From 954e8f9ecb2201be1d485efe5fbf915317f8203f Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Fri, 20 Oct 2023 14:45:09 +0200 Subject: [PATCH] Python: Revert manual pickle modeling This reverts commit 62910f0cab525ca4d4901c4c27f6e6b22c3375fc. This reverts commit 75a8197879ec47094d9b18f3dab7bcc1c1cdba28. We don't find `kombu.serialization.pickle_load` since we respect `__all__`. I think that was an attempt to not flood the captured modeling with useless re-exports, but I think we've ended up doing that anyway... we should consider to remove that restriction! see https://github.com/celery/kombu/blob/21d7df29c7d4a1dfb8586f24ca6eaf65b9c8cc16/kombu/serialization.py#L29 --- .../lib/semmle/python/frameworks/Stdlib.qll | 35 +++++++++++++------ .../data/internal/auto-cloudpickle.model.yml | 24 +++++++++++++ .../data/internal/auto-kombu.model.yml | 9 +++++ python/ql/src/meta/ClassHierarchy/Find.ql | 18 ++++++++++ 4 files changed, 76 insertions(+), 10 deletions(-) create mode 100644 python/ql/lib/semmle/python/frameworks/data/internal/auto-cloudpickle.model.yml create mode 100644 python/ql/lib/semmle/python/frameworks/data/internal/auto-kombu.model.yml diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index a722f3395fb..965ef44ee27 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -1299,20 +1299,35 @@ module StdlibPrivate { // --------------------------------------------------------------------------- /** Gets a reference to any of the `pickle` modules. */ API::Node pickle() { - result = API::moduleImport(["pickle", "cPickle", "_pickle", "cloudpickle"]) or - result = API::moduleImport("kombu").getMember("serialization").getMember("pickle") + result = API::moduleImport(["pickle", "cPickle", "_pickle"]) + or + result = ModelOutput::getATypeNode("pickle~Alias") + } + + /** + * A reference to `pickle.load` + */ + API::Node pickle_load() { + result = pickle().getMember("load") + or + result = ModelOutput::getATypeNode("pickle.load~Alias") + } + + /** + * A reference to `pickle.loads` + */ + API::Node pickle_loads() { + result = pickle().getMember("loads") + or + result = ModelOutput::getATypeNode("pickle.loads~Alias") } /** * A call to `pickle.load` * See https://docs.python.org/3/library/pickle.html#pickle.load */ - private class PickleLoadCall extends Decoding::Range, DataFlow::CallCfgNode { - PickleLoadCall() { - this = pickle().getMember("load").getACall() or - this = - API::moduleImport("kombu").getMember("serialization").getMember("pickle_load").getACall() - } + private class PickleLoadCall extends Decoding::Range, API::CallNode { + PickleLoadCall() { this = pickle_load().getACall() } override predicate mayExecuteInput() { any() } @@ -1327,8 +1342,8 @@ module StdlibPrivate { * A call to `pickle.loads` * See https://docs.python.org/3/library/pickle.html#pickle.loads */ - private class PickleLoadsCall extends Decoding::Range, DataFlow::CallCfgNode { - PickleLoadsCall() { this = pickle().getMember("loads").getACall() } + private class PickleLoadsCall extends Decoding::Range, API::CallNode { + PickleLoadsCall() { this = pickle_loads().getACall() } override predicate mayExecuteInput() { any() } diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/auto-cloudpickle.model.yml b/python/ql/lib/semmle/python/frameworks/data/internal/auto-cloudpickle.model.yml new file mode 100644 index 00000000000..fbe180ff251 --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/data/internal/auto-cloudpickle.model.yml @@ -0,0 +1,24 @@ +# process-mrva-results 0.0.1 +extensions: +- addsTo: + extensible: typeModel + pack: codeql/python-all + data: + - - pickle.loads~Alias + - cloudpickle + - Member[cloudpickle].Member[loads] + - - pickle.loads~Alias + - cloudpickle + - Member[cloudpickle_fast].Member[loads] + - - pickle.loads~Alias + - cloudpickle + - Member[loads] + - - pickle.load~Alias + - cloudpickle + - Member[cloudpickle].Member[load] + - - pickle.load~Alias + - cloudpickle + - Member[cloudpickle_fast].Member[load] + - - pickle.load~Alias + - cloudpickle + - Member[load] diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/auto-kombu.model.yml b/python/ql/lib/semmle/python/frameworks/data/internal/auto-kombu.model.yml new file mode 100644 index 00000000000..58c0cca4c27 --- /dev/null +++ b/python/ql/lib/semmle/python/frameworks/data/internal/auto-kombu.model.yml @@ -0,0 +1,9 @@ +# process-mrva-results 0.0.1 +extensions: +- addsTo: + extensible: typeModel + pack: codeql/python-all + data: + - - pickle~Alias + - kombu + - Member[serialization].Member[pickle] diff --git a/python/ql/src/meta/ClassHierarchy/Find.ql b/python/ql/src/meta/ClassHierarchy/Find.ql index f20fb185d29..869f3ebf07e 100644 --- a/python/ql/src/meta/ClassHierarchy/Find.ql +++ b/python/ql/src/meta/ClassHierarchy/Find.ql @@ -464,6 +464,24 @@ class LxmlETreeAlias extends FindSubclassesSpec { override API::Node getAlreadyModeledClass() { result = Lxml::etreeRef() } } +class PickleAlias extends FindSubclassesSpec { + PickleAlias() { this = "pickle~Alias" } + + override API::Node getAlreadyModeledClass() { result = StdlibPrivate::pickle() } +} + +class PickleLoadAlias extends FindSubclassesSpec { + PickleLoadAlias() { this = "pickle.load~Alias" } + + override API::Node getAlreadyModeledClass() { result = StdlibPrivate::pickle_load() } +} + +class PickleLoadsAlias extends FindSubclassesSpec { + PickleLoadsAlias() { this = "pickle.loads~Alias" } + + override API::Node getAlreadyModeledClass() { result = StdlibPrivate::pickle_loads() } +} + bindingset[fullyQualified] predicate fullyQualifiedToYamlFormat(string fullyQualified, string type2, string path) { exists(int firstDot | firstDot = fullyQualified.indexOf(".", 0, 0) |