Python: Promote xmltodict modeling

2026-05-01 19:55:15 +02:00 · 2022-03-31 10:28:34 +02:00
parent 80b5cde3a2
commit 7f5f7679f8
7 changed files with 43 additions and 22 deletions
--- a/docs/codeql/support/reusables/frameworks.rst
+++ b/docs/codeql/support/reusables/frameworks.rst
@@ -214,3 +214,4 @@ Python built-in support
   libtaxii, TAXII utility library
   libxml2, XML processing library
   lxml, XML processing library
+   xmltodict, XML processing library
--- a/python/ql/lib/semmle/python/Frameworks.qll
+++ b/python/ql/lib/semmle/python/Frameworks.qll
@@ -52,3 +52,4 @@ private import semmle.python.frameworks.Ujson
 private import semmle.python.frameworks.Urllib3
 private import semmle.python.frameworks.Yaml
 private import semmle.python.frameworks.Yarl
+private import semmle.python.frameworks.Xmltodict
--- a/python/ql/lib/semmle/python/frameworks/Xmltodict.qll
+++ b/python/ql/lib/semmle/python/frameworks/Xmltodict.qll
@@ -0,0 +1,39 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `xmltodict` PyPI package.
+ *
+ * See
+ * - https://pypi.org/project/xmltodict/
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.Concepts
+private import semmle.python.ApiGraphs
+
+/**
+ * Provides classes modeling security-relevant aspects of the `xmltodict` PyPI package
+ *
+ * See
+ * - https://pypi.org/project/xmltodict/
+ */
+private module Xmltodict {
+  /**
+   * A call to `xmltodict.parse`.
+   */
+  private class XMLtoDictParsing extends DataFlow::CallCfgNode, XML::XMLParsing::Range {
+    XMLtoDictParsing() { this = API::moduleImport("xmltodict").getMember("parse").getACall() }
+
+    override DataFlow::Node getAnInput() {
+      result in [this.getArg(0), this.getArgByName("xml_input")]
+    }
+
+    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
+      (kind.isBillionLaughs() or kind.isQuadraticBlowup()) and
+      this.getArgByName("disable_entities").getALocalSource().asExpr() = any(False f)
+    }
+
+    override predicate mayExecuteInput() { none() }
+
+    override DataFlow::Node getOutput() { result = this }
+  }
+}
--- a/python/ql/src/experimental/semmle/python/frameworks/Xml.qll
+++ b/python/ql/src/experimental/semmle/python/frameworks/Xml.qll
@@ -333,25 +333,3 @@ private module SaxBasedParsing {
    override DataFlow::Node getOutput() { result = this }
  }
 }
-
-private module Xmltodict {
-  /**
-   * A call to `xmltodict.parse`.
-   */
-  private class XMLtoDictParsing extends DataFlow::CallCfgNode, XML::XMLParsing::Range {
-    XMLtoDictParsing() { this = API::moduleImport("xmltodict").getMember("parse").getACall() }
-
-    override DataFlow::Node getAnInput() {
-      result in [this.getArg(0), this.getArgByName("xml_input")]
-    }
-
-    override predicate vulnerableTo(XML::XMLParsingVulnerabilityKind kind) {
-      (kind.isBillionLaughs() or kind.isQuadraticBlowup()) and
-      this.getArgByName("disable_entities").getALocalSource().asExpr() = any(False f)
-    }
-
-    override predicate mayExecuteInput() { none() }
-
-    override DataFlow::Node getOutput() { result = this }
-  }
-}
--- a/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.expected
--- a/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.ql
+++ b/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.ql
@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest
--- a/python/ql/test/experimental/library-tests/frameworks/XML/xmltodict.py
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/xmltodict.py