Python: Add basic support for environment/commandargs threat-models

2026-04-30 11:15:13 +02:00 · 2024-08-09 15:04:53 +02:00
parent 528f08fb83
commit b9239d7101
4 changed files with 84 additions and 2 deletions
--- a/python/ql/test/library-tests/frameworks/stdlib/threat_models.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/threat_models.py
@@ -0,0 +1,49 @@
+import os
+import sys
+import posix
+
+os.getenv("foo") # $ threatModelSource[environment]=os.getenv(..)
+os.getenvb("bar") # $ threatModelSource[environment]=os.getenvb(..)
+
+os.environ["foo"] # $ threatModelSource[environment]=os.environ["foo"]
+os.environ.get("foo") # $ MISSING: threatModelSource[environment]=os.environ.get(..)
+
+os.environb["bar"] # $ threatModelSource[environment]=os.environb["bar"]
+posix.environ[b"foo"] # $ threatModelSource[environment]=posix.environ[b"foo"]
+
+
+sys.argv[1] # $ threatModelSource[commandargs]=sys.argv[1]
+sys.orig_argv[1] # $ threatModelSource[commandargs]=sys.orig_argv[1]
+
+########################################
+# argparse
+########################################
+
+import argparse
+parser = argparse.ArgumentParser()
+parser.add_argument("foo")
+
+args = parser.parse_args()
+args.foo # $ MISSING: threatModelSource[commandargs]=args.foo
+
+explicit_argv_parsing = parser.parse_args(sys.argv)
+explicit_argv_parsing.foo # $ MISSING: threatModelSource[commandargs]=explicit_argv_parsing.foo
+
+fake_args = parser.parse_args(["<foo>"])
+fake_args.foo
+
+########################################
+# reading input from stdin
+########################################
+
+sys.stdin.readline() # $ MISSING: threatModelSource
+input() # $ MISSING: threatModelSource
+
+########################################
+# socket
+########################################
+
+import socket
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("example.com", 1234))
+s.recv(1024) # $ MISSING: threatModelSource[socket]
--- a/python/ql/test/library-tests/frameworks/stdlib/wsgiref_simple_server_test.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/wsgiref_simple_server_test.py
@@ -45,7 +45,7 @@ def func2(environ, start_response): # $ requestHandler
    start_response(status, headers) # $ headerWriteBulk=headers headerWriteBulkUnsanitized=name,value
    return [b"Hello"] # $ HttpResponse responseBody=List

-case = sys.argv[1]
+case = sys.argv[1] # $ threatModelSource[commandargs]=sys.argv[1]
 if case == "1":
    server = wsgiref.simple_server.WSGIServer(ADDRESS, wsgiref.simple_server.WSGIRequestHandler)
    server.set_app(func)