Python: Modernise weak file permissions query

Using API graphs instead of points-to. Unfortunately, some results will be lost because of this, due to the fact that points-to tracks bitwise operations on small numbers (i.e. flags), whereas API graphs does no such thing. This means using something like `stat.S_IWUSR | stat.S_IWGRP` will not work. A custom type tracker (like the one used for `re` flags) could be used to recapture this behaviour, but I think that's best left as future work, as it's not clear to me that this query is actually worth the effort it would take to implement this.
2026-05-05 21:55:19 +02:00 · 2022-05-17 20:20:15 +00:00
parent 5d625d6156
commit b2fe615ef2
2 changed files with 13 additions and 13 deletions
--- a/python/ql/test/query-tests/Security/CWE-732-WeakFilePermissions/WeakFilePermissions.expected
+++ b/python/ql/test/query-tests/Security/CWE-732-WeakFilePermissions/WeakFilePermissions.expected
@@ -2,6 +2,5 @@
 | test.py:8:1:8:20 | ControlFlowNode for Attribute() | Overly permissive mask in chmod sets file to world writable. |
 | test.py:9:1:9:21 | ControlFlowNode for Attribute() | Overly permissive mask in chmod sets file to world writable. |
 | test.py:11:1:11:21 | ControlFlowNode for Attribute() | Overly permissive mask in chmod sets file to group readable. |
-| test.py:13:1:13:28 | ControlFlowNode for Attribute() | Overly permissive mask in chmod sets file to group writable. |
 | test.py:14:1:14:19 | ControlFlowNode for Attribute() | Overly permissive mask in chmod sets file to group writable. |
 | test.py:16:1:16:25 | ControlFlowNode for Attribute() | Overly permissive mask in open sets file to world readable. |