hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Highlight py/use-of-input is for Python 2

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-02-24 11:10:56 +01:00
parent 285be2893c
commit 9d629aef95
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/Expressions/UseofInput.qhelp
View File

@@ -3,20 +3,20 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>A call to the input() function, <code>input(prompt)</code> is equivalent to <code>eval(raw_input(prompt))</code>. Evaluating user input without any checking can be a serious security flaw.</p>
<p>In Python 2, a call to the input() function, <code>input(prompt)</code> is equivalent to <code>eval(raw_input(prompt))</code>. Evaluating user input without any checking can be a serious security flaw.</p>
</overview>
<recommendation>
<p> Get user input with <code>raw_input(prompt)</code> and then validate that input before evaluating. If the expected input is a number or
<p>Get user input with <code>raw_input(prompt)</code> and then validate that input before evaluating. If the expected input is a number or
string, then <code>ast.literal_eval()</code> can always be used safely.</p>
</recommendation>
<references>
<li>Python Standard Library: <a href="http://docs.python.org/library/functions.html#input">input</a>,
<a href="http://docs.python.org/library/ast.html#ast.literal_eval">ast.literal_eval</a>.</li>
<li>Python Standard Library: <a href="http://docs.python.org/2/library/functions.html#input">input</a>,
<a href="http://docs.python.org/2/library/ast.html#ast.literal_eval">ast.literal_eval</a>.</li>
<li>Wikipedia: <a href="http://en.wikipedia.org/wiki/Data_validation">Data validation</a>.</li>
</references>

6
python/ql/src/Expressions/UseofInput.ql
View File

@@ -1,6 +1,6 @@
/**
* @name 'input' function used
* @description The built-in function 'input' is used which can allow arbitrary code to be run.
* @name 'input' function used in Python 2
* @description The built-in function 'input' is used which, in Python 2, can allow arbitrary code to be run.
* @kind problem
* @tags security
* correctness
@@ -18,4 +18,4 @@ where
call.getFunction() = func and
func.pointsTo(context, Value::named("input"), _) and
not func.pointsTo(context, Value::named("raw_input"), _)
select call, "The unsafe built-in function 'input' is used."
select call, "The unsafe built-in function 'input' is used in Python 2."

2
python/ql/test/2/query-tests/Expressions/UseofInput.expected
View File

@@ -1 +1 @@
| expressions_test.py:6:12:6:18 | ControlFlowNode for input() | The unsafe built-in function 'input' is used. |
| expressions_test.py:6:12:6:18 | ControlFlowNode for input() | The unsafe built-in function 'input' is used in Python 2. |