hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Model fabric Group execution (version 2.x)

Browse Source 
This required some thought for how to model that we're interested in subclasses
of `fabric.group.Group`, and not so much that class itself. Some thoughts:

---

After initially using this in `module Group`

    /** A reference to a subclass of `fabric.group.Group` */
    abstract class SubclassRef extends DataFlow::Node { }

    private class SubclassInstantiation extends SubclassInstanceSource, DataFlow::CfgNode {
      override CallNode node;

      SubclassInstantiation() { node.getFunction() = any(SubclassRef ref).asCfgNode() }
    }

with this in `module SerialGroup` and `module ThreadingGroup`:

    class ClassRef extends DataFlow::Node, fabric::group::Group::SubclassRef {
      ClassRef() { this = classRef(DataFlow::TypeTracker::end()) }
    }

I wasn't too much of fan of that approach. Since we probably need the `SubclassInstanceSource` anyway, and don't really have a specific use for `SubclassRef`, I just went with concrete (QL) subclasses of `SubclassInstanceSource` in each of the modules for the Python subclasses.

I really don't know what the best approach is, so I'm very open to suggestions. I think we'll really have to flesh this out for handling Django responses, since we're interested in the fact that some subclasses provide default values for the content-type, and keeping track of that is important for XSS (since there is no XSS if response is `text/plain`)
This commit is contained in:
Rasmus Wriedt Larsen
2020-10-19 18:00:04 +02:00
parent f10456e35f
commit 98691fe8ec
2 changed files with 180 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/test/experimental/library-tests/frameworks/fabric/ConceptsTest.expected
View File

@@ -1,6 +0,0 @@
| fabric_v2_test.py:29:66:29:91 | Comment # $getCommand="cmd1; cmd2" | Missing result:getCommand="cmd1; cmd2" |
| fabric_v2_test.py:32:25:32:50 | Comment # $getCommand="cmd1; cmd2" | Missing result:getCommand="cmd1; cmd2" |
| fabric_v2_test.py:35:62:35:87 | Comment # $getCommand="cmd1; cmd2" | Missing result:getCommand="cmd1; cmd2" |
| fabric_v2_test.py:41:69:41:94 | Comment # $getCommand="cmd1; cmd2" | Missing result:getCommand="cmd1; cmd2" |
| fabric_v2_test.py:44:25:44:50 | Comment # $getCommand="cmd1; cmd2" | Missing result:getCommand="cmd1; cmd2" |
| fabric_v2_test.py:47:65:47:90 | Comment # $getCommand="cmd1; cmd2" | Missing result:getCommand="cmd1; cmd2" |