str.getText()) and
|
||||
not capitalized_word(str) and
|
||||
@@ -81,9 +70,7 @@ predicate maybeCredential(ControlFlowNode f) {
|
||||
)
|
||||
or
|
||||
/* Or, an integer with over 32 bits */
|
||||
exists(IntegerLiteral lit |
|
||||
f.getNode() = lit
|
||||
|
|
||||
exists(IntegerLiteral lit | f.getNode() = lit |
|
||||
not exists(lit.getValue()) and
|
||||
/* Not a set of flags or round number */
|
||||
not lit.getN().matches("%00%")
|
||||
@@ -91,33 +78,22 @@ predicate maybeCredential(ControlFlowNode f) {
|
||||
}
|
||||
|
||||
class HardcodedValueSource extends TaintSource {
|
||||
HardcodedValueSource() { maybeCredential(this) }
|
||||
|
||||
HardcodedValueSource() {
|
||||
maybeCredential(this)
|
||||
}
|
||||
|
||||
override predicate isSourceOf(TaintKind kind) {
|
||||
kind instanceof HardcodedValue
|
||||
}
|
||||
|
||||
override predicate isSourceOf(TaintKind kind) { kind instanceof HardcodedValue }
|
||||
}
|
||||
|
||||
class CredentialSink extends TaintSink {
|
||||
|
||||
CredentialSink() {
|
||||
exists(string name |
|
||||
name.regexpMatch(getACredentialRegex()) and
|
||||
not name.suffix(name.length()-4) = "file"
|
||||
|
|
||||
not name.suffix(name.length() - 4) = "file"
|
||||
|
|
||||
any(FunctionObject func).getNamedArgumentForCall(_, name) = this
|
||||
or
|
||||
exists(Keyword k |
|
||||
k.getArg() = name and k.getValue().getAFlowNode() = this
|
||||
)
|
||||
exists(Keyword k | k.getArg() = name and k.getValue().getAFlowNode() = this)
|
||||
or
|
||||
exists(CompareNode cmp, NameNode n |
|
||||
n.getId() = name
|
||||
|
|
||||
exists(CompareNode cmp, NameNode n | n.getId() = name |
|
||||
cmp.operands(this, any(Eq eq), n)
|
||||
or
|
||||
cmp.operands(n, any(Eq eq), this)
|
||||
@@ -125,40 +101,31 @@ class CredentialSink extends TaintSink {
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
override predicate sinks(TaintKind kind) {
|
||||
kind instanceof HardcodedValue
|
||||
}
|
||||
|
||||
override predicate sinks(TaintKind kind) { kind instanceof HardcodedValue }
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a regular expression for matching names of locations (variables, parameters, keys) that
|
||||
* indicate the value being held is a credential.
|
||||
*/
|
||||
* Gets a regular expression for matching names of locations (variables, parameters, keys) that
|
||||
* indicate the value being held is a credential.
|
||||
*/
|
||||
private string getACredentialRegex() {
|
||||
result = "(?i).*pass(wd|word|code|phrase)(?!.*question).*" or
|
||||
result = "(?i).*(puid|username|userid).*" or
|
||||
result = "(?i).*(cert)(?!.*(format|name)).*"
|
||||
result = "(?i).*pass(wd|word|code|phrase)(?!.*question).*" or
|
||||
result = "(?i).*(puid|username|userid).*" or
|
||||
result = "(?i).*(cert)(?!.*(format|name)).*"
|
||||
}
|
||||
|
||||
class HardcodedCredentialsConfiguration extends TaintTracking::Configuration {
|
||||
|
||||
HardcodedCredentialsConfiguration() { this = "Hardcoded coredentials configuration" }
|
||||
|
||||
override predicate isSource(TaintTracking::Source source) { source instanceof HardcodedValueSource }
|
||||
|
||||
override predicate isSink(TaintTracking::Sink sink) {
|
||||
sink instanceof CredentialSink
|
||||
override predicate isSource(TaintTracking::Source source) {
|
||||
source instanceof HardcodedValueSource
|
||||
}
|
||||
|
||||
override predicate isSink(TaintTracking::Sink sink) { sink instanceof CredentialSink }
|
||||
}
|
||||
|
||||
|
||||
|
||||
from HardcodedCredentialsConfiguration config, TaintedPathSource src, TaintedPathSink sink
|
||||
|
||||
where config.hasFlowPath(src, sink) and
|
||||
not any(TestScope test).contains(src.getAstNode())
|
||||
|
||||
where
|
||||
config.hasFlowPath(src, sink) and
|
||||
not any(TestScope test).contains(src.getAstNode())
|
||||
select sink.getSink(), src, sink, "Use of $@.", src.getSource(), "hardcoded credentials"
|
||||
|
||||
Reference in New Issue
Block a user