hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Highlight problem with flow summaries and TAttributeContent

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-11-13 10:42:13 +01:00
parent c85d99d949
commit 943b2a2ed1
6 changed files with 62 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/test/experimental/dataflow/summaries-checks/dummy.py Normal file
View File

@@ -0,0 +1 @@
# an empty file, since we want the test to run on an empty db

14
python/ql/test/experimental/dataflow/summaries-checks/invalid-spec.expected Normal file
View File

@@ -0,0 +1,14 @@
| compiled re.Match | Argument[self].Attribute[pattern] | Attribute[pattern] |
| compiled re.Match | ReturnValue.Attribute[re].Attribute[pattern] | Attribute[pattern] |
| compiled re.Match | ReturnValue.Attribute[re].Attribute[pattern] | Attribute[re] |
| compiled re.Match | ReturnValue.Attribute[string] | Attribute[string] |
| compiled re.subn | ReturnValue.TupleElement[0] | TupleElement[0] |
| re.Match | ReturnValue.Attribute[re].Attribute[pattern] | Attribute[pattern] |
| re.Match | ReturnValue.Attribute[re].Attribute[pattern] | Attribute[re] |
| re.Match | ReturnValue.Attribute[string] | Attribute[string] |
| re.Match.expand | Argument[self].Attribute[string] | Attribute[string] |
| re.Match.group | Argument[self].Attribute[string] | Attribute[string] |
| re.Match.groupdict | Argument[self].Attribute[string] | Attribute[string] |
| re.Match.groups | Argument[self].Attribute[string] | Attribute[string] |
| re.Pattern | ReturnValue.Attribute[pattern] | Attribute[pattern] |
| re.subn | ReturnValue.TupleElement[0] | TupleElement[0] |

8
python/ql/test/experimental/dataflow/summaries-checks/invalid-spec.ql Normal file
View File

@@ -0,0 +1,8 @@
import python
import semmle.python.dataflow.new.FlowSummary
import semmle.python.dataflow.new.internal.FlowSummaryImpl
query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) {
(sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
Private::External::invalidSpecComponent(s, c)
}

3
python/ql/test/experimental/dataflow/summaries-checks/missing-attribute-content.expected Normal file
View File

@@ -0,0 +1,3 @@
| The attribute "pattern" is not a valid TAttributeContent, please add it to the hardcoded list of TAttributeContent in the dataflow library. |
| The attribute "re" is not a valid TAttributeContent, please add it to the hardcoded list of TAttributeContent in the dataflow library. |
| The attribute "string" is not a valid TAttributeContent, please add it to the hardcoded list of TAttributeContent in the dataflow library. |

11
python/ql/test/experimental/dataflow/summaries-checks/missing-attribute-content.ql Normal file
View File

@@ -0,0 +1,11 @@
import python
import semmle.python.dataflow.new.FlowSummary
import semmle.python.dataflow.new.internal.FlowSummaryImpl
from SummarizedCallable sc, string s, string c, string attr
where
(sc.propagatesFlowExt(s, _, _) or sc.propagatesFlowExt(_, s, _)) and
Private::External::invalidSpecComponent(s, c) and
c = "Attribute[" + attr + "]"
select "The attribute \"" + attr +
"\" is not a valid TAttributeContent, please add it to the hardcoded list of TAttributeContent in the dataflow library."