mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Python: Always enable legacy taint tracking configuration
If the legacy configuration is only enabled if there are no other configurations, defining a configuration in an imported library can lead to unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)` would *stop* working, if it did not define its own configuration. (this actually happened to us) We performed a dist-compare to ensure there is not a performance deg ration by doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e Tests that were affected by this: - RockPaperScissors + Simple: new edges because no configuration was defined for SqlInjectionTaint or CommandInjectionTaint - CleartextLogging + CleartextStorage: new edges because no configuration was defined before, AND duplicate deges. - TestNode: new edges because no configuration was defined before - PathInjection: Duplicate edges - TarSlip: Duplicate edges - CommandInjection: Duplicate edges - ReflectedXss: Duplicate edges - SqlInjection: Duplicate edges - CodeInjection: Duplicate edges - StackTraceExposure: Duplicate edges - UnsafeDeserialization: Duplicate edges - UrlRedirect: Duplicate edges
This commit is contained in:
Rasmus Wriedt Larsen
@@ -33,26 +33,18 @@ private class LegacyConfiguration extends TaintTracking::Configuration {
|
||||
}
|
||||
|
||||
override predicate isSource(TaintSource src) {
|
||||
isValid() and
|
||||
src = src
|
||||
}
|
||||
|
||||
override predicate isSink(TaintSink sink) {
|
||||
isValid() and
|
||||
sink = sink
|
||||
}
|
||||
|
||||
override predicate isSanitizer(Sanitizer sanitizer) {
|
||||
isValid() and
|
||||
sanitizer = sanitizer
|
||||
}
|
||||
|
||||
private predicate isValid() {
|
||||
not exists(TaintTracking::Configuration config | config != this)
|
||||
}
|
||||
|
||||
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node dest) {
|
||||
isValid() and
|
||||
exists(DataFlowExtension::DataFlowNode legacyExtension |
|
||||
src.asCfgNode() = legacyExtension
|
||||
|
|
||||
@@ -67,7 +59,6 @@ private class LegacyConfiguration extends TaintTracking::Configuration {
|
||||
}
|
||||
|
||||
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node dest, TaintKind srckind, TaintKind destkind) {
|
||||
isValid() and
|
||||
exists(DataFlowExtension::DataFlowNode legacyExtension |
|
||||
src.asCfgNode() = legacyExtension
|
||||
|
|
||||
@@ -76,7 +67,6 @@ private class LegacyConfiguration extends TaintTracking::Configuration {
|
||||
}
|
||||
|
||||
override predicate isBarrierEdge(DataFlow::Node src, DataFlow::Node dest) {
|
||||
isValid() and
|
||||
(
|
||||
exists(DataFlowExtension::DataFlowVariable legacyExtension |
|
||||
src.asVariable() = legacyExtension and
|
||||
@@ -91,4 +81,3 @@ private class LegacyConfiguration extends TaintTracking::Configuration {
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user