From 0462809edcf42f6da8ea8b6dfa81505bb8a7e147 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 24 Sep 2024 20:49:05 +0200 Subject: [PATCH 1/3] Python: add taint test for urllib --- .../frameworks/urllib/InlineTaintTest.expected | 4 ++++ .../library-tests/frameworks/urllib/InlineTaintTest.ql | 2 ++ .../test/library-tests/frameworks/urllib/taint_test.py | 10 ++++++++++ 3 files changed, 16 insertions(+) create mode 100644 python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.expected create mode 100644 python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.ql create mode 100644 python/ql/test/library-tests/frameworks/urllib/taint_test.py diff --git a/python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.expected new file mode 100644 index 00000000000..366de37b867 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.expected @@ -0,0 +1,4 @@ +argumentToEnsureNotTaintedNotMarkedAsSpurious +untaintedArgumentToEnsureTaintedNotMarkedAsMissing +testFailures +failures diff --git a/python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.ql new file mode 100644 index 00000000000..8524da5fe7d --- /dev/null +++ b/python/ql/test/library-tests/frameworks/urllib/InlineTaintTest.ql @@ -0,0 +1,2 @@ +import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/urllib/taint_test.py b/python/ql/test/library-tests/frameworks/urllib/taint_test.py new file mode 100644 index 00000000000..ad64ce37f24 --- /dev/null +++ b/python/ql/test/library-tests/frameworks/urllib/taint_test.py @@ -0,0 +1,10 @@ +import urllib.parse + +def test(): + ts = TAINTED_STRING + + params = urllib.parse.parse_qs(ts) + + ensure_tainted( + params, # $ MISSING: tainted + ) From 768d866e72da521f942c449c45aa0ec298fbe22e Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 24 Sep 2024 20:52:00 +0200 Subject: [PATCH 2/3] python: model `urllib.parse.parse_qs` --- python/ql/lib/semmle/python/frameworks/Stdlib.model.yml | 2 ++ python/ql/test/library-tests/frameworks/urllib/taint_test.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml b/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml index 107fffdbfb8..683b0aa9b3d 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.model.yml @@ -134,6 +134,8 @@ extensions: - ["traceback.StackSummary", "Member[from_list]", "Argument[0,a_list:]", "ReturnValue", "taint"] # See https://docs.python.org/3/library/typing.html#typing.cast - ["typing", "Member[cast]", "Argument[1,val:]", "ReturnValue", "value"] + # See https://docs.python.org/3/library/urllib.parse.html#urllib.parse.parse_qs + - ["urllib", "Member[parse].Member[parse_qs]", "Argument[0,qs:]", "ReturnValue", "taint"] # See https://docs.python.org/3/library/urllib.parse.html#urllib.parse.quote - ["urllib", "Member[parse].Member[quote]", "Argument[0,string:]", "ReturnValue", "taint"] # See https://docs.python.org/3/library/urllib.parse.html#urllib.parse.quote_plus diff --git a/python/ql/test/library-tests/frameworks/urllib/taint_test.py b/python/ql/test/library-tests/frameworks/urllib/taint_test.py index ad64ce37f24..b24c31be14c 100644 --- a/python/ql/test/library-tests/frameworks/urllib/taint_test.py +++ b/python/ql/test/library-tests/frameworks/urllib/taint_test.py @@ -6,5 +6,5 @@ def test(): params = urllib.parse.parse_qs(ts) ensure_tainted( - params, # $ MISSING: tainted + params, # $ tainted ) From 777279dc29cf812a6d3e50e06b692c0c0b3effcb Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Thu, 3 Oct 2024 13:29:56 +0200 Subject: [PATCH 3/3] Python: MaD test expectations --- .../Security/CWE-409/DecompressionBombs.expected | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected b/python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected index 2b16f9ef178..7763cf2ad15 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected @@ -1,23 +1,23 @@ edges | test.py:10:16:10:24 | ControlFlowNode for file_path | test.py:11:21:11:29 | ControlFlowNode for file_path | provenance | | | test.py:11:5:11:35 | ControlFlowNode for Attribute() | test.py:11:5:11:52 | ControlFlowNode for Attribute() | provenance | Config | -| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:35 | ControlFlowNode for Attribute() | provenance | MaD:82 | +| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:35 | ControlFlowNode for Attribute() | provenance | MaD:83 | | test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:52 | ControlFlowNode for Attribute() | provenance | Config | | test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:12:21:12:29 | ControlFlowNode for file_path | provenance | | | test.py:12:5:12:35 | ControlFlowNode for Attribute() | test.py:12:5:12:48 | ControlFlowNode for Attribute() | provenance | Config | -| test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:12:5:12:35 | ControlFlowNode for Attribute() | provenance | MaD:82 | +| test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:12:5:12:35 | ControlFlowNode for Attribute() | provenance | MaD:83 | | test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:12:5:12:48 | ControlFlowNode for Attribute() | provenance | Config | | test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:14:26:14:34 | ControlFlowNode for file_path | provenance | | | test.py:14:10:14:35 | ControlFlowNode for Attribute() | test.py:15:14:15:29 | ControlFlowNode for Attribute() | provenance | Config | -| test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:14:10:14:35 | ControlFlowNode for Attribute() | provenance | MaD:82 | +| test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:14:10:14:35 | ControlFlowNode for Attribute() | provenance | MaD:83 | | test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:15:14:15:29 | ControlFlowNode for Attribute() | provenance | Config | | test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:18:26:18:34 | ControlFlowNode for file_path | provenance | | | test.py:18:10:18:35 | ControlFlowNode for Attribute() | test.py:19:14:19:39 | ControlFlowNode for Attribute() | provenance | Config | -| test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:18:10:18:35 | ControlFlowNode for Attribute() | provenance | MaD:82 | +| test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:18:10:18:35 | ControlFlowNode for Attribute() | provenance | MaD:83 | | test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:19:14:19:39 | ControlFlowNode for Attribute() | provenance | Config | | test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:22:21:22:29 | ControlFlowNode for file_path | provenance | | | test.py:22:5:22:30 | ControlFlowNode for Attribute() | test.py:22:5:22:60 | ControlFlowNode for Attribute() | provenance | Config | -| test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:22:5:22:30 | ControlFlowNode for Attribute() | provenance | MaD:82 | +| test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:22:5:22:30 | ControlFlowNode for Attribute() | provenance | MaD:83 | | test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:22:5:22:60 | ControlFlowNode for Attribute() | provenance | Config | | test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:24:18:24:26 | ControlFlowNode for file_path | provenance | | | test.py:24:18:24:26 | ControlFlowNode for file_path | test.py:24:5:24:52 | ControlFlowNode for Attribute() | provenance | Config |