hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Always enable legacy taint tracking configuration

Browse Source 
If the legacy configuration is only enabled if there are no other
configurations, defining a configuration in an imported library can lead to
unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)`
would *stop* working, if it did not define its own configuration. (this actually
happened to us)

We performed a dist-compare to ensure there is not a performance deg ration by
doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e

Tests that were affected by this:

- RockPaperScissors + Simple: new edges because no configuration was defined for
  SqlInjectionTaint or CommandInjectionTaint
- CleartextLogging + CleartextStorage: new edges because no configuration was
  defined before, AND duplicate deges.
- TestNode: new edges because no configuration was defined before

- PathInjection: Duplicate edges
- TarSlip: Duplicate edges
- CommandInjection: Duplicate edges
- ReflectedXss: Duplicate edges
- SqlInjection: Duplicate edges
- CodeInjection: Duplicate edges
- StackTraceExposure: Duplicate edges
- UnsafeDeserialization: Duplicate edges
- UrlRedirect: Duplicate edges
This commit is contained in:
Rasmus Wriedt Larsen
2019-10-30 13:19:02 +01:00
parent b0fecbce28
commit 9151a7e433
15 changed files with 83 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/test/library-tests/taint/config/RockPaperScissors.expected
View File

@@ -28,6 +28,12 @@ edges
| rockpaperscissors.py:25:9:25:9 | rock | rockpaperscissors.py:25:9:25:16 | scissors |
| rockpaperscissors.py:25:9:25:16 | scissors | rockpaperscissors.py:25:9:25:23 | paper |
| rockpaperscissors.py:25:9:25:23 | paper | rockpaperscissors.py:26:14:26:14 | paper |
| sanitizer.py:9:9:9:20 | SQL injection | sanitizer.py:13:19:13:19 | SQL injection |
| sanitizer.py:16:9:16:20 | Command injection | sanitizer.py:20:20:20:20 | Command injection |
| sanitizer.py:24:9:24:20 | SQL injection | sanitizer.py:26:19:26:19 | SQL injection |
| sanitizer.py:24:9:24:20 | SQL injection | sanitizer.py:28:19:28:19 | SQL injection |
| sanitizer.py:31:9:31:20 | Command injection | sanitizer.py:33:20:33:20 | Command injection |
| sanitizer.py:31:9:31:20 | Command injection | sanitizer.py:35:20:35:20 | Command injection |
| test.py:6:9:6:14 | simple.test | test.py:7:10:7:10 | simple.test |
| test.py:10:12:10:17 | simple.test | test.py:16:9:16:16 | simple.test |
| test.py:10:12:10:17 | simple.test | test.py:24:9:24:16 | simple.test |

6
python/ql/test/library-tests/taint/config/Simple.expected
View File

@@ -28,6 +28,12 @@ edges
| rockpaperscissors.py:25:9:25:9 | rock | rockpaperscissors.py:25:9:25:16 | scissors |
| rockpaperscissors.py:25:9:25:16 | scissors | rockpaperscissors.py:25:9:25:23 | paper |
| rockpaperscissors.py:25:9:25:23 | paper | rockpaperscissors.py:26:14:26:14 | paper |
| sanitizer.py:9:9:9:20 | SQL injection | sanitizer.py:13:19:13:19 | SQL injection |
| sanitizer.py:16:9:16:20 | Command injection | sanitizer.py:20:20:20:20 | Command injection |
| sanitizer.py:24:9:24:20 | SQL injection | sanitizer.py:26:19:26:19 | SQL injection |
| sanitizer.py:24:9:24:20 | SQL injection | sanitizer.py:28:19:28:19 | SQL injection |
| sanitizer.py:31:9:31:20 | Command injection | sanitizer.py:33:20:33:20 | Command injection |
| sanitizer.py:31:9:31:20 | Command injection | sanitizer.py:35:20:35:20 | Command injection |
| test.py:6:9:6:14 | simple.test | test.py:7:10:7:10 | simple.test |
| test.py:10:12:10:17 | simple.test | test.py:16:9:16:16 | simple.test |
| test.py:10:12:10:17 | simple.test | test.py:24:9:24:16 | simple.test |