hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10634 from yoff/python/rewrite-typetrackers

Browse Source 
Approved by tausbn
This commit is contained in:
CodeQL CI
2022-09-30 03:55:35 -07:00
committed by GitHub
parent ee59bdab25 84ab860600
commit b66e5c5aee
2 changed files with 16 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
python/ql/lib/semmle/python/frameworks/Stdlib.qll
View File

@@ -2826,26 +2826,15 @@ private module StdlibPrivate {
override string getName() { result = "re." + method }
}
/** Helper module for tracking compiled regexes. */
private module CompiledRegexes {
private DataFlow::TypeTrackingNode compiledRegex(DataFlow::TypeTracker t, DataFlow::Node regex) {
t.start() and
result = API::moduleImport("re").getMember("compile").getACall() and
regex in [
result.(DataFlow::CallCfgNode).getArg(0),
result.(DataFlow::CallCfgNode).getArgByName("pattern")
]
or
exists(DataFlow::TypeTracker t2 | result = compiledRegex(t2, regex).track(t2, t))
}
DataFlow::Node compiledRegex(DataFlow::Node regex) {
compiledRegex(DataFlow::TypeTracker::end(), regex).flowsTo(result)
}
API::Node compiledRegex(API::Node regex) {
exists(API::CallNode compilation |
compilation = API::moduleImport("re").getMember("compile").getACall()
|
result = compilation.getReturn() and
regex = compilation.getParameter(0, "pattern")
)
}
private import CompiledRegexes
/**
* A call on compiled regular expression (obtained via `re.compile`) executing a
* regular expression.
@@ -2870,7 +2859,11 @@ private module StdlibPrivate {
DataFlow::Node regexNode;
RegexExecutionMethod method;
CompiledRegexExecution() { this.calls(compiledRegex(regexNode), method) }
CompiledRegexExecution() {
exists(API::Node regex | regexNode = regex.asSink() |
this.calls(compiledRegex(regex).getAValueReachableFromSource(), method)
)
}
override DataFlow::Node getRegex() { result = regexNode }

28
python/ql/src/experimental/semmle/python/frameworks/LDAP.qll
View File

@@ -26,11 +26,8 @@ private module Ldap {
API::Node ldapInitialize() { result = ldap().getMember("initialize") }
/** Gets a reference to a `ldap` operation. */
private DataFlow::TypeTrackingNode ldapOperation(DataFlow::TypeTracker t) {
t.start() and
result.(DataFlow::AttrRead).getObject().getALocalSource() = ldapInitialize().getACall()
or
exists(DataFlow::TypeTracker t2 | result = ldapOperation(t2).track(t2, t))
private API::Node ldapOperation(string name) {
result = ldapInitialize().getReturn().getMember(name)
}
/**
@@ -44,24 +41,13 @@ private module Ldap {
}
}
/** Gets a reference to a `ldap` operation. */
private DataFlow::Node ldapOperation() {
ldapOperation(DataFlow::TypeTracker::end()).flowsTo(result)
}
/** Gets a reference to a `ldap` query. */
private DataFlow::Node ldapQuery() {
result = ldapOperation() and
result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2QueryMethods
}
/**
* A class to find `ldap` methods executing a query.
*
* See `LDAP2QueryMethods`
*/
private class Ldap2Query extends DataFlow::CallCfgNode, LdapQuery::Range {
Ldap2Query() { this.getFunction() = ldapQuery() }
Ldap2Query() { this = ldapOperation(any(Ldap2QueryMethods m)).getACall() }
override DataFlow::Node getQuery() {
result in [this.getArg(0), this.getArg(2), this.getArgByName("filterstr")]
@@ -82,12 +68,6 @@ private module Ldap {
}
}
/** Gets a reference to a `ldap` bind. */
private DataFlow::Node ldapBind() {
result = ldapOperation() and
result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2BindMethods
}
/**List of SSL-demanding options */
private class LdapSslOptions extends DataFlow::Node {
LdapSslOptions() {
@@ -101,7 +81,7 @@ private module Ldap {
* See `LDAP2BindMethods`
*/
private class Ldap2Bind extends DataFlow::CallCfgNode, LdapBind::Range {
Ldap2Bind() { this.getFunction() = ldapBind() }
Ldap2Bind() { this = ldapOperation(any(Ldap2BindMethods m)).getACall() }
override DataFlow::Node getPassword() {
result in [this.getArg(1), this.getArgByName("cred")]