hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Expand modeling of paramiko

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-04-18 11:57:20 +02:00
parent a5a0861be0
commit a168af349e
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
View File

@@ -16,11 +16,17 @@ import semmle.python.ApiGraphs
private API::Node unsafe_paramiko_policy(string name) {
name in ["AutoAddPolicy", "WarningPolicy"] and
result = API::moduleImport("paramiko").getMember("client").getMember(name)
(
result = API::moduleImport("paramiko").getMember("client").getMember(name)
or
result = API::moduleImport("paramiko").getMember(name)
)
}
private API::Node paramikoSshClientInstance() {
result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn()
or
result = API::moduleImport("paramiko").getMember("SSHClient").getReturn()
}
from DataFlow::CallCfgNode call, DataFlow::Node arg, string name

1
python/ql/test/query-tests/Security/CWE-295-MissingHostKeyValidation/MissingHostKeyValidation.expected
View File

@@ -2,3 +2,4 @@
| paramiko_host_key.py:7:1:7:49 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |
| paramiko_host_key.py:11:1:11:51 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |
| paramiko_host_key.py:13:1:13:51 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |
| paramiko_host_key.py:20:1:20:58 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |