hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Remove spurious results in stdlib

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-02-14 14:45:32 +01:00
parent d8fd457310
commit 9ae3ea81ff
2 changed files with 4 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/semmle/python/security/DecompressionBomb.qll
View File

@@ -379,6 +379,10 @@ module BombsConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink }
predicate isBarrierIn(DataFlow::Node node) {
node.getScope().getEnclosingModule().getName() in ["tarfile", "zipfile"]
}
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
(
any(DecompressionBomb::AdditionalTaintStep a).isAdditionalTaintStep(pred, succ) or

34
python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected
View File

@@ -1,41 +1,24 @@
edges
| file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | provenance | |
| file:///usr/lib/python3.8/tarfile.py:1715:21:1715:24 | ControlFlowNode for name | file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | provenance | |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | test.py:23:5:23:52 | ControlFlowNode for Attribute() | provenance | |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | test.py:27:5:27:60 | ControlFlowNode for Attribute() | provenance | |
| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:21:10:29 | ControlFlowNode for file_path | provenance | |
| test.py:10:21:10:29 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | provenance | |
| test.py:10:21:10:29 | ControlFlowNode for file_path | test.py:10:5:10:52 | ControlFlowNode for Attribute() | provenance | |
| test.py:10:21:10:29 | ControlFlowNode for file_path | test.py:11:21:11:29 | ControlFlowNode for file_path | provenance | |
| test.py:11:21:11:29 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | provenance | |
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:48 | ControlFlowNode for Attribute() | provenance | |
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:13:26:13:34 | ControlFlowNode for file_path | provenance | |
| test.py:13:26:13:34 | ControlFlowNode for file_path | test.py:14:14:14:29 | ControlFlowNode for Attribute() | provenance | |
| test.py:13:26:13:34 | ControlFlowNode for file_path | test.py:17:26:17:34 | ControlFlowNode for file_path | provenance | |
| test.py:17:26:17:34 | ControlFlowNode for file_path | test.py:18:14:18:39 | ControlFlowNode for Attribute() | provenance | |
| test.py:17:26:17:34 | ControlFlowNode for file_path | test.py:21:21:21:29 | ControlFlowNode for file_path | provenance | |
| test.py:21:21:21:29 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | provenance | |
| test.py:21:21:21:29 | ControlFlowNode for file_path | test.py:21:5:21:60 | ControlFlowNode for Attribute() | provenance | |
| test.py:21:21:21:29 | ControlFlowNode for file_path | test.py:23:18:23:26 | ControlFlowNode for file_path | provenance | |
| test.py:23:18:23:26 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
| test.py:23:18:23:26 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
| test.py:23:18:23:26 | ControlFlowNode for file_path | test.py:23:5:23:52 | ControlFlowNode for Attribute() | provenance | |
| test.py:23:18:23:26 | ControlFlowNode for file_path | test.py:24:26:24:34 | ControlFlowNode for file_path | provenance | |
| test.py:24:26:24:34 | ControlFlowNode for file_path | test.py:24:5:24:55 | ControlFlowNode for Attribute() | provenance | |
| test.py:24:26:24:34 | ControlFlowNode for file_path | test.py:25:28:25:36 | ControlFlowNode for file_path | provenance | |
| test.py:25:28:25:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1715:21:1715:24 | ControlFlowNode for name | provenance | |
| test.py:25:28:25:36 | ControlFlowNode for file_path | test.py:25:5:25:57 | ControlFlowNode for Attribute() | provenance | |
| test.py:25:28:25:36 | ControlFlowNode for file_path | test.py:26:28:26:36 | ControlFlowNode for file_path | provenance | |
| test.py:26:28:26:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | provenance | |
| test.py:26:28:26:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | provenance | |
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:26:5:26:50 | ControlFlowNode for Attribute() | provenance | |
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:27:26:27:34 | ControlFlowNode for file_path | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:27:5:27:60 | ControlFlowNode for Attribute() | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:30:28:30:36 | ControlFlowNode for file_path | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:34:27:34:35 | ControlFlowNode for file_path | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:38:15:38:23 | ControlFlowNode for file_path | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:39:19:39:27 | ControlFlowNode for file_path | provenance | |
@@ -52,17 +35,7 @@ edges
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:62:42:62:50 | ControlFlowNode for file_path | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:64:23:64:31 | ControlFlowNode for file_path | provenance | |
| test.py:27:26:27:34 | ControlFlowNode for file_path | test.py:65:36:65:44 | ControlFlowNode for file_path | provenance | |
| test.py:30:28:30:36 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | provenance | |
nodes
| file:///usr/lib/python3.8/tarfile.py:1654:21:1654:24 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
| file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
| file:///usr/lib/python3.8/tarfile.py:1715:21:1715:24 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
| file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | semmle.label | ControlFlowNode for BoolExpr |
| file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:9:16:9:24 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
| test.py:10:5:10:52 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:10:21:10:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
@@ -84,7 +57,6 @@ nodes
| test.py:26:28:26:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
| test.py:27:5:27:60 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
| test.py:27:26:27:34 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
| test.py:30:28:30:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
| test.py:34:27:34:35 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
| test.py:38:15:38:23 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
| test.py:39:19:39:27 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
@@ -103,12 +75,6 @@ nodes
| test.py:65:36:65:44 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
subpaths
#select
| file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1667:32:1667:35 | ControlFlowNode for name | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:1727:28:1727:42 | ControlFlowNode for BoolExpr | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2028:13:2029:53 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/tarfile.py:2111:24:2111:72 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1475:14:1475:38 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.8/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| test.py:10:5:10:52 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:5:10:52 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| test.py:11:5:11:48 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:11:5:11:48 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
| test.py:14:14:14:29 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:14:14:14:29 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |