hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use more API graphs in TaintTrackingPrivate

Browse Source 
But now we suddenly don't handle the call to `unicode` :O -- at least
not when I run the test locally (using Python 3).
This commit is contained in:
Rasmus Wriedt Larsen
2021-05-19 12:41:28 +02:00
parent a2e8417c11
commit aa8b7306a3
2 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
View File

@@ -76,13 +76,9 @@ predicate subscriptStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
*/
predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
// transforming something tainted into a string will make the string tainted
exists(CallNode call | call = nodeTo.getNode() |
call.getFunction().(NameNode).getId() in ["str", "bytes", "unicode"] and
(
nodeFrom.getNode() = call.getArg(0)
or
nodeFrom.getNode() = call.getArgByName("object")
)
exists(DataFlow::CallCfgNode call | call = nodeTo |
call = API::builtin(["str", "bytes", "unicode"]).getACall() and
nodeFrom in [call.getArg(0), call.getArgByName("object")]
)
or
// String methods. Note that this doesn't recognize `meth = "foo".upper; meth()`