hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Move UntrustedDataToExternalAPI to new dataflow API

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-25 16:45:25 +02:00
parent 657b1997cc
commit acde1920e7
2 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
View File

@@ -167,8 +167,12 @@ class ExternalApiDataNode extends DataFlow::Node {
} }
} }
/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ /**
class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { * DEPRECATED: Use `XmlBombFlow` module instead.
*
* A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
*/
deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" } UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
@@ -176,14 +180,21 @@ class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
} }
private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
}
/** Global taint-tracking from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>;
/** A node representing untrusted data being passed to an external API. */ /** A node representing untrusted data being passed to an external API. */
class UntrustedExternalApiDataNode extends ExternalApiDataNode { class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) } UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
/** Gets a source of untrusted data which is passed to this external API data node. */ /** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() { DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
}
} }
/** An external API which is used with untrusted data. */ /** An external API which is used with untrusted data. */

6
python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql
View File

@@ -11,14 +11,14 @@
import python import python
import ExternalAPIs import ExternalAPIs
import DataFlow::PathGraph import UntrustedDataToExternalApiFlow::PathGraph
from from
UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink, UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink,
ExternalApiUsedWithUntrustedData externalApi ExternalApiUsedWithUntrustedData externalApi
where where
sink.getNode() = externalApi.getUntrustedDataNode() and sink.getNode() = externalApi.getUntrustedDataNode() and
config.hasFlowPath(source, sink) UntrustedDataToExternalApiFlow::flowPath(source, sink)
select sink.getNode(), source, sink, select sink.getNode(), source, sink,
"Call to " + externalApi.toString() + " with untrusted data from $@.", source.getNode(), "Call to " + externalApi.toString() + " with untrusted data from $@.", source.getNode(),
source.toString() source.toString()