hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks.

Browse Source
This commit is contained in:
Mark Shannon
2019-03-06 17:33:32 +00:00
parent bc19769e6d
commit 8b01bac900
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/Security/CWE-502/UnsafeDeserialization.ql
View File

@@ -28,7 +28,7 @@ class UnsafeDeserializationConfiguration extends TaintTracking::Configuration {
UnsafeDeserializationConfiguration() { this = "Unsafe deserialization configuration" }
override predicate isSource(TaintTracking::Source source) { source.isSourceOf(any(UntrustedStringKind u)) }
override predicate isSource(TaintTracking::Source source) { source instanceof HttpRequestTaintSource }
override predicate isSink(TaintTracking::Sink sink) { sink instanceof DeserializationSink }

2
python/ql/src/semmle/python/security/injection/Pickle.qll
View File

@@ -25,7 +25,7 @@ private FunctionObject pickleLoads() {
}
/** `pickle.loads(untrusted)` vulnerability. */
class UnpicklingNode extends TaintSink {
class UnpicklingNode extends DeserializationSink {
override string toString() { result = "unpickling untrusted data" }