Merge pull request #7735 from yoff/python/promote-log-injection

Python: promote log injection

python/ql/test/experimental/query-tests/Security/CWE-117/LogInjection.expected

@@ -1,28 +0,0 @@
-edges
-| LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute |
-| LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr |
-| LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute |
-| LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr |
-| LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute |
-| LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr |
-| LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute |
-| LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr |
-nodes
-| LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| LogInjectionBad.py:17:12:17:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-| LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| LogInjectionBad.py:23:12:23:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-| LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| LogInjectionBad.py:29:12:29:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-| LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| LogInjectionBad.py:35:12:35:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-subpaths
-#select
-| LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | LogInjectionBad.py:18:21:18:40 | ControlFlowNode for BinaryExpr | $@ flows to log entry. | LogInjectionBad.py:17:12:17:18 | ControlFlowNode for request | User-provided value |
-| LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | LogInjectionBad.py:24:18:24:37 | ControlFlowNode for BinaryExpr | $@ flows to log entry. | LogInjectionBad.py:23:12:23:18 | ControlFlowNode for request | User-provided value |
-| LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | LogInjectionBad.py:30:25:30:44 | ControlFlowNode for BinaryExpr | $@ flows to log entry. | LogInjectionBad.py:29:12:29:18 | ControlFlowNode for request | User-provided value |
-| LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | LogInjectionBad.py:37:19:37:38 | ControlFlowNode for BinaryExpr | $@ flows to log entry. | LogInjectionBad.py:35:12:35:18 | ControlFlowNode for request | User-provided value |

python/ql/test/experimental/query-tests/Security/CWE-117/LogInjection.qlref

@@ -1 +0,0 @@
-experimental/Security/CWE-117/LogInjection.ql

python/ql/test/experimental/query-tests/Security/CWE-117/LogInjectionBad.py

@@ -1,44 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: UTF-8 -*-
-"""
-@Desc   ：Log Injection
-"""
-from flask import Flask
-from flask import request
-from django.utils.log import request_logger
-import logging
-
-logging.basicConfig(level=logging.DEBUG)
-
-app = Flask(__name__)
-
-@app.route('/bad1')
-def bad1():
-    name = request.args.get('name')
-    app.logger.info('User name: ' + name) # Bad
-    return 'bad1'
-
-@app.route('/bad2')
-def bad2():
-    name = request.args.get('name')
-    logging.info('User name: ' + name) # Bad
-    return 'bad2'
-
-@app.route('/bad3')
-def bad3():
-    name = request.args.get('name')
-    request_logger.warn('User name: ' + name) # Bad
-    return 'bad3'
-
-@app.route('/bad4')
-def bad4():
-    name = request.args.get('name')
-    logtest = logging.getLogger('test')
-    logtest.debug('User name: ' + name) # Bad
-    return 'bad4'
-
-if __name__ == '__main__':
-    app.debug = True
-    handler = logging.FileHandler('log')
-    app.logger.addHandler(handler)
-    app.run()

python/ql/test/experimental/query-tests/Security/CWE-117/LogInjectionGood.py

@@ -1,25 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: UTF-8 -*-
-"""
-@Desc   ：Log Injection
-"""
-from flask import Flask
-from flask import request
-import logging
-
-logging.basicConfig(level=logging.DEBUG)
-
-app = Flask(__name__)
-
-@app.route('/good1')
-def good1():
-    name = request.args.get('name')
-    name = name.replace('\r\n','').replace('\n','')
-    logging.info('User name: ' + name) # Good
-    return 'good1'
-
-if __name__ == '__main__':
-    app.debug = True
-    handler = logging.FileHandler('log')
-    app.logger.addHandler(handler)
-    app.run()